From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 5797B5A0329
	for <passt-dev@passt.top>; Thu, 18 Jul 2024 07:27:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1721280419;
	bh=P4TqfB4aFPhVzcjak2FZNeL8j3w6ZW5SuLAzdyyuLTk=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=UDU8B+qFEvNOb20j4vIDSEqMZDz4OUikmrPmkOTOtUf6YuDV5boHFHABDkDhgyH8b
	 Tj1Ph+c9HmOMbegG8Xc7nxK8AmOHgqT/cJ2X55uh1a/wBEs3PLsBbUu0H5If3QdhuY
	 mxNmxnrBvknUIkJU6VadukpS1if0cXyncmN1D82gm0H5d96koaONcDQTmDUuEj2maH
	 ToYQ5e6PGZPA+qDu4T/OyKqcVXMD13xHJI238kX6LGFUMGNv4kHNFREH25c6Cc5x1G
	 7MBvaXR5OW+Gscc0TMxoXT/fmhSdM7qV9BeRbkqRby/IpOnZbq5wb36BroZx4Og3/i
	 DAVv82f1now5w==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4WPhBW0TVlz4x6q; Thu, 18 Jul 2024 15:26:59 +1000 (AEST)
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>,
	passt-dev@passt.top
Subject: [PATCH v8 19/27] fwd: Update flow forwarding logic for UDP
Date: Thu, 18 Jul 2024 15:26:45 +1000
Message-ID: <20240718052653.3241585-20-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240718052653.3241585-1-david@gibson.dropbear.id.au>
References: <20240718052653.3241585-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: TGU257QCGQY6ZPW5FNUMF7IBJGJ2VX6W
X-Message-ID-Hash: TGU257QCGQY6ZPW5FNUMF7IBJGJ2VX6W
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: jmaloy@redhat.com, David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20240718052653.3241585-20-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/TGU257QCGQY6ZPW5FNUMF7IBJGJ2VX6W/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Add logic to the fwd_nat_from_*() functions to forwarding UDP packets.  The
logic here doesn't exactly match our current forwarding, since our current
forwarding has some very strange and buggy edge cases.  Instead it's
attempting to replicate what appears to be the intended logic behind the
current forwarding.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 fwd.c | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/fwd.c b/fwd.c
index 3288b0da..a70ebfd8 100644
--- a/fwd.c
+++ b/fwd.c
@@ -169,12 +169,16 @@ void fwd_scan_ports_init(struct ctx *c)
 uint8_t fwd_nat_from_tap(const struct ctx *c, uint8_t proto,
 			 const struct flowside *ini, struct flowside *tgt)
 {
-	(void)proto;
-
 	tgt->eaddr = ini->faddr;
 	tgt->eport = ini->fport;
 
-	if (!c->no_map_gw) {
+	if (proto == IPPROTO_UDP && tgt->eport == 53 &&
+	    inany_equals4(&tgt->eaddr, &c->ip4.dns_match)) {
+		tgt->eaddr = inany_from_v4(c->ip4.dns_host);
+	} else if (proto == IPPROTO_UDP && tgt->eport == 53 &&
+		   inany_equals6(&tgt->eaddr, &c->ip6.dns_match)) {
+		tgt->eaddr.a6 = c->ip6.dns_host;
+	} else if (!c->no_map_gw) {
 		if (inany_equals4(&tgt->eaddr, &c->ip4.gw))
 			tgt->eaddr = inany_loopback4;
 		else if (inany_equals6(&tgt->eaddr, &c->ip6.gw))
@@ -191,6 +195,10 @@ uint8_t fwd_nat_from_tap(const struct ctx *c, uint8_t proto,
 
 	/* Let the kernel pick a host side source port */
 	tgt->fport = 0;
+	if (proto == IPPROTO_UDP) {
+		/* But for UDP we preserve the source port */
+		tgt->fport = ini->eport;
+	}
 
 	return PIF_HOST;
 }
@@ -233,9 +241,14 @@ uint8_t fwd_nat_from_splice(const struct ctx *c, uint8_t proto,
 	tgt->eport = ini->fport;
 	if (proto == IPPROTO_TCP)
 		tgt->eport += c->tcp.fwd_out.delta[tgt->eport];
+	else if (proto == IPPROTO_UDP)
+		tgt->eport += c->udp.fwd_out.f.delta[tgt->eport];
 
 	/* Let the kernel pick a host side source port */
 	tgt->fport = 0;
+	if (proto == IPPROTO_UDP)
+		/* But for UDP preserve the source port */
+		tgt->fport = ini->eport;
 
 	return PIF_HOST;
 }
@@ -257,9 +270,11 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
 	tgt->eport = ini->fport;
 	if (proto == IPPROTO_TCP)
 		tgt->eport += c->tcp.fwd_in.delta[tgt->eport];
+	else if (proto == IPPROTO_UDP)
+		tgt->eport += c->udp.fwd_in.f.delta[tgt->eport];
 
 	if (c->mode == MODE_PASTA && inany_is_loopback(&ini->eaddr) &&
-	    proto == IPPROTO_TCP) {
+	    (proto == IPPROTO_TCP || proto == IPPROTO_UDP)) {
 		/* spliceable */
 
 		/* Preserve the specific loopback adddress used, but let the
@@ -267,11 +282,15 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
 		 */
 		tgt->faddr = ini->eaddr;
 		tgt->fport = 0;
+		if (proto == IPPROTO_UDP)
+			/* But for UDP preserve the source port */
+			tgt->fport = ini->eport;
 
 		if (inany_v4(&ini->eaddr))
 			tgt->eaddr = inany_loopback4;
 		else
 			tgt->eaddr = inany_loopback6;
+
 		return PIF_SPLICE;
 	}
 
-- 
2.45.2