From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=TjFuMUgi;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 6EAAF5A065B
	for <passt-dev@passt.top>; Mon, 17 Mar 2025 03:59:57 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202502; t=1742180380;
	bh=ayIAUerOzi3I6Utu/D3u7o9W0dhkdIdsNiSqqdFFT7U=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=TjFuMUgieQZc1dvnbCBl8hoVLjoxBHh/gRg/wAaEqm0Gy+aO7yuphu5Mn0hm3FS6j
	 Xm9+lBRl1nLyHfCtUfMY8RAngA2K0NTxdHDV/vC4P1tBFBJUOmBz+ixZmDbxCoG8eb
	 vlRfNWQCKJgWyCGSKZsmebWIK8KvYObcYqNrOuVf7Gt44GjR3BgDfVAt7ODcUyBJy1
	 OdavvAxPRMChQ61tYLWpNpyq8T2hErdwNM8wvvSUYaVIO1UkgfL8QkoB/bY2kaXG2K
	 z3VBfnD8DgzMLnrTQP4IGYWfpSBLypaaS/oKudwlqQnlJBU6xLUvw9wVDktartmZpK
	 LBQ0GeOKmZSjw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4ZGKSr4M98z4x8b; Mon, 17 Mar 2025 13:59:40 +1100 (AEDT)
Date: Mon, 17 Mar 2025 13:58:56 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [PATCH 2/2] udp: support traceroute for IPv4
Message-ID: <Z9eP8FXQXAFy8cI4@zatzit>
References: <20250315153245.435293-1-jmaloy@redhat.com>
 <20250315153245.435293-3-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="GBswCvr/SoYlw2S2"
Content-Disposition: inline
In-Reply-To: <20250315153245.435293-3-jmaloy@redhat.com>
Message-ID-Hash: SQEPXM5LUO57RAOJO4YXQIP6WA3IWRGJ
X-Message-ID-Hash: SQEPXM5LUO57RAOJO4YXQIP6WA3IWRGJ
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, sbrivio@redhat.com, lvivier@redhat.com, dgibson@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z9eP8FXQXAFy8cI4@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/SQEPXM5LUO57RAOJO4YXQIP6WA3IWRGJ/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--GBswCvr/SoYlw2S2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 15, 2025 at 11:32:45AM -0400, Jon Maloy wrote:
> Now that ICMP pass-through from socket-to-tap is in place, it is
> easy to support UDP based traceroute functionality in direction
> tap-to-socket.
>=20
> We fix that for IPv4 in this commit.
>=20
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>
> ---
>  packet.h |  2 ++
>  tap.c    |  8 ++++++--
>  udp.c    | 10 +++++++++-
>  udp.h    |  3 ++-
>  4 files changed, 19 insertions(+), 4 deletions(-)
>=20
> diff --git a/packet.h b/packet.h
> index d099f02..e406c6d 100644
> --- a/packet.h
> +++ b/packet.h
> @@ -9,6 +9,8 @@
>  /* Maximum size of a single packet stored in pool, including headers */
>  #define PACKET_MAX_LEN	UINT16_MAX
> =20
> +#define DEFAULT_TTL 64
> +
>  /**
>   * struct pool - Generic pool of packets stored in a buffer
>   * @buf:	Buffer storing packet descriptors,
> diff --git a/tap.c b/tap.c
> index 182a115..7d0970d 100644
> --- a/tap.c
> +++ b/tap.c
> @@ -544,6 +544,7 @@ PACKET_POOL_DECL(pool_l4, UIO_MAXIOV, pkt_buf);
>   * @dest:	Destination port
>   * @saddr:	Source address
>   * @daddr:	Destination address
> + * @ttl:	Time to live
>   * @msg:	Array of messages that can be handled in a single call
>   */
>  static struct tap4_l4_t {
> @@ -555,6 +556,8 @@ static struct tap4_l4_t {
>  	struct in_addr saddr;
>  	struct in_addr daddr;
> =20
> +	uint8_t ttl;
> +

Putting the TTL in here kind of implies that it's the same for all the
packets in the pool below, but AFAICT you don't ensure that's the case...

>  	struct pool_l4_t p;
>  } tap4_l4[TAP_SEQS /* Arbitrary: TAP_MSGS in theory, so limit in users *=
/];
> =20
> @@ -776,6 +779,7 @@ resume:
>  		(seq)->dest		=3D (uh)->dest;			\
>  		(seq)->saddr.s_addr	=3D (iph)->saddr;			\
>  		(seq)->daddr.s_addr	=3D (iph)->daddr;			\
> +		(seq)->ttl		=3D (iph)->ttl;				\
>  	} while (0)

=2E.. to do so, you'd need to update the L4_MATCH macro as well as the
L4_SET macro.  That said... grouping the packets by TTL seems a
slightly odd thing to do.  But to avoid doing so we'd need to pass
additional information (say the whole IP header) per packet, which is
a somewhat wider rework.

>  		if (seq && L4_MATCH(iph, uh, seq) && seq->p.count < UIO_MAXIOV)
> @@ -824,7 +828,7 @@ append:
>  			for (k =3D 0; k < p->count; )
>  				k +=3D udp_tap_handler(c, PIF_TAP, AF_INET,
>  						     &seq->saddr, &seq->daddr,
> -						     p, k, now);
> +						     seq->ttl, p, k, now);
>  		}
>  	}
> =20
> @@ -1007,7 +1011,7 @@ append:
>  			for (k =3D 0; k < p->count; )
>  				k +=3D udp_tap_handler(c, PIF_TAP, AF_INET6,
>  						     &seq->saddr, &seq->daddr,
> -						     p, k, now);
> +						     DEFAULT_TTL, p, k, now);

I believe there's an equivalent to TTL for IPv6.  hop_limit?

>  		}
>  	}
> =20
> diff --git a/udp.c b/udp.c
> index 271e570..1ee289c 100644
> --- a/udp.c
> +++ b/udp.c
> @@ -844,6 +844,7 @@ void udp_reply_sock_handler(const struct ctx *c, unio=
n epoll_ref ref,
>   * @af:		Address family, AF_INET or AF_INET6
>   * @saddr:	Source address
>   * @daddr:	Destination address
> + * @ttl:	TTL for packets to be sent in this call
>   * @p:		Pool of UDP packets, with UDP headers
>   * @idx:	Index of first packet to process
>   * @now:	Current timestamp
> @@ -854,7 +855,8 @@ void udp_reply_sock_handler(const struct ctx *c, unio=
n epoll_ref ref,
>   */
>  int udp_tap_handler(const struct ctx *c, uint8_t pif,
>  		    sa_family_t af, const void *saddr, const void *daddr,
> -		    const struct pool *p, int idx, const struct timespec *now)
> +		    uint8_t ttl, const struct pool *p, int idx,
> +		    const struct timespec *now)
>  {
>  	const struct flowside *toside;
>  	struct mmsghdr mm[UIO_MAXIOV];
> @@ -933,6 +935,12 @@ int udp_tap_handler(const struct ctx *c, uint8_t pif,
>  		mm[i].msg_hdr.msg_controllen =3D 0;
>  		mm[i].msg_hdr.msg_flags =3D 0;
> =20
> +		if (ttl <=3D 30) {
> +			if (setsockopt(s, IPPROTO_IP, IP_TTL,
> +				       &ttl, sizeof(ttl)) < 0)

AFAIK this will set the TTL on every subsequent packet, not just the
next one, so this isn't quite right.  To use this I guess we'd have to
store the correct TTL in the flow, and do the sockopt if it's
different from the guest side one.  Unless there's a way to set TTL
via cmsg.  Maybe there is, but I haven't spotted it in a quick glance.

> +				perror("setsockopt (IP_TTL)");
> +		}
> +
>  		count++;
>  	}
> =20
> diff --git a/udp.h b/udp.h
> index de2df6d..041fad4 100644
> --- a/udp.h
> +++ b/udp.h
> @@ -15,7 +15,8 @@ void udp_reply_sock_handler(const struct ctx *c, union =
epoll_ref ref,
>  			    uint32_t events, const struct timespec *now);
>  int udp_tap_handler(const struct ctx *c, uint8_t pif,
>  		    sa_family_t af, const void *saddr, const void *daddr,
> -		    const struct pool *p, int idx, const struct timespec *now);
> +		    uint8_t  ttl, const struct pool *p, int idx,
> +		    const struct timespec *now);
>  int udp_sock_init(const struct ctx *c, int ns, const union inany_addr *a=
ddr,
>  		  const char *ifname, in_port_t port);
>  int udp_init(struct ctx *c);

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--GBswCvr/SoYlw2S2
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmfXj8cACgkQzQJF27ox
2GccGQ//UdOAI+ytvWkfGlwEqNx63rEMl4UrlcIeAr9zme8XbxrazFz/1TLzID/1
sNK8WmLwIgclDyLfFJANeBkIEf3WrYEp859wgX5tGh/8kQriHwItt7bUvE2BZdsf
tyWFjS3WCiwzBye2G9kkpFiY8qAt+of4pcb3BeSudls0A1JPLET74yrPkaFb7LRX
l6HlTkq8V+JAPVbMNkdF58MsX9OQEyBZVJ5amJJrr17sT2neX43JOOef9TQduq2z
k3pT6RLkbGtNELYsqgB2b5QU0vu+DWBxBBkVrAGvRjBxEjWDQdlCx6XpH7K0Wc3G
bThLbhW9Dczlj2K5EljOvE47EPjCjrWLHpiXgUamNPMjysro7exyO2MJ6W9D1oFW
cKSgBxP5FNbnDTY50nw9xKEYJagyQpKulbwa6msNrahcKzZEJ57n/WcGdwqp6XNl
U0mdsPw6fMn8BVFjwyijPNb19JxDlD1KsxPZ/AxvJWoE3j9Vouv5VDJ66PMwbclq
Osg3gD1YKBCQ0xjJj52Hy9nQLn69cNZSDRYewHWFnOxzet7iMKRmNs8LvM5KqbWL
YWsRruJM3Y7JrgWn6BeIoYLBuFyGXm3ylY18hL8ROh97+qEkUuzIOwx+Wgwg101t
J7zI/CbCTpdTnmE+ntHB2UpuCSis9ihNEKUNJSQoAwXhjkiYDWg=
=Vjd4
-----END PGP SIGNATURE-----

--GBswCvr/SoYlw2S2--