-
Notifications
You must be signed in to change notification settings - Fork 734
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
toa: support inet6 socket -> inet socket #670
base: devel
Are you sure you want to change the base?
Conversation
Why should we call |
TOA_NIPQUAD_FMT" -> "TOA_NIPQUAD_FMT | ||
", port %u -> %u\n", | ||
TOA_NIPQUAD(sin->sin_addr.s_addr), | ||
TOA_NIPQUAD(ptr_ip6_data->in6_addr.s6_addr32[3]), ntohs(sin->sin_port), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The IPv6 address is truncated to fit the IPv4 address size. Is the truncated address more meaningful than the original IP address derived from inet_getname
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IPv4-mapped IPv6 address
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- If
toa_data
stores the ipv4-mapped ipv6 address, and this is the only case, you should validate the address format to ensure its has ::ffff:x.x.xx format. - Do you have the case that the client address in
toa_data
is ipv4-mapped ipv6 address. The toa data is inserted by DPVS without considering socket's address family. I don't think there exists a case wheretoa_data
contains ipv4-mapped address.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
场景大概是这样:
用户是IPv4,DPVS上配置的RS地址也是IPv4,RS真实监听的只有IPv6,但是可能会通过setsockopt改成AF_INET类型。
这个虽然不常见,但是RFC允许只监听IPv6的服务接收IPv4的连接。
这种场景下,当连接进来时,在RS上的TOA module看来,这是一个IPv6的监听,所以会把这个IPv4地址map成IPv6地址放到sk_user_data里(代码373行)。
然后RS上层应用看出来这是个V4的连接,然后调用setsockopt接口把连接类型改为V4,然后再获取对端地址的时候就会调用TOA module中的inet_getname_toa了。
目前,inet_getname_toa没有考虑这种情况,因此拿不到用户地址。
针对你上述两个异议的回答:
- 如果userdata里是一个正常的IPv6地址,那场景应该是NAT64
- 这个场景是我们真实遇到的;如上面所述,这个地址不是DPVS放进来的,而是TOA自己把V4 map 成V6,放到sk_user_data里的
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
场景大概是这样: 用户是IPv4,DPVS上配置的RS地址也是IPv4,RS真实监听的只有IPv6,但是可能会通过setsockopt改成AF_INET类型。 这个虽然不常见,但是RFC允许只监听IPv6的服务接收IPv4的连接。 这种场景下,当连接进来时,在RS上的TOA module看来,这是一个IPv6的监听,所以会把这个IPv4地址map成IPv6地址放到sk_user_data里(代码373行)。 然后RS上层应用看出来这是个V4的连接,然后调用setsockopt接口把连接类型改为V4,然后再获取对端地址的时候就会调用TOA module中的inet_getname_toa了。 目前,inet_getname_toa没有考虑这种情况,因此拿不到用户地址。
针对你上述两个异议的回答:
- 如果userdata里是一个正常的IPv6地址,那场景应该是NAT64
- 这个场景是我们真实遇到的;如上面所述,这个地址不是DPVS放进来的,而是TOA自己把V4 map 成V6,放到sk_user_data里的
”RFC允许只监听IPv6的服务接收IPv4的连接“这个和 ”通过setsockopt改成AF_INET类型“没有关系吧?”通过setsockopt改成AF_INET类型“是另外一个场景的需求?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
我的理解是,setsockopt之所以支持把AF_INET6的socket改成AF_INET4,就是为了实现这个RFC。
Release v1.8.10
Release v1.9.0
when we use setsockopt turning an AF_INET6 socket into an AF_INET socket, it will call inet_getname_toa instead of inet6_getname_toa to get peer name. In this situation,it cann't read the toa data right.