From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202606 header.b=ECBuHv2n; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id CDA1D5A0265 for ; Fri, 19 Jun 2026 06:49:57 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202606; t=1781844594; bh=TTyc7gADHw2ykcC9oNsS2U6rryyIQEEgYPk1T4c/N+Q=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ECBuHv2nFQh5owIWuOZ05jh2QVxNkbkcG7BGvFhJjHxG8z5CZFEgAglEeKXu76kJ/ mZtHBUjqi9mUVRL9+EGzzQ+rNze+yfQeLOv+hammANiyA8w2PWGaRrzZOcyiLHIe9i QlHD6iEBbKede1A6LKj8sB7L2LgQYAc5xlOYbResAoRw0NXfDaWFbEiB4XTazHKbOC HPXfDn+U7kQszDQUYTWBL1frMiqyxVdpCAV0HwueWnAaqxVHosDTiV15FxyE6VJRam 8E6fCehVwO9i0GaQv2gF8/VwCTihSX7oRW2YMmTonFVM0CPU/cntH5dPgH0apu4exS kqW3MLTp4EmQw== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4ghQBB28dDz58sl; Fri, 19 Jun 2026 14:49:54 +1000 (AEST) Date: Fri, 19 Jun 2026 14:39:46 +1000 From: David Gibson To: EJ Campbell Subject: Re: [PATCH] tap: don't let overheard traffic move addr_seen when serving a fixed address Message-ID: References: <20260611042619.3704495-1-ej.campbell@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="62AcN1tjHGDb8Ui1" Content-Disposition: inline In-Reply-To: <20260611042619.3704495-1-ej.campbell@gmail.com> Message-ID-Hash: 56KXEQOBP63VTHNL2V6L62UAMH3IVSB5 X-Message-ID-Hash: 56KXEQOBP63VTHNL2V6L62UAMH3IVSB5 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, sbrivio@redhat.com X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --62AcN1tjHGDb8Ui1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 11, 2026 at 04:26:19AM +0000, EJ Campbell wrote: > Hi Stefano, David, >=20 > Thanks for the careful review. David, good to know this is a known > gap and not just my unusual topology. >=20 > You both made the same point: --no-dhcp was the wrong condition. > Agreed. v2 below keys on -a / --address having been given explicitly: > a new per-family addr_fixed flag, set where -a is parsed, and the tap > handlers skip the addr_seen updates when it's set. Keying off -a is certainly much better than depending on --no-dhcp. It's probably fine in practice, at least for now. It still doesn't make a whole lot of logical sense to me. The question here is whether we support the guest picking an address other than what we told it: why should that depend on where the address we told it came from (command line versus host netlink)? I guess wanting to enforce that the guest uses the given address would be somewhat correlated with wanting to specify an explicit addres, but they don't seem inherently linked to me. Of course, as I've said before, I tend to think supporting the guest just picking a random address was always a mistake, but it's established behaviour now. > Stefano, on your other points: >=20 > - IPv6: the global-address updates now get the same guard. I left > addr_ll_seen tracking alone, since a global -a says nothing about > which link-local address the guest picked. >=20 > - The "behaviour unchanged" code comments are gone; that reasoning > lives in the commit message now. >=20 > - Whitespace: sorry about that; my mail client flattened the tabs > in v1. This one comes straight from git send-email and applies > cleanly here. >=20 > David, on --no-address-snooping: happy to do a v3 with an explicit > knob if you'd prefer, but keying on -a covered my case and keeps the > option count down. Yeah, I don't know. As above, I feel that makes more logical sense. But I'll admit as an explicit option it's pretty clunky. > One more data point since v1: I caught the failure in the act with > --trace. After overhearing the namespace kernel's broadcasts (ARP > probes, IGMP joins, sourced from the bridge's address), pasta's > inbound splice dials the bridge instead of the -a address: >=20 > Flow 0 (TCP connection (spliced)): > HOST [127.0.0.1]:57280 -> [127.0.0.2]:22844 > =3D> SPLICE [0.0.0.0]:0 -> [10.0.2.1]:80 <- bridge addr, not -a > Flow 0 (TCP connection (spliced)): Error event on socket: Connection re= fused >=20 > With the patch, a reproducer that failed one run in three (99 spliced > connections per run) passed six consecutive runs. --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --62AcN1tjHGDb8Ui1 Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmo0yAYACgkQzQJF27ox 2GfQdQ/8DN71Ow6Y1SsQyilDlc3dgGFOw1LnW+LW7OxtUGnOeklvX3ZoBIvOg/OT CMR8B/obMnAnXyhgd9vsZS5eLt6ETbYnzUOpvWO5pUQ6/qKAO/QqgeCGJm2a1keA j8qO/aZ9LQLydTn8TdYCgrQSiZW+gqnASnlC5gBwq2tCvDHkyebuantd8Vn/JDbz pyKRYypCrUO9tMAvL65sTBZjILZxYQjmURydHQn6HyqK6T/bIwbqNjfbM+MOjQSO S2U+oUFXIfkQuIbWRw2C1QBlEWSjbHjgIfCwt3FNMVtOzfily9lOgo0540E9dZWJ I/kgMBt4U5wDTiMJIunlwolp//xgugBe4Z9RQwlyj+rfgfiJjKMblHuRKZicCfuJ JUwDCeDw2kfyMbi5PwhJc0BORtZ0ceh7Q9jw+3XOdhRlj2DeDz8QSBsGNLAjoKm0 uzVqKDWcFPvd0lCYpZASsaC8T9fRESBgG96b7ABjc0UTv2LzgiY+8f6OyU9bLFGv iuelqzs5BgguSa9L5RerFwYj/nvCToFyTaThpubSk2XwGOO+Sw5yRwDYyliXB5tv uOjowuxdvq4WKyHAR/1klNs1k0p29cvASicwYYj0HsDRV5F3cq7sWFlMp3b/p6F2 ITDSj4l5chL7Blm6Wv/0TMOvOE2dvFna2+M3lFDTmtzAlh/ptMM= =biwD -----END PGP SIGNATURE----- --62AcN1tjHGDb8Ui1--