upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-27 11:50:48 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

BUG/MINOR: tcp: fix silent-drop workaround for IPv6

Browse source 
As reported in github issue #1203 the TTL-based workaround that is used
when permissions are insufficient for the TCP_REPAIR trick does not work
for IPv6 because we're using only SOL_IP with IP_TTL. In IPv6 we have to
use SOL_IPV6 and IPV6_UNICAST_HOPS. Let's pick the right one based on the
source address's family.

This may be backported to all versions.
This commit is contained in:
Willy Tarreau 2021-03-30 17:23:50 +02:00
parent b48e7c0016
commit ab79ee8b11
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/tcp_act.c
View file

@ -207,7 +207,12 @@ static enum act_return tcp_exec_action_silent_drop(struct act_rule *rule, struct
* network and has no effect on local net. * network and has no effect on local net.
*/ */
#ifdef IP_TTL #ifdef IP_TTL
setsockopt(conn->handle.fd, SOL_IP, IP_TTL, &one, sizeof(one)); if (conn->src && conn->src->ss_family == AF_INET)
setsockopt(conn->handle.fd, SOL_IP, IP_TTL, &one, sizeof(one));
#endif
#ifdef IPV6_UNICAST_HOPS
if (conn->src && conn->src->ss_family == AF_INET6)
setsockopt(conn->handle.fd, SOL_IPV6, IPV6_UNICAST_HOPS, &one, sizeof(one));
#endif #endif
out: out:
/* kill the stream if any */ /* kill the stream if any */