Re: unwind(8): only use available address families

Tue, 26 Jan 2021 09:44:47 -0800 

On Tue, Jan 26, 2021 at 05:53:26PM +0100, Klemens Nanni wrote:
> On Tue, Jan 26, 2021 at 05:22:42PM +0100, Florian Obser wrote:
> > On Mon, Jan 25, 2021 at 07:05:40PM +0100, Florian Obser wrote:
> > > Unwind / libunbound goes pretty badly off the rails when an address
> > > family is not available, it still tries to talk to nameservers with an
> > > unreachable address family.
> > > I don't think it's libunbound's place to figure this out. It can't
> > > sensibly do a getifaddrs on every query...
> > > So let's help it out a bit.
> > > 
> > > OK?
> > 
> > This is better.
> > 
> > - 100% less ioctl, leading to tighter pledge after clue-bat from
> >   claudio while working in asr.
> > - also handle RTM_DESYNC, pointed out by deraadt
> Cool, it works as intended and is stable (after the other fix) for me.
> 
> > I was also toying with the idea of counting arivals and departure of
> > IP addresses using the routing socket, but getting the account right
> > seems complicated. I don't think a call to getifaddrs will be
> > triggered that often.
> I think that's fair.
> 
> Two things inline, with that
> OK kn
> 
> > +   for (ifa = ifap; ifa != NULL; ifa = ifa->ifa_next) {
> > +           if (ifa->ifa_addr == NULL)
> > +                   continue;
> > +           switch(ifa->ifa_addr->sa_family) {
> > +           case AF_LINK:
> Can you add the same comment here as well as you did in asr?
>                       /* AF_LINK comes before inet / inet6 on an interface */

Sure, thanks.

> 
> > +                   ifa_data = (struct if_data *)ifa->ifa_data;
> > +                   ifa_rtable = ifa_data->ifi_rdomain;
> > +                   break;
> > +           case AF_INET:
> > +                   if (ifa_rtable != rtable)
> > +                           continue;
> 
> 
> >     rtfilter = ROUTE_FILTER(RTM_IFINFO) | ROUTE_FILTER(RTM_PROPOSAL)
> > -       | ROUTE_FILTER(RTM_IFANNOUNCE);
> > +       | ROUTE_FILTER(RTM_IFANNOUNCE) | ROUTE_FILTER(RTM_NEWADDR)
> > +       | ROUTE_FILTER(RTM_DELADDR);
> Looks like you missed `RTM_DESYNC' here.

Nope, see rtsock.c:
   534                  /* filter messages that the process does not want */
   535                  rtm = mtod(m, struct rt_msghdr *);
   536                  /* but RTM_DESYNC can't be filtered */
   537                  if (rtm->rtm_type != RTM_DESYNC) {

> 
> >     if (setsockopt(frontend_routesock, AF_ROUTE, ROUTE_MSGFILTER,
> >         &rtfilter, sizeof(rtfilter)) == -1)
> >             fatal("setsockopt(ROUTE_MSGFILTER)");
> 

-- 
I'm not entirely sure you are real.

Reply via email to