😈 conn: support IP{V6}_BINDANY, IP_RECVDSTADDR, IPV6_RECVPKTINFO, IP{V6}_RECVORIGDSTADDR on FreeBSD

Author: database64128

conn/cmsg_freebsd.go

@@ -0,0 +1,115 @@
+package conn
+
+import (
+	"fmt"
+	"net/netip"
+	"slices"
+	"unsafe"
+
+	"golang.org/x/sys/unix"
+)
+
+const socketControlMessageBufferSize = unix.SizeofCmsghdr + max(alignedSizeofInet4Addr, alignedSizeofInet6Pktinfo) +
+	unix.SizeofCmsghdr + max(alignedSizeofSockaddrInet4, alignedSizeofSockaddrInet6)
+
+const sizeofInet4Addr = 4 // sizeof(struct in_addr)
+
+func cmsgAlign(n int) int {
+	return (n + unix.SizeofPtr - 1) & ^(unix.SizeofPtr - 1)
+}
+
+func parseSocketControlMessage(cmsg []byte) (m SocketControlMessage, err error) {
+	for len(cmsg) >= unix.SizeofCmsghdr {
+		cmsghdr := (*unix.Cmsghdr)(unsafe.Pointer(unsafe.SliceData(cmsg)))
+		msgSize := cmsgAlign(int(cmsghdr.Len))
+		if cmsghdr.Len < unix.SizeofCmsghdr || msgSize > len(cmsg) {
+			return m, fmt.Errorf("invalid control message length %d", cmsghdr.Len)
+		}
+
+		switch cmsghdr.Level {
+		case unix.IPPROTO_IP:
+			switch cmsghdr.Type {
+			case unix.IP_RECVDSTADDR:
+				if len(cmsg) < unix.SizeofCmsghdr+sizeofInet4Addr {
+					return m, fmt.Errorf("invalid IP_RECVDSTADDR control message length %d", cmsghdr.Len)
+				}
+				addr := [sizeofInet4Addr]byte(cmsg[unix.SizeofCmsghdr:])
+				m.PktinfoAddr = netip.AddrFrom4(addr)
+
+			case unix.IP_ORIGDSTADDR:
+				if len(cmsg) < unix.SizeofCmsghdr+unix.SizeofSockaddrInet4 {
+					return m, fmt.Errorf("invalid IP_ORIGDSTADDR control message length %d", cmsghdr.Len)
+				}
+				var rsa4 unix.RawSockaddrInet4
+				_ = copy(unsafe.Slice((*byte)(unsafe.Pointer(&rsa4)), unix.SizeofSockaddrInet4), cmsg[unix.SizeofCmsghdr:])
+				m.OriginalDestinationAddrPort = netip.AddrPortFrom(netip.AddrFrom4(rsa4.Addr), rsa4.Port)
+			}
+
+		case unix.IPPROTO_IPV6:
+			switch cmsghdr.Type {
+			case unix.IPV6_PKTINFO:
+				if len(cmsg) < unix.SizeofCmsghdr+unix.SizeofInet6Pktinfo {
+					return m, fmt.Errorf("invalid IPV6_PKTINFO control message length %d", cmsghdr.Len)
+				}
+				var pktinfo unix.Inet6Pktinfo
+				_ = copy(unsafe.Slice((*byte)(unsafe.Pointer(&pktinfo)), unix.SizeofInet6Pktinfo), cmsg[unix.SizeofCmsghdr:])
+				m.PktinfoAddr = netip.AddrFrom16(pktinfo.Addr)
+				m.PktinfoIfindex = pktinfo.Ifindex
+
+			case unix.IPV6_ORIGDSTADDR:
+				if len(cmsg) < unix.SizeofCmsghdr+unix.SizeofSockaddrInet6 {
+					return m, fmt.Errorf("invalid IPV6_ORIGDSTADDR control message length %d", cmsghdr.Len)
+				}
+				var rsa6 unix.RawSockaddrInet6
+				_ = copy(unsafe.Slice((*byte)(unsafe.Pointer(&rsa6)), unix.SizeofSockaddrInet6), cmsg[unix.SizeofCmsghdr:])
+				m.OriginalDestinationAddrPort = netip.AddrPortFrom(netip.AddrFrom16(rsa6.Addr), rsa6.Port)
+			}
+		}
+
+		cmsg = cmsg[msgSize:]
+	}
+
+	return m, nil
+}
+
+const (
+	alignedSizeofInet4Addr     = (sizeofInet4Addr + unix.SizeofPtr - 1) & ^(unix.SizeofPtr - 1)
+	alignedSizeofInet6Pktinfo  = (unix.SizeofInet6Pktinfo + unix.SizeofPtr - 1) & ^(unix.SizeofPtr - 1)
+	alignedSizeofSockaddrInet4 = (unix.SizeofSockaddrInet4 + unix.SizeofPtr - 1) & ^(unix.SizeofPtr - 1)
+	alignedSizeofSockaddrInet6 = (unix.SizeofSockaddrInet6 + unix.SizeofPtr - 1) & ^(unix.SizeofPtr - 1)
+)
+
+func (m SocketControlMessage) appendTo(b []byte) []byte {
+	switch {
+	case m.PktinfoAddr.Is4():
+		bLen := len(b)
+		b = slices.Grow(b, unix.SizeofCmsghdr+alignedSizeofInet4Addr)[:bLen+unix.SizeofCmsghdr+alignedSizeofInet4Addr]
+		msgBuf := b[bLen:]
+		cmsghdr := (*unix.Cmsghdr)(unsafe.Pointer(unsafe.SliceData(msgBuf)))
+		*cmsghdr = unix.Cmsghdr{
+			Len:   unix.SizeofCmsghdr + sizeofInet4Addr,
+			Level: unix.IPPROTO_IP,
+			Type:  unix.IP_SENDSRCADDR,
+		}
+		addr := m.PktinfoAddr.As4()
+		_ = copy(msgBuf[unix.SizeofCmsghdr:], addr[:])
+
+	case m.PktinfoAddr.Is6():
+		bLen := len(b)
+		b = slices.Grow(b, unix.SizeofCmsghdr+alignedSizeofInet6Pktinfo)[:bLen+unix.SizeofCmsghdr+alignedSizeofInet6Pktinfo]
+		msgBuf := b[bLen:]
+		cmsghdr := (*unix.Cmsghdr)(unsafe.Pointer(unsafe.SliceData(msgBuf)))
+		*cmsghdr = unix.Cmsghdr{
+			Len:   unix.SizeofCmsghdr + unix.SizeofInet6Pktinfo,
+			Level: unix.IPPROTO_IPV6,
+			Type:  unix.IPV6_PKTINFO,
+		}
+		pktinfo := unix.Inet6Pktinfo{
+			Addr:    m.PktinfoAddr.As16(),
+			Ifindex: m.PktinfoIfindex,
+		}
+		_ = copy(msgBuf[unix.SizeofCmsghdr:], unsafe.Slice((*byte)(unsafe.Pointer(&pktinfo)), unix.SizeofInet6Pktinfo))
+	}
+
+	return b
+}

conn/cmsg_stub.go

@@ -1,4 +1,4 @@
-//go:build !darwin && !linux && !windows
+//go:build !darwin && !freebsd && !linux && !windows
 
 package conn
 

conn/conn.go

@@ -145,7 +145,7 @@ type ListenerSocketOptions struct {
 
 	// Transparent enables transparent proxy on the listener.
 	//
-	// Only available on Linux.
+	// Available on Linux and FreeBSD.
 	Transparent bool
 
 	// PathMTUDiscovery enables Path MTU Discovery on the listener.
@@ -190,12 +190,12 @@ type ListenerSocketOptions struct {
 
 	// ReceivePacketInfo enables the reception of packet information control messages on the listener.
 	//
-	// Available on Linux, macOS, and Windows.
+	// Available on Linux, macOS, FreeBSD, and Windows.
 	ReceivePacketInfo bool
 
 	// ReceiveOriginalDestAddr enables the reception of original destination address control messages on the listener.
 	//
-	// Only available on Linux.
+	// Available on Linux and FreeBSD.
 	ReceiveOriginalDestAddr bool
 }
 

conn/conn_freebsd.go

@@ -13,12 +13,65 @@ func setFwmark(fd, fwmark int) error {
 	return nil
 }
 
+func setTransparent(fd int, network string) error {
+	switch network {
+	case "tcp4", "udp4":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IP, unix.IP_BINDANY, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IP_BINDANY: %w", err)
+		}
+	case "tcp6", "udp6":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IPV6, unix.IPV6_BINDANY, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IPV6_BINDANY: %w", err)
+		}
+	default:
+		return fmt.Errorf("unsupported network: %s", network)
+	}
+	return nil
+}
+
+func setRecvPktinfo(fd int, network string) error {
+	switch network {
+	case "udp4":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IP, unix.IP_RECVDSTADDR, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IP_RECVDSTADDR: %w", err)
+		}
+		// FreeBSD also has IP_RECVIF, but it cannot be used when sending.
+	case "udp6":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IPV6, unix.IPV6_RECVPKTINFO, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IPV6_RECVPKTINFO: %w", err)
+		}
+	default:
+		return fmt.Errorf("unsupported network: %s", network)
+	}
+	return nil
+}
+
+func setRecvOrigDstAddr(fd int, network string) error {
+	switch network {
+	case "udp4":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IP, unix.IP_RECVORIGDSTADDR, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IP_RECVORIGDSTADDR: %w", err)
+		}
+	case "udp6":
+		if err := unix.SetsockoptInt(fd, unix.IPPROTO_IPV6, unix.IPV6_RECVORIGDSTADDR, 1); err != nil {
+			return fmt.Errorf("failed to set socket option IPV6_RECVORIGDSTADDR: %w", err)
+		}
+	default:
+		return fmt.Errorf("unsupported network: %s", network)
+	}
+
+	return nil
+}
+
 func (lso ListenerSocketOptions) buildSetFns() setFuncSlice {
 	return setFuncSlice{}.
 		appendSetSendBufferSize(lso.SendBufferSize).
 		appendSetRecvBufferSize(lso.ReceiveBufferSize).
 		appendSetFwmarkFunc(lso.Fwmark).
 		appendSetTrafficClassFunc(lso.TrafficClass).
 		appendSetReusePortFunc(lso.ReusePort).
-		appendSetPMTUDFunc(lso.PathMTUDiscovery)
+		appendSetTransparentFunc(lso.Transparent).
+		appendSetPMTUDFunc(lso.PathMTUDiscovery).
+		appendSetRecvPktinfoFunc(lso.ReceivePacketInfo).
+		appendSetRecvOrigDstAddrFunc(lso.ReceiveOriginalDestAddr)
 }

conn/conn_freebsdlinux.go

@@ -11,6 +11,24 @@ func (fns setFuncSlice) appendSetFwmarkFunc(fwmark int) setFuncSlice {
 	return fns
 }
 
+func (fns setFuncSlice) appendSetTransparentFunc(transparent bool) setFuncSlice {
+	if transparent {
+		return append(fns, func(fd int, network string, _ *SocketInfo) error {
+			return setTransparent(fd, network)
+		})
+	}
+	return fns
+}
+
+func (fns setFuncSlice) appendSetRecvOrigDstAddrFunc(recvOrigDstAddr bool) setFuncSlice {
+	if recvOrigDstAddr {
+		return append(fns, func(fd int, network string, _ *SocketInfo) error {
+			return setRecvOrigDstAddr(fd, network)
+		})
+	}
+	return fns
+}
+
 func (dso DialerSocketOptions) buildSetFns() setFuncSlice {
 	return setFuncSlice{}.
 		appendSetFwmarkFunc(dso.Fwmark).

conn/conn_linux.go

@@ -165,24 +165,6 @@ func (fns setFuncSlice) appendSetTCPUserTimeoutFunc(userTimeoutMsecs int) setFun
 	return fns
 }
 
-func (fns setFuncSlice) appendSetTransparentFunc(transparent bool) setFuncSlice {
-	if transparent {
-		return append(fns, func(fd int, network string, _ *SocketInfo) error {
-			return setTransparent(fd, network)
-		})
-	}
-	return fns
-}
-
-func (fns setFuncSlice) appendSetRecvOrigDstAddrFunc(recvOrigDstAddr bool) setFuncSlice {
-	if recvOrigDstAddr {
-		return append(fns, func(fd int, network string, _ *SocketInfo) error {
-			return setRecvOrigDstAddr(fd, network)
-		})
-	}
-	return fns
-}
-
 func (lso ListenerSocketOptions) buildSetFns() setFuncSlice {
 	return setFuncSlice{}.
 		appendSetSendBufferSize(lso.SendBufferSize).

conn/conn_darwinlinuxwindows.go conn/conn_pktinfo.goconn/conn_darwinlinuxwindows.go renamed to conn/conn_pktinfo.go

@@ -1,4 +1,4 @@
-//go:build darwin || linux || windows
+//go:build darwin || freebsd || linux || windows
 
 package conn