From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202508 header.b=JpfOqxnC;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id AC1445A0271
	for <passt-dev@passt.top>; Wed, 10 Sep 2025 05:33:57 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202508; t=1757475234;
	bh=fELinLzflQ/opBUouu4JTXZiNY2jAGxitA+l5+FnMo4=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=JpfOqxnCjrzr3BmpJzWDwuc4nVtvRQ20ylQnainMEjII2X5WS8kqkdvAxPyC2aBBC
	 bAEI5fK1OXTjr2pvWvdae2noPyaa+Z6h6jXqNWDY9z+2emRYLzAO5u6X0dzdU/Sqf0
	 FHCSlg7zCIQFtP+Lt67LVdcmItY3aCedK1YKO+dsjdjEq1r0tqJGo7XlrhbhXE1kTj
	 OMsBfJGl5v7UrC2xPT6ardoOj/8ZcstuAKrEeqZdVMCFbjZLiYKQ5kHzQCooEdZaTg
	 lIPv7TcBBAHUH3bJBWCMwNJn5cZe8SRTh8ChHYDCCSccJMyvUL2q82+qgVRmDPrM/9
	 +UGqcVeulEwEw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4cM5rf5sRcz4wB5; Wed, 10 Sep 2025 13:33:54 +1000 (AEST)
Date: Wed, 10 Sep 2025 13:32:34 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Volker Diels-Grabsch <v@njh.eu>
Subject: Re: [PATCH] Send an initial ARP and NDP request to resolve the guest
 IP address
Message-ID: <aMDxUvzIt8JBRa4t@zatzit>
References: <aL_9JTpmc5SH1O_k@6153f789-1cf1-4ca3-8cea-6fa7ae195a8b.njh.eu>
 <20250909145516.762957-1-v@njh.eu>
 <20250909145516.762957-2-v@njh.eu>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="92hYeLGMQgzP4SnT"
Content-Disposition: inline
In-Reply-To: <20250909145516.762957-2-v@njh.eu>
Message-ID-Hash: FOSBCXR4MTGKCRNNGDBRZ5BQITKTZROP
X-Message-ID-Hash: FOSBCXR4MTGKCRNNGDBRZ5BQITKTZROP
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aMDxUvzIt8JBRa4t@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/FOSBCXR4MTGKCRNNGDBRZ5BQITKTZROP/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--92hYeLGMQgzP4SnT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 09, 2025 at 04:49:20PM +0200, Volker Diels-Grabsch wrote:
> When restarting passt while QEMU keeps running with a configured
> "reconnect-ms" setting, the port forwardings will stop working until
> the guest sends some outgoing network traffic.
>=20
> Reason: Although QEMU reconnects successfully to the unix domain
> socket of the new passt process, that one no longer knows the guest's
> MAC address and uses instead the broadcast MAC address.  However, this
> is ignored by the guest, at least if the guest runs Linux.  Only after
> the guest sends some network package on its own initiative, passt will
> know the MAC address and will be able to establish forwarded
> connections.
>=20
> This change fixes this issue by sending an ARP and an NDP request to
> resolve the guest's MAC address via its IPv4 and IPv6 address, which
> we do know, right after the unix domain socket (re)connection.
>=20
> The only case where the IP is "wrong" would be if the configuration
> changed, or on the very first start right after qemu started.  But in
> those cases, we just wouldn't get an ARP/NDP response, and can't do
> anything until we receive the guest's DHCP request - just as before.
> In other words, in the worst case the ARP/NDP requests would be
> harmless.
>=20
> Signed-off-by: Volker Diels-Grabsch <v@njh.eu>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

Two tiny nits that aren't worth a respin, but maybe Stefano will want
to change on merge:

[snip]
> diff --git a/tap.c b/tap.c
> index 7ba6399..ea61eae 100644
> --- a/tap.c
> +++ b/tap.c
> @@ -1088,6 +1088,7 @@ void tap_add_packet(struct ctx *c, struct iov_tail =
*data,
>  {
>  	struct ethhdr eh_storage;
>  	const struct ethhdr *eh;
> +	char bufmac[ETH_ADDRSTRLEN];

We'd generally prefer to move this local to the if block where it's
used.


> =20
>  	pcap_iov(data->iov, data->cnt, data->off);
> =20
> @@ -1097,6 +1098,7 @@ void tap_add_packet(struct ctx *c, struct iov_tail =
*data,
> =20
>  	if (memcmp(c->guest_mac, eh->h_source, ETH_ALEN)) {
>  		memcpy(c->guest_mac, eh->h_source, ETH_ALEN);
> +		info("Guest MAC address: %s", eth_ntop(c->guest_mac, bufmac, sizeof(bu=
fmac)));
>  		proto_update_l2_buf(c->guest_mac, NULL);
>  	}
> =20
> @@ -1355,6 +1357,11 @@ static void tap_start_connection(const struct ctx =
*c)
>  	ev.events =3D EPOLLIN | EPOLLRDHUP;
>  	ev.data.u64 =3D ref.u64;
>  	epoll_ctl(c->epollfd, EPOLL_CTL_ADD, c->fd_tap, &ev);
> +
> +	info("Sending initial ARP and NDP request to retrieve"
> +	     " guest MAC address after reconnect");

I think it's going to be rare that we care about this, so I'd demote
it to a debug().

> +	arp_send_init_req(c);
> +	ndp_send_init_req(c);
>  }
> =20
>  /**
> @@ -1503,11 +1510,12 @@ void tap_backend_init(struct ctx *c)
>  	case MODE_PASST:
>  		tap_sock_unix_init(c);
> =20
> -		/* In passt mode, we don't know the guest's MAC address until it
> -		 * sends us packets.  Use the broadcast address so that our
> -		 * first packets will reach it.
> +		/* In passt mode, we don't know the guest's MAC address until
> +		 * it sends us packets (e.g. responds to our initial ARP or
> +		 * NDP request).  Until then, use the broadcast address so
> +		 * that our first packets will have a chance to reach it.
>  		 */
> -		memset(&c->guest_mac, 0xff, sizeof(c->guest_mac));
> +		memcpy(&c->guest_mac, MAC_BROADCAST, sizeof(c->guest_mac));
>  		break;
>  	}
> =20
> diff --git a/util.h b/util.h
> index 2a8c38f..3719f0c 100644
> --- a/util.h
> +++ b/util.h
> @@ -97,6 +97,7 @@ void abort_with_msg(const char *fmt, ...)
>  #define FD_PROTO(x, proto)						\
>  	(IN_INTERVAL(c->proto.fd_min, c->proto.fd_max, (x)))
> =20
> +#define MAC_BROADCAST		((uint8_t [ETH_ALEN]){ 0xff, 0xff, 0xff, 0xff, 0x=
ff, 0xff })
>  #define MAC_ZERO		((uint8_t [ETH_ALEN]){ 0 })
>  #define MAC_IS_ZERO(addr)	(!memcmp((addr), MAC_ZERO, ETH_ALEN))
> =20
> --=20
> 2.47.3
>=20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--92hYeLGMQgzP4SnT
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmjA8VEACgkQzQJF27ox
2Geogw/9H88ZPTZTk5haXeLpWf4nkUCNhyYlsnRAyJDcTzns7IhHaYS5yhXRuMwb
9nYsl4vUVy53XMxWf3n7x20IWsbrfjTBKU1dKL9fJuPrPXPmSJaMMbu7zfmVqdht
JlEcKVeSp6pWZjfPeBS1S6/mN+UVD+rv51cLv+C4jpUR2N9nazT75EBEtmBZvcpb
mm+aVBPG51vZioMP34k8IefekRoPkYMb7e0jmpG30yINt6ioKPI/xpaOOJtJy3j0
WE65d4cd1HeQnapNwcYdKf+ixMPhcO/m2FWogv8CGXKE3iZe7LcFdepThcWMRkTP
Zj+YqiRRuRaAWDH/YnaaOnwhcbQCpLlrfN1ALUGnQzSwrWYIe4B05sOoPH905o4p
vMBK2OWZ2E2nVHMQLgey2M4YMbMyJl+JCAhSPmSiqqstwwZLH63igzPgGiTWWmUo
YFJ3PjZi/w8YmY/D+5c9+cIs53RjALusFejsi8MzDLZZh5sstUF/q+kMSNu7EBL5
SLN/+Tgl7T11RQmlBghFt7KfvXSLALNsZ1W37cjTi6VC317hJdF9zAXGR9FBGLpT
7bk85GkXzo8ATjS+Lqeba++j/vqZ6QpuYdMAbF3Kv0vXDNy4Y70hx98uyikvw+kR
VK1lwPIcoLKicJkkGPs/gbLt9TGo3qf9j57CDF7Zx5oYcVfMx/U=
=ksdF
-----END PGP SIGNATURE-----

--92hYeLGMQgzP4SnT--