From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202506 header.b=fsEqAtPq; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 1EB805A0280 for ; Tue, 22 Jul 2025 04:21:13 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202506; t=1753150713; bh=ZG+NS+gyu61gR3WCMKFnmhjTe2aMBU52ZrzanCqe8Vc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=fsEqAtPqn9UaiOFTdQc1m2DxqkeD1e3xHH0A35qRGhdJweLJTbAobeV0LWfXAXwkL v9X3KJGhcZgHXjN5cdMBgZ5mCPuRV2OBzFtObQDb10/gOcu4ui0fMpcU75iaIac3w9 1+WeqZIWIdROjjLBMJsCBd22pwabugBvsswb4Qvzkjlgr29rOcRGzSPn0BNIfdN0mw 29tJnhMi0mGQDp93q1xYDZlsjAJyUxwFXCxkRmvDzorMIZMA384uWe+xKP0nD8SUT7 pP0/Va6MXee7932GdlP7U83NidUSy7StZrW6kCD1NANtHy3tTJhoc1RMa0Cc/qOhqx bc3U1hDjWc5dA== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4bmLXn2J1tz4x11; Tue, 22 Jul 2025 12:18:33 +1000 (AEST) Date: Tue, 22 Jul 2025 12:12:25 +1000 From: David Gibson To: Jon Maloy Subject: Re: [PATCH v3 3/8] flow: add MAC address of LAN local remote hosts to flow Message-ID: References: <20250629171348.86323-1-jmaloy@redhat.com> <20250629171348.86323-4-jmaloy@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="oYFL2MKB8GKJuWQB" Content-Disposition: inline In-Reply-To: <20250629171348.86323-4-jmaloy@redhat.com> Message-ID-Hash: PPNSWQ2HQ35DKHJOKS7DDLNQECAED4WY X-Message-ID-Hash: PPNSWQ2HQ35DKHJOKS7DDLNQECAED4WY X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: sbrivio@redhat.com, dgibson@redhat.com, passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --oYFL2MKB8GKJuWQB Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jun 29, 2025 at 01:13:42PM -0400, Jon Maloy wrote: > When communicating with remote hosts on the local network, some guest > applications want to see the real MAC address of that host instead > of PASST/PASTA's own tap address. The flow_common structure is a > convenient location for storing that address, so we do that in this > commit. >=20 > Note that we don=B4t add actual usage of this address here, that will > be done in later commits. >=20 > Signed-off-by: Jon Maloy >=20 > --- > v3: - Moved the remote host macaddress from struct flowside to > struct flow_common. I chose to call it 'omac' as suggested > by David, although in my understanding the correct name would be > 'emac'. (In general I find the address naming scheme confusing.) Sorry, I probably wasn't entirely clear there. There are two related but distinct concepts here. There's the host facing 'emac' - the real MAC address of the host neighbour. Then there's the guest facing 'omac', the source MAC address we use when sending on the tap interface. [There's also conceptually a host facing 'omac' - the host's MAC on the host interface, and a guest facing 'emac' - the guest's MAC address on the tap interface, but those aren't really relevant here] The whole point of this series is to make guest-omac equal host-emac when possible - but it's not always possible. Given that, guest-omac is the one it makes sense to track. That's the one we actually need to put into packets. When the peer isn't in the neighbour table the guest-omac is well defined (our_tap_mac) whereas the host-emac is simply unknown (and might or might not become known later). But now that this is in flow_common, instead of flowside, we do need to disambiguate which side we're talking about. So it should probably be 'tap_omac'. > - Adapted to new signature of function nl_mac_get(), now passing > it the index of the template interface. > --- > flow.c | 21 ++++++++++++++++++++- > flow.h | 2 ++ > 2 files changed, 22 insertions(+), 1 deletion(-) >=20 > diff --git a/flow.c b/flow.c > index da5c813..dcda1a7 100644 > --- a/flow.c > +++ b/flow.c > @@ -20,6 +20,7 @@ > #include "flow.h" > #include "flow_table.h" > #include "repair.h" > +#include "netlink.h" > =20 > const char *flow_state_str[] =3D { > [FLOW_STATE_FREE] =3D "FREE", > @@ -438,18 +439,28 @@ struct flowside *flow_target(const struct ctx *c, u= nion flow *flow, > { > char estr[INANY_ADDRSTRLEN], fstr[INANY_ADDRSTRLEN]; > struct flow_common *f =3D &flow->f; > - const struct flowside *ini =3D &f->side[INISIDE]; > + struct flowside *ini =3D &f->side[INISIDE]; > struct flowside *tgt =3D &f->side[TGTSIDE]; > uint8_t tgtpif =3D PIF_NONE; > + int ifi; > =20 > ASSERT(flow_new_entry =3D=3D flow && f->state =3D=3D FLOW_STATE_INI); > ASSERT(f->type =3D=3D FLOW_TYPE_NONE); > ASSERT(f->pif[INISIDE] !=3D PIF_NONE && f->pif[TGTSIDE] =3D=3D PIF_NONE= ); > ASSERT(flow->f.state =3D=3D FLOW_STATE_INI); > + memcpy(f->omac, c->our_tap_mac, ETH_ALEN); > =20 > switch (f->pif[INISIDE]) { > case PIF_TAP: > tgtpif =3D fwd_nat_from_tap(c, proto, ini, tgt); > + > + /* If there was no NAT, chances are this is a remote host > + * on the template interface's local network segment. > + * If so, insert its MAC address > + */ > + ifi =3D inany_v4(&ini->oaddr) ? c->ifi4 : c->ifi6; > + if (inany_equals(&ini->oaddr, &tgt->eaddr)) > + nl_mac_get(nl_sock, &ini->oaddr, ifi, f->omac); Again, if this is the first time we're contacting that peer, it won't be in the ARP table yet. > break; > =20 > case PIF_SPLICE: > @@ -458,6 +469,14 @@ struct flowside *flow_target(const struct ctx *c, un= ion flow *flow, > =20 > case PIF_HOST: > tgtpif =3D fwd_nat_from_host(c, proto, ini, tgt); > + > + /* If there was no NAT, chances are this is a remote host > + * on the template interface's local network segment. > + * If so, insert its MAC address > + */ > + ifi =3D inany_v4(&ini->eaddr) ? c->ifi4 : c->ifi6; > + if (inany_equals(&ini->eaddr, &tgt->oaddr)) > + nl_mac_get(nl_sock, &ini->eaddr, ifi, f->omac); In this case it's fine, since the flow is coming from the host side, the peer must have contacted the host, so we can safely expect it to be in the host neighbour table. > break; > =20 > default: > diff --git a/flow.h b/flow.h > index cac618a..3240fb7 100644 > --- a/flow.h > +++ b/flow.h > @@ -177,6 +177,7 @@ int flowside_connect(const struct ctx *c, int s, > * @type: Type of packet flow > * @pif[]: Interface for each side of the flow > * @side[]: Information for each side of the flow > + * @omac: MAC address of remote endpoint as seen from the guest > */ > struct flow_common { > #ifdef __GNUC__ > @@ -192,6 +193,7 @@ struct flow_common { > #endif > uint8_t pif[SIDES]; > struct flowside side[SIDES]; > + unsigned char omac[6]; > }; > =20 > #define FLOW_INDEX_BITS 17 /* 128k - 1 */ --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --oYFL2MKB8GKJuWQB Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmh+84gACgkQzQJF27ox 2Gd6WA//X/hjoerapvEuSA9WMN+BCh7U1c93U/W7mP5ifJdTcpMXgsodafgCa9oM S0qdtOmMIZOlj6PCaHOtCMNyRJwBDo7/uTdP+YiqUa426OS+hXRULhxMrjN4aOGB UpTtT6wuT0+Ozi9H7P/tiYgv6jQCC6nP9EQNOY6/ijC8i+To8hINx55ZMj7YbfUM 7/KIQFNdb1x0fFKVlG9znxipCQuW22CRgXfy2RowZBtvjgbhF2V9Qa85+6TxzEYc yBOjltVGNT79GTWw6f/kuX/B2EBzwSA0/JyRZVlh9H3temhTY0hHV3FaSsW8vCmE 2iP9isbgRcbHfFN3qMpK2IZFs3j0bj2v/amH7IMe14K9gMDBFZ/BjtLu+M4KZwTP kwV4C1ALOwVxBIS/GilJYdPZdG+UnVetn+U1GXmJ7Eh+z+YmGTtk7ADtj74sNWTT cxV/1x+1KYTfOmSfWhy9DykO8jyYOgq4SSzIApupaHLBJfDUls1yTVJXZH22Aa6/ ot5ftqY/umA4UzghymGfakUajgKVQyMuPkEE9FKj/gtxD2r0av1bI/Zp6bHybEVM 7hDRPIg12nKp43NmtTa0mrX8YQGiUBDj6/Hf6L4gPRnOTKDwqv/+D7nbvNHByWzM dT38Tr1PIxBJw6WNj5BHicHIQjCKEF9K1UKodrbkbse+LPGMSpE= =VSHo -----END PGP SIGNATURE----- --oYFL2MKB8GKJuWQB--