diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2021-07-21 17:44:39 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2021-07-21 17:44:39 +0200 |
| commit | 49631a38a6ec550fb9254f2f9e4a049eea02ed6d (patch) | |
| tree | 1c1d294c156dd9bf2c0977bbbd6ba89a9c8ee95f /tcp.c | |
| parent | b508079c4c6ef3b79b253736eaeb654486922324 (diff) | |
| download | passt-49631a38a6ec550fb9254f2f9e4a049eea02ed6d.tar passt-49631a38a6ec550fb9254f2f9e4a049eea02ed6d.tar.gz passt-49631a38a6ec550fb9254f2f9e4a049eea02ed6d.tar.bz2 passt-49631a38a6ec550fb9254f2f9e4a049eea02ed6d.tar.lz passt-49631a38a6ec550fb9254f2f9e4a049eea02ed6d.tar.xz passt-49631a38a6ec550fb9254f2f9e4a049eea02ed6d.tar.zst passt-49631a38a6ec550fb9254f2f9e4a049eea02ed6d.zip | |
tcp, udp: Split IPv4 and IPv6 bound port sets
Allow to bind IPv4 and IPv6 ports to tap, namespace or init separately.
Port numbers of TCP ports that are bound in a namespace are also bound
for UDP for convenience (e.g. iperf3), and IPv4 ports are always bound
if the corresponding IPv6 port is bound (socket might not have the
IPV6_V6ONLY option set). This will also be configurable later.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tcp.c')
| -rw-r--r-- | tcp.c | 61 |
1 files changed, 38 insertions, 23 deletions
@@ -1770,7 +1770,8 @@ static int tcp_splice_new(struct ctx *c, struct tcp_splice_conn *conn, struct tcp_splice_connect_ns_arg ns_arg = { c, conn, v6, port, 0 }; char ns_fn_stack[NS_FN_STACK_SIZE]; - if (bitmap_isset(c->tcp.port_to_ns, port)) { + if ((!v6 && bitmap_isset(c->tcp.port4_to_ns, port)) || + (v6 && bitmap_isset(c->tcp.port6_to_ns, port))) { clone(tcp_splice_connect_ns, ns_fn_stack + sizeof(ns_fn_stack) / 2, CLONE_VM | CLONE_VFORK | CLONE_FILES | SIGCHLD, @@ -2082,19 +2083,24 @@ static int tcp_sock_init_ns(void *arg) ns_enter(c->pasta_pid); - for (port = 0; !PORT_IS_EPHEMERAL(port); port++) { - if (!bitmap_isset(c->tcp.port_to_init, port)) - continue; + if (c->v4) { + tref.v6 = 0; + for (port = 0; port < USHRT_MAX; port++) { + if (!bitmap_isset(c->tcp.port4_to_init, port)) + continue; - tref.index = port; - - if (c->v4) { - tref.v6 = 0; + tref.index = port; sock_l4(c, AF_INET, IPPROTO_TCP, port, 1, tref.u32); } + } + + if (c->v6) { + tref.v6 = 1; + for (port = 0; port < USHRT_MAX; port++) { + if (!bitmap_isset(c->tcp.port6_to_init, port)) + continue; - if (c->v6) { - tref.v6 = 1; + tref.index = port; sock_l4(c, AF_INET6, IPPROTO_TCP, port, 1, tref.u32); } } @@ -2116,24 +2122,33 @@ int tcp_sock_init(struct ctx *c) getrandom(&c->tcp.hash_secret, sizeof(c->tcp.hash_secret), GRND_RANDOM); - for (port = 0; !PORT_IS_EPHEMERAL(port); port++) { - if (bitmap_isset(c->tcp.port_to_ns, port)) - tref.splice = 1; - else if (bitmap_isset(c->tcp.port_to_tap, port)) - tref.splice = 0; - else - continue; - - tref.index = port; + if (c->v4) { + tref.v6 = 0; + for (port = 0; port < USHRT_MAX; port++) { + if (bitmap_isset(c->tcp.port4_to_ns, port)) + tref.splice = 1; + else if (bitmap_isset(c->tcp.port4_to_tap, port)) + tref.splice = 0; + else + continue; - if (c->v4) { - tref.v6 = 0; + tref.index = port; sock_l4(c, AF_INET, IPPROTO_TCP, port, tref.splice, tref.u32); } + } + + if (c->v6) { + tref.v6 = 1; + for (port = 0; port < USHRT_MAX; port++) { + if (bitmap_isset(c->tcp.port6_to_ns, port)) + tref.splice = 1; + else if (bitmap_isset(c->tcp.port6_to_tap, port)) + tref.splice = 0; + else + continue; - if (c->v6) { - tref.v6 = 1; + tref.index = port; sock_l4(c, AF_INET6, IPPROTO_TCP, port, tref.splice, tref.u32); } |