summaryrefslogtreecommitdiffstats
path: root/rpc/rpc-transport/socket/src
diff options
context:
space:
mode:
Diffstat (limited to 'rpc/rpc-transport/socket/src')
-rw-r--r--rpc/rpc-transport/socket/src/name.c18
-rw-r--r--rpc/rpc-transport/socket/src/socket.c21
2 files changed, 36 insertions, 3 deletions
diff --git a/rpc/rpc-transport/socket/src/name.c b/rpc/rpc-transport/socket/src/name.c
index 0e34dc211fe..cab4161c076 100644
--- a/rpc/rpc-transport/socket/src/name.c
+++ b/rpc/rpc-transport/socket/src/name.c
@@ -42,6 +42,10 @@ static int32_t
af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
socklen_t sockaddr_len, uint32_t ceiling)
{
+#if defined(NO_PRIVPORT)
+ _assign_port(sockaddr, 0);
+ return bind (fd, sockaddr, sockaddr_len);
+#else
int32_t ret = -1;
uint16_t port = ceiling - 1;
gf_boolean_t ports[GF_PORT_MAX];
@@ -88,6 +92,7 @@ loop:
}
return ret;
+#endif /* NO_PRIVPORT */
}
static int32_t
@@ -557,6 +562,14 @@ server_fill_address_family (rpc_transport_t *this, sa_family_t *sa_family)
data_t *address_family_data = NULL;
int32_t ret = -1;
+#ifdef IPV6_DEFAULT
+ char *addr_family = "inet6";
+ sa_family_t default_family = AF_INET6;
+#else
+ char *addr_family = "inet";
+ sa_family_t default_family = AF_INET;
+#endif
+
GF_VALIDATE_OR_GOTO ("socket", sa_family, out);
address_family_data = dict_get (this->options,
@@ -581,8 +594,9 @@ server_fill_address_family (rpc_transport_t *this, sa_family_t *sa_family)
}
} else {
gf_log (this->name, GF_LOG_DEBUG,
- "option address-family not specified, defaulting to inet");
- *sa_family = AF_INET;
+ "option address-family not specified, "
+ "defaulting to %s", addr_family);
+ *sa_family = default_family;
}
ret = 0;
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c
index ae551dcfae7..76609fbbc7a 100644
--- a/rpc/rpc-transport/socket/src/socket.c
+++ b/rpc/rpc-transport/socket/src/socket.c
@@ -55,7 +55,11 @@
/* TBD: do automake substitutions etc. (ick) to set these. */
#if !defined(DEFAULT_ETC_SSL)
# ifdef GF_LINUX_HOST_OS
+# ifdef GF_FBEXTRAS
+# define DEFAULT_ETC_SSL "/var/lib/glusterd/ssl"
+# else
# define DEFAULT_ETC_SSL "/etc/ssl"
+# endif
# endif
# ifdef GF_BSD_HOST_OS
# define DEFAULT_ETC_SSL "/etc/openssl"
@@ -866,7 +870,7 @@ __socket_keepalive (int fd, int family, int keepalive_intvl,
goto err;
}
#else
- if (family != AF_INET)
+ if (family != AF_INET && family != AF_INET6)
goto done;
ret = setsockopt (fd, IPPROTO_TCP, TCP_KEEPIDLE, &keepalive_idle,
@@ -3009,6 +3013,21 @@ socket_connect (rpc_transport_t *this, int port)
}
}
+ /* Make sure we are not vulnerable to someone setting
+ * net.ipv6.bindv6only to 1 so that gluster services are
+ * avalable over IPv4 & IPv6.
+ */
+ int disable_v6only = 0;
+
+ if (setsockopt (priv->sock, IPPROTO_IPV6, IPV6_V6ONLY,
+ (void *)&disable_v6only,
+ sizeof (disable_v6only)) < 0) {
+ gf_log (this->name, GF_LOG_WARNING,
+ "Error disabling sockopt IPV6_V6ONLY: \"%s\"",
+ strerror (errno));
+ }
+
+
if (priv->nodelay && (sa_family != AF_UNIX)) {
ret = __socket_nodelay (priv->sock);
generated by cgit (git 2.34.1) at 2025-11-11 04:50:42 +0000