From nobody Tue Oct 15 18:10:07 2024 X-Original-To: net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XShw56zZGz5Ynpk for ; Tue, 15 Oct 2024 18:10:13 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XShw45lwtz4jSf; Tue, 15 Oct 2024 18:10:12 +0000 (UTC) (envelope-from markjdb@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=iFXEwFow; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::d34 as permitted sender) smtp.mailfrom=markjdb@gmail.com; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=freebsd.org (policy=none) Received: by mail-io1-xd34.google.com with SMTP id ca18e2360f4ac-836f1b47cdfso274761139f.0; Tue, 15 Oct 2024 11:10:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729015811; x=1729620611; darn=freebsd.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :from:to:cc:subject:date:message-id:reply-to; bh=ylHPQJU3FYda36YfPgWLSoBU42qMRmKuc1XLto1EC+A=; b=iFXEwFow/ilM/56DM0PMbtCNVwR4ldL1P8w1+x1qU0X5Rnz5yh3foVe1/ltWoR1uuO AbTDoTsljID8Pe3P0PN3XRb/Utjr+dI6E7VzYPlLyLQydS9irPVl9rtAbeiv96LXvHSQ zdIaezJva9kcai6Jbc2mrxa2i5e6VDBEtkM0vhF5vN2L3v5TOLD4lGAmjZ5ra/oOOlz7 wXXQ7oHhA9cVlGvqu+idn+xvAydlavmvmnMih6qFPxkefXNYtAisvEncktv4HZmyK1hn Ky5khkEYMqpyW99OTQTtqWs7KPTaEXRyoBvwxJzoJZ/s9z6B4Ff2TUcfsOeKLRsQoPUd DIzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729015811; x=1729620611; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ylHPQJU3FYda36YfPgWLSoBU42qMRmKuc1XLto1EC+A=; b=LnBMA0j07LnoI/lTAdz+yS9JSrR8r9DJbIcXjznuIAy62tr7yMoYpG2zLN/6Co/zNt AkQYi7CWmCu+tzdazA3QwYcpFeiI0lwi/6mP0FEKA+PtuCqwoc+tisQXVSMJRaOtrdWB 8QAPmTsTSkfrAm9RYZpn0UTAANAvM93LAVYySU0YS8q6KxpuLJHDaYoxkgKJrnyI4WMq PkwA6L8fHR6BI8cOlci63tyXmINrevYqrIVxJPh/yQoxAk72tg92YUZNA6cVxbvRq4r0 a4d5DtK0KP1fXiVuC9jneBA5yKjh4Xi7XOfSMaX1Hv30Lo8+ZEvWHzhTXbMpJfF4Uodk nqXQ== X-Forwarded-Encrypted: i=1; AJvYcCUBv+e2uD2NefjWykRtscD4pjlyDmSPZtrl9VTuLBhm9BHhuO/xCthfFoHXVwtXtBqoMSs=@freebsd.org X-Gm-Message-State: AOJu0YzZM53FRz3KSYC1XJXif8rclsP+rzPT/F5dH8zN1Tp6TFt1sC4s xKzqxCdyRRucF+2rZqZ9bUjAvDUGiOAYVfX0pqBwai/gJkOCbSLerKmp4Q== X-Google-Smtp-Source: AGHT+IEpbq0himugslPNGCU8k4nioAjat/W/QAncCY1hMxWtIF6jZGemS8JtImE1ShnTRtTIqg1k3Q== X-Received: by 2002:a05:6602:2cca:b0:83a:9488:154c with SMTP id ca18e2360f4ac-83a94881e23mr161078939f.3.1729015811381; Tue, 15 Oct 2024 11:10:11 -0700 (PDT) Received: from nuc (192-0-220-237.cpe.teksavvy.com. [192.0.220.237]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4dbecc4a313sm419892173.151.2024.10.15.11.10.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Oct 2024 11:10:10 -0700 (PDT) Date: Tue, 15 Oct 2024 14:10:07 -0400 From: Mark Johnston To: Andriy Gapon Cc: Sean Bruno , "net@FreeBSD.org" Subject: Re: in_pcbbind_setup: wrong condition regarding INP_REUSEPORT ? Message-ID: References: <896ee089-27ad-c98f-6bf9-4b05caf778fd@freebsd.org> <9037ac3d-8d8e-2d7d-cbdb-996a53613aca@FreeBSD.org> List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <9037ac3d-8d8e-2d7d-cbdb-996a53613aca@FreeBSD.org> X-Spamd-Result: default: False [-1.57 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.97)[-0.972]; MID_RHS_NOT_FQDN(0.50)[]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.10)[text/plain]; DMARC_POLICY_SOFTFAIL(0.10)[freebsd.org : SPF not aligned (relaxed), DKIM not aligned (relaxed),none]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_DN_EQ_ADDR_SOME(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; MLMMJ_DEST(0.00)[net@freebsd.org]; RCVD_COUNT_TWO(0.00)[2]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MISSING_XM_UA(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::d34:from]; TO_DN_SOME(0.00)[] X-Rspamd-Queue-Id: 4XShw45lwtz4jSf X-Spamd-Bar: - On Tue, Oct 04, 2022 at 02:46:51PM +0300, Andriy Gapon wrote: > On 04/10/2022 14:37, Sean Bruno wrote: > > > > > > On 10/3/22 04:14, Andriy Gapon wrote: > > > > > > I must admit that the condition in question is fairly long and > > > non-trivial and I cannot decipher it, but these two lines look wrong > > > to me: > > > > > >                                       (t->inp_flags2 & INP_REUSEPORT) || > > >                                       (t->inp_flags2 & INP_REUSEPORT_LB) == 0) && > > > > > > I'd expect that the check would be symmetric with respect to > > > INP_REUSEPORT and INP_REUSEPORT_LB. > > > The problem seems to come from 1a43cff92a20d / r334719 / D11003. > > > > > > > I think you are pointing at this absurd conditional? > > > > https://cgit.freebsd.org/src/tree/sys/netinet/in_pcb.c#n1049 > > > > Besides the twisted logic, what problem are you trying to solve? > > Yes, that conditional. > I pointed out the part of it that does not make sense to me. > > Also, in my tests SO_REUSEPORT does not actually allow to share a port. > Test scenario: > - create a UDP socket > - setsockopt(SO_REUSEPORT) > - bind the socket to a port and wild card address > - success > - now repeat the previous steps with the same port *under a different user id* > - bind fails > > I wonder if the following would be a correct change. Reviving this old thread, since I was confused by this code today. I think you are right, the INP_REUSEPORT check was inverted in commit https://cgit.freebsd.org/src/commit/?id=1a43cff92a20d Before that, SO_REUSEPORT would let two sockets belonging to different UIDs bind to the same port. This was a consequence of commits https://cgit.freebsd.org/src/commit/?id=52b65dbe85faf and https://cgit.freebsd.org/src/commit/?id=4049a042532f6 But, I can't tell if that old behaviour for unicast addresses was actually intentional. Bugzilla PR 7713 only discusses the problem in the context of multicast addresses, where it makes more sense. Note that the current code has the somewhat dubious property that sockets with different creds can bind to the same port if they all have SO_REUSEPORT_LB set. I can't tell if that's intentional, but I doubt it. I'm inclined to completely remove the REUSEPORT* flag checks here. > diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c > index d9247f50d32b..f5e6e3932a96 100644 > --- a/sys/netinet/in_pcb.c > +++ b/sys/netinet/in_pcb.c > @@ -1003,6 +1003,7 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr > *nam, in_addr_t *laddrp, > /* > * XXX > * This entire block sorely needs a rewrite. > + * And a good comment describing the rationale behind the conditions. > */ > if (t && > ((inp->inp_flags2 & INP_BINDMULTI) == 0) && > @@ -1011,8 +1012,7 @@ in_pcbbind_setup(struct inpcb *inp, struct sockaddr > *nam, in_addr_t *laddrp, > ntohl(t->inp_faddr.s_addr) == INADDR_ANY) && > (ntohl(sin->sin_addr.s_addr) != INADDR_ANY || > ntohl(t->inp_laddr.s_addr) != INADDR_ANY || > - (t->inp_flags2 & INP_REUSEPORT) || > - (t->inp_flags2 & INP_REUSEPORT_LB) == 0) && > + (t->inp_flags2 & (INP_REUSEPORT | INP_REUSEPORT_LB)) == 0) && > (inp->inp_cred->cr_uid != > t->inp_cred->cr_uid)) > return (EADDRINUSE); > > -- > Andriy Gapon > >