🐡 conn: support SO_BINDANY, IP_RECVDSTADDR, IP_RECVDSTPORT, IPV6_RECVPKTINFO, IPV6_RECVDSTPORT on OpenBSD

Author: database64128

conn/cmsg_openbsd.go

@@ -0,0 +1,126 @@
+package conn
+
+import (
+	"encoding/binary"
+	"fmt"
+	"net/netip"
+	"runtime"
+	"slices"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+const socketControlMessageBufferSize = unix.SizeofCmsghdr + max(alignedSizeofInet4Addr, alignedSizeofInet6Pktinfo) +
+	unix.SizeofCmsghdr + alignedSizeofDstPort
+
+const (
+	sizeofInet4Addr = 4 // sizeof(struct in_addr)
+	sizeofDstPort   = 2 // sizeof(u_int16_t)
+)
+
+func cmsgAlign(n int) int {
+	salign := unix.SizeofPtr
+	// OpenBSD armv7 requires 64-bit alignment.
+	if runtime.GOARCH == "arm" {
+		salign = 8
+	}
+	return (n + salign - 1) & ^(salign - 1)
+}
+
+func parseSocketControlMessage(cmsg []byte) (m SocketControlMessage, err error) {
+	for len(cmsg) >= unix.SizeofCmsghdr {
+		cmsghdr := (*unix.Cmsghdr)(unsafe.Pointer(unsafe.SliceData(cmsg)))
+		msgSize := cmsgAlign(int(cmsghdr.Len))
+		if cmsghdr.Len < unix.SizeofCmsghdr || msgSize > len(cmsg) {
+			return m, fmt.Errorf("invalid control message length %d", cmsghdr.Len)
+		}
+
+		switch cmsghdr.Level {
+		case unix.IPPROTO_IP:
+			switch cmsghdr.Type {
+			case unix.IP_RECVDSTADDR:
+				if len(cmsg) < unix.SizeofCmsghdr+sizeofInet4Addr {
+					return m, fmt.Errorf("invalid IP_RECVDSTADDR control message length %d", cmsghdr.Len)
+				}
+				addr := [sizeofInet4Addr]byte(cmsg[unix.SizeofCmsghdr:])
+				m.PktinfoAddr = netip.AddrFrom4(addr)
+				// OpenBSD also uses this for transparent proxies.
+				m.OriginalDestinationAddrPort = netip.AddrPortFrom(m.PktinfoAddr, m.OriginalDestinationAddrPort.Port())
+
+			case unix.IP_RECVDSTPORT:
+				if len(cmsg) < unix.SizeofCmsghdr+sizeofDstPort {
+					return m, fmt.Errorf("invalid IP_RECVDSTPORT control message length %d", cmsghdr.Len)
+				}
+				port := binary.BigEndian.Uint16(cmsg[unix.SizeofCmsghdr:])
+				m.OriginalDestinationAddrPort = netip.AddrPortFrom(m.PktinfoAddr, port)
+			}
+
+		case unix.IPPROTO_IPV6:
+			switch cmsghdr.Type {
+			case unix.IPV6_PKTINFO:
+				if len(cmsg) < unix.SizeofCmsghdr+unix.SizeofInet6Pktinfo {
+					return m, fmt.Errorf("invalid IPV6_PKTINFO control message length %d", cmsghdr.Len)
+				}
+				var pktinfo unix.Inet6Pktinfo
+				_ = copy(unsafe.Slice((*byte)(unsafe.Pointer(&pktinfo)), unix.SizeofInet6Pktinfo), cmsg[unix.SizeofCmsghdr:])
+				m.PktinfoAddr = netip.AddrFrom16(pktinfo.Addr)
+				m.PktinfoIfindex = pktinfo.Ifindex
+				// OpenBSD also uses this for transparent proxies.
+				m.OriginalDestinationAddrPort = netip.AddrPortFrom(m.PktinfoAddr, m.OriginalDestinationAddrPort.Port())
+
+			case unix.IPV6_RECVDSTPORT:
+				if len(cmsg) < unix.SizeofCmsghdr+sizeofDstPort {
+					return m, fmt.Errorf("invalid IPV6_RECVDSTPORT control message length %d", cmsghdr.Len)
+				}
+				port := binary.BigEndian.Uint16(cmsg[unix.SizeofCmsghdr:])
+				m.OriginalDestinationAddrPort = netip.AddrPortFrom(m.PktinfoAddr, port)
+			}
+		}
+
+		cmsg = cmsg[msgSize:]
+	}
+
+	return m, nil
+}
+
+const (
+	alignedSizeofInet4Addr    = (sizeofInet4Addr + unix.SizeofPtr - 1) & ^(unix.SizeofPtr - 1)
+	alignedSizeofInet6Pktinfo = (unix.SizeofInet6Pktinfo + unix.SizeofPtr - 1) & ^(unix.SizeofPtr - 1)
+	alignedSizeofDstPort      = (sizeofDstPort + unix.SizeofPtr - 1) & ^(unix.SizeofPtr - 1)
+)
+
+func (m SocketControlMessage) appendTo(b []byte) []byte {
+	switch {
+	case m.PktinfoAddr.Is4():
+		bLen := len(b)
+		b = slices.Grow(b, unix.SizeofCmsghdr+alignedSizeofInet4Addr)[:bLen+unix.SizeofCmsghdr+alignedSizeofInet4Addr]
+		msgBuf := b[bLen:]
+		cmsghdr := (*unix.Cmsghdr)(unsafe.Pointer(unsafe.SliceData(msgBuf)))
+		*cmsghdr = unix.Cmsghdr{
+			Len:   unix.SizeofCmsghdr + sizeofInet4Addr,
+			Level: unix.IPPROTO_IP,
+			Type:  unix.IP_SENDSRCADDR,
+		}
+		addr := m.PktinfoAddr.As4()
+		_ = copy(msgBuf[unix.SizeofCmsghdr:], addr[:])
+
+	case m.PktinfoAddr.Is6():
+		bLen := len(b)
+		b = slices.Grow(b, unix.SizeofCmsghdr+alignedSizeofInet6Pktinfo)[:bLen+unix.SizeofCmsghdr+alignedSizeofInet6Pktinfo]
+		msgBuf := b[bLen:]
+		cmsghdr := (*unix.Cmsghdr)(unsafe.Pointer(unsafe.SliceData(msgBuf)))
+		*cmsghdr = unix.Cmsghdr{
+			Len:   unix.SizeofCmsghdr + unix.SizeofInet6Pktinfo,
+			Level: unix.IPPROTO_IPV6,
+			Type:  unix.IPV6_PKTINFO,
+		}
+		pktinfo := unix.Inet6Pktinfo{
+			Addr:    m.PktinfoAddr.As16(),
+			Ifindex: m.PktinfoIfindex,
+		}
+		_ = copy(msgBuf[unix.SizeofCmsghdr:], unsafe.Slice((*byte)(unsafe.Pointer(&pktinfo)), unix.SizeofInet6Pktinfo))
+	}
+
+	return b
+}

conn/cmsg_stub.go

@@ -1,4 +1,4 @@
-//go:build !darwin && !freebsd && !linux && !windows
+//go:build !darwin && !freebsd && !linux && !openbsd && !windows
 
 package conn
 

conn/conn.go

@@ -145,7 +145,7 @@ type ListenerSocketOptions struct {
 
 	// Transparent enables transparent proxy on the listener.
 	//
-	// Available on Linux and FreeBSD.
+	// Available on Linux, FreeBSD, and OpenBSD.
 	Transparent bool
 
 	// PathMTUDiscovery enables Path MTU Discovery on the listener.
@@ -190,12 +190,12 @@ type ListenerSocketOptions struct {
 
 	// ReceivePacketInfo enables the reception of packet information control messages on the listener.
 	//
-	// Available on Linux, macOS, FreeBSD, and Windows.
+	// Available on Linux, macOS, FreeBSD, OpenBSD, and Windows.
 	ReceivePacketInfo bool
 
 	// ReceiveOriginalDestAddr enables the reception of original destination address control messages on the listener.
 	//
-	// Available on Linux and FreeBSD.
+	// Available on Linux, FreeBSD, and OpenBSD.
 	ReceiveOriginalDestAddr bool
 }
 

conn/conn_bufsize_reuseport_tclass.go

@@ -1,4 +1,4 @@
-//go:build aix || dragonfly || netbsd || openbsd || zos
+//go:build aix || dragonfly || netbsd || zos
 
 package conn
 

conn/conn_freebsdlinux.go

@@ -11,24 +11,6 @@ func (fns setFuncSlice) appendSetFwmarkFunc(fwmark int) setFuncSlice {
 	return fns
 }
 
-func (fns setFuncSlice) appendSetTransparentFunc(transparent bool) setFuncSlice {
-	if transparent {
-		return append(fns, func(fd int, network string, _ *SocketInfo) error {
-			return setTransparent(fd, network)
-		})
-	}
-	return fns
-}
-
-func (fns setFuncSlice) appendSetRecvOrigDstAddrFunc(recvOrigDstAddr bool) setFuncSlice {
-	if recvOrigDstAddr {
-		return append(fns, func(fd int, network string, _ *SocketInfo) error {
-			return setRecvOrigDstAddr(fd, network)
-		})
-	}
-	return fns
-}
-
 func (dso DialerSocketOptions) buildSetFns() setFuncSlice {
 	return setFuncSlice{}.
 		appendSetFwmarkFunc(dso.Fwmark).

conn/conn_openbsd.go

@@ -0,0 +1,65 @@
+package conn
+
+import (
+	"fmt"
+
+	"golang.org/x/sys/unix"
+)
+
+func setTransparent(fd int, _ string) error {
+	if err := unix.SetsockoptInt(fd, unix.SOL_SOCKET, unix.SO_BINDANY, 1); err != nil {
+		return fmt.Errorf("failed to set socket option IP_BINDANY: %w", err)
+	}
+	return nil
+}
+
+func setRecvPktinfo(fd int, network string) error {
+	switch network {
+	case "udp4":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IP, unix.IP_RECVDSTADDR, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IP_RECVDSTADDR: %w", err)
+		}
+		// OpenBSD also has IP_RECVIF, but it cannot be used when sending.
+	case "udp6":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IPV6, unix.IPV6_RECVPKTINFO, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IPV6_RECVPKTINFO: %w", err)
+		}
+	default:
+		return fmt.Errorf("unsupported network: %s", network)
+	}
+	return nil
+}
+
+func setRecvOrigDstAddr(fd int, network string) error {
+	switch network {
+	case "udp4":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IP, unix.IP_RECVDSTADDR, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IP_RECVDSTADDR: %w", err)
+		}
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IP, unix.IP_RECVDSTPORT, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IP_RECVDSTPORT: %w", err)
+		}
+	case "udp6":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IPV6, unix.IPV6_RECVPKTINFO, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IPV6_RECVPKTINFO: %w", err)
+		}
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IPV6, unix.IPV6_RECVDSTPORT, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IPV6_RECVDSTPORT: %w", err)
+		}
+	default:
+		return fmt.Errorf("unsupported network: %s", network)
+	}
+
+	return nil
+}
+
+func (lso ListenerSocketOptions) buildSetFns() setFuncSlice {
+	return setFuncSlice{}.
+		appendSetSendBufferSize(lso.SendBufferSize).
+		appendSetRecvBufferSize(lso.ReceiveBufferSize).
+		appendSetTrafficClassFunc(lso.TrafficClass).
+		appendSetReusePortFunc(lso.ReusePort).
+		appendSetTransparentFunc(lso.Transparent).
+		appendSetRecvPktinfoFunc(lso.ReceivePacketInfo).
+		appendSetRecvOrigDstAddrFunc(lso.ReceiveOriginalDestAddr)
+}

conn/conn_pktinfo.go

@@ -1,4 +1,4 @@
-//go:build darwin || freebsd || linux || windows
+//go:build darwin || freebsd || linux || openbsd || windows
 
 package conn
 

conn/conn_tproxy.go

@@ -0,0 +1,21 @@
+//go:build freebsd || linux || openbsd
+
+package conn
+
+func (fns setFuncSlice) appendSetTransparentFunc(transparent bool) setFuncSlice {
+	if transparent {
+		return append(fns, func(fd int, network string, _ *SocketInfo) error {
+			return setTransparent(fd, network)
+		})
+	}
+	return fns
+}
+
+func (fns setFuncSlice) appendSetRecvOrigDstAddrFunc(recvOrigDstAddr bool) setFuncSlice {
+	if recvOrigDstAddr {
+		return append(fns, func(fd int, network string, _ *SocketInfo) error {
+			return setRecvOrigDstAddr(fd, network)
+		})
+	}
+	return fns
+}