aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2024-02-28 22:25:06 +1100
committerStefano Brivio <sbrivio@redhat.com>2024-02-29 09:47:40 +0100
commitbb9bf0bb8f576186b62af5c8506741a7bc545f3e (patch)
tree04923414d47b46304b2d2cbad15b20639bfdd463
parente196eada6f51a8e36156a71dbccd746cf89a47fa (diff)
downloadpasst-bb9bf0bb8f576186b62af5c8506741a7bc545f3e.tar
passt-bb9bf0bb8f576186b62af5c8506741a7bc545f3e.tar.gz
passt-bb9bf0bb8f576186b62af5c8506741a7bc545f3e.tar.bz2
passt-bb9bf0bb8f576186b62af5c8506741a7bc545f3e.tar.lz
passt-bb9bf0bb8f576186b62af5c8506741a7bc545f3e.tar.xz
passt-bb9bf0bb8f576186b62af5c8506741a7bc545f3e.tar.zst
passt-bb9bf0bb8f576186b62af5c8506741a7bc545f3e.zip
tcp, udp: Don't precompute port remappings in epoll references
The epoll references for both TCP listening sockets and UDP sockets includes a port number. This gives the destination port that traffic to that socket will be sent to on the other side. That will usually be the same as the socket's bound port, but might not if the -t, -u, -T or -U options are given with different original and forwarded port numbers. As we move towards a more flexible forwarding model for passt, it's going to become possible for that destination port to vary depending on more things (for example the source or destination address). So, it will no longer make sense to have a fixed value for a listening socket. Change to simpler semantics where this field in the reference gives the bound port of the socket. We apply the translations to the correct destination port later on, when we're actually forwarding. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r--tcp.c8
-rw-r--r--tcp.h2
-rw-r--r--tcp_splice.c2
-rw-r--r--udp.c14
4 files changed, 15 insertions, 11 deletions
diff --git a/tcp.c b/tcp.c
index 53502b1..e8f4da4 100644
--- a/tcp.c
+++ b/tcp.c
@@ -2699,7 +2699,7 @@ static void tcp_tap_conn_from_sock(struct ctx *c,
conn_event(c, conn, SOCK_ACCEPTED);
inany_from_sockaddr(&conn->faddr, &conn->fport, sa);
- conn->eport = ref.port;
+ conn->eport = ref.port + c->tcp.fwd_in.delta[ref.port];
tcp_snat_inbound(c, &conn->faddr);
@@ -2883,7 +2883,7 @@ static int tcp_sock_init_af(const struct ctx *c, sa_family_t af, in_port_t port,
const void *addr, const char *ifname)
{
union tcp_listen_epoll_ref tref = {
- .port = port + c->tcp.fwd_in.delta[port],
+ .port = port,
.pif = PIF_HOST,
};
int s;
@@ -2945,7 +2945,7 @@ int tcp_sock_init(const struct ctx *c, sa_family_t af, const void *addr,
static void tcp_ns_sock_init4(const struct ctx *c, in_port_t port)
{
union tcp_listen_epoll_ref tref = {
- .port = port + c->tcp.fwd_out.delta[port],
+ .port = port,
.pif = PIF_SPLICE,
};
int s;
@@ -2971,7 +2971,7 @@ static void tcp_ns_sock_init4(const struct ctx *c, in_port_t port)
static void tcp_ns_sock_init6(const struct ctx *c, in_port_t port)
{
union tcp_listen_epoll_ref tref = {
- .port = port + c->tcp.fwd_out.delta[port],
+ .port = port,
.pif = PIF_SPLICE,
};
int s;
diff --git a/tcp.h b/tcp.h
index 875006e..5e6756d 100644
--- a/tcp.h
+++ b/tcp.h
@@ -37,7 +37,7 @@ union tcp_epoll_ref {
/**
* union tcp_listen_epoll_ref - epoll reference portion for TCP listening
- * @port: Port number we're forwarding *to* (listening port plus delta)
+ * @port: Bound port number of the socket
* @pif: pif in which the socket is listening
* @u32: Opaque u32 value of reference
*/
diff --git a/tcp_splice.c b/tcp_splice.c
index beb2fcb..4828b09 100644
--- a/tcp_splice.c
+++ b/tcp_splice.c
@@ -420,10 +420,12 @@ static int tcp_splice_new(const struct ctx *c, struct tcp_splice_conn *conn,
int s = -1;
if (pif == PIF_SPLICE) {
+ port += c->tcp.fwd_out.delta[port];
s = tcp_conn_sock(c, af);
} else {
ASSERT(pif == PIF_HOST);
+ port += c->tcp.fwd_in.delta[port];
s = tcp_conn_sock_ns(c, af);
}
diff --git a/udp.c b/udp.c
index de25eb0..61ff87f 100644
--- a/udp.c
+++ b/udp.c
@@ -767,6 +767,11 @@ void udp_sock_handler(const struct ctx *c, union epoll_ref ref, uint32_t events,
if (c->no_udp || !(events & EPOLLIN))
return;
+ if (ref.udp.pif == PIF_SPLICE)
+ dstport += c->udp.fwd_out.f.delta[dstport];
+ else if (ref.udp.pif == PIF_HOST)
+ dstport += c->udp.fwd_in.f.delta[dstport];
+
if (v6) {
mmh_recv = udp6_l2_mh_sock;
udp6_localname.sin6_port = htons(dstport);
@@ -999,16 +1004,13 @@ int udp_sock_init(const struct ctx *c, int ns, sa_family_t af,
const void *addr, const char *ifname, in_port_t port)
{
union udp_epoll_ref uref = { .splice = (c->mode == MODE_PASTA),
- .orig = true };
+ .orig = true, .port = port };
int s, r4 = FD_REF_MAX + 1, r6 = FD_REF_MAX + 1;
- if (ns) {
+ if (ns)
uref.pif = PIF_SPLICE;
- uref.port = (in_port_t)(port + c->udp.fwd_out.f.delta[port]);
- } else {
+ else
uref.pif = PIF_HOST;
- uref.port = (in_port_t)(port + c->udp.fwd_in.f.delta[port]);
- }
if ((af == AF_INET || af == AF_UNSPEC) && c->ifi4) {
uref.v6 = 0;