1
0
mirror of https://passt.top/passt synced 2024-12-22 13:45:32 +00:00

treewide: Use "our address" instead of "forwarding address"

The term "forwarding address" to indicate the local-to-passt address was
well-intentioned, but ends up being kinda confusing.  As discussed on a
recent call, let's try "our" instead.

(While we're there correct an error in flow_initiate_af()s comments where
we referred to parameters by the wrong name).

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
David Gibson 2024-08-21 14:19:57 +10:00 committed by Stefano Brivio
parent 32c386834d
commit e6feb5a892
7 changed files with 106 additions and 105 deletions

72
flow.c
View File

@ -127,18 +127,18 @@ static struct timespec flow_timer_run;
* @af: Address family (AF_INET or AF_INET6) * @af: Address family (AF_INET or AF_INET6)
* @eaddr: Endpoint address (pointer to in_addr or in6_addr) * @eaddr: Endpoint address (pointer to in_addr or in6_addr)
* @eport: Endpoint port * @eport: Endpoint port
* @faddr: Forwarding address (pointer to in_addr or in6_addr) * @oaddr: Our address (pointer to in_addr or in6_addr)
* @fport: Forwarding port * @oport: Our port
*/ */
static void flowside_from_af(struct flowside *side, sa_family_t af, static void flowside_from_af(struct flowside *side, sa_family_t af,
const void *eaddr, in_port_t eport, const void *eaddr, in_port_t eport,
const void *faddr, in_port_t fport) const void *oaddr, in_port_t oport)
{ {
if (faddr) if (oaddr)
inany_from_af(&side->faddr, af, faddr); inany_from_af(&side->oaddr, af, oaddr);
else else
side->faddr = inany_any6; side->oaddr = inany_any6;
side->fport = fport; side->oport = oport;
if (eaddr) if (eaddr)
inany_from_af(&side->eaddr, af, eaddr); inany_from_af(&side->eaddr, af, eaddr);
@ -193,8 +193,8 @@ static int flowside_sock_splice(void *arg)
* @tgt: Target flowside * @tgt: Target flowside
* @data: epoll reference portion for protocol handlers * @data: epoll reference portion for protocol handlers
* *
* Return: socket fd of protocol @proto bound to the forwarding address and port * Return: socket fd of protocol @proto bound to our address and port from @tgt
* from @tgt (if specified). * (if specified).
*/ */
int flowside_sock_l4(const struct ctx *c, enum epoll_type type, uint8_t pif, int flowside_sock_l4(const struct ctx *c, enum epoll_type type, uint8_t pif,
const struct flowside *tgt, uint32_t data) const struct flowside *tgt, uint32_t data)
@ -205,11 +205,11 @@ int flowside_sock_l4(const struct ctx *c, enum epoll_type type, uint8_t pif,
ASSERT(pif_is_socket(pif)); ASSERT(pif_is_socket(pif));
pif_sockaddr(c, &sa, &sl, pif, &tgt->faddr, tgt->fport); pif_sockaddr(c, &sa, &sl, pif, &tgt->oaddr, tgt->oport);
switch (pif) { switch (pif) {
case PIF_HOST: case PIF_HOST:
if (inany_is_loopback(&tgt->faddr)) if (inany_is_loopback(&tgt->oaddr))
ifname = NULL; ifname = NULL;
else if (sa.sa_family == AF_INET) else if (sa.sa_family == AF_INET)
ifname = c->ip4.ifname_out; ifname = c->ip4.ifname_out;
@ -309,11 +309,11 @@ static void flow_set_state(struct flow_common *f, enum flow_state state)
pif_name(f->pif[INISIDE]), pif_name(f->pif[INISIDE]),
inany_ntop(&ini->eaddr, estr0, sizeof(estr0)), inany_ntop(&ini->eaddr, estr0, sizeof(estr0)),
ini->eport, ini->eport,
inany_ntop(&ini->faddr, fstr0, sizeof(fstr0)), inany_ntop(&ini->oaddr, fstr0, sizeof(fstr0)),
ini->fport, ini->oport,
pif_name(f->pif[TGTSIDE]), pif_name(f->pif[TGTSIDE]),
inany_ntop(&tgt->faddr, fstr1, sizeof(fstr1)), inany_ntop(&tgt->oaddr, fstr1, sizeof(fstr1)),
tgt->fport, tgt->oport,
inany_ntop(&tgt->eaddr, estr1, sizeof(estr1)), inany_ntop(&tgt->eaddr, estr1, sizeof(estr1)),
tgt->eport); tgt->eport);
else if (MAX(state, oldstate) >= FLOW_STATE_INI) else if (MAX(state, oldstate) >= FLOW_STATE_INI)
@ -321,8 +321,8 @@ static void flow_set_state(struct flow_common *f, enum flow_state state)
pif_name(f->pif[INISIDE]), pif_name(f->pif[INISIDE]),
inany_ntop(&ini->eaddr, estr0, sizeof(estr0)), inany_ntop(&ini->eaddr, estr0, sizeof(estr0)),
ini->eport, ini->eport,
inany_ntop(&ini->faddr, fstr0, sizeof(fstr0)), inany_ntop(&ini->oaddr, fstr0, sizeof(fstr0)),
ini->fport); ini->oport);
} }
/** /**
@ -347,7 +347,7 @@ static void flow_initiate_(union flow *flow, uint8_t pif)
* flow_initiate_af() - Move flow to INI, setting INISIDE details * flow_initiate_af() - Move flow to INI, setting INISIDE details
* @flow: Flow to change state * @flow: Flow to change state
* @pif: pif of the initiating side * @pif: pif of the initiating side
* @af: Address family of @eaddr and @faddr * @af: Address family of @saddr and @daddr
* @saddr: Source address (pointer to in_addr or in6_addr) * @saddr: Source address (pointer to in_addr or in6_addr)
* @sport: Endpoint port * @sport: Endpoint port
* @daddr: Destination address (pointer to in_addr or in6_addr) * @daddr: Destination address (pointer to in_addr or in6_addr)
@ -384,10 +384,10 @@ const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif,
inany_from_sockaddr(&ini->eaddr, &ini->eport, ssa); inany_from_sockaddr(&ini->eaddr, &ini->eport, ssa);
if (inany_v4(&ini->eaddr)) if (inany_v4(&ini->eaddr))
ini->faddr = inany_any4; ini->oaddr = inany_any4;
else else
ini->faddr = inany_any6; ini->oaddr = inany_any6;
ini->fport = dport; ini->oport = dport;
flow_initiate_(flow, pif); flow_initiate_(flow, pif);
return ini; return ini;
} }
@ -432,8 +432,8 @@ const struct flowside *flow_target(const struct ctx *c, union flow *flow,
pif_name(f->pif[INISIDE]), pif_name(f->pif[INISIDE]),
inany_ntop(&ini->eaddr, estr, sizeof(estr)), inany_ntop(&ini->eaddr, estr, sizeof(estr)),
ini->eport, ini->eport,
inany_ntop(&ini->faddr, fstr, sizeof(fstr)), inany_ntop(&ini->oaddr, fstr, sizeof(fstr)),
ini->fport); ini->oport);
} }
if (tgtpif == PIF_NONE) if (tgtpif == PIF_NONE)
@ -561,12 +561,12 @@ static uint64_t flow_hash(const struct ctx *c, uint8_t proto, uint8_t pif,
{ {
struct siphash_state state = SIPHASH_INIT(c->hash_secret); struct siphash_state state = SIPHASH_INIT(c->hash_secret);
inany_siphash_feed(&state, &side->faddr); inany_siphash_feed(&state, &side->oaddr);
inany_siphash_feed(&state, &side->eaddr); inany_siphash_feed(&state, &side->eaddr);
return siphash_final(&state, 38, (uint64_t)proto << 40 | return siphash_final(&state, 38, (uint64_t)proto << 40 |
(uint64_t)pif << 32 | (uint64_t)pif << 32 |
(uint64_t)side->fport << 16 | (uint64_t)side->oport << 16 |
(uint64_t)side->eport); (uint64_t)side->eport);
} }
@ -587,7 +587,7 @@ static uint64_t flow_sidx_hash(const struct ctx *c, flow_sidx_t sidx)
* information, and at least a forwarding port. * information, and at least a forwarding port.
*/ */
ASSERT(pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) && ASSERT(pif != PIF_NONE && !inany_is_unspecified(&side->eaddr) &&
side->eport != 0 && side->fport != 0); side->eport != 0 && side->oport != 0);
return flow_hash(c, FLOW_PROTO(f), pif, side); return flow_hash(c, FLOW_PROTO(f), pif, side);
} }
@ -709,20 +709,20 @@ static flow_sidx_t flowside_lookup(const struct ctx *c, uint8_t proto,
* @pif: Interface of the flow * @pif: Interface of the flow
* @af: Address family, AF_INET or AF_INET6 * @af: Address family, AF_INET or AF_INET6
* @eaddr: Guest side endpoint address (guest local address) * @eaddr: Guest side endpoint address (guest local address)
* @faddr: Guest side forwarding address (guest remote address) * @oaddr: Our guest side address (guest remote address)
* @eport: Guest side endpoint port (guest local port) * @eport: Guest side endpoint port (guest local port)
* @fport: Guest side forwarding port (guest remote port) * @oport: Our guest side port (guest remote port)
* *
* Return: sidx of the matching flow & side, FLOW_SIDX_NONE if not found * Return: sidx of the matching flow & side, FLOW_SIDX_NONE if not found
*/ */
flow_sidx_t flow_lookup_af(const struct ctx *c, flow_sidx_t flow_lookup_af(const struct ctx *c,
uint8_t proto, uint8_t pif, sa_family_t af, uint8_t proto, uint8_t pif, sa_family_t af,
const void *eaddr, const void *faddr, const void *eaddr, const void *oaddr,
in_port_t eport, in_port_t fport) in_port_t eport, in_port_t oport)
{ {
struct flowside side; struct flowside side;
flowside_from_af(&side, af, eaddr, eport, faddr, fport); flowside_from_af(&side, af, eaddr, eport, oaddr, oport);
return flowside_lookup(c, proto, pif, &side); return flowside_lookup(c, proto, pif, &side);
} }
@ -732,22 +732,22 @@ flow_sidx_t flow_lookup_af(const struct ctx *c,
* @proto: Protocol of the flow (IP L4 protocol number) * @proto: Protocol of the flow (IP L4 protocol number)
* @pif: Interface of the flow * @pif: Interface of the flow
* @esa: Socket address of the endpoint * @esa: Socket address of the endpoint
* @fport: Forwarding port number * @oport: Our port number
* *
* Return: sidx of the matching flow & side, FLOW_SIDX_NONE if not found * Return: sidx of the matching flow & side, FLOW_SIDX_NONE if not found
*/ */
flow_sidx_t flow_lookup_sa(const struct ctx *c, uint8_t proto, uint8_t pif, flow_sidx_t flow_lookup_sa(const struct ctx *c, uint8_t proto, uint8_t pif,
const void *esa, in_port_t fport) const void *esa, in_port_t oport)
{ {
struct flowside side = { struct flowside side = {
.fport = fport, .oport = oport,
}; };
inany_from_sockaddr(&side.eaddr, &side.eport, esa); inany_from_sockaddr(&side.eaddr, &side.eport, esa);
if (inany_v4(&side.eaddr)) if (inany_v4(&side.eaddr))
side.faddr = inany_any4; side.oaddr = inany_any4;
else else
side.faddr = inany_any6; side.oaddr = inany_any6;
return flowside_lookup(c, proto, pif, &side); return flowside_lookup(c, proto, pif, &side);
} }

18
flow.h
View File

@ -140,14 +140,14 @@ extern const uint8_t flow_proto[];
/** /**
* struct flowside - Address information for one side of a flow * struct flowside - Address information for one side of a flow
* @eaddr: Endpoint address (remote address from passt's PoV) * @eaddr: Endpoint address (remote address from passt's PoV)
* @faddr: Forwarding address (local address from passt's PoV) * @oaddr: Our address (local address from passt's PoV)
* @eport: Endpoint port * @eport: Endpoint port
* @fport: Forwarding port * @oport: Our port
*/ */
struct flowside { struct flowside {
union inany_addr faddr; union inany_addr oaddr;
union inany_addr eaddr; union inany_addr eaddr;
in_port_t fport; in_port_t oport;
in_port_t eport; in_port_t eport;
}; };
@ -162,8 +162,8 @@ static inline bool flowside_eq(const struct flowside *left,
{ {
return inany_equals(&left->eaddr, &right->eaddr) && return inany_equals(&left->eaddr, &right->eaddr) &&
left->eport == right->eport && left->eport == right->eport &&
inany_equals(&left->faddr, &right->faddr) && inany_equals(&left->oaddr, &right->oaddr) &&
left->fport == right->fport; left->oport == right->oport;
} }
int flowside_sock_l4(const struct ctx *c, enum epoll_type type, uint8_t pif, int flowside_sock_l4(const struct ctx *c, enum epoll_type type, uint8_t pif,
@ -240,10 +240,10 @@ uint64_t flow_hash_insert(const struct ctx *c, flow_sidx_t sidx);
void flow_hash_remove(const struct ctx *c, flow_sidx_t sidx); void flow_hash_remove(const struct ctx *c, flow_sidx_t sidx);
flow_sidx_t flow_lookup_af(const struct ctx *c, flow_sidx_t flow_lookup_af(const struct ctx *c,
uint8_t proto, uint8_t pif, sa_family_t af, uint8_t proto, uint8_t pif, sa_family_t af,
const void *eaddr, const void *faddr, const void *eaddr, const void *oaddr,
in_port_t eport, in_port_t fport); in_port_t eport, in_port_t oport);
flow_sidx_t flow_lookup_sa(const struct ctx *c, uint8_t proto, uint8_t pif, flow_sidx_t flow_lookup_sa(const struct ctx *c, uint8_t proto, uint8_t pif,
const void *esa, in_port_t fport); const void *esa, in_port_t oport);
union flow; union flow;

70
fwd.c
View File

@ -167,7 +167,7 @@ void fwd_scan_ports_init(struct ctx *c)
static bool is_dns_flow(uint8_t proto, const struct flowside *ini) static bool is_dns_flow(uint8_t proto, const struct flowside *ini)
{ {
return ((proto == IPPROTO_UDP) || (proto == IPPROTO_TCP)) && return ((proto == IPPROTO_UDP) || (proto == IPPROTO_TCP)) &&
((ini->fport == 53) || (ini->fport == 853)); ((ini->oport == 53) || (ini->oport == 853));
} }
/** /**
@ -184,33 +184,33 @@ uint8_t fwd_nat_from_tap(const struct ctx *c, uint8_t proto,
const struct flowside *ini, struct flowside *tgt) const struct flowside *ini, struct flowside *tgt)
{ {
if (is_dns_flow(proto, ini) && if (is_dns_flow(proto, ini) &&
inany_equals4(&ini->faddr, &c->ip4.dns_match)) inany_equals4(&ini->oaddr, &c->ip4.dns_match))
tgt->eaddr = inany_from_v4(c->ip4.dns_host); tgt->eaddr = inany_from_v4(c->ip4.dns_host);
else if (is_dns_flow(proto, ini) && else if (is_dns_flow(proto, ini) &&
inany_equals6(&ini->faddr, &c->ip6.dns_match)) inany_equals6(&ini->oaddr, &c->ip6.dns_match))
tgt->eaddr.a6 = c->ip6.dns_host; tgt->eaddr.a6 = c->ip6.dns_host;
else if (!c->no_map_gw && inany_equals4(&ini->faddr, &c->ip4.gw)) else if (!c->no_map_gw && inany_equals4(&ini->oaddr, &c->ip4.gw))
tgt->eaddr = inany_loopback4; tgt->eaddr = inany_loopback4;
else if (!c->no_map_gw && inany_equals6(&ini->faddr, &c->ip6.gw)) else if (!c->no_map_gw && inany_equals6(&ini->oaddr, &c->ip6.gw))
tgt->eaddr = inany_loopback6; tgt->eaddr = inany_loopback6;
else else
tgt->eaddr = ini->faddr; tgt->eaddr = ini->oaddr;
tgt->eport = ini->fport; tgt->eport = ini->oport;
/* The relevant addr_out controls the host side source address. This /* The relevant addr_out controls the host side source address. This
* may be unspecified, which allows the kernel to pick an address. * may be unspecified, which allows the kernel to pick an address.
*/ */
if (inany_v4(&tgt->eaddr)) if (inany_v4(&tgt->eaddr))
tgt->faddr = inany_from_v4(c->ip4.addr_out); tgt->oaddr = inany_from_v4(c->ip4.addr_out);
else else
tgt->faddr.a6 = c->ip6.addr_out; tgt->oaddr.a6 = c->ip6.addr_out;
/* Let the kernel pick a host side source port */ /* Let the kernel pick a host side source port */
tgt->fport = 0; tgt->oport = 0;
if (proto == IPPROTO_UDP) { if (proto == IPPROTO_UDP) {
/* But for UDP we preserve the source port */ /* But for UDP we preserve the source port */
tgt->fport = ini->eport; tgt->oport = ini->eport;
} }
return PIF_HOST; return PIF_HOST;
@ -230,13 +230,13 @@ uint8_t fwd_nat_from_splice(const struct ctx *c, uint8_t proto,
const struct flowside *ini, struct flowside *tgt) const struct flowside *ini, struct flowside *tgt)
{ {
if (!inany_is_loopback(&ini->eaddr) || if (!inany_is_loopback(&ini->eaddr) ||
(!inany_is_loopback(&ini->faddr) && !inany_is_unspecified(&ini->faddr))) { (!inany_is_loopback(&ini->oaddr) && !inany_is_unspecified(&ini->oaddr))) {
char estr[INANY_ADDRSTRLEN], fstr[INANY_ADDRSTRLEN]; char estr[INANY_ADDRSTRLEN], fstr[INANY_ADDRSTRLEN];
debug("Non loopback address on %s: [%s]:%hu -> [%s]:%hu", debug("Non loopback address on %s: [%s]:%hu -> [%s]:%hu",
pif_name(PIF_SPLICE), pif_name(PIF_SPLICE),
inany_ntop(&ini->eaddr, estr, sizeof(estr)), ini->eport, inany_ntop(&ini->eaddr, estr, sizeof(estr)), ini->eport,
inany_ntop(&ini->faddr, fstr, sizeof(fstr)), ini->fport); inany_ntop(&ini->oaddr, fstr, sizeof(fstr)), ini->oport);
return PIF_NONE; return PIF_NONE;
} }
@ -248,20 +248,20 @@ uint8_t fwd_nat_from_splice(const struct ctx *c, uint8_t proto,
/* Preserve the specific loopback adddress used, but let the kernel pick /* Preserve the specific loopback adddress used, but let the kernel pick
* a source port on the target side * a source port on the target side
*/ */
tgt->faddr = ini->eaddr; tgt->oaddr = ini->eaddr;
tgt->fport = 0; tgt->oport = 0;
tgt->eport = ini->fport; tgt->eport = ini->oport;
if (proto == IPPROTO_TCP) if (proto == IPPROTO_TCP)
tgt->eport += c->tcp.fwd_out.delta[tgt->eport]; tgt->eport += c->tcp.fwd_out.delta[tgt->eport];
else if (proto == IPPROTO_UDP) else if (proto == IPPROTO_UDP)
tgt->eport += c->udp.fwd_out.delta[tgt->eport]; tgt->eport += c->udp.fwd_out.delta[tgt->eport];
/* Let the kernel pick a host side source port */ /* Let the kernel pick a host side source port */
tgt->fport = 0; tgt->oport = 0;
if (proto == IPPROTO_UDP) if (proto == IPPROTO_UDP)
/* But for UDP preserve the source port */ /* But for UDP preserve the source port */
tgt->fport = ini->eport; tgt->oport = ini->eport;
return PIF_HOST; return PIF_HOST;
} }
@ -280,7 +280,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
const struct flowside *ini, struct flowside *tgt) const struct flowside *ini, struct flowside *tgt)
{ {
/* Common for spliced and non-spliced cases */ /* Common for spliced and non-spliced cases */
tgt->eport = ini->fport; tgt->eport = ini->oport;
if (proto == IPPROTO_TCP) if (proto == IPPROTO_TCP)
tgt->eport += c->tcp.fwd_in.delta[tgt->eport]; tgt->eport += c->tcp.fwd_in.delta[tgt->eport];
else if (proto == IPPROTO_UDP) else if (proto == IPPROTO_UDP)
@ -293,11 +293,11 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
/* Preserve the specific loopback adddress used, but let the /* Preserve the specific loopback adddress used, but let the
* kernel pick a source port on the target side * kernel pick a source port on the target side
*/ */
tgt->faddr = ini->eaddr; tgt->oaddr = ini->eaddr;
tgt->fport = 0; tgt->oport = 0;
if (proto == IPPROTO_UDP) if (proto == IPPROTO_UDP)
/* But for UDP preserve the source port */ /* But for UDP preserve the source port */
tgt->fport = ini->eport; tgt->oport = ini->eport;
if (inany_v4(&ini->eaddr)) if (inany_v4(&ini->eaddr))
tgt->eaddr = inany_loopback4; tgt->eaddr = inany_loopback4;
@ -307,26 +307,26 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
return PIF_SPLICE; return PIF_SPLICE;
} }
tgt->faddr = ini->eaddr; tgt->oaddr = ini->eaddr;
tgt->fport = ini->eport; tgt->oport = ini->eport;
if (inany_is_loopback4(&tgt->faddr) || if (inany_is_loopback4(&tgt->oaddr) ||
inany_is_unspecified4(&tgt->faddr) || inany_is_unspecified4(&tgt->oaddr) ||
inany_equals4(&tgt->faddr, &c->ip4.addr_seen)) { inany_equals4(&tgt->oaddr, &c->ip4.addr_seen)) {
tgt->faddr = inany_from_v4(c->ip4.gw); tgt->oaddr = inany_from_v4(c->ip4.gw);
} else if (inany_is_loopback6(&tgt->faddr) || } else if (inany_is_loopback6(&tgt->oaddr) ||
inany_equals6(&tgt->faddr, &c->ip6.addr_seen) || inany_equals6(&tgt->oaddr, &c->ip6.addr_seen) ||
inany_equals6(&tgt->faddr, &c->ip6.addr)) { inany_equals6(&tgt->oaddr, &c->ip6.addr)) {
if (IN6_IS_ADDR_LINKLOCAL(&c->ip6.gw)) if (IN6_IS_ADDR_LINKLOCAL(&c->ip6.gw))
tgt->faddr.a6 = c->ip6.gw; tgt->oaddr.a6 = c->ip6.gw;
else else
tgt->faddr.a6 = c->ip6.addr_ll; tgt->oaddr.a6 = c->ip6.addr_ll;
} }
if (inany_v4(&tgt->faddr)) { if (inany_v4(&tgt->oaddr)) {
tgt->eaddr = inany_from_v4(c->ip4.addr_seen); tgt->eaddr = inany_from_v4(c->ip4.addr_seen);
} else { } else {
if (inany_is_linklocal6(&tgt->faddr)) if (inany_is_linklocal6(&tgt->oaddr))
tgt->eaddr.a6 = c->ip6.addr_ll_seen; tgt->eaddr.a6 = c->ip6.addr_ll_seen;
else else
tgt->eaddr.a6 = c->ip6.addr_seen; tgt->eaddr.a6 = c->ip6.addr_seen;

4
icmp.c
View File

@ -125,13 +125,13 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
ini->eport, seq); ini->eport, seq);
if (pingf->f.type == FLOW_PING4) { if (pingf->f.type == FLOW_PING4) {
const struct in_addr *saddr = inany_v4(&ini->faddr); const struct in_addr *saddr = inany_v4(&ini->oaddr);
const struct in_addr *daddr = inany_v4(&ini->eaddr); const struct in_addr *daddr = inany_v4(&ini->eaddr);
ASSERT(saddr && daddr); /* Must have IPv4 addresses */ ASSERT(saddr && daddr); /* Must have IPv4 addresses */
tap_icmp4_send(c, *saddr, *daddr, buf, n); tap_icmp4_send(c, *saddr, *daddr, buf, n);
} else if (pingf->f.type == FLOW_PING6) { } else if (pingf->f.type == FLOW_PING6) {
const struct in6_addr *saddr = &ini->faddr.a6; const struct in6_addr *saddr = &ini->oaddr.a6;
const struct in6_addr *daddr = &ini->eaddr.a6; const struct in6_addr *daddr = &ini->eaddr.a6;
tap_icmp6_send(c, saddr, daddr, buf, n); tap_icmp6_send(c, saddr, daddr, buf, n);

33
tcp.c
View File

@ -361,8 +361,8 @@ static const char *tcp_flag_str[] __attribute((__unused__)) = {
static int tcp_sock_init_ext [NUM_PORTS][IP_VERSIONS]; static int tcp_sock_init_ext [NUM_PORTS][IP_VERSIONS];
static int tcp_sock_ns [NUM_PORTS][IP_VERSIONS]; static int tcp_sock_ns [NUM_PORTS][IP_VERSIONS];
/* Table of guest side forwarding addresses with very low RTT (assumed /* Table of our guest side addresses with very low RTT (assumed to be local to
* to be local to the host), LRU * the host), LRU
*/ */
static union inany_addr low_rtt_dst[LOW_RTT_TABLE_SIZE]; static union inany_addr low_rtt_dst[LOW_RTT_TABLE_SIZE];
@ -663,7 +663,7 @@ static int tcp_rtt_dst_low(const struct tcp_tap_conn *conn)
int i; int i;
for (i = 0; i < LOW_RTT_TABLE_SIZE; i++) for (i = 0; i < LOW_RTT_TABLE_SIZE; i++)
if (inany_equals(&tapside->faddr, low_rtt_dst + i)) if (inany_equals(&tapside->oaddr, low_rtt_dst + i))
return 1; return 1;
return 0; return 0;
@ -686,7 +686,7 @@ static void tcp_rtt_dst_check(const struct tcp_tap_conn *conn,
return; return;
for (i = 0; i < LOW_RTT_TABLE_SIZE; i++) { for (i = 0; i < LOW_RTT_TABLE_SIZE; i++) {
if (inany_equals(&tapside->faddr, low_rtt_dst + i)) if (inany_equals(&tapside->oaddr, low_rtt_dst + i))
return; return;
if (hole == -1 && IN6_IS_ADDR_UNSPECIFIED(low_rtt_dst + i)) if (hole == -1 && IN6_IS_ADDR_UNSPECIFIED(low_rtt_dst + i))
hole = i; hole = i;
@ -698,7 +698,7 @@ static void tcp_rtt_dst_check(const struct tcp_tap_conn *conn,
if (hole == -1) if (hole == -1)
return; return;
low_rtt_dst[hole++] = tapside->faddr; low_rtt_dst[hole++] = tapside->oaddr;
if (hole == LOW_RTT_TABLE_SIZE) if (hole == LOW_RTT_TABLE_SIZE)
hole = 0; hole = 0;
inany_from_af(low_rtt_dst + hole, AF_INET6, &in6addr_any); inany_from_af(low_rtt_dst + hole, AF_INET6, &in6addr_any);
@ -881,7 +881,7 @@ static void tcp_fill_header(struct tcphdr *th,
{ {
const struct flowside *tapside = TAPFLOW(conn); const struct flowside *tapside = TAPFLOW(conn);
th->source = htons(tapside->fport); th->source = htons(tapside->oport);
th->dest = htons(tapside->eport); th->dest = htons(tapside->eport);
th->seq = htonl(seq); th->seq = htonl(seq);
th->ack_seq = htonl(conn->seq_ack_to_tap); th->ack_seq = htonl(conn->seq_ack_to_tap);
@ -913,7 +913,7 @@ static size_t tcp_fill_headers4(const struct tcp_tap_conn *conn,
uint32_t seq) uint32_t seq)
{ {
const struct flowside *tapside = TAPFLOW(conn); const struct flowside *tapside = TAPFLOW(conn);
const struct in_addr *src4 = inany_v4(&tapside->faddr); const struct in_addr *src4 = inany_v4(&tapside->oaddr);
const struct in_addr *dst4 = inany_v4(&tapside->eaddr); const struct in_addr *dst4 = inany_v4(&tapside->eaddr);
size_t l4len = dlen + sizeof(*th); size_t l4len = dlen + sizeof(*th);
size_t l3len = l4len + sizeof(*iph); size_t l3len = l4len + sizeof(*iph);
@ -957,7 +957,7 @@ static size_t tcp_fill_headers6(const struct tcp_tap_conn *conn,
size_t l4len = dlen + sizeof(*th); size_t l4len = dlen + sizeof(*th);
ip6h->payload_len = htons(l4len); ip6h->payload_len = htons(l4len);
ip6h->saddr = tapside->faddr.a6; ip6h->saddr = tapside->oaddr.a6;
ip6h->daddr = tapside->eaddr.a6; ip6h->daddr = tapside->eaddr.a6;
ip6h->hop_limit = 255; ip6h->hop_limit = 255;
@ -992,7 +992,7 @@ size_t tcp_l2_buf_fill_headers(const struct tcp_tap_conn *conn,
const uint16_t *check, uint32_t seq) const uint16_t *check, uint32_t seq)
{ {
const struct flowside *tapside = TAPFLOW(conn); const struct flowside *tapside = TAPFLOW(conn);
const struct in_addr *a4 = inany_v4(&tapside->faddr); const struct in_addr *a4 = inany_v4(&tapside->oaddr);
if (a4) { if (a4) {
return tcp_fill_headers4(conn, iov[TCP_IOV_TAP].iov_base, return tcp_fill_headers4(conn, iov[TCP_IOV_TAP].iov_base,
@ -1417,15 +1417,15 @@ static void tcp_bind_outbound(const struct ctx *c,
socklen_t sl; socklen_t sl;
pif_sockaddr(c, &bind_sa, &sl, PIF_HOST, &tgt->faddr, tgt->fport); pif_sockaddr(c, &bind_sa, &sl, PIF_HOST, &tgt->oaddr, tgt->oport);
if (!inany_is_unspecified(&tgt->faddr) || tgt->fport) { if (!inany_is_unspecified(&tgt->oaddr) || tgt->oport) {
if (bind(s, &bind_sa.sa, sl)) { if (bind(s, &bind_sa.sa, sl)) {
char sstr[INANY_ADDRSTRLEN]; char sstr[INANY_ADDRSTRLEN];
flow_dbg(conn, flow_dbg(conn,
"Can't bind TCP outbound socket to %s:%hu: %s", "Can't bind TCP outbound socket to %s:%hu: %s",
inany_ntop(&tgt->faddr, sstr, sizeof(sstr)), inany_ntop(&tgt->oaddr, sstr, sizeof(sstr)),
tgt->fport, strerror(errno)); tgt->oport, strerror(errno));
} }
} }
@ -1497,12 +1497,12 @@ static void tcp_conn_from_tap(struct ctx *c, sa_family_t af,
conn = FLOW_SET_TYPE(flow, FLOW_TCP, tcp); conn = FLOW_SET_TYPE(flow, FLOW_TCP, tcp);
if (!inany_is_unicast(&ini->eaddr) || ini->eport == 0 || if (!inany_is_unicast(&ini->eaddr) || ini->eport == 0 ||
!inany_is_unicast(&ini->faddr) || ini->fport == 0) { !inany_is_unicast(&ini->oaddr) || ini->oport == 0) {
char sstr[INANY_ADDRSTRLEN], dstr[INANY_ADDRSTRLEN]; char sstr[INANY_ADDRSTRLEN], dstr[INANY_ADDRSTRLEN];
debug("Invalid endpoint in TCP SYN: %s:%hu -> %s:%hu", debug("Invalid endpoint in TCP SYN: %s:%hu -> %s:%hu",
inany_ntop(&ini->eaddr, sstr, sizeof(sstr)), ini->eport, inany_ntop(&ini->eaddr, sstr, sizeof(sstr)), ini->eport,
inany_ntop(&ini->faddr, dstr, sizeof(dstr)), ini->fport); inany_ntop(&ini->oaddr, dstr, sizeof(dstr)), ini->oport);
goto cancel; goto cancel;
} }
@ -2100,7 +2100,8 @@ void tcp_listen_handler(struct ctx *c, union epoll_ref ref,
goto cancel; goto cancel;
/* FIXME: When listening port has a specific bound address, record that /* FIXME: When listening port has a specific bound address, record that
* as the forwarding address */ * as our address
*/
ini = flow_initiate_sa(flow, ref.tcp_listen.pif, &sa, ini = flow_initiate_sa(flow, ref.tcp_listen.pif, &sa,
ref.tcp_listen.port); ref.tcp_listen.port);

View File

@ -44,7 +44,7 @@
#define TAPFLOW(conn_) (&((conn_)->f.side[TAPSIDE(conn_)])) #define TAPFLOW(conn_) (&((conn_)->f.side[TAPSIDE(conn_)]))
#define TAP_SIDX(conn_) (FLOW_SIDX((conn_), TAPSIDE(conn_))) #define TAP_SIDX(conn_) (FLOW_SIDX((conn_), TAPSIDE(conn_)))
#define CONN_V4(conn) (!!inany_v4(&TAPFLOW(conn)->faddr)) #define CONN_V4(conn) (!!inany_v4(&TAPFLOW(conn)->oaddr))
#define CONN_V6(conn) (!CONN_V4(conn)) #define CONN_V6(conn) (!CONN_V4(conn))
/* /*

12
udp.c
View File

@ -321,7 +321,7 @@ static void udp_splice_send(const struct ctx *c, size_t start, size_t n,
static size_t udp_update_hdr4(struct iphdr *ip4h, struct udp_payload_t *bp, static size_t udp_update_hdr4(struct iphdr *ip4h, struct udp_payload_t *bp,
const struct flowside *toside, size_t dlen) const struct flowside *toside, size_t dlen)
{ {
const struct in_addr *src = inany_v4(&toside->faddr); const struct in_addr *src = inany_v4(&toside->oaddr);
const struct in_addr *dst = inany_v4(&toside->eaddr); const struct in_addr *dst = inany_v4(&toside->eaddr);
size_t l4len = dlen + sizeof(bp->uh); size_t l4len = dlen + sizeof(bp->uh);
size_t l3len = l4len + sizeof(*ip4h); size_t l3len = l4len + sizeof(*ip4h);
@ -333,7 +333,7 @@ static size_t udp_update_hdr4(struct iphdr *ip4h, struct udp_payload_t *bp,
ip4h->saddr = src->s_addr; ip4h->saddr = src->s_addr;
ip4h->check = csum_ip4_header(l3len, IPPROTO_UDP, *src, *dst); ip4h->check = csum_ip4_header(l3len, IPPROTO_UDP, *src, *dst);
bp->uh.source = htons(toside->fport); bp->uh.source = htons(toside->oport);
bp->uh.dest = htons(toside->eport); bp->uh.dest = htons(toside->eport);
bp->uh.len = htons(l4len); bp->uh.len = htons(l4len);
csum_udp4(&bp->uh, *src, *dst, bp->data, dlen); csum_udp4(&bp->uh, *src, *dst, bp->data, dlen);
@ -357,15 +357,15 @@ static size_t udp_update_hdr6(struct ipv6hdr *ip6h, struct udp_payload_t *bp,
ip6h->payload_len = htons(l4len); ip6h->payload_len = htons(l4len);
ip6h->daddr = toside->eaddr.a6; ip6h->daddr = toside->eaddr.a6;
ip6h->saddr = toside->faddr.a6; ip6h->saddr = toside->oaddr.a6;
ip6h->version = 6; ip6h->version = 6;
ip6h->nexthdr = IPPROTO_UDP; ip6h->nexthdr = IPPROTO_UDP;
ip6h->hop_limit = 255; ip6h->hop_limit = 255;
bp->uh.source = htons(toside->fport); bp->uh.source = htons(toside->oport);
bp->uh.dest = htons(toside->eport); bp->uh.dest = htons(toside->eport);
bp->uh.len = ip6h->payload_len; bp->uh.len = ip6h->payload_len;
csum_udp6(&bp->uh, &toside->faddr.a6, &toside->eaddr.a6, bp->data, dlen); csum_udp6(&bp->uh, &toside->oaddr.a6, &toside->eaddr.a6, bp->data, dlen);
return l4len; return l4len;
} }
@ -384,7 +384,7 @@ static void udp_tap_prepare(const struct mmsghdr *mmh, unsigned idx,
struct udp_meta_t *bm = &udp_meta[idx]; struct udp_meta_t *bm = &udp_meta[idx];
size_t l4len; size_t l4len;
if (!inany_v4(&toside->eaddr) || !inany_v4(&toside->faddr)) { if (!inany_v4(&toside->eaddr) || !inany_v4(&toside->oaddr)) {
l4len = udp_update_hdr6(&bm->ip6h, bp, toside, mmh[idx].msg_len); l4len = udp_update_hdr6(&bm->ip6h, bp, toside, mmh[idx].msg_len);
tap_hdr_update(&bm->taph, l4len + sizeof(bm->ip6h) + tap_hdr_update(&bm->taph, l4len + sizeof(bm->ip6h) +
sizeof(udp6_eth_hdr)); sizeof(udp6_eth_hdr));