[gnutls-devel] GnuTLS | fastopen.sh test failure (#1095)

Fri Sep 25 14:45:30 CEST 2020

civodul commented:

My reading of https://github.com/multipath-tcp/mptcp/commit/cf60af03ca4e71134206809ea892e49b92a88896 is that `MSG_FASTOPEN` must only be used on the first `sendmsg` call for a given host.  Passing it on subsequent calls leads to `EISCONN`, just a `connect` call on an already-connected socket.  This is confirmed by [this reproducer](/uploads/e94f2265ed9b94c7599447270617b9dc/tcp-fastopen.c) (tested with Linux-libre 5.8.7).

So the bug would be that GnuTLS passes `MSG_FASTOPEN` twice.  Now, why does it happen?

Outside Guix' isolated build environment, we get successful runs with this trace:

```
socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
getrandom("\xf1\xa7\x5d\xb1\x18\xb8\x4a\xd2\x77\x39\x36\x79\xba\x3e\xb6\x6f\x90\xcd\xdb\x0f\x35\x18\x03\x74\x92\xeb\xf0
\xa3\xf8\x14\x38\xb0"..., 64, 0) = 64
setsockopt(3, SOL_TCP, TCP_FASTOPEN, [1], 4) = 0
sendmsg(3, {msg_name={sa_family=AF_INET, sin_port=htons(2137), sin_addr=inet_addr("127.0.0.1")}, msg_namelen=16, msg_iov=[{iov_base="\26\3\1\1b\1\0\1^\3\3\37\257as\245\1\33n\2202\240k\261|\275\177a\206-\274\320"..., iov_len=359}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, MSG_FASTOPEN) = 359
poll([{fd=3, events=POLLIN}], 1, 40000) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\26\3\3\0{", 5, 0, NULL, NULL) = 5
poll([{fd=3, events=POLLIN}], 1, 40000) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\2\0\0w\3\3m2>x\340\25(\341[m\233ji;uXyidgd\367?s\233\252"..., 123, 0, NULL, NULL) = 123
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\24\3\3\0\1\1", iov_len=6}], msg_iovlen=1, msg_controllen=0, msg_flags=0}, 0) = 6
poll([{fd=3, events=POLLIN}], 1, 39997) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\24\3\3\0\1", 5, 0, NULL, NULL) = 5
poll([{fd=3, events=POLLIN}], 1, 39997) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\1", 1, 0, NULL, NULL)     = 1
poll([{fd=3, events=POLLIN}], 1, 39997) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\27\3\3\0\35", 5, 0, NULL, NULL) = 5
poll([{fd=3, events=POLLIN}], 1, 39997) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "E\202UmH\20\37>Z\244R\214#.u\222<\260\303\210\350\260y\210\33\323YV\374", 29, 0, NULL, NULL) = 29
poll([{fd=3, events=POLLIN}], 1, 39988) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\27\3\3\0B", 5, 0, NULL, NULL) = 5
poll([{fd=3, events=POLLIN}], 1, 39988) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\221JO\26\256\341\303\274)Xa\277\1\253\223c\355[\267\341\5\22\2158\27\200}q\244\372\21\315"..., 66, 0, NULL, NULL) = 66
poll([{fd=3, events=POLLIN}], 1, 39988) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\27\3\3\3\326", 5, 0, NULL, NULL) = 5
poll([{fd=3, events=POLLIN}], 1, 39988) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\262\242~C\0242\244\316\263r\32\ny\23bb\220\226\216\277\276\323QSp\24\vU\336\246\241\22"..., 982, 0, NULL, NULL) = 982
poll([{fd=3, events=POLLIN}], 1, 39987) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\27\3\3\1I", 5, 0, NULL, NULL) = 5
poll([{fd=3, events=POLLIN}], 1, 39987) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\257!\233]m\260\276\342\236\266\304\270=Cb\223\317\364L\3030#j\372U\315bk\35\\\364\302"..., 329, 0, NULL, NULL) = 329
openat(AT_FDCWD, "/gnu/store/cb6fakglpk69j8mz0g13rggp99l8v3x8-glibc-2.32/share/zoneinfo/UTC", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
poll([{fd=3, events=POLLIN}], 1, 39986) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\27\3\3\0E", 5, 0, NULL, NULL) = 5
poll([{fd=3, events=POLLIN}], 1, 39986) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, "\177,\342&\26\212&r|\310Ipm\371\213\21o\243}2\21hI\340\367\314\6+\374a\350\203"..., 69, 0, NULL, NULL) = 69
sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\27\3\3\0\31U\322\7\371/\341k<z\320\246I\207\250d\3345\242j_\226\221\r\215\373", iov_len=30}, {iov_base="\27\3\3\0E\253\3\215*\241\362\374\243F\312{$\373\315{\23\3\300\3340\262\200\313,D\2622"..., iov_len=74}], msg_iovlen=2, msg_controllen=0, msg_flags=0}, 0) = 104
```

The key difference is that there is _no_ second `setsockopt` call and the second `sendmsg` call doesn't have `MSG_FASTOPEN`.

The faulty case (i.e., in Guix' build environment) is as if `p->connect_addrlen = 0` in `tfo_writev` wasn't executed, leading to the second `setsockopt` and `MSG_FASTOPEN`, which in turn leads to `EISCONN`.

Thoughts?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1095#note_418757425
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200925/41d9ffb3/attachment.html>