57a21d2df1
Because the Unix socket to qemu is a stream socket, we have no guarantee of where the boundaries between recv() calls will lie. Typically they will lie on frame boundaries, because that's how qemu will send then, but we can't rely on it. Currently we handle this case by detecting when we have received a partial frame and performing a blocking recv() to get the remainder, and only then processing the frames. Change it so instead we save the partial frame persistently and include it as the first thing processed next time we receive data from the socket. This handles a number of (unlikely) cases which previously would not be dealt with correctly: * If qemu sent a partial frame then waited some time before sending the remainder, previously we could block here for an unacceptably long time * If qemu sent a tiny partial frame (< 4 bytes) we'd leave the loop without doing the partial frame handling, which would put us out of sync with the stream from qemu * If a the blocking recv() only received some of the remainder of the frame, not all of it, we'd return leaving us out of sync with the stream again Caveat: This could memmove() a moderate amount of data (ETH_MAX_MTU). This is probably acceptable because it's an unlikely case in practice. If necessary we could mitigate this by using a true ring buffer. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
264 lines
7.6 KiB
C
264 lines
7.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0-or-later
|
|
* Copyright (c) 2021 Red Hat GmbH
|
|
* Author: Stefano Brivio <sbrivio@redhat.com>
|
|
*/
|
|
|
|
#ifndef PASST_H
|
|
#define PASST_H
|
|
|
|
#define UNIX_SOCK_MAX 100
|
|
#define UNIX_SOCK_PATH "/tmp/passt_%i.socket"
|
|
|
|
union epoll_ref;
|
|
|
|
#include <stdbool.h>
|
|
#include <assert.h>
|
|
#include <sys/epoll.h>
|
|
|
|
#include "pif.h"
|
|
#include "packet.h"
|
|
#include "siphash.h"
|
|
#include "ip.h"
|
|
#include "inany.h"
|
|
#include "flow.h"
|
|
#include "icmp.h"
|
|
#include "fwd.h"
|
|
#include "tcp.h"
|
|
#include "udp.h"
|
|
|
|
/**
|
|
* union epoll_ref - Breakdown of reference for epoll fd bookkeeping
|
|
* @type: Type of fd (tells us what to do with events)
|
|
* @fd: File descriptor number (implies < 2^24 total descriptors)
|
|
* @flow: Index of the flow this fd is linked to
|
|
* @tcp_listen: TCP-specific reference part for listening sockets
|
|
* @udp: UDP-specific reference part
|
|
* @icmp: ICMP-specific reference part
|
|
* @data: Data handled by protocol handlers
|
|
* @nsdir_fd: netns dirfd for fallback timer checking if namespace is gone
|
|
* @u64: Opaque reference for epoll_ctl() and epoll_wait()
|
|
*/
|
|
union epoll_ref {
|
|
struct {
|
|
enum epoll_type type:8;
|
|
#define FD_REF_BITS 24
|
|
#define FD_REF_MAX ((int)MAX_FROM_BITS(FD_REF_BITS))
|
|
int32_t fd:FD_REF_BITS;
|
|
union {
|
|
uint32_t flow;
|
|
flow_sidx_t flowside;
|
|
union tcp_listen_epoll_ref tcp_listen;
|
|
union udp_listen_epoll_ref udp;
|
|
uint32_t data;
|
|
int nsdir_fd;
|
|
};
|
|
};
|
|
uint64_t u64;
|
|
};
|
|
static_assert(sizeof(union epoll_ref) <= sizeof(union epoll_data),
|
|
"epoll_ref must have same size as epoll_data");
|
|
|
|
#define TAP_BUF_BYTES \
|
|
ROUND_DOWN(((ETH_MAX_MTU + sizeof(uint32_t)) * 128), PAGE_SIZE)
|
|
#define TAP_MSGS \
|
|
DIV_ROUND_UP(TAP_BUF_BYTES, ETH_ZLEN - 2 * ETH_ALEN + sizeof(uint32_t))
|
|
|
|
#define PKT_BUF_BYTES MAX(TAP_BUF_BYTES, 0)
|
|
extern char pkt_buf [PKT_BUF_BYTES];
|
|
|
|
extern char *epoll_type_str[];
|
|
#define EPOLL_TYPE_STR(n) \
|
|
(((uint8_t)(n) < EPOLL_NUM_TYPES && epoll_type_str[(n)]) ? \
|
|
epoll_type_str[(n)] : "?")
|
|
|
|
#include <resolv.h> /* For MAXNS below */
|
|
|
|
/**
|
|
* struct fqdn - Representation of fully-qualified domain name
|
|
* @n: Domain name string
|
|
*/
|
|
struct fqdn {
|
|
char n[NS_MAXDNAME];
|
|
};
|
|
|
|
#include <net/if.h>
|
|
#include <linux/un.h>
|
|
|
|
enum passt_modes {
|
|
MODE_PASST,
|
|
MODE_PASTA,
|
|
};
|
|
|
|
/**
|
|
* struct ip4_ctx - IPv4 execution context
|
|
* @addr: IPv4 address for external, routable interface
|
|
* @addr_seen: Latest IPv4 address seen as source from tap
|
|
* @prefixlen: IPv4 prefix length (netmask)
|
|
* @gw: Default IPv4 gateway
|
|
* @dns: DNS addresses for DHCP, zero-terminated
|
|
* @dns_match: Forward DNS query if sent to this address
|
|
* @dns_host: Use this DNS on the host for forwarding
|
|
* @addr_out: Optional source address for outbound traffic
|
|
* @ifname_out: Optional interface name to bind outbound sockets to
|
|
*/
|
|
struct ip4_ctx {
|
|
struct in_addr addr;
|
|
struct in_addr addr_seen;
|
|
int prefix_len;
|
|
struct in_addr gw;
|
|
struct in_addr dns[MAXNS + 1];
|
|
struct in_addr dns_match;
|
|
struct in_addr dns_host;
|
|
|
|
struct in_addr addr_out;
|
|
char ifname_out[IFNAMSIZ];
|
|
};
|
|
|
|
/**
|
|
* struct ip6_ctx - IPv6 execution context
|
|
* @addr: IPv6 address for external, routable interface
|
|
* @addr_ll: Link-local IPv6 address on external, routable interface
|
|
* @addr_seen: Latest IPv6 global/site address seen as source from tap
|
|
* @addr_ll_seen: Latest IPv6 link-local address seen as source from tap
|
|
* @gw: Default IPv6 gateway
|
|
* @dns: DNS addresses for DHCPv6 and NDP, zero-terminated
|
|
* @dns_match: Forward DNS query if sent to this address
|
|
* @dns_host: Use this DNS on the host for forwarding
|
|
* @addr_out: Optional source address for outbound traffic
|
|
* @ifname_out: Optional interface name to bind outbound sockets to
|
|
*/
|
|
struct ip6_ctx {
|
|
struct in6_addr addr;
|
|
struct in6_addr addr_ll;
|
|
struct in6_addr addr_seen;
|
|
struct in6_addr addr_ll_seen;
|
|
struct in6_addr gw;
|
|
struct in6_addr dns[MAXNS + 1];
|
|
struct in6_addr dns_match;
|
|
struct in6_addr dns_host;
|
|
|
|
struct in6_addr addr_out;
|
|
char ifname_out[IFNAMSIZ];
|
|
};
|
|
|
|
#include <netinet/if_ether.h>
|
|
|
|
/**
|
|
* struct ctx - Execution context
|
|
* @mode: Operation mode, qemu/UNIX domain socket or namespace/tap
|
|
* @debug: Enable debug mode
|
|
* @trace: Enable tracing (extra debug) mode
|
|
* @quiet: Don't print informational messages
|
|
* @foreground: Run in foreground, don't log to stderr by default
|
|
* @nofile: Maximum number of open files (ulimit -n)
|
|
* @sock_path: Path for UNIX domain socket
|
|
* @pcap: Path for packet capture file
|
|
* @pidfile: Path to PID file, empty string if not configured
|
|
* @pidfile_fd: File descriptor for PID file, -1 if none
|
|
* @pasta_netns_fd: File descriptor for network namespace in pasta mode
|
|
* @no_netns_quit: In pasta mode, don't exit if fs-bound namespace is gone
|
|
* @netns_base: Base name for fs-bound namespace, if any, in pasta mode
|
|
* @netns_dir: Directory of fs-bound namespace, if any, in pasta mode
|
|
* @epollfd: File descriptor for epoll instance
|
|
* @fd_tap_listen: File descriptor for listening AF_UNIX socket, if any
|
|
* @fd_tap: AF_UNIX socket, tuntap device, or pre-opened socket
|
|
* @mac: Host MAC address
|
|
* @mac_guest: MAC address of guest or namespace, seen or configured
|
|
* @hash_secret: 128-bit secret for siphash functions
|
|
* @ifi4: Index of template interface for IPv4, 0 if IPv4 disabled
|
|
* @ip: IPv4 configuration
|
|
* @dns_search: DNS search list
|
|
* @ifi6: Index of template interface for IPv6, 0 if IPv6 disabled
|
|
* @ip6: IPv6 configuration
|
|
* @pasta_ifn: Name of namespace interface for pasta
|
|
* @pasta_ifi: Index of namespace interface for pasta
|
|
* @pasta_conf_ns: Configure namespace after creating it
|
|
* @no_copy_routes: Don't copy all routes when configuring target namespace
|
|
* @no_copy_addrs: Don't copy all addresses when configuring namespace
|
|
* @no_tcp: Disable TCP operation
|
|
* @tcp: Context for TCP protocol handler
|
|
* @no_tcp: Disable UDP operation
|
|
* @udp: Context for UDP protocol handler
|
|
* @no_icmp: Disable ICMP operation
|
|
* @icmp: Context for ICMP protocol handler
|
|
* @mtu: MTU passed via DHCP/NDP
|
|
* @no_dns: Do not source/use DNS servers for any purpose
|
|
* @no_dns_search: Do not source/use domain search lists for any purpose
|
|
* @no_dhcp_dns: Do not assign any DNS server via DHCP/DHCPv6/NDP
|
|
* @no_dhcp_dns_search: Do not assign any DNS domain search via DHCP/DHCPv6/NDP
|
|
* @no_dhcp: Disable DHCP server
|
|
* @no_dhcpv6: Disable DHCPv6 server
|
|
* @no_ndp: Disable NDP handler altogether
|
|
* @no_ra: Disable router advertisements
|
|
* @no_map_gw: Don't map connections, untracked UDP to gateway to host
|
|
* @low_wmem: Low probed net.core.wmem_max
|
|
* @low_rmem: Low probed net.core.rmem_max
|
|
*/
|
|
struct ctx {
|
|
enum passt_modes mode;
|
|
int debug;
|
|
int trace;
|
|
int quiet;
|
|
int foreground;
|
|
int nofile;
|
|
char sock_path[UNIX_PATH_MAX];
|
|
char pcap[PATH_MAX];
|
|
|
|
char pidfile[PATH_MAX];
|
|
int pidfile_fd;
|
|
|
|
int one_off;
|
|
|
|
int pasta_netns_fd;
|
|
|
|
int no_netns_quit;
|
|
char netns_base[PATH_MAX];
|
|
char netns_dir[PATH_MAX];
|
|
|
|
int epollfd;
|
|
int fd_tap_listen;
|
|
int fd_tap;
|
|
unsigned char mac[ETH_ALEN];
|
|
unsigned char mac_guest[ETH_ALEN];
|
|
uint64_t hash_secret[2];
|
|
|
|
unsigned int ifi4;
|
|
struct ip4_ctx ip4;
|
|
|
|
struct fqdn dns_search[MAXDNSRCH];
|
|
|
|
unsigned int ifi6;
|
|
struct ip6_ctx ip6;
|
|
|
|
char pasta_ifn[IF_NAMESIZE];
|
|
unsigned int pasta_ifi;
|
|
int pasta_conf_ns;
|
|
int no_copy_routes;
|
|
int no_copy_addrs;
|
|
|
|
int no_tcp;
|
|
struct tcp_ctx tcp;
|
|
int no_udp;
|
|
struct udp_ctx udp;
|
|
int no_icmp;
|
|
struct icmp_ctx icmp;
|
|
|
|
int mtu;
|
|
int no_dns;
|
|
int no_dns_search;
|
|
int no_dhcp_dns;
|
|
int no_dhcp_dns_search;
|
|
int no_dhcp;
|
|
int no_dhcpv6;
|
|
int no_ndp;
|
|
int no_ra;
|
|
int no_map_gw;
|
|
|
|
int low_wmem;
|
|
int low_rmem;
|
|
};
|
|
|
|
void proto_update_l2_buf(const unsigned char *eth_d,
|
|
const unsigned char *eth_s);
|
|
|
|
#endif /* PASST_H */
|