mirrors/passt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

icmp: Don't discard first reply sequence for a given echo ID

Browse source 
In pasta mode, ICMP and ICMPv6 echo sockets relay back to us any
reply we send: we're on the same host as the target, after all. We
discard them by comparing the last sequence we sent with the sequence
we receive.

However, on the first reply for a given identifier, the sequence
might be zero, depending on the implementation of ping(8): we need
another value to indicate we haven't sent any sequence number, yet.

Use -1 as initialiser in the echo identifier map.

This is visible with Busybox's ping, and was reported by Paul on the
integration at https://github.com/containers/podman/pull/16141, with:

  $ podman run --net=pasta alpine ping -c 2 192.168.188.1

...where only the second reply would be routed back.

Reported-by: Paul Holzinger <pholzing@redhat.com>
Fixes: 33482d5bf2 ("passt: Add PASTA mode, major rework")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
Stefano Brivio 2022-10-26 17:55:53 +02:00
parent b062ee47d1
commit f212044940
3 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
icmp.c
View file

@ -44,12 +44,12 @@
/** /**
* struct icmp_id_sock - Tracking information for single ICMP echo identifier * struct icmp_id_sock - Tracking information for single ICMP echo identifier
* @sock: Bound socket for identifier * @sock: Bound socket for identifier
* @seq: Last sequence number sent to tap, host order * @seq: Last sequence number sent to tap, host order, -1: not sent yet
* @ts: Last associated activity from tap, seconds * @ts: Last associated activity from tap, seconds
*/ */
struct icmp_id_sock { struct icmp_id_sock {
int sock; int sock;
uint16_t seq; int seq;
time_t ts; time_t ts;
}; };
@ -273,6 +273,7 @@ static void icmp_timer_one(const struct ctx *c, int v6, uint16_t id,
epoll_ctl(c->epollfd, EPOLL_CTL_DEL, id_map->sock, NULL); epoll_ctl(c->epollfd, EPOLL_CTL_DEL, id_map->sock, NULL);
close(id_map->sock); close(id_map->sock);
id_map->sock = 0; id_map->sock = 0;
id_map->seq = -1;
} }
/** /**
@ -301,3 +302,14 @@ v6:
goto v6; goto v6;
} }
} }
/**
* icmp_init() - Initialise sequences in ID map to -1 (no sequence sent yet)
*/
void icmp_init(void)
{
unsigned i;
for (i = 0; i < ICMP_NUM_IDS; i++)
icmp_id_map[V4][i].seq = icmp_id_map[V6][i].seq = -1;
}

1
icmp.h
View file

@ -15,6 +15,7 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref,
int icmp_tap_handler(const struct ctx *c, int af, const void *addr, int icmp_tap_handler(const struct ctx *c, int af, const void *addr,
const struct pool *p, const struct timespec *now); const struct pool *p, const struct timespec *now);
void icmp_timer(const struct ctx *c, const struct timespec *ts); void icmp_timer(const struct ctx *c, const struct timespec *ts);
void icmp_init(void);
/** /**
* union icmp_epoll_ref - epoll reference portion for ICMP tracking * union icmp_epoll_ref - epoll reference portion for ICMP tracking

3
passt.c
View file

@ -256,6 +256,9 @@ int main(int argc, char **argv)
if ((!c.no_udp && udp_init(&c)) || (!c.no_tcp && tcp_init(&c))) if ((!c.no_udp && udp_init(&c)) || (!c.no_tcp && tcp_init(&c)))
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
if (!c.no_icmp)
icmp_init();
proto_update_l2_buf(c.mac_guest, c.mac, &c.ip4.addr); proto_update_l2_buf(c.mac_guest, c.mac, &c.ip4.addr);
if (c.ifi4 && !c.no_dhcp) if (c.ifi4 && !c.no_dhcp)