rpms / squid

Clone
Source Code
GIT

Blame SOURCES/squid-4.15-ip-bind-address-no-port.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-4 c8-stream-4 c8s-stream-4 c9 c9-beta
  1.   c8-beta-stream-4
  2.   SOURCES
  3.   squid-4.15-ip-bind-address-no-port.patch
Blob History Raw
6952d5 
commit c08948c8b831a2ba73c676b48aa11ba1b58cc542
6952d5 
Author: Tomas Korbar <tkorbar@redhat.com>
6952d5 
Date:   Thu Dec 8 11:03:08 2022 +0100
6952d5
6952d5 
    Backport adding IP_BIND_ADDRESS_NO_PORT flag to outgoing connections
6952d5
6952d5 
diff --git a/src/comm.cc b/src/comm.cc
6952d5 
index 0d5f34d..6811b54 100644
6952d5 
--- a/src/comm.cc
6952d5 
+++ b/src/comm.cc
6952d5 
@@ -58,6 +58,7 @@
6952d5 
  */
6952d5
6952d5 
 static IOCB commHalfClosedReader;
6952d5 
+static int comm_openex(int sock_type, int proto, Ip::Address &, int flags, const char *note);
6952d5 
 static void comm_init_opened(const Comm::ConnectionPointer &conn, const char *note, struct addrinfo *AI);
6952d5 
 static int comm_apply_flags(int new_socket, Ip::Address &addr, int flags, struct addrinfo *AI);
6952d5
6952d5 
@@ -75,6 +76,7 @@ static EVH commHalfClosedCheck;
6952d5 
 static void commPlanHalfClosedCheck();
6952d5
6952d5 
 static Comm::Flag commBind(int s, struct addrinfo &);
6952d5 
+static void commSetBindAddressNoPort(int);
6952d5 
 static void commSetReuseAddr(int);
6952d5 
 static void commSetNoLinger(int);
6952d5 
 #ifdef TCP_NODELAY
6952d5 
@@ -201,6 +203,22 @@ comm_local_port(int fd)
6952d5 
     return F->local_addr.port();
6952d5 
 }
6952d5
6952d5 
+/// sets the IP_BIND_ADDRESS_NO_PORT socket option to optimize ephemeral port
6952d5 
+/// reuse by outgoing TCP connections that must bind(2) to a source IP address
6952d5 
+static void
6952d5 
+commSetBindAddressNoPort(const int fd)
6952d5 
+{
6952d5 
+#if defined(IP_BIND_ADDRESS_NO_PORT)
6952d5 
+    int flag = 1;
6952d5 
+    if (setsockopt(fd, IPPROTO_IP, IP_BIND_ADDRESS_NO_PORT, reinterpret_cast<char*>(&flag), sizeof(flag)) < 0) {
6952d5 
+        const auto savedErrno = errno;
6952d5 
+        debugs(50, DBG_IMPORTANT, "ERROR: setsockopt(IP_BIND_ADDRESS_NO_PORT) failure: " << xstrerr(savedErrno));
6952d5 
+    }
6952d5 
+#else
6952d5 
+    (void)fd;
6952d5 
+#endif
6952d5 
+}
6952d5 
+
6952d5 
 static Comm::Flag
6952d5 
 commBind(int s, struct addrinfo &inaddr)
6952d5 
 {
6952d5 
@@ -227,6 +245,10 @@ comm_open(int sock_type,
6952d5 
           int flags,
6952d5 
           const char *note)
6952d5 
 {
6952d5 
+    // assume zero-port callers do not need to know the assigned port right away
6952d5 
+    if (sock_type == SOCK_STREAM && addr.port() == 0 && ((flags & COMM_DOBIND) || !addr.isAnyAddr()))
6952d5 
+        flags |= COMM_DOBIND_PORT_LATER;
6952d5 
+
6952d5 
     return comm_openex(sock_type, proto, addr, flags, note);
6952d5 
 }
6952d5
6952d5 
@@ -328,7 +350,7 @@ comm_set_transparent(int fd)
6952d5 
  * Create a socket. Default is blocking, stream (TCP) socket.  IO_TYPE
6952d5 
  * is OR of flags specified in defines.h:COMM_*
6952d5 
  */
6952d5 
-int
6952d5 
+static int
6952d5 
 comm_openex(int sock_type,
6952d5 
             int proto,
6952d5 
             Ip::Address &addr,
6952d5 
@@ -476,6 +498,9 @@ comm_apply_flags(int new_socket,
6952d5 
         if ( addr.isNoAddr() )
6952d5 
             debugs(5,0,"CRITICAL: Squid is attempting to bind() port " << addr << "!!");
6952d5
6952d5 
+        if ((flags & COMM_DOBIND_PORT_LATER))
6952d5 
+            commSetBindAddressNoPort(new_socket);
6952d5 
+
6952d5 
         if (commBind(new_socket, *AI) != Comm::OK) {
6952d5 
             comm_close(new_socket);
6952d5 
             return -1;
6952d5 
diff --git a/src/comm.h b/src/comm.h
6952d5 
index c963e1c..9ff201d 100644
6952d5 
--- a/src/comm.h
6952d5 
+++ b/src/comm.h
6952d5 
@@ -43,7 +43,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc
6952d5
6952d5 
 /**
6952d5 
  * Open a port specially bound for listening or sending through a specific port.
6952d5 
- * This is a wrapper providing IPv4/IPv6 failover around comm_openex().
6952d5 
  * Please use for all listening sockets and bind() outbound sockets.
6952d5 
  *
6952d5 
  * It will open a socket bound for:
6952d5 
@@ -59,7 +58,6 @@ void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struc
6952d5 
 int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note);
6952d5 
 void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note);
6952d5
6952d5 
-int comm_openex(int, int, Ip::Address &, int, const char *);
6952d5 
 unsigned short comm_local_port(int fd);
6952d5
6952d5 
 int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen);
6952d5 
diff --git a/src/comm/ConnOpener.cc b/src/comm/ConnOpener.cc
6952d5 
index 25a30e4..2082214 100644
6952d5 
--- a/src/comm/ConnOpener.cc
6952d5 
+++ b/src/comm/ConnOpener.cc
6952d5 
@@ -263,7 +263,7 @@ Comm::ConnOpener::createFd()
6952d5 
     if (callback_ == NULL || callback_->canceled())
6952d5 
         return false;
6952d5
6952d5 
-    temporaryFd_ = comm_openex(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_);
6952d5 
+    temporaryFd_ = comm_open(SOCK_STREAM, IPPROTO_TCP, conn_->local, conn_->flags, host_);
6952d5 
     if (temporaryFd_ < 0) {
6952d5 
         sendAnswer(Comm::ERR_CONNECT, 0, "Comm::ConnOpener::createFd");
6952d5 
         return false;
6952d5 
diff --git a/src/comm/Connection.h b/src/comm/Connection.h
6952d5 
index 4f2f23a..1e32c22 100644
6952d5 
--- a/src/comm/Connection.h
6952d5 
+++ b/src/comm/Connection.h
6952d5 
@@ -47,6 +47,8 @@ namespace Comm
6952d5 
 #define COMM_DOBIND             0x08  // requires a bind()
6952d5 
 #define COMM_TRANSPARENT        0x10  // arrived via TPROXY
6952d5 
 #define COMM_INTERCEPTION       0x20  // arrived via NAT
6952d5 
+/// Internal Comm optimization: Keep the source port unassigned until connect(2)
6952d5 
+#define COMM_DOBIND_PORT_LATER 0x100
6952d5
6952d5 
 /**
6952d5 
  * Store data about the physical and logical attributes of a connection.
6952d5 
diff --git a/src/ipc.cc b/src/ipc.cc
6952d5 
index e1d48fc..e92a27f 100644
6952d5 
--- a/src/ipc.cc
6952d5 
+++ b/src/ipc.cc
6952d5 
@@ -95,12 +95,12 @@ ipcCreate(int type, const char *prog, const char *const args[], const char *name
6952d5 
     } else void(0)
6952d5
6952d5 
     if (type == IPC_TCP_SOCKET) {
6952d5 
-        crfd = cwfd = comm_open(SOCK_STREAM,
6952d5 
+        crfd = cwfd = comm_open_listener(SOCK_STREAM,
6952d5 
                                 0,
6952d5 
                                 local_addr,
6952d5 
                                 COMM_NOCLOEXEC,
6952d5 
                                 name);
6952d5 
-        prfd = pwfd = comm_open(SOCK_STREAM,
6952d5 
+        prfd = pwfd = comm_open_listener(SOCK_STREAM,
6952d5 
                                 0,          /* protocol */
6952d5 
                                 local_addr,
6952d5 
                                 0,          /* blocking */
6952d5 
diff --git a/src/tests/stub_comm.cc b/src/tests/stub_comm.cc
6952d5 
index 58f85e4..5381ab2 100644
6952d5 
--- a/src/tests/stub_comm.cc
6952d5 
+++ b/src/tests/stub_comm.cc
6952d5 
@@ -46,7 +46,6 @@ int comm_open_uds(int sock_type, int proto, struct sockaddr_un* addr, int flags)
6952d5 
 void comm_import_opened(const Comm::ConnectionPointer &, const char *note, struct addrinfo *AI) STUB
6952d5 
 int comm_open_listener(int sock_type, int proto, Ip::Address &addr, int flags, const char *note) STUB_RETVAL(-1)
6952d5 
 void comm_open_listener(int sock_type, int proto, Comm::ConnectionPointer &conn, const char *note) STUB
6952d5 
-int comm_openex(int, int, Ip::Address &, int, tos_t tos, nfmark_t nfmark, const char *) STUB_RETVAL(-1)
6952d5 
 unsigned short comm_local_port(int fd) STUB_RETVAL(0)
6952d5 
 int comm_udp_sendto(int sock, const Ip::Address &to, const void *buf, int buflen) STUB_RETVAL(-1)
6952d5 
 void commCallCloseHandlers(int fd) STUB

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation