From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 4BA5B5A004E for ; Mon, 22 Jul 2024 02:57:04 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1721609819; bh=0KLclHnwIt+/2AyxMo8/W4HYqHK8L5tD+Nk7oiClVBM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=XO2RCTT8HED7YFIOSWtVPvqPktkcV6JSSo4yllMbyEUBCJH+GSj+ZAx4Pmy65tyWQ EP6v+fHSGknBuqg8omOz8KS0S52IoRQ899+iI6IwztQcx5hUn/sZzxxURc731cnQab to9paueCnfPDKJJy2l68A91wf0UK4jDaaYHuCoSq8HcXPBOgy/9ZJjVNIiJpAslv8o kGWkQ9X+eQTCBuBCT057o8L7d2szco2ER5CA0UEAKDiZaYjjAir8x9phXC1w09U+IS f0jQzaRDvVHb3JUpo/hEhe/4U2RwYG+AxgIWYhO5D7fUpFjYvqUonRxcm1IGQs6Kgi tI7ZS9/S0o87w== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4WS217662lz4wcK; Mon, 22 Jul 2024 10:56:59 +1000 (AEST) Date: Mon, 22 Jul 2024 10:55:58 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH] tcp: probe for SO_PEEK_OFF both in tcpv4 and tcp6 Message-ID: References: <20240720135453.2694694-1-jmaloy@redhat.com> <20240721112118.2adcc6cf@elisabeth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bP/Om8Thm+5VfcLh" Content-Disposition: inline In-Reply-To: <20240721112118.2adcc6cf@elisabeth> Message-ID-Hash: 3ZXLJUBAG7XI5QRBYIAT6RHY7KSOVTZP X-Message-ID-Hash: 3ZXLJUBAG7XI5QRBYIAT6RHY7KSOVTZP X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Jon Maloy , passt-dev@passt.top, lvivier@redhat.com, dgibson@redhat.com X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --bP/Om8Thm+5VfcLh Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jul 21, 2024 at 11:21:18AM +0200, Stefano Brivio wrote: > On Sat, 20 Jul 2024 10:46:07 -0400 > Jon Maloy wrote: >=20 > > My first approach to this was to condition the use of SO_PEEK_OFF with= =20 > > tcpv4, e.g., basically > > a test like if (v4 && peek_offset_cap) {...} everywhere, but then I mad= e=20 > > an interesting discovery. > >=20 > > It turns out that, unless the =B4-4' option is explicitly given on the= =20 > > command line, all sockets are > > v6, even those that are later used as v4 sockets. >=20 > Not necessarily: if IPv6 support is disabled for other reasons, such as > the fact that we didn't find any routable IPv6 address, sockets will > also be IPv4-only. See tcp_sock_init(). Also, if your forwarding options give explicit IPv4 addresses (or even "0.0.0.0") you'll get IPv4 sockets... > > So, the set_peek_off()=20 > > call failed even > > for supposedly v4 sockets. > >=20 > > I checked this by adding a printout to the tcp_listen_handler(), and=20 > > noticed that all returns from > > the accept4() call goes into the AF_INET6 branch, even when the client= =20 > > (iperf3) call is using an IPv4 address. > > During traffic, the very same socket is marked as v4 in the tcp_tap_con= n=20 > > structure, and this seems to > > have worked just fine until I added the set_peek_offset call(). > >=20 > > I believe this is an issue that has been introduced during the last=20 > > months, since I didn't start > > using the =B4-4' option consistently until some months ago, and then it= =20 > > worked. >=20 > That's not actually an issue, it's intended, see commit 8e914238b6de > ("tcp: Use dual stack sockets for port forwarding when possible"). =2E.because this is exactly the reason. We're using dual stack sockets to reduce the amount of kernel memory we consume with many forwards. > Could it be that you enabled IPv6 on your setup meanwhile, and that's > why you see this now? I think I tested your changes on an isolated > IPv4-only setup, as I didn't run a kernel version with SO_PEEK_OFF > support at the time. >=20 --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --bP/Om8Thm+5VfcLh Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmadrhoACgkQzQJF27ox 2GcAgg/+MDcQl36G5vWM3rN+G3Mv7Q6DLr56nHWWJkCpBD/6p1CZqzM4+oHKjCXU 7yMBKIjxcOGLTzN8AL0A3tsa5qQQSiI0DSz6J80icjlh/mNjKqLUNHPina6AlUjk bBW67TYl/9vu2xIU+/C28KFoSI8TASdBUKACKZDCVEfoUMEbB0kvGba0h5R0Wghn /yUHZTO1+G2f9UhEfsPiMgWF8jIZsm4eHWTeqv69qwN2W6QVbcwaOGXPg0w0iY16 cfGIdJvl8GetKjb9wcK2Fsr4t+0fLWRk8kfwvNd2IMMMczxsQcp5c7GxI6rhDeEx 8FG7GiF2oPUbodXJfNWuVOzKB88hsY0CVj2svuNfM6Ppb1CiwKuUB99vb5JL25Fu FltWYkCrKkF5mnHnW650PPRSpVuu9GpYQEkvXkzvoCzOENzFgXpEWWyrGuHoFo8M WpNO+LIAW1slYZdhcrQIpvCdz4elklej07RCoA6JVxxz6sPjR2b5rWzQqzsJf+G1 jko3qf0jDQ2Dlb+/6u/s70pgVrP5gBFg2E+Xhrp6BjJs+lFQJF2nOEKZ8MrdFS75 P18nn5Fk2VzzUVXi6PPaJu4+HS2gUW/9NOM6q+sAvZ0SUxDQ4XGbMsnyW39NbYVv eazTuH6BVLQe0mrntD+Li9vmYJE8eY5++MY3yzolaVbcvCAK/Qs= =WxDY -----END PGP SIGNATURE----- --bP/Om8Thm+5VfcLh--