Differential D24135
IPV6_PKTINFO support for v4-mapped IPv6 sockets Authored by bz on Mar 20 2020, 9:29 AM. Tags None Referenced Files
Subscribers
Details
When using v4-mapped IPv6 sockets with IPV6_PKTINFO we do not Requested by: Gert Doering (gert greenie.net) Leave that to Gert, I don't like v4-mapped IPv6 sockets.
Diff Detail
Event TimelineComment Actions Actually check that PRUS_IPV6 is set before accepting the IPv6 Comment Actions Thank you for adding this! As this functionality is not the commonly-used one, would it be possible to add some verification tests as well? It looks like some python can easily do the trick w.r.t send path: import socket, struct
s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
s.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, struct.pack('I', 0))
# Send with default src
s.sendto('test'.encode('utf-8'), ('::ffff:192.168.53.1', 4242))
# Send with custom src
sopt = struct.pack('16pI', socket.inet_pton(socket.AF_INET6, '::ffff:192.168.53.199'), 0)
s.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_PKTINFO, sopt)
s.sendto('test'.encode('utf-8'), ('::ffff:192.168.53.1', 4242))I guess it could be more or less easily embodied as an additional test in the files added by https://reviews.freebsd.org/D24138
Comment Actions Hi, I gave this a test today, and it did not work for me. Namely, when using sendto() on a 12.1-RELEASE-p3 kernel with this patch applied (it applied with little fuzz, so I assume this was okay to do) I get EINVAL for every IPv4-UDP packet sent over my dual-stack socket. Unmodified 12.1-RELEASE-p3 with the same code will just ignore the option and use the primary IPv4 address of the interface. Looking at the patch, EINVAL can only be triggered by "not sizeof(in6_pktinfo)" or "not a v4-mapped address". So I added some printf() to udp_usrreq.c, and got back "the size of the structure is good", but it does not like the address I pass in. printf()'ing the address confirms "it is what I pass in, and it's *so* an v4 mapped address, and IN6_IS_ADDR_V4MAPPED() actually confirms... - so: the logic is wrong, it needs to be if (!IN6_IS_ADDR_V4MAPPED(&pktinfo->ipi6_addr) &&
!IN6_IS_ADDR_UNSPECIFIED(&pktinfo->ipi6_addr(or "if( ! (v4mapped || unspecified) )", which might be easier to read). With that change, I can confirm that OpenVPN will now handle multiple different v4 addresses on a dual-stacked v6 socket just fine. Thanks, bz, for diving into this.
Comment Actions Correct logic bug identified by gert.
Comment Actions This new patch, with the logic error regarding PRUS_IPV6 check fixed, still leads to EINVAL for me. Tracing this with liberally applied printf()'s, the EINVAL is coming from in_pcbbind_setup(), namely this check } else {
sin = (struct sockaddr_in *)nam;
if (nam->sa_len != sizeof (*sin))with the values "nam->sa_len=8, sizeof(*sin)=16"... AAAH! tracked this to a missing "*" in "sizeof(*src)" (oversight when converting from struct to pointer). Commented inline as well. With these two changes applied, OpenVPN is "back to working".
Comment Actions Fix more errors of in-between work. Comment Actions LGTM. Though, adding a test for this scenario would really help. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||