From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=YIpaawMY; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id BAADF5A0285 for ; Sat, 06 Sep 2025 04:12:15 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757124734; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=do3n83aEK/xkOhLojHucG6QqbwQYXxELQQGhDdDTjdY=; b=YIpaawMYE9Fl74uSxPBnemofOyeWZYuBlW3sblRcUo/6YUAxDyegQHeT0hYDtaRSIwcKwI BRvIfEUhtL808pcoRUW1baw8jV3jcQEj7qky1ckwzs0DNYeQnH7uLlh8iZxTQmsDZlvPGQ XMxtoEYybiElvjkMBCjwQL4FR0Dc83Y= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-422-VeV3sHIJMGqjBqpBMzup2g-1; Fri, 05 Sep 2025 22:12:13 -0400 X-MC-Unique: VeV3sHIJMGqjBqpBMzup2g-1 X-Mimecast-MFC-AGG-ID: VeV3sHIJMGqjBqpBMzup2g_1757124732 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8F85719560B2; Sat, 6 Sep 2025 02:12:12 +0000 (UTC) Received: from jmaloy-thinkpadp16vgen1.rmtcaqc.csb (unknown [10.22.88.21]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 8419018003FC; Sat, 6 Sep 2025 02:12:11 +0000 (UTC) From: Jon Maloy To: sbrivio@redhat.com, dgibson@redhat.com, david@gibson.dropbear.id.au, jmaloy@redhat.com, passt-dev@passt.top Subject: [PATCH v5 09/10] tcp: make tcp_rst_no_conn() respond with correct MAC address Date: Fri, 5 Sep 2025 22:11:53 -0400 Message-ID: <20250906021154.2760611-10-jmaloy@redhat.com> In-Reply-To: <20250906021154.2760611-1-jmaloy@redhat.com> References: <20250906021154.2760611-1-jmaloy@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: IFgMNG6cckRC90aMfIv_mjGhbnQwEnSUXFJRJRbPytg_1757124732 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true Message-ID-Hash: EFYIKYMGXO475UU7TUZFHOCXPE3DYSZH X-Message-ID-Hash: EFYIKYMGXO475UU7TUZFHOCXPE3DYSZH X-MailFrom: jmaloy@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: tcp_rst_no_conn() needs to identify and specify which source MAC address to use when sending an RST to the guest. This is because it doesn't have access to any flow structure where this address could be fetched. Signed-off-by: Jon Maloy --- v3: - Adapted to the signature change in nl_mac_get() function, so that we now consider only the template interface when checking the ARP/NDP table. v4: - Adapted to previous name changes in this series v5: - Eliminated use of function fwd_iany_nat(). - Instead using the translation result of an attempted NAT lookup. --- tcp.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/tcp.c b/tcp.c index 383654c..54e75bb 100644 --- a/tcp.c +++ b/tcp.c @@ -1912,6 +1912,8 @@ static void tcp_rst_no_conn(const struct ctx *c, int af, const struct tcphdr *th, size_t l4len) { struct iov_tail payload = IOV_TAIL(NULL, 0, 0); + unsigned char src_mac[ETH_ALEN]; + union inany_addr tgt, tgt_nat; struct tcphdr *rsth; char buf[USHRT_MAX]; uint32_t psum = 0; @@ -1921,9 +1923,15 @@ static void tcp_rst_no_conn(const struct ctx *c, int af, if (th->rst) return; + /* Try to use true MAC address if remote host's address or + * NAT translated address can be found in ARP/NDP table. + */ + inany_from_af(&tgt, af, daddr); + nat_outbound(c, &tgt, &tgt_nat); + fwd_neigh_mac_get(c, &tgt_nat, src_mac); + if (af == AF_INET) { - struct iphdr *ip4h = tap_push_l2h(c, buf, c->our_tap_mac, - ETH_P_IP); + struct iphdr *ip4h = tap_push_l2h(c, buf, src_mac, ETH_P_IP); const struct in_addr *rst_src = daddr; const struct in_addr *rst_dst = saddr; @@ -1933,7 +1941,7 @@ static void tcp_rst_no_conn(const struct ctx *c, int af, *rst_src, *rst_dst); } else { - struct ipv6hdr *ip6h = tap_push_l2h(c, buf, c->our_tap_mac, ETH_P_IPV6); + struct ipv6hdr *ip6h = tap_push_l2h(c, buf, src_mac, ETH_P_IPV6); const struct in6_addr *rst_src = daddr; const struct in6_addr *rst_dst = saddr; -- 2.50.1