On Tue, 13 Sep 2022 16:39:26 +1000 David Gibson <david(a)gibson.dropbear.id.au> wrote:On Fri, Sep 09, 2022 at 06:06:59PM +0200, Stefano Brivio wrote:Hmm, if we're talking about msg_flags, it should be ignored on sendmsg(), and only used for received messages flags (MSG_EOR, MSG_TRUNC, MSG_CTRUNC, MSG_OOB, MSG_ERRQUEUE) on recvmsg(). But,On Fri, 9 Sep 2022 20:39:44 +1000 David Gibson <david(a)gibson.dropbear.id.au> wrote:Duh. I completely failed to consider the other fields. I actually suspect msg_hdr.flags is the most vital one (without flags I don't know if it will examine control or controllen).On Fri, Sep 09, 2022 at 11:26:58AM +0200, Stefano Brivio wrote:On Fri, 9 Sep 2022 14:27:13 +1000 David Gibson <david(a)gibson.dropbear.id.au> wrote: > udp_tap_handler() currently skips outbound packets if they have a payload > length of zero. This is not correct, since in a datagram protocol zero > length packets still have meaning. Right, nice catch. As far as I can tell it's an issue I added with commit bb708111833e ("treewide: Packet abstraction with mandatory boundary checks"). > Adjust this to correctly forward the zero-length packets by using a msghdr > with msg_iovlen == 0. > > Bugzilla: https://bugs.passt.top/show_bug.cgi?id=19 > > Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au> > --- > udp.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > diff --git a/udp.c b/udp.c > index c4ebecc..caa852a 100644 > --- a/udp.c > +++ b/udp.c > @@ -1075,19 +1075,19 @@ int udp_tap_handler(struct ctx *c, int af, const void *addr, > uh_send = packet_get(p, i, 0, sizeof(*uh), &len); > if (!uh_send) > return p->count; > + > + mm[i].msg_hdr.msg_name = sa; > + mm[i].msg_hdr.msg_namelen = sl; > + count++; > + > if (!len) > continue; > > m[i].iov_base = (char *)(uh_send + 1); > m[i].iov_len = len; I haven't tested this yet, but: - shouldn't iov_len be set to 0 (moving also this line before)? Note that I'm not initialising m - shouldn't iov_base point to NULL to avoid noise from valgrind?No, because with this change m[i] is entirely unreferenced by mm[].Also: > > - mm[i].msg_hdr.msg_name = sa; > - mm[i].msg_hdr.msg_namelen = sl; > - > mm[i].msg_hdr.msg_iov = m + i; > mm[i].msg_hdr.msg_iovlen = 1; ...I guess we should still go through those even if the size is zero, because we're appending a message. If we don't, I would expect some subsequent messages in the batch to be dropped (as many as zero sized packets we have).Here I'm relying on the fact that mm[] (unlike m[]) *is* initialized, so if we don't alter it here, msg_iov is NULL and msg_iovlen is 0.I was looking at removing that initialization, but I haven't gotten that working yet.Oops, I see now. So, I suppose that if you want to drop that initialisation, you might need to zero msg_hdr.controllen as well.But in any case I'm initializing them all now and it's working.yes, I guess it's a good idea to avoid sending the kernel random bytes there, in any case. -- Stefano