[MERGE] [3.1] Clean up commReset use in combination with tproxy or tcp_outgoing_address

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Fri, 14 May 2010 03:46:01 +0200

Take three

Differences from take two is that

      * the test for IPv6 over IPv4 have been corrected, was triggering
        a bit too much, blocking IPv6 access if tcp_outgoing_address not
        set
      * Set errno to ENETUNREACH when destination blocked by family, to
        match what Linux returns if trying to connect over the socket.

I also tried to let connect() deal with the socket incompatibility, but
this failed in the way that incompatible addresses then got marked as
bad due to connect() returning ENETUNREACH and not EAFNOSUPPORT like we
expected which makes this case indistinguishable from the actual network
unreachable error case which should mark addresses as bad.

This patch backs out part of the patch for Bug #2222 and replaces it by
crudely cycling over the available addresses, trying to skip over
addresses not compatible with the current socket.

This solves issues seen when using tproxy or tcp_outgoing_address and
DNS of the requested host returns AAAA records in addition to A records.

This change is interim, waiting for the larger connection setup
overhaul. But seems to do the trick at least for me in tproxy & ipv4
setups. Unfortunately I do not have an IPv6 connection at the moment to
test IPv6 on, but I don't see how it could break IPv6.

One effect of this change is that there will be no fallback to the other
IP generation if the socket is configured to a specific outgoing
address. Priory the code threw away the outgoing address and tried
again when encountering an incompatibility.

Regards
Henrik

Received on Fri May 14 2010 - 01:46:07 MDT

This archive was generated by hypermail 2.2.0 : Tue May 18 2010 - 12:00:09 MDT