From c87aae300a4c687af20cf7f08b6441f31ea4d552 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 18 Oct 2024 09:14:27 +0200 Subject: [PATCH] socket-default: Always open IPv4 sockets before IPv6 sockets Since we now open sockets for each address family independently (via IPV6_V6ONLY) and without SO_REUSEADDR, it could happen with the previous order on Linux that opening the port that was allocated as ephemeral port for IPv6 was already used by a different process for IPv4. Most IPv6 sockets on ephemeral ports will not have IPV6_V6ONLY set, so the same port is also reserved for IPv4. Therefore, it's save to assume that any ephemeral port we first get for IPv4 is free for IPv6. References strongswan/strongswan#2494 --- .../plugins/socket_default/socket_default_socket.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index 5f25684950..a34bf81a25 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -900,16 +900,8 @@ socket_default_socket_t *socket_default_socket_create() } } - /* we allocate IPv6 sockets first as that will reserve randomly allocated - * ports also for IPv4. On OS X, we have to do it the other way round - * for the same effect. */ -#ifdef __APPLE__ open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4"); open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6"); -#else /* !__APPLE__ */ - open_socketpair(this, AF_INET6, &this->ipv6, &this->ipv6_natt, "IPv6"); - open_socketpair(this, AF_INET, &this->ipv4, &this->ipv4_natt, "IPv4"); -#endif /* __APPLE__ */ if (this->ipv4 == -1 && this->ipv6 == -1) {