From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jkusti.notcom.org (jkusti.notcom.org [118.27.113.153]) by passt.top (Postfix) with ESMTPS id 6422A5A026F for ; Thu, 20 Jul 2023 10:53:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=notcom.org; s=jk; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject: Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=0eETy9R+XEeddWEvD94gyTF1TUF0kuosleHxODyGWUk=; t=1689843200; x=1690707200; b=aARl5BQvdOK5E98aSuwpxXvJf9yann1+l3apfdPDjM8d9UaxcA+DLn8ROQL6EcNogsAEU37d5ZV D4wACK/RqfNQbJHmWIQ2cIfVAIhVT8FBZdItHqSOTcVIOyZsa/qB71Sskgv4qtuzDObMuZa7FgrLv ojfbKO9f+wEDrfEzU9Cl6Qf2DxINPRI3U7v/W8FCJk6/4hnscaYIFzPo4SJJLomEwsi1jMyhUOj1G yCR0V0+MBZPhVV4fvd9nqflyRri4IgK1xaUoGi+wBOE6C2uVY9JqpnW2la/SfDdTMTgWD/8Y0P1Pw lsKPjbSPbjS6g2RcLP6pExcA4f+ewljGC61A==; Received: from submission.internal (id=9cdceae8c7b5bf2d4c2c643b5341fa4197f0c084) by jkusti.notcom.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.x) (envelope-from ) id 1qMPPP-003Qe6-E1; Thu, 20 Jul 2023 08:53:15 +0000 Received: from a10d750d756b015054aa81d63d047a232e64e839 by sendhost.internal with local (Exim 4.x) (envelope-from ) id 1qMPPH-006SLa-BX; Thu, 20 Jul 2023 11:53:07 +0300 Date: Thu, 20 Jul 2023 11:53:07 +0300 From: Valtteri Vuorikoski To: Stefano Brivio Subject: Re: ip_nonlocal_bind causes havoc with local connection detection Message-ID: References: <20230719161052.5b28568e@elisabeth> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230719161052.5b28568e@elisabeth> User-Agent: NeoMutt/20230517-193-0143df-dirty X-MailFrom: vuori@notcom.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation Message-ID-Hash: AZXI7XAYGOT6GCEHY7RNJK32XX474SMR X-Message-ID-Hash: AZXI7XAYGOT6GCEHY7RNJK32XX474SMR X-Mailman-Approved-At: Thu, 20 Jul 2023 11:26:00 +0200 CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed, Jul 19, 2023 at 04:10:52PM +0200, Stefano Brivio wrote: > > If that doesn't seem reasonable, > > then maybe show a warning at start and/or just document that the > > ip_nonlocal_bind setting shouldn't be used with passt? > > That's not really friendly, nor future-proof: > > https://bugs.passt.top/show_bug.cgi?id=48 > > I think we should go the relatively hard way of extracting the relevant > logic from procfs_scan_listen(), and understand from there if there's a > local bind for the port at hand. > > I'm not sure, then, if we should always use this mechanism, even if > ip_nonlocal_bind isn't set, because bind() gives us a lightweight way to > check for three conditions in one, and we're on a latency-critical path > here, so if this results in more syscalls, I would read from procfs > just in case we really need to. > > Feel free to send a patch, or file a bug, or both, or none. :) Thanks for checking this out. But yeah, I looked at the alternatives a bit and none seemed really appealing. Maybe go for the proc route if nonlocal binds were enabled at startup? Luckily for me, it turned out that ip_nonlocal_bind was enabled on some servers due to a service that had since been removed, so this time we could solve the problem by just turning the sysctl off. I'll try to get something into bugzilla for this issue anyway. -Valtteri