icmp: Implement lazy bind for ping sockets

It turns out that binding ICMP/ICMPv6 echo sockets takes a long
time. Instead of binding all of them (one for each possible echo
identification number, that is, 2^17) at start-up, bind them as
ICMP/ICMPv6 packets are sent by the guest.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2021-05-21 11:14:53 +02:00
parent 5fd6db7751
commit 9311ceb8b6
2 changed files with 13 additions and 3 deletions

12
icmp.c
View file

@ -105,7 +105,8 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
struct icmphdr *ih = (struct icmphdr *)msg[0].l4h; struct icmphdr *ih = (struct icmphdr *)msg[0].l4h;
struct sockaddr_in sa = { struct sockaddr_in sa = {
.sin_family = AF_INET, .sin_family = AF_INET,
.sin_addr = *(struct in_addr *)addr, .sin_addr = { .s_addr = INADDR_ANY },
.sin_port = ih->un.echo.id,
}; };
if (msg[0].l4_len < sizeof(*ih) || ih->type != ICMP_ECHO) if (msg[0].l4_len < sizeof(*ih) || ih->type != ICMP_ECHO)
@ -114,6 +115,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
if ((s = icmp_s_v4[ntohs(ih->un.echo.id)]) < 0) if ((s = icmp_s_v4[ntohs(ih->un.echo.id)]) < 0)
return 1; return 1;
bind(s, (struct sockaddr *)&sa, sizeof(sa));
sa.sin_addr = *(struct in_addr *)addr;
sendto(s, msg[0].l4h, msg[0].l4_len, sendto(s, msg[0].l4h, msg[0].l4_len,
MSG_DONTWAIT | MSG_NOSIGNAL, MSG_DONTWAIT | MSG_NOSIGNAL,
(struct sockaddr *)&sa, sizeof(sa)); (struct sockaddr *)&sa, sizeof(sa));
@ -121,7 +125,8 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
struct icmp6hdr *ih = (struct icmp6hdr *)msg[0].l4h; struct icmp6hdr *ih = (struct icmp6hdr *)msg[0].l4h;
struct sockaddr_in6 sa = { struct sockaddr_in6 sa = {
.sin6_family = AF_INET6, .sin6_family = AF_INET6,
.sin6_addr = *(struct in6_addr *)addr, .sin6_addr = IN6ADDR_ANY_INIT,
.sin6_port = ih->icmp6_identifier,
}; };
if (msg[0].l4_len < sizeof(*ih) || if (msg[0].l4_len < sizeof(*ih) ||
@ -131,6 +136,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
if ((s = icmp_s_v6[ntohs(ih->icmp6_identifier)]) < 0) if ((s = icmp_s_v6[ntohs(ih->icmp6_identifier)]) < 0)
return 1; return 1;
bind(s, (struct sockaddr *)&sa, sizeof(sa));
sa.sin6_addr = *(struct in6_addr *)addr;
sendto(s, msg[0].l4h, msg[0].l4_len, sendto(s, msg[0].l4h, msg[0].l4_len,
MSG_DONTWAIT | MSG_NOSIGNAL, MSG_DONTWAIT | MSG_NOSIGNAL,
(struct sockaddr *)&sa, sizeof(sa)); (struct sockaddr *)&sa, sizeof(sa));

4
util.c
View file

@ -17,7 +17,6 @@
#include <arpa/inet.h> #include <arpa/inet.h>
#include <net/ethernet.h> #include <net/ethernet.h>
#include <net/if.h> #include <net/if.h>
#include <netinet/ip.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
#include <netinet/udp.h> #include <netinet/udp.h>
#include <sys/epoll.h> #include <sys/epoll.h>
@ -207,6 +206,9 @@ int sock_l4(struct ctx *c, int af, uint16_t proto, uint16_t port)
if (proto == IPPROTO_UDP && PORT_IS_EPHEMERAL(port)) if (proto == IPPROTO_UDP && PORT_IS_EPHEMERAL(port))
goto epoll_add; goto epoll_add;
if (proto == IPPROTO_ICMP || proto == IPPROTO_ICMPV6)
goto epoll_add;
if (bind(fd, sa, sl) < 0) { if (bind(fd, sa, sl) < 0) {
/* We'll fail to bind to low ports if we don't have enough /* We'll fail to bind to low ports if we don't have enough
* capabilities, and we'll fail to bind on already bound ports, * capabilities, and we'll fail to bind on already bound ports,