Florian Obser
2017-Nov-01 13:41 UTC
[nsd-users] make ip-transparent option work on OpenBSD
OpenBSD supports SO_BINDANY socket option from BSD/OS since 2008.
The same diff was sent to OpenBSD in 2016 by Delan Azabani but I was
not aware and basically came up with the same one.
( https://marc.info/?l=openbsd-tech&m=147747266305927&w=2 )
As far as I know it had not been submitted to nsd.
Thanks,
Florian
Index: server.c
==================================================================--- server.c
(revision 4787)
+++ server.c (working copy)
@@ -561,7 +561,7 @@
{
struct addrinfo* addr;
size_t i;
-#if defined(SO_REUSEPORT) || defined(SO_REUSEADDR) || (defined(INET6)
&& (defined(IPV6_V6ONLY) || defined(IPV6_USE_MIN_MTU) ||
defined(IPV6_MTU) || defined(IP_TRANSPARENT)) || defined(IP_FREEBIND))
+#if defined(SO_REUSEPORT) || defined(SO_REUSEADDR) || (defined(INET6)
&& (defined(IPV6_V6ONLY) || defined(IPV6_USE_MIN_MTU) ||
defined(IPV6_MTU) || defined(IP_TRANSPARENT)) || defined(IP_FREEBIND) ||
defined(SO_BINDANY))
int on = 1;
#endif
@@ -751,6 +751,12 @@
strerror(errno));
}
#endif /* IP_TRANSPARENT */
+#ifdef SO_BINDANY
+ if (setsockopt(nsd->udp[i].s, SOL_SOCKET, SO_BINDANY, &on,
sizeof(on)) < 0) {
+ log_msg(LOG_ERR, "setsockopt(...,SO_BINDANY, ...) failed for udp:
%s",
+ strerror(errno));
+ }
+#endif /* SO_BINDANY */
}
if (bind(nsd->udp[i].s, (struct sockaddr *) addr->ai_addr,
addr->ai_addrlen) != 0) {
@@ -881,6 +887,12 @@
strerror(errno));
}
#endif /* IP_TRANSPARENT */
+#ifdef SO_BINDANY
+ if (setsockopt(nsd->tcp[i].s, SOL_SOCKET, SO_BINDANY, &on,
sizeof(on)) < 0) {
+ log_msg(LOG_ERR, "setsockopt(...,SO_BINDANY, ...) failed for tcp:
%s",
+ strerror(errno));
+ }
+#endif /* SO_BINDANY */
}
if (bind(nsd->tcp[i].s, (struct sockaddr *) addr->ai_addr,
addr->ai_addrlen) != 0) {
--
I'm not entirely sure you are real.
W.C.A. Wijngaards
2017-Nov-02 08:48 UTC
[nsd-users] make ip-transparent option work on OpenBSD
Hi Florian, Thanks for the patch! I have applied it to the source code. Best regards, Wouter On 01/11/17 14:41, Florian Obser wrote:> OpenBSD supports SO_BINDANY socket option from BSD/OS since 2008. > > The same diff was sent to OpenBSD in 2016 by Delan Azabani but I was > not aware and basically came up with the same one. > > ( https://marc.info/?l=openbsd-tech&m=147747266305927&w=2 ) > > As far as I know it had not been submitted to nsd. > > Thanks, > Florian > > Index: server.c > ==================================================================> --- server.c (revision 4787) > +++ server.c (working copy) > @@ -561,7 +561,7 @@ > { > struct addrinfo* addr; > size_t i; > -#if defined(SO_REUSEPORT) || defined(SO_REUSEADDR) || (defined(INET6) && (defined(IPV6_V6ONLY) || defined(IPV6_USE_MIN_MTU) || defined(IPV6_MTU) || defined(IP_TRANSPARENT)) || defined(IP_FREEBIND)) > +#if defined(SO_REUSEPORT) || defined(SO_REUSEADDR) || (defined(INET6) && (defined(IPV6_V6ONLY) || defined(IPV6_USE_MIN_MTU) || defined(IPV6_MTU) || defined(IP_TRANSPARENT)) || defined(IP_FREEBIND) || defined(SO_BINDANY)) > int on = 1; > #endif > > @@ -751,6 +751,12 @@ > strerror(errno)); > } > #endif /* IP_TRANSPARENT */ > +#ifdef SO_BINDANY > + if (setsockopt(nsd->udp[i].s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on)) < 0) { > + log_msg(LOG_ERR, "setsockopt(...,SO_BINDANY, ...) failed for udp: %s", > + strerror(errno)); > + } > +#endif /* SO_BINDANY */ > } > > if (bind(nsd->udp[i].s, (struct sockaddr *) addr->ai_addr, addr->ai_addrlen) != 0) { > @@ -881,6 +887,12 @@ > strerror(errno)); > } > #endif /* IP_TRANSPARENT */ > +#ifdef SO_BINDANY > + if (setsockopt(nsd->tcp[i].s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on)) < 0) { > + log_msg(LOG_ERR, "setsockopt(...,SO_BINDANY, ...) failed for tcp: %s", > + strerror(errno)); > + } > +#endif /* SO_BINDANY */ > } > > if (bind(nsd->tcp[i].s, (struct sockaddr *) addr->ai_addr, addr->ai_addrlen) != 0) { > >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20171102/4c0fcc32/attachment.bin>