Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp30016ybt;
        Tue, 23 Jun 2020 14:27:01 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwSsvK/68JOcDIkEtvHLGrOCLuziu/LDyjfrP8nQxN/V8gqfWyLMO+NtRgIVeSqczKNIKkb
X-Received: by 2002:a50:ee87:: with SMTP id f7mr4701648edr.355.1592947620922;
        Tue, 23 Jun 2020 14:27:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1592947620; cv=none;
        d=google.com; s=arc-20160816;
        b=wV9na35C3tMy9IIBNrDVnhYzqoE2iCdpvD5UXSrl7xZLJVFwC5/Vj3VMI/wCV4sS3X
         sVOorfE+4AC0OMKYYIbKtKS9Ekw/638k76Ayk3+jJBEEqMbEV4E1oUGdcnaQxulZSr78
         MEJVZAg27RLDHZ5w90mXioIXH1Dx4I+B90yvjX+73vN4dM/CeUvPM6EkjM96sHCeunp0
         zjxPLKLRB8aCqSaokF/LI41q+QwdmRANL3KIDeNpFezi1rvIaCH9AojTdf85D92O/fK2
         EOuf+uzR9SADLzRBh2Ff5HVsgUMTDMwBF7rVuUvpoflH0MSTdopjsytHWP0lXgRIPlfZ
         DMng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version;
        bh=VEP7lzgT9uj2XM4TZrQ6QgpdMEpVbByDvKYMlMxegJk=;
        b=c2sBLgX0vuA78zpL7MpqkerHkjHNE/L1eCY1Y2SJAyFH+LMvmcVrGha4oHIPpWgAES
         HaI684qmmYms5fyTI8+rcfinT4NYE4vwnYOfgP2Cbk6B9GehsJDT/aEanbYnD4r3x+Tv
         IZ54b5gSL84HdTIW8YLWGeOvq0Q+io/pUWd5ZNhKdMUlqhmpBUeEuw9IwSG/7qQ5Sx+q
         L4lSCHyxOVSRhZNu8SFhJjJEDzOlkWZMS5X2R4y/HquNRa6rLsF+aQlmqaHOEZhlo7NI
         ocnoCek/JHc67bjwfSHWi+KwWiP5S/31Y/LFFJmtIQ6Y1hlrvMjO24pr7mt/8iqsJP0b
         KuoQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id pk21si11660340ejb.696.2020.06.23.14.26.37;
        Tue, 23 Jun 2020 14:27:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2393668AbgFWVZO convert rfc822-to-8bit (ORCPT
        <rfc822;linux.lists.archive@gmail.com> + 99 others);
        Tue, 23 Jun 2020 17:25:14 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33978 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2390329AbgFWVZG (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 23 Jun 2020 17:25:06 -0400
Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76F3EC061573;
        Tue, 23 Jun 2020 14:25:06 -0700 (PDT)
Received: from mb.fritz.box (ip4d15f5fc.dynamic.kabel-deutschland.de [77.21.245.252])
        (Authenticated sender: lurchi)
        by mail-n.franken.de (Postfix) with ESMTPSA id C63ED7220B819;
        Tue, 23 Jun 2020 23:25:00 +0200 (CEST)
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: Re: Strange problem with SCTP+IPv6
From:   Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
In-Reply-To: <20200623212143.GR2491@localhost.localdomain>
Date:   Tue, 23 Jun 2020 23:24:59 +0200
Cc:     Corey Minyard <minyard@acm.org>,
        David Laight <David.Laight@aculab.com>,
        Xin Long <lucien.xin@gmail.com>,
        Vlad Yasevich <vyasevich@gmail.com>,
        Neil Horman <nhorman@tuxdriver.com>,
        "linux-sctp@vger.kernel.org" <linux-sctp@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Transfer-Encoding: 8BIT
Message-Id: <C4F6EDBE-CCAE-4635-AD96-9C2E2582F1B3@lurchi.franken.de>
References: <20200621155604.GA23135@minyard.net>
 <CADvbK_d9mV9rBg7oLC+9u4fg3d_5a_g8ukPe83vOAE8ZM3FhHA@mail.gmail.com>
 <20200622165759.GA3235@minyard.net>
 <4B68D06C-00F4-42C3-804A-B5531AABCE21@lurchi.franken.de>
 <20200622183253.GQ2491@localhost.localdomain>
 <c1121947c9a94703b4ab6dc434a7c3f8@AcuMS.aculab.com>
 <20200623161756.GE3235@minyard.net>
 <20200623212143.GR2491@localhost.localdomain>
To:     Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
        autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> On 23. Jun 2020, at 23:21, Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> wrote:
> 
> On Tue, Jun 23, 2020 at 11:17:56AM -0500, Corey Minyard wrote:
>> On Tue, Jun 23, 2020 at 01:17:28PM +0000, David Laight wrote:
>>> From: Marcelo Ricardo Leitner
>>>> Sent: 22 June 2020 19:33
>>>> On Mon, Jun 22, 2020 at 08:01:24PM +0200, Michael Tuexen wrote:
>>>>>> On 22. Jun 2020, at 18:57, Corey Minyard <minyard@acm.org> wrote:
>>>>>> 
>>>>>> On Mon, Jun 22, 2020 at 08:01:23PM +0800, Xin Long wrote:
>>>>>>> On Sun, Jun 21, 2020 at 11:56 PM Corey Minyard <minyard@acm.org> wrote:
>>>>>>>> 
>>>>>>>> I've stumbled upon a strange problem with SCTP and IPv6.  If I create an
>>>>>>>> sctp listening socket on :: and set the IPV6_V6ONLY socket option on it,
>>>>>>>> then I make a connection to it using ::1, the connection will drop after
>>>>>>>> 2.5 seconds with an ECONNRESET error.
>>>>>>>> 
>>>>>>>> It only happens on SCTP, it doesn't have the issue if you connect to a
>>>>>>>> full IPv6 address instead of ::1, and it doesn't happen if you don't
>>>>>>>> set IPV6_V6ONLY.  I have verified current end of tree kernel.org.
>>>>>>>> I tried on an ARM system and x86_64.
>>>>>>>> 
>>>>>>>> I haven't dug into the kernel to see if I could find anything yet, but I
>>>>>>>> thought I would go ahead and report it.  I am attaching a reproducer.
>>>>>>>> Basically, compile the following code:
>>>>>>> The code only set IPV6_V6ONLY on server side, so the client side will
>>>>>>> still bind all the local ipv4 addresses (as you didn't call bind() to
>>>>>>> bind any specific addresses ). Then after the connection is created,
>>>>>>> the client will send HB on the v4 paths to the server. The server
>>>>>>> will abort the connection, as it can't support v4.
>>>>>>> 
>>>>>>> So you can work around it by either:
>>>>>>> 
>>>>>>> - set IPV6_V6ONLY on client side.
>>>>>>> 
>>>>>>> or
>>>>>>> 
>>>>>>> - bind to the specific v6 addresses on the client side.
>>>>>>> 
>>>>>>> I don't see RFC said something about this.
>>>>>>> So it may not be a good idea to change the current behaviour
>>>>>>> to not establish the connection in this case, which may cause regression.
>>>>>> 
>>>>>> Ok, I understand this.  It's a little strange, but I see why it works
>>>>>> this way.
>>>>> I don't. I would expect it to work as I described in my email.
>>>>> Could someone explain me how and why it is behaving different from
>>>>> my expectation?
>>>> 
>>>> It looks like a bug to me. Testing with this test app here, I can see
>>>> the INIT_ACK being sent with a bunch of ipv4 addresses in it and
>>>> that's unexpected for a v6only socket. As is, it's the server saying
>>>> "I'm available at these other addresses too, but not."
>>> 
>>> Does it even make sense to mix IPv4 and IPv6 addresses on the same
>>> connection?
>>> I don't remember ever seeing both types of address in a message,
>>> but may not have looked.
>> 
>> That's an interesting question.  Do the RFCs say anything?  I would
>> assume it was ok unless ipv6only was set.
>> 
>>> 
>>> I also wonder whether the connection should be dropped for an error
>>> response on a path that has never been validated.
>> 
>> That actually bothered me a bit more.  Shouldn't it stay up if any path
>> is up?  That's kind of the whole point of multihoming.
> 
> Michael explained it on the other email. What he described is what I
> observed in my tests.
> 
>> 
>>> 
>>> OTOH the whole 'multi-homing' part of SCTP sucks.
>> 
>> I don't think so.
>> 
>>> The IP addresses a server needs to bind to depend on where the
>>> incoming connection will come from.
>>> A local connection may be able to use a 192.168.x.x address
>>> but a remote connection must not - as it may be defined locally
>>> at the remote system.
>>> But both connections can come into the public (routable) address.
>>> We have to tell customers to explicitly configure the local IP
>>> addresses - which means the application has to know what they are.
>>> Fortunately these apps are pretty static - usually M3UA.
>> 
>> Umm, no,  If you have a private address, it better be behind a firewall,
>> and the firewall should handle rewriting the packet to fix the addresses.
>> 
>> It doesn't appear that Linux netfilter does this.  There is a TODO in
>> the code for this.  But that's how it *should* work.
> 
> Right, we don't support SCTP aware NAT [1].
> 
> 1.https://tools.ietf.org/html/draft-stewart-behave-sctpnat-04
The current version is: https://tools.ietf.org/html/draft-ietf-tsvwg-natsupp-16

Another possibility for NAT traversal is UDP encapsulation...

Best regards
Michael
> 
>  Marcelo
> 
>> 
>> -corey
>> 
>>> 
>>> 	David
>>> 
>>> -
>>> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
>>> Registration No: 1397386 (Wales)
>>>