From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=eCeAHiyE; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 9DD5E5A0292 for ; Thu, 12 Jun 2025 06:22:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1749702127; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Npi8QkHGq3ttsRZx/niiG4NsgOAtSdmr5vZO0C3rGrM=; b=eCeAHiyEAYxM55kvox7yXhyK9Nt13WUHHvlxTSj1/gOGwV65+1sm4SqFksZT1aILOZDIo6 +3/mTXn7vbjbsdzfKsiOUA8FO1mrOudk29r0twSIuEqucPVmGbVzHeyK0pRdPeoe46WssD Mfd7evo4S/t1Qj/1wScqevFJw/XmStU= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-329-q5EJ2ZIvN3edMg-yoKh1oA-1; Thu, 12 Jun 2025 00:22:06 -0400 X-MC-Unique: q5EJ2ZIvN3edMg-yoKh1oA-1 X-Mimecast-MFC-AGG-ID: q5EJ2ZIvN3edMg-yoKh1oA_1749702125 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C24AE180028B for ; Thu, 12 Jun 2025 04:22:05 +0000 (UTC) Received: from jmaloy-thinkpadp16vgen1.rmtcaqc.csb (unknown [10.22.89.212]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id AAF951956087; Thu, 12 Jun 2025 04:22:04 +0000 (UTC) From: Jon Maloy To: sbrivio@redhat.com, dgibson@redhat.com, jmaloy@redhat.com, passt-dev@passt.top Subject: [PATCH v2 7/8] tcp: make tcp_rst_no_conn() respond with correct mac address Date: Thu, 12 Jun 2025 00:21:51 -0400 Message-ID: <20250612042152.695879-8-jmaloy@redhat.com> In-Reply-To: <20250612042152.695879-1-jmaloy@redhat.com> References: <20250612042152.695879-1-jmaloy@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: J1mRvEbSlhJ5M4PIh6ZpuNeeE35pS2WaE0pWAVTrIDs_1749702125 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true Message-ID-Hash: SWC5CQ3QGRTVZ4NKUACAMYXZUSCD5V7D X-Message-ID-Hash: SWC5CQ3QGRTVZ4NKUACAMYXZUSCD5V7D X-MailFrom: jmaloy@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: tcp_rst_no_conn() needs to identify and specify which source mac address to use when sending an RST to the guest. This is because it doesn't have access to any flow structure where this address could be fetched. Signed-off-by: Jon Maloy --- tcp.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/tcp.c b/tcp.c index 1a32424..b49f603 100644 --- a/tcp.c +++ b/tcp.c @@ -309,6 +309,7 @@ #include "tcp_internal.h" #include "tcp_buf.h" #include "tcp_vu.h" +#include "netlink.h" #ifndef __USE_MISC /* From Linux UAPI, missing in netinet/tcp.h provided by musl */ @@ -1888,6 +1889,9 @@ static void tcp_rst_no_conn(const struct ctx *c, int af, const struct tcphdr *th, size_t l4len) { struct iov_tail payload = IOV_TAIL(NULL, 0, 0); + unsigned char src_mac[ETH_ALEN]; + union inany_addr translated; + union inany_addr dst; struct tcphdr *rsth; char buf[USHRT_MAX]; uint32_t psum = 0; @@ -1897,8 +1901,15 @@ static void tcp_rst_no_conn(const struct ctx *c, int af, if (th->rst) return; + /* If remote host on local network - respond with its mac address */ + memcpy(src_mac, c->our_tap_mac, ETH_ALEN); + inany_from_af(&dst, af, daddr); + nat_outbound(c, &dst, &translated); + if (!memcmp(&dst, &translated, sizeof(dst))) + nl_mac_get(nl_sock, &dst, src_mac); + if (af == AF_INET) { - struct iphdr *ip4h = tap_push_l2h(c, buf, NULL, ETH_P_IP); + struct iphdr *ip4h = tap_push_l2h(c, buf, src_mac, ETH_P_IP); const struct in_addr *rst_src = daddr; const struct in_addr *rst_dst = saddr; @@ -1908,7 +1919,7 @@ static void tcp_rst_no_conn(const struct ctx *c, int af, *rst_src, *rst_dst); } else { - struct ipv6hdr *ip6h = tap_push_l2h(c, buf, NULL, ETH_P_IPV6); + struct ipv6hdr *ip6h = tap_push_l2h(c, buf, src_mac, ETH_P_IPV6); const struct in6_addr *rst_src = daddr; const struct in6_addr *rst_dst = saddr; -- 2.48.1