From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=YRF3uOWl; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 901265A0272 for ; Tue, 30 Sep 2025 23:29:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1759267797; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eiOQp4C9xqMgYutpqtBoxpRYubmyJ9u6maiHSxOtzGA=; b=YRF3uOWltQThRzCPGQXWGk2kSi3O7kUuOANTh0SEj7hQ0+WIupeW4uLFj74+nfPe7P7fRk zimgBxs2C8R6Y1dwIgxZJJ3C1a/q2ygU/YPvprhKo/PiKJA8Kv1TeyMkDSGsnGVk9cwG8C okApd/N+lOKZ35lsmEAZhqSj5nbPl7g= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-572-A27UvRkXMBCX15-SK54Ubw-1; Tue, 30 Sep 2025 17:29:56 -0400 X-MC-Unique: A27UvRkXMBCX15-SK54Ubw-1 X-Mimecast-MFC-AGG-ID: A27UvRkXMBCX15-SK54Ubw_1759267795 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-3f6b44ab789so3712519f8f.3 for ; Tue, 30 Sep 2025 14:29:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759267794; x=1759872594; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=eiOQp4C9xqMgYutpqtBoxpRYubmyJ9u6maiHSxOtzGA=; b=qlFjMgHEY6GquOTH5U4eLXuStaFOidoRGbCBojUb2yEmQxGQIrZ/MWcSGFpLXDSuy9 k33SwpPqbvULz1l6R3mjpBlg04pt0CIqYf56ibhSRYKHRjRbLVhDlxqRvqTyXNs82e9M nn0TuO2jJdF1AhFDcOWfDyqPrOc405gbfsrwAVlJ9Mhle/vCa3ML7PZion+JEfogB/fl +aowlPLuye+4rLgcfU2IGSnEzwuMJdFzVDVSeUOP9pAPCtHnnq7NvLtZc8IHIkUBaobT t3Zzm60KRI4+wtAzzj5tEdc9d7DJ6CLC/1IVqWZPlgIXp1a8BF/pRPcPuAgHOmoCuwZN yziQ== X-Forwarded-Encrypted: i=1; AJvYcCXTpG8kJPq/SmlSfkWtoLlT418I+2ovb5MZv79I3wWHCc3K3u3JAobL+HKnkm6nIp2AimGnkXG+9uQ=@passt.top X-Gm-Message-State: AOJu0Ywy8IspN9rKSic0oskLsDQGfJkdZjBUBTXeH74i5sfxy0H7ZXNG io/8ecQQcdyabJmS3wm6rrrGaz6z6ZUy6jhtl805FtewtXz6Po2MZWNJaOGsDX7Lo9VE3zCKKOI rfR7R46nLtV9WKlfAv4F1DcVvjZl1kotPpkSjLneM+y5Qwosm6y8YmmEu+DtVVw== X-Gm-Gg: ASbGncuGPDTf6ZfUODNwLlJMj5+n2cZ+oRh35ms53E27Kp4qUm+sKUFzFU+QQTXtAqD 1Z/45lM/Hne9Vn75r5GEK6aBpI63Xbj6lkRGcv96bmjzAtMD+e3ZGFyFrHYSwUt8mOSe0lfFolN M3116wt+XfqhQUdqA6ygu/hwAl8hYnnXcc+UASzqKAO90jWXkaFPEJYkGFqbbfPTqgpw5I0SQiT Vv8aGkUUGTnNcVf7HOnOjuweKXvZBTfwQHmD4CR7wzX2+PpwOuW9DDoQPeDISGdUpM1RNddLADZ j8bv0kd7hEUobbnXGX5jkhQPp1m1/P6N+AZwOoaQXr+g7ZHKUQycBUCHvdtkTd+BfHJ+IEcFsg= = X-Received: by 2002:a5d:64c6:0:b0:3ee:158c:8bc3 with SMTP id ffacd0b85a97d-42557814828mr985960f8f.36.1759267794233; Tue, 30 Sep 2025 14:29:54 -0700 (PDT) X-Google-Smtp-Source: AGHT+IELUOevDKvZvDfVHxG7kVimokxaPab3R+nW6YNATKb+NmKDm2bkJl6z2whE8XX2WU+gnamGqg== X-Received: by 2002:a5d:64c6:0:b0:3ee:158c:8bc3 with SMTP id ffacd0b85a97d-42557814828mr985945f8f.36.1759267793766; Tue, 30 Sep 2025 14:29:53 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-46e5b633afdsm21611165e9.2.2025.09.30.14.29.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Sep 2025 14:29:53 -0700 (PDT) Date: Tue, 30 Sep 2025 23:29:52 +0200 From: Stefano Brivio To: Jon Maloy Subject: Re: [PATCH v11 6/9] udp: forward external source MAC address through tap interface Message-ID: <20250930232952.3c41d384@elisabeth> In-Reply-To: <20250927192522.3024554-7-jmaloy@redhat.com> References: <20250927192522.3024554-1-jmaloy@redhat.com> <20250927192522.3024554-7-jmaloy@redhat.com> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: u3K5pdZrzLTjE8XGgc6Rto7-PZ42aG_WuR1PeAMEPd0_1759267795 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: DBBC5PTRTEJQW3V4PTIUHJBF6Y56MJE3 X-Message-ID-Hash: DBBC5PTRTEJQW3V4PTIUHJBF6Y56MJE3 X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: dgibson@redhat.com, david@gibson.dropbear.id.au, passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Sat, 27 Sep 2025 15:25:19 -0400 Jon Maloy wrote: > We forward the incoming MAC address through the tap interface when > receiving incoming packets from network local hosts. > > This is a part of the solution to bug > https://bugs.passt.top/show_bug.cgi?id=120 > > Signed-off-by: Jon Maloy > Reviewed-by: David Gibson > > --- > v3: - Adapted to the move of external MAC address from struct flowside > to struct flow_common > v4: - Changed signature of udp_tap_prepare() to take a MAC address > instead of a flow. > - Eliminated initialization of MAC source address in all frames, > since those now are set per send occasion anyway. > v5: - Added lookup in ARP/NDP table on incoming messages in > case flow->tap_omac wasn't initialized at flow creation, > i.e., the flow was initiated from the guest. > v6: - Using MAC_ZERO > --- > passt.c | 2 +- > udp.c | 45 +++++++++++++++++++++++++-------------------- > udp.h | 2 +- > 3 files changed, 27 insertions(+), 22 deletions(-) > > diff --git a/passt.c b/passt.c > index e20bbad..fdd275a 100644 > --- a/passt.c > +++ b/passt.c > @@ -164,7 +164,7 @@ static void timer_init(struct ctx *c, const struct timespec *now) > void proto_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s) > { > tcp_update_l2_buf(eth_d, eth_s); > - udp_update_l2_buf(eth_d, eth_s); > + udp_update_l2_buf(eth_d); > } > > /** > diff --git a/udp.c b/udp.c > index 86585b7..eb57f05 100644 > --- a/udp.c > +++ b/udp.c > @@ -133,11 +133,8 @@ static int udp_splice_init[IP_VERSIONS][NUM_PORTS]; > /* UDP header and data for inbound messages */ > static struct udp_payload_t udp_payload[UDP_MAX_FRAMES]; > > -/* Ethernet header for IPv4 frames */ > -static struct ethhdr udp4_eth_hdr; > - > -/* Ethernet header for IPv6 frames */ > -static struct ethhdr udp6_eth_hdr; > +/* Ethernet headers for IPv4 and IPv6 frames */ > +static struct ethhdr udp_eth_hdr[UDP_MAX_FRAMES]; > > /** > * struct udp_meta_t - Pre-cooked headers for UDP packets > @@ -210,12 +207,13 @@ void udp_portmap_clear(void) > /** > * udp_update_l2_buf() - Update L2 buffers with Ethernet and IPv4 addresses > * @eth_d: Ethernet destination address, NULL if unchanged > - * @eth_s: Ethernet source address, NULL if unchanged > */ > -void udp_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s) > +void udp_update_l2_buf(const unsigned char *eth_d) > { > - eth_update_mac(&udp4_eth_hdr, eth_d, eth_s); > - eth_update_mac(&udp6_eth_hdr, eth_d, eth_s); > + int i; > + > + for (i = 0; i < UDP_MAX_FRAMES; i++) > + eth_update_mac(&udp_eth_hdr[i], eth_d, NULL); > } > > /** > @@ -238,6 +236,7 @@ static void udp_iov_init_one(const struct ctx *c, size_t i) > > *siov = IOV_OF_LVALUE(payload->data); > > + tiov[UDP_IOV_ETH] = IOV_OF_LVALUE(udp_eth_hdr[i]); > tiov[UDP_IOV_TAP] = tap_hdr_iov(c, &meta->taph); > tiov[UDP_IOV_PAYLOAD].iov_base = payload; > > @@ -253,9 +252,6 @@ static void udp_iov_init(const struct ctx *c) > { > size_t i; > > - udp4_eth_hdr.h_proto = htons_constant(ETH_P_IP); > - udp6_eth_hdr.h_proto = htons_constant(ETH_P_IPV6); > - > for (i = 0; i < UDP_MAX_FRAMES; i++) > udp_iov_init_one(c, i); > } > @@ -352,31 +348,34 @@ size_t udp_update_hdr6(struct ipv6hdr *ip6h, struct udp_payload_t *bp, > * udp_tap_prepare() - Convert one datagram into a tap frame > * @mmh: Receiving mmsghdr array > * @idx: Index of the datagram to prepare > + * @tap_omac: MAC address of remote endpoint as seen from the guest > * @toside: Flowside for destination side > * @no_udp_csum: Do not set UDP checksum > */ > static void udp_tap_prepare(const struct mmsghdr *mmh, > - unsigned idx, const struct flowside *toside, > + unsigned int idx, > + const uint8_t *tap_omac, > + const struct flowside *toside, > bool no_udp_csum) > { > struct iovec (*tap_iov)[UDP_NUM_IOVS] = &udp_l2_iov[idx]; > struct udp_payload_t *bp = &udp_payload[idx]; > struct udp_meta_t *bm = &udp_meta[idx]; > + struct ethhdr *eh = (*tap_iov)[UDP_IOV_ETH].iov_base; > size_t l4len; > > + eth_update_mac(eh, NULL, tap_omac); > if (!inany_v4(&toside->eaddr) || !inany_v4(&toside->oaddr)) { > l4len = udp_update_hdr6(&bm->ip6h, bp, toside, > mmh[idx].msg_len, no_udp_csum); > - tap_hdr_update(&bm->taph, l4len + sizeof(bm->ip6h) + > - sizeof(udp6_eth_hdr)); > - (*tap_iov)[UDP_IOV_ETH] = IOV_OF_LVALUE(udp6_eth_hdr); > + tap_hdr_update(&bm->taph, l4len + sizeof(bm->ip6h) + ETH_HLEN); > + eh->h_proto = htons_constant(ETH_P_IPV6); > (*tap_iov)[UDP_IOV_IP] = IOV_OF_LVALUE(bm->ip6h); > } else { > l4len = udp_update_hdr4(&bm->ip4h, bp, toside, > mmh[idx].msg_len, no_udp_csum); > - tap_hdr_update(&bm->taph, l4len + sizeof(bm->ip4h) + > - sizeof(udp4_eth_hdr)); > - (*tap_iov)[UDP_IOV_ETH] = IOV_OF_LVALUE(udp4_eth_hdr); > + tap_hdr_update(&bm->taph, l4len + sizeof(bm->ip4h) + ETH_HLEN); > + eh->h_proto = htons_constant(ETH_P_IP); > (*tap_iov)[UDP_IOV_IP] = IOV_OF_LVALUE(bm->ip4h); > } > (*tap_iov)[UDP_IOV_PAYLOAD].iov_len = l4len; > @@ -801,13 +800,19 @@ static void udp_buf_sock_to_tap(const struct ctx *c, int s, int n, > flow_sidx_t tosidx) > { > const struct flowside *toside = flowside_at_sidx(tosidx); > + struct udp_flow *uflow = udp_at_sidx(tosidx); > + uint8_t *omac = uflow->f.tap_omac; > int i; > > if ((n = udp_sock_recv(c, s, udp_mh_recv, n)) <= 0) > return; > > + /* Make one attempt to find true MAC address in ARP/NDP table */ Same as for 4/9: consider using "recorded"? > + if (MAC_IS_ZERO(omac)) > + fwd_neigh_mac_get(c, &toside->oaddr, omac); > + > for (i = 0; i < n; i++) > - udp_tap_prepare(udp_mh_recv, i, toside, false); > + udp_tap_prepare(udp_mh_recv, i, omac, toside, false); > > tap_send_frames(c, &udp_l2_iov[0][0], UDP_NUM_IOVS, n); > } > diff --git a/udp.h b/udp.h > index 8f8531a..dd6e5ad 100644 > --- a/udp.h > +++ b/udp.h > @@ -21,7 +21,7 @@ int udp_sock_init(const struct ctx *c, int ns, const union inany_addr *addr, > const char *ifname, in_port_t port); > int udp_init(struct ctx *c); > void udp_timer(struct ctx *c, const struct timespec *now); > -void udp_update_l2_buf(const unsigned char *eth_d, const unsigned char *eth_s); > +void udp_update_l2_buf(const unsigned char *eth_d); > > /** > * union udp_listen_epoll_ref - epoll reference for "listening" UDP sockets -- Stefano