9663378d6d
If we can't bind() ping sockets, the echo identifier sent out from the socket won't be the original one seen from the tap. Binding a ping socket doesn't require any security capability, but it might still fail due to a broken SELinux policy, see for example: https://bugzilla.redhat.com/show_bug.cgi?id=1848929 Track the ICMP echo identifier as part of the epoll reference for the socket and replace it in the reply on mismatch. We won't send out the original identifier as sent from the guest, but still better than missing replies. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
36 lines
861 B
C
36 lines
861 B
C
#ifndef ICMP_H
|
|
#define ICMP_H
|
|
|
|
#define ICMP_TIMER_INTERVAL 1000 /* ms */
|
|
|
|
struct ctx;
|
|
|
|
void icmp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
|
|
struct timespec *now);
|
|
int icmp_tap_handler(struct ctx *c, int af, void *addr,
|
|
struct tap_msg *msg, int count, struct timespec *now);
|
|
void icmp_timer(struct ctx *c, struct timespec *ts);
|
|
|
|
/**
|
|
* union icmp_epoll_ref - epoll reference portion for ICMP tracking
|
|
* @v6: Set for IPv6 sockets or connections
|
|
* @u32: Opaque u32 value of reference
|
|
* @id: Associated echo identifier, needed if bind() fails
|
|
*/
|
|
union icmp_epoll_ref {
|
|
struct {
|
|
uint32_t v6:1,
|
|
id:16;
|
|
};
|
|
uint32_t u32;
|
|
};
|
|
|
|
/**
|
|
* struct icmp_ctx - Execution context for ICMP routines
|
|
* @timer_run: Timestamp of most recent timer run
|
|
*/
|
|
struct icmp_ctx {
|
|
struct timespec timer_run;
|
|
};
|
|
|
|
#endif /* ICMP_H */
|