From patchwork Tue Jul 11 12:44:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 9834653 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2784760363 for ; Tue, 11 Jul 2017 12:45:35 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 179B426AE3 for ; Tue, 11 Jul 2017 12:45:35 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0A81F27C2D; Tue, 11 Jul 2017 12:45:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 7105C26AE3 for ; Tue, 11 Jul 2017 12:45:34 +0000 (UTC) Received: from localhost ([::1]:46149 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dUuXl-0005al-KL for patchwork-qemu-devel@patchwork.kernel.org; Tue, 11 Jul 2017 08:45:33 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34220) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dUuWh-0005ZS-RA for qemu-devel@nongnu.org; Tue, 11 Jul 2017 08:44:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dUuWg-0005RA-KX for qemu-devel@nongnu.org; Tue, 11 Jul 2017 08:44:27 -0400 Received: from mx1.redhat.com ([209.132.183.28]:38748) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dUuWg-0005QS-BD for qemu-devel@nongnu.org; Tue, 11 Jul 2017 08:44:26 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4D6937D0D4; Tue, 11 Jul 2017 12:44:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4D6937D0D4 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=berrange@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 4D6937D0D4 Received: from localhost.localdomain.com (unknown [10.42.22.189]) by smtp.corp.redhat.com (Postfix) with ESMTP id 97100757B1; Tue, 11 Jul 2017 12:44:24 +0000 (UTC) From: "Daniel P. Berrange" To: qemu-devel@nongnu.org Date: Tue, 11 Jul 2017 13:44:09 +0100 Message-Id: <20170711124411.10499-4-berrange@redhat.com> In-Reply-To: <20170711124411.10499-1-berrange@redhat.com> References: <20170711124411.10499-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 11 Jul 2017 12:44:25 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL v1 3/5] sockets: ensure we don't accept IPv4 clients when IPv4 is disabled X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP Currently if you disable listening on IPv4 addresses, via the CLI flag ipv4=off, we still mistakenly accept IPv4 clients via the IPv6 listener socket due to IPV6_V6ONLY flag being unset. We must ensure IPV6_V6ONLY is always set if ipv4=off This fixes the following scenarios -incoming tcp::9000,ipv6=on -incoming tcp:[::]:9000,ipv6=on -chardev socket,id=cdev0,host=,port=9000,server,nowait,ipv4=off -chardev socket,id=cdev0,host=,port=9000,server,nowait,ipv6=on -chardev socket,id=cdev0,host=::,port=9000,server,nowait,ipv4=off -chardev socket,id=cdev0,host=::,port=9000,server,nowait,ipv6=on which all mistakenly accepted IPv4 clients Acked-by: Gerd Hoffmann Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Eric Blake Signed-off-by: Daniel P. Berrange --- util/qemu-sockets.c | 40 +++++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c index f4ddcaf..37d386f 100644 --- a/util/qemu-sockets.c +++ b/util/qemu-sockets.c @@ -104,17 +104,16 @@ NetworkAddressFamily inet_netfamily(int family) * f t PF_INET6 * t - PF_INET * t f PF_INET - * t t PF_INET6 + * t t PF_INET6/PF_UNSPEC * * NB, this matrix is only about getting the necessary results * from getaddrinfo(). Some of the cases require further work * after reading results from getaddrinfo in order to fully - * apply the logic the end user wants. eg with the last case - * ipv4=t + ipv6=t + PF_INET6, getaddrinfo alone can only - * guarantee the ipv6=t part of the request - we need more - * checks to provide ipv4=t part of the guarantee. This is - * outside scope of this method and not currently handled by - * callers at all. + * apply the logic the end user wants. + * + * In the first and last cases, we must set IPV6_V6ONLY=0 + * when binding, to allow a single listener to potentially + * accept both IPv4+6 addresses. */ int inet_ai_family_from_address(InetSocketAddress *addr, Error **errp) @@ -124,6 +123,23 @@ int inet_ai_family_from_address(InetSocketAddress *addr, error_setg(errp, "Cannot disable IPv4 and IPv6 at same time"); return PF_UNSPEC; } + if ((addr->has_ipv6 && addr->ipv6) && (addr->has_ipv4 && addr->ipv4)) { + /* + * Some backends can only do a single listener. In that case + * we want empty hostname to resolve to "::" and then use the + * flag IPV6_V6ONLY==0 to get both protocols on 1 socket. This + * doesn't work for addresses other than "", so they're just + * inevitably broken until multiple listeners can be used, + * and thus we honour getaddrinfo automatic protocol detection + * Once all backends do multi-listener, remove the PF_INET6 + * branch entirely. + */ + if (!addr->host || g_str_equal(addr->host, "")) { + return PF_INET6; + } else { + return PF_UNSPEC; + } + } if ((addr->has_ipv6 && addr->ipv6) || (addr->has_ipv4 && !addr->ipv4)) { return PF_INET6; } @@ -213,8 +229,14 @@ static int inet_listen_saddr(InetSocketAddress *saddr, port_max = saddr->has_to ? saddr->to + port_offset : port_min; for (p = port_min; p <= port_max; p++) { #ifdef IPV6_V6ONLY - /* listen on both ipv4 and ipv6 */ - int v6only = 0; + /* + * Deals with first & last cases in matrix in comment + * for inet_ai_family_from_address(). + */ + int v6only = + ((!saddr->has_ipv4 && !saddr->has_ipv6) || + (saddr->has_ipv4 && saddr->ipv4 && + saddr->has_ipv6 && saddr->ipv6)) ? 0 : 1; #endif inet_setport(e, p); #ifdef IPV6_V6ONLY