BUG/MINOR: tcp: fix silent-drop workaround for IPv6 As reported in github issue #1203 the TTL-based workaround that is used when permissions are insufficient for the TCP_REPAIR trick does not work for IPv6 because we're using only SOL_IP with IP_TTL. In IPv6 we have to use SOL_IPV6 and IPV6_UNICAST_HOPS. Let's pick the right one based on the source address's family. This may be backported to all versions. (cherry picked from commit ab79ee8b117dbb2c2872747e8119492e70506392) Signed-off-by: Willy Tarreau <w@1wt.eu>

commit: 64300c5118f0e2cd40ccf1b6aa9d5f19ada0cdc9 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Tue Mar 30 17:23:50 2021 +0200
committer: Willy Tarreau <w@1wt.eu> Wed Mar 31 09:31:43 2021 +0200
tree: 8811a3bcfa29ac6d5945b5fe54a55616c1223ae7
parent: afb63bc040ab53db7520eaef49b79970d2b636d9 [diff] [blame]
diff --git a/src/tcp_act.c b/src/tcp_act.c
index a92c9bb..26ce65f 100644
--- a/src/tcp_act.c
+++ b/src/tcp_act.c

@@ -207,7 +207,12 @@
 	 * network and has no effect on local net.
 	 */
 #ifdef IP_TTL
-	setsockopt(conn->handle.fd, SOL_IP, IP_TTL, &one, sizeof(one));
+	if (conn->src && conn->src->ss_family == AF_INET)
+		setsockopt(conn->handle.fd, SOL_IP, IP_TTL, &one, sizeof(one));
+#endif
+#ifdef IPV6_UNICAST_HOPS
+	if (conn->src && conn->src->ss_family == AF_INET6)
+		setsockopt(conn->handle.fd, SOL_IPV6, IPV6_UNICAST_HOPS, &one, sizeof(one));
 #endif
  out:
 	/* kill the stream if any */
commit	64300c5118f0e2cd40ccf1b6aa9d5f19ada0cdc9	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Tue Mar 30 17:23:50 2021 +0200
committer	Willy Tarreau <w@1wt.eu>	Wed Mar 31 09:31:43 2021 +0200
tree	8811a3bcfa29ac6d5945b5fe54a55616c1223ae7
parent	afb63bc040ab53db7520eaef49b79970d2b636d9 [diff] [blame]