From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=JwrD255X; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id A22C15A0272 for ; Fri, 03 Oct 2025 02:34:19 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1759451658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=xQwpppdwKu2MHlk7iHS33M1e6y+xvH6GaSUIjdkiY2k=; b=JwrD255XCG8/eM4MHMeuTqHH5ZWGlZnawpff+plyRYml+8ZlglmkOtpTOoSw+nL79sWHJ/ JGBZavysZAI8qj790PRNJdZgpEGrDK0OscKaZ8m5xqNvIZ1eoCNpn1WsWC+N1nwEJwgNDk VJ1y/W53/U4PpwTXK6yHuyqGr4fvjM8= Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-116-vutAmY48OWCAlRAM2MS-yA-1; Thu, 02 Oct 2025 20:34:17 -0400 X-MC-Unique: vutAmY48OWCAlRAM2MS-yA-1 X-Mimecast-MFC-AGG-ID: vutAmY48OWCAlRAM2MS-yA_1759451656 Received: from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 7CF8419560A1; Fri, 3 Oct 2025 00:34:15 +0000 (UTC) Received: from jmaloy-thinkpadp16vgen1.rmtcaqc.csb (unknown [10.22.88.36]) by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 6F323300018D; Fri, 3 Oct 2025 00:34:13 +0000 (UTC) From: Jon Maloy To: sbrivio@redhat.com, dgibson@redhat.com, david@gibson.dropbear.id.au, jmaloy@redhat.com, passt-dev@passt.top Subject: [PATCH v12 0/9] Use true MAC address of LAN local remote hosts Date: Thu, 2 Oct 2025 20:34:03 -0400 Message-ID: <20251003003412.588801-1-jmaloy@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.4 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: mRynlEDSbRDLNtwqXSPX5MxxPKcTL4NS1dwuCOhqzM4_1759451656 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Message-ID-Hash: YD6E7UUCSHKDXNOH2QVU5PYALYT5GG6U X-Message-ID-Hash: YD6E7UUCSHKDXNOH2QVU5PYALYT5GG6U X-MailFrom: jmaloy@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Bug #120 asks us to use the true MAC addresses of LAN local remote hosts, since some programs need this information. These commits introduces this for ARP, NDP, UDP, TCP and ICMP. --- v3: Updated according to feedback from Stefano and David: - Made the ARP/NDP lookup call filter out the requested address by itself, qualified by the index if the template interface - Moved the flow specific MAC address from struct flowside to struct flow_common. v4: - Updated according to feedback from David and Stefan - Added a cache table for ARP/NDP table contents v5: - Updated according to feedback from David and Stefan - Added cache table entries to FIFO/LRU queue - New criteria for when to consult ARP/NDP v6: - Simplified and merged mac cache table commits - Other changes after feedback from David. v7: - Fixes in patch #2 based on feedback from David and Stefano. v8: - Redesigned netlink and cache table part to be based on a subscription model. v8: - Small fix to patch #2 so that we cover the case when a MAC addess for a host has changed. - Added a commit where we send a gratuitous ARP/ unsolicitated NA to the guest when a new host is added to the neighbour cache table. v10: - Some fixes after feedback from David Gibson - Reordered: Moved patch #9 to position #3. - Added synchronization step between ARP/NDP table contents and the neigbour table at initialization. This reduces the number of "false" ARP/NDP replies drastically, but not completly. - (Next step could be to scan over the flow table and update affeced entries when we receive a MAC address update.) v11: - Corrected the gratuitous ARP implementation to use the "ARP Announcement" model instead of the "Gratuitous ARP reply" model. v12: - Updated based on feedback from David and Stefano - Added special handling of default GW and loopback addresses. Jon Maloy (8): netlink: add subsciption on changes in NDP/ARP table fwd: Add cache table for ARP/NDP contents arp/ndp: respond with true MAC address of LAN local remote hosts flow: add MAC address of LAN local remote hosts to flow udp: forward external source MAC address through tap interface tcp: forward external source MAC address through tap interface tap: change signature of function tap_push_l2h() icmp: let icmp use mac address from flowside structure arp.c | 9 ++- conf.c | 1 + epoll_type.h | 2 + flow.c | 2 + flow.h | 2 + fwd.c | 167 +++++++++++++++++++++++++++++++++++++++++++++++-- fwd.h | 9 +++ icmp.c | 8 ++- inany.c | 1 + ndp.c | 10 ++- netlink.c | 119 +++++++++++++++++++++++++++++++++++ netlink.h | 4 ++ passt.c | 17 +++-- passt.h | 3 +- pasta.c | 2 +- tap.c | 24 ++++--- tap.h | 7 ++- tcp.c | 18 ++++-- tcp.h | 2 +- tcp_buf.c | 37 +++++------ tcp_internal.h | 4 +- tcp_vu.c | 5 +- udp.c | 57 ++++++++++------- udp.h | 2 +- 24 files changed, 429 insertions(+), 83 deletions(-) -- 2.50.1