Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

toa: support inet6 socket -> inet socket #670

Open
wants to merge 4 commits into
base: devel
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 23 additions & 8 deletions kmod/toa/toa.c
Original file line number Diff line number Diff line change
Expand Up @@ -456,14 +456,29 @@ inet_getname_toa(struct socket *sock, struct sockaddr *uaddr,
ntohs(tdata.port));
sin->sin_port = tdata.port;
sin->sin_addr.s_addr = tdata.ip;
} else { /* sk_user_data doesn't belong to us */
TOA_INC_STATS(ext_stats,
GETNAME_TOA_MISMATCH_CNT);
TOA_DBG("inet_getname_toa: invalid toa data, "
"ip "TOA_NIPQUAD_FMT" port %u opcode %u "
"opsize %u\n",
TOA_NIPQUAD(tdata.ip), ntohs(tdata.port),
tdata.opcode, tdata.opsize);
} else {
struct toa_ip6_entry* ptr_ip6_entry = sk->sk_user_data;
struct toa_ip6_data* ptr_ip6_data = &ptr_ip6_entry->toa_data;

if (TCPOPT_TOA == ptr_ip6_data->opcode &&
TCPOLEN_IP6_TOA == ptr_ip6_data->opsize) {
TOA_INC_STATS(ext_stats, GETNAME_TOA_OK_CNT);
TOA_DBG("inet_getname_toa: set new sockaddr, ip "
TOA_NIPQUAD_FMT" -> "TOA_NIPQUAD_FMT
", port %u -> %u\n",
TOA_NIPQUAD(sin->sin_addr.s_addr),
TOA_NIPQUAD(ptr_ip6_data->in6_addr.s6_addr32[3]), ntohs(sin->sin_port),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The IPv6 address is truncated to fit the IPv4 address size. Is the truncated address more meaningful than the original IP address derived from inet_getname.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IPv4-mapped IPv6 address

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. If toa_data stores the ipv4-mapped ipv6 address, and this is the only case, you should validate the address format to ensure its has ::ffff:x.x.xx format.
  2. Do you have the case that the client address in toa_data is ipv4-mapped ipv6 address. The toa data is inserted by DPVS without considering socket's address family. I don't think there exists a case where toa_data contains ipv4-mapped address.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

场景大概是这样:
用户是IPv4,DPVS上配置的RS地址也是IPv4,RS真实监听的只有IPv6,但是可能会通过setsockopt改成AF_INET类型。
这个虽然不常见,但是RFC允许只监听IPv6的服务接收IPv4的连接。
这种场景下,当连接进来时,在RS上的TOA module看来,这是一个IPv6的监听,所以会把这个IPv4地址map成IPv6地址放到sk_user_data里(代码373行)。
然后RS上层应用看出来这是个V4的连接,然后调用setsockopt接口把连接类型改为V4,然后再获取对端地址的时候就会调用TOA module中的inet_getname_toa了。
目前,inet_getname_toa没有考虑这种情况,因此拿不到用户地址。

针对你上述两个异议的回答:

  1. 如果userdata里是一个正常的IPv6地址,那场景应该是NAT64
  2. 这个场景是我们真实遇到的;如上面所述,这个地址不是DPVS放进来的,而是TOA自己把V4 map 成V6,放到sk_user_data里的

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

场景大概是这样: 用户是IPv4,DPVS上配置的RS地址也是IPv4,RS真实监听的只有IPv6,但是可能会通过setsockopt改成AF_INET类型。 这个虽然不常见,但是RFC允许只监听IPv6的服务接收IPv4的连接。 这种场景下,当连接进来时,在RS上的TOA module看来,这是一个IPv6的监听,所以会把这个IPv4地址map成IPv6地址放到sk_user_data里(代码373行)。 然后RS上层应用看出来这是个V4的连接,然后调用setsockopt接口把连接类型改为V4,然后再获取对端地址的时候就会调用TOA module中的inet_getname_toa了。 目前,inet_getname_toa没有考虑这种情况,因此拿不到用户地址。

针对你上述两个异议的回答:

  1. 如果userdata里是一个正常的IPv6地址,那场景应该是NAT64
  2. 这个场景是我们真实遇到的;如上面所述,这个地址不是DPVS放进来的,而是TOA自己把V4 map 成V6,放到sk_user_data里的

”RFC允许只监听IPv6的服务接收IPv4的连接“这个和 ”通过setsockopt改成AF_INET类型“没有关系吧?”通过setsockopt改成AF_INET类型“是另外一个场景的需求?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

我的理解是,setsockopt之所以支持把AF_INET6的socket改成AF_INET4,就是为了实现这个RFC。

ntohs(ptr_ip6_data->port));
sin->sin_port = ptr_ip6_data->port;
sin->sin_addr.s_addr = ptr_ip6_data->in6_addr.s6_addr32[3]; // trans v6 to v4
} else { /* sk_user_data doesn't belong to us */
TOA_INC_STATS(ext_stats,GETNAME_TOA_MISMATCH_CNT);
TOA_DBG("inet_getname_toa: invalid toa data, "
"ip "TOA_NIPQUAD_FMT" port %u opcode %u "
"opsize %u\n",
TOA_NIPQUAD(tdata.ip), ntohs(tdata.port),
tdata.opcode, tdata.opsize);
}
}
} else {
TOA_INC_STATS(ext_stats, GETNAME_TOA_BYPASS_CNT);
Expand Down