flow: Common address information for initiating side
Handling of each protocol needs some degree of tracking of the addresses and ports at the end of each connection or flow. Sometimes that's explicit (as in the guest visible addresses for TCP connections), sometimes implicit (the bound and connected addresses of sockets). To allow more consistent handling across protocols we want to uniformly track the address and port at each end of the connection. Furthermore, because we allow port remapping, and we sometimes need to apply NAT, the addresses and ports can be different as seen by the guest/namespace and as by the host. Introduce 'struct flowside' to keep track of address and port information related to one side of a flow. Store two of these in the common fields of a flow to track that information for both sides. For now we only populate the initiating side, requiring that information be completed when a flows enter INI. Later patches will populate the target side. For now this leaves some information redundantly recorded in both generic and type specific fields. We'll fix that in later patches. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
ba74b1fea1
commit
8012f5ff55
6 changed files with 127 additions and 11 deletions
96
flow.c
96
flow.c
|
@ -108,6 +108,31 @@ static const union flow *flow_new_entry; /* = NULL */
|
||||||
/* Last time the flow timers ran */
|
/* Last time the flow timers ran */
|
||||||
static struct timespec flow_timer_run;
|
static struct timespec flow_timer_run;
|
||||||
|
|
||||||
|
/** flowside_from_af() - Initialise flowside from addresses
|
||||||
|
* @side: flowside to initialise
|
||||||
|
* @af: Address family (AF_INET or AF_INET6)
|
||||||
|
* @eaddr: Endpoint address (pointer to in_addr or in6_addr)
|
||||||
|
* @eport: Endpoint port
|
||||||
|
* @faddr: Forwarding address (pointer to in_addr or in6_addr)
|
||||||
|
* @fport: Forwarding port
|
||||||
|
*/
|
||||||
|
static void flowside_from_af(struct flowside *side, sa_family_t af,
|
||||||
|
const void *eaddr, in_port_t eport,
|
||||||
|
const void *faddr, in_port_t fport)
|
||||||
|
{
|
||||||
|
if (faddr)
|
||||||
|
inany_from_af(&side->faddr, af, faddr);
|
||||||
|
else
|
||||||
|
side->faddr = inany_any6;
|
||||||
|
side->fport = fport;
|
||||||
|
|
||||||
|
if (eaddr)
|
||||||
|
inany_from_af(&side->eaddr, af, eaddr);
|
||||||
|
else
|
||||||
|
side->eaddr = inany_any6;
|
||||||
|
side->eport = eport;
|
||||||
|
}
|
||||||
|
|
||||||
/** flow_log_ - Log flow-related message
|
/** flow_log_ - Log flow-related message
|
||||||
* @f: flow the message is related to
|
* @f: flow the message is related to
|
||||||
* @pri: Log priority
|
* @pri: Log priority
|
||||||
|
@ -140,6 +165,8 @@ void flow_log_(const struct flow_common *f, int pri, const char *fmt, ...)
|
||||||
*/
|
*/
|
||||||
static void flow_set_state(struct flow_common *f, enum flow_state state)
|
static void flow_set_state(struct flow_common *f, enum flow_state state)
|
||||||
{
|
{
|
||||||
|
char estr[INANY_ADDRSTRLEN], fstr[INANY_ADDRSTRLEN];
|
||||||
|
const struct flowside *ini = &f->side[INISIDE];
|
||||||
uint8_t oldstate = f->state;
|
uint8_t oldstate = f->state;
|
||||||
|
|
||||||
ASSERT(state < FLOW_NUM_STATES);
|
ASSERT(state < FLOW_NUM_STATES);
|
||||||
|
@ -150,18 +177,28 @@ static void flow_set_state(struct flow_common *f, enum flow_state state)
|
||||||
FLOW_STATE(f));
|
FLOW_STATE(f));
|
||||||
|
|
||||||
if (MAX(state, oldstate) >= FLOW_STATE_TGT)
|
if (MAX(state, oldstate) >= FLOW_STATE_TGT)
|
||||||
flow_log_(f, LOG_DEBUG, "%s => %s", pif_name(f->pif[INISIDE]),
|
flow_log_(f, LOG_DEBUG, "%s [%s]:%hu -> [%s]:%hu => %s",
|
||||||
pif_name(f->pif[TGTSIDE]));
|
pif_name(f->pif[INISIDE]),
|
||||||
|
inany_ntop(&ini->eaddr, estr, sizeof(estr)),
|
||||||
|
ini->eport,
|
||||||
|
inany_ntop(&ini->faddr, fstr, sizeof(fstr)),
|
||||||
|
ini->fport,
|
||||||
|
pif_name(f->pif[TGTSIDE]));
|
||||||
else if (MAX(state, oldstate) >= FLOW_STATE_INI)
|
else if (MAX(state, oldstate) >= FLOW_STATE_INI)
|
||||||
flow_log_(f, LOG_DEBUG, "%s => ?", pif_name(f->pif[INISIDE]));
|
flow_log_(f, LOG_DEBUG, "%s [%s]:%hu -> [%s]:%hu => ?",
|
||||||
|
pif_name(f->pif[INISIDE]),
|
||||||
|
inany_ntop(&ini->eaddr, estr, sizeof(estr)),
|
||||||
|
ini->eport,
|
||||||
|
inany_ntop(&ini->faddr, fstr, sizeof(fstr)),
|
||||||
|
ini->fport);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* flow_initiate() - Move flow to INI, setting INISIDE details
|
* flow_initiate_() - Move flow to INI, setting pif[INISIDE]
|
||||||
* @flow: Flow to change state
|
* @flow: Flow to change state
|
||||||
* @pif: pif of the initiating side
|
* @pif: pif of the initiating side
|
||||||
*/
|
*/
|
||||||
void flow_initiate(union flow *flow, uint8_t pif)
|
static void flow_initiate_(union flow *flow, uint8_t pif)
|
||||||
{
|
{
|
||||||
struct flow_common *f = &flow->f;
|
struct flow_common *f = &flow->f;
|
||||||
|
|
||||||
|
@ -174,6 +211,55 @@ void flow_initiate(union flow *flow, uint8_t pif)
|
||||||
flow_set_state(f, FLOW_STATE_INI);
|
flow_set_state(f, FLOW_STATE_INI);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* flow_initiate_af() - Move flow to INI, setting INISIDE details
|
||||||
|
* @flow: Flow to change state
|
||||||
|
* @pif: pif of the initiating side
|
||||||
|
* @af: Address family of @eaddr and @faddr
|
||||||
|
* @saddr: Source address (pointer to in_addr or in6_addr)
|
||||||
|
* @sport: Endpoint port
|
||||||
|
* @daddr: Destination address (pointer to in_addr or in6_addr)
|
||||||
|
* @dport: Destination port
|
||||||
|
*
|
||||||
|
* Return: pointer to the initiating flowside information
|
||||||
|
*/
|
||||||
|
const struct flowside *flow_initiate_af(union flow *flow, uint8_t pif,
|
||||||
|
sa_family_t af,
|
||||||
|
const void *saddr, in_port_t sport,
|
||||||
|
const void *daddr, in_port_t dport)
|
||||||
|
{
|
||||||
|
struct flowside *ini = &flow->f.side[INISIDE];
|
||||||
|
|
||||||
|
flowside_from_af(ini, af, saddr, sport, daddr, dport);
|
||||||
|
flow_initiate_(flow, pif);
|
||||||
|
return ini;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* flow_initiate_sa() - Move flow to INI, setting INISIDE details
|
||||||
|
* @flow: Flow to change state
|
||||||
|
* @pif: pif of the initiating side
|
||||||
|
* @ssa: Source socket address
|
||||||
|
* @dport: Destination port
|
||||||
|
*
|
||||||
|
* Return: pointer to the initiating flowside information
|
||||||
|
*/
|
||||||
|
const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif,
|
||||||
|
const union sockaddr_inany *ssa,
|
||||||
|
in_port_t dport)
|
||||||
|
{
|
||||||
|
struct flowside *ini = &flow->f.side[INISIDE];
|
||||||
|
|
||||||
|
inany_from_sockaddr(&ini->eaddr, &ini->eport, ssa);
|
||||||
|
if (inany_v4(&ini->eaddr))
|
||||||
|
ini->faddr = inany_any4;
|
||||||
|
else
|
||||||
|
ini->faddr = inany_any6;
|
||||||
|
ini->fport = dport;
|
||||||
|
flow_initiate_(flow, pif);
|
||||||
|
return ini;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* flow_target() - Move flow to TGT, setting TGTSIDE details
|
* flow_target() - Move flow to TGT, setting TGTSIDE details
|
||||||
* @flow: Flow to change state
|
* @flow: Flow to change state
|
||||||
|
|
16
flow.h
16
flow.h
|
@ -135,11 +135,26 @@ extern const uint8_t flow_proto[];
|
||||||
#define INISIDE 0 /* Initiating side index */
|
#define INISIDE 0 /* Initiating side index */
|
||||||
#define TGTSIDE 1 /* Target side index */
|
#define TGTSIDE 1 /* Target side index */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* struct flowside - Address information for one side of a flow
|
||||||
|
* @eaddr: Endpoint address (remote address from passt's PoV)
|
||||||
|
* @faddr: Forwarding address (local address from passt's PoV)
|
||||||
|
* @eport: Endpoint port
|
||||||
|
* @fport: Forwarding port
|
||||||
|
*/
|
||||||
|
struct flowside {
|
||||||
|
union inany_addr faddr;
|
||||||
|
union inany_addr eaddr;
|
||||||
|
in_port_t fport;
|
||||||
|
in_port_t eport;
|
||||||
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* struct flow_common - Common fields for packet flows
|
* struct flow_common - Common fields for packet flows
|
||||||
* @state: State of the flow table entry
|
* @state: State of the flow table entry
|
||||||
* @type: Type of packet flow
|
* @type: Type of packet flow
|
||||||
* @pif[]: Interface for each side of the flow
|
* @pif[]: Interface for each side of the flow
|
||||||
|
* @side[]: Information for each side of the flow
|
||||||
*/
|
*/
|
||||||
struct flow_common {
|
struct flow_common {
|
||||||
#ifdef __GNUC__
|
#ifdef __GNUC__
|
||||||
|
@ -154,6 +169,7 @@ struct flow_common {
|
||||||
"Not enough bits for type field");
|
"Not enough bits for type field");
|
||||||
#endif
|
#endif
|
||||||
uint8_t pif[SIDES];
|
uint8_t pif[SIDES];
|
||||||
|
struct flowside side[SIDES];
|
||||||
};
|
};
|
||||||
|
|
||||||
#define FLOW_INDEX_BITS 17 /* 128k - 1 */
|
#define FLOW_INDEX_BITS 17 /* 128k - 1 */
|
||||||
|
|
|
@ -127,7 +127,13 @@ static inline flow_sidx_t flow_sidx(const struct flow_common *f,
|
||||||
union flow *flow_alloc(void);
|
union flow *flow_alloc(void);
|
||||||
void flow_alloc_cancel(union flow *flow);
|
void flow_alloc_cancel(union flow *flow);
|
||||||
|
|
||||||
void flow_initiate(union flow *flow, uint8_t pif);
|
const struct flowside *flow_initiate_af(union flow *flow, uint8_t pif,
|
||||||
|
sa_family_t af,
|
||||||
|
const void *saddr, in_port_t sport,
|
||||||
|
const void *daddr, in_port_t dport);
|
||||||
|
const struct flowside *flow_initiate_sa(union flow *flow, uint8_t pif,
|
||||||
|
const union sockaddr_inany *ssa,
|
||||||
|
in_port_t dport);
|
||||||
void flow_target(union flow *flow, uint8_t pif);
|
void flow_target(union flow *flow, uint8_t pif);
|
||||||
|
|
||||||
union flow *flow_set_type(union flow *flow, enum flow_type type);
|
union flow *flow_set_type(union flow *flow, enum flow_type type);
|
||||||
|
|
9
icmp.c
9
icmp.c
|
@ -162,12 +162,15 @@ static void icmp_ping_close(const struct ctx *c,
|
||||||
* @id_sock: Pointer to ping flow entry slot in icmp_id_map[] to update
|
* @id_sock: Pointer to ping flow entry slot in icmp_id_map[] to update
|
||||||
* @af: Address family, AF_INET or AF_INET6
|
* @af: Address family, AF_INET or AF_INET6
|
||||||
* @id: ICMP id for the new socket
|
* @id: ICMP id for the new socket
|
||||||
|
* @saddr: Source address
|
||||||
|
* @daddr: Destination address
|
||||||
*
|
*
|
||||||
* Return: Newly opened ping flow, or NULL on failure
|
* Return: Newly opened ping flow, or NULL on failure
|
||||||
*/
|
*/
|
||||||
static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
|
static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
|
||||||
struct icmp_ping_flow **id_sock,
|
struct icmp_ping_flow **id_sock,
|
||||||
sa_family_t af, uint16_t id)
|
sa_family_t af, uint16_t id,
|
||||||
|
const void *saddr, const void *daddr)
|
||||||
{
|
{
|
||||||
uint8_t flowtype = af == AF_INET ? FLOW_PING4 : FLOW_PING6;
|
uint8_t flowtype = af == AF_INET ? FLOW_PING4 : FLOW_PING6;
|
||||||
union epoll_ref ref = { .type = EPOLL_TYPE_PING };
|
union epoll_ref ref = { .type = EPOLL_TYPE_PING };
|
||||||
|
@ -179,7 +182,7 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
|
||||||
if (!flow)
|
if (!flow)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
flow_initiate(flow, PIF_TAP);
|
flow_initiate_af(flow, PIF_TAP, af, saddr, id, daddr, id);
|
||||||
flow_target(flow, PIF_HOST);
|
flow_target(flow, PIF_HOST);
|
||||||
pingf = FLOW_SET_TYPE(flow, flowtype, ping);
|
pingf = FLOW_SET_TYPE(flow, flowtype, ping);
|
||||||
|
|
||||||
|
@ -285,7 +288,7 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(pingf = *id_sock))
|
if (!(pingf = *id_sock))
|
||||||
if (!(pingf = icmp_ping_new(c, id_sock, af, id)))
|
if (!(pingf = icmp_ping_new(c, id_sock, af, id, saddr, daddr)))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
pingf->ts = now->tv_sec;
|
pingf->ts = now->tv_sec;
|
||||||
|
|
3
passt.h
3
passt.h
|
@ -17,6 +17,9 @@ union epoll_ref;
|
||||||
|
|
||||||
#include "pif.h"
|
#include "pif.h"
|
||||||
#include "packet.h"
|
#include "packet.h"
|
||||||
|
#include "siphash.h"
|
||||||
|
#include "ip.h"
|
||||||
|
#include "inany.h"
|
||||||
#include "flow.h"
|
#include "flow.h"
|
||||||
#include "icmp.h"
|
#include "icmp.h"
|
||||||
#include "fwd.h"
|
#include "fwd.h"
|
||||||
|
|
6
tcp.c
6
tcp.c
|
@ -1666,7 +1666,7 @@ static void tcp_conn_from_tap(struct ctx *c, sa_family_t af,
|
||||||
if (!(flow = flow_alloc()))
|
if (!(flow = flow_alloc()))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
flow_initiate(flow, PIF_TAP);
|
flow_initiate_af(flow, PIF_TAP, af, saddr, srcport, daddr, dstport);
|
||||||
|
|
||||||
flow_target(flow, PIF_HOST);
|
flow_target(flow, PIF_HOST);
|
||||||
conn = FLOW_SET_TYPE(flow, FLOW_TCP, tcp);
|
conn = FLOW_SET_TYPE(flow, FLOW_TCP, tcp);
|
||||||
|
@ -2351,7 +2351,9 @@ void tcp_listen_handler(struct ctx *c, union epoll_ref ref,
|
||||||
if (s < 0)
|
if (s < 0)
|
||||||
goto cancel;
|
goto cancel;
|
||||||
|
|
||||||
flow_initiate(flow, ref.tcp_listen.pif);
|
/* FIXME: When listening port has a specific bound address, record that
|
||||||
|
* as the forwarding address */
|
||||||
|
flow_initiate_sa(flow, ref.tcp_listen.pif, &sa, ref.tcp_listen.port);
|
||||||
|
|
||||||
if (sa.sa_family == AF_INET) {
|
if (sa.sa_family == AF_INET) {
|
||||||
const struct in_addr *addr = &sa.sa4.sin_addr;
|
const struct in_addr *addr = &sa.sa4.sin_addr;
|
||||||
|
|
Loading…
Reference in a new issue