From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 83FB75A02D1
	for <passt-dev@passt.top>; Tue, 14 May 2024 02:18:50 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1715645925;
	bh=fSy1nRoecX+74NA6cU2c82cPmvtDuab71QnBjgQPRHs=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=US3ysaNVBdAmomgIkDv/atgeZvz2wxIOqHQzU8iCDfrXFPkALnMv6yzAAPoy1Dnlj
	 QLZW6skfyAItK7EwV63czH8Mf8rpcWBhG8r5YVyhfPNjva92HSaRY+vpPyykZdHA3V
	 2lTvqDT9PsOfF8medZbO4TQp1XuZ5/+qrnM3tLmwpVqkFTWXozq5XpLJbwhjbexY9j
	 NXRDEMn8jyXKtcaW57yJeNSXFp37dLE7mlV8LD5Nhwr7i3HGZ9cOEFEPpRX3VEX5lp
	 tk2WPQ8CZ315UfmKLakMkpJA+vo06CdYrmAJVPLwSjASUyQVvgsNr6g9J/CfJxtTrk
	 UzYa94ZjHBVRA==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4VdcQs5Jv9z4wc5; Tue, 14 May 2024 10:18:45 +1000 (AEST)
Date: Tue, 14 May 2024 10:11:59 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v4 01/16] flow: Common data structures for tracking flow
 addresses
Message-ID: <ZkKsT2ssCdxoTzfR@zatzit>
References: <20240503011135.2924437-1-david@gibson.dropbear.id.au>
 <20240503011135.2924437-2-david@gibson.dropbear.id.au>
 <20240513200700.07fb2518@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="mgcT7Bc2KpoL4fCe"
Content-Disposition: inline
In-Reply-To: <20240513200700.07fb2518@elisabeth>
Message-ID-Hash: RNYLWJPWJHAIQFKVQVRLSZAONVVAQRQP
X-Message-ID-Hash: RNYLWJPWJHAIQFKVQVRLSZAONVVAQRQP
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZkKsT2ssCdxoTzfR@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/RNYLWJPWJHAIQFKVQVRLSZAONVVAQRQP/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--mgcT7Bc2KpoL4fCe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 13, 2024 at 08:07:00PM +0200, Stefano Brivio wrote:
> Minor comments/nits only:
>=20
> On Fri,  3 May 2024 11:11:20 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > Handling of each protocol needs some degree of tracking of the addresses
> > and ports at the end of each connection or flow.  Sometimes that's expl=
icit
> > (as in the guest visible addresses for TCP connections), sometimes impl=
icit
> > (the bound and connected addresses of sockets).
> >=20
> > To allow more general and robust handling, and more consistency across
> > protocols we want to uniformly track the address and port at each end of
> > the connection.  Furthermore, because we allow port remapping, and we
> > sometimes need to apply NAT, the addresses and ports can be different as
> > seen by the guest/namespace and as by the host.
> >=20
> > Introduce 'struct flowside' to keep track of common information
> > related to one side of each flow.  For now that's the addresses, ports
> > and the pif id.  Store two of these in the common fields of a flow to
> > track that information for both sides.  For now we just introduce the
> > structure itself, helpers to populate it, and logging of the contents
> > when starting and ending flows.  Later patches will actually put
> > something useful there.
> >=20
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> >  flow.c     | 28 ++++++++++++++++++--
> >  flow.h     | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >  passt.h    |  3 +++
> >  pif.h      |  1 -
> >  tcp_conn.h |  1 -
> >  5 files changed, 104 insertions(+), 4 deletions(-)
> >=20
> > diff --git a/flow.c b/flow.c
> > index 80dd269..02d6008 100644
> > --- a/flow.c
> > +++ b/flow.c
> > @@ -51,10 +51,11 @@ static_assert(ARRAY_SIZE(flow_proto) =3D=3D FLOW_NU=
M_TYPES,
> >   *
> >   *    ALLOC - A tentatively allocated entry
> >   *        Operations:
> > + *            - Common flow fields other than type may be accessed
> >   *            - flow_alloc_cancel() returns the entry to FREE state
> >   *            - FLOW_START() set the entry's type and moves to START s=
tate
> >   *        Caveats:
> > - *            - It's not safe to write fields in the flow entry
> > + *            - It's not safe to write flow type specific fields in th=
e entry
> >   *            - It's not safe to allocate further entries with flow_al=
loc()
> >   *            - It's not safe to return to the main epoll loop (use FL=
OW_START()
> >   *              to move to START state before doing so)
> > @@ -62,6 +63,7 @@ static_assert(ARRAY_SIZE(flow_proto) =3D=3D FLOW_NUM_=
TYPES,
> >   *
> >   *    START - An entry being prepared by flow type specific code
> >   *        Operations:
> > + *            - Common flow fields other than type may be accessed
> >   *            - Flow type specific fields may be accessed
> >   *            - flow_*() logging functions
> >   *            - flow_alloc_cancel() returns the entry to FREE state
> > @@ -168,9 +170,21 @@ void flow_log_(const struct flow_common *f, int pr=
i, const char *fmt, ...)
> >  union flow *flow_start(union flow *flow, enum flow_type type,
> >  		       unsigned iniside)
> >  {
> > -	(void)iniside;
> > +	char ebuf[INANY_ADDRSTRLEN], fbuf[INANY_ADDRSTRLEN];
> > +	const struct flowside *a =3D &flow->f.side[iniside];
>=20
> As long as iniside is used as a binary value (I guess it's unsigned
> because you have in mind that it could eventually be extended, right?),

Not really.  My intention is that it's fundamentally a two value
variable.  However, it's used as an array index and doesn't represent
true/false values, so bool didn't seem right.  Signs added extra
complications in some cases, hence unsigned.  I'd use uint1_t if that
were a thing...

> I think '!!iniside' would be clearer and perhaps more robust here.

Hm.  I don't really like that.  If iniside ever has a value other than
0 or 1, that's a bug.  Fwiw, this particular instance is gone in the
latest version and there are more places where we use just constants,
but it's not all of them.  I guess see what you think on the new
version.

> > +	const struct flowside *b =3D &flow->f.side[!iniside];
> > +
> >  	flow->f.type =3D type;
> >  	flow_dbg(flow, "START %s", flow_type_str[flow->f.type]);
> > +	flow_dbg(flow, "  from side %u (%s): [%s]:%hu -> [%s]:%hu",
> > +		 iniside, pif_name(a->pif),
> > +		 inany_ntop(&a->eaddr, ebuf, sizeof(ebuf)), a->eport,
> > +		 inany_ntop(&a->faddr, fbuf, sizeof(fbuf)), a->fport);
> > +	flow_dbg(flow, "    to side %u (%s): [%s]:%hu -> [%s]:%hu",
> > +		 !iniside, pif_name(b->pif),
> > +		 inany_ntop(&b->faddr, fbuf, sizeof(fbuf)), b->fport,
> > +		 inany_ntop(&b->eaddr, ebuf, sizeof(ebuf)), b->eport);
> > +
> >  	return flow;
> >  }
> > =20
> > @@ -180,10 +194,20 @@ union flow *flow_start(union flow *flow, enum flo=
w_type type,
> >   */
> >  static void flow_end(union flow *flow)
> >  {
> > +	char ebuf[INANY_ADDRSTRLEN], fbuf[INANY_ADDRSTRLEN];
> > +	const struct flowside *a =3D &flow->f.side[0];
> > +	const struct flowside *b =3D &flow->f.side[1];
> > +
> >  	if (flow->f.type =3D=3D FLOW_TYPE_NONE)
> >  		return; /* Nothing to do */
> > =20
> >  	flow_dbg(flow, "END %s", flow_type_str[flow->f.type]);
> > +	flow_dbg(flow, "  side 0 (%s): [%s]:%hu <-> [%s]:%hu", pif_name(a->pi=
f),
> > +		 inany_ntop(&a->faddr, fbuf, sizeof(fbuf)), a->fport,
> > +		 inany_ntop(&a->eaddr, ebuf, sizeof(ebuf)), a->eport);
> > +	flow_dbg(flow, "  side 1 (%s): [%s]:%hu <-> [%s]:%hu", pif_name(b->pi=
f),
> > +		 inany_ntop(&b->faddr, fbuf, sizeof(fbuf)), b->fport,
> > +		 inany_ntop(&b->eaddr, ebuf, sizeof(ebuf)), b->eport);
> >  	flow->f.type =3D FLOW_TYPE_NONE;
> >  }
> > =20
> > diff --git a/flow.h b/flow.h
> > index c943c44..f7fb537 100644
> > --- a/flow.h
> > +++ b/flow.h
> > @@ -35,11 +35,86 @@ extern const uint8_t flow_proto[];
> >  #define FLOW_PROTO(f)				\
> >  	((f)->type < FLOW_NUM_TYPES ? flow_proto[(f)->type] : 0)
> > =20
> > +/**
> > + * struct flowside - Common information for one side of a flow
> > + * @eaddr:	Endpoint address (remote address from passt's PoV)
> > + * @faddr:	Forwarding address (local address from passt's PoV)
> > + * @eport:	Endpoint port
> > + * @fport:	Forwarding port
> > + * @pif:	pif ID on which this side of the flow exists
> > + */
> > +struct flowside {
> > +	union inany_addr	faddr;
> > +	union inany_addr	eaddr;
> > +	in_port_t		fport;
> > +	in_port_t		eport;
> > +	uint8_t			pif;
> > +};
> > +static_assert(_Alignof(struct flowside) =3D=3D _Alignof(uint32_t),
> > +	      "Unexpected alignment for struct flowside");
>=20
> I'm too thick to understand the reason behind this assert.

I guess there isn't a particularly strong reason.  This was mostly so
I didn't get surprised by some weird alignment padding.

> > +
> > +/** flowside_from_inany - Initialize flowside from inany addresses
>=20
> flowside_from_inany(), it's a function.

Gone in the latest version anyway.

>=20
> > + * @fside:	flowside to initialize
> > + * @pif:	pif id of this flowside
> > + * @faddr:	Forwarding address (inany)
> > + * @fport:	Forwarding port
> > + * @eaddr:	Endpoint address (inany)
> > + * @eport:	Endpoint port
> > + */
> > +/* cppcheck-suppress unusedFunction */
> > +static inline void flowside_from_inany(struct flowside *fside, uint8_t=
 pif,
> > +				const union inany_addr *faddr, in_port_t fport,
> > +				const union inany_addr *eaddr, in_port_t eport)
> > +{
> > +	fside->pif =3D pif;
> > +	fside->faddr =3D *faddr;
> > +	fside->eaddr =3D *eaddr;
> > +	fside->fport =3D fport;
> > +	fside->eport =3D eport;
> > +}
> > +
> > +/** flowside_from_af - Initialize flowside from addresses
>=20
> flowside_from_af()

Fixed.  I changed to the british spelling of initialise while I was at
it.

> > + * @fside:	flowside to initialize
> > + * @pif:	pif id of this flowside
> > + * @af:		Address family (AF_INET or AF_INET6)
> > + * @faddr:	Forwarding address (pointer to in_addr or in6_addr, or NULL)
> > + * @fport:	Forwarding port
> > + * @eaddr:	Endpoint address (pointer to in_addr or in6_addr, or NULL)
> > + * @eport:	Endpoint port
> > + *
> > + * If NULL is given for either address, the appropriate unspecified/an=
y address
>=20
> s/any/wildcard/ makes it a bit easier to follow, I guess.

That behaviour and comment is gone in the latest version.

> > + * for the address family is substituted.
> > + */
> > +/* cppcheck-suppress unusedFunction */
> > +static inline void flowside_from_af(struct flowside *fside,
> > +				    uint8_t pif, sa_family_t af,
> > +				    const void *faddr, in_port_t fport,
> > +				    const void *eaddr, in_port_t eport)
> > +{
> > +	const union inany_addr *any =3D af =3D=3D AF_INET ? &inany_any4 : &in=
any_any6;
> > +
> > +	fside->pif =3D pif;
> > +	if (faddr)
> > +		inany_from_af(&fside->faddr, af, faddr);
> > +	else
> > +		fside->faddr =3D *any;
> > +	if (eaddr)
> > +		inany_from_af(&fside->eaddr, af, eaddr);
> > +	else
> > +		fside->eaddr =3D *any;
> > +	fside->fport =3D fport;
> > +	fside->eport =3D eport;
> > +}
> > +
> > +#define SIDES			2
> > +
> >  /**
> >   * struct flow_common - Common fields for packet flows
> > + * @side[]:	Information for each side of the flow
> >   * @type:	Type of packet flow
> >   */
> >  struct flow_common {
> > +	struct flowside	side[SIDES];
> >  	uint8_t		type;
> >  };
> > =20
> > diff --git a/passt.h b/passt.h
> > index bc58d64..3db0b8e 100644
> > --- a/passt.h
> > +++ b/passt.h
> > @@ -17,6 +17,9 @@ union epoll_ref;
> > =20
> >  #include "pif.h"
> >  #include "packet.h"
> > +#include "siphash.h"
> > +#include "ip.h"
> > +#include "inany.h"
> >  #include "flow.h"
> >  #include "icmp.h"
> >  #include "fwd.h"
> > diff --git a/pif.h b/pif.h
> > index bd52936..ca85b34 100644
> > --- a/pif.h
> > +++ b/pif.h
> > @@ -38,7 +38,6 @@ static inline const char *pif_type(enum pif_type pt)
> >  		return "?";
> >  }
> > =20
> > -/* cppcheck-suppress unusedFunction */
> >  static inline const char *pif_name(uint8_t pif)
> >  {
> >  	return pif_type(pif);
> > diff --git a/tcp_conn.h b/tcp_conn.h
> > index d280b22..1a07dd5 100644
> > --- a/tcp_conn.h
> > +++ b/tcp_conn.h
> > @@ -106,7 +106,6 @@ struct tcp_tap_conn {
> >  	uint32_t	seq_init_from_tap;
> >  };
> > =20
> > -#define SIDES			2
> >  /**
> >   * struct tcp_splice_conn - Descriptor for a spliced TCP connection
> >   * @f:			Generic flow information
>=20

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--mgcT7Bc2KpoL4fCe
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmZCrD8ACgkQzQJF27ox
2Gd2VQ/5AQ26DhqD7fJWYZRCP89Je7bGWl3RbPaPDX8w2Gf/Is9czKsqpG7e6wb3
hU8qHOZLB5JiTjJM71IkOkoTjVodlqpFWPcaBmY++VuGQAIUuutHIeDBEGWsg9oS
pOI2q7excDEe+znv7CAKx+n4XpdpYpFIhZssFv3h6OiCZLSYiIyw3K8Wfp2z4avi
NXXWDYbYFcNWD0Zqu32FJS57ZIFwqj3UOX6/LvzSjfbXgPSnap8/yzY5yGqe9S6k
KuHN2gwgFADF6ulLs7iiZ+dhJOQ1diCpvIkgrQSgufWLj3QBpQVu4vjrmM/HDT+9
FD0Sl/dfyBOTbIWg+1UI+vLtTzwBLKqSTrTAXnb9B8HFRizxPrJLpNiFDimguagx
igXRTBBXzc5Yz5kflQi/7gqbEPdxqRTMo4L4qm1Q5fCCdvL0RnS+Xc0C/ZU0VlVw
8LEH9dsjkcCl2c94OaYxvmJ/+sSGPjXDHKbMTAL5dvIWcKedZ8cVa/1ZuDYE2CeY
3iNuOL+POK54qbqlFdWOhjC2W6VeaOG3siJxiOqVR1Dfwx9odE0drYb08TZS+VI8
Wcgsvj/nmLJbyx+5mjO+5OuuFtEvzAE+qbmUC8Q1vAXNmA0Ny+U5sC/ooklY2SZ4
jzXuuwaXr/tTfWrF8SfYrGvcA37OfUqo3IlVPBC2pG+ucm4Onhw=
=ZSqO
-----END PGP SIGNATURE-----

--mgcT7Bc2KpoL4fCe--