Wireguard: Bind server to specified address only #242
Conversation
errorxyz
changed the title
mhils
left a comment
mhils
left a comment
There was a problem hiding this comment.
Thanks for tackling this! Would it make sense to merge both implementations into a common function with an explanatory docstring?
There was a problem hiding this comment.
FWIW, reading the PR title / commit message first and the actual code changes second I was very confused what this PR was actually doing 😅
As far as I can tell, you're
- dropping the unintended fallback to an IPv6 socket if binding to an IPv4 socket fails
- requiring the "host" argument not to be empty, and
- setting IPv6 only mode if the address is an IPv6 address.
The changes 1. and 3. look good to me, but I'm not sure I like losing the default behaviour of "if no host is specified, fall back to 0.0.0.0, which is a good default IMO.
Maybe falling back to 0.0.0.0 would be ok if the "host" argument is empty? That should match the current behaviour in all cases except the pathological one where binding to 0.0.0.0 failed but binding to ::1 works for some strange reason.
|
I think there's an argument to be made that we should just mirror what std::net::UdpListener does, which also requires "host" to not be empty. What do you think? We could also just take |
|
Ok, if the UDP mode already does it this way, it makes sense to have consistent behaviour. |
Totally agreed 😅 I was drafting this in the middle of the night and I guess I just got too tired by the time I submitted the PR. Will make it clearer in the coming days :) |
errorxyz
changed the title
mhils
left a comment
mhils
left a comment
There was a problem hiding this comment.
Looks great already, thank you!
src/packet_sources/udp.rs
Outdated
| } | ||
|
|
||
| /// Creates a UDP socket bound to the specified address, restricted to either IPv4 or IPv6 only. | ||
| pub fn create_udp_socket(host: &str, port: u16) -> Result<tokio::net::UdpSocket> { |
There was a problem hiding this comment.
| pub fn create_udp_socket(host: &str, port: u16) -> Result<tokio::net::UdpSocket> { | |
| pub fn create_and_bind_udp_socket<A: ToSocketAddrs>(addr: A) -> Result<tokio::net::UdpSocket> { |
There was a problem hiding this comment.
Would it be better to make this pub(crate) instead of pub? Probably doesn't make sense to have a helper function like that in the public API. But given that everything and the kitchen sink in the mitmproxy crate is already pub, not sure if that makes a difference 😆
There was a problem hiding this comment.
The crate is not public, so we can't break any downstream users. But I agree, we can make it pub(crate). 😛
There was a problem hiding this comment.
I've assumed addr.to_socket_addrs() returns an iterator containing a single address only.
mhils
left a comment
mhils
left a comment
There was a problem hiding this comment.
Looking at the diff I actually didn't like my own suggestion of using ToSocketAddrs. Here's an alternative proposal to go with just SocketAddr. What do you think?
I prefer passing the host as a string and converting it to |
3 participants
Refs mitmproxy/mitmproxy#6671
Fixes bug where wireguard server binding over IPv6 and IPv4 is handled incorrectly when no host is specified.