From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: passt-dev@passt.top, jmaloy@redhat.com
Subject: Re: [PATCH v7 02/27] flow: Common address information for target side
Date: Wed, 10 Jul 2024 23:30:38 +0200 [thread overview]
Message-ID: <20240710233038.6275c284@elisabeth> (raw)
In-Reply-To: <20240705020724.3447719-3-david@gibson.dropbear.id.au>
Two minor details:
On Fri, 5 Jul 2024 12:06:59 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:
> Require the address and port information for the target (non
> initiating) side to be populated when a flow enters TGT state.
> Implement that for TCP and ICMP. For now this leaves some information
> redundantly recorded in both generic and type specific fields. We'll
> fix that in later patches.
>
> For TCP we now use the information from the flow to construct the
> destination socket address in both tcp_conn_from_tap() and
> tcp_splice_connect().
>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> flow.c | 38 ++++++++++++++++++------
> flow_table.h | 5 +++-
> icmp.c | 3 +-
> inany.h | 1 -
> pif.c | 45 ++++++++++++++++++++++++++++
> pif.h | 17 +++++++++++
> tcp.c | 82 ++++++++++++++++++++++++++++------------------------
> tcp_splice.c | 45 +++++++++++-----------------
> 8 files changed, 158 insertions(+), 78 deletions(-)
>
> diff --git a/flow.c b/flow.c
> index 44e7b3b8..f064fad1 100644
> --- a/flow.c
> +++ b/flow.c
> @@ -165,8 +165,10 @@ void flow_log_(const struct flow_common *f, int pri, const char *fmt, ...)
> */
> static void flow_set_state(struct flow_common *f, enum flow_state state)
> {
> - char estr[INANY_ADDRSTRLEN], fstr[INANY_ADDRSTRLEN];
> + char estr0[INANY_ADDRSTRLEN], fstr0[INANY_ADDRSTRLEN];
> + char estr1[INANY_ADDRSTRLEN], fstr1[INANY_ADDRSTRLEN];
> const struct flowside *ini = &f->side[INISIDE];
> + const struct flowside *tgt = &f->side[TGTSIDE];
> uint8_t oldstate = f->state;
>
> ASSERT(state < FLOW_NUM_STATES);
> @@ -177,19 +179,24 @@ static void flow_set_state(struct flow_common *f, enum flow_state state)
> FLOW_STATE(f));
>
> if (MAX(state, oldstate) >= FLOW_STATE_TGT)
> - flow_log_(f, LOG_DEBUG, "%s [%s]:%hu -> [%s]:%hu => %s",
> + flow_log_(f, LOG_DEBUG,
> + "%s [%s]:%hu -> [%s]:%hu => %s [%s]:%hu -> [%s]:%hu",
> pif_name(f->pif[INISIDE]),
> - inany_ntop(&ini->eaddr, estr, sizeof(estr)),
> + inany_ntop(&ini->eaddr, estr0, sizeof(estr0)),
> ini->eport,
> - inany_ntop(&ini->faddr, fstr, sizeof(fstr)),
> + inany_ntop(&ini->faddr, fstr0, sizeof(fstr0)),
> ini->fport,
> - pif_name(f->pif[TGTSIDE]));
> + pif_name(f->pif[TGTSIDE]),
> + inany_ntop(&tgt->faddr, fstr1, sizeof(fstr1)),
> + tgt->fport,
> + inany_ntop(&tgt->eaddr, estr1, sizeof(estr1)),
> + tgt->eport);
> else if (MAX(state, oldstate) >= FLOW_STATE_INI)
> flow_log_(f, LOG_DEBUG, "%s [%s]:%hu -> [%s]:%hu => ?",
> pif_name(f->pif[INISIDE]),
> - inany_ntop(&ini->eaddr, estr, sizeof(estr)),
> + inany_ntop(&ini->eaddr, estr0, sizeof(estr0)),
> ini->eport,
> - inany_ntop(&ini->faddr, fstr, sizeof(fstr)),
> + inany_ntop(&ini->faddr, fstr0, sizeof(fstr0)),
> ini->fport);
> }
>
> @@ -261,21 +268,34 @@ const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif,
> }
>
> /**
> - * flow_target() - Move flow to TGT, setting TGTSIDE details
> + * flow_target_af() - Move flow to TGT, setting TGTSIDE details
> * @flow: Flow to change state
> * @pif: pif of the target side
> + * @af: Address family for @eaddr and @faddr
> + * @saddr: Source address (pointer to in_addr or in6_addr)
> + * @sport: Endpoint port
> + * @daddr: Destination address (pointer to in_addr or in6_addr)
> + * @dport: Destination port
> + *
> + * Return: pointer to the target flowside information
> */
> -void flow_target(union flow *flow, uint8_t pif)
> +const struct flowside *flow_target_af(union flow *flow, uint8_t pif,
> + sa_family_t af,
> + const void *saddr, in_port_t sport,
> + const void *daddr, in_port_t dport)
> {
> struct flow_common *f = &flow->f;
> + struct flowside *tgt = &f->side[TGTSIDE];
>
> ASSERT(pif != PIF_NONE);
> ASSERT(flow_new_entry == flow && f->state == FLOW_STATE_INI);
> ASSERT(f->type == FLOW_TYPE_NONE);
> ASSERT(f->pif[INISIDE] != PIF_NONE && f->pif[TGTSIDE] == PIF_NONE);
>
> + flowside_from_af(tgt, af, daddr, dport, saddr, sport);
> f->pif[TGTSIDE] = pif;
> flow_set_state(f, FLOW_STATE_TGT);
> + return tgt;
> }
>
> /**
> diff --git a/flow_table.h b/flow_table.h
> index ad1bc787..00dca4b2 100644
> --- a/flow_table.h
> +++ b/flow_table.h
> @@ -114,7 +114,10 @@ const struct flowside *flow_initiate_af(union flow *flow, uint8_t pif,
> const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif,
> const union sockaddr_inany *ssa,
> in_port_t dport);
> -void flow_target(union flow *flow, uint8_t pif);
> +const struct flowside *flow_target_af(union flow *flow, uint8_t pif,
> + sa_family_t af,
> + const void *saddr, in_port_t sport,
> + const void *daddr, in_port_t dport);
>
> union flow *flow_set_type(union flow *flow, enum flow_type type);
> #define FLOW_SET_TYPE(flow_, t_, var_) (&flow_set_type((flow_), (t_))->var_)
> diff --git a/icmp.c b/icmp.c
> index cf88ac1f..fd92c7da 100644
> --- a/icmp.c
> +++ b/icmp.c
> @@ -167,7 +167,8 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
> return NULL;
>
> flow_initiate_af(flow, PIF_TAP, af, saddr, id, daddr, id);
> - flow_target(flow, PIF_HOST);
> + /* FIXME: Record outbound source address when known */
> + flow_target_af(flow, PIF_HOST, af, NULL, 0, daddr, 0);
> pingf = FLOW_SET_TYPE(flow, flowtype, ping);
>
> pingf->seq = -1;
> diff --git a/inany.h b/inany.h
> index 47b66fa9..8eaf5335 100644
> --- a/inany.h
> +++ b/inany.h
> @@ -187,7 +187,6 @@ static inline bool inany_is_unspecified(const union inany_addr *a)
> *
> * Return: true if @a is in fe80::/10 (IPv6 link local unicast)
> */
> -/* cppcheck-suppress unusedFunction */
> static inline bool inany_is_linklocal6(const union inany_addr *a)
> {
> return IN6_IS_ADDR_LINKLOCAL(&a->a6);
> diff --git a/pif.c b/pif.c
> index ebf01cc8..9f2d39cc 100644
> --- a/pif.c
> +++ b/pif.c
> @@ -7,9 +7,14 @@
>
> #include <stdint.h>
> #include <assert.h>
> +#include <netinet/in.h>
>
> #include "util.h"
> #include "pif.h"
> +#include "siphash.h"
> +#include "ip.h"
> +#include "inany.h"
> +#include "passt.h"
>
> const char *pif_type_str[] = {
> [PIF_NONE] = "<none>",
> @@ -19,3 +24,43 @@ const char *pif_type_str[] = {
> };
> static_assert(ARRAY_SIZE(pif_type_str) == PIF_NUM_TYPES,
> "pif_type_str[] doesn't match enum pif_type");
> +
> +
> +/** pif_sockaddr() - Construct a socket address suitable for an interface
> + * @c: Execution context
> + * @sa: Pointer to sockaddr to fill in
> + * @sl: Updated to relevant of length of initialised @sa
to relevant length
> + * @pif: Interface to create the socket address
> + * @addr: IPv[46] address
> + * @port: Port (host byte order)
> + *
> + * Return: true if resulting socket address is non-trivial (specified address or
> + * non-zero port), false otherwise
This is not really intuitive in the only caller using this,
tcp_bind_outbound(). I wonder if it would make more sense to perform
this check directly there, and have this returning void instead.
> + */
> +bool pif_sockaddr(const struct ctx *c, union sockaddr_inany *sa, socklen_t *sl,
> + uint8_t pif, const union inany_addr *addr, in_port_t port)
> +{
> + const struct in_addr *v4 = inany_v4(addr);
> +
> + ASSERT(pif_is_socket(pif));
> +
> + if (v4) {
> + sa->sa_family = AF_INET;
> + sa->sa4.sin_addr = *v4;
> + sa->sa4.sin_port = htons(port);
> + memset(&sa->sa4.sin_zero, 0, sizeof(sa->sa4.sin_zero));
> + *sl = sizeof(sa->sa4);
> + return !IN4_IS_ADDR_UNSPECIFIED(v4) || port;
> + }
> +
> + sa->sa_family = AF_INET6;
> + sa->sa6.sin6_addr = addr->a6;
> + sa->sa6.sin6_port = htons(port);
> + if (pif == PIF_HOST && IN6_IS_ADDR_LINKLOCAL(&addr->a6))
> + sa->sa6.sin6_scope_id = c->ifi6;
> + else
> + sa->sa6.sin6_scope_id = 0;
> + sa->sa6.sin6_flowinfo = 0;
> + *sl = sizeof(sa->sa6);
> + return !IN6_IS_ADDR_UNSPECIFIED(&addr->a6) || port;
> +}
--
Stefano
next prev parent reply other threads:[~2024-07-10 21:32 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-05 2:06 [PATCH v7 00/27] Unified flow table David Gibson
2024-07-05 2:06 ` [PATCH v7 01/27] flow: Common address information for initiating side David Gibson
2024-07-05 2:06 ` [PATCH v7 02/27] flow: Common address information for target side David Gibson
2024-07-10 21:30 ` Stefano Brivio [this message]
2024-07-11 0:19 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 03/27] tcp, flow: Remove redundant information, repack connection structures David Gibson
2024-07-05 2:07 ` [PATCH v7 04/27] tcp: Obtain guest address from flowside David Gibson
2024-07-05 2:07 ` [PATCH v7 05/27] tcp: Manage outbound address via flow table David Gibson
2024-07-05 2:07 ` [PATCH v7 06/27] tcp: Simplify endpoint validation using flowside information David Gibson
2024-07-05 2:07 ` [PATCH v7 07/27] tcp_splice: Eliminate SPLICE_V6 flag David Gibson
2024-07-05 2:07 ` [PATCH v7 08/27] tcp, flow: Replace TCP specific hash function with general flow hash David Gibson
2024-07-05 2:07 ` [PATCH v7 09/27] flow, tcp: Generalise TCP hash table to general flow hash table David Gibson
2024-07-05 2:07 ` [PATCH v7 10/27] tcp: Re-use flow hash for initial sequence number generation David Gibson
2024-07-05 2:07 ` [PATCH v7 11/27] icmp: Remove redundant id field from flow table entry David Gibson
2024-07-05 2:07 ` [PATCH v7 12/27] icmp: Obtain destination addresses from the flowsides David Gibson
2024-07-05 2:07 ` [PATCH v7 13/27] icmp: Look up ping flows using flow hash David Gibson
2024-07-05 2:07 ` [PATCH v7 14/27] icmp: Eliminate icmp_id_map David Gibson
2024-07-05 2:07 ` [PATCH v7 15/27] flow: Helper to create sockets based on flowside David Gibson
2024-07-10 21:32 ` Stefano Brivio
2024-07-11 0:21 ` David Gibson
2024-07-11 0:27 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 16/27] icmp: Manage outbound socket address via flow table David Gibson
2024-07-05 2:07 ` [PATCH v7 17/27] flow, tcp: Flow based NAT and port forwarding for TCP David Gibson
2024-07-05 2:07 ` [PATCH v7 18/27] flow, icmp: Use general flow forwarding rules for ICMP David Gibson
2024-07-05 2:07 ` [PATCH v7 19/27] fwd: Update flow forwarding logic for UDP David Gibson
2024-07-08 21:26 ` Stefano Brivio
2024-07-09 0:19 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 20/27] udp: Create flows for datagrams from originating sockets David Gibson
2024-07-09 22:32 ` Stefano Brivio
2024-07-09 23:59 ` David Gibson
2024-07-10 21:35 ` Stefano Brivio
2024-07-11 4:26 ` David Gibson
2024-07-11 8:20 ` Stefano Brivio
2024-07-11 22:58 ` David Gibson
2024-07-12 8:21 ` Stefano Brivio
2024-07-15 4:06 ` David Gibson
2024-07-15 16:37 ` Stefano Brivio
2024-07-17 0:49 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 21/27] udp: Handle "spliced" datagrams with per-flow sockets David Gibson
2024-07-09 22:32 ` Stefano Brivio
2024-07-10 0:23 ` David Gibson
2024-07-10 17:13 ` Stefano Brivio
2024-07-11 1:30 ` David Gibson
2024-07-11 8:23 ` Stefano Brivio
2024-07-11 2:48 ` David Gibson
2024-07-12 13:34 ` Stefano Brivio
2024-07-15 4:32 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 22/27] udp: Remove obsolete splice tracking David Gibson
2024-07-10 21:36 ` Stefano Brivio
2024-07-11 0:43 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 23/27] udp: Find or create flows for datagrams from tap interface David Gibson
2024-07-10 21:36 ` Stefano Brivio
2024-07-11 0:45 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 24/27] udp: Direct datagrams from host to guest via flow table David Gibson
2024-07-10 21:37 ` Stefano Brivio
2024-07-11 0:46 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 25/27] udp: Remove obsolete socket tracking David Gibson
2024-07-05 2:07 ` [PATCH v7 26/27] udp: Remove rdelta port forwarding maps David Gibson
2024-07-05 2:07 ` [PATCH v7 27/27] udp: Rename UDP listening sockets David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240710233038.6275c284@elisabeth \
--to=sbrivio@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=jmaloy@redhat.com \
--cc=passt-dev@passt.top \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).