From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Mohandass, Roobesh" <Roobesh_Mohandass@McAfee.com>
Subject: : getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, sa, &salen) is in
 fact sometimes returning the source IP instead the destination IP
Date: Mon, 31 Dec 2018 06:20:32 +0000
Message-ID: <MWHPR16MB1502F6F7D906B1C7117189DFEDB20@MWHPR16MB1502.namprd16.prod.outlook.com>
References: <MWHPR16MB1502549F7BAAE102EF1D5DF4EDB50@MWHPR16MB1502.namprd16.prod.outlook.com>
 <MWHPR16MB150233EF69CFD4562BFA65ABEDB60@MWHPR16MB1502.namprd16.prod.outlook.com>
 <MWHPR16MB1502DC55542EBA8121631B16EDB20@MWHPR16MB1502.namprd16.prod.outlook.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Return-path: <netdev-owner@vger.kernel.org>
Received: from dnvwsmailout1.mcafee.com ([161.69.31.173]:54728 "EHLO
        DNVWSMAILOUT1.mcafee.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725949AbeLaGUg (ORCPT
        <rfc822;netdev@vger.kernel.org>); Mon, 31 Dec 2018 01:20:36 -0500
In-Reply-To: <MWHPR16MB1502DC55542EBA8121631B16EDB20@MWHPR16MB1502.namprd16.prod.outlook.com>
Content-Language: en-US
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

(email is bouncing due to URL in the body of the message, so using hash ins=
tead).

Hi Netdev,

Issue: getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, sa, &salen) is in fact somet=
imes returning the source IP instead the destination IP

Using below version of,
~# lsb_release -rd
Description: Ubuntu 18.04.1 LTS
Release: 18.04

What you expected to happen:
getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, sa, &salen) - should return always =
destination IP(connected IP).

What happened instead:
getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, sa, &salen) is in fact sometimes re=
turning the source IP instead the destination IP. Using getsockname() inste=
ad looks like solving the issue.

For just an example:=20
Out of 6569124 requests , 4 requests were wrong 0.000060891 % (this is just=
 an rough estimate to give you idea on frequency)

Some old reference: (similar behavior observed)=20
MD5: 60059ae4a3d912d4745ca66630b9b949=A0=A0 (convert this hash into string =
for URL).

Side Note: (about how we identified this behavior)
We were using haproxy-version 1.8.14-1 which is using this kernel function =
getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, sa, &salen) to get the destination =
IP details/connected address details. But instead we are getting very occas=
ional source IP address instead of destination(Connected IP).

Thanks for your attention on this message.

With kind regards,
RGM(Roobesh Mohandass)
Cloud Security Platform