From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202508 header.b=baI2yPHF;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 3CD825A027B
	for <passt-dev@passt.top>; Thu, 21 Aug 2025 04:04:00 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202508; t=1755741833;
	bh=BU5ZNMseuPIdkrnaxF5f/ghjvC1LsIxvRZ891TMcGjA=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=baI2yPHFk2Yg7E08jfyD47gox8Wp6PlEMaL4iR55rItZ/5+Cz4Ds7M+qDFnbCr1QR
	 RUbP8UciUgC2Fp1p9xarYe75s3Jp1eKqPwLjJsiApjsrtqFZyISn4hwENK1OFSJvpa
	 lezfvi8bmips1S94iYBVk2/RiVNgaRRBvybBspjpe2EWMrJpxd98hd7KMBzDWXrLdb
	 h4IgwIe7hDiEhC7A0kz/9Ra1hG0Tk3m9Ho96FTjwLj5JIDGriIj34H/GjRl1DO8ouv
	 0huENNmxePBa0jecxwMmTj8J3VbpxTZcS01oXUFiIHu6Dak6+11VtFTolFd361WI0m
	 1PlGznnh44y/A==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4c6mp12X8Lz4xQW; Thu, 21 Aug 2025 12:03:53 +1000 (AEST)
Date: Thu, 21 Aug 2025 11:51:21 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [PATCH v4 8/9] icmp: let icmp use mac address from flowside
 structure
Message-ID: <aKZ7mSRcG1fsWmdp@zatzit>
References: <20250820031005.2725591-1-jmaloy@redhat.com>
 <20250820031005.2725591-9-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="3hBMf/RDEWAHHav2"
Content-Disposition: inline
In-Reply-To: <20250820031005.2725591-9-jmaloy@redhat.com>
Message-ID-Hash: GAAQEXKU67Z6A4FG754PPC2R5N7RE2RU
X-Message-ID-Hash: GAAQEXKU67Z6A4FG754PPC2R5N7RE2RU
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: sbrivio@redhat.com, dgibson@redhat.com, passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aKZ7mSRcG1fsWmdp@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/GAAQEXKU67Z6A4FG754PPC2R5N7RE2RU/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--3hBMf/RDEWAHHav2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 19, 2025 at 11:10:04PM -0400, Jon Maloy wrote:
> Even ICMP needs to be updated to use the external MAC address instead
> of just the own tap address when applicable. We do that here.
>=20
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>
> ---
>  icmp.c |  4 ++--
>  ndp.c  |  2 +-
>  tap.c  | 10 ++++++----
>  tap.h  |  4 ++--
>  udp.c  | 12 ++++++++----
>  5 files changed, 19 insertions(+), 13 deletions(-)
>=20
> diff --git a/icmp.c b/icmp.c
> index 95f38c1..aa42cc3 100644
> --- a/icmp.c
> +++ b/icmp.c
> @@ -129,12 +129,12 @@ void icmp_sock_handler(const struct ctx *c, union e=
poll_ref ref)
>  		const struct in_addr *daddr =3D inany_v4(&ini->eaddr);
> =20
>  		ASSERT(saddr && daddr); /* Must have IPv4 addresses */
> -		tap_icmp4_send(c, *saddr, *daddr, buf, n);
> +		tap_icmp4_send(c, *saddr, *daddr, buf, pingf->f.tap_omac, n);
>  	} else if (pingf->f.type =3D=3D FLOW_PING6) {
>  		const struct in6_addr *saddr =3D &ini->oaddr.a6;
>  		const struct in6_addr *daddr =3D &ini->eaddr.a6;
> =20
> -		tap_icmp6_send(c, saddr, daddr, buf, n);
> +		tap_icmp6_send(c, saddr, daddr, buf, pingf->f.tap_omac, n);
>  	}
>  	return;
> =20
> diff --git a/ndp.c b/ndp.c
> index 9912f80..19b9b28 100644
> --- a/ndp.c
> +++ b/ndp.c
> @@ -185,7 +185,7 @@ static void ndp_send(const struct ctx *c, const struc=
t in6_addr *dst,
>  {
>  	const struct in6_addr *src =3D &c->ip6.our_tap_ll;
> =20
> -	tap_icmp6_send(c, src, dst, buf, l4len);
> +	tap_icmp6_send(c, src, dst, buf, c->our_tap_mac, l4len);
>  }
> =20
>  /**
> diff --git a/tap.c b/tap.c
> index 0349835..443928a 100644
> --- a/tap.c
> +++ b/tap.c
> @@ -278,13 +278,14 @@ void tap_udp4_send(const struct ctx *c, struct in_a=
ddr src, in_port_t sport,
>   * @src:	IPv4 source address
>   * @dst:	IPv4 destination address
>   * @in:		ICMP packet, including ICMP header
> + * @src_mac:	MAC address to be used as source for message
>   * @l4len:	ICMP packet length, including ICMP header
>   */
>  void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_a=
ddr dst,
> -		    const void *in, size_t l4len)
> +		    const void *in, const void *src_mac, size_t l4len)
>  {
>  	char buf[USHRT_MAX];
> -	struct iphdr *ip4h =3D tap_push_l2h(c, buf, NULL, ETH_P_IP);
> +	struct iphdr *ip4h =3D tap_push_l2h(c, buf, src_mac, ETH_P_IP);
>  	struct icmphdr *icmp4h =3D tap_push_ip4h(ip4h, src, dst,
>  					       l4len, IPPROTO_ICMP);
> =20
> @@ -385,14 +386,15 @@ void tap_udp6_send(const struct ctx *c,
>   * @src:	IPv6 source address
>   * @dst:	IPv6 destination address
>   * @in:		ICMP packet, including ICMP header
> + * @src_mac:	MAC address to be used as source for message
>   * @l4len:	ICMP packet length, including ICMP header
>   */
>  void tap_icmp6_send(const struct ctx *c,
>  		    const struct in6_addr *src, const struct in6_addr *dst,
> -		    const void *in, size_t l4len)
> +		    const void *in, const void *src_mac, size_t l4len)
>  {
>  	char buf[USHRT_MAX];
> -	struct ipv6hdr *ip6h =3D tap_push_l2h(c, buf, NULL, ETH_P_IPV6);
> +	struct ipv6hdr *ip6h =3D tap_push_l2h(c, buf, src_mac, ETH_P_IPV6);
>  	struct icmp6hdr *icmp6h =3D tap_push_ip6h(ip6h, src, dst, l4len,
>  						IPPROTO_ICMPV6, 0);
> =20
> diff --git a/tap.h b/tap.h
> index 6ec171d..ce0b9a6 100644
> --- a/tap.h
> +++ b/tap.h
> @@ -91,7 +91,7 @@ void tap_udp4_send(const struct ctx *c, struct in_addr =
src, in_port_t sport,
>  		   struct in_addr dst, in_port_t dport,
>  		   const void *in, size_t dlen);
>  void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_a=
ddr dst,
> -		    const void *in, size_t l4len);
> +		    const void *in, const void *src_mac, size_t l4len);
>  const struct in6_addr *tap_ip6_daddr(const struct ctx *c,
>  				     const struct in6_addr *src);
>  void *tap_push_ip6h(struct ipv6hdr *ip6h,
> @@ -103,7 +103,7 @@ void tap_udp6_send(const struct ctx *c,
>  		   uint32_t flow, void *in, size_t dlen);
>  void tap_icmp6_send(const struct ctx *c,
>  		    const struct in6_addr *src, const struct in6_addr *dst,
> -		    const void *in, size_t l4len);
> +		    const void *in, const void *src_mac, size_t l4len);
>  void tap_send_single(const struct ctx *c, const void *data, size_t l2len=
);
>  size_t tap_send_frames(const struct ctx *c, const struct iovec *iov,
>  		       size_t bufs_per_frame, size_t nframes);
> diff --git a/udp.c b/udp.c
> index 30937dd..8d43646 100644
> --- a/udp.c
> +++ b/udp.c
> @@ -385,6 +385,7 @@ static void udp_tap_prepare(const struct mmsghdr *mmh,
>   * udp_send_tap_icmp4() - Construct and send ICMPv4 to local peer
>   * @c:		Execution context
>   * @ee:	Extended error descriptor
> + * @uflow:	UDP flow
>   * @toside:	Destination side of flow
>   * @saddr:	Address of ICMP generating node
>   * @in:	First bytes (max 8) of original UDP message body
> @@ -392,6 +393,7 @@ static void udp_tap_prepare(const struct mmsghdr *mmh,
>   */
>  static void udp_send_tap_icmp4(const struct ctx *c,
>  			       const struct sock_extended_err *ee,
> +			       const struct udp_flow *uflow,
>  			       const struct flowside *toside,
>  			       struct in_addr saddr,
>  			       const void *in, size_t dlen)
> @@ -421,7 +423,7 @@ static void udp_send_tap_icmp4(const struct ctx *c,
>  	tap_push_uh4(&msg.uh, eaddr, eport, oaddr, oport, in, dlen);
>  	memcpy(&msg.data, in, dlen);
> =20
> -	tap_icmp4_send(c, saddr, eaddr, &msg, msglen);
> +	tap_icmp4_send(c, saddr, eaddr, &msg, uflow->f.tap_omac, msglen);

This is only correct when saddr =3D=3D toside->oaddr; i.e. when the ICMP
is coming from the flow peer.  An ICMP can come from an intermediate
node, which we'd need a separate MAC lookup for.

>  }
> =20
> =20
> @@ -429,6 +431,7 @@ static void udp_send_tap_icmp4(const struct ctx *c,
>   * udp_send_tap_icmp6() - Construct and send ICMPv6 to local peer
>   * @c:		Execution context
>   * @ee:	Extended error descriptor
> + * @uflow:	UDP flow
>   * @toside:	Destination side of flow
>   * @saddr:	Address of ICMP generating node
>   * @in:	First bytes (max 1232) of original UDP message body
> @@ -437,6 +440,7 @@ static void udp_send_tap_icmp4(const struct ctx *c,
>   */
>  static void udp_send_tap_icmp6(const struct ctx *c,
>  			       const struct sock_extended_err *ee,
> +			       const struct udp_flow *uflow,
>  			       const struct flowside *toside,
>  			       const struct in6_addr *saddr,
>  			       void *in, size_t dlen, uint32_t flow)
> @@ -466,7 +470,7 @@ static void udp_send_tap_icmp6(const struct ctx *c,
>  	tap_push_uh6(&msg.uh, eaddr, eport, oaddr, oport, in, dlen);
>  	memcpy(&msg.data, in, dlen);
> =20
> -	tap_icmp6_send(c, saddr, eaddr, &msg, msglen);
> +	tap_icmp6_send(c, saddr, eaddr, &msg, uflow->f.tap_omac, msglen);

Ditto.

>  }
> =20
>  /**
> @@ -626,12 +630,12 @@ static int udp_sock_recverr(const struct ctx *c, in=
t s, flow_sidx_t sidx,
>  	if (hdr->cmsg_level =3D=3D IPPROTO_IP &&
>  	    (o4 =3D inany_v4(&otap)) && inany_v4(&toside->eaddr)) {
>  		dlen =3D MIN(dlen, ICMP4_MAX_DLEN);
> -		udp_send_tap_icmp4(c, ee, toside, *o4, data, dlen);
> +		udp_send_tap_icmp4(c, ee, uflow, toside, *o4, data, dlen);
>  		return 1;
>  	}
> =20
>  	if (hdr->cmsg_level =3D=3D IPPROTO_IPV6 && !inany_v4(&toside->eaddr)) {
> -		udp_send_tap_icmp6(c, ee, toside, &otap.a6, data, dlen,
> +		udp_send_tap_icmp6(c, ee, uflow, toside, &otap.a6, data, dlen,
>  				   FLOW_IDX(uflow));
>  		return 1;
>  	}

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--3hBMf/RDEWAHHav2
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmime5kACgkQzQJF27ox
2GdW/g/9GReZJ42GplWE0tAhc3AAjgiL710XEqHupcUns3bMfIz/4DEigO/sbCQZ
YU5Sq+TmVofTj3lCCiWjwVHHJ8UUCQtDcHoJx8uHiiskdi+iTJDkG/w5RY6tlM4r
zpGyLW4EqFqY2ZHYewylWucF9oZUgfDBJnjvCR0gefUl5YI9P6TEu8wNeg5/AJvi
FR/DXERmwBdfm5+3mwldo7oknmKDFo0W0LvwKP0u2jSEmitPQA39JzcTJd6HyX5G
0Bn9F56FSBys9NUi1LhrA0Xb/y0FLkh5zjAVpNu2F5s0Bk7pU/Gti3LXcGV+3RBV
qviaRRuP3KNS+5yGNNlbvdyLRUkpI0J3/qWCo1SaaGwmgTKDCau2HJC8p+0Zklqp
qAczrhu8vRw3zwuKSIk95DXJ9bvNtdiqyAsm1g8xH8uJmH44kN7X3KnZE/JRZKL2
UwKm0GPZ/RWbLVyVCJ/voJHSDcDY/HrcaKGXS5tItFmMYuorrhelAgQIpvLVUnq3
+i/ESgKWpiUsuHkDe4uiIdHDgUzY7kNj6PEjs9Yzu/QPZX7kvHb/QAGF850sNPGd
EzSrwEckB2H9FZat9C8plxnZHM1pfH48iHAF38tvVJdx/n2P+Hh64/I/X8T37ztn
U9FAaGTKzODYtWoNNffu56cWYe9yUXxF4fxIJnaLHFJ2Hbv/WGM=
=GY9w
-----END PGP SIGNATURE-----

--3hBMf/RDEWAHHav2--