On 04/07/17 23:56, Sebastian Benoit wrote: > Florian Obser(flor...@openbsd.org) on 2017.07.04 19:27:15 +0000: >> On Fri, Jun 23, 2017 at 01:52:52PM +0300, Kapetanakis Giannis wrote: >>> Hi, >>> >>> Using relayd's redirect/forward on ipv6 addresses I discovered problems >>> relating to setting TTL. >>> >>> There is no check for address family and setsockopt tries to apply IP_TTL >>> always. >>> >>> Without ip ttl on ipv6 table, check_icmp gives >>> send_icmp: getsockopt: Invalid argument >>> >>> I've removed the IP_IPDEFTTL check. Was this ok? >> >> Nope, relayd reuses the raw socket between config reloads (I think), >> if the ttl gets removed from the config we need to reset to the >> default. Don't think there is a getsockopt for v6, you can take a look > > i think jca@ once had a diff for somethin called IPV6_MINHOPLIMIT? Unsure if > thats what we need here though. > >> at the sysctl(3) song and dance in traceroute(8) how to do this >> somewhat AF independet. >> >> Also please make sure to not exceed 80 cols
Thanks for the commit on check_tcp. My tabstop was set to 3 and not 8. fixed that, but it looks ugly. According to ip6(4): IPV6_UNICAST_HOPS int * Get or set the default hop limit header field for outgoing unicast datagrams sent on this socket. A value of -1 resets to the default value. So I changed the diff and use this. Couldn't make it work with sysctl. comments? Giannis ps. There is still a patch on @tech for alternative socket name. Could you also have a look there when you have some time? thanks Index: check_icmp.c =================================================================== RCS file: /cvs/src/usr.sbin/relayd/check_icmp.c,v retrieving revision 1.45 diff -u -p -r1.45 check_icmp.c --- check_icmp.c 28 May 2017 10:39:15 -0000 1.45 +++ check_icmp.c 5 Jul 2017 14:35:03 -0000 @@ -168,6 +168,7 @@ send_icmp(int s, short event, void *arg) socklen_t slen, len; int i = 0, ttl; u_int32_t id; + int ip6_def_hlim = -1; if (event == EV_TIMEOUT) { icmp_checks_timeout(cie, HCE_ICMP_WRITE_TIMEOUT); @@ -220,18 +221,46 @@ send_icmp(int s, short event, void *arg) sizeof(packet)); } - if ((ttl = host->conf.ttl) > 0) - (void)setsockopt(s, IPPROTO_IP, IP_TTL, - &host->conf.ttl, sizeof(int)); - else { - /* Revert to default TTL */ - len = sizeof(ttl); - if (getsockopt(s, IPPROTO_IP, IP_IPDEFTTL, - &ttl, &len) == 0) - (void)setsockopt(s, IPPROTO_IP, IP_TTL, - &ttl, len); - else - log_warn("%s: getsockopt",__func__); + switch(cie->af) { + case AF_INET: + if ((ttl = host->conf.ttl) > 0) { + if (setsockopt(s, IPPROTO_IP, IP_TTL, + &host->conf.ttl, sizeof(int)) == -1) + log_warn("%s: setsockopt", + __func__); + } + else { + /* Revert to default TTL */ + len = sizeof(ttl); + if (getsockopt(s, IPPROTO_IP, + IP_IPDEFTTL, &ttl, &len) == 0) { + if (setsockopt(s, IPPROTO_IP, + IP_TTL, &ttl, len) == -1) + log_warn( + "%s: setsockopt", + __func__); + } + else + log_warn("%s: getsockopt",__func__); + } + break; + case AF_INET6: + if ((ttl = host->conf.ttl) > 0) { + if (setsockopt(s, IPPROTO_IPV6, + IPV6_UNICAST_HOPS, &host->conf.ttl, + sizeof(int)) == -1) + log_warn("%s: setsockopt", + __func__); + } + else { + /* Revert to default hop limit */ + if (setsockopt(s, IPPROTO_IPV6, + IPV6_UNICAST_HOPS, &ip6_def_hlim, + sizeof(int)) == -1) + log_warn("%s: setsockopt", + __func__); + } + break; } r = sendto(s, packet, sizeof(packet), 0, to, slen);