[Reviewed until 25/32 so far] On Wed, 16 Nov 2022 15:41:59 +1100 David Gibson <david(a)gibson.dropbear.id.au> wrote:struct tcp_conn stores an address which could be IPv6 or IPv4 using a union. We can do this without an additional tag by encoding IPv4 addresses as IPv4-mapped IPv6 addresses. This approach is useful wider than the specific place in tcp_conn, so expose a new 'union inany_addr' like this from a new inany.h. Along with that create a number of helper functions to make working with these "inany" addresses easier. Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au> --- Makefile | 6 ++-- inany.h | 68 ++++++++++++++++++++++++++++++++++++++++ tcp.c | 88 +++++++++++++++++++++++++--------------------------- tcp_conn.h | 15 ++------- tcp_splice.c | 1 + 5 files changed, 117 insertions(+), 61 deletions(-) create mode 100644 inany.h diff --git a/Makefile b/Makefile index 9046b0b..ca453aa 100644 --- a/Makefile +++ b/Makefile @@ -44,9 +44,9 @@ SRCS = $(PASST_SRCS) $(QRAP_SRCS) MANPAGES = passt.1 pasta.1 qrap.1 PASST_HEADERS = arch.h arp.h checksum.h conf.h dhcp.h dhcpv6.h icmp.h \ - isolation.h lineread.h log.h ndp.h netlink.h packet.h passt.h pasta.h \ - pcap.h port_fwd.h siphash.h tap.h tcp.h tcp_conn.h tcp_splice.h udp.h \ - util.h + inany.h isolation.h lineread.h log.h ndp.h netlink.h packet.h passt.h \ + pasta.h pcap.h port_fwd.h siphash.h tap.h tcp.h tcp_conn.h \ + tcp_splice.h udp.h util.h HEADERS = $(PASST_HEADERS) seccomp.h # On gcc 11 and 12, with -O2 and -flto, tcp_hash() and siphash_20b(), if diff --git a/inany.h b/inany.h new file mode 100644 index 0000000..4e53da9 --- /dev/null +++ b/inany.h @@ -0,0 +1,68 @@ +/* SPDX-License-Identifier: AGPL-3.0-or-later + * Copyright Red Hat + * Author: David Gibson <david(a)gibson.dropbear.id.au> + * + * inany.h - Types and helpers for handling addresses which could be + * IPv6 or IPv4 (encoded as IPv4-mapped IPv6 addresses) + */ + +#include <assert.h> + +/** union inany_addr - Represents either an IPv4 or IPv6 address + * @a6: Address as an IPv6 address, may be IPv4-mapped + * @_v4._zero: All zero-bits for an IPv4 address + * @_v4._one: All one-bits for an IPv4 address + * @_v4.a4: If @a6 is an IPv4 mapped address, this is the raw IPv4 address + * + * Fields starting with _ shouldn't be accessed except via helpers. + */ +union inany_addr { + struct in6_addr a6; + struct { + uint8_t _zero[10]; + uint8_t _one[2]; + struct in_addr a4; + } _v4mapped;I'm not sure the extra _ are really worth it. I mean, that's not really enforceable, so saying that v4mapped should only be accessed by helpers should be equivalent.+}; + +/** inany_v4 - Extract IPv4 address, if present, from IPv[46] address + * @addr: IPv4 or IPv6 address + * + * Return: IPv4 address if @addr is IPv4, NULL otherwise + */ +static inline const struct in_addr *inany_v4(const union inany_addr *addr) +{ + if (!IN6_IS_ADDR_V4MAPPED(&addr->a6)) + return NULL; + return &addr->_v4mapped.a4; +} + +/** inany_equals - Compare two IPv[46] addresses + * @a, @b: IPv[46] addresses + * + * Return: true if @a and @b are the same address + */ +static inline bool inany_equals(const union inany_addr *a, + const union inany_addr *b) +{ + return IN6_ARE_ADDR_EQUAL(&a->a6, &b->a6); +} + +/** inany_from_af - Set IPv[46] address from IPv4 or IPv6 address + * @aa: Pointer to store IPv[46] address + * @af: Address family of @addr + * @addr: struct in_addr (IPv4) or struct in6_addr (IPv6) + */ +static inline void inany_from_af(union inany_addr *aa, int af, const void *addr) +{ + if (af == AF_INET6) { + aa->a6 = *((struct in6_addr *)addr); + } else if (af == AF_INET) { + memset(&aa->_v4mapped._zero, 0, sizeof(aa->_v4mapped._zero)); + memset(&aa->_v4mapped._one, 0xff, sizeof(aa->_v4mapped._one)); + aa->_v4mapped.a4 = *((struct in_addr *)addr); + } else { + /* Not valid to call with other address families */ + assert(0); + } +} diff --git a/tcp.c b/tcp.c index 7686766..4040198 100644 --- a/tcp.c +++ b/tcp.c @@ -301,6 +301,7 @@ #include "conf.h" #include "tcp_splice.h" #include "log.h" +#include "inany.h" #include "tcp_conn.h" @@ -404,7 +405,7 @@ struct tcp6_l2_head { /* For MSS6 macro: keep in sync with tcp6_l2_buf_t */ #define OPT_SACK 5 #define OPT_TS 8 -#define CONN_V4(conn) IN6_IS_ADDR_V4MAPPED(&conn->a.a6) +#define CONN_V4(conn) (!!inany_v4(&(conn)->addr)) #define CONN_V6(conn) (!CONN_V4(conn)) #define CONN_IS_CLOSING(conn) \ ((conn->events & ESTABLISHED) && \ @@ -438,7 +439,7 @@ static int tcp_sock_init_ext [NUM_PORTS][IP_VERSIONS]; static int tcp_sock_ns [NUM_PORTS][IP_VERSIONS]; /* Table of destinations with very low RTT (assumed to be local), LRU */ -static struct in6_addr low_rtt_dst[LOW_RTT_TABLE_SIZE]; +static union inany_addr low_rtt_dst[LOW_RTT_TABLE_SIZE]; /* Static buffers */ @@ -861,7 +862,7 @@ static int tcp_rtt_dst_low(const struct tcp_tap_conn *conn) int i; for (i = 0; i < LOW_RTT_TABLE_SIZE; i++) - if (IN6_ARE_ADDR_EQUAL(&conn->a.a6, low_rtt_dst + i)) + if (inany_equals(&conn->addr, low_rtt_dst + i)) return 1; return 0; @@ -883,7 +884,7 @@ static void tcp_rtt_dst_check(const struct tcp_tap_conn *conn, return; for (i = 0; i < LOW_RTT_TABLE_SIZE; i++) { - if (IN6_ARE_ADDR_EQUAL(&conn->a.a6, low_rtt_dst + i)) + if (inany_equals(&conn->addr, low_rtt_dst + i)) return; if (hole == -1 && IN6_IS_ADDR_UNSPECIFIED(low_rtt_dst + i)) hole = i; @@ -895,10 +896,10 @@ static void tcp_rtt_dst_check(const struct tcp_tap_conn *conn, if (hole == -1) return; - memcpy(low_rtt_dst + hole++, &conn->a.a6, sizeof(conn->a.a6)); + low_rtt_dst[hole++] = conn->addr; if (hole == LOW_RTT_TABLE_SIZE) hole = 0; - memcpy(low_rtt_dst + hole, &in6addr_any, sizeof(conn->a.a6)); + inany_from_af(low_rtt_dst + hole, AF_INET6, &in6addr_any); #else (void)conn; (void)tinfo; @@ -1187,13 +1188,14 @@ static int tcp_hash_match(const struct tcp_tap_conn *conn, int af, const void *addr, in_port_t tap_port, in_port_t sock_port) { - if (af == AF_INET && CONN_V4(conn) && - !memcmp(&conn->a.a4.a, addr, sizeof(conn->a.a4.a)) && + const struct in_addr *a4 = inany_v4(&conn->addr); + + if (af == AF_INET && a4 && !memcmp(a4, addr, sizeof(*a4)) && conn->tap_port == tap_port && conn->sock_port == sock_port) return 1; if (af == AF_INET6 && - IN6_ARE_ADDR_EQUAL(&conn->a.a6, addr) && + IN6_ARE_ADDR_EQUAL(&conn->addr.a6, addr) && conn->tap_port == tap_port && conn->sock_port == sock_port) return 1;Note to self or other reviewers: switch to inany_equals() in 22/32. -- Stefano