server6: Create UDP conn manually for more control

Similar to server4 where the UDP connection is manually created using
the socket interfaces, this creates a connection with adequate options:

 * SO_BINDTODEVICE or equivalent if an interface is requested
 * V6ONLY when supported by the operating system
 * Allows binding to a multicast address specifically instead of
   falling back to wildcard

Signed-off-by: Anatole Denis <[email protected]>

dhcpv6/server6/conn.go

@@ -0,0 +1,58 @@
+package server6
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"os"
+
+	"github.com/insomniacslk/dhcp/interfaces"
+	"golang.org/x/sys/unix"
+)
+
+// NewIPv6UDPConn returns a UDPv6-only connection bound to both the interface and port
+// given based on a IPv6 DGRAM socket.
+// As a bonus, you can actually listen on a multicast address instead of being punted to the wildcard
+//
+// The interface must already be configured.
+func NewIPv6UDPConn(iface string, addr *net.UDPAddr) (net.PacketConn, error) {
+	fd, err := unix.Socket(unix.AF_INET6, unix.SOCK_DGRAM, unix.IPPROTO_UDP)
+	if err != nil {
+		return nil, fmt.Errorf("cannot get a UDP socket: %v", err)
+	}
+	f := os.NewFile(uintptr(fd), "")
+	// net.FilePacketConn dups the FD, so we have to close this in any case.
+	defer f.Close()
+
+	// Allow broadcasting.
+	if err := unix.SetsockoptInt(fd, unix.IPPROTO_IPV6, unix.IPV6_V6ONLY, 1); err != nil {
+		if errno, ok := err.(unix.Errno); !ok {
+			return nil, fmt.Errorf("unexpected socket error: %v", err)
+		} else if errno != unix.ENOPROTOOPT { // Unsupported on some OSes (but in that case v6only is default), so we ignore ENOPROTOOPT
+			return nil, fmt.Errorf("cannot bind socket v6only %v", err)
+		}
+	}
+	// Allow reusing the addr to aid debugging.
+	if err := unix.SetsockoptInt(fd, unix.SOL_SOCKET, unix.SO_REUSEADDR, 1); err != nil {
+		return nil, fmt.Errorf("cannot set reuseaddr on socket: %v", err)
+	}
+	if len(iface) != 0 {
+		// Bind directly to the interface.
+		if err := interfaces.BindToInterface(fd, iface); err != nil {
+			if errno, ok := err.(unix.Errno); ok && errno == unix.EACCES {
+				// Return a more helpful error message in this (fairly common) case
+				return nil, errors.New("Cannot bind to interface without CAP_NET_RAW or root permissions. " +
+					"Restart with elevated privilege, or run without specifying an interface to bind to all available interfaces.")
+			}
+			return nil, fmt.Errorf("cannot bind to interface %s: %v", iface, err)
+		}
+	}
+	// Bind to the port.
+	saddr := unix.SockaddrInet6{Port: addr.Port}
+	copy(saddr.Addr[:], addr.IP)
+	if err := unix.Bind(fd, &saddr); err != nil {
+		return nil, fmt.Errorf("cannot bind to address %v: %v", addr, err)
+	}
+
+	return net.FilePacketConn(f)
+}

dhcpv6/server6/server.go

@@ -130,14 +130,10 @@ func NewServer(ifname string, addr *net.UDPAddr, handler Handler, opt ...ServerO
 		return s, nil
 	}
 
-	var err error
-	// no connection provided by the user, create a new one
-	s.conn, err = net.ListenUDP("udp6", addr)
-	if err != nil {
-		return nil, err
-	}
-
-	var iface *net.Interface
+	var (
+		err   error
+		iface *net.Interface
+	)
 	if ifname == "" {
 		iface = nil
 	} else {
@@ -146,6 +142,11 @@ func NewServer(ifname string, addr *net.UDPAddr, handler Handler, opt ...ServerO
 			return nil, err
 		}
 	}
+	// no connection provided by the user, create a new one
+	s.conn, err = NewIPv6UDPConn(ifname, addr)
+	if err != nil {
+		return nil, err
+	}
 
 	p := ipv6.NewPacketConn(s.conn)
 	if addr.IP.IsMulticast() {

dhcpv6/server6/server_test.go

@@ -33,7 +33,7 @@ func setUpClientAndServer(handler Handler) (*nclient6.Client, *Server) {
 		IP:   net.ParseIP("::1"),
 		Port: 0,
 	}
-	s, err := NewServer("lo", laddr, handler)
+	s, err := NewServer("", laddr, handler)
 	if err != nil {
 		panic(err)
 	}