From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=UBjslLLs; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id C11695A0651 for ; Tue, 04 Mar 2025 05:54:44 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202502; t=1741064074; bh=Z6nuH4NdJZ8Ag4vqGEAmTGRBO+gwDpTkRjxuCXEDtEg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=UBjslLLsMFV+o7wnlrWbb5zGLgglpT+Tu7NT1MP+ruMxpglQw3MasOAdKMctyiG4g boOInnAQYgMJzjsjhv2UtZLoUYUp7aWi1dKmNnj/Xx11u3DzMeqFVFl+7hI46gXvr9 rlL0uRFS+F6BzxyuxXK8RFvtDpxh9//D17mYup9gVkvIpUDWs8vCc6B9ZQMlKq1E/H riak6iO+pcYNkvFF7uNT7z+k4h1mgT0gF7uTmi82UKQV0cp6TcDdeKSBK59J6lBnM8 /co1c65I6W23jFB8l3cUO+fQqEanjHZGdE56jl8Z0OX6+dbhtUvtQxJejoPqxBqz6n XY5VFwQ+2ATMw== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4Z6NdQ1pvRz4wcQ; Tue, 4 Mar 2025 15:54:34 +1100 (AEDT) Date: Tue, 4 Mar 2025 15:54:26 +1100 From: David Gibson To: Jon Maloy Subject: Re: [PATCH v8 2/4] udp: create and send ICMPv4 to local peer when applicable Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="2zpMzoZPD5zB8sKl" Content-Disposition: inline In-Reply-To: Message-ID-Hash: TVD3UCC3I2KMU5CAP76QVTR5ST7KZAOW X-Message-ID-Hash: TVD3UCC3I2KMU5CAP76QVTR5ST7KZAOW X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: 7ppKb5bW , "passt-dev@passt.top" X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --2zpMzoZPD5zB8sKl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 03, 2025 at 11:41:48AM -0500, Jon Maloy wrote: > On 2025-03-03 07:07, 7ppKb5bW wrote: [snip] > > > - udp_send_conn_fail_icmp4(c, ee, toside, data, rc); > > > + size_t dlen =3D rc; > > > + > > > + if (hdr->cmsg_level =3D=3D IPPROTO_IP) { > > > + dlen =3D MIN(dlen, ICMP4_MAX_DLEN); > > > + udp_send_conn_fail_icmp4(c, ee, toside, data, dlen); > > > + } else if (hdr->cmsg_level =3D=3D IPPROTO_IPV6) { > > > + udp_send_conn_fail_icmp6(c, ee, toside, data, > > > + dlen, sidx.flowi); > > > + } > > > } else { > > > trace("Ignoring received IP_RECVERR cmsg on listener socket"); > > > } > >=20 > > If the socket is dual-stack, cmsg_level may not match cmsg_data. > > ``` > > #dual-stack-test.py > > from socket import * > > import time > > IP_RECVERR=3D0xb > > with socket(AF_INET6,SOCK_DGRAM,IPPROTO_UDP) as sock: > > sock.setsockopt(IPPROTO_IP,IP_RECVERR,1) > > sock.setsockopt(IPPROTO_IP,IP_TTL,1) > > packet=3Dbytes(8) > > sock.sendto(packet,("::ffff:151.101.1.6",443)) > > time.sleep(0.1) > > print(sock.recvmsg(1472,1024,MSG_ERRQUEUE)) > >=20 > > ``` >=20 > Yes, this was mentioned at some point during our discussions, and we shou= ld > eventually handle it, but it is really outside the scope of the current > series. In fact, I think the point our mystery person is making here is subtly different from the v4 vs v6 thing I raised earlier in the discussion. I was talking about possible future cases where we might be using a different IP version on the host than we're using for the guest (e.g. CLAT). For that we'd need to pick our generated ICMP version based on the addresses in the flow - and rather more complicated we'd need to be prepared to do translation between ICMPv4 and ICMPv6 errors. The point that 7ppKb5bW is raising here, is that a dual-stack socket (mostly) counts as an IPv6 socket and will show the cmsg_level accordingly, even though it can also receive ICMPv4 errors. I don't think it's urgent to fix this before merging the series, because we're only handling errors on reply sockets for now, and we don't use dual-stack sockets for those. We should fix it as a follow up, though, which I believe we can do fairly easily by looking at ee_origin, instead of cmsg_level. --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --2zpMzoZPD5zB8sKl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmfGh4IACgkQzQJF27ox 2Gd6uA//Rk5uS0qr8y2+jbnx3Zs6jq4x3zva51eJ7YFpvVNAIh45FpJdPllqooIT BGbgFHhQmy6p1HlT6Tt5p00dm25KC7P2BA6QwEgtVzUMwXa2cwCppZSzqtP6YmpO FXncnL8ineRh9VnXCJ+fcDTi/m+ZEVEhs16ktRF5ZOQGgkcmnIgD7THDioRd3ELs wHN2QEN0+g55m5g2oAx0U+6LyVnmec4DriXDLRV8LY6mMOMX4FMmh9tKZP/xmCvB P5XmfjfYMswVTFoIzoOruwlxIOfUse9gNf0oWhoOIO19Hhodxr3kvVMKDwKMPAMt miUw1TcA4l+2sL2JydYIeLlrrLUaJjAme7OFVWC0tG9S+iEEQZysk22P27en+28Z f2zJFGBTMWKsUjhC508RxofXGS6QRu6LJkiipLT/Jf/PkHyT0JPCRw7q/8ZfwBgA XSgpc0a3DrJ5pLvlTWxidx8X0g5A84E3gpk0ZKDisGQf4ow3Gib+xgWld3JF1xZs G/NBXZSNR6mEwOLfKVYm1EAPzpBsrexjoYUGNi/254NmANDnERUOFpFrcSkbtrPv oTqYRh8CcpeXGRpsjS1Tc4iR5Eb+1bslavVYMxcNdwXVcyZZdTjRKBq4BeYMcDo5 yBjDFFdmoK+Ysu7FXKznVfFtp+bI7u3+Oemc0UenBNigVI53n4Y= =BVhd -----END PGP SIGNATURE----- --2zpMzoZPD5zB8sKl--