diff --git a/lib/isc/netmgr/netmgr-int.h b/lib/isc/netmgr/netmgr-int.h index 0b93c22903..b8a49feef2 100644 --- a/lib/isc/netmgr/netmgr-int.h +++ b/lib/isc/netmgr/netmgr-int.h @@ -1849,6 +1849,12 @@ isc__nm_socket_disable_pmtud(uv_os_sock_t fd, sa_family_t sa_family); * option, or setting the IP(V6)_MTU_DISCOVER socket option to IP_PMTUDISC_OMIT */ +isc_result_t +isc__nm_socket_v6only(uv_os_sock_t fd, sa_family_t sa_family); +/*%< + * Restrict the socket to sending and receiving IPv6 packets only + */ + isc_result_t isc__nm_socket_connectiontimeout(uv_os_sock_t fd, int timeout_ms); /*%< diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c index 0af8b1044d..481cc61586 100644 --- a/lib/isc/netmgr/netmgr.c +++ b/lib/isc/netmgr/netmgr.c @@ -3183,6 +3183,25 @@ isc__nm_socket_disable_pmtud(uv_os_sock_t fd, sa_family_t sa_family) { return (ISC_R_NOTIMPLEMENTED); } +isc_result_t +isc__nm_socket_v6only(uv_os_sock_t fd, sa_family_t sa_family) { + /* + * Enable the IPv6-only option on IPv6 sockets + */ + if (sa_family == AF_INET6) { +#if defined(IPV6_V6ONLY) + if (setsockopt_on(fd, IPPROTO_IPV6, IPV6_V6ONLY) == -1) { + return (ISC_R_FAILURE); + } else { + return (ISC_R_SUCCESS); + } +#else + UNUSED(fd); +#endif + } + return (ISC_R_NOTIMPLEMENTED); +} + isc_result_t isc_nm_checkaddr(const isc_sockaddr_t *addr, isc_socktype_t type) { int proto, pf, addrlen, fd, r; diff --git a/lib/isc/netmgr/tcp.c b/lib/isc/netmgr/tcp.c index 2a600c1430..d97c2b486c 100644 --- a/lib/isc/netmgr/tcp.c +++ b/lib/isc/netmgr/tcp.c @@ -367,6 +367,7 @@ isc__nm_tcp_lb_socket(sa_family_t sa_family) { RUNTIME_CHECK(result == ISC_R_SUCCESS); (void)isc__nm_socket_incoming_cpu(sock); + (void)isc__nm_socket_v6only(sock, sa_family); /* FIXME: set mss */ diff --git a/lib/isc/netmgr/tcpdns.c b/lib/isc/netmgr/tcpdns.c index 6c840634f4..8999207e0a 100644 --- a/lib/isc/netmgr/tcpdns.c +++ b/lib/isc/netmgr/tcpdns.c @@ -334,6 +334,7 @@ isc__nm_tcpdns_lb_socket(sa_family_t sa_family) { RUNTIME_CHECK(result == ISC_R_SUCCESS); (void)isc__nm_socket_incoming_cpu(sock); + (void)isc__nm_socket_v6only(sock, sa_family); /* FIXME: set mss */ diff --git a/lib/isc/netmgr/tlsdns.c b/lib/isc/netmgr/tlsdns.c index 385a18aace..135a854662 100644 --- a/lib/isc/netmgr/tlsdns.c +++ b/lib/isc/netmgr/tlsdns.c @@ -401,6 +401,7 @@ isc__nm_tlsdns_lb_socket(sa_family_t sa_family) { RUNTIME_CHECK(result == ISC_R_SUCCESS); (void)isc__nm_socket_incoming_cpu(sock); + (void)isc__nm_socket_v6only(sock, sa_family); /* FIXME: set mss */ diff --git a/lib/isc/netmgr/udp.c b/lib/isc/netmgr/udp.c index 4cb3fdc429..0b7f01037f 100644 --- a/lib/isc/netmgr/udp.c +++ b/lib/isc/netmgr/udp.c @@ -94,6 +94,7 @@ isc__nm_udp_lb_socket(sa_family_t sa_family) { (void)isc__nm_socket_incoming_cpu(sock); (void)isc__nm_socket_disable_pmtud(sock, sa_family); + (void)isc__nm_socket_v6only(sock, sa_family); result = isc__nm_socket_reuse(sock); RUNTIME_CHECK(result == ISC_R_SUCCESS); diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c index 84540d3c95..1335f4497c 100644 --- a/lib/ns/interfacemgr.c +++ b/lib/ns/interfacemgr.c @@ -544,10 +544,6 @@ ns_interface_listentcp(ns_interface_t *ifp) { } #if 0 -#ifndef ISC_ALLOW_MAPPED - isc_socket_ipv6only(ifp->tcpsocket, true); -#endif /* ifndef ISC_ALLOW_MAPPED */ - if (ifp->dscp != -1) { isc_socket_dscp(ifp->tcpsocket,ifp->dscp); } @@ -983,12 +979,10 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) { * packets as the form of mapped addresses unintentionally * unless explicitly allowed. */ -#ifndef ISC_ALLOW_MAPPED if (scan_ipv6 && isc_net_probe_ipv6only() != ISC_R_SUCCESS) { ipv6only = false; log_explicit = true; } -#endif /* ifndef ISC_ALLOW_MAPPED */ if (scan_ipv6 && isc_net_probe_ipv6pktinfo() != ISC_R_SUCCESS) { ipv6pktinfo = false; log_explicit = true;