From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Dyt8aEQU; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id CEAFC5A0272 for ; Thu, 02 Apr 2026 23:55:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1775166942; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XUZjlYLj28pI2u09VBJZ6LLgRTOhN0Zg+U4RetBPqwA=; b=Dyt8aEQUCYY9bDKhcPmijUNWcXBREpiLxXwJ4p79jWwh3oPgTGIL1czZFTSnO/BJGdVduz ZS5gvJcMB75Ge+Mb9zjr81mMbqQsRKyIDEYkyGlrKeVtuifrgczniforp6UaLU16/APFBM Wq/zDn2J0WJ497p149C4w/BijDPUMOs= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-307-ogHpOcbiNXCO1obDG9l6QA-1; Thu, 02 Apr 2026 17:55:41 -0400 X-MC-Unique: ogHpOcbiNXCO1obDG9l6QA-1 X-Mimecast-MFC-AGG-ID: ogHpOcbiNXCO1obDG9l6QA_1775166940 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-43d1bfbd219so1460890f8f.0 for ; Thu, 02 Apr 2026 14:55:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775166940; x=1775771740; h=date:content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XUZjlYLj28pI2u09VBJZ6LLgRTOhN0Zg+U4RetBPqwA=; b=CbuLhAs6dqT4jX/tA6XNhx6w468aEUB+X7T4CS5uy76Gr9l+nf682SZOF7QwAl2V9e DCw28H8Y1R88rvlRfj+d0o8qXB+7KXs+k1AuqHV0P7w075aDf/RJe1nqNsskFNy5dK7E 6F/aqs8QIPLejui8A33JOejv9Sd3zH5mpbMhJJ9+6+6hqopMHwAXBXoNvWGRW6qXgHGJ rBIrch+SfhZjdBCQKmgXkjsOEKb0BXswsf8US4ixOqPrX+H5DvNvB1+TQI/S5VJw0z1Z s7kFWd7p6NNUfu8We9knB2yYAaZdJfp6qMyMKAzMknZU2PMGrt7+QCsIS5hNcutzrWIP LGAA== X-Forwarded-Encrypted: i=1; AJvYcCUwPtoHPkdde2AbwD4V7iQhHf+vYk8qiAMIvyO3Zuh8NtD2HmWYahOU3j8rCvYag4rxVjT4IodBDhM=@passt.top X-Gm-Message-State: AOJu0Yzj6fjN7LLuv0zi4AgEUwSFvDlDyXHN5tUjPMjxQ8FNp/dTORGx crWQh9lQ9/iyKj/MgR7tsFTVdY57pDCYOyBmh9T9oqdHYQymDmiz7iYLPOxBAFnuCNGCbgTusZT VLOdXxPLRaZDp8HUXaW6VDSilcBeo1egnSY3m1HD/zoL3J1Um1z8TTQ== X-Gm-Gg: ATEYQzzEX2iIVPF9lgRGomXyH+SCt9DMp7ke08uEaQ92rSb4km/xOdiiOo2qWHh94UO gEVBh71+jYofUOAvDmUX3hQLCY3TUor20uG9ZLW3It1We1SRgyGTi7lpgUUlXXv2mLJf230a5WA n0TZcc1SAktk4IMv0PfVTfemqPY0C0kdQJMfhpbyYCzyV6B28PTPk1VInERyFmtoAhtyQuRi+Q6 6d5BB2nuiBGJ4VirsjfVym6tgdWz3NvnuwtM9rnx2J2MllMMmRrYPPa0SC68Xs6NvOTodWMTWbm IBhE5MVkjtfwo9F/CzfIHI63mX9Ll+fu45IncGZsWbpG2ONthHDnIZNSs+vDmWW/urRre0HxGeZ erxbdPaNW19F42lEEXWiDaABtL3Wo0zjg X-Received: by 2002:a05:600c:4450:b0:485:3586:1e28 with SMTP id 5b1f17b1804b1-4889978bb81mr8290895e9.18.1775166939745; Thu, 02 Apr 2026 14:55:39 -0700 (PDT) X-Received: by 2002:a05:600c:4450:b0:485:3586:1e28 with SMTP id 5b1f17b1804b1-4889978bb81mr8290535e9.18.1775166939102; Thu, 02 Apr 2026 14:55:39 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48895e19c10sm29942025e9.8.2026.04.02.14.55.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Apr 2026 14:55:38 -0700 (PDT) From: Stefano Brivio To: Jon Maloy Subject: Re: [PATCH v6 12/13] dhcpv6: Select addresses for DHCPv6 distribution Message-ID: <20260402235536.59e3b86f@elisabeth> In-Reply-To: <20260322004333.365713-13-jmaloy@redhat.com> References: <20260322004333.365713-1-jmaloy@redhat.com> <20260322004333.365713-13-jmaloy@redhat.com> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 Date: Thu, 02 Apr 2026 23:55:38 +0200 (CEST) X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: R5GWs_jhVLansE6B--RM0UGTjag8cUJZPkGDXG1WiFM_1775166940 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: 272BJCBTKQNFI3HWHZ4NYIOVHROVZ776 X-Message-ID-Hash: 272BJCBTKQNFI3HWHZ4NYIOVHROVZ776 X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: david@gibson.dropbear.id.au, passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Sat, 21 Mar 2026 20:43:32 -0400 Jon Maloy wrote: > We introduce a CONF_ADDR_DHCP flag to mark if an added address is > eligible for DHCP advertisement. By doing this once and for all > in the fwd_set_addr() function, the DHCPv6 code only needs to check > for this flag to know that all criteria for advertisement are fulfilled. > > We update the code in dhcpv6.c both to use the new flag and to make > it possible to send multiple addresses in a single reply message, > per RFC 8415. > > We also let the conf_print() function use this flag to identify and > print the eligible addresses. > > Signed-off-by: Jon Maloy > > --- > v6: -Refactored the DHCPv6 response structure to use a variable-length > buffer for IA_ADDR options, hopefully making this part of the code > slightly clearer. > --- > conf.c | 36 +++++++++++++++------ > dhcpv6.c | 97 ++++++++++++++++++++++++++++++++----------------------- > fwd.c | 4 +++ > migrate.c | 5 +++ > passt.h | 1 + > 5 files changed, 94 insertions(+), 49 deletions(-) > > diff --git a/conf.c b/conf.c > index 512fa38..de2fb7c 100644 > --- a/conf.c > +++ b/conf.c > @@ -1213,24 +1213,42 @@ static void conf_print(const struct ctx *c) > } > > if (c->ifi6) { > + bool has_dhcpv6 = false; > + const char *head; > + > if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback)) > info(" NAT to host ::1: %s", > inet_ntop(AF_INET6, &c->ip6.map_host_loopback, > buf, sizeof(buf))); > > - if (!c->no_ndp && !c->no_dhcpv6) > - info("NDP/DHCPv6:"); > - else if (!c->no_dhcpv6) > - info("DHCPv6:"); > - else if (!c->no_ndp) > - info("NDP:"); > - else > + /* Check what we have to advertise */ This is ambiguous in English: it might mean "the addresses we have available for advertisement" (which is what you meant I think) or "the addresses we must advertise". Maybe "Check if we have got any address to advertise" would be clearer. The comment is actually a bit redundant in my opinion, the code looks perfectly clear in itself. > + for_each_addr(a, c, AF_INET6) { > + if (a->flags & CONF_ADDR_DHCPV6) > + has_dhcpv6 = true; > + } > + > + if (c->no_ndp && !has_dhcpv6) > goto dns6; > > a = fwd_get_addr(c, AF_INET6, 0, CONF_ADDR_LINKLOCAL); > - if (a) > + if (!c->no_ndp && a) { > + info("NDP:"); > inany_ntop(&a->addr, buf, sizeof(buf)); > - info(" assign: %s", !a ? "" : buf); > + info(" assign: %s", buf); > + } > + > + if (has_dhcpv6) { > + info("DHCPv6:"); > + head = "assign"; I guess this should be "assign:", because otherwise: > + for_each_addr(a, c, AF_INET6) { > + if (!(a->flags & CONF_ADDR_DHCPV6)) > + continue; > + inany_ntop(&a->addr, buf, sizeof(buf)); > + info(" %s: %s/%d", head, buf, a->prefix_len); ...here you're going to print a sequence of " :
" which doesn't make a lot of sense to me. > + head = " "; > + } > + } > + > inet_ntop(AF_INET6, &c->ip6.guest_gw, buf, sizeof(buf)); > info(" router: %s", buf); > inet_ntop(AF_INET6, &c->ip6.our_tap_ll, buf, sizeof(buf)); > diff --git a/dhcpv6.c b/dhcpv6.c > index 313c243..7c16da4 100644 > --- a/dhcpv6.c > +++ b/dhcpv6.c > @@ -31,6 +31,8 @@ > #include "passt.h" > #include "tap.h" > #include "log.h" > +#include "fwd.h" > +#include "conf.h" > > /** > * struct opt_hdr - DHCPv6 option header > @@ -202,56 +204,35 @@ struct msg_hdr { > uint32_t xid:24; > } __attribute__((__packed__)); > > +/* Maximum variable part size: ia_addrs + client_id + dns + search + fqdn */ > +#define RESP_VAR_MAX (MAX_GUEST_ADDRS * sizeof(struct opt_ia_addr) + \ > + sizeof(struct opt_client_id) + \ > + sizeof(struct opt_dns_servers) + \ > + sizeof(struct opt_dns_search) + \ > + sizeof(struct opt_client_fqdn)) > + > /** > * struct resp_t - Normal advertise and reply message > * @hdr: DHCP message header > * @server_id: Server Identifier option > * @ia_na: Non-temporary Address option > - * @ia_addr: Address for IA_NA > - * @client_id: Client Identifier, variable length > - * @dns_servers: DNS Recursive Name Server, here just for storage size > - * @dns_search: Domain Search List, here just for storage size > - * @client_fqdn: Client FQDN, variable length > + * @var: Variable part: IA_ADDRs, client_id, dns, search, fqdn > */ > static struct resp_t { > struct msg_hdr hdr; > > struct opt_server_id server_id; > struct opt_ia_na ia_na; > - struct opt_ia_addr ia_addr; > - struct opt_client_id client_id; > - struct opt_dns_servers dns_servers; > - struct opt_dns_search dns_search; > - struct opt_client_fqdn client_fqdn; > + uint8_t var[RESP_VAR_MAX]; > } __attribute__((__packed__)) resp = { > { 0 }, > SERVER_ID, > > - { { OPT_IA_NA, OPT_SIZE_CONV(sizeof(struct opt_ia_na) + > - sizeof(struct opt_ia_addr) - > - sizeof(struct opt_hdr)) }, > + { { OPT_IA_NA, 0 }, /* Length set dynamically */ > 1, (uint32_t)~0U, (uint32_t)~0U > }, > > - { { OPT_IAAADR, OPT_SIZE(ia_addr) }, > - IN6ADDR_ANY_INIT, (uint32_t)~0U, (uint32_t)~0U > - }, > - > - { { OPT_CLIENTID, 0, }, > - { 0 } > - }, > - > - { { OPT_DNS_SERVERS, 0, }, > - { IN6ADDR_ANY_INIT } > - }, > - > - { { OPT_DNS_SEARCH, 0, }, > - { 0 }, > - }, > - > - { { OPT_CLIENT_FQDN, 0, }, > - 0, { 0 }, > - }, > + { 0 }, /* Variable part filled dynamically */ > }; > > static const struct opt_status_code sc_not_on_link = { > @@ -543,6 +524,42 @@ static size_t dhcpv6_client_fqdn_fill(const struct iov_tail *data, > return offset + sizeof(struct opt_hdr) + opt_len; > } > > +/** > + * dhcpv6_ia_addr_fill() - Fill IA_ADDR options for all suitable addresses > + * @c: Execution context > + * > + * Fills IA_ADDRs in resp.var with all non-linklocal, non-observed addresses > + * and updates resp.ia_na.hdr.l with the correct length. > + * > + * Return: number of addresses filled > + */ > +static int dhcpv6_ia_addr_fill(const struct ctx *c) > +{ > + struct opt_ia_addr *ia_addr = (struct opt_ia_addr *)resp.var; > + const struct guest_addr *e; > + int count = 0; > + > + for_each_addr(e, c, AF_INET6) { > + if (!(e->flags & CONF_ADDR_DHCPV6)) > + continue; > + > + ia_addr[count].hdr.t = OPT_IAAADR; > + ia_addr[count].hdr.l = htons(sizeof(struct opt_ia_addr) - > + sizeof(struct opt_hdr)); > + ia_addr[count].addr = e->addr.a6; > + ia_addr[count].pref_lifetime = (uint32_t)~0U; > + ia_addr[count].valid_lifetime = (uint32_t)~0U; > + count++; > + } > + > + /* Update IA_NA length: header fields + all IA_ADDRs */ > + resp.ia_na.hdr.l = htons(sizeof(struct opt_ia_na) - > + sizeof(struct opt_hdr) + > + count * sizeof(struct opt_ia_addr)); > + > + return count; > +} > + > /** > * dhcpv6() - Check if this is a DHCPv6 message, reply as needed > * @c: Execution context > @@ -570,12 +587,14 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > struct opt_hdr client_id_storage; > /* cppcheck-suppress [variableScope,unmatchedSuppression] */ > const struct in6_addr *src, *dst; > + /* cppcheck-suppress [variableScope,unmatchedSuppression] */ > struct opt_ia_na ia_storage; > const struct guest_addr *a; > struct msg_hdr mh_storage; > const struct msg_hdr *mh; > struct udphdr uh_storage; > const struct udphdr *uh; > + int addr_count; > size_t mlen, n; > > a = fwd_get_addr(c, AF_INET6, 0, CONF_ADDR_LINKLOCAL); > @@ -626,6 +645,7 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > if (ia && ntohs(ia->hdr.l) < MIN(OPT_VSIZE(ia_na), OPT_VSIZE(ia_ta))) > return -1; > > + addr_count = dhcpv6_ia_addr_fill(c); > resp.hdr.type = TYPE_REPLY; > switch (mh->type) { > case TYPE_REQUEST: > @@ -679,12 +699,14 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > if (ia) > resp.ia_na.iaid = ((struct opt_ia_na *)ia)->iaid; > > + /* Client_id goes right after the used IA_ADDRs */ > + n = offsetof(struct resp_t, var) + > + addr_count * sizeof(struct opt_ia_addr); > iov_to_buf(&client_id_base.iov[0], client_id_base.cnt, > - client_id_base.off, &resp.client_id, > + client_id_base.off, (char *)&resp + n, > ntohs(client_id->l) + sizeof(struct opt_hdr)); > > - n = offsetof(struct resp_t, client_id) + > - sizeof(struct opt_hdr) + ntohs(client_id->l); > + n += sizeof(struct opt_hdr) + ntohs(client_id->l); > n = dhcpv6_dns_fill(c, (char *)&resp, n); > n = dhcpv6_client_fqdn_fill(data, c, (char *)&resp, n); > > @@ -701,7 +723,6 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > */ > void dhcpv6_init(const struct ctx *c) > { > - const struct guest_addr *a; > time_t y2k = 946684800; /* Epoch to 2000-01-01T00:00:00Z, no mktime() */ > uint32_t duid_time; > > @@ -714,8 +735,4 @@ void dhcpv6_init(const struct ctx *c) > c->our_tap_mac, sizeof(c->our_tap_mac)); > memcpy(resp_not_on_link.server_id.duid_lladdr, > c->our_tap_mac, sizeof(c->our_tap_mac)); > - > - a = fwd_get_addr(c, AF_INET6, 0, CONF_ADDR_LINKLOCAL); > - if (a) > - resp.ia_addr.addr = a->addr.a6; > } > diff --git a/fwd.c b/fwd.c > index e1c85dd..f867398 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -301,6 +301,10 @@ void fwd_set_addr(struct ctx *c, const union inany_addr *addr, > if (inany_v4(addr)) { > if (!c->no_dhcp) > flags |= CONF_ADDR_DHCP; > + } else { > + /* DHCPv6 for IPv6 */ ...well surely not for IPv4. :) Does this comment actually add anything? > + if (!c->no_dhcpv6) > + flags |= CONF_ADDR_DHCPV6; > } > } > > diff --git a/migrate.c b/migrate.c > index 1d1e0e6..105f624 100644 > --- a/migrate.c > +++ b/migrate.c > @@ -53,6 +53,7 @@ struct migrate_seen_addrs_v2 { > #define MIGRATE_ADDR_LINKLOCAL BIT(2) > #define MIGRATE_ADDR_OBSERVED BIT(3) > #define MIGRATE_ADDR_DHCP BIT(4) > +#define MIGRATE_ADDR_DHCPV6 BIT(5) > > /** > * struct migrate_addr_v3 - Wire format for a single address entry > @@ -86,6 +87,8 @@ static uint8_t flags_to_wire(uint8_t flags) > wire |= MIGRATE_ADDR_OBSERVED; > if (flags & CONF_ADDR_DHCP) > wire |= MIGRATE_ADDR_DHCP; > + if (flags & CONF_ADDR_DHCPV6) > + wire |= MIGRATE_ADDR_DHCPV6; > > return wire; > } > @@ -110,6 +113,8 @@ static uint8_t flags_from_wire(uint8_t wire) > flags |= CONF_ADDR_OBSERVED; > if (wire & MIGRATE_ADDR_DHCP) > flags |= CONF_ADDR_DHCP; > + if (wire & MIGRATE_ADDR_DHCPV6) > + flags |= CONF_ADDR_DHCPV6; > > return flags; > } > diff --git a/passt.h b/passt.h > index 5ea1715..c4c1f04 100644 > --- a/passt.h > +++ b/passt.h > @@ -76,6 +76,7 @@ enum passt_modes { > #define CONF_ADDR_LINKLOCAL BIT(2) /* Link-local address */ > #define CONF_ADDR_OBSERVED BIT(3) /* Seen in guest traffic */ > #define CONF_ADDR_DHCP BIT(4) /* Advertise via DHCP (IPv4) */ > +#define CONF_ADDR_DHCPV6 BIT(5) /* Advertise via DHCPv6 (IPv6) */ > > /** > * struct guest_addr - Unified IPv4/IPv6 address entry -- Stefano