From patchwork Fri Apr 28 12:15:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 9704543 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 39B5E60225 for ; Fri, 28 Apr 2017 12:16:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2BAF62866F for ; Fri, 28 Apr 2017 12:16:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1E80128682; Fri, 28 Apr 2017 12:16:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 9E4222866F for ; Fri, 28 Apr 2017 12:16:44 +0000 (UTC) Received: from localhost ([::1]:36816 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d44pH-00014j-Ca for patchwork-qemu-devel@patchwork.kernel.org; Fri, 28 Apr 2017 08:16:43 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38762) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1d44oj-00014e-4C for qemu-devel@nongnu.org; Fri, 28 Apr 2017 08:16:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1d44oe-0001Cq-5C for qemu-devel@nongnu.org; Fri, 28 Apr 2017 08:16:09 -0400 Received: from mx1.redhat.com ([209.132.183.28]:58566) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1d44od-0001Bk-TC for qemu-devel@nongnu.org; Fri, 28 Apr 2017 08:16:04 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 9A448A08F6 for ; Fri, 28 Apr 2017 12:16:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 9A448A08F6 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 9A448A08F6 Received: from t460.redhat.com (ovpn-117-183.ams2.redhat.com [10.36.117.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9DB658821A; Fri, 28 Apr 2017 12:15:56 +0000 (UTC) From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Fri, 28 Apr 2017 13:15:53 +0100 Message-Id: <20170428121553.22408-1-berrange@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 28 Apr 2017 12:16:02 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH] sockets: ensure we can bind to both ipv4 & ipv6 separately X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Gerd Hoffmann Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP When binding to an IPv6 socket we currently force the IPV6_V6ONLY flag to off. This means that the IPv6 socket will accept both IPv4 & IPv6 sockets when QEMU is launched with something like -vnc :::1 While this is good for that case, it is bad for other cases. For example if an empty hostname is given, getaddrinfo resolves it to 2 addresses 0.0.0.0 and ::, in that order. We will thus bind to 0.0.0.0 first, and then fail to bind to :: on the same port. The same problem can happen if any other hostname lookup causes the IPv4 address to be reported before the IPv6 address. When we get an IPv6 bind failure, we should re-try the same port, but with IPV6_V6ONLY turned on again, to avoid clash with any IPv4 listener. This ensures that -vnc :1 will bind successfully to both 0.0.0.0 and ::, and also avoid -vnc :1,to=2 from mistakenly using a 2nd port for the :: listener. Signed-off-by: Daniel P. Berrange Reviewed-by: Eric Blake --- util/qemu-sockets.c | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c index 8188d9a..75d1e0f 100644 --- a/util/qemu-sockets.c +++ b/util/qemu-sockets.c @@ -207,22 +207,36 @@ static int inet_listen_saddr(InetSocketAddress *saddr, } socket_set_fast_reuse(slisten); -#ifdef IPV6_V6ONLY - if (e->ai_family == PF_INET6) { - /* listen on both ipv4 and ipv6 */ - const int off = 0; - qemu_setsockopt(slisten, IPPROTO_IPV6, IPV6_V6ONLY, &off, - sizeof(off)); - } -#endif port_min = inet_getport(e); port_max = saddr->has_to ? saddr->to + port_offset : port_min; for (p = port_min; p <= port_max; p++) { inet_setport(e, p); +#ifdef IPV6_V6ONLY + if (e->ai_family == PF_INET6) { + /* listen on both ipv4 and ipv6 */ + const int off = 0; + qemu_setsockopt(slisten, IPPROTO_IPV6, IPV6_V6ONLY, &off, + sizeof(off)); + } +#endif if (bind(slisten, e->ai_addr, e->ai_addrlen) == 0) { goto listen; } + +#ifdef IPV6_V6ONLY + if (e->ai_family == PF_INET6 && errno == EADDRINUSE) { + /* listen on only ipv6 */ + const int on = 1; + qemu_setsockopt(slisten, IPPROTO_IPV6, IPV6_V6ONLY, &on, + sizeof(on)); + + if (bind(slisten, e->ai_addr, e->ai_addrlen) == 0) { + goto listen; + } + } +#endif + if (p == port_max) { if (!e->ai_next) { error_setg_errno(errp, errno, "Failed to bind socket");