socket-default: Always open IPv4 sockets before IPv6 sockets

Since we now open sockets for each address family independently (via IPV6_V6ONLY) and without SO_REUSEADDR, it could happen with the previous order on Linux that opening the port that was allocated as ephemeral port for IPv6 was already used by a different process for IPv4. Most IPv6 sockets on ephemeral ports will not have IPV6_V6ONLY set, so the same port is also reserved for IPv4. Therefore, it's save to assume that any ephemeral port we first get for IPv4 is free for IPv6. References strongswan/strongswan#2494
2025-10-03 00:00:24 -04:00 · 2024-10-18 09:14:27 +02:00 · 2024-10-18 09:14:27 +02:00 · c87aae300a
commit c87aae300a
parent 3d0f6958a9
1 changed files with 0 additions and 8 deletions
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@ -900,16 +900,8 @@ socket_default_socket_t *socket_default_socket_create()
 		}
 	}

-	/* we allocate IPv6 sockets first as that will reserve randomly allocated
-	 * ports also for IPv4. On OS X, we have to do it the other way round
-	 * for the same effect. */
-#ifdef __APPLE__
 	open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4");
 	open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6");
-#else /* !__APPLE__ */
-	open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6");
-	open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4");
-#endif /* __APPLE__ */

 	if (this->ipv4 == -1 && this->ipv6 == -1)
 	{