mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 15:47:01 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: warn on bind on multiple addresses if no IP_PKTINFO support

Browse Source 
Binding on multiple addresses for QUIC is safe only if IP_PKTINFO or
equivalent is available. Else, the behavior may be undefined as the
system is responsible to choose the network interface and source address
on response.

This commit adds a warning on boot if no or partial support for
IP_PKTINFO or equivalent is detected and configuration contains UDP
binding on multiple addresses.

This should be backported up to 2.6. Special backport recommdations :
* change ha_warning() to ha_diag_warning() to ensure no spurrious
  warnings will be triggered on stable releases
* IP_PKTINFO usage was introduced on 2.7. For 2.6, multiple addresses
  QUIC binding is always unreliable. As such, preprocessor condition
  must simply be removed so that the warning is always active regarding
  of the system. Warning message should also be truncated to suppress
  IP_PKTINFO reference.
This commit is contained in:
Amaury Denoyelle 2024-02-16 15:40:06 +01:00
parent f01ae9f075
commit 9b806550b7
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/listener.c
View File

@ -2195,6 +2195,9 @@ int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg,
*/ */
if ((bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) == (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) { if ((bind_conf->options & (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) == (BC_O_USE_SOCK_DGRAM|BC_O_USE_XPRT_STREAM)) {
#ifdef USE_QUIC #ifdef USE_QUIC
struct listener *l __maybe_unused;
int listener_count __maybe_unused = 0;
bind_conf->xprt = xprt_get(XPRT_QUIC); bind_conf->xprt = xprt_get(XPRT_QUIC);
if (!(bind_conf->options & BC_O_USE_SSL)) { if (!(bind_conf->options & BC_O_USE_SSL)) {
bind_conf->options |= BC_O_USE_SSL; bind_conf->options |= BC_O_USE_SSL;
@ -2202,6 +2205,17 @@ int bind_parse_args_list(struct bind_conf *bind_conf, char **args, int cur_arg,
file, linenum, args[0], args[1], section); file, linenum, args[0], args[1], section);
} }
quic_transport_params_init(&bind_conf->quic_params, 1); quic_transport_params_init(&bind_conf->quic_params, 1);
#if (!defined(IP_PKTINFO) && !defined(IP_RECVDSTADDR)) || !defined(IPV6_RECVPKTINFO)
list_for_each_entry(l, &bind_conf->listeners, by_bind) {
if (++listener_count > 1 || !is_inet_addr(&l->rx.addr)) {
ha_warning("parsing [%s:%d] : '%s %s' in section '%s' : UDP binding on multiple addresses without IP_PKTINFO or equivalent support may be unreliable.\n",
file, linenum, args[0], args[1], section);
break;
}
}
#endif /* (!IP_PKTINFO && !IP_RECVDSTADDR) || !IPV6_RECVPKTINFO */
#else #else
ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : QUIC protocol selected but support not compiled in (check build options).\n", ha_alert("parsing [%s:%d] : '%s %s' in section '%s' : QUIC protocol selected but support not compiled in (check build options).\n",
file, linenum, args[0], args[1], section); file, linenum, args[0], args[1], section);