[PATCH v3 03/15] tcp, flow: Maintain host side flow information

[David Gibson <david@gibson.dropbear.id.au>]

We now maintain a struct flowside describing each TCP connection as it
appears to the guest.  We don't yet store the same information for the
connections as they appear to the host.  Rather, that information is
implicit in the state of the host side socket.  For future generalisations
of flow/connection tracking, we're going to need to use this information
more heavily, so properly populate the other flowside in each flow table
entry with this information.

This does require an additional getsockname() call for each new connection.
We hope to optimise that away for at least some cases in future.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 flow.c | 41 +++++++++++++++++++++++++++++++++++++++++
 flow.h |  3 +++
 tcp.c  | 36 ++++++++++++++++++++++++++++++------
 util.h | 18 ++++++++++++++++++
 4 files changed, 92 insertions(+), 6 deletions(-)

diff --git a/flow.c b/flow.c
index 421e6b5..b9c4a18 100644
--- a/flow.c
+++ b/flow.c
@@ -8,6 +8,7 @@
 #include <stdint.h>
 #include <unistd.h>
 #include <string.h>
+#include <errno.h>
 
 #include "util.h"
 #include "passt.h"
@@ -49,6 +50,46 @@ void flow_log_(const struct flow_common *f, int pri, const char *fmt, ...)
 	logmsg(pri, "Flow %u (%s): %s", flow_idx(f), FLOW_TYPE(f), msg);
 }
 
+/** flowside_from_sock - Initialize flowside to match an existing socket
+ * @fside:	flowside to initialize
+ * @pif:	pif id of this flowside
+ * @s:		socket
+ * @fsa:	Local addr of @s as sockaddr_in or sockaddr_in6, or NULL
+ * @esa:	Remote addr of @s as sockaddr_in or sockaddr_in6, or NULL
+ *
+ * If NULL is passed for either @fsa/@esa, we use getsockname()/getpeername() to
+ * obtain the information from the @s.
+ *
+ * #syscalls getsockname getpeername
+ */
+int flowside_from_sock(struct flowside *fside, uint8_t pif, int s,
+		       const void *fsa, const void *esa)
+{
+	struct sockaddr_storage sa;
+
+	fside->pif = pif;
+
+	if (!fsa) {
+		socklen_t sl = sizeof(sa);
+		if (getsockname(s, (struct sockaddr *)&sa, &sl) < 0)
+			return -errno;
+		fsa = &sa;
+	}
+	inany_from_sockaddr(&fside->faddr, &fside->fport,
+			    (const struct sockaddr *)fsa);
+
+	if (!esa) {
+		socklen_t sl = sizeof(sa);
+		if (getpeername(s, (struct sockaddr *)&sa, &sl) < 0)
+			return -errno;
+		esa = &sa;
+	}
+	inany_from_sockaddr(&fside->eaddr, &fside->eport,
+			    (const struct sockaddr *)esa);
+
+	return 0;
+}
+
 /**
  * DOC: Theory of Operation - allocation and freeing of flow entries
  *
diff --git a/flow.h b/flow.h
index e7126e4..37885b2 100644
--- a/flow.h
+++ b/flow.h
@@ -65,6 +65,9 @@ static inline void flowside_from_af(struct flowside *fside, uint8_t pif, int af,
 	fside->eport = eport;
 }
 
+int flowside_from_sock(struct flowside *fside, uint8_t pif, int s,
+		       const void *fsa, const void *esa);
+
 /** flowside_complete - Check if flowside is fully initialized
  * @fside:	flowside to check
  */
diff --git a/tcp.c b/tcp.c
index 7ef20b1..18ab3ac 100644
--- a/tcp.c
+++ b/tcp.c
@@ -395,6 +395,7 @@ struct tcp6_l2_head {	/* For MSS6 macro: keep in sync with tcp6_l2_buf_t */
 #define OPT_TS		8
 
 #define TAPFSIDE(conn)		(&(conn)->f.side[TAPSIDE])
+#define SOCKFSIDE(conn)		(&(conn)->f.side[SOCKSIDE])
 
 #define CONN_V4(conn)		(!!inany_v4(&TAPFSIDE(conn)->faddr))
 #define CONN_V6(conn)		(!CONN_V4(conn))
@@ -2014,6 +2015,14 @@ static void tcp_conn_from_tap(struct ctx *c,
 		conn_event(c, conn, TAP_SYN_ACK_SENT);
 	}
 
+	if (flowside_from_sock(SOCKFSIDE(conn), PIF_HOST, s, NULL, sa) < 0) {
+		err("tcp: Failed to get local name for outgoing connection");
+		tcp_rst(c, conn);
+		return;
+	}
+
+	ASSERT(flowside_complete(SOCKFSIDE(conn)));
+
 	tcp_epoll_ctl(c, conn);
 	return;
 
@@ -2653,8 +2662,10 @@ static void tcp_snat_inbound(const struct ctx *c, union inany_addr *addr)
  * @s:		Accepted socket
  * @sa:		Peer socket address (from accept())
  * @now:	Current timestamp
+ *
+ * Return: true if able to create a tap connection, false otherwise
  */
-static void tcp_tap_conn_from_sock(struct ctx *c,
+static bool tcp_tap_conn_from_sock(struct ctx *c,
 				   union tcp_listen_epoll_ref ref,
 				   struct tcp_tap_conn *conn, int s,
 				   const struct sockaddr *sa,
@@ -2666,8 +2677,16 @@ static void tcp_tap_conn_from_sock(struct ctx *c,
 	conn->ws_to_tap = conn->ws_from_tap = 0;
 	conn_event(c, conn, SOCK_ACCEPTED);
 
-	TAPFSIDE(conn)->pif = PIF_HOST;
-	inany_from_sockaddr(&TAPFSIDE(conn)->faddr, &TAPFSIDE(conn)->fport, sa);
+	if (flowside_from_sock(SOCKFSIDE(conn), PIF_HOST, s, NULL, sa) < 0) {
+		err("tcp: Failed to get local name, connection dropped");
+		return false;
+	}
+
+	ASSERT(flowside_complete(SOCKFSIDE(conn)));
+
+	TAPFSIDE(conn)->pif = PIF_TAP;
+	TAPFSIDE(conn)->faddr = SOCKFSIDE(conn)->eaddr;
+	TAPFSIDE(conn)->fport = SOCKFSIDE(conn)->eport;
 	tcp_snat_inbound(c, &TAPFSIDE(conn)->faddr);
 
 	if (CONN_V4(conn)) {
@@ -2693,6 +2712,8 @@ static void tcp_tap_conn_from_sock(struct ctx *c,
 	conn_flag(c, conn, ACK_FROM_TAP_DUE);
 
 	tcp_get_sndbuf(conn);
+
+	return true;
 }
 
 /**
@@ -2721,11 +2742,14 @@ void tcp_listen_handler(struct ctx *c, union epoll_ref ref,
 				      s, (struct sockaddr *)&sa))
 		return;
 
-	tcp_tap_conn_from_sock(c, ref.tcp_listen, &flow->tcp, s,
-			       (struct sockaddr *)&sa, now);
-	return;
+	if (tcp_tap_conn_from_sock(c, ref.tcp_listen, &flow->tcp, s,
+				   (struct sockaddr *)&sa, now))
+		return;
 
 cancel:
+	/* Failed to create the connection */
+	if (s >= 0)
+		close(s);
 	flow_alloc_cancel(flow);
 }
 
diff --git a/util.h b/util.h
index d2320f8..13d7353 100644
--- a/util.h
+++ b/util.h
@@ -298,4 +298,22 @@ static inline int wrap_accept4(int sockfd, struct sockaddr *addr,
 #define accept4(s, addr, addrlen, flags) \
 	wrap_accept4((s), (addr), (addrlen), (flags))
 
+static inline int wrap_getsockname(int sockfd, struct sockaddr *addr,
+				   socklen_t *addrlen)
+{
+	sa_init(addr, addrlen);
+	return getsockname(sockfd, addr, addrlen);
+}
+#define getsockname(s, addr, addrlen)			\
+	wrap_getsockname((s), (addr), (addrlen))
+
+static inline int wrap_getpeername(int sockfd, struct sockaddr *addr,
+				   socklen_t *addrlen)
+{
+	sa_init(addr, addrlen);
+	return getpeername(sockfd, addr, addrlen);
+}
+#define getpeername(s, addr, addrlen)			\
+	wrap_getpeername((s), (addr), (addrlen))
+
 #endif /* UTIL_H */
-- 
@@ -298,4 +298,22 @@ static inline int wrap_accept4(int sockfd, struct sockaddr *addr,
 #define accept4(s, addr, addrlen, flags) \
 	wrap_accept4((s), (addr), (addrlen), (flags))
 
+static inline int wrap_getsockname(int sockfd, struct sockaddr *addr,
+				   socklen_t *addrlen)
+{
+	sa_init(addr, addrlen);
+	return getsockname(sockfd, addr, addrlen);
+}
+#define getsockname(s, addr, addrlen)			\
+	wrap_getsockname((s), (addr), (addrlen))
+
+static inline int wrap_getpeername(int sockfd, struct sockaddr *addr,
+				   socklen_t *addrlen)
+{
+	sa_init(addr, addrlen);
+	return getpeername(sockfd, addr, addrlen);
+}
+#define getpeername(s, addr, addrlen)			\
+	wrap_getpeername((s), (addr), (addrlen))
+
 #endif /* UTIL_H */
-- 
2.43.0