diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2026-06-08 21:06:17 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2026-06-10 16:48:44 +0200 |
| commit | e1a6d9ef626aa6dbcfeef97dbbab3bd69c35b4b1 (patch) | |
| tree | 7c1ecf20155b590d0ac17f0f175469450ba8f767 /doc/platform-requirements | |
| parent | 21f4d13c4cd4db24b65926265c98d5f41f0c6a9b (diff) | |
| download | passt-e1a6d9ef626aa6dbcfeef97dbbab3bd69c35b4b1.tar passt-e1a6d9ef626aa6dbcfeef97dbbab3bd69c35b4b1.tar.gz passt-e1a6d9ef626aa6dbcfeef97dbbab3bd69c35b4b1.tar.bz2 passt-e1a6d9ef626aa6dbcfeef97dbbab3bd69c35b4b1.tar.lz passt-e1a6d9ef626aa6dbcfeef97dbbab3bd69c35b4b1.tar.xz passt-e1a6d9ef626aa6dbcfeef97dbbab3bd69c35b4b1.tar.zst passt-e1a6d9ef626aa6dbcfeef97dbbab3bd69c35b4b1.zip | |
conf, util: Disable IPv6 if explicit IPv6 socket probe fails
In https://bugs.passt.top/show_bug.cgi?id=188, I originally reported
that if IPv6 is disabled in the kernel (for example via command line
parameter ipv6.disable=1, or disabled in build configuration), and we
attempt to forward any port, we'll exit right away after failing to
set up dual-stack listening sockets.
The original instance of that issue is now fixed for pasta by commit
75dcbc300bf0 ("pasta: Warn, disable matching IP version if not
supported, in local mode") together with the new implementation of
the rule forwarding table, starting from commit b223bec48213 ("fwd,
tcp, udp: Set up listening sockets based on forward table"), because
we first parse forwarding options, then probe for IPv6 support in the
target namespace (and disable IPv6 as a result), and finally bind
sockets once we already know that IPv6 support is disabled.
But we don't do that when invoked as passt, because we have no target
namespace and hence no probing for IPv6 support whatsoever.
Add IPv6 to the socket features we test in sock_probe_features(), and,
if we fail to create an IPv6 socket for whatever reason (which might
include security policies as well), disable IPv6 support altogether,
so that we won't attempt to use dual-stack sockets for port forwarding
either.
Note that the probe comes without any sort of debug message, because
at this point we haven't parsed the configuration yet, and we would
therefore print that regardless of the selected logging level and
other options, including --ipv4-only, which would be rather confusing.
I doubt we'll miss this kind of message though, IPv6 support being
disabled is anyway obvious from the initial configuration dump.
Reported-by: Chi Cuong HA <ChiCuong.HA@amadeus.com>
Reported-by: Romain Geissler <romain.geissler@amadeus.com>
Link: https://bugs.passt.top/show_bug.cgi?id=188
Fixes: 4ddd59bc6085 ("conf: Separate local mode for each IP version, don't enable disabled IP version")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'doc/platform-requirements')
0 files changed, 0 insertions, 0 deletions