From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTP id 22FE95A02C7
	for <passt-dev@passt.top>; Mon, 13 May 2024 20:14:02 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1715624041;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=JUcpFi7Bl7tCETl1ooFsPUccnQ6qYGsepDMndMEy7Wg=;
	b=Em+9Tu79xJ2TIpHnLwT1eukGRdLDwBJ91+1J/Kzy5Fud4viSsBZC/VBrDa7O4LasIeefl9
	QlrEcAN8b4C0Npu6ZcuY24ewHb0um6Btasedlb8pLi3Z+5JOcsP0LZjKKTqQjgHjJ7htxi
	uQ1OxdCSvWE/To581tntQ1zjz4jwUSA=
Received: from mail-ej1-f72.google.com (mail-ej1-f72.google.com
 [209.85.218.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-381-5j1kFvxyOver1iWC88M2xA-1; Mon, 13 May 2024 14:07:38 -0400
X-MC-Unique: 5j1kFvxyOver1iWC88M2xA-1
Received: by mail-ej1-f72.google.com with SMTP id a640c23a62f3a-a59eea00cafso334073066b.1
        for <passt-dev@passt.top>; Mon, 13 May 2024 11:07:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715623655; x=1716228455;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=JUcpFi7Bl7tCETl1ooFsPUccnQ6qYGsepDMndMEy7Wg=;
        b=pVSt29RrXEKdryKXptUQxSifVYkqVbCY7xmZNaY9eh+0hd9vXtW3r8yjlTM7SXi6oD
         t8zAYHyiA0gXwZezp8JKkxXV7PWk+ojzCwE+XJlt65DMxTxQ69Uikq/It44IV4BiEzIa
         uFP2/dlirLWMoadHfmcG1s1JfGhr6t/P5OGQltSrBqv4eOkhmmpzSGFFz8qD3NTUIN94
         T+FLz2sJVhlGdwva03RxtIfHjCVXi1DtThCUbcY2v0sq6JMwQduAqcP5fqpVIPEHYw+y
         JYGsAzzdRAz1e/EaRN7WRFRAY5ORwHHDic/Fxn8oSMkUj6CGvOXkCYRsVxcS4TIhvQ3u
         kiTg==
X-Gm-Message-State: AOJu0Yxxs3Sl/rno8ZlfgbSsmJlHQqQe6X5pYQNNyuQEq4+9MSWUntUI
	LOGTudWy4ULs3lCxNtRYH8gPgFGTQMqttREtv8RS1igq1iFCV9O9nfw+qRhKrath+5+6SHm9DE7
	tAMi+y8kYyp0HsbUyoff9GXbcJRMc47lbPyy42bJaDMZRFWWZtkDg4s8q2Av+
X-Received: by 2002:a17:907:9490:b0:a59:9a68:7260 with SMTP id a640c23a62f3a-a5a2d65f2eamr1317291166b.62.1715623655418;
        Mon, 13 May 2024 11:07:35 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IEZo7Zszyqm3w/cStnrQEGjmQyH9rdMy/bO0zymzivlGPcPVAhU+rpPcFNiLzTgwxuNWFp2cg==
X-Received: by 2002:a17:907:9490:b0:a59:9a68:7260 with SMTP id a640c23a62f3a-a5a2d65f2eamr1317289566b.62.1715623654822;
        Mon, 13 May 2024 11:07:34 -0700 (PDT)
Received: from maya.cloud.tilaa.com (maya.cloud.tilaa.com. [164.138.29.33])
        by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a5a17b01451sm631404166b.149.2024.05.13.11.07.34
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 13 May 2024 11:07:34 -0700 (PDT)
Date: Mon, 13 May 2024 20:07:00 +0200
From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH v4 01/16] flow: Common data structures for tracking flow
 addresses
Message-ID: <20240513200700.07fb2518@elisabeth>
In-Reply-To: <20240503011135.2924437-2-david@gibson.dropbear.id.au>
References: <20240503011135.2924437-1-david@gibson.dropbear.id.au>
	<20240503011135.2924437-2-david@gibson.dropbear.id.au>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.36; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: Z2ER2UPOMKK7OSYAFEG3AK4K554EE4UW
X-Message-ID-Hash: Z2ER2UPOMKK7OSYAFEG3AK4K554EE4UW
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20240513200700.07fb2518@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/Z2ER2UPOMKK7OSYAFEG3AK4K554EE4UW/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Minor comments/nits only:

On Fri,  3 May 2024 11:11:20 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:

> Handling of each protocol needs some degree of tracking of the addresses
> and ports at the end of each connection or flow.  Sometimes that's explicit
> (as in the guest visible addresses for TCP connections), sometimes implicit
> (the bound and connected addresses of sockets).
> 
> To allow more general and robust handling, and more consistency across
> protocols we want to uniformly track the address and port at each end of
> the connection.  Furthermore, because we allow port remapping, and we
> sometimes need to apply NAT, the addresses and ports can be different as
> seen by the guest/namespace and as by the host.
> 
> Introduce 'struct flowside' to keep track of common information
> related to one side of each flow.  For now that's the addresses, ports
> and the pif id.  Store two of these in the common fields of a flow to
> track that information for both sides.  For now we just introduce the
> structure itself, helpers to populate it, and logging of the contents
> when starting and ending flows.  Later patches will actually put
> something useful there.
> 
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
>  flow.c     | 28 ++++++++++++++++++--
>  flow.h     | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  passt.h    |  3 +++
>  pif.h      |  1 -
>  tcp_conn.h |  1 -
>  5 files changed, 104 insertions(+), 4 deletions(-)
> 
> diff --git a/flow.c b/flow.c
> index 80dd269..02d6008 100644
> --- a/flow.c
> +++ b/flow.c
> @@ -51,10 +51,11 @@ static_assert(ARRAY_SIZE(flow_proto) == FLOW_NUM_TYPES,
>   *
>   *    ALLOC - A tentatively allocated entry
>   *        Operations:
> + *            - Common flow fields other than type may be accessed
>   *            - flow_alloc_cancel() returns the entry to FREE state
>   *            - FLOW_START() set the entry's type and moves to START state
>   *        Caveats:
> - *            - It's not safe to write fields in the flow entry
> + *            - It's not safe to write flow type specific fields in the entry
>   *            - It's not safe to allocate further entries with flow_alloc()
>   *            - It's not safe to return to the main epoll loop (use FLOW_START()
>   *              to move to START state before doing so)
> @@ -62,6 +63,7 @@ static_assert(ARRAY_SIZE(flow_proto) == FLOW_NUM_TYPES,
>   *
>   *    START - An entry being prepared by flow type specific code
>   *        Operations:
> + *            - Common flow fields other than type may be accessed
>   *            - Flow type specific fields may be accessed
>   *            - flow_*() logging functions
>   *            - flow_alloc_cancel() returns the entry to FREE state
> @@ -168,9 +170,21 @@ void flow_log_(const struct flow_common *f, int pri, const char *fmt, ...)
>  union flow *flow_start(union flow *flow, enum flow_type type,
>  		       unsigned iniside)
>  {
> -	(void)iniside;
> +	char ebuf[INANY_ADDRSTRLEN], fbuf[INANY_ADDRSTRLEN];
> +	const struct flowside *a = &flow->f.side[iniside];

As long as iniside is used as a binary value (I guess it's unsigned
because you have in mind that it could eventually be extended, right?),
I think '!!iniside' would be clearer and perhaps more robust here.

> +	const struct flowside *b = &flow->f.side[!iniside];
> +
>  	flow->f.type = type;
>  	flow_dbg(flow, "START %s", flow_type_str[flow->f.type]);
> +	flow_dbg(flow, "  from side %u (%s): [%s]:%hu -> [%s]:%hu",
> +		 iniside, pif_name(a->pif),
> +		 inany_ntop(&a->eaddr, ebuf, sizeof(ebuf)), a->eport,
> +		 inany_ntop(&a->faddr, fbuf, sizeof(fbuf)), a->fport);
> +	flow_dbg(flow, "    to side %u (%s): [%s]:%hu -> [%s]:%hu",
> +		 !iniside, pif_name(b->pif),
> +		 inany_ntop(&b->faddr, fbuf, sizeof(fbuf)), b->fport,
> +		 inany_ntop(&b->eaddr, ebuf, sizeof(ebuf)), b->eport);
> +
>  	return flow;
>  }
>  
> @@ -180,10 +194,20 @@ union flow *flow_start(union flow *flow, enum flow_type type,
>   */
>  static void flow_end(union flow *flow)
>  {
> +	char ebuf[INANY_ADDRSTRLEN], fbuf[INANY_ADDRSTRLEN];
> +	const struct flowside *a = &flow->f.side[0];
> +	const struct flowside *b = &flow->f.side[1];
> +
>  	if (flow->f.type == FLOW_TYPE_NONE)
>  		return; /* Nothing to do */
>  
>  	flow_dbg(flow, "END %s", flow_type_str[flow->f.type]);
> +	flow_dbg(flow, "  side 0 (%s): [%s]:%hu <-> [%s]:%hu", pif_name(a->pif),
> +		 inany_ntop(&a->faddr, fbuf, sizeof(fbuf)), a->fport,
> +		 inany_ntop(&a->eaddr, ebuf, sizeof(ebuf)), a->eport);
> +	flow_dbg(flow, "  side 1 (%s): [%s]:%hu <-> [%s]:%hu", pif_name(b->pif),
> +		 inany_ntop(&b->faddr, fbuf, sizeof(fbuf)), b->fport,
> +		 inany_ntop(&b->eaddr, ebuf, sizeof(ebuf)), b->eport);
>  	flow->f.type = FLOW_TYPE_NONE;
>  }
>  
> diff --git a/flow.h b/flow.h
> index c943c44..f7fb537 100644
> --- a/flow.h
> +++ b/flow.h
> @@ -35,11 +35,86 @@ extern const uint8_t flow_proto[];
>  #define FLOW_PROTO(f)				\
>  	((f)->type < FLOW_NUM_TYPES ? flow_proto[(f)->type] : 0)
>  
> +/**
> + * struct flowside - Common information for one side of a flow
> + * @eaddr:	Endpoint address (remote address from passt's PoV)
> + * @faddr:	Forwarding address (local address from passt's PoV)
> + * @eport:	Endpoint port
> + * @fport:	Forwarding port
> + * @pif:	pif ID on which this side of the flow exists
> + */
> +struct flowside {
> +	union inany_addr	faddr;
> +	union inany_addr	eaddr;
> +	in_port_t		fport;
> +	in_port_t		eport;
> +	uint8_t			pif;
> +};
> +static_assert(_Alignof(struct flowside) == _Alignof(uint32_t),
> +	      "Unexpected alignment for struct flowside");

I'm too thick to understand the reason behind this assert.

> +
> +/** flowside_from_inany - Initialize flowside from inany addresses

flowside_from_inany(), it's a function.

> + * @fside:	flowside to initialize
> + * @pif:	pif id of this flowside
> + * @faddr:	Forwarding address (inany)
> + * @fport:	Forwarding port
> + * @eaddr:	Endpoint address (inany)
> + * @eport:	Endpoint port
> + */
> +/* cppcheck-suppress unusedFunction */
> +static inline void flowside_from_inany(struct flowside *fside, uint8_t pif,
> +				const union inany_addr *faddr, in_port_t fport,
> +				const union inany_addr *eaddr, in_port_t eport)
> +{
> +	fside->pif = pif;
> +	fside->faddr = *faddr;
> +	fside->eaddr = *eaddr;
> +	fside->fport = fport;
> +	fside->eport = eport;
> +}
> +
> +/** flowside_from_af - Initialize flowside from addresses

flowside_from_af()

> + * @fside:	flowside to initialize
> + * @pif:	pif id of this flowside
> + * @af:		Address family (AF_INET or AF_INET6)
> + * @faddr:	Forwarding address (pointer to in_addr or in6_addr, or NULL)
> + * @fport:	Forwarding port
> + * @eaddr:	Endpoint address (pointer to in_addr or in6_addr, or NULL)
> + * @eport:	Endpoint port
> + *
> + * If NULL is given for either address, the appropriate unspecified/any address

s/any/wildcard/ makes it a bit easier to follow, I guess.

> + * for the address family is substituted.
> + */
> +/* cppcheck-suppress unusedFunction */
> +static inline void flowside_from_af(struct flowside *fside,
> +				    uint8_t pif, sa_family_t af,
> +				    const void *faddr, in_port_t fport,
> +				    const void *eaddr, in_port_t eport)
> +{
> +	const union inany_addr *any = af == AF_INET ? &inany_any4 : &inany_any6;
> +
> +	fside->pif = pif;
> +	if (faddr)
> +		inany_from_af(&fside->faddr, af, faddr);
> +	else
> +		fside->faddr = *any;
> +	if (eaddr)
> +		inany_from_af(&fside->eaddr, af, eaddr);
> +	else
> +		fside->eaddr = *any;
> +	fside->fport = fport;
> +	fside->eport = eport;
> +}
> +
> +#define SIDES			2
> +
>  /**
>   * struct flow_common - Common fields for packet flows
> + * @side[]:	Information for each side of the flow
>   * @type:	Type of packet flow
>   */
>  struct flow_common {
> +	struct flowside	side[SIDES];
>  	uint8_t		type;
>  };
>  
> diff --git a/passt.h b/passt.h
> index bc58d64..3db0b8e 100644
> --- a/passt.h
> +++ b/passt.h
> @@ -17,6 +17,9 @@ union epoll_ref;
>  
>  #include "pif.h"
>  #include "packet.h"
> +#include "siphash.h"
> +#include "ip.h"
> +#include "inany.h"
>  #include "flow.h"
>  #include "icmp.h"
>  #include "fwd.h"
> diff --git a/pif.h b/pif.h
> index bd52936..ca85b34 100644
> --- a/pif.h
> +++ b/pif.h
> @@ -38,7 +38,6 @@ static inline const char *pif_type(enum pif_type pt)
>  		return "?";
>  }
>  
> -/* cppcheck-suppress unusedFunction */
>  static inline const char *pif_name(uint8_t pif)
>  {
>  	return pif_type(pif);
> diff --git a/tcp_conn.h b/tcp_conn.h
> index d280b22..1a07dd5 100644
> --- a/tcp_conn.h
> +++ b/tcp_conn.h
> @@ -106,7 +106,6 @@ struct tcp_tap_conn {
>  	uint32_t	seq_init_from_tap;
>  };
>  
> -#define SIDES			2
>  /**
>   * struct tcp_splice_conn - Descriptor for a spliced TCP connection
>   * @f:			Generic flow information

-- 
Stefano