Add IPv6 support to redudp

Not verified
coderfordev · Mar 1, 2020 · ad2732e · ad2732e
1 parent abeae8f
commit ad2732e
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 10 deletions.
diff --git a/libc-compat.h b/libc-compat.h
@@ -17,6 +17,16 @@
 #   define IP_RECVORIGDSTADDR IP_ORIGDSTADDR
 #endif
 
+#ifndef IPV6_ORIGDSTADDR
+#   warning Using hardcoded value for IPV6_ORIGDSTADDR as libc headers do not define it.
+#   define IPV6_ORIGDSTADDR 74
+#endif
+
+#ifndef IPV6_RECVORIGDSTADDR
+#   warning Using hardcoded value for IPV6_RECVORIGDSTADDR as libc headers do not define it.
+#   define IPV6_RECVORIGDSTADDR IPV6_ORIGDSTADDR
+#endif
+
 #ifndef IP_TRANSPARENT
 #   warning Using hardcoded value for IP_TRANSPARENT as libc headers do not define it.
 #   define IP_TRANSPARENT 19

diff --git a/redudp.c b/redudp.c
@@ -220,7 +220,8 @@ static void bound_udp4_action(const void *nodep, const VISIT which, const int de
 
 static int do_tproxy(redudp_instance* instance)
 {
-    return instance->config.dest == NULL;
+    // When listner is bound to IPv6 address, TPORXY must be used.
+    return instance->config.bindaddr.ss_family == AF_INET6 || instance->config.dest == NULL;
 }
 
 struct sockaddr_storage* get_destaddr(redudp_client *client)
@@ -575,7 +576,7 @@ static int redudp_init_instance(redudp_instance *instance)
         goto fail;
     }
 
-    fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+    fd = socket(instance->config.bindaddr.ss_family, SOCK_DGRAM, IPPROTO_UDP);
     if (fd == -1) {
         log_errno(LOG_ERR, "socket");
         goto fail;
@@ -586,13 +587,25 @@ static int redudp_init_instance(redudp_instance *instance)
         // iptables TPROXY target does not send packets to non-transparent sockets
         if (0 != make_socket_transparent(fd))
             goto fail;
-
-        error = setsockopt(fd, SOL_IP, IP_RECVORIGDSTADDR, &on, sizeof(on));
-        if (error) {
-            log_errno(LOG_ERR, "setsockopt(listener, SOL_IP, IP_RECVORIGDSTADDR)");
-            goto fail;
+
+#ifdef SOL_IPV6
+        if (instance->config.bindaddr.ss_family == AF_INET) {
+#endif
+            error = setsockopt(fd, SOL_IP, IP_RECVORIGDSTADDR, &on, sizeof(on));
+            if (error) {
+                log_errno(LOG_ERR, "setsockopt(listener, SOL_IP, IP_RECVORIGDSTADDR)");
+                goto fail;
+            }
+#ifdef SOL_IPV6
         }
-
+        else {
+            error = setsockopt(fd, SOL_IPV6, IPV6_RECVORIGDSTADDR, &on, sizeof(on));
+            if (error) {
+                log_errno(LOG_ERR, "setsockopt(listener, SOL_IPV6, IPV6_RECVORIGDSTADDR)");
+                goto fail;
+            }
+        }
+#endif
         log_error(LOG_INFO, "redudp @ %s: TPROXY", red_inet_ntop(&instance->config.bindaddr, buf1, sizeof(buf1)));
     }
     else {

diff --git a/utils.c b/utils.c
@@ -75,8 +75,11 @@ int red_recv_udp_pkt(
         memset(toaddr, 0, sizeof(*toaddr));
         for (struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
             if (
-                cmsg->cmsg_level == SOL_IP &&
-                cmsg->cmsg_type == IP_ORIGDSTADDR &&
+                ((cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_ORIGDSTADDR)
+#ifdef SOL_IPV6
+		 || (cmsg->cmsg_level == SOL_IPV6 && cmsg->cmsg_type == IPV6_ORIGDSTADDR)
+#endif
+		 ) &&
                 (cmsg->cmsg_len == CMSG_LEN(sizeof(struct sockaddr_in))
                  || cmsg->cmsg_len == CMSG_LEN(sizeof(struct sockaddr_in6))) &&
                 cmsg->cmsg_len <= CMSG_LEN(sizeof(*toaddr))