diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2026-01-13 14:06:13 +1100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2026-01-14 01:07:51 +0100 |
| commit | d5fd945ceb379b695b8d58aeab9363509fcf6587 (patch) | |
| tree | d3a90e27d34161cc40749b1f2edb02ad68890012 | |
| parent | c0be730f2aa2243a132b3ee40c2bf05ebc84fedf (diff) | |
| download | passt-d5fd945ceb379b695b8d58aeab9363509fcf6587.tar passt-d5fd945ceb379b695b8d58aeab9363509fcf6587.tar.gz passt-d5fd945ceb379b695b8d58aeab9363509fcf6587.tar.bz2 passt-d5fd945ceb379b695b8d58aeab9363509fcf6587.tar.lz passt-d5fd945ceb379b695b8d58aeab9363509fcf6587.tar.xz passt-d5fd945ceb379b695b8d58aeab9363509fcf6587.tar.zst passt-d5fd945ceb379b695b8d58aeab9363509fcf6587.zip | |
tcp, udp, conf: Don't silently ignore listens on unsupported IP versions
Currently, it's possible to explicitly ask for forwarding from an IPv4
address, while disabling IPv4:
$ pasta -t 192.0.2.1/12345 -6
or vice versa:
$ pasta -t 2001:db8::1/12345 -4
Currently, the impossible to implement forwarding option will be silently
ignored. That's potentially confusing since in a complex setup, it might
not be obvious why the requested forward isn't taking effect.
Specifically, it's ignored at a fairly low level: tcp_listen() and
udp_listen() ignore it and return 0. Those run kind of late to give a
good error message. Change the low-level functions to return
-EAFNOSUPPORT. Most callers of {tcp,udp}_listen() ignore the return code,
so this is a no-op for them. In the remaining caller,
conf_ports_range_except() check for the case explicitly, and provide a
meaningful error message.
Of itself, this bug is insignificant, but this is a roadblock to having
{tcp,udp}_listen() return socket fds, which in turn is a roadblock to my
flexible forwarding work. So, might as well fix it.
Link: https://bugs.passt.top/show_bug.cgi?id=186
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | conf.c | 10 | ||||
| -rw-r--r-- | tcp.c | 6 | ||||
| -rw-r--r-- | udp.c | 6 |
3 files changed, 14 insertions, 8 deletions
@@ -162,6 +162,16 @@ static void conf_ports_range_except(const struct ctx *c, char optname, optname, optarg); } + if (addr) { + if (!c->ifi4 && inany_v4(addr)) { + die("IPv4 is disabled, can't use -%c %s", + optname, optarg); + } else if (!c->ifi6 && !inany_v4(addr)) { + die("IPv6 is disabled, can't use -%c %s", + optname, optarg); + } + } + for (i = first; i <= last; i++) { if (bitmap_isset(exclude, i)) continue; @@ -2699,16 +2699,14 @@ int tcp_listen(const struct ctx *c, uint8_t pif, /* Restrict to v6 only */ addr = &inany_any6; else if (inany_v4(addr)) - /* Nothing to do */ - return 0; + return -EAFNOSUPPORT; } if (!c->ifi6) { if (!addr) /* Restrict to v4 only */ addr = &inany_any4; else if (!inany_v4(addr)) - /* Nothing to do */ - return 0; + return -EAFNOSUPPORT; } if (pif == PIF_HOST) { @@ -1162,16 +1162,14 @@ int udp_listen(const struct ctx *c, uint8_t pif, /* Restrict to v6 only */ addr = &inany_any6; else if (inany_v4(addr)) - /* Nothing to do */ - return 0; + return -EAFNOSUPPORT; } if (!c->ifi6) { if (!addr) /* Restrict to v4 only */ addr = &inany_any4; else if (!inany_v4(addr)) - /* Nothing to do */ - return 0; + return -EAFNOSUPPORT; } s = pif_sock_l4(c, EPOLL_TYPE_UDP_LISTEN, pif, |