Ondřej Surý · Vladimír Čunát · Vladimír Čunát · 1b8e4fb6 · 1b8e4fb6 · 1b8e4fb6
--- a/Makefile
+++ b/Makefile
@@ -19,7 +19,7 @@ $(eval $(call find_lib,libknot,2.3.1,yes))
 $(eval $(call find_lib,libdnssec,2.3.1,yes))
 $(eval $(call find_lib,libzscanner,2.3.1,yes))
 $(eval $(call find_lib,lmdb))
-$(eval $(call find_lib,libuv,1.0,yes))
+$(eval $(call find_lib,libuv,1.7,yes))
 $(eval $(call find_lib,nettle,,yes))
 $(eval $(call find_alt,lua,luajit))
 $(eval $(call find_lib,cmocka))
@@ -131,7 +131,7 @@ ifeq ($(HAS_libdnssec),no)
 	$(error libdnssec >= 2.3.1 required)
 endif
 ifeq ($(HAS_libuv),no)
-	$(error libuv >= 1.0 required)
+	$(error libuv >= 1.7 required)
 endif
 # Installation directories

--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,7 @@ Knot Resolver 1.x.y (2016-xx-yy)
 ================================
 - It now requires knot >= 2.3.1 to link successfully.
+- It now requires libuv >= 1.7.
 Knot Resolver 1.1.1 (2016-08-24)
 ================================

--- a/daemon/main.c
+++ b/daemon/main.c
@@ -37,7 +37,7 @@
 #include "daemon/tls.h"
 /* We can fork early on Linux 3.9+ and do SO_REUSEPORT for better performance. */
-#if defined(UV_VERSION_HEX) && defined(SO_REUSEPORT) && defined(__linux__)
+#if defined(SO_REUSEPORT) && defined(__linux__)
 #define CAN_FORK_EARLY 1
 #endif

--- a/daemon/network.c
+++ b/daemon/network.c
@@ -16,35 +16,76 @@
 #include <unistd.h>
 #include <assert.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
 #include "daemon/network.h"
 #include "daemon/worker.h"
 #include "daemon/io.h"
 #include "daemon/tls.h"
+#include "lib/defines.h"
+static int handle_init(uv_handle_t *handle, sa_family_t family) {
 /* libuv 1.7.0+ is able to support SO_REUSEPORT for loadbalancing */
-#if defined(UV_VERSION_HEX)
-#if (__linux__ && SO_REUSEPORT)
+	uv_os_fd_t fd = 0;
-  #define handle_init(type, loop, handle, family) do { \
+	if (uv_fileno(handle, &fd) == 0) {
-	uv_ ## type ## _init_ex((loop), (handle), (family)); \
+		int on = 1;
-	uv_os_fd_t fd = 0; \
+		int ret;
-	if (uv_fileno((uv_handle_t *)(handle), &fd) == 0) { \
-		int on = 1; \
+#if __linux__ && SO_REUSEPORT
-		int ret = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on)); \
+		if ((ret = setsockopt(fd, SOL_SOCKET, SO_REUSEPORT,
-		if (ret) { \
+					  &on, (socklen_t)sizeof(on))) < 0) {
-			return ret; \
+			return kr_error(errno);
-		} \
+		}
-	} \
-  } while (0)
-/* libuv 1.7.0+ is able to assign fd immediately */
-#else
-  #define handle_init(type, loop, handle, family) do { \
-	uv_ ## type ## _init_ex((loop), (handle), (family)); \
-  } while (0)
 #endif
-#else
-  #define handle_init(type, loop, handle, family) \
+		if (family == AF_INET6) {
-	uv_ ## type ## _init((loop), (handle))
+#if defined(IPV6_USE_MIN_MTU)
+			if ((ret = setsockopt(fd, IPPROTO_IPV6, IPV6_USE_MIN_MTU,
+						  (void*)&on, (socklen_t)sizeof(on))) < 0) {
+				return kr_error(errno);
+			}
+#elif defined(IPV6_MTU) /* defined(IPV6_USE_MIN_MTU */
+			/* fallback to IPV6_MTU if IPV6_USE_MIN_MTU not available */
+			int ipv6_min_mtu = IPV6_MIN_MTU;
+			if((ret = setsockopt(fd, IPPROTO_IPV6, IPV6_MTU,
+						 &ipv6_min_mtu, sizeof(ipv6_min_mtu))) < 0) {
+				return kr_error(errno);
+			}
 #endif
+		} /* family == AF_INET6 */
+		else if (family == AF_INET) {
+#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
+			/* Linux 3.15 supports IP_PMTUDISC_OMIT.
+			 * Linux < 3.15 supports IP_PMTUDISC_DONT
+			 * Set DF=0 to disable pmtud, and don't honor
+			 * any path mtu information and not accepting
+			 * new icmp notifications.
+			 * It mitigates DNS fragmentation attack.
+			 */
+#if defined(IP_PMTUDISC_OMIT)
+			int pmtud = IP_PMTUDISC_OMIT;
+#else
+			int pmtud = IP_PMTUDISC_DONT;
+#endif /* defined(IP_PMTUDISC_OMIT) */
+			if ((ret = setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER,
+						  &pmtud, sizeof(pmtud))) < 0) {
+				return kr_error(errno);
+			}
+#elif defined(IP_DONTFRAG)  /* !defined(IP_MTU_DISCOVER) || !(defined(IP_PMTUDISC_DONT) */
+			/* BSDs and others */
+			int dontfrag_off = 0;
+			if ((ret = setsockopt(fd, IPPROTO_IP, IP_DONTFRAG,
+						  &dontfrag_off, sizeof(dontfrag_off))) < 0) {
+				return kr_error(errno);
+			}
+#endif /* defined(IP_DONTFRAG) */
+		} /* family == AF_INET */
+	}
+	return 0;
+}
 void network_init(struct network *net, uv_loop_t *loop)
 {
@@ -143,9 +184,13 @@ static int open_endpoint(struct network *net, struct endpoint *ep, struct sockad
 			return kr_error(ENOMEM);
 		}
 		memset(ep->udp, 0, sizeof(*ep->udp));
-		handle_init(udp, net->loop, ep->udp, sa->sa_family); /* can return! */
+		if ((ret = uv_udp_init_ex(net->loop, ep->udp, sa->sa_family)) != 0) {
-		ret = udp_bind(ep->udp, sa);
+			return ret;
-		if (ret != 0) {
+		}
+		if ((ret = handle_init((uv_handle_t *)ep->udp, sa->sa_family)) != 0) {
+			return ret;
+		}
+		if ((ret = udp_bind(ep->udp, sa)) != 0) {
 			return ret;
 		}
 		ep->flags |= NET_UDP;
@@ -156,7 +201,12 @@ static int open_endpoint(struct network *net, struct endpoint *ep, struct sockad
 			return kr_error(ENOMEM);
 		}
 		memset(ep->tcp, 0, sizeof(*ep->tcp));
-		handle_init(tcp, net->loop, ep->tcp, sa->sa_family); /* can return! */
+		if ((ret = uv_tcp_init_ex(net->loop, ep->tcp, sa->sa_family)) != 0) {
+			return ret;
+		}
+		if ((ret = handle_init((uv_handle_t *)ep->tcp, sa->sa_family)) != 0) {
+			return ret;
+		}
 		if (flags & NET_TLS) {
 			ret = tcp_bind_tls(ep->tcp, sa);
 			ep->flags |= NET_TLS;

--- a/lib/defines.h
+++ b/lib/defines.h
@@ -46,6 +46,10 @@ static inline int __attribute__((__cold__)) kr_error(int x) {
 }
 #define kr_strerror(x) strerror(abs(x))
+#if !defined(IPV6_MIN_MTU)
+#define IPV6_MIN_MTU 1280
+#endif
 /*
 * Connection limits.
 * @cond internal
No results found