From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 4BA5B5A004E
	for <passt-dev@passt.top>; Mon, 22 Jul 2024 02:57:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1721609819;
	bh=0KLclHnwIt+/2AyxMo8/W4HYqHK8L5tD+Nk7oiClVBM=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=XO2RCTT8HED7YFIOSWtVPvqPktkcV6JSSo4yllMbyEUBCJH+GSj+ZAx4Pmy65tyWQ
	 EP6v+fHSGknBuqg8omOz8KS0S52IoRQ899+iI6IwztQcx5hUn/sZzxxURc731cnQab
	 to9paueCnfPDKJJy2l68A91wf0UK4jDaaYHuCoSq8HcXPBOgy/9ZJjVNIiJpAslv8o
	 kGWkQ9X+eQTCBuBCT057o8L7d2szco2ER5CA0UEAKDiZaYjjAir8x9phXC1w09U+IS
	 f0jQzaRDvVHb3JUpo/hEhe/4U2RwYG+AxgIWYhO5D7fUpFjYvqUonRxcm1IGQs6Kgi
	 tI7ZS9/S0o87w==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4WS217662lz4wcK; Mon, 22 Jul 2024 10:56:59 +1000 (AEST)
Date: Mon, 22 Jul 2024 10:55:58 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH] tcp: probe for SO_PEEK_OFF both in tcpv4 and tcp6
Message-ID: <Zp2uHucMrtn6ZDom@zatzit>
References: <20240720135453.2694694-1-jmaloy@redhat.com>
 <a2d633f4-3be6-451b-a3c5-1b6cc0e6032a@redhat.com>
 <20240721112118.2adcc6cf@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="bP/Om8Thm+5VfcLh"
Content-Disposition: inline
In-Reply-To: <20240721112118.2adcc6cf@elisabeth>
Message-ID-Hash: 3ZXLJUBAG7XI5QRBYIAT6RHY7KSOVTZP
X-Message-ID-Hash: 3ZXLJUBAG7XI5QRBYIAT6RHY7KSOVTZP
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jon Maloy <jmaloy@redhat.com>, passt-dev@passt.top, lvivier@redhat.com, dgibson@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Zp2uHucMrtn6ZDom@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/3ZXLJUBAG7XI5QRBYIAT6RHY7KSOVTZP/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--bP/Om8Thm+5VfcLh
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jul 21, 2024 at 11:21:18AM +0200, Stefano Brivio wrote:
> On Sat, 20 Jul 2024 10:46:07 -0400
> Jon Maloy <jmaloy@redhat.com> wrote:
>=20
> > My first approach to this was to condition the use of SO_PEEK_OFF with=
=20
> > tcpv4, e.g., basically
> > a test like if (v4 && peek_offset_cap) {...} everywhere, but then I mad=
e=20
> > an interesting discovery.
> >=20
> > It turns out that, unless the =B4-4' option is explicitly given on the=
=20
> > command line, all sockets are
> > v6, even those that are later used as v4 sockets.
>=20
> Not necessarily: if IPv6 support is disabled for other reasons, such as
> the fact that we didn't find any routable IPv6 address, sockets will
> also be IPv4-only. See tcp_sock_init().

Also, if your forwarding options give explicit IPv4 addresses (or even
"0.0.0.0") you'll get IPv4 sockets...

> > So, the set_peek_off()=20
> > call failed even
> > for supposedly v4 sockets.
> >=20
> > I checked this by adding a printout to the tcp_listen_handler(), and=20
> > noticed that all returns from
> > the accept4() call goes into the AF_INET6 branch, even when the client=
=20
> > (iperf3) call is using an IPv4 address.
> > During traffic, the very same socket is marked as v4 in the tcp_tap_con=
n=20
> > structure, and this seems to
> > have worked just fine until I added the set_peek_offset call().
> >=20
> > I believe this is an issue that has been introduced during the last=20
> > months, since I didn't start
> > using the =B4-4' option consistently until some months ago, and then it=
=20
> > worked.
>=20
> That's not actually an issue, it's intended, see commit 8e914238b6de
> ("tcp: Use dual stack sockets for port forwarding when possible").

=2E.because this is exactly the reason.  We're using dual stack sockets
to reduce the amount of kernel memory we consume with many forwards.

> Could it be that you enabled IPv6 on your setup meanwhile, and that's
> why you see this now? I think I tested your changes on an isolated
> IPv4-only setup, as I didn't run a kernel version with SO_PEEK_OFF
> support at the time.
>=20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--bP/Om8Thm+5VfcLh
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmadrhoACgkQzQJF27ox
2GcAgg/+MDcQl36G5vWM3rN+G3Mv7Q6DLr56nHWWJkCpBD/6p1CZqzM4+oHKjCXU
7yMBKIjxcOGLTzN8AL0A3tsa5qQQSiI0DSz6J80icjlh/mNjKqLUNHPina6AlUjk
bBW67TYl/9vu2xIU+/C28KFoSI8TASdBUKACKZDCVEfoUMEbB0kvGba0h5R0Wghn
/yUHZTO1+G2f9UhEfsPiMgWF8jIZsm4eHWTeqv69qwN2W6QVbcwaOGXPg0w0iY16
cfGIdJvl8GetKjb9wcK2Fsr4t+0fLWRk8kfwvNd2IMMMczxsQcp5c7GxI6rhDeEx
8FG7GiF2oPUbodXJfNWuVOzKB88hsY0CVj2svuNfM6Ppb1CiwKuUB99vb5JL25Fu
FltWYkCrKkF5mnHnW650PPRSpVuu9GpYQEkvXkzvoCzOENzFgXpEWWyrGuHoFo8M
WpNO+LIAW1slYZdhcrQIpvCdz4elklej07RCoA6JVxxz6sPjR2b5rWzQqzsJf+G1
jko3qf0jDQ2Dlb+/6u/s70pgVrP5gBFg2E+Xhrp6BjJs+lFQJF2nOEKZ8MrdFS75
P18nn5Fk2VzzUVXi6PPaJu4+HS2gUW/9NOM6q+sAvZ0SUxDQ4XGbMsnyW39NbYVv
eazTuH6BVLQe0mrntD+Li9vmYJE8eY5++MY3yzolaVbcvCAK/Qs=
=WxDY
-----END PGP SIGNATURE-----

--bP/Om8Thm+5VfcLh--