Allow IP_(ADD|REMOVE)_MEMBERSHIP on AF_INET6 sockets

Just like Linux does.

The new test `AddV4MembershipToV6Socket` passes only if there is a routing
table entry to resolve the ipv4 multicast address, and that is easiest to setup
via a "external networking" test. Now it turns out that the ipv6 "external
networking" test did not actually have a second non-loopback (external)
interface, so I've added that.

PiperOrigin-RevId: 807959283

Author: shailend-g

pkg/tcpip/tcpip.go

@@ -49,10 +49,8 @@ import (
 
 // Using the header package here would cause an import cycle.
 const (
-	ipv4AddressSize    = 4
-	ipv4ProtocolNumber = 0x0800
-	ipv6AddressSize    = 16
-	ipv6ProtocolNumber = 0x86dd
+	ipv4AddressSize = 4
+	ipv6AddressSize = 16
 )
 
 const (

pkg/tcpip/tests/integration/BUILD

@@ -128,7 +128,6 @@ go_test(
         "//pkg/tcpip/tests/utils",
         "//pkg/tcpip/testutil",
         "//pkg/tcpip/transport/icmp",
-        "//pkg/tcpip/transport/raw",
         "//pkg/tcpip/transport/udp",
         "//pkg/waiter",
         "@com_github_google_go_cmp//cmp:go_default_library",

pkg/tcpip/tests/integration/multicast_broadcast_test.go

@@ -33,7 +33,6 @@ import (
 	"gvisor.dev/gvisor/pkg/tcpip/tests/utils"
 	"gvisor.dev/gvisor/pkg/tcpip/testutil"
 	"gvisor.dev/gvisor/pkg/tcpip/transport/icmp"
-	"gvisor.dev/gvisor/pkg/tcpip/transport/raw"
 	"gvisor.dev/gvisor/pkg/tcpip/transport/udp"
 	"gvisor.dev/gvisor/pkg/waiter"
 )
@@ -779,54 +778,3 @@ func TestAddMembershipInterfacePrecedence(t *testing.T) {
 		t.Fatalf("ep.SetSockOpt(&%#v): %s", addOpt, err)
 	}
 }
-
-func TestMismatchedMulticastAddressAndProtocol(t *testing.T) {
-	const nicID = 1
-	// MulticastAddr is IPv4, but proto is IPv6.
-	multicastAddr := tcpip.AddrFromSlice([]byte("\xe0\x01\x02\x03"))
-	s := stack.New(stack.Options{
-		NetworkProtocols:   []stack.NetworkProtocolFactory{ipv4.NewProtocol, ipv6.NewProtocol},
-		TransportProtocols: []stack.TransportProtocolFactory{icmp.NewProtocol6},
-		RawFactory:         raw.EndpointFactory{},
-	})
-	e := channel.New(0, defaultMTU, "")
-	defer e.Close()
-	if err := s.CreateNIC(nicID, e); err != nil {
-		t.Fatalf("CreateNIC(%d, _): %s", nicID, err)
-	}
-	protoAddr := tcpip.ProtocolAddress{Protocol: header.IPv4ProtocolNumber, AddressWithPrefix: utils.Ipv4Addr}
-	if err := s.AddProtocolAddress(nicID, protoAddr, stack.AddressProperties{}); err != nil {
-		t.Fatalf("AddProtocolAddress(%d, %+v, {}): %s", nicID, protoAddr, err)
-	}
-
-	var wq waiter.Queue
-	ep, err := s.NewRawEndpoint(header.ICMPv6ProtocolNumber, header.IPv6ProtocolNumber, &wq, false)
-	if err != nil {
-		t.Fatalf("NewEndpoint(%d, %d, _): %s", udp.ProtocolNumber, header.IPv6ProtocolNumber, err)
-	}
-	defer ep.Close()
-
-	bindAddr := tcpip.FullAddress{Port: utils.LocalPort}
-	if err := ep.Bind(bindAddr); err != nil {
-		t.Fatalf("ep.Bind(%#v): %s", bindAddr, err)
-	}
-
-	memOpt := tcpip.MembershipOption{
-		MulticastAddr: multicastAddr,
-		NIC:           0,
-		InterfaceAddr: utils.Ipv4Addr.Address,
-	}
-
-	// Add/remove membership should succeed when the interface index is specified,
-	// even if a bad interface address is specified.
-	addOpt := tcpip.AddMembershipOption(memOpt)
-	expErr := &tcpip.ErrInvalidOptionValue{}
-	if err := ep.SetSockOpt(&addOpt); err != expErr {
-		t.Fatalf("ep.SetSockOpt(&%#v): want %q, got %q", addOpt, expErr, err)
-	}
-
-	removeOpt := tcpip.RemoveMembershipOption(memOpt)
-	if err := ep.SetSockOpt(&removeOpt); err != expErr {
-		t.Fatalf("ep.SetSockOpt(&%#v): want %q, got %q", addOpt, expErr, err)
-	}
-}

pkg/tcpip/transport/internal/network/endpoint.go

@@ -181,7 +181,11 @@ func (e *Endpoint) Close() {
 	}
 
 	for mem := range e.multicastMemberships {
-		e.stack.LeaveGroup(e.netProto, mem.nicID, mem.multicastAddr)
+		proto, err := e.multicastNetProto(mem.multicastAddr)
+		if err != nil {
+			panic("non multicast address in an existing membership")
+		}
+		e.stack.LeaveGroup(proto, mem.nicID, mem.multicastAddr)
 	}
 	e.multicastMemberships = nil
 
@@ -912,6 +916,19 @@ func (e *Endpoint) GetSockOptInt(opt tcpip.SockOptInt) (int, tcpip.Error) {
 	}
 }
 
+// multicastNetProto returns the network protocol of a given multicast address.
+// Returns an error if the address is not a multicast address.
+func (e *Endpoint) multicastNetProto(addr tcpip.Address) (tcpip.NetworkProtocolNumber, tcpip.Error) {
+	switch {
+	case header.IsV4MulticastAddress(addr):
+		return header.IPv4ProtocolNumber, nil
+	case header.IsV6MulticastAddress(addr):
+		return header.IPv6ProtocolNumber, nil
+	default:
+		return 0, &tcpip.ErrInvalidOptionValue{}
+	}
+}
+
 // SetSockOpt sets the socket option.
 func (e *Endpoint) SetSockOpt(opt tcpip.SettableSocketOption) tcpip.Error {
 	switch v := opt.(type) {
@@ -952,21 +969,21 @@ func (e *Endpoint) SetSockOpt(opt tcpip.SettableSocketOption) tcpip.Error {
 		e.multicastAddr = addr
 
 	case *tcpip.AddMembershipOption:
-		if !(header.IsV4MulticastAddress(v.MulticastAddr) && e.netProto == header.IPv4ProtocolNumber) && !(header.IsV6MulticastAddress(v.MulticastAddr) && e.netProto == header.IPv6ProtocolNumber) {
-			return &tcpip.ErrInvalidOptionValue{}
+		proto, err := e.multicastNetProto(v.MulticastAddr)
+		if err != nil {
+			return err
 		}
 
 		nicID := v.NIC
-
 		if v.InterfaceAddr.Unspecified() {
 			if nicID == 0 {
-				if r, err := e.stack.FindRoute(0, tcpip.Address{}, v.MulticastAddr, e.netProto, false /* multicastLoop */); err == nil {
+				if r, err := e.stack.FindRoute(0, tcpip.Address{}, v.MulticastAddr, proto, false /* multicastLoop */); err == nil {
 					nicID = r.NICID()
 					r.Release()
 				}
 			}
 		} else {
-			nicID = e.stack.CheckLocalAddress(nicID, e.netProto, v.InterfaceAddr)
+			nicID = e.stack.CheckLocalAddress(nicID, proto, v.InterfaceAddr)
 		}
 		if nicID == 0 {
 			return &tcpip.ErrUnknownDevice{}
@@ -981,27 +998,28 @@ func (e *Endpoint) SetSockOpt(opt tcpip.SettableSocketOption) tcpip.Error {
 			return &tcpip.ErrPortInUse{}
 		}
 
-		if err := e.stack.JoinGroup(e.netProto, nicID, v.MulticastAddr); err != nil {
+		if err := e.stack.JoinGroup(proto, nicID, v.MulticastAddr); err != nil {
 			return err
 		}
 
 		e.multicastMemberships[memToInsert] = struct{}{}
 
 	case *tcpip.RemoveMembershipOption:
-		if !(header.IsV4MulticastAddress(v.MulticastAddr) && e.netProto == header.IPv4ProtocolNumber) && !(header.IsV6MulticastAddress(v.MulticastAddr) && e.netProto == header.IPv6ProtocolNumber) {
-			return &tcpip.ErrInvalidOptionValue{}
+		proto, err := e.multicastNetProto(v.MulticastAddr)
+		if err != nil {
+			return err
 		}
 
 		nicID := v.NIC
 		if v.InterfaceAddr.Unspecified() {
 			if nicID == 0 {
-				if r, err := e.stack.FindRoute(0, tcpip.Address{}, v.MulticastAddr, e.netProto, false /* multicastLoop */); err == nil {
+				if r, err := e.stack.FindRoute(0, tcpip.Address{}, v.MulticastAddr, proto, false /* multicastLoop */); err == nil {
 					nicID = r.NICID()
 					r.Release()
 				}
 			}
 		} else {
-			nicID = e.stack.CheckLocalAddress(nicID, e.netProto, v.InterfaceAddr)
+			nicID = e.stack.CheckLocalAddress(nicID, proto, v.InterfaceAddr)
 		}
 		if nicID == 0 {
 			return &tcpip.ErrUnknownDevice{}
@@ -1016,7 +1034,7 @@ func (e *Endpoint) SetSockOpt(opt tcpip.SettableSocketOption) tcpip.Error {
 			return &tcpip.ErrBadLocalAddress{}
 		}
 
-		if err := e.stack.LeaveGroup(e.netProto, nicID, v.MulticastAddr); err != nil {
+		if err := e.stack.LeaveGroup(proto, nicID, v.MulticastAddr); err != nil {
 			return err
 		}
 

pkg/tcpip/transport/internal/network/endpoint_state.go

@@ -29,8 +29,12 @@ func (e *Endpoint) Resume(s *stack.Stack) error {
 
 	e.stack = s
 	for m := range e.multicastMemberships {
-		if err := e.stack.JoinGroup(e.netProto, m.nicID, m.multicastAddr); err != nil {
-			return fmt.Errorf("e.stack.JoinGroup(%d, %d, %s): %s", e.netProto, m.nicID, m.multicastAddr, err)
+		proto, err := e.multicastNetProto(m.multicastAddr)
+		if err != nil {
+			panic("non multicast address in an existing membership during Resume")
+		}
+		if err := e.stack.JoinGroup(proto, m.nicID, m.multicastAddr); err != nil {
+			return fmt.Errorf("e.stack.JoinGroup(%d, %d, %s): %s", proto, m.nicID, m.multicastAddr, err)
 		}
 	}
 

test/syscalls/BUILD

@@ -810,6 +810,12 @@ syscall_test(
     test = "//test/syscalls/linux:socket_ipv4_udp_unbound_external_networking_test",
 )
 
+syscall_test(
+    # FIXME: TestJoinLeaveMulticast fails with add_hostinet.
+    netstack_sr = True,
+    test = "//test/syscalls/linux:socket_ipv6_udp_unbound_external_networking_test",
+)
+
 syscall_test(
     size = "large",
     add_hostinet = True,

test/syscalls/linux/BUILD

@@ -2896,7 +2896,13 @@ cc_library(
         "socket_ipv6_udp_unbound_external_networking.h",
     ],
     deps = select_gtest() + [
+        ":ip_socket_test_util",
         ":socket_ip_udp_unbound_external_networking",
+        "//test/util:file_descriptor",
+        "//test/util:posix_error",
+        "//test/util:socket_util",
+        "//test/util:test_util",
+        "@com_google_absl//absl/cleanup",
     ],
     alwayslink = 1,
 )

test/syscalls/linux/socket_ipv6_udp_unbound_external_networking.cc

@@ -14,9 +14,72 @@
 
 #include "test/syscalls/linux/socket_ipv6_udp_unbound_external_networking.h"
 
+#include <net/if.h>
+#include <sys/socket.h>
+
+#include <cerrno>
+#include <cstring>
+#include <iostream>
+#include <optional>
+#include <utility>
+
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "absl/cleanup/cleanup.h"
+#include "test/syscalls/linux/ip_socket_test_util.h"
+#include "test/util/file_descriptor.h"
+#include "test/util/posix_error.h"
+#include "test/util/socket_util.h"
+#include "test/util/test_util.h"
+
 namespace gvisor {
 namespace testing {
 
+void IPv6UDPUnboundExternalNetworkingSocketTest::SetUp() {
+#ifdef ANDROID
+  GTEST_SKIP() << "Android does not support getifaddrs in r22";
+#endif
+
+  ifaddrs* ifaddr;
+  ASSERT_THAT(getifaddrs(&ifaddr), SyscallSucceeds());
+  auto cleanup = absl::MakeCleanup([ifaddr] { freeifaddrs(ifaddr); });
+
+  for (const ifaddrs* ifa = ifaddr; ifa != nullptr; ifa = ifa->ifa_next) {
+    ASSERT_NE(ifa->ifa_name, nullptr);
+    ASSERT_NE(ifa->ifa_addr, nullptr);
+
+    if (ifa->ifa_addr->sa_family != AF_INET6) {
+      continue;
+    }
+
+    std::optional<std::pair<int, sockaddr_in6>>& if_pair = *[this, ifa]() {
+      if (strcmp(ifa->ifa_name, "lo") == 0) {
+        return &lo_if_;
+      }
+      return &eth_if_;
+    }();
+
+    const int if_index =
+        ASSERT_NO_ERRNO_AND_VALUE(InterfaceIndex(ifa->ifa_name));
+
+    std::cout << " name=" << ifa->ifa_name
+              << " addr=" << GetAddrStr(ifa->ifa_addr) << " index=" << if_index
+              << " has_value=" << if_pair.has_value() << std::endl;
+
+    if (if_pair.has_value()) {
+      continue;
+    }
+
+    if_pair = std::make_pair(
+        if_index, *reinterpret_cast<const sockaddr_in6*>(ifa->ifa_addr));
+  }
+
+  if (!(eth_if_.has_value() && lo_if_.has_value())) {
+    GTEST_SKIP() << " eth_if_.has_value()=" << eth_if_.has_value()
+                 << " lo_if_.has_value()=" << lo_if_.has_value();
+  }
+}
+
 TEST_P(IPv6UDPUnboundExternalNetworkingSocketTest, TestJoinLeaveMulticast) {
   auto sender = ASSERT_NO_ERRNO_AND_VALUE(NewSocket());
   auto receiver = ASSERT_NO_ERRNO_AND_VALUE(NewSocket());
@@ -82,5 +145,58 @@ TEST_P(IPv6UDPUnboundExternalNetworkingSocketTest, TestJoinLeaveMulticast) {
               SyscallFailsWithErrno(EAGAIN));
 }
 
+// Test that an AF_INET6 socket can set the IP_ADD_MEMBERSHIP socket option.
+TEST_P(IPv6UDPUnboundExternalNetworkingSocketTest, AddV4MembershipToV6Socket) {
+  TestAddress send_addr = V4Multicast();
+  sockaddr_in* send_addr_in = reinterpret_cast<sockaddr_in*>(&send_addr.addr);
+
+  // recv is an AF_INET6 socket while send is an AF_INET socket.
+  auto recv = ASSERT_NO_ERRNO_AND_VALUE(NewSocket());
+  FileDescriptor send =
+      ASSERT_NO_ERRNO_AND_VALUE(Socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP));
+
+  // Make recv join the multicast group with address `send_addr`.
+  // Note that IP_ADD_MEMBERSHIP is used instead of IPV6_ADD_MEMBERSHIP, and
+  // the group address is an IPv4 address.
+  struct ip_mreq mreq;
+  mreq.imr_multiaddr.s_addr = send_addr_in->sin_addr.s_addr;
+  mreq.imr_interface.s_addr = htonl(INADDR_ANY);
+  ASSERT_THAT(
+      setsockopt(recv->get(), SOL_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq)),
+      SyscallSucceeds());
+
+  // Bind recv to ::.
+  auto recv_addr = V6Any();
+  ASSERT_THAT(
+      bind(recv->get(), AsSockAddr(&recv_addr.addr), recv_addr.addr_len),
+      SyscallSucceeds());
+  socklen_t recv_addr_len = recv_addr.addr_len;
+  ASSERT_THAT(
+      getsockname(recv->get(), AsSockAddr(&recv_addr.addr), &recv_addr_len),
+      SyscallSucceeds());
+  EXPECT_EQ(recv_addr_len, recv_addr.addr_len);
+
+  // Send a multicast packet...
+  send_addr_in->sin_port =
+      reinterpret_cast<sockaddr_in*>(&recv_addr.addr)->sin_port;
+  char send_buf[200];
+  RandomizeBuffer(send_buf, sizeof(send_buf));
+  ASSERT_THAT(
+      RetryEINTR(sendto)(send.get(), send_buf, sizeof(send_buf), 0,
+                         AsSockAddr(&send_addr.addr), send_addr.addr_len),
+      SyscallSucceedsWithValue(sizeof(send_buf)));
+
+  // ...and check that it was received.
+  char recv_buf[sizeof(send_buf)] = {};
+  ASSERT_THAT(
+      RecvTimeout(recv->get(), recv_buf, sizeof(recv_buf), 1 /*timeout*/),
+      IsPosixErrorOkAndHolds(sizeof(recv_buf)));
+  EXPECT_EQ(0, memcmp(send_buf, recv_buf, sizeof(send_buf)));
+
+  ASSERT_THAT(
+      setsockopt(recv->get(), SOL_IP, IP_DROP_MEMBERSHIP, &mreq, sizeof(mreq)),
+      SyscallSucceeds());
+}
+
 }  // namespace testing
 }  // namespace gvisor

test/syscalls/linux/socket_ipv6_udp_unbound_external_networking.h

@@ -15,15 +15,32 @@
 #ifndef GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV6_UDP_UNBOUND_EXTERNAL_NETWORKING_H_
 #define GVISOR_TEST_SYSCALLS_LINUX_SOCKET_IPV6_UDP_UNBOUND_EXTERNAL_NETWORKING_H_
 
+#include <optional>
+#include <utility>
+
 #include "test/syscalls/linux/socket_ip_udp_unbound_external_networking.h"
 
 namespace gvisor {
 namespace testing {
 
 // Test fixture for tests that apply to unbound IPv6 UDP sockets in a sandbox
 // with external networking support.
-using IPv6UDPUnboundExternalNetworkingSocketTest =
-    IPUDPUnboundExternalNetworkingSocketTest;
+class IPv6UDPUnboundExternalNetworkingSocketTest
+    : public IPUDPUnboundExternalNetworkingSocketTest {
+ protected:
+  void SetUp() override;
+
+  int lo_if_idx() const { return std::get<0>(lo_if_.value()); }
+  int eth_if_idx() const { return std::get<0>(eth_if_.value()); }
+
+  const sockaddr_in6& lo_if_addr() const { return std::get<1>(lo_if_.value()); }
+  const sockaddr_in6& eth_if_addr() const {
+    return std::get<1>(eth_if_.value());
+  }
+
+ private:
+  std::optional<std::pair<int, sockaddr_in6>> lo_if_, eth_if_;
+};
 
 }  // namespace testing
 }  // namespace gvisor