From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id E3B6F5A005E for ; Tue, 22 Nov 2022 04:44:11 +0100 (CET) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4NGVVX1MnKz4xNC; Tue, 22 Nov 2022 14:44:04 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1669088644; bh=ymdjGx80XCVMS2K1kwq40dhMxmww65iraZs0PHSo1ts=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aB3VK+mTPBfYn7Sj5H5iuW8jLARbnG1SP5h5RngAmeNRDJOeV/FwX0o0UTDM88lYi 8bZrwEZnXUljTU5ki7dqMYvjg0YLyUnz09UUxP+FNmz1Q98G32N1iw4uymmNreGN8z FUrQbq1ko1VQjA0rSDqJZKRFEDYbft1xRhVG3XOw= From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH 10/11] udp: Update UDP "connection" timestamps in both directions Date: Tue, 22 Nov 2022 14:44:01 +1100 Message-Id: <20221122034402.1517544-11-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221122034402.1517544-1-david@gibson.dropbear.id.au> References: <20221122034402.1517544-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: TX2Y5CLUCU67N2AE7UESDCYNRPRTOLZ4 X-Message-ID-Hash: TX2Y5CLUCU67N2AE7UESDCYNRPRTOLZ4 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: A UDP pseudo-connection between port A in the init namespace and port B in the pasta guest namespace involves two sockets: udp_splice_init[v6][B] and udp_splice_ns[v6][A]. The socket which originated this "connection" will be permanent but the other one will be closed on a timeout. When we get a packet from the originating socket, we update the timeout on the other socket, but we don't do the same when we get a reply packet from the other socket. However any activity on the "connection" probably indicates that it's still in use. Without this we could incorrectly time out a "connection" if it's using a protocol which involves a single initiating packet, but which then gets continuing replies from the target. Correct this by updating the timeout on both sockets for a packet in either direction. This also updates the timestamps for the permanent originating sockets which is unnecessary, but harmless. Signed-off-by: David Gibson --- udp.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/udp.c b/udp.c index 14e8ff2..206e9d3 100644 --- a/udp.c +++ b/udp.c @@ -55,12 +55,15 @@ * - bind in namespace to 127.0.0.1:5000 * - add to epoll with reference: index = 5000, splice = 1, orig = 0, * ns = 1 - * - update udp_splice_ns[V4][5000].ts with current time + * - update udp_splice_init[V4][80].ts and udp_splice_ns[V4][5000].ts with + * current time * * - reverse direction: 127.0.0.1:80 -> 127.0.0.1:5000 in namespace socket s, * having epoll reference: index = 5000, splice = 1, orig = 0, ns = 1 * - if udp_splice_init[V4][80].sock: * - send to udp_splice_init[V4][80].sock, with destination port 5000 + * - update udp_splice_init[V4][80].ts and udp_splice_ns[V4][5000].ts with + * current time * - otherwise, discard * * - from namespace to init: @@ -75,12 +78,15 @@ * - bind in init to 127.0.0.1:2000 * - add to epoll with reference: index = 2000, splice = 1, orig = 0, * ns = 0 - * - update udp_splice_init[V4][2000].ts with current time + * - update udp_splice_ns[V4][22].ts and udp_splice_init[V4][2000].ts with + * current time * * - reverse direction: 127.0.0.1:22 -> 127.0.0.1:2000 in init from socket s, * having epoll reference: index = 2000, splice = 1, orig = 0, ns = 0 * - if udp_splice_ns[V4][22].sock: * - send to udp_splice_ns[V4][22].sock, with destination port 2000 + * - update udp_splice_ns[V4][22].ts and udp_splice_init[V4][2000].ts with + * current time * - otherwise, discard */ @@ -540,12 +546,16 @@ static void udp_sock_handler_splice(const struct ctx *c, union epoll_ref ref, return; } + udp_splice_init[v6][dst].ts = now->tv_sec; udp_splice_ns[v6][src].ts = now->tv_sec; } else if (!ref.r.p.udp.udp.orig && ref.r.p.udp.udp.ns) { src += c->udp.fwd_in.rdelta[src]; if (!(s = udp_splice_init[v6][src].sock)) return; + + udp_splice_ns[v6][dst].ts = now->tv_sec; + udp_splice_init[v6][src].ts = now->tv_sec; } else if (ref.r.p.udp.udp.orig && ref.r.p.udp.udp.ns) { src += c->udp.fwd_in.rdelta[src]; @@ -554,12 +564,17 @@ static void udp_sock_handler_splice(const struct ctx *c, union epoll_ref ref, if (s < 0) return; } + + udp_splice_ns[v6][dst].ts = now->tv_sec; udp_splice_init[v6][src].ts = now->tv_sec; } else if (!ref.r.p.udp.udp.orig && !ref.r.p.udp.udp.ns) { src += c->udp.fwd_out.rdelta[src]; if (!(s = udp_splice_ns[v6][src].sock)) return; + + udp_splice_init[v6][dst].ts = now->tv_sec; + udp_splice_ns[v6][src].ts = now->tv_sec; } else { return; } -- 2.38.1