From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH v4 12/16] icmp: Use flowsides as the source of truth wherever possible
Date: Fri, 3 May 2024 11:11:31 +1000 [thread overview]
Message-ID: <20240503011135.2924437-13-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20240503011135.2924437-1-david@gibson.dropbear.id.au>
icmp_sock_handler() obtains the guest address from it's most recently
observed IP, and the ICMP id from the epoll reference. Both of these
can be obtained readily from the flow.
icmp_tap_handler() builds its socket address for sendto() directly
from the destination address supplied by the incoming tap packet.
This can instead be generated from the flow.
struct icmp_ping_flow contains a field for the ICMP id of the ping, but
this is now redundant, since the id is also stored as the "port" in the
common flowsides.
Using the flowsides as the common source of truth here prepares us for
allowing more flexible NAT and forwarding by properly initialising
that flowside information.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
icmp.c | 37 ++++++++++++++++++++++---------------
icmp_flow.h | 1 -
tap.c | 11 -----------
tap.h | 1 -
4 files changed, 22 insertions(+), 28 deletions(-)
diff --git a/icmp.c b/icmp.c
index c000175..e29416f 100644
--- a/icmp.c
+++ b/icmp.c
@@ -62,6 +62,7 @@ static struct icmp_ping_flow *icmp_id_map[IP_VERSIONS][ICMP_NUM_IDS];
void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
{
struct icmp_ping_flow *pingf = PINGF(ref.flowside.flow);
+ const struct flowside *tapside = &pingf->f.side[TAPSIDE];
union sockaddr_inany sr;
socklen_t sl = sizeof(sr);
char buf[USHRT_MAX];
@@ -87,7 +88,7 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
goto unexpected;
/* Adjust packet back to guest-side ID */
- ih4->un.echo.id = htons(pingf->id);
+ ih4->un.echo.id = htons(tapside->eport);
seq = ntohs(ih4->un.echo.sequence);
} else if (pingf->f.type == FLOW_PING6) {
struct icmp6hdr *ih6 = (struct icmp6hdr *)buf;
@@ -97,7 +98,7 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
goto unexpected;
/* Adjust packet back to guest-side ID */
- ih6->icmp6_identifier = htons(pingf->id);
+ ih6->icmp6_identifier = htons(tapside->eport);
seq = ntohs(ih6->icmp6_sequence);
} else {
ASSERT(0);
@@ -112,13 +113,20 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
}
flow_dbg(pingf, "echo reply to tap, ID: %"PRIu16", seq: %"PRIu16,
- pingf->id, seq);
+ tapside->eport, seq);
- if (pingf->f.type == FLOW_PING4)
- tap_icmp4_send(c, sr.sa4.sin_addr, tap_ip4_daddr(c), buf, n);
- else if (pingf->f.type == FLOW_PING6)
- tap_icmp6_send(c, &sr.sa6.sin6_addr,
- tap_ip6_daddr(c, &sr.sa6.sin6_addr), buf, n);
+ if (pingf->f.type == FLOW_PING4) {
+ const struct in_addr *saddr = inany_v4(&tapside->faddr);
+ const struct in_addr *daddr = inany_v4(&tapside->eaddr);
+
+ ASSERT(saddr && daddr); /* Must have IPv4 addresses */
+ tap_icmp4_send(c, *saddr, *daddr, buf, n);
+ } else if (pingf->f.type == FLOW_PING6) {
+ const struct in6_addr *saddr = &tapside->faddr.a6;
+ const struct in6_addr *daddr = &tapside->eaddr.a6;
+
+ tap_icmp6_send(c, saddr, daddr, buf, n);
+ }
return;
unexpected:
@@ -133,7 +141,7 @@ unexpected:
static void icmp_ping_close(const struct ctx *c,
const struct icmp_ping_flow *pingf)
{
- uint16_t id = pingf->id;
+ uint16_t id = pingf->f.side[TAPSIDE].eport;
epoll_ctl(c->epollfd, EPOLL_CTL_DEL, pingf->sock, NULL);
close(pingf->sock);
@@ -180,7 +188,6 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
pingf = FLOW_START(flow, flowtype, ping, TAPSIDE);
pingf->seq = -1;
- pingf->id = id;
if (af == AF_INET) {
bind_addr = &c->ip4.addr_out;
@@ -231,11 +238,12 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af,
const void *saddr, const void *daddr,
const struct pool *p, const struct timespec *now)
{
- union sockaddr_inany sa = { .sa_family = af };
- const socklen_t sl = af == AF_INET ? sizeof(sa.sa4) : sizeof(sa.sa6);
struct icmp_ping_flow *pingf, **id_sock;
+ const struct flowside *sockside;
+ union sockaddr_inany sa;
size_t dlen, l4len;
uint16_t id, seq;
+ socklen_t sl;
void *pkt;
ASSERT(pif == PIF_TAP);
@@ -255,7 +263,6 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af,
id = ntohs(ih->un.echo.id);
id_sock = &icmp_id_map[V4][id];
seq = ntohs(ih->un.echo.sequence);
- sa.sa4.sin_addr = *(struct in_addr *)daddr;
} else if (af == AF_INET6) {
const struct icmp6hdr *ih;
@@ -271,8 +278,6 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af,
id = ntohs(ih->icmp6_identifier);
id_sock = &icmp_id_map[V6][id];
seq = ntohs(ih->icmp6_sequence);
- sa.sa6.sin6_addr = *(struct in6_addr *)daddr;
- sa.sa6.sin6_scope_id = c->ifi6;
} else {
ASSERT(0);
}
@@ -282,8 +287,10 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af,
pif, saddr, daddr)))
return 1;
+ sockside = &pingf->f.side[SOCKSIDE];
pingf->ts = now->tv_sec;
+ sockaddr_from_inany(&sa, &sl, &sockside->eaddr, 0, c->ifi6);
if (sendto(pingf->sock, pkt, l4len, MSG_NOSIGNAL, &sa.sa, sl) < 0) {
flow_dbg(pingf, "failed to relay request to socket: %s",
strerror(errno));
diff --git a/icmp_flow.h b/icmp_flow.h
index 5a2eed9..f053211 100644
--- a/icmp_flow.h
+++ b/icmp_flow.h
@@ -22,7 +22,6 @@ struct icmp_ping_flow {
int seq;
int sock;
time_t ts;
- uint16_t id;
};
bool icmp_ping_timer(const struct ctx *c, union flow *flow,
diff --git a/tap.c b/tap.c
index 91fd2e2..052f6f0 100644
--- a/tap.c
+++ b/tap.c
@@ -90,17 +90,6 @@ void tap_send_single(const struct ctx *c, const void *data, size_t l2len)
tap_send_frames(c, iov, iovcnt, 1);
}
-/**
- * tap_ip4_daddr() - Normal IPv4 destination address for inbound packets
- * @c: Execution context
- *
- * Return: IPv4 address
- */
-struct in_addr tap_ip4_daddr(const struct ctx *c)
-{
- return c->ip4.addr_seen;
-}
-
/**
* tap_ip6_daddr() - Normal IPv6 destination address for inbound packets
* @c: Execution context
diff --git a/tap.h b/tap.h
index d146d2f..a4981a6 100644
--- a/tap.h
+++ b/tap.h
@@ -43,7 +43,6 @@ static inline void tap_hdr_update(struct tap_hdr *thdr, size_t l2len)
thdr->vnet_len = htonl(l2len);
}
-struct in_addr tap_ip4_daddr(const struct ctx *c);
void tap_udp4_send(const struct ctx *c, struct in_addr src, in_port_t sport,
struct in_addr dst, in_port_t dport,
const void *in, size_t dlen);
--
@@ -43,7 +43,6 @@ static inline void tap_hdr_update(struct tap_hdr *thdr, size_t l2len)
thdr->vnet_len = htonl(l2len);
}
-struct in_addr tap_ip4_daddr(const struct ctx *c);
void tap_udp4_send(const struct ctx *c, struct in_addr src, in_port_t sport,
struct in_addr dst, in_port_t dport,
const void *in, size_t dlen);
--
2.44.0
next prev parent reply other threads:[~2024-05-03 1:11 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-03 1:11 [PATCH v4 00/16] RFC: Unified flow table David Gibson
2024-05-03 1:11 ` [PATCH v4 01/16] flow: Common data structures for tracking flow addresses David Gibson
2024-05-13 18:07 ` Stefano Brivio
2024-05-14 0:11 ` David Gibson
2024-05-03 1:11 ` [PATCH v4 02/16] tcp: Maintain flowside information for "tap" connections David Gibson
2024-05-13 18:07 ` Stefano Brivio
2024-05-14 0:15 ` David Gibson
2024-05-03 1:11 ` [PATCH v4 03/16] tcp_splice: Maintain flowside information for spliced connections David Gibson
2024-05-03 1:11 ` [PATCH v4 04/16] tcp: Obtain guest address from flowside David Gibson
2024-05-13 18:07 ` Stefano Brivio
2024-05-14 0:18 ` David Gibson
2024-05-03 1:11 ` [PATCH v4 05/16] tcp: Simplify endpoint validation using flowside information David Gibson
2024-05-03 1:11 ` [PATCH v4 06/16] tcp, tcp_splice: Construct sockaddrs for connect() from flowside David Gibson
2024-05-03 1:11 ` [PATCH v4 07/16] tcp_splice: Eliminate SPLICE_V6 flag David Gibson
2024-05-03 1:11 ` [PATCH v4 08/16] tcp, flow: Replace TCP specific hash function with general flow hash David Gibson
2024-05-03 1:11 ` [PATCH v4 09/16] flow, tcp: Generalise TCP hash table to general flow hash table David Gibson
2024-05-03 1:11 ` [PATCH v4 10/16] tcp: Re-use flow hash for initial sequence number generation David Gibson
2024-05-03 1:11 ` [PATCH v4 11/16] icmp: Populate flowside information David Gibson
2024-05-03 1:11 ` David Gibson [this message]
2024-05-03 1:11 ` [PATCH v4 13/16] icmp: Look up ping flows using flow hash David Gibson
2024-05-03 1:11 ` [PATCH v4 14/16] icmp: Eliminate icmp_id_map David Gibson
2024-05-03 1:11 ` [PATCH v4 15/16] flow, tcp: flow based NAT and port forwarding for TCP David Gibson
2024-05-03 1:11 ` [PATCH v4 16/16] flow, icmp: Use general flow forwarding rules for ICMP David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240503011135.2924437-13-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).