Florian Obser(flor...@openbsd.org) on 2017.07.04 19:27:15 +0000:
> On Fri, Jun 23, 2017 at 01:52:52PM +0300, Kapetanakis Giannis wrote:
> > Hi,
> >
> > Using relayd's redirect/forward on ipv6 addresses I discovered problems
> > relating to setting TTL.
> >
> > There is no check for address family and setsockopt tries to apply IP_TTL
> > always.
> >
> > Without ip ttl on ipv6 table, check_icmp gives
> > send_icmp: getsockopt: Invalid argument
> >
> > With ip ttl on ipv6 table, check_tcp gives
> > hce_notify_done: fdaa:10:1:9::11 (tcp socket option)
> >
> > is the following diff valid?
>
> the check_tcp hunk looks good and is OK florian@
commited, thanks!
> > I've removed the IP_IPDEFTTL check. Was this ok?
>
> Nope, relayd reuses the raw socket between config reloads (I think),
> if the ttl gets removed from the config we need to reset to the
> default. Don't think there is a getsockopt for v6, you can take a look
i think jca@ once had a diff for somethin called IPV6_MINHOPLIMIT? Unsure if
thats what we need here though.
> at the sysctl(3) song and dance in traceroute(8) how to do this
> somewhat AF independet.
>
> Also please make sure to not exceed 80 cols
>
> >
> > regards,
> >
> > Giannis
> >
> > Index: check_icmp.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/relayd/check_icmp.c,v
> > retrieving revision 1.45
> > diff -u -p -r1.45 check_icmp.c
> > --- check_icmp.c 28 May 2017 10:39:15 -0000 1.45
> > +++ check_icmp.c 23 Jun 2017 10:42:30 -0000
> > @@ -165,7 +165,7 @@ send_icmp(int s, short event, void *arg)
> > struct icmp6_hdr *icp6;
> > ssize_t r;
> > u_char packet[ICMP_BUF_SIZE];
> > - socklen_t slen, len;
> > + socklen_t slen;
> > int i = 0, ttl;
> > u_int32_t id;
> >
> > @@ -221,18 +221,18 @@ send_icmp(int s, short event, void *arg)
> > }
> >
> > if ((ttl = host->conf.ttl) > 0)
> > - (void)setsockopt(s, IPPROTO_IP, IP_TTL,
> > - &host->conf.ttl, sizeof(int));
> > - else {
> > - /* Revert to default TTL */
> > - len = sizeof(ttl);
> > - if (getsockopt(s, IPPROTO_IP, IP_IPDEFTTL,
> > - &ttl, &len) == 0)
> > - (void)setsockopt(s, IPPROTO_IP, IP_TTL,
> > - &ttl, len);
> > - else
> > - log_warn("%s: getsockopt",__func__);
> > - }
> > + switch(cie->af) {
> > + case AF_INET:
> > + if (setsockopt(s, IPPROTO_IP, IP_TTL,
> > + &host->conf.ttl, sizeof(int)) == -1)
> > + log_warn("%s:
> > setsockopt",__func__);
> > + break;
> > + case AF_INET6:
> > + if (setsockopt(s, IPPROTO_IPV6,
> > IPV6_UNICAST_HOPS,
> > + &host->conf.ttl, sizeof(int)) == -1)
> > + log_warn("%s:
> > setsockopt",__func__);
> > + break;
> > + }
> >
> > r = sendto(s, packet, sizeof(packet), 0, to, slen);
> > if (r == -1) {
> > Index: check_tcp.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/relayd/check_tcp.c,v
> > retrieving revision 1.54
> > diff -u -p -r1.54 check_tcp.c
> > --- check_tcp.c 28 May 2017 10:39:15 -0000 1.54
> > +++ check_tcp.c 23 Jun 2017 10:42:30 -0000
> > @@ -82,11 +82,19 @@ check_tcp(struct ctl_tcp_event *cte)
> > if (setsockopt(s, SOL_SOCKET, SO_LINGER, &lng, sizeof(lng)) == -1)
> > goto bad;
> >
> > - if (cte->host->conf.ttl > 0) {
> > - if (setsockopt(s, IPPROTO_IP, IP_TTL,
> > - &cte->host->conf.ttl, sizeof(int)) == -1)
> > - goto bad;
> > - }
> > + if (cte->host->conf.ttl > 0)
> > + switch (cte->host->conf.ss.ss_family) {
> > + case AF_INET:
> > + if (setsockopt(s, IPPROTO_IP, IP_TTL,
> > + &cte->host->conf.ttl, sizeof(int)) == -1)
> > + goto bad;
> > + break;
> > + case AF_INET6:
> > + if (setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS,
> > + &cte->host->conf.ttl, sizeof(int)) == -1)
> > + goto bad;
> > + break;
> > + }
> >
> > bcopy(&cte->table->conf.timeout, &tv, sizeof(tv));
> > if (connect(s, (struct sockaddr *)&cte->host->conf.ss, len) == -1) {
> >
>
> --
> I'm not entirely sure you are real.
>
