From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id D1A715A0323 for ; Fri, 05 Jul 2024 04:07:45 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1720145251; bh=gbV9lSCixI29uHD5SmXILt8OKIWB0x6C1HxixGLy91Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l47jOT38liMihDP+doui1pWkaXDviZTuVq/6g8UE2G9npxTrs9kEVltC3iWLdPGbS avnzvWPqD7A9wexEDlVs4993iUcXGHNs+EBw/TWC+z2sV85syWXnnjKV3OsnvXQ49+ 9/Vz3AXz1jvd8XofZS39pnEmyiIJsmWBLu7/0Bngialq2MkySMiVZSzvH3otrhQYaN Mzpuj2D1khqj/BlsI8Chld6OKimOXHl1s4AxLPDpnyWdMIVq97TqY+3tFN7YmBDUqK IcaI9Xd5NXgEjD2TEGbFqXHhQHfiLFGwlT7pL0UvLG/rRJX0/TPFbEjDu+Hjf2UNl4 vp9ZAJGX3Wn0g== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4WFcNM1WkZz4xPd; Fri, 5 Jul 2024 12:07:31 +1000 (AEST) From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH v7 18/27] flow, icmp: Use general flow forwarding rules for ICMP Date: Fri, 5 Jul 2024 12:07:15 +1000 Message-ID: <20240705020724.3447719-19-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240705020724.3447719-1-david@gibson.dropbear.id.au> References: <20240705020724.3447719-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: GRLVBQTI24OEWUAZPCKBLDCWRVUG7ZFG X-Message-ID-Hash: GRLVBQTI24OEWUAZPCKBLDCWRVUG7ZFG X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: jmaloy@redhat.com, David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Current ICMP hard codes its forwarding rules, and never applies any translations. Change it to use the flow_target() function, so that it's translated the same as TCP (excluding TCP specific port redirection). This means that gw mapping now applies to ICMP so "ping " will now ping the host's loopback instead of the actual gw machine. This removes the surprising behaviour that the target you ping might not be the same as you connect to with TCP. This removes the last user of flow_target_af(), so that's removed as well. Signed-off-by: David Gibson --- flow.c | 32 -------------------------------- icmp.c | 16 ++++++++++------ 2 files changed, 10 insertions(+), 38 deletions(-) diff --git a/flow.c b/flow.c index c638fc18..218033ae 100644 --- a/flow.c +++ b/flow.c @@ -368,38 +368,6 @@ const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif, return ini; } -/** - * flow_target_af() - Move flow to TGT, setting TGTSIDE details - * @flow: Flow to change state - * @pif: pif of the target side - * @af: Address family for @eaddr and @faddr - * @saddr: Source address (pointer to in_addr or in6_addr) - * @sport: Endpoint port - * @daddr: Destination address (pointer to in_addr or in6_addr) - * @dport: Destination port - * - * Return: pointer to the target flowside information - */ -const struct flowside *flow_target_af(union flow *flow, uint8_t pif, - sa_family_t af, - const void *saddr, in_port_t sport, - const void *daddr, in_port_t dport) -{ - struct flow_common *f = &flow->f; - struct flowside *tgt = &f->side[TGTSIDE]; - - ASSERT(pif != PIF_NONE); - ASSERT(flow_new_entry == flow && f->state == FLOW_STATE_INI); - ASSERT(f->type == FLOW_TYPE_NONE); - ASSERT(f->pif[INISIDE] != PIF_NONE && f->pif[TGTSIDE] == PIF_NONE); - - flowside_from_af(tgt, af, daddr, dport, saddr, sport); - f->pif[TGTSIDE] = pif; - flow_set_state(f, FLOW_STATE_TGT); - return tgt; -} - - /** * flow_target() - Determine where flow should forward to, and move to TGT * @c: Execution context diff --git a/icmp.c b/icmp.c index 29a66e6f..4158a3fe 100644 --- a/icmp.c +++ b/icmp.c @@ -153,24 +153,28 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c, sa_family_t af, uint16_t id, const void *saddr, const void *daddr) { + uint8_t proto = af == AF_INET ? IPPROTO_ICMP : IPPROTO_ICMPV6; uint8_t flowtype = af == AF_INET ? FLOW_PING4 : FLOW_PING6; union epoll_ref ref = { .type = EPOLL_TYPE_PING }; union flow *flow = flow_alloc(); struct icmp_ping_flow *pingf; const struct flowside *tgt; - const void *bind_addr; if (!flow) return NULL; flow_initiate_af(flow, PIF_TAP, af, saddr, id, daddr, id); + if (!(tgt = flow_target(c, flow, proto))) + goto cancel; - if (af == AF_INET) - bind_addr = &c->ip4.addr_out; - else if (af == AF_INET6) - bind_addr = &c->ip6.addr_out; + if (flow->f.pif[TGTSIDE] != PIF_HOST) { + flow_err(flow, "No support for forwarding %s from %s to %s", + proto == IPPROTO_ICMP ? "ICMP" : "ICMPv6", + pif_name(flow->f.pif[INISIDE]), + pif_name(flow->f.pif[TGTSIDE])); + goto cancel; + } - tgt = flow_target_af(flow, PIF_HOST, af, bind_addr, 0, daddr, 0); pingf = FLOW_SET_TYPE(flow, flowtype, ping); pingf->seq = -1; -- 2.45.2