Allow choosing only IPv4 or IPv6 in server
IPv6 might still allow IPv4 since V6_ONLY is not set by the server.
This commit is contained in:
parent
e7d253b1c1
commit
4d03ee7786
|
@ -123,8 +123,9 @@ end of the tunnel. In this case, `ping 192.168.99.1` from the iodine client, and
|
||||||
#### IPv6
|
#### IPv6
|
||||||
The data inside the tunnel is IPv4 only.
|
The data inside the tunnel is IPv4 only.
|
||||||
|
|
||||||
The server listens to both IPv4 and IPv6 for incoming requests. Raw mode
|
The server listens to both IPv4 and IPv6 for incoming requests by default.
|
||||||
will be attempted on the same protocol as used for the login.
|
Use options `-4` or `-6` to only listen on one protocol. Raw mode will be
|
||||||
|
attempted on the same protocol as used for the login.
|
||||||
|
|
||||||
The client can use IPv4 or IPv6 nameservers to connect to iodined. The relay
|
The client can use IPv4 or IPv6 nameservers to connect to iodined. The relay
|
||||||
nameservers will translate between protocols automatically if needed. Use
|
nameservers will translate between protocols automatically if needed. Use
|
||||||
|
|
14
man/iodine.8
14
man/iodine.8
|
@ -45,7 +45,7 @@ iodine, iodined \- tunnel IPv4 over DNS
|
||||||
|
|
||||||
.B iodined [-h]
|
.B iodined [-h]
|
||||||
|
|
||||||
.B iodined [-c] [-s] [-f] [-D] [-u
|
.B iodined [-4] [-6] [-c] [-s] [-f] [-D] [-u
|
||||||
.I user
|
.I user
|
||||||
.B ] [-t
|
.B ] [-t
|
||||||
.I chrootdir
|
.I chrootdir
|
||||||
|
@ -112,6 +112,12 @@ Print usage info and exit.
|
||||||
.B -f
|
.B -f
|
||||||
Keep running in foreground.
|
Keep running in foreground.
|
||||||
.TP
|
.TP
|
||||||
|
.B -4
|
||||||
|
Force/allow only IPv4 DNS queries
|
||||||
|
.TP
|
||||||
|
.B -6
|
||||||
|
Force/allow only IPv6 DNS queries
|
||||||
|
.TP
|
||||||
.B -u user
|
.B -u user
|
||||||
Drop privileges and run as user 'user' after setting up tunnel.
|
Drop privileges and run as user 'user' after setting up tunnel.
|
||||||
.TP
|
.TP
|
||||||
|
@ -135,12 +141,6 @@ Apply SELinux 'context' after initialization.
|
||||||
Create 'pidfile' and write process id in it.
|
Create 'pidfile' and write process id in it.
|
||||||
.SS Client Options:
|
.SS Client Options:
|
||||||
.TP
|
.TP
|
||||||
.B -4
|
|
||||||
Force IPv4 DNS queries
|
|
||||||
.TP
|
|
||||||
.B -6
|
|
||||||
Force IPv6 DNS queries
|
|
||||||
.TP
|
|
||||||
.B -r
|
.B -r
|
||||||
Skip raw UDP mode. If not used, iodine will try getting the public IP address
|
Skip raw UDP mode. If not used, iodine will try getting the public IP address
|
||||||
of the iodined host and test if it is reachable directly. If it is, traffic
|
of the iodined host and test if it is reachable directly. If it is, traffic
|
||||||
|
|
|
@ -2290,7 +2290,8 @@ static void
|
||||||
print_usage() {
|
print_usage() {
|
||||||
extern char *__progname;
|
extern char *__progname;
|
||||||
|
|
||||||
fprintf(stderr, "Usage: %s [-v] [-h] [-c] [-s] [-f] [-D] [-u user] "
|
fprintf(stderr, "Usage: %s [-v] [-h] "
|
||||||
|
"[-4] [-6] [-c] [-s] [-f] [-D] [-u user] "
|
||||||
"[-t chrootdir] [-d device] [-m mtu] [-z context] "
|
"[-t chrootdir] [-d device] [-m mtu] [-z context] "
|
||||||
"[-l ipv4 listen address] [-L ipv6 listen address] "
|
"[-l ipv4 listen address] [-L ipv6 listen address] "
|
||||||
"[-p port] [-n external ip] [-b dnsport] "
|
"[-p port] [-n external ip] [-b dnsport] "
|
||||||
|
@ -2310,6 +2311,8 @@ help() {
|
||||||
print_usage();
|
print_usage();
|
||||||
fprintf(stderr, " -v to print version info and exit\n");
|
fprintf(stderr, " -v to print version info and exit\n");
|
||||||
fprintf(stderr, " -h to print this help and exit\n");
|
fprintf(stderr, " -h to print this help and exit\n");
|
||||||
|
fprintf(stderr, " -4 to listen only on IPv4\n");
|
||||||
|
fprintf(stderr, " -6 to listen only on IPv6\n");
|
||||||
fprintf(stderr, " -c to disable check of client IP/port on each request\n");
|
fprintf(stderr, " -c to disable check of client IP/port on each request\n");
|
||||||
fprintf(stderr, " -s to skip creating and configuring the tun device, "
|
fprintf(stderr, " -s to skip creating and configuring the tun device, "
|
||||||
"which then has to be created manually\n");
|
"which then has to be created manually\n");
|
||||||
|
@ -2378,6 +2381,7 @@ main(int argc, char **argv)
|
||||||
char *context;
|
char *context;
|
||||||
char *device;
|
char *device;
|
||||||
char *pidfile;
|
char *pidfile;
|
||||||
|
int addrfamily;
|
||||||
struct dnsfd dns_fds;
|
struct dnsfd dns_fds;
|
||||||
int tun_fd;
|
int tun_fd;
|
||||||
|
|
||||||
|
@ -2420,6 +2424,7 @@ main(int argc, char **argv)
|
||||||
port = 53;
|
port = 53;
|
||||||
ns_ip = INADDR_ANY;
|
ns_ip = INADDR_ANY;
|
||||||
ns_get_externalip = 0;
|
ns_get_externalip = 0;
|
||||||
|
addrfamily = AF_UNSPEC;
|
||||||
check_ip = 1;
|
check_ip = 1;
|
||||||
skipipconfig = 0;
|
skipipconfig = 0;
|
||||||
debug = 0;
|
debug = 0;
|
||||||
|
@ -2449,8 +2454,14 @@ main(int argc, char **argv)
|
||||||
srand(time(NULL));
|
srand(time(NULL));
|
||||||
fw_query_init();
|
fw_query_init();
|
||||||
|
|
||||||
while ((choice = getopt(argc, argv, "vcsfhDu:t:d:m:l:L:p:n:b:P:z:F:i:")) != -1) {
|
while ((choice = getopt(argc, argv, "46vcsfhDu:t:d:m:l:L:p:n:b:P:z:F:i:")) != -1) {
|
||||||
switch(choice) {
|
switch(choice) {
|
||||||
|
case '4':
|
||||||
|
addrfamily = AF_INET;
|
||||||
|
break;
|
||||||
|
case '6':
|
||||||
|
addrfamily = AF_INET6;
|
||||||
|
break;
|
||||||
case 'v':
|
case 'v':
|
||||||
version();
|
version();
|
||||||
break;
|
break;
|
||||||
|
@ -2669,11 +2680,14 @@ main(int argc, char **argv)
|
||||||
dns_fds.v4fd = SD_LISTEN_FDS_START;
|
dns_fds.v4fd = SD_LISTEN_FDS_START;
|
||||||
} else {
|
} else {
|
||||||
#endif
|
#endif
|
||||||
if ((dns_fds.v4fd = open_dns(&dns4addr, dns4addr_len)) < 0) {
|
if ((addrfamily == AF_UNSPEC || addrfamily == AF_INET) &&
|
||||||
|
(dns_fds.v4fd = open_dns(&dns4addr, dns4addr_len)) < 0) {
|
||||||
|
|
||||||
retval = 1;
|
retval = 1;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
if ((dns_fds.v6fd = open_dns(&dns6addr, dns6addr_len)) < 0) {
|
if ((addrfamily == AF_UNSPEC || addrfamily == AF_INET6) &&
|
||||||
|
(dns_fds.v6fd = open_dns(&dns6addr, dns6addr_len)) < 0) {
|
||||||
retval = 1;
|
retval = 1;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue