diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2026-05-15 18:24:33 +1000 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2026-05-16 17:05:56 +0200 |
| commit | 666ef9e20c5c0ef2a5a61a7a7b68b9e2421e14e9 (patch) | |
| tree | 2de0c2305637cc8d1109590e01044182bc9dec9e | |
| parent | 8bb21e3209d978b5337d4f21fd0d018e8012f059 (diff) | |
| download | passt-666ef9e20c5c0ef2a5a61a7a7b68b9e2421e14e9.tar passt-666ef9e20c5c0ef2a5a61a7a7b68b9e2421e14e9.tar.gz passt-666ef9e20c5c0ef2a5a61a7a7b68b9e2421e14e9.tar.bz2 passt-666ef9e20c5c0ef2a5a61a7a7b68b9e2421e14e9.tar.lz passt-666ef9e20c5c0ef2a5a61a7a7b68b9e2421e14e9.tar.xz passt-666ef9e20c5c0ef2a5a61a7a7b68b9e2421e14e9.tar.zst passt-666ef9e20c5c0ef2a5a61a7a7b68b9e2421e14e9.zip | |
fwd_rule: Don't attempt dual stack listen()s if only one IP family
With the recent rework to forwarding configuration, we're stricter about
what forwarding rules we allow. In particular we don't allow dual stack
forwards (listening on both IPv4 and IPv6 addresses) if we only have one
IP family enabled.
This makes what I think was a pre-existing minor bug into a nasty failure.
If we use default forwards with no address specified, e.g.:
$ pasta -t 1234 -4
$ pasta -U 4321 -6
these are interpreted as dual-stack forwards. Previously these would be
applied, leading to a surprising dual stack socket. Since 0aeda87ca185,
they instead result in an immediate fatal error.
Add logic to interpret a default "any" address as only one IP family if
only one IP family is enabled.
Link: https://bugs.passt.top/show_bug.cgi?id=205
Reported-by: <j.d03@cpc.cx>
Fixes: 0aeda87ca185 ("conf, fwd: Stricter rule checking in fwd_rule_add()")
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | fwd_rule.c | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -650,8 +650,9 @@ bad: void fwd_rule_parse(char optname, bool del, const char *optarg, struct fwd_table *fwd) { - union inany_addr addr_buf = inany_any6, *addr = &addr_buf; char buf[BUFSIZ], *spec, *ifname = NULL; + union inany_addr addr_buf = inany_any6; + const union inany_addr *addr = &addr_buf; uint8_t proto; if (optname == 't' || optname == 'T') @@ -708,7 +709,7 @@ void fwd_rule_parse(char optname, bool del, const char *optarg, p++; } - if (!inany_pton(p, addr)) + if (!inany_pton(p, &addr_buf)) die("Bad forwarding address '%s'", p); } } else { @@ -741,6 +742,12 @@ void fwd_rule_parse(char optname, bool del, const char *optarg, ifname = "lo"; } + /* No need for dual stack if we only have one IP version */ + if (!addr && !(fwd->caps & FWD_CAP_IPV4)) + addr = &inany_any6; + else if (!addr && !(fwd->caps & FWD_CAP_IPV6)) + addr = &inany_any4; + if (ifname && !(fwd->caps & FWD_CAP_IFNAME)) { die( "Device binding for '-%c %s' unsupported (requires kernel 5.7+)", |