From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=K3C2T1Ta; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 02E995A026D for ; Wed, 27 May 2026 06:40:27 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202602; t=1779856823; bh=P2XgNvDenIsInPMtwidz1cXfxaMWN5LI+3JbERDiDLc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=K3C2T1Ta9Y75vvJYS69orZvGkrwun12LxoL6QTTXlppfG+yZTJ9C1bQN3cp440UwY OuyAI0mC/DMIaD48wCmhw7Yx41gm72c302KzR3SVq1lDgLgHstTlI8pUNZHnid02eN TMiOedSHvvG9mgKMNQH8Ecxhz0QwIewe2UaIfWjkZv4Rhjq67ovtReqbtQVshaFDW0 R2lSVn2McJvYfo+lDGLxL9qlSBKPc+5IuwZsoOgSyH59EF51KUwIZDoaJq+8AdrbCk Rhmh8a2JCnl5eR1gQlAoYLnK5jdPST8Pw1X2vWpkd6Mmt30+3RyfgVjQWiIamB6/v3 WnnEl8GBdJloA== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4gQH3q5Pcsz4wBF; Wed, 27 May 2026 14:40:23 +1000 (AEST) Date: Wed, 27 May 2026 14:40:18 +1000 From: David Gibson To: Jon Maloy Subject: Re: [PATCH v7 12/13] dhcpv6: Select addresses for DHCPv6 distribution Message-ID: References: <20260413005319.3295910-1-jmaloy@redhat.com> <20260413005319.3295910-13-jmaloy@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BLt+LN8Zzv+XZYyD" Content-Disposition: inline In-Reply-To: <20260413005319.3295910-13-jmaloy@redhat.com> Message-ID-Hash: KDWKFT3QL5P4WYOVA7PVSPGJUELJBZ6M X-Message-ID-Hash: KDWKFT3QL5P4WYOVA7PVSPGJUELJBZ6M X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: sbrivio@redhat.com, passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --BLt+LN8Zzv+XZYyD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 12, 2026 at 08:53:18PM -0400, Jon Maloy wrote: > We introduce a CONF_ADDR_DHCPV6 flag to mark if an added address is > eligible for DHCP advertisement. By doing this once and for all s/DHCP/DHCPv6/ > in the fwd_set_addr() function, the DHCPv6 code only needs to check > for this flag to know that all criteria for advertisement are fulfilled. >=20 > We update the code in dhcpv6.c both to use the new flag and to make > it possible to send multiple addresses in a single reply message, > per RFC 8415. >=20 > We also let the conf_print() function use this flag to identify and > print the eligible addresses. >=20 > Signed-off-by: Jon Maloy >=20 > --- > v6: -Refactored the DHCPv6 response structure to use a variable-length > buffer for IA_ADDR options, hopefully making this part of the code > slightly clearer. >=20 > v7: -Adapted to previous changes in this series > -Some minor changes based on feedback > --- > conf.c | 35 ++++++++++++++++---- > dhcpv6.c | 96 ++++++++++++++++++++++++++++++++----------------------- > fwd.c | 3 ++ > migrate.c | 5 +++ > passt.h | 1 + > 5 files changed, 93 insertions(+), 47 deletions(-) >=20 > diff --git a/conf.c b/conf.c > index 612df07..7c705de 100644 > --- a/conf.c > +++ b/conf.c > @@ -1216,21 +1216,42 @@ static void conf_print(const struct ctx *c) > } > =20 > if (c->ifi6) { > + bool has_dhcpv6 =3D false; > + const char *head; > + > if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback)) > info(" NAT to host ::1: %s", > inet_ntop(AF_INET6, &c->ip6.map_host_loopback, > buf, sizeof(buf))); > =20 > - if (!c->no_ndp && !c->no_dhcpv6) > - info("NDP/DHCPv6:"); > - else if (!c->no_dhcpv6) > - info("DHCPv6:"); > - else if (!c->no_ndp) > - info("NDP:"); > - else > + for_each_addr(a, c->addrs, c->addr_count, AF_INET6) { > + if (a->flags & CONF_ADDR_DHCPV6) > + has_dhcpv6 =3D true; > + } > + > + if (c->no_ndp && !has_dhcpv6) > goto dns6; > =20 > a =3D fwd_get_addr(c, AF_INET6, 0, CONF_ADDR_LINKLOCAL); > + if (!c->no_ndp && a) { > + info("NDP:"); > + info(" assign: %s", > + inany_ntop(&a->addr, buf, sizeof(buf))); > + } > + > + if (has_dhcpv6) { > + info("DHCPv6:"); > + head =3D "assign: "; > + for_each_addr(a, c->addrs, c->addr_count, AF_INET6) { > + if (!(a->flags & CONF_ADDR_DHCPV6)) Nit: the check against CONF_ADDR_DHCPV6 is redundant with the check against AF_INET6 built into the loop macro. > + continue; > + info(" %s: %s/%d", head, > + inany_ntop(&a->addr, buf, sizeof(buf)), > + a->prefix_len); > + head =3D " "; > + } > + } > + > if (a) > info(" assign: %s", > inany_ntop(&a->addr, buf, sizeof(buf))); > diff --git a/dhcpv6.c b/dhcpv6.c > index 447aaba..546a3ea 100644 > --- a/dhcpv6.c > +++ b/dhcpv6.c > @@ -31,6 +31,8 @@ > #include "passt.h" > #include "tap.h" > #include "log.h" > +#include "fwd.h" > +#include "conf.h" > =20 > /** > * struct opt_hdr - DHCPv6 option header > @@ -202,56 +204,35 @@ struct msg_hdr { > uint32_t xid:24; > } __attribute__((__packed__)); > =20 > +/* Maximum variable part size: ia_addrs + client_id + dns + search + fqd= n */ > +#define RESP_VAR_MAX (MAX_GUEST_ADDRS * sizeof(struct opt_ia_addr) + \ > + sizeof(struct opt_client_id) + \ > + sizeof(struct opt_dns_servers) + \ > + sizeof(struct opt_dns_search) + \ > + sizeof(struct opt_client_fqdn)) > + > /** > * struct resp_t - Normal advertise and reply message > * @hdr: DHCP message header > * @server_id: Server Identifier option > * @ia_na: Non-temporary Address option > - * @ia_addr: Address for IA_NA > - * @client_id: Client Identifier, variable length > - * @dns_servers: DNS Recursive Name Server, here just for storage size > - * @dns_search: Domain Search List, here just for storage size > - * @client_fqdn: Client FQDN, variable length > + * @var: Variable part: IA_ADDRs, client_id, dns, search, fqdn > */ > static struct resp_t { > struct msg_hdr hdr; > =20 > struct opt_server_id server_id; > struct opt_ia_na ia_na; > - struct opt_ia_addr ia_addr; > - struct opt_client_id client_id; > - struct opt_dns_servers dns_servers; > - struct opt_dns_search dns_search; > - struct opt_client_fqdn client_fqdn; > + uint8_t var[RESP_VAR_MAX]; > } __attribute__((__packed__)) resp =3D { > { 0 }, > SERVER_ID, > =20 > - { { OPT_IA_NA, OPT_SIZE_CONV(sizeof(struct opt_ia_na) + > - sizeof(struct opt_ia_addr) - > - sizeof(struct opt_hdr)) }, > + { { OPT_IA_NA, 0 }, /* Length set dynamically */ > 1, (uint32_t)~0U, (uint32_t)~0U > }, > =20 > - { { OPT_IAAADR, OPT_SIZE(ia_addr) }, > - IN6ADDR_ANY_INIT, (uint32_t)~0U, (uint32_t)~0U > - }, > - > - { { OPT_CLIENTID, 0, }, > - { 0 } > - }, > - > - { { OPT_DNS_SERVERS, 0, }, > - { IN6ADDR_ANY_INIT } > - }, > - > - { { OPT_DNS_SEARCH, 0, }, > - { 0 }, > - }, > - > - { { OPT_CLIENT_FQDN, 0, }, > - 0, { 0 }, > - }, > + { 0 }, /* Variable part filled dynamically */ > }; > =20 > static const struct opt_status_code sc_not_on_link =3D { > @@ -540,6 +521,42 @@ static size_t dhcpv6_client_fqdn_fill(const struct i= ov_tail *data, > return offset + sizeof(struct opt_hdr) + opt_len; > } > =20 > +/** > + * dhcpv6_ia_addr_fill() - Fill IA_ADDR options for all suitable address= es > + * @c: Execution context > + * > + * Fills IA_ADDRs in resp.var with all non-linklocal host or user-provid= ed > + * addresses and updates resp.ia_na.hdr.l with the correct length. > + * > + * Return: number of addresses filled > + */ > +static int dhcpv6_ia_addr_fill(const struct ctx *c) > +{ > + struct opt_ia_addr *ia_addr =3D (struct opt_ia_addr *)resp.var; > + const struct guest_addr *e; > + int count =3D 0; > + > + for_each_addr(e, c->addrs, c->addr_count, AF_INET6) { > + if (!(e->flags & CONF_ADDR_DHCPV6)) > + continue; > + > + ia_addr[count].hdr.t =3D OPT_IAAADR; > + ia_addr[count].hdr.l =3D htons(sizeof(struct opt_ia_addr) - > + sizeof(struct opt_hdr)); > + ia_addr[count].addr =3D e->addr.a6; > + ia_addr[count].pref_lifetime =3D (uint32_t)~0U; > + ia_addr[count].valid_lifetime =3D (uint32_t)~0U; > + count++; > + } > + > + /* Update IA_NA length: header fields + all IA_ADDRs */ > + resp.ia_na.hdr.l =3D htons(sizeof(struct opt_ia_na) - > + sizeof(struct opt_hdr) + > + count * sizeof(struct opt_ia_addr)); > + > + return count; > +} > + > /** > * dhcpv6() - Check if this is a DHCPv6 message, reply as needed > * @c: Execution context > @@ -573,6 +590,7 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > const struct msg_hdr *mh; > struct udphdr uh_storage; > const struct udphdr *uh; > + int addr_count; > size_t mlen, n; > =20 > a =3D fwd_get_addr(c, AF_INET6, 0, CONF_ADDR_LINKLOCAL); > @@ -618,6 +636,7 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > if (ia && ntohs(ia->hdr.l) < MIN(OPT_VSIZE(ia_na), OPT_VSIZE(ia_ta))) > return -1; > =20 > + addr_count =3D dhcpv6_ia_addr_fill(c); > resp.hdr.type =3D TYPE_REPLY; > switch (mh->type) { > case TYPE_REQUEST: > @@ -671,12 +690,14 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > if (ia) > resp.ia_na.iaid =3D ((struct opt_ia_na *)ia)->iaid; > =20 > + /* Client_id goes right after the used IA_ADDRs */ > + n =3D offsetof(struct resp_t, var) + > + addr_count * sizeof(struct opt_ia_addr); > iov_to_buf(&client_id_base.iov[0], client_id_base.cnt, > - client_id_base.off, &resp.client_id, > + client_id_base.off, (char *)&resp + n, > ntohs(client_id->l) + sizeof(struct opt_hdr)); > =20 > - n =3D offsetof(struct resp_t, client_id) + > - sizeof(struct opt_hdr) + ntohs(client_id->l); > + n +=3D sizeof(struct opt_hdr) + ntohs(client_id->l); > n =3D dhcpv6_dns_fill(c, (char *)&resp, n); > n =3D dhcpv6_client_fqdn_fill(data, c, (char *)&resp, n); > =20 > @@ -693,7 +714,6 @@ int dhcpv6(struct ctx *c, struct iov_tail *data, > */ > void dhcpv6_init(const struct ctx *c) > { > - const struct guest_addr *a; > time_t y2k =3D 946684800; /* Epoch to 2000-01-01T00:00:00Z, no mktime()= */ > uint32_t duid_time; > =20 > @@ -706,8 +726,4 @@ void dhcpv6_init(const struct ctx *c) > c->our_tap_mac, sizeof(c->our_tap_mac)); > memcpy(resp_not_on_link.server_id.duid_lladdr, > c->our_tap_mac, sizeof(c->our_tap_mac)); > - > - a =3D fwd_get_addr(c, AF_INET6, 0, CONF_ADDR_LINKLOCAL); > - if (a) > - resp.ia_addr.addr =3D a->addr.a6; > } > diff --git a/fwd.c b/fwd.c > index 39e52c4..2b444fb 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -299,6 +299,9 @@ void fwd_set_addr(struct ctx *c, const union inany_ad= dr *addr, > (flags & CONF_ADDR_HOST && !(flags & CONF_ADDR_LINKLOCAL))) > if (!c->no_dhcp) > flags |=3D CONF_ADDR_DHCP; > + } else if (!(flags & CONF_ADDR_LINKLOCAL)) { > + if (!c->no_dhcpv6) > + flags |=3D CONF_ADDR_DHCPV6; > } > =20 > /* Add to head or tail, depending on flag */ > diff --git a/migrate.c b/migrate.c > index afdc8b4..adcbc63 100644 > --- a/migrate.c > +++ b/migrate.c > @@ -53,6 +53,7 @@ struct migrate_seen_addrs_v2 { > #define MIGRATE_ADDR_LINKLOCAL BIT(2) > #define MIGRATE_ADDR_OBSERVED BIT(3) > #define MIGRATE_ADDR_DHCP BIT(4) > +#define MIGRATE_ADDR_DHCPV6 BIT(5) Same comment as for previous patch. > =20 > /** > * struct migrate_addr_v3 - Migration format for a single address entry > @@ -86,6 +87,8 @@ static uint8_t flags_to_migration(uint8_t flags) > migration |=3D MIGRATE_ADDR_OBSERVED; > if (flags & CONF_ADDR_DHCP) > migration |=3D MIGRATE_ADDR_DHCP; > + if (flags & CONF_ADDR_DHCPV6) > + migration |=3D MIGRATE_ADDR_DHCPV6; > =20 > return migration; > } > @@ -110,6 +113,8 @@ static uint8_t flags_from_migration(uint8_t migration) > flags |=3D CONF_ADDR_OBSERVED; > if (migration & MIGRATE_ADDR_DHCP) > flags |=3D CONF_ADDR_DHCP; > + if (migration & MIGRATE_ADDR_DHCPV6) > + flags |=3D CONF_ADDR_DHCPV6; > =20 > return flags; > } > diff --git a/passt.h b/passt.h > index 9508c2a..028eb7c 100644 > --- a/passt.h > +++ b/passt.h > @@ -84,6 +84,7 @@ struct guest_addr { > #define CONF_ADDR_LINKLOCAL BIT(3) /* Link-local address */ > #define CONF_ADDR_OBSERVED BIT(4) /* Seen in guest traffic */ > #define CONF_ADDR_DHCP BIT(5) /* Advertise via DHCP (IPv4) */ > +#define CONF_ADDR_DHCPV6 BIT(6) /* Advertise via DHCPv6 (IPv6) */ > }; > =20 > /** > --=20 > 2.52.0 >=20 --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --BLt+LN8Zzv+XZYyD Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmoWdbEACgkQzQJF27ox 2Ge2sA//cbkbcozZruIAju89CF42XRXBgEDHGFRGZwC2fxve5FGITjcd1gObwd2o 1NwmgobpVa87BN3+5T89H1dIzHHH/J99C2rNg4W9b5/l8w/CqFG3b8mU7m5LHkNk BnT4rtaanGFk/SmheryRSBK/9SoH3sO3A/CIRQ2m5vlXl+nbo24a9msFoVSt32LV yeI1wmHWrBrcVmRTH+OJpYOp9jxLfIOKR8DNuGhkIv1J0J5cQojVKKzXdimMHoLs kyWM4+WltjEVZHU1wYUXPEBFgAENr+nONSXYxbLBWln7RX0Yx7B64CHZ9x3tWZVM vMwRxm2QM3ZbyONTElyCGwoZxApSB4rOkgc17f8WsQXBexpr4yDXgq4Q7xWaHevd 30H4k3Q6YnrxupEnBJJPmyJSiyPmcYOtGPIIfgmL1bh4rxs5LvwZOTBPN7Ir1uby 71Kp5DG3CYxRogWQOL9congV+z7nHoRwweGfjO4oji8xWq27P5LBIsjSMSkoXgzz Z3kzFIaW3ie7kQfLBvXHDE7H3dVt1MHeDHaTOJTmW2bd4enLkTirXOMR/KXHi7B+ s/mH6BWdPfVF9cebGxDqGkJNatC+rx4Y4ZuyC3zpnPPFwFXEgBlPrKihtzX0G5Yj WLxC8EkCdThoquSBUPV9QzamkP6IeZhksVkZpk92ce9W2Gcbhyg= =N58H -----END PGP SIGNATURE----- --BLt+LN8Zzv+XZYyD--