From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202508 header.b=TTWaHxpN;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 768495A0278
	for <passt-dev@passt.top>; Fri, 12 Sep 2025 07:08:19 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202508; t=1757653695;
	bh=n6qCCbTV211IJ9SXwd93vZMgBUiiiKZZ8xdRz1EgFzU=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=TTWaHxpN4/3mNZFnNA2lU2QvDl22nPwY42ewzYqLUoL8r5IHAk/u+lSwU0CdgHR0N
	 IJPulREfwXp767fPSlicCc7Lzbyu2lOvAfj9I+X3YdUVlI/PKpchlyQTOamS9BI2lG
	 v7bJD4HDmurgNoUuVuuf3VQP1Ezx9Ck4b07RWEK5iACdEh6PsLvzHnuNatpKXE45+6
	 RLIPZhcfOl9Y2Tii8spvPa17/Ez3Bngt+HYbi/cx6Ua6Vhf4/cuhdolgWBuBP7fn38
	 7Sun9U6bNSvbvFsbHEfUPmtUnSIV28v8JWQ3XjRs6YwhHwmU9U2xtqbXTPxs6zff9A
	 ytLULHGfXZ6hg==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4cNMrb41LPz4wC6; Fri, 12 Sep 2025 15:08:15 +1000 (AEST)
Date: Fri, 12 Sep 2025 13:29:14 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Volker Diels-Grabsch <v@njh.eu>
Subject: Re: [PATCH v5 5/5] Send an initial ARP and NDP request to resolve
 the guest IP address
Message-ID: <aMOTinHQe8Ole4RR@zatzit>
References: <20250911201900.237677-2-v@njh.eu>
 <20250911201900.237677-10-v@njh.eu>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="rUHn1Zil0iTMKzwy"
Content-Disposition: inline
In-Reply-To: <20250911201900.237677-10-v@njh.eu>
Message-ID-Hash: VST6BAFOUWAUWL6F26P6Z6COZLUIPPRA
X-Message-ID-Hash: VST6BAFOUWAUWL6F26P6Z6COZLUIPPRA
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aMOTinHQe8Ole4RR@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/VST6BAFOUWAUWL6F26P6Z6COZLUIPPRA/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--rUHn1Zil0iTMKzwy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 11, 2025 at 10:19:05PM +0200, Volker Diels-Grabsch wrote:
11;rgb:ffff/ffff/ffff> When restarting passt while QEMU keeps running with =
a configured
> "reconnect-ms" setting, the port forwardings will stop working until
> the guest sends some outgoing network traffic.
>=20
> Reason: Although QEMU reconnects successfully to the unix domain
> socket of the new passt process, that one no longer knows the guest's
> MAC address and uses instead the broadcast MAC address.  However, this
> is ignored by the guest, at least if the guest runs Linux.  Only after
> the guest sends some network package on its own initiative, passt will
> know the MAC address and will be able to establish forwarded
> connections.
>=20
> This change fixes this issue by sending an ARP and an NDP request to
> resolve the guest's MAC address via its IPv4 and IPv6 address, which
> we do know, right after the unix domain socket (re)connection.
>=20
> The only case where the IP is "wrong" would be if the configuration
> changed, or on the very first start right after qemu started.  But in
> those cases, we just wouldn't get an ARP/NDP response, and can't do
> anything until we receive the guest's DHCP request - just as before.
> In other words, in the worst case the ARP/NDP requests would be
> harmless.
>=20
> Signed-off-by: Volker Diels-Grabsch <v@njh.eu>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
> v4:
>   - Shorten debug() messages
>   - Split out unrelated improvements into separate patches
> ---
>  arp.c   | 34 ++++++++++++++++++++++++++++++++++
>  arp.h   |  1 +
>  ndp.c   | 20 ++++++++++++++++++++
>  ndp.h   |  1 +
>  passt.1 |  4 ++--
>  tap.c   |  5 +++++
>  6 files changed, 63 insertions(+), 2 deletions(-)
>=20
> diff --git a/arp.c b/arp.c
> index 44677ad..ad088b1 100644
> --- a/arp.c
> +++ b/arp.c
> @@ -112,3 +112,37 @@ int arp(const struct ctx *c, struct iov_tail *data)
> =20
>  	return 1;
>  }
> +
> +/**
> + * arp_send_init_req() - Send initial ARP request to retrieve guest MAC =
address
> + * @c:		Execution context
> + */
> +void arp_send_init_req(const struct ctx *c)
> +{
> +	struct {
> +		struct ethhdr eh;
> +		struct arphdr ah;
> +		struct arpmsg am;
> +	} __attribute__((__packed__)) req;
> +
> +	/* Ethernet header */
> +	req.eh.h_proto =3D htons(ETH_P_ARP);
> +	memcpy(req.eh.h_dest, MAC_BROADCAST, sizeof(req.eh.h_dest));
> +	memcpy(req.eh.h_source, c->our_tap_mac, sizeof(req.eh.h_source));
> +
> +	/* ARP header */
> +	req.ah.ar_op =3D htons(ARPOP_REQUEST);
> +	req.ah.ar_hrd =3D htons(ARPHRD_ETHER);
> +	req.ah.ar_pro =3D htons(ETH_P_IP);
> +	req.ah.ar_hln =3D ETH_ALEN;
> +	req.ah.ar_pln =3D 4;
> +
> +	/* ARP message */
> +	memcpy(req.am.sha,	c->our_tap_mac,		sizeof(req.am.sha));
> +	memcpy(req.am.sip,	&c->ip4.our_tap_addr,	sizeof(req.am.sip));
> +	memcpy(req.am.tha,	MAC_BROADCAST,		sizeof(req.am.tha));
> +	memcpy(req.am.tip,	&c->ip4.addr,		sizeof(req.am.tip));
> +
> +	debug("Sending initial ARP request for guest MAC address");
> +	tap_send_single(c, &req, sizeof(req));
> +}
> diff --git a/arp.h b/arp.h
> index 86bcbf8..d5ad0e1 100644
> --- a/arp.h
> +++ b/arp.h
> @@ -21,5 +21,6 @@ struct arpmsg {
>  } __attribute__((__packed__));
> =20
>  int arp(const struct ctx *c, struct iov_tail *data);
> +void arp_send_init_req(const struct ctx *c);
> =20
>  #endif /* ARP_H */
> diff --git a/ndp.c b/ndp.c
> index eb090cd..588b48f 100644
> --- a/ndp.c
> +++ b/ndp.c
> @@ -438,3 +438,23 @@ void ndp_timer(const struct ctx *c, const struct tim=
espec *now)
>  first:
>  	next_ra =3D now->tv_sec + interval;
>  }
> +
> +/**
> + * ndp_send_init_req() - Send initial NDP NS to retrieve guest MAC addre=
ss
> + * @c:		Execution context
> + */
> +void ndp_send_init_req(const struct ctx *c)
> +{
> +	struct ndp_ns ns =3D {
> +		.ih =3D {
> +			.icmp6_type		=3D NS,
> +			.icmp6_code		=3D 0,
> +			.icmp6_router		=3D 0, /* Reserved */
> +			.icmp6_solicited	=3D 0, /* Reserved */
> +			.icmp6_override		=3D 0, /* Reserved */
> +		},
> +		.target_addr =3D c->ip6.addr
> +	};
> +	debug("Sending initial NDP NS request for guest MAC address");
> +	ndp_send(c, &c->ip6.addr, &ns, sizeof(ns));
> +}
> diff --git a/ndp.h b/ndp.h
> index b1dd5e8..781ea86 100644
> --- a/ndp.h
> +++ b/ndp.h
> @@ -11,5 +11,6 @@ struct icmp6hdr;
>  int ndp(const struct ctx *c, const struct in6_addr *saddr,
>  	struct iov_tail *data);
>  void ndp_timer(const struct ctx *c, const struct timespec *now);
> +void ndp_send_init_req(const struct ctx *c);
> =20
>  #endif /* NDP_H */
> diff --git a/passt.1 b/passt.1
> index dd00b08..af5726a 100644
> --- a/passt.1
> +++ b/passt.1
> @@ -330,8 +330,8 @@ selected IPv4 default route.
> =20
>  .TP
>  .BR \-\-no-ndp
> -Disable NDP responses. NDP messages coming from guest or target namespac=
e will
> -be ignored.
> +Disable Neighbor Discovery. NDP messages coming from guest or target
> +namespace will be ignored. No initial NDP message will be sent.
> =20
>  .TP
>  .BR \-\-no-dhcpv6
> diff --git a/tap.c b/tap.c
> index ba6d7b4..2a8e11b 100644
> --- a/tap.c
> +++ b/tap.c
> @@ -1359,6 +1359,11 @@ static void tap_start_connection(const struct ctx =
*c)
>  	ev.events =3D EPOLLIN | EPOLLRDHUP;
>  	ev.data.u64 =3D ref.u64;
>  	epoll_ctl(c->epollfd, EPOLL_CTL_ADD, c->fd_tap, &ev);
> +
> +	if (c->ifi4)
> +		arp_send_init_req(c);
> +	if (c->ifi6 && !c->no_ndp)
> +		ndp_send_init_req(c);
>  }
> =20
>  /**
> --=20
> 2.47.3
>=20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--rUHn1Zil0iTMKzwy
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmjDk4kACgkQzQJF27ox
2Gf7+w//Uqn20fqC4H9odga1SnMNBKeddwepv/akwM2uLGWtieOq2mjvSKFBgDqb
rniAa8CGFnpNnH7zKkrW/VacDgmpFlnflQNO0z3EfrJDpGIdtCGlecb2o9grPFHF
wzxqgcdcYs9XvqMKJbmUWw3zK6oRFNPdI9XgyPG8r17KP/m7XPFHh3AoPTLTgBOh
wNMc/KVvv7HBBAW9LHnjnh7mDy42AmpBb5uyRXojGdUNNOlA1MpSn8iMafu43e0+
xtxnXMK1K+KXTIRwG/NLzyunReLLjuMEFttrnZd9RI1hk3iLhvxTWRmYCplgJ0ai
8CZuYKSV5NwXM25szcbEp7hIFlLhU4bkpuySDCUhjL5YLHnybz92dCcnqSag/lxW
39zjcKsD24rnv8oT5OoJBWmu815lBE2mSn3LIgI73DGloDkHgdUrHnft02NW81uH
zXtj77cSZfB7WVLb344xkYlWmHKequpoozxKqLTCDH7MR++YS/aBsf8MwKkRlLHL
e7oeoTc7pybfAiReJCepx3Bhuan8c3jsKTeXjMXUebUnXujbY73WiAbhKMkw/AYN
6gQ2GqzhuUu2HvbVoCn7MESpFvI00jdk5Igu3pli9LcOS3gNBTeC6cL+KX5iaFjW
lLtuz9ocUgWYcU8T+ozdt2xZ4Rlm24eX54cDqZ2XO3DEePL4p0g=
=4Zkt
-----END PGP SIGNATURE-----

--rUHn1Zil0iTMKzwy--