From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 62B4E5A026B for ; Thu, 10 Nov 2022 01:24:16 +0100 (CET) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4N72dQ3cyQz4xZY; Thu, 10 Nov 2022 11:24:10 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1668039850; bh=K+qunBNLrXFsKjHyI13e/gCzsrEHwUcYnRzaimB2JdY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=czbHxp+ekxRZekHrFIdiE9KYvYJmqvq4ies1W3SNNas+D+HoPDArAjMk3p8FakCo1 PNDZMGccYDI78sXuZ03/lt82hqBJJi6UbMhwWzTLSb3iBVff/xw4BOsTbxgF2ztBql Wkro7BeKBTf2jZ4vNQGw9riPfwfYomuxRnzKT6MM= Date: Thu, 10 Nov 2022 11:15:47 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH] tcp, udp: Don't initialise IPv6/IPv4 sockets if IPv4/IPv6 are not enabled Message-ID: References: <20221109173808.3356358-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="KgOgH7jL4EsW8kdR" Content-Disposition: inline In-Reply-To: <20221109173808.3356358-1-sbrivio@redhat.com> Message-ID-Hash: 7HFZ6GQSRJZOFULYZDZM4ZPR3LAHYPSS X-Message-ID-Hash: 7HFZ6GQSRJZOFULYZDZM4ZPR3LAHYPSS X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Paul Holzinger X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt Archived-At: <> Archived-At: List-Archive: <> List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --KgOgH7jL4EsW8kdR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 09, 2022 at 06:38:08PM +0100, Stefano Brivio wrote: > If we disable a given IP version automatically (no corresponding > default route on host) or administratively (--ipv4-only or > --ipv6-only options), we don't initialise related buffers and > services (DHCP for IPv4, NDP and DHCPv6 for IPv6). The "tap" > handlers will also ignore packets with a disabled IP version. >=20 > However, in commit 3c6ae625101a ("conf, tcp, udp: Allow address > specification for forwarded ports") I happily changed socket > initialisation functions to take AF_UNSPEC meaning "any enabled > IP version", but I forgot to add checks back for the "enabled" > part. >=20 > Reported by Paul: on a host without default IPv6 route, but IPv6 > enabled, connect, using IPv6, to a port handled by pasta, which > tries to send data to a tap device without initialised buffers > for that IP version and exits because the resulting write() fails. >=20 > Simpler way to reproduce: pasta -6 and inbound IPv4 connection, or > pasta -4 and inbound IPv6 connection. >=20 > Reported-by: Paul Holzinger > Fixes: 3c6ae625101a ("conf, tcp, udp: Allow address specification for for= warded ports") > Signed-off-by: Stefano Brivio Heh, I also noticed this while working on the dual stack socket stuff, but didn't get around to fixing it yet. Reviewed-by: David Gibson > --- > tcp.c | 4 ++-- > udp.c | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) >=20 > diff --git a/tcp.c b/tcp.c > index 713248f..d043123 100644 > --- a/tcp.c > +++ b/tcp.c > @@ -3213,9 +3213,9 @@ static void tcp_sock_init6(const struct ctx *c, int= ns, > void tcp_sock_init(const struct ctx *c, int ns, sa_family_t af, > const void *addr, const char *ifname, in_port_t port) > { > - if (af =3D=3D AF_INET || af =3D=3D AF_UNSPEC) > + if ((af =3D=3D AF_INET || af =3D=3D AF_UNSPEC) && c->ifi4) > tcp_sock_init4(c, ns, addr, ifname, port); > - if (af =3D=3D AF_INET6 || af =3D=3D AF_UNSPEC) > + if ((af =3D=3D AF_INET6 || af =3D=3D AF_UNSPEC) && c->ifi6) > tcp_sock_init6(c, ns, addr, ifname, port); > } > =20 > diff --git a/udp.c b/udp.c > index 42a17a7..ff7f993 100644 > --- a/udp.c > +++ b/udp.c > @@ -1129,7 +1129,7 @@ void udp_sock_init(const struct ctx *c, int ns, sa_= family_t af, > c->udp.fwd_in.f.delta[port]); > } > =20 > - if (af =3D=3D AF_INET || af =3D=3D AF_UNSPEC) { > + if ((af =3D=3D AF_INET || af =3D=3D AF_UNSPEC) && c->ifi4) { > if (!addr && c->mode =3D=3D MODE_PASTA) > bind_addr =3D &c->ip4.addr; > else > @@ -1162,7 +1162,7 @@ void udp_sock_init(const struct ctx *c, int ns, sa_= family_t af, > } > } > =20 > - if (af =3D=3D AF_INET6 || af =3D=3D AF_UNSPEC) { > + if ((af =3D=3D AF_INET6 || af =3D=3D AF_UNSPEC) && c->ifi6) { > if (!addr && c->mode =3D=3D MODE_PASTA) > bind_addr =3D &c->ip6.addr; > else --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --KgOgH7jL4EsW8kdR Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoULxWu4/Ws0dB+XtgypY4gEwYSIFAmNsQqwACgkQgypY4gEw YSLryw//cN2WIjaYYqYDqR3nitb2ugVJkEhiHo/figmReFeQaSsg30jp4bLI+r9b u9AWYtVYgveX0unWAk/Wsn3D7SB6+nW65sqzoEK+cQtSaXcY1co8NP4CEjYtq9u8 vTAVbLdYAxgp2lCmtGearN0m5WiG+D4NG55wxC/LVEowb1wnhN9Mgnd9NDsmanD5 yLq6zgonao/SO1ypJ8vDMK2QU41yh3c2VT3O6tk5D6fIwJ3VeOKa73kYAbOQNdKA 3i62lKrSkOLLnw2pclsKX1VwaHyMpnIjOr8NKvJMoT0WHK4OtATe1vq3MOf5KVov 48xTjQystPNNXJgelJEhnuU817jRbYpbWt2b7NECf6m9Cp5iZExoZqs6zZCoF3Jh 3/lMuryTYssfhZ4ftnHfOTPDM4nH1R2vY0en/asXFQ56qLEe4k8BjXGr6bReZTUL 6L2oWqWrBE3gm1gAkSwr+26jJ5GXfWRdMS7sEHNv/dTxW0yEUMrXRA2RfHvyp2l0 6XKPYU4IZEYBapK40uA06FNfAePY1jv1BdUYZqElFMTKlDg6h17E0ovX71WLtv6V TJWIa8DRkJdJU/4ssVUDGdFBNzy8LcfAMAo4hAhJsNqoYh2yjkdwxAU32X0KacM0 K1z+QKkBEjW5GYQWBZpE5o5vrI06YlmySZ9ZoI/YYaLlBZDBJVo= =dsBE -----END PGP SIGNATURE----- --KgOgH7jL4EsW8kdR--