From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202508 header.b=ABtFGRNq; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 88FED5A027B for ; Wed, 10 Sep 2025 04:57:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202508; t=1757473034; bh=48zszqh4t/HTTARYKfzYzxq4WgK7cPw2z0ltAuA1ABc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ABtFGRNqDoowozhfdhiEWd9OHVLKRgd3R0OD5eT/yvYyoH61reOa8F5mC2sNCEZJ3 8TPwxSWuu51k4A3KlGT8iVMI37i3PF8vpEZZfMSbwXc1Ut3ZwpoQxuNJPc02c1Al6E 3MbmI77P/ZqDiAGp+06eQp0CICTHazmC2ZRbebC+er/9BL8b4A8dt8PR2XujFtYyyT EuqMZhocVG/w4jsFKAKH37VNkBgOQzMQNh0pBohGQDotgIC82/TKG4T8Jembsqx9Pc XU0DhXFyINKlh0Q3s5rpqkrpz3D3riy4e8w0HDlXpFB9bS1yb/CDupy/shHSnsDqrA HLCoe89sAbY0A== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4cM52L3DdNz4wC4; Wed, 10 Sep 2025 12:57:14 +1000 (AEST) Date: Wed, 10 Sep 2025 12:57:02 +1000 From: David Gibson To: Jon Maloy Subject: Re: [PATCH v6 8/8] icmp: let icmp use mac address from flowside structure Message-ID: References: <20250910015919.173414-1-jmaloy@redhat.com> <20250910015919.173414-9-jmaloy@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="+HU34u6xXLf/Fq2I" Content-Disposition: inline In-Reply-To: <20250910015919.173414-9-jmaloy@redhat.com> Message-ID-Hash: NQO4WQCY3A7FR3LZ24CZ2G6LQJFZF6AO X-Message-ID-Hash: NQO4WQCY3A7FR3LZ24CZ2G6LQJFZF6AO X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: sbrivio@redhat.com, dgibson@redhat.com, passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --+HU34u6xXLf/Fq2I Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 09, 2025 at 09:59:19PM -0400, Jon Maloy wrote: > Even ICMP needs to be updated to use the external MAC address instead > of just the own tap address when applicable. We do that here. >=20 > Signed-off-by: Jon Maloy Reviewed-by: David Gibson >=20 > --- > v3: - Adapted to the move of external MAC address from struct flowside > to struct flow_common > v4: - Adapted to name changes in previous commits in this series > v5: - Added conditional lookup in ARP/NDP if the flow's tap_omac is > undefined > v6: - Looking up MAC of ICMP generating node in udp_send_tap_icmp4/6() > when available, instead trusting the contents of flow->tap_omac. > --- > icmp.c | 8 ++++++-- > ndp.c | 2 +- > tap.c | 10 ++++++---- > tap.h | 4 ++-- > udp.c | 12 ++++++++++-- > 5 files changed, 25 insertions(+), 11 deletions(-) >=20 > diff --git a/icmp.c b/icmp.c > index 6dffafb..1d99632 100644 > --- a/icmp.c > +++ b/icmp.c > @@ -125,17 +125,21 @@ void icmp_sock_handler(const struct ctx *c, union e= poll_ref ref) > flow_dbg(pingf, "echo reply to tap, ID: %"PRIu16", seq: %"PRIu16, > ini->eport, seq); > =20 > + /* Try to find true MAC address in ARP/NDP table if needed */ > + if (MAC_IS_ZERO(pingf->f.tap_omac)) > + fwd_neigh_mac_get(c, &ini->oaddr, pingf->f.tap_omac); > + > if (pingf->f.type =3D=3D FLOW_PING4) { > const struct in_addr *saddr =3D inany_v4(&ini->oaddr); > const struct in_addr *daddr =3D inany_v4(&ini->eaddr); > =20 > ASSERT(saddr && daddr); /* Must have IPv4 addresses */ > - tap_icmp4_send(c, *saddr, *daddr, buf, n); > + tap_icmp4_send(c, *saddr, *daddr, buf, pingf->f.tap_omac, n); > } else if (pingf->f.type =3D=3D FLOW_PING6) { > const struct in6_addr *saddr =3D &ini->oaddr.a6; > const struct in6_addr *daddr =3D &ini->eaddr.a6; > =20 > - tap_icmp6_send(c, saddr, daddr, buf, n); > + tap_icmp6_send(c, saddr, daddr, buf, pingf->f.tap_omac, n); > } > return; > =20 > diff --git a/ndp.c b/ndp.c > index 944371c..1e9d0f4 100644 > --- a/ndp.c > +++ b/ndp.c > @@ -184,7 +184,7 @@ static void ndp_send(const struct ctx *c, const struc= t in6_addr *dst, > { > const struct in6_addr *src =3D &c->ip6.our_tap_ll; > =20 > - tap_icmp6_send(c, src, dst, buf, l4len); > + tap_icmp6_send(c, src, dst, buf, c->our_tap_mac, l4len); > } > =20 > /** > diff --git a/tap.c b/tap.c > index a390be8..8b10e14 100644 > --- a/tap.c > +++ b/tap.c > @@ -277,13 +277,14 @@ void tap_udp4_send(const struct ctx *c, struct in_a= ddr src, in_port_t sport, > * @src: IPv4 source address > * @dst: IPv4 destination address > * @in: ICMP packet, including ICMP header > + * @src_mac: MAC address to be used as source for message > * @l4len: ICMP packet length, including ICMP header > */ > void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_a= ddr dst, > - const void *in, size_t l4len) > + const void *in, const void *src_mac, size_t l4len) > { > char buf[USHRT_MAX]; > - struct iphdr *ip4h =3D tap_push_l2h(c, buf, c->our_tap_mac, ETH_P_IP); > + struct iphdr *ip4h =3D tap_push_l2h(c, buf, src_mac, ETH_P_IP); > struct icmphdr *icmp4h =3D tap_push_ip4h(ip4h, src, dst, > l4len, IPPROTO_ICMP); > =20 > @@ -384,14 +385,15 @@ void tap_udp6_send(const struct ctx *c, > * @src: IPv6 source address > * @dst: IPv6 destination address > * @in: ICMP packet, including ICMP header > + * @src_mac: MAC address to be used as source for message > * @l4len: ICMP packet length, including ICMP header > */ > void tap_icmp6_send(const struct ctx *c, > const struct in6_addr *src, const struct in6_addr *dst, > - const void *in, size_t l4len) > + const void *in, const void *src_mac, size_t l4len) > { > char buf[USHRT_MAX]; > - struct ipv6hdr *ip6h =3D tap_push_l2h(c, buf, c->our_tap_mac, ETH_P_IPV= 6); > + struct ipv6hdr *ip6h =3D tap_push_l2h(c, buf, src_mac, ETH_P_IPV6); > struct icmp6hdr *icmp6h =3D tap_push_ip6h(ip6h, src, dst, l4len, > IPPROTO_ICMPV6, 0); > =20 > diff --git a/tap.h b/tap.h > index 02f7761..1864173 100644 > --- a/tap.h > +++ b/tap.h > @@ -91,7 +91,7 @@ void tap_udp4_send(const struct ctx *c, struct in_addr = src, in_port_t sport, > struct in_addr dst, in_port_t dport, > const void *in, size_t dlen); > void tap_icmp4_send(const struct ctx *c, struct in_addr src, struct in_a= ddr dst, > - const void *in, size_t l4len); > + const void *in, const void *src_mac, size_t l4len); > const struct in6_addr *tap_ip6_daddr(const struct ctx *c, > const struct in6_addr *src); > void *tap_push_ip6h(struct ipv6hdr *ip6h, > @@ -103,7 +103,7 @@ void tap_udp6_send(const struct ctx *c, > uint32_t flow, void *in, size_t dlen); > void tap_icmp6_send(const struct ctx *c, > const struct in6_addr *src, const struct in6_addr *dst, > - const void *in, size_t l4len); > + const void *in, const void *src_mac, size_t l4len); > void tap_send_single(const struct ctx *c, const void *data, size_t l2len= ); > size_t tap_send_frames(const struct ctx *c, const struct iovec *iov, > size_t bufs_per_frame, size_t nframes); > diff --git a/udp.c b/udp.c > index eb57f05..ff15e37 100644 > --- a/udp.c > +++ b/udp.c > @@ -400,6 +400,8 @@ static void udp_send_tap_icmp4(const struct ctx *c, > struct in_addr eaddr =3D toside->eaddr.v4mapped.a4; > in_port_t eport =3D toside->eport; > in_port_t oport =3D toside->oport; > + union inany_addr saddr_any; > + uint8_t tap_omac[ETH_ALEN]; > struct { > struct icmphdr icmp4h; > struct iphdr ip4h; > @@ -421,7 +423,10 @@ static void udp_send_tap_icmp4(const struct ctx *c, > tap_push_uh4(&msg.uh, eaddr, eport, oaddr, oport, in, dlen); > memcpy(&msg.data, in, dlen); > =20 > - tap_icmp4_send(c, saddr, eaddr, &msg, msglen); > + /* Try to obtain the MAC address of the generating node */ > + saddr_any =3D inany_from_v4(saddr); > + fwd_neigh_mac_get(c, &saddr_any, tap_omac); > + tap_icmp4_send(c, saddr, eaddr, &msg, tap_omac, msglen); > } > =20 > =20 > @@ -445,6 +450,7 @@ static void udp_send_tap_icmp6(const struct ctx *c, > const struct in6_addr *eaddr =3D &toside->eaddr.a6; > in_port_t eport =3D toside->eport; > in_port_t oport =3D toside->oport; > + uint8_t tap_omac[ETH_ALEN]; > struct { > struct icmp6_hdr icmp6h; > struct ipv6hdr ip6h; > @@ -466,7 +472,9 @@ static void udp_send_tap_icmp6(const struct ctx *c, > tap_push_uh6(&msg.uh, eaddr, eport, oaddr, oport, in, dlen); > memcpy(&msg.data, in, dlen); > =20 > - tap_icmp6_send(c, saddr, eaddr, &msg, msglen); > + /* Try to obtain the MAC address of the generating node */ > + fwd_neigh_mac_get(c, (union inany_addr *) saddr, tap_omac); > + tap_icmp6_send(c, saddr, eaddr, &msg, tap_omac, msglen); > } > =20 > /** > --=20 > 2.50.1 >=20 --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --+HU34u6xXLf/Fq2I Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmjA6P4ACgkQzQJF27ox 2GdYwA//dCeP390Vx/5ujthn+PRTNNNGKdlzqCC/CbbD8f4R/8tneTqxhFnZ3Bt0 +lOj176v0Y6JqZOSPQ+9hcR9PZTTyBahRnvpINWMAb59vz+Zeu4QH58Js14AmCZh 4w5ePf0Kq5tG/VeMD80BvQ7TE3b7RzlpLdlVE+pdNKtZPUhNEccNxh1K4DmpOg6K GxD6zsMSY87EmoykHNOcUbJgJXnhhddnYJV6r5kiDWzLQFTSBDyZt6tpPUMX5PJC xZ3IZ0m1B0TvR2ZfHx1SrPq5izGSdKxhsGzqiPIGXgAbK6aCY35yH2TpNMnbF3tI BNyUj6tmWijW4t7hIVNSf8BDQtJhswl4rJh3aroBeinmf5QsV6XRhj3Afv1LB4d+ REJoNmK+zkAhbbXfvnghgzg99OhAuiaCrkesjlxOQXBnOQPIM81Yt4SxlCuZ+WbS N74r2EQNxhp0lyJHAnXJG5QazZI0a3jDlJd326LefBsYG3dVdYZut8GuSEA1fKEb mk1Q01vaZGhhDiD/BBlItCTCsc0NGsBxJs24aNrqjZA1VoQBED9cJZSJTToEgbm6 OB//gIkF+v0youq7YY1cAK0PEIEiT6lM5Keh8yhGUNn3rg6yihi9obIPngI9dJqR zclb1u254fz3lw2UK8nlWww9gb62U14K10CqCtGsc+l8Dro5q04= =QaMd -----END PGP SIGNATURE----- --+HU34u6xXLf/Fq2I--