[9.18] fix: dev: Don't enable REUSEADDR on outgoing UDP sockets

The outgoing UDP sockets enabled `SO_REUSEADDR` that allows sharing of the UDP sockets, but with one big caveat - the socket that was opened the last would get all traffic. The dispatch code would ignore the invalid responses in the dns_dispatch, but this could lead to unexpected results. Backport of MR !9569 Merge branch 'backport-ondrej/fix-outgoing-UDP-port-selection-9.18' into 'bind-9.18' See merge request isc-projects/bind9!9584
2026-05-27 20:25:55 -04:00 · 2024-10-02 14:24:06 +00:00 · 2024-10-02 14:24:06 +00:00 · b902a4e214
commit b902a4e214
parent b2bbceecfe 7ad2d6e986
7 changed files with 16 additions and 14 deletions
--- a/lib/isc/netmgr/netmgr-int.h
+++ b/lib/isc/netmgr/netmgr-int.h
@ -1967,7 +1967,7 @@ isc__nm_socket_freebind(uv_os_sock_t fd, sa_family_t sa_family);
 */

 isc_result_t
-isc__nm_socket_reuse(uv_os_sock_t fd);
+isc__nm_socket_reuse(uv_os_sock_t fd, int val);
 /*%<
 * Set the SO_REUSEADDR or SO_REUSEPORT (or equivalent) socket option on the fd
 */
--- a/lib/isc/netmgr/netmgr.c
+++ b/lib/isc/netmgr/netmgr.c
@ -3278,7 +3278,7 @@ isc__nm_socket_freebind(uv_os_sock_t fd, sa_family_t sa_family) {
 }

 isc_result_t
-isc__nm_socket_reuse(uv_os_sock_t fd) {
+isc__nm_socket_reuse(uv_os_sock_t fd, int val) {
 	/*
 	 * Generally, the SO_REUSEADDR socket option allows reuse of
 	 * local addresses.
@ -3295,12 +3295,12 @@ isc__nm_socket_reuse(uv_os_sock_t fd) {
 	 */

 #if defined(SO_REUSEPORT) && !defined(__linux__)
-	if (setsockopt_on(fd, SOL_SOCKET, SO_REUSEPORT) == -1) {
+	if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &val, sizeof(val)) == -1) {
 		return (ISC_R_FAILURE);
 	}
 	return (ISC_R_SUCCESS);
 #elif defined(SO_REUSEADDR)
-	if (setsockopt_on(fd, SOL_SOCKET, SO_REUSEADDR) == -1) {
+	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &val, sizeof(val)) == -1) {
 		return (ISC_R_FAILURE);
 	}
 	return (ISC_R_SUCCESS);
--- a/lib/isc/netmgr/tcp.c
+++ b/lib/isc/netmgr/tcp.c
@ -387,7 +387,7 @@ isc__nm_tcp_lb_socket(isc_nm_t *mgr, sa_family_t sa_family) {

 	/* FIXME: set mss */

-	result = isc__nm_socket_reuse(sock);
+	result = isc__nm_socket_reuse(sock, 1);
 	RUNTIME_CHECK(result == ISC_R_SUCCESS);

 	if (mgr->load_balance_sockets) {
--- a/lib/isc/netmgr/tcpdns.c
+++ b/lib/isc/netmgr/tcpdns.c
@ -350,7 +350,7 @@ isc__nm_tcpdns_lb_socket(isc_nm_t *mgr, sa_family_t sa_family) {

 	/* FIXME: set mss */

-	result = isc__nm_socket_reuse(sock);
+	result = isc__nm_socket_reuse(sock, 1);
 	RUNTIME_CHECK(result == ISC_R_SUCCESS);

 	if (mgr->load_balance_sockets) {
--- a/lib/isc/netmgr/tlsdns.c
+++ b/lib/isc/netmgr/tlsdns.c
@ -460,7 +460,7 @@ isc__nm_tlsdns_lb_socket(isc_nm_t *mgr, sa_family_t sa_family) {

 	/* FIXME: set mss */

-	result = isc__nm_socket_reuse(sock);
+	result = isc__nm_socket_reuse(sock, 1);
 	RUNTIME_CHECK(result == ISC_R_SUCCESS);

 	if (mgr->load_balance_sockets) {
--- a/lib/isc/netmgr/udp.c
+++ b/lib/isc/netmgr/udp.c
@ -97,7 +97,7 @@ isc__nm_udp_lb_socket(isc_nm_t *mgr, sa_family_t sa_family) {
 	(void)isc__nm_socket_disable_pmtud(sock, sa_family);
 	(void)isc__nm_socket_v6only(sock, sa_family);

-	result = isc__nm_socket_reuse(sock);
+	result = isc__nm_socket_reuse(sock, 1);
 	RUNTIME_CHECK(result == ISC_R_SUCCESS);

 	if (mgr->load_balance_sockets) {
@ -893,7 +893,7 @@ udp_send_direct(isc_nmsocket_t *sock, isc__nm_uvreq_t *req,
 static isc_result_t
 udp_connect_direct(isc_nmsocket_t *sock, isc__nm_uvreq_t *req) {
 	isc__networker_t *worker = NULL;
-	int uv_bind_flags = UV_UDP_REUSEADDR;
+	int uv_bind_flags = 0;
 	isc_result_t result = ISC_R_UNSET;
 	int r;

@ -924,6 +924,12 @@ udp_connect_direct(isc_nmsocket_t *sock, isc__nm_uvreq_t *req) {
 	}
 	isc__nm_incstats(sock, STATID_OPEN);

+	/*
+	 * uv_udp_open() enables REUSE_ADDR, we need to disable it again.
+	 */
+	result = isc__nm_socket_reuse(sock->fd, 0);
+	RUNTIME_CHECK(result == ISC_R_SUCCESS);
+
 	if (sock->iface.type.sa.sa_family == AF_INET6) {
 		uv_bind_flags |= UV_UDP_IPV6ONLY;
 	}
@ -1055,10 +1061,6 @@ isc_nm_udpconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer,
 		return;
 	}

-	result = isc__nm_socket_reuse(sock->fd);
-	RUNTIME_CHECK(result == ISC_R_SUCCESS ||
-		      result == ISC_R_NOTIMPLEMENTED);
-
 	result = isc__nm_socket_reuse_lb(sock->fd);
 	RUNTIME_CHECK(result == ISC_R_SUCCESS ||
 		      result == ISC_R_NOTIMPLEMENTED);
--- a/tests/isc/doh_test.c
+++ b/tests/isc/doh_test.c
@ -218,7 +218,7 @@ setup_ephemeral_port(isc_sockaddr_t *addr, sa_family_t family) {
 		return (r);
 	}

-	result = isc__nm_socket_reuse(fd);
+	result = isc__nm_socket_reuse(fd, 1);
 	if (result != ISC_R_SUCCESS && result != ISC_R_NOTIMPLEMENTED) {
 		fprintf(stderr,
 			"setup_ephemeral_port: isc__nm_socket_reuse(): %s",