From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=chF9r8hD; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 7556C5A0272 for ; Mon, 03 Mar 2025 17:42:06 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1741020125; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=367N6IP2z9NX1wKvsfp1zeDvwPC9FPUWioeVnYGWEx0=; b=chF9r8hDAg+PRm1qirIXCxX1fa2SBxmRttmwqUT4TpAEJYpJVd+LsytkUJ85GyUbjK4Ond cTJd6ivyLRNtlPa0RSJRAPdsXu9GnolPUrIms/evCQSesun8V8WGEXMN60Dbrp++OmKZm8 YrfPiklOgUZx+UyZa99qIl5K8N2Pwdg= Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-626-c6i1f84uOPeRM1bdadnOaw-1; Mon, 03 Mar 2025 11:41:58 -0500 X-MC-Unique: c6i1f84uOPeRM1bdadnOaw-1 X-Mimecast-MFC-AGG-ID: c6i1f84uOPeRM1bdadnOaw_1741020110 Received: by mail-qk1-f199.google.com with SMTP id af79cd13be357-7c0b7ee195bso990341885a.1 for ; Mon, 03 Mar 2025 08:41:58 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741020110; x=1741624910; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=367N6IP2z9NX1wKvsfp1zeDvwPC9FPUWioeVnYGWEx0=; b=Ehzqi5mGlR2f+Q+eX2BUTMEgShj5ZrVBWLRstPJitGFyGL152KqDHTVUCwG6wNrvDD 137S8n7YbmcQo4IaMCWgQWNziP+L/5+p/V/ziEvwrOvkqHUSjnRA3FQ9IhlG/JbJF/6A zaqcF5LXuvR8+I5i1KH0U+EyizCxqvaQ+r6IYKQTpbPOIL/3htgYRHUG1F3U5AHcOkwQ RjWN6M/3gp2eDezpm1zvFuL444s/t+ncknPiRv4MQ/vXdLzxXTPkNh41vP6sUsOvzp7T iqZ7scmbqMvMSHV4S/8DzfEsQXJMQlt0vcYKuheM1T9ltUgDRuG09+yufrY52ZtXDLR9 A/Pw== X-Gm-Message-State: AOJu0Yxe4z4OB2etOlwzJeYPAqnCngj74+7lXa0Y98nLhCoSMCV/cW0u c6eKegBHHBFiQ9zekySNkGZdcY7bIzF42AM/RDxOYshP3oOX/fMbywDCiIinAfMXUiJ/E7OZFJc 55ojNFZxA92tM7YaCnmUhPTm5AGBKZPOFkbCZBbgm6+w3ldCbhg== X-Gm-Gg: ASbGncvc3kdlVFmmfqjJa5uDSn6D/nSbfpYBPBath+3eotKc8lqOwd2jT8EZE/lUlHr shCk345x0YYW2YMg5M3jm9/W8Oi0m/BRy4YehDxzK1dSaJ+jfONvX1ugAd3eVugQmZy39WM66J9 I0frITxDL9e4ntTTtktM2bCDWfjCr2hZ3wZGzL0R3SGo4u/17TiUBkzTKZc4NQDGVQqdfInJDyh eqyFDDfVMhroS2OK/Sq5DF8ImInkFVppQFhhAcfoEc5iXkncb3oquUzu3OPF6HHQiIMIdIKcOIb e5NjZ3oT9r6lVnn+AlZrXH0otLRALYt1xDsCUwLvvNWh4a2QAKWxLR0BWN3Ll2s= X-Received: by 2002:a05:620a:801c:b0:7c3:c8fa:7ae0 with SMTP id af79cd13be357-7c3c8fa7c1bmr179812885a.3.1741020110142; Mon, 03 Mar 2025 08:41:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IH8vN55IQecC4G/CiitpVtHZmHOmnKvGDmRrN0Bo5sArsajPGfO78VeJD3go9gZQWuwCzx+uw== X-Received: by 2002:a05:620a:801c:b0:7c3:c8fa:7ae0 with SMTP id af79cd13be357-7c3c8fa7c1bmr179808985a.3.1741020109613; Mon, 03 Mar 2025 08:41:49 -0800 (PST) Received: from ?IPV6:2001:4958:231f:7c01:99a2:ef22:1861:9725? ([2001:4958:231f:7c01:99a2:ef22:1861:9725]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6e89765365csm54730976d6.38.2025.03.03.08.41.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 03 Mar 2025 08:41:49 -0800 (PST) Message-ID: Date: Mon, 3 Mar 2025 11:41:48 -0500 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v8 2/4] udp: create and send ICMPv4 to local peer when applicable To: 7ppKb5bW References: From: Jon Maloy In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: GRYN3v4G0rgjX7KKq8-F12Uw4UpG07cIE1UtaYvhk-8_1741020110 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: 3P3DTRSE3IC3WLIJCJB3PCF5ET7FCSZU X-Message-ID-Hash: 3P3DTRSE3IC3WLIJCJB3PCF5ET7FCSZU X-MailFrom: jmaloy@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: "passt-dev@passt.top" X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 2025-03-03 07:07, 7ppKb5bW wrote: >> +/** >> + * udp_send_conn_fail_icmp4() - Construct and send ICMPv4 to local peer >> + * @c: Execution context >> + * @ee: Extended error descriptor >> + * @ref: epoll reference >> + * @in: First bytes (max 8) of original UDP message body >> + * @dlen: Length of the read part of original UDP message body >> + */ >> +static void udp_send_conn_fail_icmp4(const struct ctx *c, >> + const struct sock_extended_err *ee, >> + const struct flowside *toside, >> + void *in, size_t dlen) >> +{ >> + struct in_addr oaddr = toside->oaddr.v4mapped.a4; >> + struct in_addr eaddr = toside->eaddr.v4mapped.a4; >> + in_port_t eport = toside->eport; >> + in_port_t oport = toside->oport; >> + struct { >> + struct icmphdr icmp4h; >> + struct iphdr ip4h; >> + struct udphdr uh; >> + char data[ICMP4_MAX_DLEN]; >> + } __attribute__((packed, aligned(__alignof__(max_align_t)))) msg; >> + size_t msglen = sizeof(msg) - sizeof(msg.data) + dlen; >> + >> + ASSERT(dlen <= ICMP4_MAX_DLEN); >> + memset(&msg, 0, sizeof(msg)); >> + msg.icmp4h.type = ee->ee_type; >> + msg.icmp4h.code = ee->ee_code; >> + if (ee->ee_type == ICMP_DEST_UNREACH && ee->ee_code == ICMP_FRAG_NEEDED) >> + msg.icmp4h.un.frag.mtu = htons((uint16_t) ee->ee_info); >> + >> + /* Reconstruct the original headers as returned in the ICMP message */ >> + tap_push_ip4h(&msg.ip4h, eaddr, oaddr, dlen, IPPROTO_UDP); >> + tap_push_uh4(&msg.uh, eaddr, eport, oaddr, oport, in, dlen); >> + memcpy(&msg.data, in, dlen); >> + >> + tap_icmp4_send(c, oaddr, eaddr, &msg, msglen); >> +} > > The destination IP of the origin packet might not be the source IP of an ICMP error message, if a router sent this ICMP error message. > > Increase local MTU and try this program: > ``` > #packet-too-big.py > #ip link set eth0 mtu 1520 > from socket import * > import time > IP_RECVERR=0xb > IP_MTU_DISCOVER=0xa > IP_PMTUDISC_PROBE=0x3 > with socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP) as sock: > sock.setsockopt(IPPROTO_IP,IP_RECVERR,1) > sock.setsockopt(IPPROTO_IP,IP_MTU_DISCOVER,IP_PMTUDISC_PROBE) > bigPacket=bytes(1480) > sock.sendto(bigPacket,("151.101.1.6",443)) > time.sleep(0.1) > print(sock.recvmsg(1480,1024,MSG_ERRQUEUE)) > > ``` You are right. The original scope of this series was only to handle ICMP_PORT_UNREACH/ICMP6_DST_UNREACH_NOPORT messages, but now that we inlcude more ICMP types it becomes different, of course. This is easy to fix, though, so I will post a new version where I do that. > >> if (ref.type == EPOLL_TYPE_UDP_REPLY) { >> flow_sidx_t sidx = flow_sidx_opposite(ref.flowside); >> const struct flowside *toside = flowside_at_sidx(sidx); >> - >> - udp_send_conn_fail_icmp4(c, ee, toside, data, rc); >> + size_t dlen = rc; >> + >> + if (hdr->cmsg_level == IPPROTO_IP) { >> + dlen = MIN(dlen, ICMP4_MAX_DLEN); >> + udp_send_conn_fail_icmp4(c, ee, toside, data, dlen); >> + } else if (hdr->cmsg_level == IPPROTO_IPV6) { >> + udp_send_conn_fail_icmp6(c, ee, toside, data, >> + dlen, sidx.flowi); >> + } >> } else { >> trace("Ignoring received IP_RECVERR cmsg on listener socket"); >> } > > If the socket is dual-stack, cmsg_level may not match cmsg_data. > ``` > #dual-stack-test.py > from socket import * > import time > IP_RECVERR=0xb > with socket(AF_INET6,SOCK_DGRAM,IPPROTO_UDP) as sock: > sock.setsockopt(IPPROTO_IP,IP_RECVERR,1) > sock.setsockopt(IPPROTO_IP,IP_TTL,1) > packet=bytes(8) > sock.sendto(packet,("::ffff:151.101.1.6",443)) > time.sleep(0.1) > print(sock.recvmsg(1472,1024,MSG_ERRQUEUE)) > > ``` Yes, this was mentioned at some point during our discussions, and we should eventually handle it, but it is really outside the scope of the current series. ///jon