[PATCH] Add ipv4=off option in resolver like ipv6=off (ticket #1330)

Lukas Lihotzki lukas at lihotzki.de
Wed Jan 19 18:47:44 UTC 2022


# HG changeset patch
# User Lukas Lihotzki <lukas at lihotzki.de>
# Date 1642618053 -3600
#      Wed Jan 19 19:47:33 2022 +0100
# Node ID e9f06dc2d6a4a1aa61c15009b84ceedcaf5983b2
# Parent  aeab41dfd2606dd36cabbf01f1472726e27e8aea
Add ipv4=off option in resolver like ipv6=off (ticket #1330).

IPv6-only hosts (ticket #1330) and upstreams with IPv6 bind address
(ticket #1535) need to disable resolving to IPv4 addresses.

Ticket #1330 mentions ipv4=off is the proper fix.

diff -r aeab41dfd260 -r e9f06dc2d6a4 src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c	Mon Jan 17 17:05:12 2022 +0300
+++ b/src/core/ngx_resolver.c	Wed Jan 19 19:47:33 2022 +0100
@@ -122,10 +122,13 @@
 static ngx_int_t ngx_resolver_cmp_srvs(const void *one, const void *two);
 
 #if (NGX_HAVE_INET6)
+#define ngx_ipv4_enabled(r) r->ipv4
 static void ngx_resolver_rbtree_insert_addr6_value(ngx_rbtree_node_t *temp,
     ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
 static ngx_resolver_node_t *ngx_resolver_lookup_addr6(ngx_resolver_t *r,
     struct in6_addr *addr, uint32_t hash);
+#else
+#define ngx_ipv4_enabled(r) 1
 #endif
 
 
@@ -175,6 +178,7 @@
     ngx_queue_init(&r->addr_expire_queue);
 
 #if (NGX_HAVE_INET6)
+    r->ipv4 = 1;
     r->ipv6 = 1;
 
     ngx_rbtree_init(&r->addr6_rbtree, &r->addr6_sentinel,
@@ -225,6 +229,23 @@
         }
 
 #if (NGX_HAVE_INET6)
+        if (ngx_strncmp(names[i].data, "ipv4=", 5) == 0) {
+
+            if (ngx_strcmp(&names[i].data[5], "on") == 0) {
+                r->ipv4 = 1;
+
+            } else if (ngx_strcmp(&names[i].data[5], "off") == 0) {
+                r->ipv4 = 0;
+
+            } else {
+                ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                                   "invalid parameter: %V", &names[i]);
+                return NULL;
+            }
+
+            continue;
+        }
+
         if (ngx_strncmp(names[i].data, "ipv6=", 5) == 0) {
 
             if (ngx_strcmp(&names[i].data[5], "on") == 0) {
@@ -273,6 +294,13 @@
         }
     }
 
+#if (NGX_HAVE_INET6)
+    if (!r->ipv4 && !r->ipv6) {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "both ipv4 and ipv6 disabled");
+        return NULL;
+    }
+#endif
+
     if (n && r->connections.nelts == 0) {
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "no name servers defined");
         return NULL;
@@ -836,7 +864,7 @@
         r->last_connection = 0;
     }
 
-    rn->naddrs = (u_short) -1;
+    rn->naddrs = ngx_ipv4_enabled(r) ? (u_short) -1 : 0;
     rn->tcp = 0;
 #if (NGX_HAVE_INET6)
     rn->naddrs6 = r->ipv6 ? (u_short) -1 : 0;
@@ -3644,7 +3672,7 @@
     len = sizeof(ngx_resolver_hdr_t) + nlen + sizeof(ngx_resolver_qs_t);
 
 #if (NGX_HAVE_INET6)
-    p = ngx_resolver_alloc(r, r->ipv6 ? len * 2 : len);
+    p = ngx_resolver_alloc(r, len * (r->ipv4 + r->ipv6));
 #else
     p = ngx_resolver_alloc(r, len);
 #endif
@@ -3657,19 +3685,21 @@
 
 #if (NGX_HAVE_INET6)
     if (r->ipv6) {
-        rn->query6 = p + len;
+        rn->query6 = p + len * r->ipv4;
     }
 #endif
 
     query = (ngx_resolver_hdr_t *) p;
 
-    ident = ngx_random();
-
-    ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
-                   "resolve: \"%V\" A %i", name, ident & 0xffff);
-
-    query->ident_hi = (u_char) ((ident >> 8) & 0xff);
-    query->ident_lo = (u_char) (ident & 0xff);
+    if (ngx_ipv4_enabled(r)) {
+        ident = ngx_random();
+
+        ngx_log_debug2(NGX_LOG_DEBUG_CORE, r->log, 0,
+                       "resolve: \"%V\" A %i", name, ident & 0xffff);
+
+        query->ident_hi = (u_char) ((ident >> 8) & 0xff);
+        query->ident_lo = (u_char) (ident & 0xff);
+    }
 
     /* recursion query */
     query->flags_hi = 1; query->flags_lo = 0;
diff -r aeab41dfd260 -r e9f06dc2d6a4 src/core/ngx_resolver.h
--- a/src/core/ngx_resolver.h	Mon Jan 17 17:05:12 2022 +0300
+++ b/src/core/ngx_resolver.h	Wed Jan 19 19:47:33 2022 +0100
@@ -176,7 +176,8 @@
     ngx_queue_t               addr_expire_queue;
 
 #if (NGX_HAVE_INET6)
-    ngx_uint_t                ipv6;                 /* unsigned  ipv6:1; */
+    unsigned                  ipv4:1;
+    unsigned                  ipv6:1;
     ngx_rbtree_t              addr6_rbtree;
     ngx_rbtree_node_t         addr6_sentinel;
     ngx_queue_t               addr6_resend_queue;



More information about the nginx-devel mailing list