BUG/MINOR: quic: Wrong source address use on FreeBSD

The bug is a listener only one, and only occured on FreeBSD.

The FreeBSD issue has been reported here:
https://forums.freebsd.org/threads/quic-http-3-with-haproxy.98443/
where QUIC traces could reveal that sendmsg() calls lead to EINVAL
syscall errnos.

Such a similar issue could be reproduced from a FreeBSD 14-2 VM
with reg-tests/quic/retry.vtc as reg test.

As noted by Olivier, this issue could be fixed within the VM binding
the listener socket to INADDR_ANY.

That said, the symptoms are not exactly the same as the one reporte by the user.
What could be observed from such a VM is that if the first recvmsg() call
returns the datagram destination address, and if the listener
listening address is bound to a specific address, the calls to
sendmsg() fail because of the IP_SENDSRCADDR ip option value
set by cmsg_set_saddr(). According to the ip(4) freebsd manual
such an IP options must be used if the listening socket is
bound to a specific address. It is to be noted that into a VM
the first call to recvmsg() of the first connection does not return the datagram
destination address. This leads the first quic_conn to be initialized without
->local_addr value. This is this value which is used by IP_SENDSRCADDR
ip option. In this case, the sendmsg() calls (without IP_SENDSRCADDR)
never fail. The issue appears at the second condition.

This patch replaces the conditions to use IP_SENDSRCADDR to a call to
qc_may_use_saddr(). This latter also checks that the listener listening
address is not INADDR_ANY to allow the use of the source address.
It is generalized to all the OSes. Indeed, there is no reason to set the source
address when the listener is bound to a specific address.

Must be backported as far as 2.8.

diff --git a/src/quic_sock.c b/src/quic_sock.c
index d7149ab84f16504f9eedb07d19bfcca9e3b958d9..bcef80a2f6ced223dd1e92fb44d1fa4d570621e4 100644 (file)
--- a/src/quic_sock.c
+++ b/src/quic_sock.c
@@ -688,6 +688,23 @@ static void cmsg_set_gso(struct msghdr *msg, struct cmsghdr **cmsg,
 #endif
 }
 
+/* Return 1 if the source address may be used, 0 if not. */
+static int qc_may_use_saddr(struct quic_conn *qc)
+{
+       /* For QUIC backends, the connection fd is always initialized */
+       /* Not useful for connection using the listener socket */
+       if (qc_test_fd(qc))
+               return 0;
+
+       /* Connection to a listener from here.
+        * The source address may be used when using listener socket (fd=-1) if
+        * possible. This is not useful if the listening socket is bound to
+        * a specific address. It is even prohibited on FreeBSD.
+        */
+       return (!is_addr(&__objt_listener(qc->target)->rx.addr) &&
+               is_addr(&qc->local_addr));
+}
+
 /* Send a datagram stored into <buf> buffer with <sz> as size. The caller must
  * ensure there is at least <sz> bytes in this buffer.
  *
@@ -760,8 +777,7 @@ int qc_snd_buf(struct quic_conn *qc, const struct buffer *buf, size_t sz,
        if (qc_test_fd(qc) && !fd_send_ready(qc->fd))
                return 0;
 
-       /* Set source address when using listener socket if possible. */
-       if (!qc_test_fd(qc) && is_addr(&qc->local_addr)) {
+       if (qc_may_use_saddr(qc)) {
                msg.msg_control = ancillary_data.bufaddr;
                cmsg_set_saddr(&msg, &cmsg, &qc->local_addr);
        }