From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id C899F5A005C for ; Fri, 14 Jun 2024 08:14:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1718345632; bh=nK+dpV45+teQRajPxRmQK//lDPmzH171u9sngjiJtGM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AF3AJPu8YRjca2gVCBVnmAwXl9NwXYDtVvJPpjgxbJFETIbygY0fAoO0xg/PdtdDS BuitKurRMkauznvQ95aR8FSMbiv66sHV1qlSX7grMQoBe+AfWMfW4RmWis0cfkVD6X 7dpPPbWsXoYDnmkE4wHt8O6YLdlPP9jJG33CMUOPqtm8zPCu9PM1H2zutMPPtINIUX I7GIl2rUrIceqBNsUZkIwt75e2FYMqabTj6gNZCnAv1Rxj5+s+WbOfHJP48A98SjKd Us7Hlq4gyY04akoA3Xk4GjGrAUoZcV6pM1KNBwXV2Hz2m2eQ8x/HokSm0D2aKclCJ5 Nx5nxOG9yp9pg== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4W0prJ2pjPz4x12; Fri, 14 Jun 2024 16:13:52 +1000 (AEST) From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH v6 17/26] flow, icmp: Use general flow forwarding rules for ICMP Date: Fri, 14 Jun 2024 16:13:39 +1000 Message-ID: <20240614061348.3814736-18-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240614061348.3814736-1-david@gibson.dropbear.id.au> References: <20240614061348.3814736-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: QYNJX3FCQVOOMT546XKQ7GBMAFOVYZCC X-Message-ID-Hash: QYNJX3FCQVOOMT546XKQ7GBMAFOVYZCC X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: jmaloy@redhat.com, David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Current ICMP hard codes its forwarding rules, and never applies any translations. Change it to use the flow_target() function, so that it's translated the same as TCP (excluding TCP specific port redirection). This means that gw mapping now applies to ICMP so "ping " will now ping the host's loopback instead of the actual gw machine. This removes the surprising behaviour that the target you ping might not be the same as you connect to with TCP. This removes the last user of flow_target_af(), so that's removed as well. Signed-off-by: David Gibson --- flow.c | 32 -------------------------------- icmp.c | 16 ++++++++++------ 2 files changed, 10 insertions(+), 38 deletions(-) diff --git a/flow.c b/flow.c index dc600eca..cf799082 100644 --- a/flow.c +++ b/flow.c @@ -309,38 +309,6 @@ const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif, return ini; } -/** - * flow_target_af() - Move flow to TGT, setting TGTSIDE details - * @flow: Flow to change state - * @pif: pif of the target side - * @af: Address family for @eaddr and @faddr - * @saddr: Source address (pointer to in_addr or in6_addr) - * @sport: Endpoint port - * @daddr: Destination address (pointer to in_addr or in6_addr) - * @dport: Destination port - * - * Return: pointer to the target flowside information - */ -const struct flowside *flow_target_af(union flow *flow, uint8_t pif, - sa_family_t af, - const void *saddr, in_port_t sport, - const void *daddr, in_port_t dport) -{ - struct flow_common *f = &flow->f; - struct flowside *tgt = &f->side[TGTSIDE]; - - ASSERT(pif != PIF_NONE); - ASSERT(flow_new_entry == flow && f->state == FLOW_STATE_INI); - ASSERT(f->type == FLOW_TYPE_NONE); - ASSERT(f->pif[INISIDE] != PIF_NONE && f->pif[TGTSIDE] == PIF_NONE); - - flowside_from_af(tgt, af, daddr, dport, saddr, sport); - f->pif[TGTSIDE] = pif; - flow_set_state(f, FLOW_STATE_TGT); - return tgt; -} - - /** * flow_target() - Determine where flow should forward to, and move to TGT * @c: Execution context diff --git a/icmp.c b/icmp.c index cb3278e9..45d71efd 100644 --- a/icmp.c +++ b/icmp.c @@ -153,24 +153,28 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c, sa_family_t af, uint16_t id, const void *saddr, const void *daddr) { + uint8_t proto = af == AF_INET ? IPPROTO_ICMP : IPPROTO_ICMPV6; uint8_t flowtype = af == AF_INET ? FLOW_PING4 : FLOW_PING6; union epoll_ref ref = { .type = EPOLL_TYPE_PING }; union flow *flow = flow_alloc(); struct icmp_ping_flow *pingf; const struct flowside *tgt; - const void *bind_addr; if (!flow) return NULL; flow_initiate_af(flow, PIF_TAP, af, saddr, id, daddr, id); + if (!(tgt = flow_target(c, flow, proto))) + goto cancel; - if (af == AF_INET) - bind_addr = &c->ip4.addr_out; - else if (af == AF_INET6) - bind_addr = &c->ip6.addr_out; + if (flow->f.pif[TGTSIDE] != PIF_HOST) { + flow_err(flow, "No support for forwarding %s from %s to %s", + proto == IPPROTO_ICMP ? "ICMP" : "ICMPv6", + pif_name(flow->f.pif[INISIDE]), + pif_name(flow->f.pif[TGTSIDE])); + goto cancel; + } - tgt = flow_target_af(flow, PIF_HOST, af, bind_addr, 0, daddr, 0); pingf = FLOW_SET_TYPE(flow, flowtype, ping); pingf->seq = -1; -- 2.45.2