From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202508 header.b=KpzGTd3X;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id F19465A0271
	for <passt-dev@passt.top>; Wed, 06 Aug 2025 05:06:42 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202508; t=1754449600;
	bh=OpuD8OnwjqiemDM3Hu8XCRF1U3o0zcsH3bwIEnC2m7I=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=KpzGTd3Xsyxx+1TrAqV/YNVAidkAAM+1pZA0hiA+ztb1Hv+am9pbSaq5y4hzK7HJQ
	 lhrZV2xgd+U+4N6Eopkpj9gUT5TomKvl3ZeTl8x0pXrhWgKXLVvVKk3MOdzVpsBXX6
	 nzhQqa2a+jHcpz/RS8kgEBINuim5DQYoDXIIcxWPD3I+QH53YXTIxuhrsGF+Xe6fz2
	 LsEGO74OxBY97Ybbj9lw1vkakrfdjLTbk62s5eI/mVn9DyjMyo6zoJ5tGG5iXyWh2/
	 7/IsTxATJ7GyUDeqYcuTizJujkUCizNfK0ChTtt3jh3Easb031NRzHi4Nb2wJa+826
	 8nGXTwgfr+iSg==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4bxZvN50RQz4x5Z; Wed,  6 Aug 2025 13:06:40 +1000 (AEST)
Date: Wed, 6 Aug 2025 12:35:14 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Laurent Vivier <lvivier@redhat.com>
Subject: Re: [PATCH v8 11/30] tcp: Convert tcp_tap_handler() to use iov_tail
Message-ID: <aJK_Yp7ApUxKg2b0@zatzit>
References: <20250805154628.301343-1-lvivier@redhat.com>
 <20250805154628.301343-12-lvivier@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="ymc5btJznPUx37i4"
Content-Disposition: inline
In-Reply-To: <20250805154628.301343-12-lvivier@redhat.com>
Message-ID-Hash: RG34RVZYKHEPSPNQCFZWR4IRVCYGCSW4
X-Message-ID-Hash: RG34RVZYKHEPSPNQCFZWR4IRVCYGCSW4
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aJK_Yp7ApUxKg2b0@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/RG34RVZYKHEPSPNQCFZWR4IRVCYGCSW4/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--ymc5btJznPUx37i4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 05, 2025 at 05:46:09PM +0200, Laurent Vivier wrote:
> Use packet_data() and extract headers using IOV_REMOVE_HEADER()
> and iov_remove_header_() rather than packet_get().
>=20
> Signed-off-by: Laurent Vivier <lvivier@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  tcp.c | 31 ++++++++++++++++++++++++-------
>  1 file changed, 24 insertions(+), 7 deletions(-)
>=20
> diff --git a/tcp.c b/tcp.c
> index 957b498db32d..f1048d7230c9 100644
> --- a/tcp.c
> +++ b/tcp.c
> @@ -310,6 +310,16 @@
>  #include "tcp_buf.h"
>  #include "tcp_vu.h"
> =20
> +/*
> + * The size of TCP header (including options) is given by doff (Data Off=
set)
> + * that is a 4-bit value specifying the number of 32-bit words in the he=
ader.
> + * The maximum value of doff is 15 [(1 << 4) - 1].
> + * The maximum length in bytes of options is 15 minus the number of 32-b=
it
> + * words in the minimal TCP header (5) multiplied by the length of a 32-=
bit
> + * word (4).
> + */
> +#define OPTLEN_MAX (((1UL << 4) - 1 - 5) * 4UL)
> +
>  #ifndef __USE_MISC
>  /* From Linux UAPI, missing in netinet/tcp.h provided by musl */
>  struct tcp_repair_opt {
> @@ -1957,8 +1967,11 @@ int tcp_tap_handler(const struct ctx *c, uint8_t p=
if, sa_family_t af,
>  		    const struct pool *p, int idx, const struct timespec *now)
>  {
>  	struct tcp_tap_conn *conn;
> +	struct tcphdr th_storage;
>  	const struct tcphdr *th;
> -	size_t optlen, len;
> +	char optsc[OPTLEN_MAX];
> +	struct iov_tail data;
> +	size_t optlen, l4len;
>  	const char *opts;
>  	union flow *flow;
>  	flow_sidx_t sidx;
> @@ -1967,15 +1980,19 @@ int tcp_tap_handler(const struct ctx *c, uint8_t =
pif, sa_family_t af,
> =20
>  	(void)pif;
> =20
> -	th =3D packet_get(p, idx, 0, sizeof(*th), &len);
> +	if (!packet_data(p, idx, &data))
> +		return 1;
> +
> +	l4len =3D iov_tail_size(&data);
> +
> +	th =3D IOV_REMOVE_HEADER(&data, th_storage);
>  	if (!th)
>  		return 1;
> -	len +=3D sizeof(*th);
> =20
>  	optlen =3D th->doff * 4UL - sizeof(*th);
>  	/* Static checkers might fail to see this: */
> -	optlen =3D MIN(optlen, ((1UL << 4) /* from doff width */ - 6) * 4UL);
> -	opts =3D packet_get(p, idx, sizeof(*th), optlen, NULL);
> +	optlen =3D MIN(optlen, OPTLEN_MAX);

Pre-exisitng, but should we just drop packets with too many options,
rather than truncating the options?

> +	opts =3D (char *)iov_remove_header_(&data, &optsc[0], optlen, 1);
> =20
>  	sidx =3D flow_lookup_af(c, IPPROTO_TCP, PIF_TAP, af, saddr, daddr,
>  			      ntohs(th->source), ntohs(th->dest));
> @@ -1987,7 +2004,7 @@ int tcp_tap_handler(const struct ctx *c, uint8_t pi=
f, sa_family_t af,
>  			tcp_conn_from_tap(c, af, saddr, daddr, th,
>  					  opts, optlen, now);
>  		else
> -			tcp_rst_no_conn(c, af, saddr, daddr, flow_lbl, th, len);
> +			tcp_rst_no_conn(c, af, saddr, daddr, flow_lbl, th, l4len);
>  		return 1;
>  	}
> =20
> @@ -1995,7 +2012,7 @@ int tcp_tap_handler(const struct ctx *c, uint8_t pi=
f, sa_family_t af,
>  	ASSERT(pif_at_sidx(sidx) =3D=3D PIF_TAP);
>  	conn =3D &flow->tcp;
> =20
> -	flow_trace(conn, "packet length %zu from tap", len);
> +	flow_trace(conn, "packet length %zu from tap", l4len);
> =20
>  	if (th->rst) {
>  		conn_event(c, conn, CLOSED);

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--ymc5btJznPUx37i4
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmiSv1QACgkQzQJF27ox
2Gc/YxAAqcKw9n3S5ZO0VecAqzUcwanDpVgbXbS9LXbEg9HkVckH2Bmx+TXPt6uW
eY9u7N+9V+f3M2SmcrxGDIgNlWslmIfldrlfIjqBS5Y4+xCeVBU/0d0miT/LwIe8
2d1n9pOhdgqipeeorElT8TMjS0SJj6RGpR/C0FfMvQx+bl3ULp/XfD+SlRRcYOZ9
Q5lzyhuDlrNNX2xi/rgoSthve671H1gSnCCg+Uj8Rfld+1Ac8pJjvzJX2ZCF2mat
MHqsgKNZR76OdoNLICj1VLzlvDIcVyQICxUlHsm8LSsmj8XQV6J/nSE6Vq3jEqfg
fkkJL7YuxYX/dUc0wLIOhsaF2IC21+AHsogr/RWFlo6EaWwjFObOSp02P660eGyT
78RYK5hiwbELsrhjlSaX9WDcfttVNvKBKlSmNlmBGSQv4FNSiZoX50TcbFcfbax0
xM0C8WxdcUYikXuX5irCrHFsjWtL96u6YTboxma64XKoSzk/4NwqTuJavvIbLqWf
d++nvkGSI7ZTRuWHWykw+pD9IejqBDgfhgrK/TOnrgssYviIwFJtA7vjW3Iy6R7d
Vv/TS/wWfhhodvLAq7i6Hg9LVMInckDdaGixjZTZ18LTRFlbdsGI9WlVHztu1fE5
39VJicA/Tn8NWcHExW1JhIMBwjMkOiGuqhS1hjmJyfVdN3YMUac=
=zvNW
-----END PGP SIGNATURE-----

--ymc5btJznPUx37i4--