From: Frederic Lecaille Date: Fri, 11 Jul 2025 07:02:22 +0000 (+0200) Subject: BUG/MINOR: quic: Wrong source address use on FreeBSD X-Git-Tag: v3.3-dev4~75 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1c33756f7803247c81354f55678322b636279089;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: Wrong source address use on FreeBSD The bug is a listener only one, and only occured on FreeBSD. The FreeBSD issue has been reported here: https://forums.freebsd.org/threads/quic-http-3-with-haproxy.98443/ where QUIC traces could reveal that sendmsg() calls lead to EINVAL syscall errnos. Such a similar issue could be reproduced from a FreeBSD 14-2 VM with reg-tests/quic/retry.vtc as reg test. As noted by Olivier, this issue could be fixed within the VM binding the listener socket to INADDR_ANY. That said, the symptoms are not exactly the same as the one reporte by the user. What could be observed from such a VM is that if the first recvmsg() call returns the datagram destination address, and if the listener listening address is bound to a specific address, the calls to sendmsg() fail because of the IP_SENDSRCADDR ip option value set by cmsg_set_saddr(). According to the ip(4) freebsd manual such an IP options must be used if the listening socket is bound to a specific address. It is to be noted that into a VM the first call to recvmsg() of the first connection does not return the datagram destination address. This leads the first quic_conn to be initialized without ->local_addr value. This is this value which is used by IP_SENDSRCADDR ip option. In this case, the sendmsg() calls (without IP_SENDSRCADDR) never fail. The issue appears at the second condition. This patch replaces the conditions to use IP_SENDSRCADDR to a call to qc_may_use_saddr(). This latter also checks that the listener listening address is not INADDR_ANY to allow the use of the source address. It is generalized to all the OSes. Indeed, there is no reason to set the source address when the listener is bound to a specific address. Must be backported as far as 2.8. --- diff --git a/src/quic_sock.c b/src/quic_sock.c index d7149ab84..bcef80a2f 100644 --- a/src/quic_sock.c +++ b/src/quic_sock.c @@ -688,6 +688,23 @@ static void cmsg_set_gso(struct msghdr *msg, struct cmsghdr **cmsg, #endif } +/* Return 1 if the source address may be used, 0 if not. */ +static int qc_may_use_saddr(struct quic_conn *qc) +{ + /* For QUIC backends, the connection fd is always initialized */ + /* Not useful for connection using the listener socket */ + if (qc_test_fd(qc)) + return 0; + + /* Connection to a listener from here. + * The source address may be used when using listener socket (fd=-1) if + * possible. This is not useful if the listening socket is bound to + * a specific address. It is even prohibited on FreeBSD. + */ + return (!is_addr(&__objt_listener(qc->target)->rx.addr) && + is_addr(&qc->local_addr)); +} + /* Send a datagram stored into buffer with as size. The caller must * ensure there is at least bytes in this buffer. * @@ -760,8 +777,7 @@ int qc_snd_buf(struct quic_conn *qc, const struct buffer *buf, size_t sz, if (qc_test_fd(qc) && !fd_send_ready(qc->fd)) return 0; - /* Set source address when using listener socket if possible. */ - if (!qc_test_fd(qc) && is_addr(&qc->local_addr)) { + if (qc_may_use_saddr(qc)) { msg.msg_control = ancillary_data.bufaddr; cmsg_set_saddr(&msg, &cmsg, &qc->local_addr); }