From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 126555A026E for ; Fri, 4 Nov 2022 09:43:45 +0100 (CET) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4N3Z0W2znwz4xx3; Fri, 4 Nov 2022 19:43:39 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1667551419; bh=75T1YKHzFVmhTtRQz6AIb821MuoNwresQczGeyshDLI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lCVRH1MLzMOMIXI8Vwk0uF6+IRlDPagf9pUZDz8bW4nwKqeYRUDuayso+4uLSlAF8 IlynFSbJYP+rq/oSHEMQMBPbY+zD4h+6v/3PAxmCTw3oSAlIKGDikg9FhlIhrzIKoF ZLTz2kEUp+nalftjkBvihl3t779HbZ91kZF/OROI= From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH 08/10] tcp: Unify initial sequence numbers for IPv4 and IPv6 Date: Fri, 4 Nov 2022 19:43:31 +1100 Message-Id: <20221104084333.3761760-9-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221104084333.3761760-1-david@gibson.dropbear.id.au> References: <20221104084333.3761760-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: U4RB2MCKK66RRJHCQ65A56AGO3FNOFAX X-Message-ID-Hash: U4RB2MCKK66RRJHCQ65A56AGO3FNOFAX X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt Archived-At: <> Archived-At: List-Archive: <> List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: tcp_seq_init() has separate paths for IPv4 and IPv6 addresses. Convert it to convert IPv4 addresses to IPv4-mapped IPv6 addresses then compute the siphash as for IPv6. This is slightly simpler, and means that "true" IPv4 connections and "IPv6" connections using mapped addresses will have compatible sequence numbers. This will allow additional improvements in future. Signed-off-by: David Gibson --- siphash.c | 1 + tcp.c | 46 +++++++++++++++++++--------------------------- 2 files changed, 20 insertions(+), 27 deletions(-) diff --git a/siphash.c b/siphash.c index 516a508..811918b 100644 --- a/siphash.c +++ b/siphash.c @@ -123,6 +123,7 @@ uint64_t siphash_8b(const uint8_t *in, const uint64_t *k) * * Return: 32 bits obtained by XORing the two halves of the 64-bit hash output */ +/* cppcheck-suppress unusedFunction */ uint32_t siphash_12b(const uint8_t *in, const uint64_t *k) { uint32_t *in32 = (uint32_t *)in; diff --git a/tcp.c b/tcp.c index 6634abb..b9d0510 100644 --- a/tcp.c +++ b/tcp.c @@ -2011,38 +2011,30 @@ static uint32_t tcp_seq_init(const struct ctx *c, int af, const void *addr, in_port_t dstport, in_port_t srcport, const struct timespec *now) { + struct { + struct in6_addr src; + in_port_t srcport; + struct in6_addr dst; + in_port_t dstport; + } __attribute__((__packed__)) in = { + .srcport = srcport, + .dstport = dstport, + }; uint32_t ns, seq = 0; if (af == AF_INET) { - struct { - struct in_addr src; - in_port_t srcport; - struct in_addr dst; - in_port_t dstport; - } __attribute__((__packed__)) in = { - .src = *(struct in_addr *)addr, - .srcport = srcport, - .dst = c->ip4.addr, - .dstport = dstport, - }; - - seq = siphash_12b((uint8_t *)&in, c->tcp.hash_secret); - } else if (af == AF_INET6) { - struct { - struct in6_addr src; - in_port_t srcport; - struct in6_addr dst; - in_port_t dstport; - } __attribute__((__packed__)) in = { - .src = *(struct in6_addr *)addr, - .srcport = srcport, - .dst = c->ip6.addr, - .dstport = dstport, - }; - - seq = siphash_36b((uint8_t *)&in, c->tcp.hash_secret); + struct in6_addr tmp; + encode_ip4mapped_ip6(&tmp, addr); + in.src = tmp; + encode_ip4mapped_ip6(&tmp, &c->ip4.addr); + in.dst = tmp; + } else { + in.src = *(struct in6_addr *)addr; + in.dst = c->ip6.addr; } + seq = siphash_36b((uint8_t *)&in, c->tcp.hash_secret); + ns = now->tv_sec * 1E9; ns += now->tv_nsec >> 5; /* 32ns ticks, overflows 32 bits every 137s */ -- 2.38.1