From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 1AD275A0278
	for <passt-dev@passt.top>; Fri, 23 Feb 2024 05:42:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1708663328;
	bh=4p9i9UtDF3hLpZyozFFOx7CmI10ethrs/NX2OYNX6jQ=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=e980W6hEt5XUs3pyBQvWmMb5H4Sc59NWU/hjLsDkzqxrm6jn9nNg05XZ1xVMBqxGO
	 53MF6nqvveOMaVBGLOEN0PYXiuOpfO0vMSLyXuF5rl+99LihyaDNRLqW6WTAi7X74D
	 lqkLaepyI+hX4jHtCJ1yRukQLRblia84sywR5ufzBXZiOEx8mLl59ZewxIFlcj+mxF
	 AVCX72eAR30eVkQjC1aJQxhr0u0zjzbIrEHLWaNsjVEtjJx9BwtuZWIRg/h+yfjlwa
	 uuUocx8dBWWWJpUEQjKPlsrYP+z2gbDbb+oiGNYThFFLqXZjNevHCFbW/OhSQBxR3b
	 m1KC+nvILlz1Q==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Tgy684F3nz4wc4; Fri, 23 Feb 2024 15:42:08 +1100 (AEDT)
Date: Fri, 23 Feb 2024 15:03:43 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH 1/7] udp: Don't attempt to translate a 0.0.0.0 source
 address
Message-ID: <ZdgZH1VoehNr538Y@zatzit>
References: <20240221232115.1376333-1-david@gibson.dropbear.id.au>
 <20240221232115.1376333-2-david@gibson.dropbear.id.au>
 <20240222184602.554e3f5e@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="pTOkp5oJbBlumdJn"
Content-Disposition: inline
In-Reply-To: <20240222184602.554e3f5e@elisabeth>
Message-ID-Hash: 4ZXYKBKN2WC5BM3JNX3NKUQXWWQUOBAF
X-Message-ID-Hash: 4ZXYKBKN2WC5BM3JNX3NKUQXWWQUOBAF
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZdgZH1VoehNr538Y@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/4ZXYKBKN2WC5BM3JNX3NKUQXWWQUOBAF/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--pTOkp5oJbBlumdJn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Feb 22, 2024 at 06:46:02PM +0100, Stefano Brivio wrote:
> On Thu, 22 Feb 2024 10:21:09 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > If an incoming packet has a source address of 0.0.0.0 we translate that=
 to
> > the gateway address.  This doesn't really make sense, because we have no
> > way to do a reverse translation for reply packets.
>=20
> Well, we would translate that back to a loopback address, which is fine
> if we take 0.0.0.0 as "This host on this network".

Not really, because "this host" has a different meaning to the sender
than it does to us.  For example, returning replies to DHCP broadcasts
to localhost would absolutely not be correct.  Of course, attempting
to run a DHCP server within passt/pasta sounds problematic, but my
point is that localhost is not a reasonable translation.

> Actually, after my
> previous note based on RFC 6890, I went and had a look at RFC 1122,
> section 3.2.1.3, which also states that 0.0.0.0:
>=20
>   MUST NOT be sent, except as a source address as part of an
>   initialization procedure by which the host learns its own IP address.
>=20
> ...so I guess dropping it here is fine.

I'm not dropping it: I'm leaving it untranslated.

> By the way, I added this originally as part of commit 6488c3e8489d
> ("tcp, udp: Replace loopback source address by gateway address") on the
> basis that 0.0.0.0 could be used in lieu of a loopback address, but
> sure, we shouldn't even get it from the kernel to start with.

Again, that's true for certain API calls, but AFAICT it's not true on
the wire.  At least it seems to be that way in practice, although I
haven't located an RFC to say that explicitly.

> > Certain UDP protocols do use an unspecified source address in some
> > circumstances (e.g. DHCP).  These generally either require no reply, a
> > multicast reply, or provide a suitable reply address by other means.
> >=20
> > In none of those cases does translating it in passt/pasta make sense.  =
The
> > best we can really do here is just leave it as is.
> >=20
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> >  udp.c | 1 -
> >  1 file changed, 1 deletion(-)
> >=20
> > diff --git a/udp.c b/udp.c
> > index a3961bfd..d2f8027c 100644
> > --- a/udp.c
> > +++ b/udp.c
> > @@ -599,7 +599,6 @@ static size_t udp_update_hdr4(const struct ctx *c, =
int n, in_port_t dstport,
> >  	    src_port =3D=3D 53) {
> >  		b->iph.saddr =3D c->ip4.dns_match.s_addr;
> >  	} else if (IN4_IS_ADDR_LOOPBACK(&b->s_in.sin_addr) ||
> > -		   IN4_IS_ADDR_UNSPECIFIED(&b->s_in.sin_addr)||
> >  		   IN4_ARE_ADDR_EQUAL(&b->s_in.sin_addr, &c->ip4.addr_seen)) {
> >  		b->iph.saddr =3D c->ip4.gw.s_addr;
> >  		udp_tap_map[V4][src_port].ts =3D now->tv_sec;
>=20

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--pTOkp5oJbBlumdJn
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmXYGRQACgkQzQJF27ox
2GdvyBAAkuEFQIiRNgu8dFDuh6kqk2JBOCddbFF9lfq4OV3aGSxz88WzWWCFlv0R
PHeDDazJXajwMTmwu4VPv7iXzdECSRUnIW2brW3sgl2LlzDHv9f1QCyHC0nDr8q2
9z8jVB1dzQuRPjVX4udrILTZUb8MrElOP+cePc2YoNz6rc1S9qD4m0giQUT/R6JN
tuVbuSYgxzsi5gCSNYyRQ77za87b9AdEjPnZCXIVNrg9OxlCP2A3IBVmbTTXKLgW
TfOrRXQy+oqeex08z+4eWhmzFrEwpIUGbjSFQhy8m9k87GMYF6PCz/xiss45jRTA
osPeeqfe4d6Xx2IYLPlFR9j5XB0EmROVDDtoJqdFvyud/Blv7fCqgQh37IpIT7oz
MFRuDN0+IqThzOIumAHMUWug23YWqn0fXY5h8RCj5gBHP9GjYBb3k8g9LdxPEg2+
VXKoD7qIo0R59h4M6LSmGTjZ5F+AcAJ8BDJrvhWsQlkCUplc6bIk3EBiqLy/ORyX
AOHJIcA+h7NmOAo9dftfsMJz8Q/igmqbSrs2H0wG2FUFRndYM7FJLaWSTYbnxXeK
8MChRlv8cPZOyxx/70yFlbFFJsFBqGbU9o3wLktSCxmImE5P8oOfoUYhOh7/ttr5
NgBuGn5z2B+r2DB72SHlCmOjoiW0GLNej4YJ8/4ReDFmsH08okc=
=jAt8
-----END PGP SIGNATURE-----

--pTOkp5oJbBlumdJn--