From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=SVnSpvpk; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 0EC8E5A027F for ; Sat, 06 Sep 2025 04:12:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757124736; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yEFvvyQGs7g7+WZL1Y9KBi8cbGFeY3op8OWiO4jCGeg=; b=SVnSpvpkr3dnH/5B8K9RUbmDRI9zYqJaT7uFZEmtt8LsP5w9DqQO1gVP+CURUsLoXlQW8Z EP1uGs6+GvKmK08z4obVRTU7xKsCsX7sjpOmH5sHbgkm60qmrfIQUYLw4K1l0+sig5lYu8 60adRVQX1b0qD+B6G8WlQ6n8VJMpOj0= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-175-5axlJ1wGMM6ZVVFx7VQ15g-1; Fri, 05 Sep 2025 22:12:14 -0400 X-MC-Unique: 5axlJ1wGMM6ZVVFx7VQ15g-1 X-Mimecast-MFC-AGG-ID: 5axlJ1wGMM6ZVVFx7VQ15g_1757124734 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id D8A2A1800576; Sat, 6 Sep 2025 02:12:13 +0000 (UTC) Received: from jmaloy-thinkpadp16vgen1.rmtcaqc.csb (unknown [10.22.88.21]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D040318003FC; Sat, 6 Sep 2025 02:12:12 +0000 (UTC) From: Jon Maloy To: sbrivio@redhat.com, dgibson@redhat.com, david@gibson.dropbear.id.au, jmaloy@redhat.com, passt-dev@passt.top Subject: [PATCH v5 10/10] icmp: let icmp use mac address from flowside structure Date: Fri, 5 Sep 2025 22:11:54 -0400 Message-ID: <20250906021154.2760611-11-jmaloy@redhat.com> In-Reply-To: <20250906021154.2760611-1-jmaloy@redhat.com> References: <20250906021154.2760611-1-jmaloy@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: WN3GrVOYNW5HsbYi1ZA8JP4oitj_4opWoURs4jRCCK4_1757124734 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit content-type: text/plain; charset="US-ASCII"; x-default=true Message-ID-Hash: L4ABMNTEACSV5MAMRMDSWZ3DB5MWERRG X-Message-ID-Hash: L4ABMNTEACSV5MAMRMDSWZ3DB5MWERRG X-MailFrom: jmaloy@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Even ICMP needs to be updated to use the external MAC address instead of just the own tap address when applicable. We do that here. Signed-off-by: Jon Maloy --- v3: - Adapted to the move of external MAC address from struct flowside to struct flow_common v4: - Adapted to name changes in previous commits in this series v5: - Added conditional lookup in ARP/NDP if the flow's tap_omac is undefined --- icmp.c | 8 ++++++-- ndp.c | 2 +- tap.c | 10 ++++++---- tap.h | 4 ++-- udp.c | 12 ++++++++---- 5 files changed, 23 insertions(+), 13 deletions(-) diff --git a/icmp.c b/icmp.c index 6dffafb..2d5bf0c 100644 --- a/icmp.c +++ b/icmp.c @@ -125,17 +125,21 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref) flow_dbg(pingf, "echo reply to tap, ID: %"PRIu16", seq: %"PRIu16, ini->eport, seq); + /* Try to find true MAC address in ARP/NDP table if needed */ + if (mac_undefined(pingf->f.tap_omac)) + fwd_neigh_mac_get(c, &ini->oaddr, pingf->f.tap_omac); + if (pingf->f.type == FLOW_PING4) { const struct in_addr *saddr = inany_v4(&ini->oaddr); const struct in_addr *daddr = inany_v4(&ini->eaddr); ASSERT(saddr && daddr); /* Must have IPv4 addresses */ - tap_icmp4_send(c, *saddr, *daddr, buf, n); + tap_icmp4_send(c, *saddr, *daddr, buf, pingf->f.tap_omac, n); } else if (pingf->f.type == FLOW_PING6) { const struct in6_addr *saddr = &ini->oaddr.a6; const struct in6_addr *daddr = &ini->eaddr.a6; - tap_icmp6_send(c, saddr, daddr, buf, n); + tap_icmp6_send(c, saddr, daddr, buf, pingf->f.tap_omac, n); } return; diff --git a/ndp.c b/ndp.c index 820c556..e0e8938 100644 --- a/ndp.c +++ b/ndp.c @@ -184,7 +184,7 @@ static void ndp_send(const struct ctx *c, const struct in6_addr *dst, { const struct in6_addr *src = &c->ip6.our_tap_ll; - tap_icmp6_send(c, src, dst, buf, l4len); + tap_icmp6_send(c, src, dst, buf, c->our_tap_mac, l4len); } /** diff --git a/tap.c b/tap.c index 05429aa..6443812 100644 --- a/tap.c +++ b/tap.c @@ -278,13 +278,14 @@ void tap_udp4_send(const struct ctx *c, struct in_addr src, in_port_t sport, * @src: IPv4 source address * @dst: IPv4 destination address * @in: ICMP packet, including ICMP header + * @src_mac: MAC address to be used as source for message * @l4len: ICMP packet length, including ICMP header */ void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_addr dst, - const void *in, size_t l4len) + const void *in, const void *src_mac, size_t l4len) { char buf[USHRT_MAX]; - struct iphdr *ip4h = tap_push_l2h(c, buf, c->our_tap_mac, ETH_P_IP); + struct iphdr *ip4h = tap_push_l2h(c, buf, src_mac, ETH_P_IP); struct icmphdr *icmp4h = tap_push_ip4h(ip4h, src, dst, l4len, IPPROTO_ICMP); @@ -385,14 +386,15 @@ void tap_udp6_send(const struct ctx *c, * @src: IPv6 source address * @dst: IPv6 destination address * @in: ICMP packet, including ICMP header + * @src_mac: MAC address to be used as source for message * @l4len: ICMP packet length, including ICMP header */ void tap_icmp6_send(const struct ctx *c, const struct in6_addr *src, const struct in6_addr *dst, - const void *in, size_t l4len) + const void *in, const void *src_mac, size_t l4len) { char buf[USHRT_MAX]; - struct ipv6hdr *ip6h = tap_push_l2h(c, buf, c->our_tap_mac, ETH_P_IPV6); + struct ipv6hdr *ip6h = tap_push_l2h(c, buf, src_mac, ETH_P_IPV6); struct icmp6hdr *icmp6h = tap_push_ip6h(ip6h, src, dst, l4len, IPPROTO_ICMPV6, 0); diff --git a/tap.h b/tap.h index 02f7761..1864173 100644 --- a/tap.h +++ b/tap.h @@ -91,7 +91,7 @@ void tap_udp4_send(const struct ctx *c, struct in_addr src, in_port_t sport, struct in_addr dst, in_port_t dport, const void *in, size_t dlen); void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_addr dst, - const void *in, size_t l4len); + const void *in, const void *src_mac, size_t l4len); const struct in6_addr *tap_ip6_daddr(const struct ctx *c, const struct in6_addr *src); void *tap_push_ip6h(struct ipv6hdr *ip6h, @@ -103,7 +103,7 @@ void tap_udp6_send(const struct ctx *c, uint32_t flow, void *in, size_t dlen); void tap_icmp6_send(const struct ctx *c, const struct in6_addr *src, const struct in6_addr *dst, - const void *in, size_t l4len); + const void *in, const void *src_mac, size_t l4len); void tap_send_single(const struct ctx *c, const void *data, size_t l2len); size_t tap_send_frames(const struct ctx *c, const struct iovec *iov, size_t bufs_per_frame, size_t nframes); diff --git a/udp.c b/udp.c index 7d98845..26f8c22 100644 --- a/udp.c +++ b/udp.c @@ -385,6 +385,7 @@ static void udp_tap_prepare(const struct mmsghdr *mmh, * udp_send_tap_icmp4() - Construct and send ICMPv4 to local peer * @c: Execution context * @ee: Extended error descriptor + * @uflow: UDP flow * @toside: Destination side of flow * @saddr: Address of ICMP generating node * @in: First bytes (max 8) of original UDP message body @@ -392,6 +393,7 @@ static void udp_tap_prepare(const struct mmsghdr *mmh, */ static void udp_send_tap_icmp4(const struct ctx *c, const struct sock_extended_err *ee, + const struct udp_flow *uflow, const struct flowside *toside, struct in_addr saddr, const void *in, size_t dlen) @@ -421,7 +423,7 @@ static void udp_send_tap_icmp4(const struct ctx *c, tap_push_uh4(&msg.uh, eaddr, eport, oaddr, oport, in, dlen); memcpy(&msg.data, in, dlen); - tap_icmp4_send(c, saddr, eaddr, &msg, msglen); + tap_icmp4_send(c, saddr, eaddr, &msg, uflow->f.tap_omac, msglen); } @@ -429,6 +431,7 @@ static void udp_send_tap_icmp4(const struct ctx *c, * udp_send_tap_icmp6() - Construct and send ICMPv6 to local peer * @c: Execution context * @ee: Extended error descriptor + * @uflow: UDP flow * @toside: Destination side of flow * @saddr: Address of ICMP generating node * @in: First bytes (max 1232) of original UDP message body @@ -437,6 +440,7 @@ static void udp_send_tap_icmp4(const struct ctx *c, */ static void udp_send_tap_icmp6(const struct ctx *c, const struct sock_extended_err *ee, + const struct udp_flow *uflow, const struct flowside *toside, const struct in6_addr *saddr, void *in, size_t dlen, uint32_t flow) @@ -466,7 +470,7 @@ static void udp_send_tap_icmp6(const struct ctx *c, tap_push_uh6(&msg.uh, eaddr, eport, oaddr, oport, in, dlen); memcpy(&msg.data, in, dlen); - tap_icmp6_send(c, saddr, eaddr, &msg, msglen); + tap_icmp6_send(c, saddr, eaddr, &msg, uflow->f.tap_omac, msglen); } /** @@ -626,12 +630,12 @@ static int udp_sock_recverr(const struct ctx *c, int s, flow_sidx_t sidx, if (hdr->cmsg_level == IPPROTO_IP && (o4 = inany_v4(&otap)) && inany_v4(&toside->eaddr)) { dlen = MIN(dlen, ICMP4_MAX_DLEN); - udp_send_tap_icmp4(c, ee, toside, *o4, data, dlen); + udp_send_tap_icmp4(c, ee, uflow, toside, *o4, data, dlen); return 1; } if (hdr->cmsg_level == IPPROTO_IPV6 && !inany_v4(&toside->eaddr)) { - udp_send_tap_icmp6(c, ee, toside, &otap.a6, data, dlen, + udp_send_tap_icmp6(c, ee, uflow, toside, &otap.a6, data, dlen, FLOW_IDX(uflow)); return 1; } -- 2.50.1