public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: passt-dev@passt.top
Subject: Re: [PATCH v2 01/16] udp: Also bind() connected ports for "splice" forwarding
Date: Fri, 25 Nov 2022 02:47:51 +0100	[thread overview]
Message-ID: <20221125024751.36cbc4be@elisabeth> (raw)
In-Reply-To: <20221124011659.1024901-2-david@gibson.dropbear.id.au>

On Thu, 24 Nov 2022 12:16:44 +1100
David Gibson <david@gibson.dropbear.id.au> wrote:

> pasta handles "spliced" port forwarding by resending datagrams received on
> a bound socket in the init namespace to a connected socket in the guest
> namespace.  This means there are actually three ports associated with each
> "connection".  First there's the source and destination ports of the
> originating datagram.  That's also the destination port of the forwarded
> datagram, but the source port of the forwarded datagram is the kernel
> allocated bound address of the connected socket.
> 
> However, by bind()ing as well as connect()ing the forwarding socket we can
> choose the source port of the forwarded datagrams.  By choosing it to match
> the original source port we remove that surprising third port number and
> no longer need to store port numbers in struct udp_splice_port.

If you wondered, I think the whole connect() with getsockname() thing
without a bind() came from the fundamental misconception I had that you
couldn't connect() a bound socket -- and I didn't quite think of
dropping connect() as you do in 3/16 anyway.

There's one minor problem this introduces: the source port of the
originating datagram now needs to be free in the init namespace. It's
still better than the alternative problem you fix in 16/16, though.

I'm wondering if we could, _once you're done with all this_ (it already
looks complicated enough), revisit the 'goto fail' in
udp_splice_connect() (now udp_splice_new()) when bind() fails, and just
proceed with an ephemeral port then.

Also, I haven't tried, but I'm not sure if this introduces some kind of
DoS possibility: even if pasta forwards a single port, it should be
possible for a remote host to make pasta bind to a large amount of
non-ephemeral ports.

Maybe it would make sense to think of a limit on how many ports a
single peer could cause pasta to bind.

I'm not sure yet how we could track peers without a separate address
storage (even though keeping an LRU array should be feasible) -- the
simpler alternative, limiting bound ports by destination port, would
offer an even more convenient way to a DoS.

On the other hand, this is exceedingly minor I guess. We're binding
ports in the namespace after all, and we can reuse bound sockets.

-- 
Stefano


  reply	other threads:[~2022-11-25  1:47 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-24  1:16 [PATCH v2 00/16] Simplify and correct handling of "spliced" UDP forwarding David Gibson
2022-11-24  1:16 ` [PATCH v2 01/16] udp: Also bind() connected ports for "splice" forwarding David Gibson
2022-11-25  1:47   ` Stefano Brivio [this message]
2022-11-25  7:01     ` David Gibson
2022-11-24  1:16 ` [PATCH v2 02/16] udp: Separate tracking of inbound and outbound packet flows David Gibson
2022-11-25  1:47   ` Stefano Brivio
2022-11-25  7:06     ` David Gibson
2022-11-24  1:16 ` [PATCH v2 03/16] udp: Always use sendto() rather than send() for forwarding spliced packets David Gibson
2022-11-24  1:16 ` [PATCH v2 04/16] udp: Don't connect "forward" sockets for spliced flows David Gibson
2022-11-25  1:47   ` Stefano Brivio
2022-11-25  7:07     ` David Gibson
2022-12-01 18:49       ` Stefano Brivio
2022-11-24  1:16 ` [PATCH v2 05/16] udp: Remove the @bound field from union udp_epoll_ref David Gibson
2022-11-24  1:16 ` [PATCH v2 06/16] udp: Split splice field in udp_epoll_ref into (mostly) independent bits David Gibson
2022-11-24  1:16 ` [PATCH v2 07/16] udp: Don't create double sockets for -U port David Gibson
2022-11-24  1:16 ` [PATCH v2 08/16] udp: Re-use fixed bound sockets for packet forwarding when possible David Gibson
2022-11-24  1:16 ` [PATCH v2 09/16] udp: Don't explicitly track originating socket for spliced "connections" David Gibson
2022-11-25  1:48   ` Stefano Brivio
2022-11-25  7:09     ` David Gibson
2022-11-24  1:16 ` [PATCH v2 10/16] udp: Update UDP "connection" timestamps in both directions David Gibson
2022-11-24  1:16 ` [PATCH v2 11/16] udp: Simplify udp_sock_handler_splice David Gibson
2022-11-24  1:16 ` [PATCH v2 12/16] udp: Make UDP_SPLICE_FRAMES and UDP_TAP_FRAMES_MEM the same thing David Gibson
2022-11-24  1:16 ` [PATCH v2 13/16] udp: Add helper to extract port from a sockaddr_in or sockaddr_in6 David Gibson
2022-11-25  1:48   ` Stefano Brivio
2022-11-25  7:10     ` David Gibson
2022-11-24  1:16 ` [PATCH v2 14/16] udp: Unify buffers for tap and splice paths David Gibson
2022-11-24  1:16 ` [PATCH v2 15/16] udp: Split send half of udp_sock_handler_splice() from the receive half David Gibson
2022-11-24  1:16 ` [PATCH v2 16/16] udp: Correct splice forwarding when receiving from multiple sources David Gibson
2022-11-29  5:55   ` David Gibson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221125024751.36cbc4be@elisabeth \
    --to=sbrivio@redhat.com \
    --cc=david@gibson.dropbear.id.au \
    --cc=passt-dev@passt.top \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).