From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=fail reason="key not found in DNS" header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202312 header.b=qsrN0B28;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 27E3C5A0262
	for <passt-dev@passt.top>; Wed, 21 Aug 2024 06:20:36 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1724214023;
	bh=kfk8pb/svJR+hLN3J+tlHLBe1RnF0KynCL//kSUQGNo=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=qsrN0B28tl1fs4c/EgrKpPqMf+HqUoaclSqUKRJ3DhRrFJvwP3EQmYaEbN6PtWUBJ
	 dtrnv88yKwcnjNQR5py420U1mbrFkwzlbOg7++mj50BajhQ0NjGySsM9nvntFREIqh
	 klNYNYs40qBZyDPgJZYgvwRpEUnrf35sbZH2clLWf2GJbvKLkt7GDtWaf/qRCPxKGF
	 gJrYfURa8B0zLixaQuG/WJHFYPsk3cBkDcbEW96dUXeB/29rVfT0stOBKFAZDaiQjO
	 VO6KbQzG93wvhTtyFZProd0bUHW5Mn0yus870nXnpx6W0GWDC71OW0iaYRFxRqZH+o
	 QFTruM/PofdSA==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4WpY5z2kwjz4x8V; Wed, 21 Aug 2024 14:20:23 +1000 (AEST)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH v2 18/23] Don't take "our" MAC address from the host
Date: Wed, 21 Aug 2024 14:20:14 +1000
Message-ID: <20240821042020.718422-19-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.46.0
In-Reply-To: <20240821042020.718422-1-david@gibson.dropbear.id.au>
References: <20240821042020.718422-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: F6JKIJXURA5QLI42S7XXAPP7753RFC2S
X-Message-ID-Hash: F6JKIJXURA5QLI42S7XXAPP7753RFC2S
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Paul Holzinger <pholzing@redhat.com>, David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20240821042020.718422-19-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/F6JKIJXURA5QLI42S7XXAPP7753RFC2S/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

When sending frames to the guest over the tap link, we need a source MAC
address.  Currently we take that from the MAC address of the main interface
on the host, but that doesn't actually make much sense:
 * We can't preserve the real MAC address of packets from anywhere
   external so there's no transparency case here
 * In fact, it's confusingly different from how we handle IP addresses:
   whereas we give the guest the same IP as the host, we're making the
   host's MAC the one MAC that the guest *can't* use for itself.
 * We already need a fallback case if the host doesn't have an Ethernet
   like MAC (e.g. if it's connected via a point to point interface, such
   as a wireguard VPN).

Change to just just use an arbitrary fixed MAC address - I've picked
9a:55:9a:55:9a:55.  It's simpler and has the small advantage of making
the fact that passt/pasta is in use typically obvious from guest side
packet dumps.  This can still, of course, be overridden with the -M option.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 conf.c  | 40 ++++++----------------------------------
 passt.h |  7 +++++++
 util.h  |  1 -
 3 files changed, 13 insertions(+), 35 deletions(-)

diff --git a/conf.c b/conf.c
index 954f20ea..7eec3134 100644
--- a/conf.c
+++ b/conf.c
@@ -612,12 +612,10 @@ static int conf_ip4_prefix(const char *arg)
  * conf_ip4() - Verify or detect IPv4 support, get relevant addresses
  * @ifi:	Host interface to attempt (0 to determine one)
  * @ip4:	IPv4 context (will be written)
- * @mac:	MAC address to use (written if unset)
  *
  * Return:	Interface index for IPv4, or 0 on failure.
  */
-static unsigned int conf_ip4(unsigned int ifi,
-			     struct ip4_ctx *ip4, unsigned char *mac)
+static unsigned int conf_ip4(unsigned int ifi, struct ip4_ctx *ip4)
 {
 	if (!ifi)
 		ifi = nl_get_ext_if(nl_sock, AF_INET);
@@ -660,19 +658,7 @@ static unsigned int conf_ip4(unsigned int ifi,
 
 	ip4->addr_seen = ip4->addr;
 
-	if (MAC_IS_ZERO(mac)) {
-		int rc = nl_link_get_mac(nl_sock, ifi, mac);
-		if (rc < 0) {
-			char ifname[IFNAMSIZ];
-
-			err("Couldn't discover MAC address for %s: %s",
-			    if_indextoname(ifi, ifname), strerror(-rc));
-			return 0;
-		}
-
-		if (MAC_IS_ZERO(mac))
-			memcpy(mac, MAC_LAA, ETH_ALEN);
-	}
+	ip4->our_tap_addr = ip4->gw;
 
 	if (IN4_IS_ADDR_UNSPECIFIED(&ip4->addr))
 		return 0;
@@ -684,12 +670,10 @@ static unsigned int conf_ip4(unsigned int ifi,
  * conf_ip6() - Verify or detect IPv6 support, get relevant addresses
  * @ifi:	Host interface to attempt (0 to determine one)
  * @ip6:	IPv6 context (will be written)
- * @mac:	MAC address to use (written if unset)
  *
  * Return:	Interface index for IPv6, or 0 on failure.
  */
-static unsigned int conf_ip6(unsigned int ifi,
-			     struct ip6_ctx *ip6, unsigned char *mac)
+static unsigned int conf_ip6(unsigned int ifi, struct ip6_ctx *ip6)
 {
 	int prefix_len = 0;
 	int rc;
@@ -724,19 +708,6 @@ static unsigned int conf_ip6(unsigned int ifi,
 	if (IN6_IS_ADDR_LINKLOCAL(&ip6->gw))
 		ip6->our_tap_ll = ip6->gw;
 
-	if (MAC_IS_ZERO(mac)) {
-		rc = nl_link_get_mac(nl_sock, ifi, mac);
-		if (rc < 0) {
-			char ifname[IFNAMSIZ];
-			err("Couldn't discover MAC address for %s: %s",
-			    if_indextoname(ifi, ifname), strerror(-rc));
-			return 0;
-		}
-
-		if (MAC_IS_ZERO(mac))
-			memcpy(mac, MAC_LAA, ETH_ALEN);
-	}
-
 	if (IN6_IS_ADDR_UNSPECIFIED(&ip6->addr) ||
 	    IN6_IS_ADDR_UNSPECIFIED(&ip6->our_tap_ll))
 		return 0;
@@ -1287,6 +1258,7 @@ void conf(struct ctx *c, int argc, char **argv)
 
 	c->tcp.fwd_in.mode = c->tcp.fwd_out.mode = FWD_UNSET;
 	c->udp.fwd_in.mode = c->udp.fwd_out.mode = FWD_UNSET;
+	memcpy(c->our_tap_mac, MAC_OUR_LAA, ETH_ALEN);
 
 	optind = 1;
 	do {
@@ -1657,9 +1629,9 @@ void conf(struct ctx *c, int argc, char **argv)
 
 	nl_sock_init(c, false);
 	if (!v6_only)
-		c->ifi4 = conf_ip4(ifi4, &c->ip4, c->our_tap_mac);
+		c->ifi4 = conf_ip4(ifi4, &c->ip4);
 	if (!v4_only)
-		c->ifi6 = conf_ip6(ifi6, &c->ip6, c->our_tap_mac);
+		c->ifi6 = conf_ip6(ifi6, &c->ip6);
 	if ((!c->ifi4 && !c->ifi6) ||
 	    (*c->ip4.ifname_out && !c->ifi4) ||
 	    (*c->ip6.ifname_out && !c->ifi6))
diff --git a/passt.h b/passt.h
index ecfed1e7..c6c67ffc 100644
--- a/passt.h
+++ b/passt.h
@@ -26,6 +26,13 @@ union epoll_ref;
 #include "tcp.h"
 #include "udp.h"
 
+/* Default address for our end on the tap interface.  Bit 0 of byte 0 must be 0
+ * (unicast) and bit 1 of byte 1 must be 1 (locally administered).  Otherwise
+ * it's arbitrary.
+ */
+#define MAC_OUR_LAA	\
+	((uint8_t [ETH_ALEN]){0x9a, 0x55, 0x9a, 0x55, 0x9a, 0x55})
+
 /**
  * union epoll_ref - Breakdown of reference for epoll fd bookkeeping
  * @type:	Type of fd (tells us what to do with events)
diff --git a/util.h b/util.h
index a716849a..87b91e6c 100644
--- a/util.h
+++ b/util.h
@@ -96,7 +96,6 @@
 #define PORT_IS_EPHEMERAL(port) ((port) >= PORT_EPHEMERAL_MIN)
 
 #define MAC_ZERO		((uint8_t [ETH_ALEN]){ 0 })
-#define MAC_LAA			((uint8_t [ETH_ALEN]){ BIT(1), 0, 0, 0, 0, 0 })
 #define MAC_IS_ZERO(addr)	(!memcmp((addr), MAC_ZERO, ETH_ALEN))
 
 #ifndef __bswap_constant_16
-- 
2.46.0