From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=V1Vtu2mk; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 6FABD5A0262 for ; Sat, 20 Jun 2026 00:09:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1781906997; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Qgw6Kypjb8iChsHcrmkSTkEfqTBmTyxapaKhKl1JiM8=; b=V1Vtu2mkXLdgNit4/JpCcVP3aleum7KhAqeWLXl5ch7WxUpdE12u96oqtVLDxLNfo1sSI/ Qwi/Xha00vsQnYg7rXY0l1m9Wdgn0ur/ZavacoUd1pjrusHM810EdvXl1euThy8XVUYRxb 92ue+S3MC9aQ1ejQC+cyBV4riltEpSE= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-277-1kknkX8WMQuH12ah9jTdGA-1; Fri, 19 Jun 2026 18:09:55 -0400 X-MC-Unique: 1kknkX8WMQuH12ah9jTdGA-1 X-Mimecast-MFC-AGG-ID: 1kknkX8WMQuH12ah9jTdGA_1781906994 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-490b7959b9fso23416695e9.2 for ; Fri, 19 Jun 2026 15:09:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1781906994; x=1782511794; h=date:content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Qgw6Kypjb8iChsHcrmkSTkEfqTBmTyxapaKhKl1JiM8=; b=EwvwBQWSRmsxXPIK/5i/drE1XMVZJO3DwaXXvkRoYj33WDrZQiH705tcAvX92xCQgX nH8FZ8OXP1TJaLCJBHK69Ypcthxk0a2g7bpAAsfp2ceLmuORXUVCHTy3j/0SFBoXWIaA lMwH/khzHE1wdKxgR41848boCsmYNLrQKOVHFfolXuqDrz1X0UZD9wXSqYuX+JQ490ZZ 847b/+bUMaL0d688Ye2cgX/SZup1/yAQIkWZhIy1+9WuDU9Ai6GkrobjR6g99gYmDbTW JGlnjjcV4ao9e+f/6vI1eWyGdyAbjalJipPF6SDcKtusy3ksMhDxu+Ot9mdqGudRMg6B mvFg== X-Forwarded-Encrypted: i=1; AFNElJ+Ltl1q5cdim2TC96luqBq/fn8s12R2nVnJJqlu+sCD+9+/Izveoj9Biz/Ko3VkM+nBj2AtTR5OJI4=@passt.top X-Gm-Message-State: AOJu0YxT5H9e2PClUXJmKtenoWuoiantXlDTR1G2SEBq/eKE0oMWUz6e 17P4WgUL6vQHPKCFmmLVW07UaTdr68q63HW2wvlEgS9qDVqIGaNt3uBzojBShAUrUBaqQacmAaj aq5GExHGACQ4MDQ36Ms1QS3TcIUE+JrLVmhdnmlQlM0OoRopWHOL761ZYtcw8sQ== X-Gm-Gg: AfdE7clgNysRA3+3JxHWlsDEfrkGI53b+4373brdBs3IiDWHAe8rxWKCsxy3+m8COML d2sx6mghk0aBdqNWcXcFm01NTEWPWIwRL7Fl60oYZ5Aa8JBLIhyoJjUF0EvbU1XuMWEFx+Eiz0a 1XB6IUGUPXvI+PmQJo7X6EuorSPxP9kXw9GEhNLShpzdIjuCn1o0cIx7uqjE+vrXruYhCEx1jAy aRiFlRunUiAtbCAagabXhCTm/VIbPvj74aY8LG/oFrWaPF3M4cpC9xrdSMiE8hzTsXsCeI6oJzG io+kpErNQ65HUqaok1EbC0+NN+Mh/2Z1hdU3agDCdEDKUepNhIo+0MTnAaRFWdKw7Tn9POes/97 L/UJLQRqgKBxcAGa8iTc31r62HJ8lR3+UVmffyxQ= X-Received: by 2002:a05:600c:5493:b0:492:1ea2:6258 with SMTP id 5b1f17b1804b1-49240e7b049mr81318485e9.33.1781906993753; Fri, 19 Jun 2026 15:09:53 -0700 (PDT) X-Received: by 2002:a05:600c:5493:b0:492:1ea2:6258 with SMTP id 5b1f17b1804b1-49240e7b049mr81317975e9.33.1781906993081; Fri, 19 Jun 2026 15:09:53 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-49240f054e3sm86469875e9.2.2026.06.19.15.09.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jun 2026 15:09:52 -0700 (PDT) From: Stefano Brivio To: Jon Maloy Subject: Re: [PATCH v7 02/13] passt, pasta: Introduce unified multi-address data structures Message-ID: <20260620000951.09b50452@elisabeth> In-Reply-To: <20260413005319.3295910-3-jmaloy@redhat.com> References: <20260413005319.3295910-1-jmaloy@redhat.com> <20260413005319.3295910-3-jmaloy@redhat.com> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 Date: Sat, 20 Jun 2026 00:09:51 +0200 (CEST) X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: sVq7tM1pD7PSkUFFHpxCDctSJupjUh2hol7mZNzGySo_1781906994 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: EAGF6LC4J7UNOM36NM4S3RBTQLNO66XF X-Message-ID-Hash: EAGF6LC4J7UNOM36NM4S3RBTQLNO66XF X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: david@gibson.dropbear.id.au, passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Sun, 12 Apr 2026 20:53:08 -0400 Jon Maloy wrote: > As preparation for supporting multiple addresses per interface, > we replace the single addr/prefix_len fields with an array. The > array consists of a new struct inany_addr_entry containing an > address and prefix length, both in inany_addr format. > > Despite a lot of code refactoring, there are only two real functional > changes: > - The indicated IPv6 prefix length is now properly stored, instead > of being ignored and overridden with the hardcoded value 64, as > has been the case until now. > - Since even IPv4 addresses now are stored in IPv6 format, we > also store the corresponding prefix length in that format, > i.e. using the range [96,128] instead of [0,32]. > > Signed-off-by: Jon Maloy > > --- > v2: -Using inany_addr instead of protocol specific addresses as > entry address field. > > v3: -Merging into one array, directly in struct ctx > -Changed prefix_len and flags fields in struct inany_addr_entry > to uint8_t, since that makes the struct directly migratable > > v4: -Updated according to changes in previous commits > -Updated according to feedback from David G. > -Squashed IP4_MASK macro commit into this one > > v6: -Renamed and moved some definitions > -Introduced fwd_set_addr() and fwd_get_addr() already in this commit > -Eliminated first_v4/v6() functions, replaced with fwd_get_addr() > -Some other changes as suggested by David G. > -I kept the flag CONF_ADDR_LINKLOCAL, since it will be > needed later in an address selection function. > > v7: -Introduced CONF_ADDR_GENERATED flag > -Other fixes based on feedback from David and Stefano. > -I changed signature of inany_prefix_len(), but I did not change > its semantics, since the premise of David's comment is wrong: the > caller does *not* explicitly know he is dealing with an IPv4 address. > In fact, there are examples later in this series where it may be an > IPv6 address, and the caller just trusts he gets the return value in > the appropriate format. > -Introduced the inverse of inany_prefix_len(), called inany_prefix_len6() > which always returns the prefix in IPv6 or mapped IPv4 format. > The name of the function isn't great, but any alternative I came up > with became too long to be practical. > --- > arp.c | 12 ++++- > conf.c | 143 ++++++++++++++++++++++++++++++------------------------- > dhcp.c | 14 ++++-- > dhcpv6.c | 15 ++++-- > fwd.c | 109 ++++++++++++++++++++++++++++++++++-------- > fwd.h | 4 ++ > inany.h | 41 ++++++++++++++++ > ip.h | 2 + > ndp.c | 16 +++++-- > passt.h | 67 ++++++++++++++++++++++---- > pasta.c | 25 ++++++---- > tap.c | 7 ++- > 12 files changed, 340 insertions(+), 115 deletions(-) > > diff --git a/arp.c b/arp.c > index bb042e9..a7fd82f 100644 > --- a/arp.c > +++ b/arp.c > @@ -41,6 +41,8 @@ > static bool ignore_arp(const struct ctx *c, > const struct arphdr *ah, const struct arpmsg *am) > { > + const struct guest_addr *a; > + > if (ah->ar_hrd != htons(ARPHRD_ETHER) || > ah->ar_pro != htons(ETH_P_IP) || > ah->ar_hln != ETH_ALEN || > @@ -54,7 +56,8 @@ static bool ignore_arp(const struct ctx *c, > return true; > > /* Don't resolve the guest's assigned address, either. */ > - if (!memcmp(am->tip, &c->ip4.addr, sizeof(am->tip))) > + a = fwd_get_addr(c, AF_INET, 0, 0); I guess it's not strictly needed right now to avoid breaking things, but, eventually, if we support multiple assigned / configured / observed addresses for the guest, we should make sure we don't resolve any of them. That is, we should eventually pass am->tip to a lookup function. It might be in scope for this series but not necessarily. A further remark: while it's absolutely canonical and expected that "no flags" is 0, fwd_*() functions change prototypes so frequently these days that I would consider something perhaps unconventional but probably helpful for readability: define CONF_ADDR_PICK_ANY as UINT8_MAX (I'm not sure if there's a nicer macro denoting "all bits set"), CONF_ADDR_EXCLUDE_NONE as 0, and then pass them here instead of 0, 0. Maybe it's ugly. I'm not sure. > + if (a && !memcmp(am->tip, inany_v4(&a->addr), sizeof(am->tip))) > return true; > > return false; > @@ -123,12 +126,17 @@ int arp(const struct ctx *c, struct iov_tail *data) > */ > void arp_send_init_req(const struct ctx *c) > { > + const struct guest_addr *a; > struct { > struct ethhdr eh; > struct arphdr ah; > struct arpmsg am; > } __attribute__((__packed__)) req; > > + a = fwd_get_addr(c, AF_INET, 0, 0); Same comment as above. > + if (!a) > + return; > + > /* Ethernet header */ > req.eh.h_proto = htons(ETH_P_ARP); > memcpy(req.eh.h_dest, MAC_BROADCAST, sizeof(req.eh.h_dest)); > @@ -145,7 +153,7 @@ void arp_send_init_req(const struct ctx *c) > memcpy(req.am.sha, c->our_tap_mac, sizeof(req.am.sha)); > memcpy(req.am.sip, &c->ip4.our_tap_addr, sizeof(req.am.sip)); > memcpy(req.am.tha, MAC_BROADCAST, sizeof(req.am.tha)); > - memcpy(req.am.tip, &c->ip4.addr, sizeof(req.am.tip)); > + memcpy(req.am.tip, inany_v4(&a->addr), sizeof(req.am.tip)); > > debug("Sending initial ARP request for guest MAC address"); > tap_send_single(c, &req, sizeof(req)); > diff --git a/conf.c b/conf.c > index f13fef6..591f561 100644 > --- a/conf.c > +++ b/conf.c > @@ -728,13 +728,15 @@ static int conf_ip4_prefix(const char *arg) > > /** > * conf_ip4() - Verify or detect IPv4 support, get relevant addresses > + * @c: Execution context > * @ifi: Host interface to attempt (0 to determine one) > - * @ip4: IPv4 context (will be written) > * > * Return: interface index for IPv4, or 0 on failure. > */ > -static unsigned int conf_ip4(unsigned int ifi, struct ip4_ctx *ip4) > +static unsigned int conf_ip4(struct ctx *c, unsigned int ifi) > { > + struct ip4_ctx *ip4 = &c->ip4; > + > if (!ifi) > ifi = nl_get_ext_if(nl_sock, AF_INET); > > @@ -753,60 +755,57 @@ static unsigned int conf_ip4(unsigned int ifi, struct ip4_ctx *ip4) > } > } > > - if (IN4_IS_ADDR_UNSPECIFIED(&ip4->addr)) { > + if (!fwd_get_addr(c, AF_INET, 0, 0)) { > + struct in_addr addr; > + int prefix_len; > int rc = nl_addr_get(nl_sock, ifi, AF_INET, > - &ip4->addr, &ip4->prefix_len, NULL); > + &addr, &prefix_len, NULL); > if (rc < 0) { > debug("Couldn't discover IPv4 address: %s", > strerror_(-rc)); > return 0; > } > - } > + if (IN4_IS_ADDR_UNSPECIFIED(&addr)) > + return 0; > > - if (!ip4->prefix_len) { > - in_addr_t addr = ntohl(ip4->addr.s_addr); > - if (IN_CLASSA(addr)) > - ip4->prefix_len = (32 - IN_CLASSA_NSHIFT); > - else if (IN_CLASSB(addr)) > - ip4->prefix_len = (32 - IN_CLASSB_NSHIFT); > - else if (IN_CLASSC(addr)) > - ip4->prefix_len = (32 - IN_CLASSC_NSHIFT); > - else > - ip4->prefix_len = 32; > + fwd_set_addr(c, &inany_from_v4(addr), CONF_ADDR_HOST, > + prefix_len); > + ip4->addr_seen = addr; > } > > - ip4->addr_seen = ip4->addr; > - > ip4->our_tap_addr = ip4->guest_gw; > > - if (IN4_IS_ADDR_UNSPECIFIED(&ip4->addr)) > - return 0; > - > return ifi; > } > > /** > * conf_ip4_local() - Configure IPv4 addresses and attributes for local mode > - * @ip4: IPv4 context (will be written) > + * @c: Execution context (will be written) > */ > -static void conf_ip4_local(struct ip4_ctx *ip4) > +static void conf_ip4_local(struct ctx *c) > { > - ip4->addr_seen = ip4->addr = IP4_LL_GUEST_ADDR; > - ip4->our_tap_addr = ip4->guest_gw = IP4_LL_GUEST_GW; > - ip4->prefix_len = IP4_LL_PREFIX_LEN; > + struct ip4_ctx *ip4 = &c->ip4; > > + ip4->addr_seen = IP4_LL_GUEST_ADDR; > + ip4->our_tap_addr = ip4->guest_gw = IP4_LL_GUEST_GW; > ip4->no_copy_addrs = ip4->no_copy_routes = true; > + fwd_set_addr(c, &inany_from_v4(IP4_LL_GUEST_ADDR), > + CONF_ADDR_GENERATED | CONF_ADDR_LINKLOCAL, > + IP4_LL_PREFIX_LEN); > } > > /** > * conf_ip6() - Verify or detect IPv6 support, get relevant addresses > + * @c: Execution context > * @ifi: Host interface to attempt (0 to determine one) > - * @ip6: IPv6 context (will be written) > * > * Return: interface index for IPv6, or 0 on failure. > */ > -static unsigned int conf_ip6(unsigned int ifi, struct ip6_ctx *ip6) > +static unsigned int conf_ip6(struct ctx *c, unsigned int ifi) > { > + struct ip6_ctx *ip6 = &c->ip6; > + const struct guest_addr *a; > + union inany_addr addr; > int prefix_len = 0; > int rc; > > @@ -827,21 +826,28 @@ static unsigned int conf_ip6(unsigned int ifi, struct ip6_ctx *ip6) > } > } > > - rc = nl_addr_get(nl_sock, ifi, AF_INET6, > - IN6_IS_ADDR_UNSPECIFIED(&ip6->addr) ? &ip6->addr : NULL, > + rc = nl_addr_get(nl_sock, ifi, AF_INET6, &addr.a6, > &prefix_len, &ip6->our_tap_ll); > if (rc < 0) { > debug("Couldn't discover IPv6 address: %s", strerror_(-rc)); > return 0; > } > > - ip6->addr_seen = ip6->addr; > + a = fwd_get_addr(c, AF_INET6, 0, 0); > + if (!a) { > + if (IN6_IS_ADDR_UNSPECIFIED(&addr)) > + return 0; > + > + fwd_set_addr(c, &addr, CONF_ADDR_HOST, prefix_len); > + ip6->addr_seen = addr.a6; > + } else { > + ip6->addr_seen = a->addr.a6; > + } > > if (IN6_IS_ADDR_LINKLOCAL(&ip6->guest_gw)) > ip6->our_tap_ll = ip6->guest_gw; > > - if (IN6_IS_ADDR_UNSPECIFIED(&ip6->addr) || > - IN6_IS_ADDR_UNSPECIFIED(&ip6->our_tap_ll)) > + if (IN6_IS_ADDR_UNSPECIFIED(&ip6->our_tap_ll)) > return 0; > > return ifi; > @@ -849,13 +855,13 @@ static unsigned int conf_ip6(unsigned int ifi, struct ip6_ctx *ip6) > > /** > * conf_ip6_local() - Configure IPv6 addresses and attributes for local mode > - * @ip6: IPv6 context (will be written) > + * @c: Execution context (will be written) > */ > -static void conf_ip6_local(struct ip6_ctx *ip6) > +static void conf_ip6_local(struct ctx *c) > { > - ip6->our_tap_ll = ip6->guest_gw = IP6_LL_GUEST_GW; > + c->ip6.our_tap_ll = c->ip6.guest_gw = IP6_LL_GUEST_GW; > > - ip6->no_copy_addrs = ip6->no_copy_routes = true; > + c->ip6.no_copy_addrs = c->ip6.no_copy_routes = true; > } > > /** > @@ -1137,6 +1143,7 @@ enum passt_modes conf_mode(int argc, char *argv[]) > static void conf_print(const struct ctx *c) > { > char buf[INANY_ADDRSTRLEN]; > + const struct guest_addr *a; > int i; > > if (c->ifi4 > 0 || c->ifi6 > 0) { > @@ -1181,16 +1188,18 @@ static void conf_print(const struct ctx *c) > inet_ntop(AF_INET, &c->ip4.map_host_loopback, > buf, sizeof(buf))); > > - if (!c->no_dhcp) { > + a = fwd_get_addr(c, AF_INET, 0, 0); > + if (a && !c->no_dhcp) { > uint32_t mask; > > - mask = htonl(0xffffffff << (32 - c->ip4.prefix_len)); > + mask = IN4_MASK(inany_prefix_len(&a->addr, > + a->prefix_len)); > > info("DHCP:"); > info(" assign: %s", > - inet_ntop(AF_INET, &c->ip4.addr, buf, sizeof(buf))); > + inany_ntop(&a->addr, buf, sizeof(buf))); > info(" mask: %s", > - inet_ntop(AF_INET, &mask, buf, sizeof(buf))); > + inet_ntop(AF_INET, &mask, buf, sizeof(buf))); > info(" router: %s", > inet_ntop(AF_INET, &c->ip4.guest_gw, > buf, sizeof(buf))); > @@ -1201,8 +1210,8 @@ static void conf_print(const struct ctx *c) > break; > if (!i) > info("DNS:"); > - inet_ntop(AF_INET, &c->ip4.dns[i], buf, sizeof(buf)); > - info(" %s", buf); > + info(" %s", inet_ntop(AF_INET, &c->ip4.dns[i], > + buf, sizeof(buf))); > } > > for (i = 0; *c->dns_search[i].n; i++) { > @@ -1227,13 +1236,14 @@ static void conf_print(const struct ctx *c) > else > goto dns6; > > - info(" assign: %s", > - inet_ntop(AF_INET6, &c->ip6.addr, buf, sizeof(buf))); > + a = fwd_get_addr(c, AF_INET6, 0, CONF_ADDR_LINKLOCAL); > + if (a) > + info(" assign: %s", > + inany_ntop(&a->addr, buf, sizeof(buf))); > info(" router: %s", > inet_ntop(AF_INET6, &c->ip6.guest_gw, buf, sizeof(buf))); > info(" our link-local: %s", > - inet_ntop(AF_INET6, &c->ip6.our_tap_ll, > - buf, sizeof(buf))); > + inet_ntop(AF_INET6, &c->ip6.our_tap_ll, buf, sizeof(buf))); > > dns6: > for (i = 0; i < ARRAY_SIZE(c->ip6.dns); i++) { > @@ -1241,8 +1251,10 @@ dns6: > break; > if (!i) > info("DNS:"); > - inet_ntop(AF_INET6, &c->ip6.dns[i], buf, sizeof(buf)); > - info(" %s", buf); > + info(" %s", > + inet_ntop(AF_INET6, &c->ip6.dns[i], > + buf, sizeof(buf))); > + > } > > for (i = 0; *c->dns_search[i].n; i++) { > @@ -1886,19 +1898,16 @@ void conf(struct ctx *c, int argc, char **argv) > IN6_IS_ADDR_V4COMPAT(&addr.a6)) > die("Invalid address: %s", optarg); > > - if (inany_v4(&addr)) { > - c->ip4.addr = *inany_v4(&addr); > - c->ip4.prefix_len = prefix_len - 96; > - if (c->mode == MODE_PASTA) > - c->ip4.no_copy_addrs = true; > - } else { > - c->ip6.addr = addr.a6; > - if (c->mode == MODE_PASTA) > - c->ip6.no_copy_addrs = true; > - } > + /* Legacy behaviour: replace existing address if any */ > + fwd_set_addr(c, &addr, CONF_ADDR_USER, prefix_len); > + if (inany_v4(&addr)) > + c->ip4.no_copy_addrs = true; > + else > + c->ip6.no_copy_addrs = true; > break; > } > case 'n': { > + struct guest_addr *a; > int plen; > > if (addr_has_prefix_len) > @@ -1908,8 +1917,12 @@ void conf(struct ctx *c, int argc, char **argv) > if (plen < 0) > die("Invalid prefix length: %s", optarg); > > - prefix_len_from_opt = plen + 96; > - c->ip4.prefix_len = plen; > + prefix_len_from_opt = plen; > + > + for_each_addr(a, c->addrs, c->addr_count, AF_INET) { > + a->prefix_len = inany_prefix_len(&a->addr, plen); > + break; > + } > break; > } > case 'M': > @@ -2103,9 +2116,9 @@ void conf(struct ctx *c, int argc, char **argv) > > nl_sock_init(c, false); > if (!v6_only && !c->splice_only) > - c->ifi4 = conf_ip4(ifi4, &c->ip4); > + c->ifi4 = conf_ip4(c, ifi4); > if (!v4_only && !c->splice_only) > - c->ifi6 = conf_ip6(ifi6, &c->ip6); > + c->ifi6 = conf_ip6(c, ifi6); > > if (c->ifi4 && c->mtu < IPV4_MIN_MTU) { > warn("MTU %"PRIu16" is too small for IPv4 (minimum %u)", > @@ -2128,7 +2141,7 @@ void conf(struct ctx *c, int argc, char **argv) > if (!c->ifi4 && !v6_only) { > if (!c->splice_only) { > info("IPv4: no external interface as template, use local mode"); > - conf_ip4_local(&c->ip4); > + conf_ip4_local(c); > } > c->ifi4 = -1; > } > @@ -2136,7 +2149,7 @@ void conf(struct ctx *c, int argc, char **argv) > if (!c->ifi6 && !v4_only) { > if (!c->splice_only) { > info("IPv6: no external interface as template, use local mode"); > - conf_ip6_local(&c->ip6); > + conf_ip6_local(c); > } > c->ifi6 = -1; > } > @@ -2201,7 +2214,7 @@ void conf(struct ctx *c, int argc, char **argv) > if (!c->ifi6) { > c->no_ndp = 1; > c->no_dhcpv6 = 1; > - } else if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.addr)) { > + } else if (!fwd_get_addr(c, AF_INET6, 0, 0)) { > c->no_dhcpv6 = 1; > } > > diff --git a/dhcp.c b/dhcp.c > index 1ff8cba..f0fa212 100644 > --- a/dhcp.c > +++ b/dhcp.c > @@ -303,6 +303,7 @@ static void opt_set_dns_search(const struct ctx *c, size_t max_len) > int dhcp(const struct ctx *c, struct iov_tail *data) > { > char macstr[ETH_ADDRSTRLEN]; > + const struct guest_addr *a; > size_t mlen, dlen, opt_len; > struct in_addr mask, dst; > struct ethhdr eh_storage; > @@ -313,6 +314,7 @@ int dhcp(const struct ctx *c, struct iov_tail *data) > const struct udphdr *uh; > struct msg m_storage; > struct msg const *m; > + struct in_addr addr; > struct msg reply; > unsigned int i; > > @@ -344,6 +346,10 @@ int dhcp(const struct ctx *c, struct iov_tail *data) > m->op != BOOTREQUEST) > return -1; > > + a = fwd_get_addr(c, AF_INET, 0, 0); > + assert(a); > + addr = *inany_v4(&a->addr); > + > reply.op = BOOTREPLY; > reply.htype = m->htype; > reply.hlen = m->hlen; > @@ -352,7 +358,7 @@ int dhcp(const struct ctx *c, struct iov_tail *data) > reply.secs = 0; > reply.flags = m->flags; > reply.ciaddr = m->ciaddr; > - reply.yiaddr = c->ip4.addr; > + reply.yiaddr = addr; This implies a strict preference ordering in fwd_get_addr(), because if we store multiple addresses, we don't want to override an explicitly configured address (-a) with anything else, for example. At this point of this series we should still have a single address in the array, but maybe it would be good to clarify this aspect of fwd_get_addr() already at this point (and introduce an explicit selection order)? Yes, you add a flag for DHCP eligibility later in the series, but that's not equivalent to a preference mechanism. > reply.siaddr = 0; > reply.giaddr = m->giaddr; > memcpy(&reply.chaddr, m->chaddr, sizeof(reply.chaddr)); > @@ -404,7 +410,7 @@ int dhcp(const struct ctx *c, struct iov_tail *data) > > info(" from %s", eth_ntop(m->chaddr, macstr, sizeof(macstr))); > > - mask.s_addr = htonl(0xffffffff << (32 - c->ip4.prefix_len)); > + mask.s_addr = IN4_MASK(inany_prefix_len(&a->addr, a->prefix_len)); > memcpy(opts[1].s, &mask, sizeof(mask)); > memcpy(opts[3].s, &c->ip4.guest_gw, sizeof(c->ip4.guest_gw)); > memcpy(opts[54].s, &c->ip4.our_tap_addr, sizeof(c->ip4.our_tap_addr)); > @@ -412,7 +418,7 @@ int dhcp(const struct ctx *c, struct iov_tail *data) > /* If the gateway is not on the assigned subnet, send an option 121 > * (Classless Static Routing) adding a dummy route to it. > */ > - if ((c->ip4.addr.s_addr & mask.s_addr) > + if ((addr.s_addr & mask.s_addr) > != (c->ip4.guest_gw.s_addr & mask.s_addr)) { > /* a.b.c.d/32:0.0.0.0, 0:a.b.c.d */ > opts[121].slen = 14; > @@ -471,7 +477,7 @@ int dhcp(const struct ctx *c, struct iov_tail *data) > if (m->flags & FLAG_BROADCAST) > dst = in4addr_broadcast; > else > - dst = c->ip4.addr; > + dst = addr; > > tap_udp4_send(c, c->ip4.our_tap_addr, 67, dst, 68, &reply, dlen); > > diff --git a/dhcpv6.c b/dhcpv6.c > index 2db0944..0a064a9 100644 > --- a/dhcpv6.c > +++ b/dhcpv6.c > @@ -318,7 +318,7 @@ static bool dhcpv6_opt(struct iov_tail *data, uint16_t type) > * false otherwise and @data is unmodified > */ > static bool dhcpv6_ia_notonlink(struct iov_tail *data, > - struct in6_addr *la) > + const struct in6_addr *la) > { > int ia_types[2] = { OPT_IA_NA, OPT_IA_TA }; > struct opt_ia_addr opt_addr_storage; > @@ -567,6 +567,7 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > struct opt_hdr client_id_storage; > /* cppcheck-suppress [variableScope,unmatchedSuppression] */ > struct opt_ia_na ia_storage; > + const struct guest_addr *a; > const struct in6_addr *src; > struct msg_hdr mh_storage; > const struct msg_hdr *mh; > @@ -574,6 +575,8 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > const struct udphdr *uh; > size_t mlen, n; > > + a = fwd_get_addr(c, AF_INET6, 0, CONF_ADDR_LINKLOCAL); > + > uh = IOV_REMOVE_HEADER(data, uh_storage); > if (!uh) > return -1; > @@ -627,7 +630,7 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > if (mh->type == TYPE_CONFIRM && server_id) > return -1; > > - if (dhcpv6_ia_notonlink(data, &c->ip6.addr)) { > + if (a && dhcpv6_ia_notonlink(data, &a->addr.a6)) { > > dhcpv6_send_ia_notonlink(c, saddr, data, &client_id_base, > ntohs(client_id->l), mh->xid); > @@ -680,7 +683,8 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > resp.hdr.xid = mh->xid; > > tap_udp6_send(c, src, 547, saddr, 546, mh->xid, &resp, n); > - c->ip6.addr_seen = c->ip6.addr; > + if (a) > + c->ip6.addr_seen = a->addr.a6; > > return 1; > } > @@ -691,6 +695,7 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > */ > void dhcpv6_init(const struct ctx *c) > { > + const struct guest_addr *a; > time_t y2k = 946684800; /* Epoch to 2000-01-01T00:00:00Z, no mktime() */ > uint32_t duid_time; > > @@ -704,5 +709,7 @@ void dhcpv6_init(const struct ctx *c) > memcpy(resp_not_on_link.server_id.duid_lladdr, > c->our_tap_mac, sizeof(c->our_tap_mac)); > > - resp.ia_addr.addr = c->ip6.addr; > + a = fwd_get_addr(c, AF_INET6, 0, CONF_ADDR_LINKLOCAL); > + if (a) > + resp.ia_addr.addr = a->addr.a6; > } > diff --git a/fwd.c b/fwd.c > index bedbf98..14ce0a7 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -249,6 +249,61 @@ void fwd_neigh_table_init(const struct ctx *c) > fwd_neigh_table_update(c, &mga, c->our_tap_mac, true); > } > > +/** > + * fwd_set_addr() - Add or update an address in the unified address array > + * @c: Execution context > + * @addr: Address to add (IPv4-mapped or IPv6) > + * @flags: CONF_ADDR_* flags for this address > + * @prefix_len: Prefix length in IPv6 or IPv4 format > + * > + * Find the first existing entry of the same address family and > + * overwrite it, or create a new one if none exists > + */ > +void fwd_set_addr(struct ctx *c, const union inany_addr *addr, > + uint8_t flags, int prefix_len) > +{ > + struct guest_addr *a; > + > + for_each_addr(a, c->addrs, c->addr_count, inany_af(addr)) { > + goto found; > + } Nit: curly brackets not needed. > + > + if (c->addr_count >= MAX_GUEST_ADDRS) > + return; > + > + a = &c->addrs[c->addr_count++]; > + > +found: > + a->addr = *addr; > + a->prefix_len = inany_prefix_len6(addr, prefix_len); > + a->flags = flags; > +} > + > +/** > + * fwd_get_addr() - Get guest address entry matching criteria > + * @c: Execution context > + * @af: Address family (AF_INET, AF_INET6, or 0 for any) I think AF_UNSPEC (that you seem to use later?) is more common to denote "any". Not a strong preference, 0 might have some advantages as well. > + * @incl: Flags that must be present (any-match) > + * @excl: Flags that must not be present > + * > + * Return: first address entry matching criteria, or NULL > + */ > +const struct guest_addr *fwd_get_addr(const struct ctx *c, sa_family_t af, > + uint8_t incl, uint8_t excl) > +{ > + const struct guest_addr *a; > + > + for_each_addr(a, c->addrs, c->addr_count, af) { > + if (incl && !(a->flags & incl)) Regardless of my CONF_ADDR_PICK_ANY suggestion above, it might be a bit surprising that 0 matches all flags (but so does 0xff). If it needs to be like that for whatever reason, I think that deserves a mention in the comment to @incl ("0 means any"). > + continue; > + if (a->flags & excl) > + continue; > + return a; > + } > + > + return NULL; > +} > + > /** fwd_probe_ephemeral() - Determine what ports this host considers ephemeral > * > * Work out what ports the host thinks are emphemeral and record it for later > @@ -941,8 +996,10 @@ static bool is_dns_flow(uint8_t proto, const struct flowside *ini) > * translation, false otherwise > */ > static bool fwd_guest_accessible4(const struct ctx *c, > - const struct in_addr *addr) > + const struct in_addr *addr) > { > + const struct guest_addr *a; > + > if (IN4_IS_ADDR_LOOPBACK(addr)) > return false; > > @@ -957,7 +1014,8 @@ static bool fwd_guest_accessible4(const struct ctx *c, > /* For IPv4, addr_seen is initialised to addr, so is always a valid > * address > */ > - if (IN4_ARE_ADDR_EQUAL(addr, &c->ip4.addr) || > + a = fwd_get_addr(c, AF_INET, 0, 0); > + if ((a && IN4_ARE_ADDR_EQUAL(addr, inany_v4(&a->addr))) || > IN4_ARE_ADDR_EQUAL(addr, &c->ip4.addr_seen)) > return false; > > @@ -975,10 +1033,13 @@ static bool fwd_guest_accessible4(const struct ctx *c, > static bool fwd_guest_accessible6(const struct ctx *c, > const struct in6_addr *addr) > { > + const struct guest_addr *a; > + > if (IN6_IS_ADDR_LOOPBACK(addr)) > return false; > > - if (IN6_ARE_ADDR_EQUAL(addr, &c->ip6.addr)) > + a = fwd_get_addr(c, AF_INET6, 0, 0); > + if (a && IN6_ARE_ADDR_EQUAL(addr, &a->addr.a6)) > return false; > > /* For IPv6, addr_seen starts unspecified, because we don't know what LL > @@ -1023,16 +1084,21 @@ static bool fwd_guest_accessible(const struct ctx *c, > static void nat_outbound(const struct ctx *c, const union inany_addr *addr, > union inany_addr *translated) > { > - if (inany_equals4(addr, &c->ip4.map_host_loopback)) > + const struct guest_addr *ga; > + > + if (inany_equals4(addr, &c->ip4.map_host_loopback)) { > *translated = inany_loopback4; > - else if (inany_equals6(addr, &c->ip6.map_host_loopback)) > + } else if (inany_equals6(addr, &c->ip6.map_host_loopback)) { > *translated = inany_loopback6; > - else if (inany_equals4(addr, &c->ip4.map_guest_addr)) > - *translated = inany_from_v4(c->ip4.addr); > - else if (inany_equals6(addr, &c->ip6.map_guest_addr)) > - translated->a6 = c->ip6.addr; > - else > + } else if (inany_equals4(addr, &c->ip4.map_guest_addr)) { > + ga = fwd_get_addr(c, AF_INET, 0, 0); > + *translated = ga ? ga->addr : inany_any4; > + } else if (inany_equals6(addr, &c->ip6.map_guest_addr)) { > + ga = fwd_get_addr(c, AF_INET6, 0, 0); > + translated->a6 = ga ? ga->addr.a6 : in6addr_any; > + } else { > *translated = *addr; > + } > } > > /** > @@ -1137,16 +1203,21 @@ bool nat_inbound(const struct ctx *c, const union inany_addr *addr, > } else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback) && > inany_equals6(addr, &in6addr_loopback)) { > translated->a6 = c->ip6.map_host_loopback; > - } else if (!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_guest_addr) && > - inany_equals4(addr, &c->ip4.addr)) { > - *translated = inany_from_v4(c->ip4.map_guest_addr); > - } else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_guest_addr) && > - inany_equals6(addr, &c->ip6.addr)) { > - translated->a6 = c->ip6.map_guest_addr; > - } else if (fwd_guest_accessible(c, addr)) { > - *translated = *addr; > } else { > - return false; > + const struct guest_addr *ga4 = fwd_get_addr(c, AF_INET, 0, 0); > + const struct guest_addr *ga6 = fwd_get_addr(c, AF_INET6, 0, 0); > + > + if (!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_guest_addr) && > + ga4 && inany_equals(addr, &ga4->addr)) { > + *translated = inany_from_v4(c->ip4.map_guest_addr); > + } else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_guest_addr) && > + ga6 && inany_equals(addr, &ga6->addr)) { > + translated->a6 = c->ip6.map_guest_addr; > + } else if (fwd_guest_accessible(c, addr)) { > + *translated = *addr; > + } else { > + return false; > + } > } > > return true; > diff --git a/fwd.h b/fwd.h > index 958eee2..c5a1068 100644 > --- a/fwd.h > +++ b/fwd.h > @@ -23,6 +23,8 @@ struct flowside; > > void fwd_probe_ephemeral(void); > bool fwd_port_is_ephemeral(in_port_t port); > +const struct guest_addr *fwd_get_addr(const struct ctx *c, sa_family_t af, > + uint8_t incl, uint8_t excl); > > /** > * struct fwd_rule - Forwarding rule governing a range of ports > @@ -141,5 +143,7 @@ void fwd_neigh_table_free(const struct ctx *c, > void fwd_neigh_mac_get(const struct ctx *c, const union inany_addr *addr, > uint8_t *mac); > void fwd_neigh_table_init(const struct ctx *c); > +void fwd_set_addr(struct ctx *c, const union inany_addr *addr, > + uint8_t flags, int prefix_len); > > #endif /* FWD_H */ > diff --git a/inany.h b/inany.h > index 9891ed6..0450c45 100644 > --- a/inany.h > +++ b/inany.h > @@ -102,6 +102,16 @@ static inline struct in_addr *inany_v4(const union inany_addr *addr) > return (struct in_addr *)&addr->v4mapped.a4; > } > > +/** inany_af - Get address family of IPv[46] address > + * @addr: IPv4 or IPv6 address > + * > + * Return: AF_INET for IPv4, AF_INET6 for IPv6 > + */ > +static inline sa_family_t inany_af(const union inany_addr *addr) > +{ > + return inany_v4(addr) ? AF_INET : AF_INET6; > +} > + > /** inany_default_prefix_len() - Get default prefix length for address > * @addr: IPv4 or iPv6 address > * > @@ -115,6 +125,37 @@ static inline int inany_default_prefix_len(const union inany_addr *addr) > return v4 ? ip4_class_prefix_len(v4) + 96 : 64; > } > > + > +/** inany_prefix_len() - Convert prefix length to native format > + * @addr: IPv4 or IPv6 address > + * @prefix_len: prefix length (any format, auto-detected) > + * > + * Return: prefix length in native format (0-32 for IPv4, 0-128 for IPv6) > + */ > +static inline int inany_prefix_len(const union inany_addr *addr, > + int prefix_len) > +{ > + if (inany_v4(addr) && prefix_len >= 96) > + return prefix_len - 96; > + > + return prefix_len; > +} > + > +/** inany_prefix_len6() - Convert prefix length to generic format > + * @addr: IPv4 or IPv6 address > + * @prefix_len: prefix length (any format, auto-detected) > + * > + * Return: prefix length in generic format (96-128 for IPv4, 0-128 for IPv6) > + */ > +static inline int inany_prefix_len6(const union inany_addr *addr, > + int prefix_len) > +{ > + if (inany_v4(addr) && prefix_len && prefix_len <= 32) > + return prefix_len + 96; > + > + return prefix_len; > +} > + > /** inany_equals - Compare two IPv[46] addresses > * @a, @b: IPv[46] addresses > * > diff --git a/ip.h b/ip.h > index d0de6c8..933d98c 100644 > --- a/ip.h > +++ b/ip.h > @@ -19,6 +19,8 @@ > (ntohl(((struct in_addr *)(a))->s_addr) >> IN_CLASSA_NSHIFT == IN_LOOPBACKNET) > #define IN4_IS_ADDR_MULTICAST(a) \ > (IN_MULTICAST(ntohl(((struct in_addr *)(a))->s_addr))) > +#define IN4_MASK(prefix) \ > + ((prefix) <= 0 ? 0 : htonl(0xffffffff << (32 - (prefix)))) > #define IN4_ARE_ADDR_EQUAL(a, b) \ > (((struct in_addr *)(a))->s_addr == ((struct in_addr *)b)->s_addr) > #define IN4ADDR_LOOPBACK_INIT \ > diff --git a/ndp.c b/ndp.c > index 1f2bcb0..3750fc5 100644 > --- a/ndp.c > +++ b/ndp.c > @@ -257,7 +257,6 @@ static void ndp_ra(const struct ctx *c, const struct in6_addr *dst) > .valid_lifetime = ~0U, > .pref_lifetime = ~0U, > }, > - .prefix = c->ip6.addr, > .source_ll = { > .header = { > .type = OPT_SRC_L2_ADDR, > @@ -265,8 +264,13 @@ static void ndp_ra(const struct ctx *c, const struct in6_addr *dst) > }, > }, > }; > + const struct guest_addr *a = fwd_get_addr(c, AF_INET6, 0, 0); > unsigned char *ptr = NULL; > > + ASSERT(a); As David pointed out, this is unnecessarily fragile, but as I was looking into what the behaviour should be, here, it just occurred to me that RFC 4861 doesn't mandate the presence of any Prefix Option (3) in a Router Advertisement message, and it looks like there is at least one reported case: https://forum.mikrotik.com/t/how-to-send-router-advertisements-without-prefix/182496/5 of this kind of usage: advertise ourselves as router, but let the address assignment work with DHCPv6 (or not even, just use link-local address). At the moment an early return looks sufficient, also because I'm not sure if things would actually work if we don't advertise a prefix at the moment, but that's something we should probably consider for the future (or maybe even in this series). > + > + ra.prefix = a->addr.a6; > + > ptr = &ra.var[0]; > > if (c->mtu) { > @@ -460,6 +464,7 @@ first: > */ > void ndp_send_init_req(const struct ctx *c) > { > + const struct guest_addr *a = fwd_get_addr(c, AF_INET6, 0, 0); > struct ndp_ns ns = { > .ih = { > .icmp6_type = NS, > @@ -468,8 +473,13 @@ void ndp_send_init_req(const struct ctx *c) > .icmp6_solicited = 0, /* Reserved */ > .icmp6_override = 0, /* Reserved */ > }, > - .target_addr = c->ip6.addr > + .target_addr = IN6ADDR_ANY_INIT > }; > + > + if (!a) > + return; > + > + ns.target_addr = a->addr.a6; > debug("Sending initial NDP NS request for guest MAC address"); > - ndp_send(c, &c->ip6.addr, &ns, sizeof(ns)); > + ndp_send(c, &a->addr.a6, &ns, sizeof(ns)); > } > diff --git a/passt.h b/passt.h > index b614bdf..f75656d 100644 > --- a/passt.h > +++ b/passt.h > @@ -64,11 +64,28 @@ enum passt_modes { > MODE_VU, > }; > > +/* Maximum number of addresses in context address array */ > +#define MAX_GUEST_ADDRS 32 > + > +/** > + * struct guest_addr - Unified IPv4/IPv6 address entry > + * @addr: IPv4 (as mapped) or IPv6 address > + * @prefix_len: Prefix length in IPv6/IPv4-mapped [0,128]/[96,128] format > + * @flags: CONF_ADDR_* flags > + */ > +struct guest_addr { > + union inany_addr addr; > + uint8_t prefix_len; > + uint8_t flags; > +#define CONF_ADDR_USER BIT(0) /* User set via -a */ > +#define CONF_ADDR_HOST BIT(1) /* From host interface */ > +#define CONF_ADDR_GENERATED BIT(2) /* Generated by PASST/PASTA */ > +#define CONF_ADDR_LINKLOCAL BIT(3) /* Link-local address */ > +}; > + > /** > * struct ip4_ctx - IPv4 execution context > - * @addr: IPv4 address assigned to guest > * @addr_seen: Latest IPv4 address seen as source from tap > - * @prefixlen: IPv4 prefix length (netmask) > * @guest_gw: IPv4 gateway as seen by the guest > * @map_host_loopback: Outbound connections to this address are NATted to the > * host's 127.0.0.1 > @@ -84,10 +101,7 @@ enum passt_modes { > * @no_copy_addrs: Don't copy all addresses when configuring namespace > */ > struct ip4_ctx { > - /* PIF_TAP addresses */ > - struct in_addr addr; > struct in_addr addr_seen; > - int prefix_len; > struct in_addr guest_gw; > struct in_addr map_host_loopback; > struct in_addr map_guest_addr; > @@ -107,7 +121,6 @@ struct ip4_ctx { > > /** > * struct ip6_ctx - IPv6 execution context > - * @addr: IPv6 address assigned to guest > * @addr_seen: Latest IPv6 global/site address seen as source from tap > * @addr_ll_seen: Latest IPv6 link-local address seen as source from tap > * @guest_gw: IPv6 gateway as seen by the guest > @@ -125,8 +138,6 @@ struct ip4_ctx { > * @no_copy_addrs: Don't copy all addresses when configuring namespace > */ > struct ip6_ctx { > - /* PIF_TAP addresses */ > - struct in6_addr addr; > struct in6_addr addr_seen; > struct in6_addr addr_ll_seen; > struct in6_addr guest_gw; > @@ -181,6 +192,8 @@ struct ip6_ctx { > * @fqdn: Guest FQDN > * @ifi6: Template interface for IPv6, -1: none, 0: IPv6 disabled > * @ip6: IPv6 configuration > + * @addrs: Unified address array for both IPv4 (mapped) and IPv6 > + * @addr_count: Number of active entries in @addrs array > * @pasta_ifn: Name of namespace interface for pasta > * @pasta_ifi: Index of namespace interface for pasta > * @pasta_conf_ns: Configure namespace after creating it > @@ -260,6 +273,9 @@ struct ctx { > int ifi6; > struct ip6_ctx ip6; > > + struct guest_addr addrs[MAX_GUEST_ADDRS]; > + int addr_count; > + > char pasta_ifn[IF_NAMESIZE]; > unsigned int pasta_ifi; > int pasta_conf_ns; > @@ -301,6 +317,41 @@ struct ctx { > bool migrate_exit; > }; > > +/** > + * next_addr_idx_() - Find next address index matching family filter > + * @addrs: Array of guest addresses > + * @count: Number of addresses in array > + * @i: Starting index > + * @af: Address family filter: AF_INET, AF_INET6, or 0 for all > + * > + * Return: next matching index, or count if none found > + */ > +static inline int next_addr_idx_(const struct guest_addr *addrs, int count, > + int i, sa_family_t af) > +{ > + for (; i < count; i++) { > + sa_family_t entry_af; > + > + entry_af = inany_v4(&addrs[i].addr) ? AF_INET : AF_INET6; > + > + if (af == AF_UNSPEC || af == entry_af) > + return i; > + } > + return i; > +} > + > +/** > + * for_each_addr() - Iterate over addresses in array > + * @a: Pointer variable for current entry (struct guest_addr *) > + * @addrs: Array of guest addresses (e.g., c->addrs) > + * @count: Number of addresses (e.g., c->addr_count) > + * @af: Address family filter: AF_INET, AF_INET6, or 0 for all > + */ > +#define for_each_addr(a, addrs, count, af) \ > + for (int i_ = next_addr_idx_((addrs), (count), 0, (af)); \ > + i_ < (count) && ((a) = &(addrs)[i_], true); \ Why do you need that ", true"? Isn't an extra () pair enough to silence warnings about evaluating the assignment as a condition? I find it a bit hard to read like that. > + i_ = next_addr_idx_((addrs), (count), i_ + 1, (af))) > + > void proto_update_l2_buf(const unsigned char *eth_d); > > #endif /* PASST_H */ > diff --git a/pasta.c b/pasta.c > index bab945f..c51e4cd 100644 > --- a/pasta.c > +++ b/pasta.c > @@ -330,6 +330,8 @@ void pasta_ns_conf(struct ctx *c) > > if (c->pasta_conf_ns) { > unsigned int flags = IFF_UP; > + const struct guest_addr *a; > + int plen; > > if (c->mtu) > nl_link_set_mtu(nl_sock_ns, c->pasta_ifi, c->mtu); > @@ -341,10 +343,15 @@ void pasta_ns_conf(struct ctx *c) > > if (c->ifi4) { > if (c->ip4.no_copy_addrs) { > - rc = nl_addr_set(nl_sock_ns, c->pasta_ifi, > - AF_INET, > - &c->ip4.addr, > - c->ip4.prefix_len); > + a = fwd_get_addr(c, AF_INET, 0, 0); > + if (a) { > + plen = inany_prefix_len(&a->addr, > + a->prefix_len); > + rc = nl_addr_set(nl_sock_ns, > + c->pasta_ifi, AF_INET, > + inany_v4(&a->addr), > + plen); > + } > } else { > rc = nl_addr_dup(nl_sock, c->ifi4, > nl_sock_ns, c->pasta_ifi, > @@ -397,11 +404,13 @@ ipv4_done: > 0, IFF_NOARP); > > if (c->ip6.no_copy_addrs) { > - if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.addr)) { > + a = fwd_get_addr(c, AF_INET6, 0, 0); > + if (a) > rc = nl_addr_set(nl_sock_ns, > - c->pasta_ifi, AF_INET6, > - &c->ip6.addr, 64); > - } > + c->pasta_ifi, > + AF_INET6, > + &a->addr.a6, > + a->prefix_len); > } else { > rc = nl_addr_dup(nl_sock, c->ifi6, > nl_sock_ns, c->pasta_ifi, > diff --git a/tap.c b/tap.c > index 59c45a3..eb93f74 100644 > --- a/tap.c > +++ b/tap.c > @@ -936,8 +936,11 @@ resume: > c->ip6.addr_seen = *saddr; > } > > - if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.addr)) > - c->ip6.addr = *saddr; > + if (!fwd_get_addr(c, AF_INET6, 0, 0)) { > + union inany_addr addr = { .a6 = *saddr }; > + > + fwd_set_addr(c, &addr, CONF_ADDR_LINKLOCAL, 64); > + } > } else if (!IN6_IS_ADDR_UNSPECIFIED(saddr)){ > c->ip6.addr_seen = *saddr; > } -- Stefano