- Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for

using ipv4 filters, because the hosts ip6 netblock /64 is not owned by one operator, and thus reputation is shared.
2025-12-20 23:00:56 -05:00 · 2020-02-25 09:55:59 +01:00 · 2020-02-25 09:55:59 +01:00 · 318d4e91cc
commit 318d4e91cc
parent f99dd8f6dc
9 changed files with 4298 additions and 4197 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,8 @@
+25 February 2020: Wouter
+	- Fix #165: Add prefer-ip4: yesno config option to prefer ipv4 for
+	  using ipv4 filters, because the hosts ip6 netblock /64 is not owned
+	  by one operator, and thus reputation is shared.
+
 24 February 2020: George
 	- Merge PR #166: Fix typo in unbound.service.in, by glitsj16.

--- a/iterator/iter_utils.c
+++ b/iterator/iter_utils.c
@ -484,6 +484,63 @@ iter_filter_order(struct iter_env* iter_env, struct module_env* env,
 			got_num = num4ok;
 			*selected_rtt = num4_lowrtt;
 		}
+	} else if (env->cfg->prefer_ip4) {
+		int got_num4 = 0;
+		int low_rtt4 = 0;
+		int i;
+		int attempt = -1; /* filter to make sure addresses have
+		  less attempts on them than the first, to force round
+		  robin when all the IPv4 addresses fail */
+		int num6ok = 0; /* number ip6 at low attempt count */
+		int num6_lowrtt = 0;
+		prev = NULL;
+		a = dp->result_list;
+		for(i = 0; i < got_num; i++) {
+			swap_to_front = 0;
+			if(a->addr.ss_family != AF_INET && attempt == -1) {
+				/* if we only have ip6 at low attempt count,
+				 * then ip4 is failing, and we need to
+				 * select one of the remaining IPv6 addrs */
+				attempt = a->attempts;
+				num6ok++;
+				num6_lowrtt = a->sel_rtt;
+			} else if(a->addr.ss_family != AF_INET && attempt == a->attempts) {
+				num6ok++;
+				if(num6_lowrtt == 0 || a->sel_rtt < num6_lowrtt) {
+					num6_lowrtt = a->sel_rtt;
+				}
+			}
+			if(a->addr.ss_family == AF_INET) {
+				if(attempt == -1) {
+					attempt = a->attempts;
+				} else if(a->attempts > attempt) {
+					break;
+				}
+				got_num4++;
+				swap_to_front = 1;
+				if(low_rtt4 == 0 || a->sel_rtt < low_rtt4) {
+					low_rtt4 = a->sel_rtt;
+				}
+			}
+			/* swap to front if IPv4, or move to next result */
+			if(swap_to_front && prev) {
+				n = a->next_result;
+				prev->next_result = n;
+				a->next_result = dp->result_list;
+				dp->result_list = a;
+				a = n;
+			} else {
+				prev = a;
+				a = a->next_result;
+			}
+		}
+		if(got_num4 > 0) {
+			got_num = got_num4;
+			*selected_rtt = low_rtt4;
+		} else if(num6ok > 0) {
+			got_num = num6ok;
+			*selected_rtt = num6_lowrtt;
+		}
 	}
 	return got_num;
 }
--- a/smallapp/unbound-checkconf.c
+++ b/smallapp/unbound-checkconf.c
@ -481,6 +481,8 @@ morechecks(struct config_file* cfg)
 		fatal_exit("num_threads value weird");
 	if(!cfg->do_ip4 && !cfg->do_ip6)
 		fatal_exit("ip4 and ip6 are both disabled, pointless");
+	if(!cfg->do_ip4 && cfg->prefer_ip4)
+		fatal_exit("cannot prefer and disable ip4, pointless");
 	if(!cfg->do_ip6 && cfg->prefer_ip6)
 		fatal_exit("cannot prefer and disable ip6, pointless");
 	if(!cfg->do_udp && !cfg->do_tcp)
--- a/util/config_file.h
+++ b/util/config_file.h
@ -85,6 +85,8 @@ struct config_file {
 	int do_ip4;
 	/** do ip6 query support. */
 	int do_ip6;
+	/** prefer ip4 upstream queries. */
+	int prefer_ip4;
 	/** prefer ip6 upstream queries. */
 	int prefer_ip6;
 	/** do udp query support. */
--- a/util/configlexer.c
+++ b/util/configlexer.c
--- a/util/configlexer.lex
+++ b/util/configlexer.lex
@ -220,6 +220,7 @@ outgoing-num-tcp{COLON}		{ YDVAR(1, VAR_OUTGOING_NUM_TCP) }
 incoming-num-tcp{COLON}		{ YDVAR(1, VAR_INCOMING_NUM_TCP) }
 do-ip4{COLON}			{ YDVAR(1, VAR_DO_IP4) }
 do-ip6{COLON}			{ YDVAR(1, VAR_DO_IP6) }
+prefer-ip4{COLON}		{ YDVAR(1, VAR_PREFER_IP4) }
 prefer-ip6{COLON}		{ YDVAR(1, VAR_PREFER_IP6) }
 do-udp{COLON}			{ YDVAR(1, VAR_DO_UDP) }
 do-tcp{COLON}			{ YDVAR(1, VAR_DO_TCP) }
--- a/util/configparser.c
+++ b/util/configparser.c
--- a/util/configparser.h
+++ b/util/configparser.h
--- a/util/configparser.y
+++ b/util/configparser.y
@ -70,7 +70,7 @@ extern struct config_parser_state* cfg_parser;
 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
 %token <str> STRING_ARG
 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
-%token VAR_OUTGOING_RANGE VAR_INTERFACE
+%token VAR_OUTGOING_RANGE VAR_INTERFACE VAR_PREFER_IP4
 %token VAR_DO_IP4 VAR_DO_IP6 VAR_PREFER_IP6 VAR_DO_UDP VAR_DO_TCP
 %token VAR_TCP_MSS VAR_OUTGOING_TCP_MSS VAR_TCP_IDLE_TIMEOUT
 %token VAR_EDNS_TCP_KEEPALIVE VAR_EDNS_TCP_KEEPALIVE_TIMEOUT
@ -191,7 +191,7 @@ contents_server: contents_server content_server
 	| ;
 content_server: server_num_threads | server_verbosity | server_port |
 	server_outgoing_range | server_do_ip4 |
-	server_do_ip6 | server_prefer_ip6 |
+	server_do_ip6 | server_prefer_ip4 | server_prefer_ip6 |
 	server_do_udp | server_do_tcp |
 	server_tcp_mss | server_outgoing_tcp_mss | server_tcp_idle_timeout |
 	server_tcp_keepalive | server_tcp_keepalive_timeout |
@ -780,6 +780,15 @@ server_do_tcp: VAR_DO_TCP STRING_ARG
 		free($2);
 	}
 	;
+server_prefer_ip4: VAR_PREFER_IP4 STRING_ARG
+	{
+		OUTYY(("P(server_prefer_ip4:%s)\n", $2));
+		if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+			yyerror("expected yes or no.");
+		else cfg_parser->cfg->prefer_ip4 = (strcmp($2, "yes")==0);
+		free($2);
+	}
+	;
 server_prefer_ip6: VAR_PREFER_IP6 STRING_ARG
 	{
 		OUTYY(("P(server_prefer_ip6:%s)\n", $2));