Currently, it's possible to explicitly ask for forwarding from an IPv4 address, while disabling IPv4: $ pasta -t 192.0.2.1/12345 -6 or vice versa: $ pasta -t 2001:db8::1/12345 -4 Currently, the impossible to implement forwarding option will be silently ignored. That's potentially confusing since in a complex setup, it might not be obvious why the requested forward isn't taking effect. Specifically, it's ignored at a fairly low level: tcp_listen() and udp_listen() ignore it and return 0. Those run kind of late to give a good error message. Change the low-level functions to return -EACCES (chosen because that's what the kernel will return if you request IPv6 when it's disabled by sysctl). Most callers of {tcp,udp}_listen() ignore the return code, so this is a no-op for them. In the remaining caller, conf_ports_range_except() check for the case explicitly, and provide a meaningful error message. Of itself, this bug is insignificant, but this is a roadblock to having {tcp,udp}_listen() return socket fds, which in turn is a roadblock to my flexible forwarding work. So, might as well fix it. Link: https://bugs.passt.top/show_bug.cgi?id=186 Signed-off-by: David Gibson --- conf.c | 10 ++++++++++ tcp.c | 6 ++---- udp.c | 6 ++---- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/conf.c b/conf.c index 70ea168c..cc3c20a9 100644 --- a/conf.c +++ b/conf.c @@ -162,6 +162,16 @@ static void conf_ports_range_except(const struct ctx *c, char optname, optname, optarg); } + if (addr) { + if (!c->ifi4 && inany_v4(addr)) { + die("IPv4 is disabled, can't use -%c %s", + optname, optarg); + } else if (!c->ifi6 && !inany_v4(addr)) { + die("IPv6 is disabled, can't use -%c %s", + optname, optarg); + } + } + for (i = first; i <= last; i++) { if (bitmap_isset(exclude, i)) continue; diff --git a/tcp.c b/tcp.c index e7fa85f3..67007c05 100644 --- a/tcp.c +++ b/tcp.c @@ -2700,16 +2700,14 @@ int tcp_listen(const struct ctx *c, uint8_t pif, /* Restrict to v6 only */ addr = &inany_any6; else if (inany_v4(addr)) - /* Nothing to do */ - return 0; + return -EACCES; } if (!c->ifi6) { if (!addr) /* Restrict to v4 only */ addr = &inany_any4; else if (!inany_v4(addr)) - /* Nothing to do */ - return 0; + return -EACCES; } if (pif == PIF_HOST) { diff --git a/udp.c b/udp.c index eda55c39..8cfa1e1f 100644 --- a/udp.c +++ b/udp.c @@ -1162,16 +1162,14 @@ int udp_listen(const struct ctx *c, uint8_t pif, /* Restrict to v6 only */ addr = &inany_any6; else if (inany_v4(addr)) - /* Nothing to do */ - return 0; + return -EACCES; } if (!c->ifi6) { if (!addr) /* Restrict to v4 only */ addr = &inany_any4; else if (!inany_v4(addr)) - /* Nothing to do */ - return 0; + return -EACCES; } s = pif_sock_l4(c, EPOLL_TYPE_UDP_LISTEN, pif, -- 2.52.0