From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202510 header.b=PsXOYt1c;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id E119D5A0271
	for <passt-dev@passt.top>; Tue, 18 Nov 2025 04:35:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202510; t=1763436954;
	bh=JGRbU2Xf2Kxszkxxopzb6nu7Fa1oCK7k/QMhFQG9Lx4=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=PsXOYt1c5xhV7nLAIBxPI3N7O4T0Gdk4VZjdwRXvNkYTY5iZGZAaEeVmgYXNvidce
	 XSRaMA8Ils+Oy0959pWpWpjO9BDscnPHAUtFXww5TTfoaHzvPN6cVXRuYlTNBm44Fc
	 pnUoRQve3KXTeoEGSLeuHC3ndF31dEt0SwfwopPiljU8tlztDC5bpcplcGUyBF22hc
	 SxfWLrItuA55+0/CmhsPdcHPuWiVXdUJMrgDmlJU+Mz1w2FPhk70NAete7wlOwjTxL
	 aAiMa2AmooPfZrTRw8gTXog+3Bn/sPBY+IY16X5RBuDHoxfjwkkr71kwtjnDaDA8p1
	 P6yX1iEK7RGPA==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4d9Vd61DZBz58bb; Tue, 18 Nov 2025 14:35:54 +1100 (AEDT)
Date: Tue, 18 Nov 2025 14:34:58 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v3 2/8] util, flow, pif: Simplify sock_l4_sa() interface
Message-ID: <aRvpYmMRydvb7oOU@zatzit>
References: <20251029062628.1647051-1-david@gibson.dropbear.id.au>
 <20251029062628.1647051-3-david@gibson.dropbear.id.au>
 <20251113073313.1287b4dc@elisabeth>
 <aRZoCiFLcIpIADBB@zatzit>
 <20251118011921.4094e698@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="MlmKymsOueIattQ4"
Content-Disposition: inline
In-Reply-To: <20251118011921.4094e698@elisabeth>
Message-ID-Hash: KG6UOFVH5LWAEYN6LCUMYOOMLC6HLSL4
X-Message-ID-Hash: KG6UOFVH5LWAEYN6LCUMYOOMLC6HLSL4
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aRvpYmMRydvb7oOU@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/KG6UOFVH5LWAEYN6LCUMYOOMLC6HLSL4/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--MlmKymsOueIattQ4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Nov 18, 2025 at 01:19:21AM +0100, Stefano Brivio wrote:
> On Fri, 14 Nov 2025 10:21:46 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > On Thu, Nov 13, 2025 at 07:33:13AM +0100, Stefano Brivio wrote:
> > > On Wed, 29 Oct 2025 17:26:22 +1100
> > > David Gibson <david@gibson.dropbear.id.au> wrote:
> > >  =20
> > > > sock_l4_sa() has a somewhat confusing 'v6only' option controlling w=
hether
> > > > to set the IPV6_V6ONLY socket option.  Usually it's set when the gi=
ven
> > > > address is IPv6, but not when we want to create a dual stack listen=
ing
> > > > socket.  The latter only makes sense when the address is :: however.
> > > >=20
> > > > Clarify this by only keeping the v6only option in an internal helper
> > > > sock_l4_().  External users will call either sock_l4() which always=
 creates
> > > > a socket bound to a specific IP version, or sock_l4_dualstack() whi=
ch
> > > > creates a dual stack socket, but takes only a port not an address. =
=20
> > >=20
> > > I'm not sure if we'll ever need anything different, but I guess that
> > > this is not the only obvious semantic of sock_l4_dualstack(), as it
> > > could take a sockaddr_inany eventually, and bind() IPv6 address and i=
ts
> > > v4-mapped equivalent (...does that even work?). =20
> >=20
> > Do you mean that if we have a v4-mapped address, then using an IPv6
> > "dual stack" socket will listen both for IPv4 traffic and for IPv6
> > traffic actually using that v4-mapped address on the wire (presumably
> > as a result of a router translating to a local IPv6-only network)?  I
> > think that will work, though I haven't tested.
>=20
> Yes, that's what I meant.
>=20
> > In that case we can determine that we need IPV6_V6ONLY from the
> > address.  The only case that doesn't cover is if we want to listen for
> > v4-mapped traffic already translated by a router but *not* native IPv4
> > traffic.  I don't see a lot of reason to ever do that, so it's in the
> > "refactor if we ever discover we need it" pile.
>=20
> I thought that we might want to listen on both IP versions for whatever
> reason, on a single socket, with a specific address (say, that v4-mapped
> address and the equivalent untranslated address...?).

I'm not really sure what you mean by an "equivalent untranslated
address".  AFAIK, the only non-wildcard case that will actually listen
on both IP versions is a v4-mapped address.

So, yes we probably should explicitly set IPV6_V6ONLY=3D=3D0 for v4-mapped
addresses as well.

> I know it can't be done now anyway, I'm just saying that
> sock_l4_dualstack() forcing wildcard addresses isn't something we should
> imply as part of "dualstack".

Hm, ok.  What if I renamed it to sock_l4_dualwild()?

> > Otherwise, the only case in which a single dual stack socket actually
> > listens to traffic from both protocols is for a wildcard.  Maybe there
> > are obscure wildcard addresses other than :: / 0.0.0.0, but that's
> > also in the "worry about it later" pile.
>=20
> Sure.
>=20
> > Note that:
> >=20
> > https://github.com/containers/podman/pull/14026/commits/772ead25318dfa3=
40541197e92322bd2346df087
> >=20
> > implies some sort of dual stack localhost support (it treats "dual
> > stack" ::1 as listening on both ::1 and 127.0.0.1).  However, AFAICT
> > that's just not correct.  On Linux, listening on ::1 listens only on
> > ::1 even with V6ONLY explicitly set to 0.
>=20
> Right, I don't even know what "simulated" means there. Actually there's
> no problem description at all. Go figure. I'm not sure if we want to
> report something (I'm not even sure what we should report).

I think "simulated" there means using one v4 and one v6 socket instead
of a dual stack socket.

Looks like that patch came in response to
https://github.com/containers/podman/issues/12292

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--MlmKymsOueIattQ4
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmkb6WIACgkQzQJF27ox
2GfHeBAArBXaOp3NgveNm398tN7cblU31cYTNEeNvpLvgmatMy6ma+A7BLv3uCau
TKmFiiEF+JUIBlo9S/34OEF510p8oWBwbM21jiraqP3KIg9MDosF/5ttbPSJuPOP
RKDjw/bQ8UMBeuOVd1tcjWLNmHgCYBjRCZXsAB6uHE76HJbnGjA44cguSkNdYans
LG3BGwM/GKQ/utod9FiIEXn9R33sdG42FzP7XO2cZ89+O9iooER+ORQu2FkQzb1y
yFCwQPHdm/rlJhbgLS0tIRq4kH/wbp+4Sce5AEh2R2lN8Zmy5Q/0c9xfYvRruuiO
A/bROxBNXGhJXbJbNt4GsrLM5zNC6SGmQPQbKA/4zdZcfK9lNX9BJTeP6c5qi9D0
njuo46UiKS33ncubG/NgiM1Ji9xzXrbdudxfEQWH4iAarByhEBMKnUeOfqg2i8PF
SrmsNWlE+Wks+7/0B5315Xxec81YmUsFxS6NdU95tRt7K8YdnQk3LcRDVwS9fN+y
waP1njZIhNObbEEANAlFrm6QFn0iSS9qxXtQm5aK/rOaDVtztQe4uzVNPmdmFNe/
fAkmJhYiobBb9KVVzYOBmBzUO/lptOCZSZRs2/zkTxa88vyv5w/AzZmbWZ6Tmheb
/L/8MVExspqqD5sHtjiO1qILolP2xh34w2rFPcVN6rKN35Hky4A=
=GG9Y
-----END PGP SIGNATURE-----

--MlmKymsOueIattQ4--