From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202506 header.b=XcLbee//; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id CE8295A0280 for ; Tue, 22 Jul 2025 03:44:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202506; t=1753148496; bh=bkUH0iJvgYBkbVL1P01x5KqEc/giM6sHRhT2OQlnbSE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=XcLbee//KozCj38QdauAC3ZXV7mr9VJe+CRge+GJpVznLxIuy1btR1gtb+o/TPu0x 4lgREUG22NCdmWvuIHVJbnxmlUNoPaugxLaNxXYJ93a+/d0bmvglSZwKBQ3ULNQuQC EiXfpwxJbYoqzmt/sWXbqDPqZMRPY5DhDaGKnxspaDrMYGiMTFpirICctzv93UJdAt 3LVJxsYPc+WmOMVpLE0peGpaWYcWDsxHkGzpZQRvXt6aufgjBb+FO9fJvv4VXvfAcd zx8pfgIKnljx+/lo4FkdyBW3OsXyBV89v125NAMi2SyHYnE+yxevWifbfHAurn2SBR FakwRxNNV1xQQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4bmKk839KWz4x21; Tue, 22 Jul 2025 11:41:36 +1000 (AEST) Date: Tue, 22 Jul 2025 10:53:33 +1000 From: David Gibson To: Jon Maloy Subject: Re: [PATCH v3 1/8] netlink: add function to extract MAC addresses from NDP/ARP table Message-ID: References: <20250629171348.86323-1-jmaloy@redhat.com> <20250629171348.86323-2-jmaloy@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="x4a8f2pMutuC9VXB" Content-Disposition: inline In-Reply-To: <20250629171348.86323-2-jmaloy@redhat.com> Message-ID-Hash: DFUBWZVYDLTZIZTLZSLW6XSZGKIF7PJJ X-Message-ID-Hash: DFUBWZVYDLTZIZTLZSLW6XSZGKIF7PJJ X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: sbrivio@redhat.com, dgibson@redhat.com, passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --x4a8f2pMutuC9VXB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 29, 2025 at 01:13:40PM -0400, Jon Maloy wrote: > The solution to bug https://bugs.passt.top/show_bug.cgi?id=3D120 > requires the ability to translate from an IP address to its > corresponding MAC address in cases where those are present in > the ARP/NDP table. >=20 > We add this feature here. >=20 > Signed-off-by: Jon Maloy >=20 > --- > v3: - Added an attribute contianing NDA_DST to sent message, so > that we let the kernel do the filtering of the IP address > and return only one entry. > - Added interface index to the call signature. Since the only > interface we know is the template interface, this limits > the number of hosts that will be seen as 'network segment > local' from a PASST viewpoint. > --- > netlink.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ > netlink.h | 2 ++ > 2 files changed, 64 insertions(+) >=20 > diff --git a/netlink.c b/netlink.c > index ee9325a..16bb995 100644 > --- a/netlink.c > +++ b/netlink.c > @@ -800,6 +800,68 @@ int nl_addr_get(int s, unsigned int ifi, sa_family_t= af, > return status; > } > =20 > +/** > + * nl_mac_get() - Get MAC address corresponding to given IP address > + * @s: Netlink socket > + * @addr: IPv4 or IPv6 address > + * @ifi: Interface index > + * @mac: Array to place the returned MAC address > + * > + * Return: 0 if found or not in table, negative error code on failure. > + * Leaves MAC array unchanged if no match found > + */ > +int nl_mac_get(int s, const union inany_addr *addr, int ifi, unsigned ch= ar *mac) Looking at the name alone, I'd think this got the local MAC, rather than a neighbour MAC. Maybe rename to nl_neigh_mac_get() or even just nl_neigh_get()? > +{ > + struct req_t { > + struct nlmsghdr nlh; > + struct ndmsg ndm; > + struct rtattr rta; > + char ip[RTA_ALIGN(sizeof(struct in6_addr))]; > + } req =3D { > + .ndm.ndm_ifindex =3D ifi, > + .rta.rta_type =3D NDA_DST > + }; > + struct nlmsghdr *nh; > + char buf[NLBUFSIZ]; > + const void *ip; > + ssize_t status; > + uint32_t seq; > + int msglen; > + int iplen; > + > + if (inany_v4(addr)) { > + ip =3D &addr->v4mapped.a4; I generally try to avoid reaching into inany internal fields, particularly the v4 ones. You could instead use: if ((ip =3D inany_v4(addr))) { ... > + iplen =3D sizeof(struct in_addr); > + req.ndm.ndm_family =3D AF_INET; > + } else { > + ip =3D &addr->a6; and here just ip =3D &addr. > + iplen =3D sizeof(struct in6_addr); > + req.ndm.ndm_family =3D AF_INET6; > + } > + req.rta.rta_len =3D RTA_LENGTH(iplen); > + memcpy(RTA_DATA(&req.rta), ip, iplen); > + msglen =3D NLMSG_ALIGN(sizeof(req.nlh) + sizeof(req.ndm) + RTA_LENGTH(i= plen)); > + > + seq =3D nl_send(s, &req, RTM_GETNEIGH, 0, msglen); > + nl_foreach_oftype(nh, status, s, buf, seq, RTM_NEWNEIGH) { > + struct ndmsg *ndm =3D NLMSG_DATA(nh); > + struct rtattr *rta =3D (struct rtattr *)(ndm + 1); > + size_t na =3D RTM_PAYLOAD(nh); > + bool found =3D false; > + > + for (; RTA_OK(rta, na); rta =3D RTA_NEXT(rta, na)) { > + if (rta->rta_type =3D=3D NDA_DST) { > + if (memcmp(RTA_DATA(rta), ip, iplen) =3D=3D 0) > + found =3D true; Do you need this logic now that you're using the kernel filtering? If you do, is it guaranteed that the NDA_DST attribute will come before the NDA_LLADDR attribute? This code won't work if they're reversed. > + } else if (rta->rta_type =3D=3D NDA_LLADDR && found) { > + memcpy(mac, RTA_DATA(rta), ETH_ALEN); It's unusual, but the host interface could be something other than ethernet, so you need to check the type/length of the host link level address, in case it's not an ethernet style MAC address. > + } > + } > + } > + > + return status; > +} > + > /** > * nl_addr_get_ll() - Get first IPv6 link-local address for a given inte= rface > * @s: Netlink socket > diff --git a/netlink.h b/netlink.h > index b51e99c..51ba49f 100644 > --- a/netlink.h > +++ b/netlink.h > @@ -17,6 +17,8 @@ int nl_route_dup(int s_src, unsigned int ifi_src, > int s_dst, unsigned int ifi_dst, sa_family_t af); > int nl_addr_get(int s, unsigned int ifi, sa_family_t af, > void *addr, int *prefix_len, void *addr_l); > +int nl_mac_get(int s, const union inany_addr *addr, int ifi, > + unsigned char *mac); > int nl_addr_set(int s, unsigned int ifi, sa_family_t af, > const void *addr, int prefix_len); > int nl_addr_get_ll(int s, unsigned int ifi, struct in6_addr *addr); --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --x4a8f2pMutuC9VXB Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmh+4P8ACgkQzQJF27ox 2Ge2ZhAAi8bsr7RYFR9Wv4jHFcdRv62SReEpvAVsgQqvdaTJQF4175siXhy+OLs2 KrtcVD/ZQzEKbQ4nHQQrcT8hrYgBMmwqaQR9Q1G3owHo0FCSUSQOpVyf7n3jufBA pqm2RE+5FccCh/kdWVXSq/pS6L5EbM1wgzK6YNLEt8EkI7An57K+MeaoAU9/Ve0c w1v2dXvtKeWIc9fUHo4EMw5nmLXWm4/RCCTCV2a8EzUMR+vBfBc4KD9TqUF1yHbG w2e5fYIIRjk240qIyCqQVtW/5y+On0h+q45FNSvjsA1/9dWovqE6PGjaAosRgCqq 4ZCwJZlMpSqj5qBctygPERBz1/WZJmsese4UtNwlKC1d3xlROjnJEBOoKt5wRrWn NHicKByTWydcqYMDt8ZX0RkqxinqFUiEU460u6ahQLV0DTLnwbRNHT1fwCEkePpy 1dfXYs9KjVrlqk3TQ2W9Hu99bQvDNZD6qXgygRByxtQQeQ/c5jzZoZEIUqfZLhj6 Izyg4adXt82KRzHXIhs7DPTCUMgt6K4ckhHWxM/sdg5rSM1IzKDfQdqab1R6ML7K s1ookPCWy9oH3gfIARlfHTi9Z9mlyQQFuMDksu0rK3FWACq9sPbRg4cyTHa7KWru MfsUFBGS91Y6Rtt5dK2/+7re1jgHRRVtVwv0z0W/oTJDJKMbymw= =iyVY -----END PGP SIGNATURE----- --x4a8f2pMutuC9VXB--