Re: ip_nonlocal_bind causes havoc with local connection detection

[Valtteri Vuorikoski <vuori@notcom.org>]

On Wed, Jul 19, 2023 at 04:10:52PM +0200, Stefano Brivio wrote:
> > If that doesn't seem reasonable,
> > then maybe show a warning at start and/or just document that the
> > ip_nonlocal_bind setting shouldn't be used with passt?
> 
> That's not really friendly, nor future-proof:
> 
>     https://bugs.passt.top/show_bug.cgi?id=48
> 
> I think we should go the relatively hard way of extracting the relevant
> logic from procfs_scan_listen(), and understand from there if there's a
> local bind for the port at hand.
> 
> I'm not sure, then, if we should always use this mechanism, even if
> ip_nonlocal_bind isn't set, because bind() gives us a lightweight way to
> check for three conditions in one, and we're on a latency-critical path
> here, so if this results in more syscalls, I would read from procfs
> just in case we really need to.
> 
> Feel free to send a patch, or file a bug, or both, or none. :)

Thanks for checking this out. But yeah, I looked at the alternatives
a bit and none seemed really appealing. Maybe go for the proc route if
nonlocal binds were enabled at startup?

Luckily for me, it turned out that ip_nonlocal_bind was enabled on
some servers due to a service that had since been removed, so this
time we could solve the problem by just turning the sysctl off. I'll
try to get something into bugzilla for this issue anyway.

 -Valtteri