From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202508 header.b=P5J/hvg6;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 2989F5A027E
	for <passt-dev@passt.top>; Thu, 21 Aug 2025 04:03:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202508; t=1755741833;
	bh=z4GJuYNqSZd9pFNilhy7eCLTmJbXvBLvpmxrzcgrdh4=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=P5J/hvg6Yxxm1fIFU2zdxZku2LAbYjHZZxWv1RIEITCKzrsufuwjEEES2zoRZS64p
	 31PehUsqX8pJECsEsrJ5v7FbLRgAAi4Z/P1qoDxB0/BMv3OErjVmMlVSmm0ien7rY1
	 VhyI1TFpOX9lFQxsd5eSH0vPKOvVlpVLV+Bq+rIypad7nEzxABev7bdOVIJ8rgQc8s
	 O8h6NnzbXSo9ZQhruYEQ6TQ3FUb29adWSQlOrfphcjUKR75Sov6PTx/u4ehikn5gGT
	 7ff3ZYwcXmd3PE3TwhQWRJeM9r5vjmE7cC73pkZ1GJytZygMTcrhCNEblHAtgrCYbC
	 ed1VSDf0wyChA==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4c6mp11gmvz4x7B; Thu, 21 Aug 2025 12:03:53 +1000 (AEST)
Date: Thu, 21 Aug 2025 11:28:37 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [PATCH v4 3/9] flow: add MAC address of LAN local remote hosts
 to flow
Message-ID: <aKZ2RbtSt-ckEIsa@zatzit>
References: <20250820031005.2725591-1-jmaloy@redhat.com>
 <20250820031005.2725591-4-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="yH0fIfQV8oaujIoB"
Content-Disposition: inline
In-Reply-To: <20250820031005.2725591-4-jmaloy@redhat.com>
Message-ID-Hash: R7ROCFQR5NSRHEDJ2IKLQZHPKOTIHNXY
X-Message-ID-Hash: R7ROCFQR5NSRHEDJ2IKLQZHPKOTIHNXY
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: sbrivio@redhat.com, dgibson@redhat.com, passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aKZ2RbtSt-ckEIsa@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/R7ROCFQR5NSRHEDJ2IKLQZHPKOTIHNXY/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--yH0fIfQV8oaujIoB
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 19, 2025 at 11:09:59PM -0400, Jon Maloy wrote:
> When communicating with remote hosts on the local network, some guest
> applications want to see the real MAC address of that host instead
> of PASST/PASTA's own tap address. The flow_common structure is a
> convenient location for storing that address, so we do that in this
> commit.
>=20
> Note that we don=B4t add actual usage of this address here, that will
> be done in later commits.
>=20
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>
> ---
>  flow.c | 19 ++++++++++++++++++-
>  flow.h |  2 ++
>  2 files changed, 20 insertions(+), 1 deletion(-)
>=20
> diff --git a/flow.c b/flow.c
> index feefda3..d7b3fd1 100644
> --- a/flow.c
> +++ b/flow.c
> @@ -20,6 +20,7 @@
>  #include "flow.h"
>  #include "flow_table.h"
>  #include "repair.h"
> +#include "netlink.h"
> =20
>  const char *flow_state_str[] =3D {
>  	[FLOW_STATE_FREE]	=3D "FREE",
> @@ -438,18 +439,27 @@ struct flowside *flow_target(const struct ctx *c, u=
nion flow *flow,
>  {
>  	char estr[INANY_ADDRSTRLEN], fstr[INANY_ADDRSTRLEN];
>  	struct flow_common *f =3D &flow->f;
> -	const struct flowside *ini =3D &f->side[INISIDE];
> +	struct flowside *ini =3D &f->side[INISIDE];

I don't see anywhere you're modifying *ini.  Leftover from an older
draft?

>  	struct flowside *tgt =3D &f->side[TGTSIDE];
>  	uint8_t tgtpif =3D PIF_NONE;
> +	int ifi;
> =20
>  	ASSERT(flow_new_entry =3D=3D flow && f->state =3D=3D FLOW_STATE_INI);
>  	ASSERT(f->type =3D=3D FLOW_TYPE_NONE);
>  	ASSERT(f->pif[INISIDE] !=3D PIF_NONE && f->pif[TGTSIDE] =3D=3D PIF_NONE=
);
>  	ASSERT(flow->f.state =3D=3D FLOW_STATE_INI);
> +	memcpy(f->tap_omac, c->our_tap_mac, ETH_ALEN);
> =20
>  	switch (f->pif[INISIDE]) {
>  	case PIF_TAP:
>  		tgtpif =3D fwd_nat_from_tap(c, proto, ini, tgt);

Attempting to preserve MAC probably only makes sense if tgtpif =3D=3D
PIF_HOST (which I think is always true for now, but maybe not
forever).

> +
> +		/* If there is no NAT, the remote host might be on the template

As before, I'm not sure if conditioning this no no NAT makes sense.

> +		 * interface's local network segment. If so, insert its MAC address
> +		 */
> +		ifi =3D inany_v4(&ini->oaddr) ? c->ifi4 : c->ifi6;
> +		if (!fwd_inany_nat(c, &ini->oaddr))
> +			nl_neigh_mac_get(nl_sock, &ini->oaddr, ifi, f->tap_omac);

It should be tgt->eaddr, rather than ini->oaddr.  They'll usually be
equal, but logically we want to look up based on the host side
address.

As noted in general comments on earlier versions, this lookup will
fail (give our_tap_mac) if the host hasn't contacted this peer before
(so it's not in the neigh table).  Can we defer this lookup until we
get a reply, to avoid that problem?

>  		break;
> =20
>  	case PIF_SPLICE:
> @@ -458,6 +468,13 @@ struct flowside *flow_target(const struct ctx *c, un=
ion flow *flow,
> =20
>  	case PIF_HOST:
>  		tgtpif =3D fwd_nat_from_host(c, proto, ini, tgt);
> +
> +		/* If there is no NAT, the remote host might be on the template
> +		 * interface's local network segment. If so, insert its MAC address
> +		 */
> +		ifi =3D inany_v4(&ini->eaddr) ? c->ifi4 : c->ifi6;
> +		if (!fwd_inany_nat(c, &ini->eaddr))
> +			nl_neigh_mac_get(nl_sock, &ini->eaddr, ifi, f->tap_omac);
>  		break;
> =20
>  	default:
> diff --git a/flow.h b/flow.h
> index cac618a..29c8bc6 100644
> --- a/flow.h
> +++ b/flow.h
> @@ -177,6 +177,7 @@ int flowside_connect(const struct ctx *c, int s,
>   * @type:	Type of packet flow
>   * @pif[]:	Interface for each side of the flow
>   * @side[]:	Information for each side of the flow
> + * @tap_omac: MAC address of remote endpoint as seen from the guest
>   */
>  struct flow_common {
>  #ifdef __GNUC__
> @@ -192,6 +193,7 @@ struct flow_common {
>  #endif
>  	uint8_t		pif[SIDES];
>  	struct flowside	side[SIDES];
> +	unsigned char tap_omac[6];
>  };
> =20
>  #define FLOW_INDEX_BITS		17	/* 128k - 1 */

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--yH0fIfQV8oaujIoB
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmimdkQACgkQzQJF27ox
2GclDg//cnnF7iYhS7/2xJHuUwBnPnGPusUYqTDdBwdy+ixt3uqQVDcb4X2CHsbx
jgzUgYJm4jKfHrOvnYGwyH9/X5t2g9ajCWN1Pe/rwkt91u7pJomuBgfBG8YSk4+j
qyK5UFJ9aXFDIcL/z/M7o7ly3k/Ral0N2OAcB1JkmWAIGvUufY0FWs3nw3wNTMSu
LNx+QHJDbZDm1FK6xxaOs47hXL8HhaxaI4aJ9lBcmZ9WWF5Nyon3Xa2vIHgazPhI
OkN75tzCyXP9LK008CrwRgmDM1dEo/b/ZjVrLWjRD9nrRbO5EbeGa2YyUPn1lmZL
sCDwbg3lw3hxtFRjp5SW4PoqKG+yp1NpoAEqonaF0D2AFTGks03qV29ttZs1mkim
RauGmaoSqsc84LJ0yXpGiTUdy8YIIqyuUms5i7EuBaehitOffUIVLWrLQReY+WvY
BiURXP+4e8Kg3XptP/woamZTt9R8o9h5iC5e23mZEDV5FClMlDN6ktsMCcU+DKsq
6+YGidrwKvxUvmzsQrtPxcKccDvcjT+/TIdJdhN7v1OLO8bzAEhS8dQumwxVLyTC
nOKUQjhTKC8wFZvT8nGHcpp/t32/SU7c466Ph+N02MmuZMue1dKj5YSP80d2cOP9
GqHLfouVROJxxlGyjhbB6d6ouQxWiE+PWs6OlrrttWOBJFrB6II=
=FdYg
-----END PGP SIGNATURE-----

--yH0fIfQV8oaujIoB--