Date: Sat, 8 May 2021 19:05:56 +0200 From: "Patrick M. Hausen" <hausen@punkt.de> To: freebsd-net@freebsd.org Subject: sender source IP address on UDP socket bound to INADDR_ANY in golang Message-ID: <2B26D5AB-0F77-4E36-AD9A-D7D6CE5F173C@punkt.de>
next in thread | raw e-mail | index | archive | help
--Apple-Mail=_B6B5940D-4312-4CF2-9DD0-8C6C1BF7F752 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi all, I am facing a problem that is perfectly explained by the semantics of the socket interface for UDP, if one assumes that the application in question binds to INADDR_ANY and does not specifically set the sender address when sending datagrams. In the case of a DNS server and an interface with multiple addresses that means outgoing answers will always be sent from the primary address if the server does not take specific measures to answer queries received on an alias address also *from* that alias address. I guess that is the primary reason why BIND binds to all addresses it finds at startup individually - to get this function "for free" by = the underlying OS. Now recently I stumbled over AdGuard Home - a filtering recursive nameserver written in golang - sending replies from the wrong address when alias addresses are involved. Naturally I opened the folks responsible a ticket: https://github.com/AdguardTeam/AdGuardHome/issues/3015 Their answer: "we *do* keep track of the address a query was sent to, that problem was solved long ago." Yet, clearly, my installation on Free/HardenedBSD 12.1 (OPNsense) behaves differently. My question to you on this list: since they do their main development work on Linux, is there a remote possibility that our API is sufficiently different for their code to run, but not to work as intended? Their code in question is here: = https://github.com/AdguardTeam/dnsproxy/blob/1163404e605c3dfbeab360fc3540f= c290f61a321/proxyutil/udp_unix.go#L47 I am familiar with the socket API in C (and could always fetch a copy of "Stevens" from my shelf), but don't know enough about golang to make any progress from here. Anyone who can help? Thanks! Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian = Stein --Apple-Mail=_B6B5940D-4312-4CF2-9DD0-8C6C1BF7F752 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEgzqrjO/mj9CSsTg2kG8u4u3aiVwFAmCWxPQACgkQkG8u4u3a iVzS5AgAjH7IRm1tVSeFERgivPfDrjsvM+CgBwnBhYtNFIFvxoeIt5sTSykIQ/E3 /lPhz5eaM5yPCwq3fT0wakggtrlaY3Xq731yXauZXhl4/zeQ+cTkK3NSq6YgxP4Z EmUdwafDRw2Xct6cFfo5sWAOyCXn/TQCtDZFqvKDht9Ov4qugvSYSytINPumm1hw bhrznAb63R6DxHjuSlxvhzYVIqD5wStymsN0tkl1HXeNEqCYrjIrFVBdVsFmchPO Gv3vkr+6oMVAu6xr/A5vv3b83gsPQR8mBhHIbCzkgPo/EidvwTXl6hMjO4L4TFwN 1aG+EgE/98+da8/9sahCuqrkJmUgnA== =O32W -----END PGP SIGNATURE----- --Apple-Mail=_B6B5940D-4312-4CF2-9DD0-8C6C1BF7F752--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2B26D5AB-0F77-4E36-AD9A-D7D6CE5F173C>