From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Cc: passt-dev@passt.top, jmaloy@redhat.com
Subject: Re: [PATCH v7 02/27] flow: Common address information for target side
Date: Thu, 11 Jul 2024 10:19:41 +1000 [thread overview]
Message-ID: <Zo8lHVpI5xXdtEL4@zatzit> (raw)
In-Reply-To: <20240710233038.6275c284@elisabeth>
[-- Attachment #1: Type: text/plain, Size: 9100 bytes --]
On Wed, Jul 10, 2024 at 11:30:38PM +0200, Stefano Brivio wrote:
> Two minor details:
>
> On Fri, 5 Jul 2024 12:06:59 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
>
> > Require the address and port information for the target (non
> > initiating) side to be populated when a flow enters TGT state.
> > Implement that for TCP and ICMP. For now this leaves some information
> > redundantly recorded in both generic and type specific fields. We'll
> > fix that in later patches.
> >
> > For TCP we now use the information from the flow to construct the
> > destination socket address in both tcp_conn_from_tap() and
> > tcp_splice_connect().
> >
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> > flow.c | 38 ++++++++++++++++++------
> > flow_table.h | 5 +++-
> > icmp.c | 3 +-
> > inany.h | 1 -
> > pif.c | 45 ++++++++++++++++++++++++++++
> > pif.h | 17 +++++++++++
> > tcp.c | 82 ++++++++++++++++++++++++++++------------------------
> > tcp_splice.c | 45 +++++++++++-----------------
> > 8 files changed, 158 insertions(+), 78 deletions(-)
> >
> > diff --git a/flow.c b/flow.c
> > index 44e7b3b8..f064fad1 100644
> > --- a/flow.c
> > +++ b/flow.c
> > @@ -165,8 +165,10 @@ void flow_log_(const struct flow_common *f, int pri, const char *fmt, ...)
> > */
> > static void flow_set_state(struct flow_common *f, enum flow_state state)
> > {
> > - char estr[INANY_ADDRSTRLEN], fstr[INANY_ADDRSTRLEN];
> > + char estr0[INANY_ADDRSTRLEN], fstr0[INANY_ADDRSTRLEN];
> > + char estr1[INANY_ADDRSTRLEN], fstr1[INANY_ADDRSTRLEN];
> > const struct flowside *ini = &f->side[INISIDE];
> > + const struct flowside *tgt = &f->side[TGTSIDE];
> > uint8_t oldstate = f->state;
> >
> > ASSERT(state < FLOW_NUM_STATES);
> > @@ -177,19 +179,24 @@ static void flow_set_state(struct flow_common *f, enum flow_state state)
> > FLOW_STATE(f));
> >
> > if (MAX(state, oldstate) >= FLOW_STATE_TGT)
> > - flow_log_(f, LOG_DEBUG, "%s [%s]:%hu -> [%s]:%hu => %s",
> > + flow_log_(f, LOG_DEBUG,
> > + "%s [%s]:%hu -> [%s]:%hu => %s [%s]:%hu -> [%s]:%hu",
> > pif_name(f->pif[INISIDE]),
> > - inany_ntop(&ini->eaddr, estr, sizeof(estr)),
> > + inany_ntop(&ini->eaddr, estr0, sizeof(estr0)),
> > ini->eport,
> > - inany_ntop(&ini->faddr, fstr, sizeof(fstr)),
> > + inany_ntop(&ini->faddr, fstr0, sizeof(fstr0)),
> > ini->fport,
> > - pif_name(f->pif[TGTSIDE]));
> > + pif_name(f->pif[TGTSIDE]),
> > + inany_ntop(&tgt->faddr, fstr1, sizeof(fstr1)),
> > + tgt->fport,
> > + inany_ntop(&tgt->eaddr, estr1, sizeof(estr1)),
> > + tgt->eport);
> > else if (MAX(state, oldstate) >= FLOW_STATE_INI)
> > flow_log_(f, LOG_DEBUG, "%s [%s]:%hu -> [%s]:%hu => ?",
> > pif_name(f->pif[INISIDE]),
> > - inany_ntop(&ini->eaddr, estr, sizeof(estr)),
> > + inany_ntop(&ini->eaddr, estr0, sizeof(estr0)),
> > ini->eport,
> > - inany_ntop(&ini->faddr, fstr, sizeof(fstr)),
> > + inany_ntop(&ini->faddr, fstr0, sizeof(fstr0)),
> > ini->fport);
> > }
> >
> > @@ -261,21 +268,34 @@ const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif,
> > }
> >
> > /**
> > - * flow_target() - Move flow to TGT, setting TGTSIDE details
> > + * flow_target_af() - Move flow to TGT, setting TGTSIDE details
> > * @flow: Flow to change state
> > * @pif: pif of the target side
> > + * @af: Address family for @eaddr and @faddr
> > + * @saddr: Source address (pointer to in_addr or in6_addr)
> > + * @sport: Endpoint port
> > + * @daddr: Destination address (pointer to in_addr or in6_addr)
> > + * @dport: Destination port
> > + *
> > + * Return: pointer to the target flowside information
> > */
> > -void flow_target(union flow *flow, uint8_t pif)
> > +const struct flowside *flow_target_af(union flow *flow, uint8_t pif,
> > + sa_family_t af,
> > + const void *saddr, in_port_t sport,
> > + const void *daddr, in_port_t dport)
> > {
> > struct flow_common *f = &flow->f;
> > + struct flowside *tgt = &f->side[TGTSIDE];
> >
> > ASSERT(pif != PIF_NONE);
> > ASSERT(flow_new_entry == flow && f->state == FLOW_STATE_INI);
> > ASSERT(f->type == FLOW_TYPE_NONE);
> > ASSERT(f->pif[INISIDE] != PIF_NONE && f->pif[TGTSIDE] == PIF_NONE);
> >
> > + flowside_from_af(tgt, af, daddr, dport, saddr, sport);
> > f->pif[TGTSIDE] = pif;
> > flow_set_state(f, FLOW_STATE_TGT);
> > + return tgt;
> > }
> >
> > /**
> > diff --git a/flow_table.h b/flow_table.h
> > index ad1bc787..00dca4b2 100644
> > --- a/flow_table.h
> > +++ b/flow_table.h
> > @@ -114,7 +114,10 @@ const struct flowside *flow_initiate_af(union flow *flow, uint8_t pif,
> > const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif,
> > const union sockaddr_inany *ssa,
> > in_port_t dport);
> > -void flow_target(union flow *flow, uint8_t pif);
> > +const struct flowside *flow_target_af(union flow *flow, uint8_t pif,
> > + sa_family_t af,
> > + const void *saddr, in_port_t sport,
> > + const void *daddr, in_port_t dport);
> >
> > union flow *flow_set_type(union flow *flow, enum flow_type type);
> > #define FLOW_SET_TYPE(flow_, t_, var_) (&flow_set_type((flow_), (t_))->var_)
> > diff --git a/icmp.c b/icmp.c
> > index cf88ac1f..fd92c7da 100644
> > --- a/icmp.c
> > +++ b/icmp.c
> > @@ -167,7 +167,8 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
> > return NULL;
> >
> > flow_initiate_af(flow, PIF_TAP, af, saddr, id, daddr, id);
> > - flow_target(flow, PIF_HOST);
> > + /* FIXME: Record outbound source address when known */
> > + flow_target_af(flow, PIF_HOST, af, NULL, 0, daddr, 0);
> > pingf = FLOW_SET_TYPE(flow, flowtype, ping);
> >
> > pingf->seq = -1;
> > diff --git a/inany.h b/inany.h
> > index 47b66fa9..8eaf5335 100644
> > --- a/inany.h
> > +++ b/inany.h
> > @@ -187,7 +187,6 @@ static inline bool inany_is_unspecified(const union inany_addr *a)
> > *
> > * Return: true if @a is in fe80::/10 (IPv6 link local unicast)
> > */
> > -/* cppcheck-suppress unusedFunction */
> > static inline bool inany_is_linklocal6(const union inany_addr *a)
> > {
> > return IN6_IS_ADDR_LINKLOCAL(&a->a6);
> > diff --git a/pif.c b/pif.c
> > index ebf01cc8..9f2d39cc 100644
> > --- a/pif.c
> > +++ b/pif.c
> > @@ -7,9 +7,14 @@
> >
> > #include <stdint.h>
> > #include <assert.h>
> > +#include <netinet/in.h>
> >
> > #include "util.h"
> > #include "pif.h"
> > +#include "siphash.h"
> > +#include "ip.h"
> > +#include "inany.h"
> > +#include "passt.h"
> >
> > const char *pif_type_str[] = {
> > [PIF_NONE] = "<none>",
> > @@ -19,3 +24,43 @@ const char *pif_type_str[] = {
> > };
> > static_assert(ARRAY_SIZE(pif_type_str) == PIF_NUM_TYPES,
> > "pif_type_str[] doesn't match enum pif_type");
> > +
> > +
> > +/** pif_sockaddr() - Construct a socket address suitable for an interface
> > + * @c: Execution context
> > + * @sa: Pointer to sockaddr to fill in
> > + * @sl: Updated to relevant of length of initialised @sa
>
> to relevant length
Done.
> > + * @pif: Interface to create the socket address
> > + * @addr: IPv[46] address
> > + * @port: Port (host byte order)
> > + *
> > + * Return: true if resulting socket address is non-trivial (specified address or
> > + * non-zero port), false otherwise
>
> This is not really intuitive in the only caller using this,
> tcp_bind_outbound(). I wonder if it would make more sense to perform
> this check directly there, and have this returning void instead.
Yeah, done. When I implemented the return value I thought I was going
to want it in more places than turned out to be the case.
> > + */
> > +bool pif_sockaddr(const struct ctx *c, union sockaddr_inany *sa, socklen_t *sl,
> > + uint8_t pif, const union inany_addr *addr, in_port_t port)
> > +{
> > + const struct in_addr *v4 = inany_v4(addr);
> > +
> > + ASSERT(pif_is_socket(pif));
> > +
> > + if (v4) {
> > + sa->sa_family = AF_INET;
> > + sa->sa4.sin_addr = *v4;
> > + sa->sa4.sin_port = htons(port);
> > + memset(&sa->sa4.sin_zero, 0, sizeof(sa->sa4.sin_zero));
> > + *sl = sizeof(sa->sa4);
> > + return !IN4_IS_ADDR_UNSPECIFIED(v4) || port;
> > + }
> > +
> > + sa->sa_family = AF_INET6;
> > + sa->sa6.sin6_addr = addr->a6;
> > + sa->sa6.sin6_port = htons(port);
> > + if (pif == PIF_HOST && IN6_IS_ADDR_LINKLOCAL(&addr->a6))
> > + sa->sa6.sin6_scope_id = c->ifi6;
> > + else
> > + sa->sa6.sin6_scope_id = 0;
> > + sa->sa6.sin6_flowinfo = 0;
> > + *sl = sizeof(sa->sa6);
> > + return !IN6_IS_ADDR_UNSPECIFIED(&addr->a6) || port;
> > +}
>
--
David Gibson (he or they) | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you, not the other way
| around.
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2024-07-11 1:54 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-05 2:06 [PATCH v7 00/27] Unified flow table David Gibson
2024-07-05 2:06 ` [PATCH v7 01/27] flow: Common address information for initiating side David Gibson
2024-07-05 2:06 ` [PATCH v7 02/27] flow: Common address information for target side David Gibson
2024-07-10 21:30 ` Stefano Brivio
2024-07-11 0:19 ` David Gibson [this message]
2024-07-05 2:07 ` [PATCH v7 03/27] tcp, flow: Remove redundant information, repack connection structures David Gibson
2024-07-05 2:07 ` [PATCH v7 04/27] tcp: Obtain guest address from flowside David Gibson
2024-07-05 2:07 ` [PATCH v7 05/27] tcp: Manage outbound address via flow table David Gibson
2024-07-05 2:07 ` [PATCH v7 06/27] tcp: Simplify endpoint validation using flowside information David Gibson
2024-07-05 2:07 ` [PATCH v7 07/27] tcp_splice: Eliminate SPLICE_V6 flag David Gibson
2024-07-05 2:07 ` [PATCH v7 08/27] tcp, flow: Replace TCP specific hash function with general flow hash David Gibson
2024-07-05 2:07 ` [PATCH v7 09/27] flow, tcp: Generalise TCP hash table to general flow hash table David Gibson
2024-07-05 2:07 ` [PATCH v7 10/27] tcp: Re-use flow hash for initial sequence number generation David Gibson
2024-07-05 2:07 ` [PATCH v7 11/27] icmp: Remove redundant id field from flow table entry David Gibson
2024-07-05 2:07 ` [PATCH v7 12/27] icmp: Obtain destination addresses from the flowsides David Gibson
2024-07-05 2:07 ` [PATCH v7 13/27] icmp: Look up ping flows using flow hash David Gibson
2024-07-05 2:07 ` [PATCH v7 14/27] icmp: Eliminate icmp_id_map David Gibson
2024-07-05 2:07 ` [PATCH v7 15/27] flow: Helper to create sockets based on flowside David Gibson
2024-07-10 21:32 ` Stefano Brivio
2024-07-11 0:21 ` David Gibson
2024-07-11 0:27 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 16/27] icmp: Manage outbound socket address via flow table David Gibson
2024-07-05 2:07 ` [PATCH v7 17/27] flow, tcp: Flow based NAT and port forwarding for TCP David Gibson
2024-07-05 2:07 ` [PATCH v7 18/27] flow, icmp: Use general flow forwarding rules for ICMP David Gibson
2024-07-05 2:07 ` [PATCH v7 19/27] fwd: Update flow forwarding logic for UDP David Gibson
2024-07-08 21:26 ` Stefano Brivio
2024-07-09 0:19 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 20/27] udp: Create flows for datagrams from originating sockets David Gibson
2024-07-09 22:32 ` Stefano Brivio
2024-07-09 23:59 ` David Gibson
2024-07-10 21:35 ` Stefano Brivio
2024-07-11 4:26 ` David Gibson
2024-07-11 8:20 ` Stefano Brivio
2024-07-11 22:58 ` David Gibson
2024-07-12 8:21 ` Stefano Brivio
2024-07-15 4:06 ` David Gibson
2024-07-15 16:37 ` Stefano Brivio
2024-07-17 0:49 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 21/27] udp: Handle "spliced" datagrams with per-flow sockets David Gibson
2024-07-09 22:32 ` Stefano Brivio
2024-07-10 0:23 ` David Gibson
2024-07-10 17:13 ` Stefano Brivio
2024-07-11 1:30 ` David Gibson
2024-07-11 8:23 ` Stefano Brivio
2024-07-11 2:48 ` David Gibson
2024-07-12 13:34 ` Stefano Brivio
2024-07-15 4:32 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 22/27] udp: Remove obsolete splice tracking David Gibson
2024-07-10 21:36 ` Stefano Brivio
2024-07-11 0:43 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 23/27] udp: Find or create flows for datagrams from tap interface David Gibson
2024-07-10 21:36 ` Stefano Brivio
2024-07-11 0:45 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 24/27] udp: Direct datagrams from host to guest via flow table David Gibson
2024-07-10 21:37 ` Stefano Brivio
2024-07-11 0:46 ` David Gibson
2024-07-05 2:07 ` [PATCH v7 25/27] udp: Remove obsolete socket tracking David Gibson
2024-07-05 2:07 ` [PATCH v7 26/27] udp: Remove rdelta port forwarding maps David Gibson
2024-07-05 2:07 ` [PATCH v7 27/27] udp: Rename UDP listening sockets David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zo8lHVpI5xXdtEL4@zatzit \
--to=david@gibson.dropbear.id.au \
--cc=jmaloy@redhat.com \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).