ping flows now have flow table entries, but we don't populate most of the common information yet. Start doing this by populating the guest side addresses. We set the "port" for both ends of the flow to the ICMP id. With that populated, rather than looking up the correct flow in the icmp_id_map[] array, we can use the flow hash table. Furthermore, we can use the addresses stored in the flow table to direct returning packets, without having to rely on tap_ip[46]_daddr() to reobtain the guest address. This marks the last user of tap_ip4_daddr() so it is also removed. Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au> --- icmp.c | 48 +++++++++++++++++++++++++++++++++++++++--------- tap.c | 11 ----------- tap.h | 1 - 3 files changed, 39 insertions(+), 21 deletions(-) diff --git a/icmp.c b/icmp.c index 27b150d..53ad087 100644 --- a/icmp.c +++ b/icmp.c @@ -42,8 +42,15 @@ #define ICMP_ECHO_TIMEOUT 60 /* s, timeout for ICMP socket activity */ #define ICMP_NUM_IDS (1U << 16) +/* Sides of a flow as we use them for ping streams */ +#define SOCKSIDE 0 +#define TAPSIDE 1 + #define PINGF(idx) (&(FLOW(idx)->ping)) +#define TAPFSIDE(pingf) (&(pingf)->f.side[TAPSIDE]) +#define SOCKFSIDE(pingf) (&(pingf)->f.side[SOCKSIDE]) + /* Indexed by ICMP echo identifier */ static struct icmp_ping_flow *icmp_id_map[IP_VERSIONS][ICMP_NUM_IDS]; @@ -114,11 +121,17 @@ void icmp_sock_handler(const struct ctx *c, int af, union epoll_ref ref) debug("%s: echo reply to tap, ID: %"PRIu16", seq: %"PRIu16, pname, ref.icmp.id, seq); - if (af == AF_INET) - tap_icmp4_send(c, sr.sa4.sin_addr, tap_ip4_daddr(c), buf, n); - else if (af == AF_INET6) - tap_icmp6_send(c, &sr.sa6.sin6_addr, - tap_ip6_daddr(c, &sr.sa6.sin6_addr), buf, n); + if (af == AF_INET) { + const struct in_addr *saddr = inany_v4(&TAPFSIDE(pingf)->faddr); + const struct in_addr *daddr = inany_v4(&TAPFSIDE(pingf)->eaddr); + + ASSERT(saddr && daddr); /* Must have IPv4 addresses */ + tap_icmp4_send(c, *saddr, *daddr, buf, n); + } else if (af == AF_INET6) { + const struct in6_addr *saddr = &TAPFSIDE(pingf)->faddr.a6; + const struct in6_addr *daddr = &TAPFSIDE(pingf)->eaddr.a6; + tap_icmp6_send(c, saddr, daddr, buf, n); + } return; unexpected: @@ -134,6 +147,7 @@ static void icmp_ping_close(const struct ctx *c, struct icmp_ping_flow *pingf) { epoll_ctl(c->epollfd, EPOLL_CTL_DEL, pingf->sock, NULL); close(pingf->sock); + flow_hash_remove(c, FLOW_SIDX(pingf, TAPSIDE)); if (pingf->f.type == FLOW_PING4) icmp_id_map[V4][pingf->id] = NULL; @@ -147,12 +161,15 @@ static void icmp_ping_close(const struct ctx *c, struct icmp_ping_flow *pingf) * @id_map: id map entry of the sequence to open * @af: Address family, AF_INET or AF_INET6 * @id: ICMP id for the new sequence + * @saddr: Source address + * @daddr: Destination address * * Return: Newly opened ping flow, or NULL on failure */ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c, struct icmp_ping_flow **id_map, - int af, uint16_t id) + int af, uint16_t id, + const void *saddr, const void *daddr) { const char *const pname = af == AF_INET ? "ICMP" : "ICMPv6"; uint8_t flowtype = af == AF_INET ? FLOW_PING4 : FLOW_PING6; @@ -196,6 +213,10 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c, debug("%s: new socket %i for echo ID %"PRIu16, pname, s, id); + flowside_from_af(TAPFSIDE(pingf), PIF_TAP, af, daddr, id, saddr, id); + FLOW_NEW_DBG(pingf, TAPSIDE); + flow_hash_insert(c, FLOW_SIDX(pingf, TAPSIDE)); + return pingf; cancel: @@ -229,7 +250,9 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, int af, } sa = { .sa.sa_family = af }; const socklen_t sl = af == AF_INET ? sizeof(sa.sa4) : sizeof(sa.sa6); struct icmp_ping_flow *pingf, **id_map; + union flow *flow; uint16_t id, seq; + uint8_t proto; size_t plen; void *pkt; @@ -249,6 +272,7 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, int af, if (ih->type != ICMP_ECHO) return 1; + proto = IPPROTO_ICMP; id = ntohs(ih->un.echo.id); id_map = &icmp_id_map[V4][id]; seq = ntohs(ih->un.echo.sequence); @@ -262,6 +286,7 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, int af, if (ih->icmp6_type != ICMPV6_ECHO_REQUEST) return 1; + proto = IPPROTO_ICMPV6; id = ntohs(ih->icmp6_identifier); id_map = &icmp_id_map[V6][id]; seq = ntohs(ih->icmp6_sequence); @@ -271,10 +296,15 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, int af, ASSERT(0); } - if (!(pingf = *id_map)) - if (!(pingf = icmp_ping_new(c, id_map, af, id))) - return 1; + flow = flow_at_sidx(flow_hash_lookup(c, proto, PIF_TAP, + af, saddr, daddr, id, id)); + + if (flow) + pingf = &flow->ping; + else if (!(pingf = icmp_ping_new(c, id_map, af, id, saddr, daddr))) + return 1; + ASSERT(flow_proto[pingf->f.type] == proto); pingf->ts = now->tv_sec; if (sendto(pingf->sock, pkt, plen, MSG_NOSIGNAL, &sa.sa, sl) < 0) { diff --git a/tap.c b/tap.c index 2ceda8d..31909c3 100644 --- a/tap.c +++ b/tap.c @@ -89,17 +89,6 @@ int tap_send(const struct ctx *c, const void *data, size_t len) return write(c->fd_tap, (char *)data, len); } -/** - * tap_ip4_daddr() - Normal IPv4 destination address for inbound packets - * @c: Execution context - * - * Return: IPv4 address, network order - */ -struct in_addr tap_ip4_daddr(const struct ctx *c) -{ - return c->ip4.addr_seen; -} - /** * tap_ip6_daddr() - Normal IPv6 destination address for inbound packets * @c: Execution context diff --git a/tap.h b/tap.h index 466d914..7a8619d 100644 --- a/tap.h +++ b/tap.h @@ -57,7 +57,6 @@ static inline size_t tap_iov_len(const struct ctx *c, struct tap_hdr *taph, return plen + tap_hdr_len_(c); } -struct in_addr tap_ip4_daddr(const struct ctx *c); void tap_udp4_send(const struct ctx *c, struct in_addr src, in_port_t sport, struct in_addr dst, in_port_t dport, const void *in, size_t len); -- 2.43.0