From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=h1VAAkVZ;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTPS id 0A4155A0262
	for <passt-dev@passt.top>; Fri, 19 Jun 2026 19:05:29 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1781888728;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=k0FOWFnMTjF21GjA486sqMIUAZBO0v7SO22UTxDdC58=;
	b=h1VAAkVZ3NKqQZg84RcRWWaH4buIZk+DkISKsabDk8D1W7qag0tWJqH4oLEcuyvGxdER7o
	CYAF31ax1l/xKWO/Su+afAjsKvu2Lu3jnpp4rZbExpITna4n5Fwiez8iZblbVQnsCeO4W5
	dQHcHtZd79KckncnKqLJ/N/iR4Rmuek=
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com
 [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-569-k-ZiVfdyNwSlNYVihJzatQ-1; Fri, 19 Jun 2026 13:05:27 -0400
X-MC-Unique: k-ZiVfdyNwSlNYVihJzatQ-1
X-Mimecast-MFC-AGG-ID: k-ZiVfdyNwSlNYVihJzatQ_1781888726
Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-4623bdcad2fso1461021f8f.0
        for <passt-dev@passt.top>; Fri, 19 Jun 2026 10:05:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1781888726; x=1782493526;
        h=date:content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=k0FOWFnMTjF21GjA486sqMIUAZBO0v7SO22UTxDdC58=;
        b=Ek4Q42yiJQgMeBJd3kQ9MgKKRRqi1Wt/qWfyyhUXeolTWiJdrFfA9v5R5QjKemHsin
         z6dGOu6PHirsKol3HAaDLiysSRBMdbzrj96FxL9gmcKmkxj7ROV0nOH1QAEbo++cqEHH
         8VgdQ2DlxCdh9SiLEvW4naX/qc8R1VgC4jtfomhw0NzQGVc/gDHl7y53I7SyxWPP6USa
         cRF4ByeIKmXjCR07YHie/oAR1WHVbw+BJA/5c5DlUl6DzSOBt8Qcw36dExb1J5Z83HDm
         v8RaonXWAbw56IE9ZKdgAXZLW6sM1+vq+BG38WET04el3FytyvH+tXdFZ96Eq8MM0X5e
         nuXQ==
X-Gm-Message-State: AOJu0Yzz/ieGSZ2Iowh7+0ShTN0oMJgdCRwxRi2fqxEa1dOFDaz5EhnJ
	4RSjr6uo4Of3Cv7oFL+wRySiSMpo7ZYqTfB74Uv+BQv0UAjYHih1sa5oocJOYA9+CATIOl+hNfq
	UL/Elv3EIew8HLOPzoo8Cfomz13vqrANPKQq5plpxv4hFo+dYfb71vw==
X-Gm-Gg: AfdE7ckodIBSMDITLlP/mLLpwJiQV1TT0v1j89rJ7LwgYoWQ64kzh93dNdV+Tu1gpWk
	QUUqltMeYJ4Y1x6/9qUcwW9e1GI8R+UaYbqsKWOqkdiu3yxdfUmHN4Yz2xAvXfK/akykf1FZo8E
	UTb7A+0Z9IgG3qy823wTFqTX/Sro/KRW5M8+nIoME2oie9Nr7S/Ry9M3fU0oy3PopXLHtvbhMOg
	9z0kl2lFl3MU2eK2NXfoB9FLcRs5FOXsAs4bu8W0jQu1SaBcCSIXMGNWKeIowgpI2uXTzZWsVx8
	VasTbCUJMoBkx2TozE/ZoOKMaCCjVUkjXRJto2NVuWfYS7GSRmQwpGLSEHREW+fuzlJnJBpvPnQ
	H/PtN2fmAG0gcEM3OpTtxBrl00lAa8JYsHOUlK2M=
X-Received: by 2002:a05:600c:6d89:b0:490:e196:e8aa with SMTP id 5b1f17b1804b1-4923f582bb4mr60758635e9.28.1781888726069;
        Fri, 19 Jun 2026 10:05:26 -0700 (PDT)
X-Received: by 2002:a05:600c:6d89:b0:490:e196:e8aa with SMTP id 5b1f17b1804b1-4923f582bb4mr60758155e9.28.1781888725504;
        Fri, 19 Jun 2026 10:05:25 -0700 (PDT)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4924594f8fasm26240145e9.0.2026.06.19.10.05.24
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 19 Jun 2026 10:05:24 -0700 (PDT)
From: Stefano Brivio <sbrivio@redhat.com>
To: EJ Campbell <ej.campbell@gmail.com>
Subject: Re: [PATCH] tap: don't let overheard traffic move addr_seen when
 serving a fixed address
Message-ID: <20260619190523.72d6729c@elisabeth>
In-Reply-To: <20260611042619.3704495-1-ej.campbell@gmail.com>
References: <aidyb07Q93gajE_Z@zatzit>
	<20260611042619.3704495-1-ej.campbell@gmail.com>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Date: Fri, 19 Jun 2026 19:05:24 +0200 (CEST)
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: kzmGOitnHiGEd-e5gWOzmkZtkKeEhNn9VfVhIaRQky4_1781888726
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: F7IACZR6IITGB2AG52BTN6KXVCAWDA3H
X-Message-ID-Hash: F7IACZR6IITGB2AG52BTN6KXVCAWDA3H
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, david@gibson.dropbear.id.au, Jon Maloy <jmaloy@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260619190523.72d6729c@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/F7IACZR6IITGB2AG52BTN6KXVCAWDA3H/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Thu, 11 Jun 2026 04:26:19 +0000
EJ Campbell <ej.campbell@gmail.com> wrote:

> Subject: [PATCH v2] tap: don't let overheard traffic move addr_seen when =
address is explicit
>=20
> When pasta's tap interface shares an L2 segment with other endpoints
> (e.g. bridged in a namespace with a VM behind a second tap), frames
> from those endpoints flood to pasta and their source addresses
> overwrite addr_seen =E2=80=94 inbound flows are then spliced or forwarded=
 to
> whichever address spoke last instead of the configured guest.
>=20
> In such a setup the namespace kernel's own broadcasts (ARP probes,
> IGMP joins, sourced from the bridge address) race the guest's traffic
> for addr_seen, and inbound port-forwarded connections intermittently
> get RST after pasta dials the bridge address, where nothing listens:
>=20
>   Flow 0 (TCP connection (spliced)):
>     HOST [127.0.0.1]:57280 -> [127.0.0.2]:22844
>       =3D> SPLICE [0.0.0.0]:0 -> [10.0.2.1]:80    <- bridge addr, not -a =
=20
>   Flow 0 (TCP connection (spliced)): Error event on socket: Connection re=
fused
>=20
> When -a / --address is given, the user has explicitly said where the
> guest is: track that decision with a new addr_fixed flag (per address
> family) and skip the addr_seen updates in the tap handlers. Behaviour
> without -a is unchanged, and IPv6 link-local tracking (addr_ll_seen)
> is unaffected =E2=80=94 a global -a says nothing about which link-local
> address the guest chose.
>=20
> With this change, a reproducer that previously failed one run in three
> (99 spliced connections per run) passed six consecutive runs.
>=20
> Signed-off-by: EJ Campbell <ej.campbell@gmail.com>

Applied, thanks for following up, and welcome to the git log!

Jon, this will cause two trivial conflicts with v7 of your multiple
address series (8/13 and 9/13) in tap4_handler() and tap6_handler().

--=20
Stefano