From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: passt-dev@passt.top
Subject: Re: [PATCH v2 01/16] udp: Also bind() connected ports for "splice" forwarding
Date: Fri, 25 Nov 2022 02:47:51 +0100 [thread overview]
Message-ID: <20221125024751.36cbc4be@elisabeth> (raw)
In-Reply-To: <20221124011659.1024901-2-david@gibson.dropbear.id.au>
On Thu, 24 Nov 2022 12:16:44 +1100
David Gibson <david@gibson.dropbear.id.au> wrote:
> pasta handles "spliced" port forwarding by resending datagrams received on
> a bound socket in the init namespace to a connected socket in the guest
> namespace. This means there are actually three ports associated with each
> "connection". First there's the source and destination ports of the
> originating datagram. That's also the destination port of the forwarded
> datagram, but the source port of the forwarded datagram is the kernel
> allocated bound address of the connected socket.
>
> However, by bind()ing as well as connect()ing the forwarding socket we can
> choose the source port of the forwarded datagrams. By choosing it to match
> the original source port we remove that surprising third port number and
> no longer need to store port numbers in struct udp_splice_port.
If you wondered, I think the whole connect() with getsockname() thing
without a bind() came from the fundamental misconception I had that you
couldn't connect() a bound socket -- and I didn't quite think of
dropping connect() as you do in 3/16 anyway.
There's one minor problem this introduces: the source port of the
originating datagram now needs to be free in the init namespace. It's
still better than the alternative problem you fix in 16/16, though.
I'm wondering if we could, _once you're done with all this_ (it already
looks complicated enough), revisit the 'goto fail' in
udp_splice_connect() (now udp_splice_new()) when bind() fails, and just
proceed with an ephemeral port then.
Also, I haven't tried, but I'm not sure if this introduces some kind of
DoS possibility: even if pasta forwards a single port, it should be
possible for a remote host to make pasta bind to a large amount of
non-ephemeral ports.
Maybe it would make sense to think of a limit on how many ports a
single peer could cause pasta to bind.
I'm not sure yet how we could track peers without a separate address
storage (even though keeping an LRU array should be feasible) -- the
simpler alternative, limiting bound ports by destination port, would
offer an even more convenient way to a DoS.
On the other hand, this is exceedingly minor I guess. We're binding
ports in the namespace after all, and we can reuse bound sockets.
--
Stefano
next prev parent reply other threads:[~2022-11-25 1:47 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-24 1:16 [PATCH v2 00/16] Simplify and correct handling of "spliced" UDP forwarding David Gibson
2022-11-24 1:16 ` [PATCH v2 01/16] udp: Also bind() connected ports for "splice" forwarding David Gibson
2022-11-25 1:47 ` Stefano Brivio [this message]
2022-11-25 7:01 ` David Gibson
2022-11-24 1:16 ` [PATCH v2 02/16] udp: Separate tracking of inbound and outbound packet flows David Gibson
2022-11-25 1:47 ` Stefano Brivio
2022-11-25 7:06 ` David Gibson
2022-11-24 1:16 ` [PATCH v2 03/16] udp: Always use sendto() rather than send() for forwarding spliced packets David Gibson
2022-11-24 1:16 ` [PATCH v2 04/16] udp: Don't connect "forward" sockets for spliced flows David Gibson
2022-11-25 1:47 ` Stefano Brivio
2022-11-25 7:07 ` David Gibson
2022-12-01 18:49 ` Stefano Brivio
2022-11-24 1:16 ` [PATCH v2 05/16] udp: Remove the @bound field from union udp_epoll_ref David Gibson
2022-11-24 1:16 ` [PATCH v2 06/16] udp: Split splice field in udp_epoll_ref into (mostly) independent bits David Gibson
2022-11-24 1:16 ` [PATCH v2 07/16] udp: Don't create double sockets for -U port David Gibson
2022-11-24 1:16 ` [PATCH v2 08/16] udp: Re-use fixed bound sockets for packet forwarding when possible David Gibson
2022-11-24 1:16 ` [PATCH v2 09/16] udp: Don't explicitly track originating socket for spliced "connections" David Gibson
2022-11-25 1:48 ` Stefano Brivio
2022-11-25 7:09 ` David Gibson
2022-11-24 1:16 ` [PATCH v2 10/16] udp: Update UDP "connection" timestamps in both directions David Gibson
2022-11-24 1:16 ` [PATCH v2 11/16] udp: Simplify udp_sock_handler_splice David Gibson
2022-11-24 1:16 ` [PATCH v2 12/16] udp: Make UDP_SPLICE_FRAMES and UDP_TAP_FRAMES_MEM the same thing David Gibson
2022-11-24 1:16 ` [PATCH v2 13/16] udp: Add helper to extract port from a sockaddr_in or sockaddr_in6 David Gibson
2022-11-25 1:48 ` Stefano Brivio
2022-11-25 7:10 ` David Gibson
2022-11-24 1:16 ` [PATCH v2 14/16] udp: Unify buffers for tap and splice paths David Gibson
2022-11-24 1:16 ` [PATCH v2 15/16] udp: Split send half of udp_sock_handler_splice() from the receive half David Gibson
2022-11-24 1:16 ` [PATCH v2 16/16] udp: Correct splice forwarding when receiving from multiple sources David Gibson
2022-11-29 5:55 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221125024751.36cbc4be@elisabeth \
--to=sbrivio@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).