From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=lCOI7AlT;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id E49695A0650
	for <passt-dev@passt.top>; Tue, 04 Mar 2025 05:54:43 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202502; t=1741064074;
	bh=JOaveCTnZuvOZsPPOAiZy3ivtBe615/czlb17fZRnLU=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=lCOI7AlT/I6bDY9VSSBY3y15Vw+y4BVF+/HKQ/dmVS1+iW5u/VbUdnL52IjXcleST
	 L4NjTPRsPZB574eNLV8JSVjAmXBcJzeL6mhVE1v4MOfXBnrbY8WpDCxgiJImpdsxi1
	 qNNELCoBZ+JjrqnyfwyLQ/td7syfmgAqsXl3yXaYipUoAusgGgbFVkvQ7IimV3yWsA
	 RLJnLzZNqX3kMCcSkTzmt+2ZeaI8pdRCQq4b3lYBcV+UEkg7PNXNsOC+CZcafsDqgf
	 S3pJhQNfD9alYu1vrk5w3AOZoPXdob1LDKELhiIkmpuenW6KeIF+peAo412yf3loCa
	 dD4kz/90aWDEw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Z6NdQ1ktHz4x3S; Tue,  4 Mar 2025 15:54:34 +1100 (AEDT)
Date: Tue, 4 Mar 2025 15:46:28 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [PATCH v9 0/4] Reconstruct incoming ICMP headers for failed UDP
 connect and forward back
Message-ID: <Z8aFpNNt0l8-zPVr@zatzit>
References: <20250304012915.1517536-1-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="8xozOVrRuHVMZl+k"
Content-Disposition: inline
In-Reply-To: <20250304012915.1517536-1-jmaloy@redhat.com>
Message-ID-Hash: UEMSZA2DUHXQBXW7CK7QFRZPBTA6NN7O
X-Message-ID-Hash: UEMSZA2DUHXQBXW7CK7QFRZPBTA6NN7O
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, sbrivio@redhat.com, lvivier@redhat.com, dgibson@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z8aFpNNt0l8-zPVr@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/UEMSZA2DUHXQBXW7CK7QFRZPBTA6NN7O/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--8xozOVrRuHVMZl+k
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 03, 2025 at 08:29:11PM -0500, Jon Maloy wrote:
> v2: - Added patch breaking out udp header creation from function
>       tap_udp4_send().
>     - Updated the ICMP creation by using the new function.
>     - Added logics to find correct flow, depending on origin.
>     - All done after feedback from David Gibson.
> v3: - More changes after feedback from David Gibson.
> v4: - Even more changes after feedback from D. Gibson
> v5: - Added corresponding patches for IPv6
> v6: - Fixed some small nits after comments from D. Gibson.
> v7: - Added handling of all rejected ICMP messages
>     - Returning correct user data amount if IPv6 as per RFC 4884.
> v8: - Added MTU to ICMPv4 ICMP_FRAG_NEEDED messages.
>     - Added ASSERT() validation to message creation functions.
> v9: - Using real source address of ICMP to complement destination
>       address for originial UDP message when needed.

I think the changes for this are fine as far as they go.  It does
raise an additional wrinkle for when we try to do this for "listening"
sockets: since the ICMP may be coming from somewhere other than the
destination of the triggering message, we can't rely on the source
address to find the correct flow.  I think we'll need to use
EE_OFFENDER() to get the information we need, which will also mean
extended our cmsg buffers a bit: looks like the kernel puts a sockaddr
after the extended_err structure.

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--8xozOVrRuHVMZl+k
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmfGhaAACgkQzQJF27ox
2GdssQ/7BCbzlRRNDlqWMQd9njf8XIg5makkvP0FXT6+kCJCJu2kZh2LcU2gx0Zp
2C1lvognM2z47LqmkOLt5SOUTiJuMhyPRQklJKJvRc0ujklrXPYGUfWPQ0SsTSwE
XhY+Nzt0pNAFn1FeIPIDlWocqTjaLZi2f0tSEM/v9r8UA9hqFKC1HvUbqZREnEYp
t8HI6mZ9aWR5npXYyGJLYWJovGkJX2xLrD/vQ9PWJFux2dA38nTTpE5lTQQWi7a+
C2atOwE/4oReT+GpI9xr9NaiWYVXjc35gZQXwDxe8bI202HsqKCozqx7bWIR+qew
xYTphyl6ZbwIXp++lv8X0tEAg6rCDoV/XmK7Nk9MJlm3zna16KAk3MF+xNmGykI/
IvGAQUrSIkNewhvW6KoTZ8pu6YSfghlBos51eIgXwpO0wrftm0UADehrXz0Iydac
j8cZM8osZ7fvFFB3rOuCzs4Ow+TzFIhF+gwglRxDcO6p68N5Arl0rS3YjVYbDGWc
dwDl1+grmOeIQqCuZtlU35aCVgDoGsHTRb8CWw6Ds/Gjq3MrNWrvgwMzGDwH9xEQ
T5ZfvURrFyrI8GkGgNucFoE1K3833aYw/oMG20mcTgUeOiX61CD8Tt3xQHgTUkel
uqbHMBnAIRqbiMEagCi/+T76H0B7yPGHdgdMEXWqpAw9d8ShM9o=
=S5AN
-----END PGP SIGNATURE-----

--8xozOVrRuHVMZl+k--