From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id AB7045A02D4
	for <passt-dev@passt.top>; Tue, 14 May 2024 03:03:51 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1715648622;
	bh=j3HC+wAMhTHDdivwwZrTIsze6ZdebUaNEpcj7zzS2eg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=rPQVkSUyZN3wjqw+Ne5XadU4Zi+Auim/5JMj5ww831b+oPpoCKR2NF+YovdaJYb16
	 s/ZRrP4LTzlB9ODFNNtWas5XjHwj3Z92k2C7aDkGjDFvoGp/vkjRoclW0Js2hSf92t
	 12FsmDKo+IIvSJ88+ip85Brvp+azPV7EtrmpaWDT+/oDuW6aiGH4Gw9tdR88//pUML
	 KT59gmaVbQHrqF84Jz9sGojJgQLiGBlK/FgPisq0ykXPHHc6u8CvOkYpDqnAtnWIEp
	 PikZYSqm/iczV9BVL7XA9CX8c7WtsTxvwrKsquwA8tATqjWlRG773W1wZGS72YrsRZ
	 vUzJCtvlbKKPQ==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4VddQk1mq5z4x1c; Tue, 14 May 2024 11:03:42 +1000 (AEST)
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>,
	passt-dev@passt.top
Subject: [PATCH v5 19/19] flow, icmp: Use general flow forwarding rules for ICMP
Date: Tue, 14 May 2024 11:03:37 +1000
Message-ID: <20240514010337.1104606-20-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.45.0
In-Reply-To: <20240514010337.1104606-1-david@gibson.dropbear.id.au>
References: <20240514010337.1104606-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: ZSSCKAAWMP2A74L4OXUQSOVPJBQPRR3Y
X-Message-ID-Hash: ZSSCKAAWMP2A74L4OXUQSOVPJBQPRR3Y
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20240514010337.1104606-20-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/ZSSCKAAWMP2A74L4OXUQSOVPJBQPRR3Y/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Current ICMP hard codes its forwarding rules, and never applies any
translations.  Change it to use the flow_forward() function, so that
it's translated the same as TCP (excluding TCP specific port
redirection).

This means that gw mapping now applies to ICMP so "ping <gw address>" will
now ping the host's loopback instead of the actual gw machine.  This
removes the surprising behaviour that the target you ping might not be the
same as you connect to with TCP.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 flow.c |  1 +
 icmp.c | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/flow.c b/flow.c
index a6afe39..b43a079 100644
--- a/flow.c
+++ b/flow.c
@@ -285,6 +285,7 @@ const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif,
  *
  * Return: pointer to the forwarded flowside information
  */
+/* cppcheck-suppress unusedFunction */
 const struct flowside *flow_forward_af(union flow *flow, uint8_t pif,
 				       sa_family_t af,
 				       const void *saddr, in_port_t sport,
diff --git a/icmp.c b/icmp.c
index 0112fd9..6310178 100644
--- a/icmp.c
+++ b/icmp.c
@@ -153,6 +153,7 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
 					    sa_family_t af, uint16_t id,
 					    const void *saddr, const void *daddr)
 {
+	uint8_t proto = af == AF_INET ? IPPROTO_ICMP : IPPROTO_ICMPV6;
 	uint8_t flowtype = af == AF_INET ? FLOW_PING4 : FLOW_PING6;
 	union epoll_ref ref = { .type = EPOLL_TYPE_PING };
 	union flow *flow = flow_alloc();
@@ -163,9 +164,18 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
 	if (!flow)
 		return NULL;
 
-
 	flow_initiate_af(flow, PIF_TAP, af, saddr, id, daddr, id);
-	flow_forward_af(flow, PIF_HOST,	af, NULL, 0, daddr, 0);
+	if (!flow_forward(c, flow, proto))
+		goto cancel;
+
+	if (flow->f.pif[FWDSIDE] != PIF_HOST) {
+		flow_err(flow, "No support for forwarding %s from %s to %s",
+			 proto == IPPROTO_ICMP ? "ICMP" : "ICMPv6",
+			 pif_name(flow->f.pif[INISIDE]),
+			 pif_name(flow->f.pif[FWDSIDE]));
+		goto cancel;
+	}
+
 	pingf = FLOW_SET_TYPE(flow, flowtype, ping);
 
 	pingf->seq = -1;
-- 
2.45.0