1 files changed, 70 insertions, 47 deletions
diff --git a/icmp.c b/icmp.c
index cb81c76..0fe2366 100644
--- a/icmp.c
+++ b/icmp.c
@@ -15,7 +15,6 @@
 #include <errno.h>
 #include <net/ethernet.h>
 #include <net/if.h>
-#include <netinet/in.h>
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
 #include <stdio.h>
@@ -23,10 +22,8 @@
 #include <stdint.h>
 #include <stddef.h>
 #include <string.h>
-#include <sys/epoll.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-#include <unistd.h>
 #include <time.h>
 
 #include <linux/icmpv6.h>
@@ -41,9 +38,11 @@
 #include "inany.h"
 #include "icmp.h"
 #include "flow_table.h"
+#include "epoll_ctl.h"
 
 #define ICMP_ECHO_TIMEOUT	60 /* s, timeout for ICMP socket activity */
 #define ICMP_NUM_IDS		(1U << 16)
+#define MAX_IOV_ICMP		16 /* Arbitrary, should be enough */
 
 /**
  * ping_at_sidx() - Get ping specific flow at given sidx
@@ -59,7 +58,7 @@ static struct icmp_ping_flow *ping_at_sidx(flow_sidx_t sidx)
 	if (!flow)
 		return NULL;
 
-	ASSERT(flow->f.type == FLOW_PING4 || flow->f.type == FLOW_PING6);
+	assert(flow->f.type == FLOW_PING4 || flow->f.type == FLOW_PING6);
 	return &flow->ping;
 }
 
@@ -67,8 +66,10 @@ static struct icmp_ping_flow *ping_at_sidx(flow_sidx_t sidx)
  * icmp_sock_handler() - Handle new data from ICMP or ICMPv6 socket
  * @c:		Execution context
  * @ref:	epoll reference
+ * @now:	Current timestamp
  */
-void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
+void icmp_sock_handler(const struct ctx *c, union epoll_ref ref,
+		       const struct timespec *now)
 {
 	struct icmp_ping_flow *pingf = ping_at_sidx(ref.flowside);
 	const struct flowside *ini = &pingf->f.side[INISIDE];
@@ -81,11 +82,11 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
 	if (c->no_icmp)
 		return;
 
-	ASSERT(pingf);
+	assert(pingf);
 
 	n = recvfrom(ref.fd, buf, sizeof(buf), 0, &sr.sa, &sl);
 	if (n < 0) {
-		flow_err(pingf, "recvfrom() error: %s", strerror(errno));
+		flow_perror_ratelimit(pingf, now, "recvfrom() error");
 		return;
 	}
 
@@ -110,7 +111,7 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
 		ih6->icmp6_identifier = htons(ini->eport);
 		seq = ntohs(ih6->icmp6_sequence);
 	} else {
-		ASSERT(0);
+		assert(0);
 	}
 
 	/* In PASTA mode, we'll get any reply we send, discard them. */
@@ -124,22 +125,26 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
 	flow_dbg(pingf, "echo reply to tap, ID: %"PRIu16", seq: %"PRIu16,
 		 ini->eport, seq);
 
+	/* Check if neighbour table has a recorded MAC address */
+	if (MAC_IS_UNDEF(pingf->f.tap_omac))
+		fwd_neigh_mac_get(c, &ini->oaddr, pingf->f.tap_omac);
+
 	if (pingf->f.type == FLOW_PING4) {
-		const struct in_addr *saddr = inany_v4(&ini->faddr);
+		const struct in_addr *saddr = inany_v4(&ini->oaddr);
 		const struct in_addr *daddr = inany_v4(&ini->eaddr);
 
-		ASSERT(saddr && daddr); /* Must have IPv4 addresses */
-		tap_icmp4_send(c, *saddr, *daddr, buf, n);
+		assert(saddr && daddr); /* Must have IPv4 addresses */
+		tap_icmp4_send(c, *saddr, *daddr, buf, pingf->f.tap_omac, n);
 	} else if (pingf->f.type == FLOW_PING6) {
-		const struct in6_addr *saddr = &ini->faddr.a6;
+		const struct in6_addr *saddr = &ini->oaddr.a6;
 		const struct in6_addr *daddr = &ini->eaddr.a6;
 
-		tap_icmp6_send(c, saddr, daddr, buf, n);
+		tap_icmp6_send(c, saddr, daddr, buf, pingf->f.tap_omac, n);
 	}
 	return;
 
 unexpected:
-	flow_err(pingf, "Unexpected packet on ping socket");
+	flow_err_ratelimit(pingf, now, "Unexpected packet on ping socket");
 }
 
 /**
@@ -150,7 +155,7 @@ unexpected:
 static void icmp_ping_close(const struct ctx *c,
 			    const struct icmp_ping_flow *pingf)
 {
-	epoll_ctl(c->epollfd, EPOLL_CTL_DEL, pingf->sock, NULL);
+	epoll_del(flow_epollfd(&pingf->f), pingf->sock);
 	close(pingf->sock);
 	flow_hash_remove(c, FLOW_SIDX(pingf, INISIDE));
 }
@@ -162,16 +167,18 @@ static void icmp_ping_close(const struct ctx *c,
  * @id:		ICMP id for the new socket
  * @saddr:	Source address
  * @daddr:	Destination address
+ * @now:	Current timestamp
  *
- * Return: Newly opened ping flow, or NULL on failure
+ * Return: newly opened ping flow, or NULL on failure
  */
 static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
 					    sa_family_t af, uint16_t id,
-					    const void *saddr, const void *daddr)
+					    const void *saddr,
+					    const void *daddr,
+					    const struct timespec *now)
 {
 	uint8_t proto = af == AF_INET ? IPPROTO_ICMP : IPPROTO_ICMPV6;
 	uint8_t flowtype = af == AF_INET ? FLOW_PING4 : FLOW_PING6;
-	union epoll_ref ref = { .type = EPOLL_TYPE_PING };
 	union flow *flow = flow_alloc();
 	struct icmp_ping_flow *pingf;
 	const struct flowside *tgt;
@@ -180,14 +187,15 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
 		return NULL;
 
 	flow_initiate_af(flow, PIF_TAP, af, saddr, id, daddr, id);
-	if (!(tgt = flow_target(c, flow, proto)))
+	if (!(tgt = flow_target(c, flow, FWD_NO_HINT, proto)))
 		goto cancel;
 
 	if (flow->f.pif[TGTSIDE] != PIF_HOST) {
-		flow_err(flow, "No support for forwarding %s from %s to %s",
-			 proto == IPPROTO_ICMP ? "ICMP" : "ICMPv6",
-			 pif_name(flow->f.pif[INISIDE]),
-			 pif_name(flow->f.pif[TGTSIDE]));
+		flow_err_ratelimit(
+			flow, now, "No support for forwarding %s from %s to %s",
+			proto == IPPROTO_ICMP ? "ICMP" : "ICMPv6",
+			pif_name(flow->f.pif[INISIDE]),
+			pif_name(flow->f.pif[TGTSIDE]));
 		goto cancel;
 	}
 
@@ -195,9 +203,7 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
 
 	pingf->seq = -1;
 
-	ref.flowside = FLOW_SIDX(flow, TGTSIDE);
-	pingf->sock = flowside_sock_l4(c, EPOLL_TYPE_PING, PIF_HOST,
-				       tgt, ref.data);
+	pingf->sock = flowside_sock_l4(c, EPOLL_TYPE_PING, PIF_HOST, tgt);
 
 	if (pingf->sock < 0) {
 		warn("Cannot open \"ping\" socket. You might need to:");
@@ -209,6 +215,13 @@ static struct icmp_ping_flow *icmp_ping_new(const struct ctx *c,
 	if (pingf->sock > FD_REF_MAX)
 		goto cancel;
 
+	flow_epollid_set(&pingf->f, EPOLLFD_ID_DEFAULT);
+	if (flow_epoll_set(&pingf->f, EPOLL_CTL_ADD, EPOLLIN, pingf->sock,
+			   TGTSIDE) < 0) {
+		close(pingf->sock);
+		goto cancel;
+	}
+
 	flow_dbg(pingf, "new socket %i for echo ID %"PRIu16, pingf->sock, id);
 
 	flow_hash_insert(c, FLOW_SIDX(pingf, INISIDE));
@@ -229,37 +242,36 @@ cancel:
  * @af:		Address family, AF_INET or AF_INET6
  * @saddr:	Source address
  * @daddr:	Destination address
- * @p:		Packet pool, single packet with ICMP/ICMPv6 header
+ * @data:	Single packet with ICMP/ICMPv6 header
  * @now:	Current timestamp
  *
  * Return: count of consumed packets (always 1, even if malformed)
  */
 int icmp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af,
 		     const void *saddr, const void *daddr,
-		     const struct pool *p, const struct timespec *now)
+		     struct iov_tail *data, const struct timespec *now)
 {
+	struct iovec iov[MAX_IOV_ICMP];
 	struct icmp_ping_flow *pingf;
 	const struct flowside *tgt;
 	union sockaddr_inany sa;
-	size_t dlen, l4len;
+	struct msghdr msh;
 	uint16_t id, seq;
 	union flow *flow;
 	uint8_t proto;
-	socklen_t sl;
-	void *pkt;
+	int cnt;
 
 	(void)saddr;
-	ASSERT(pif == PIF_TAP);
+	assert(pif == PIF_TAP);
 
 	if (af == AF_INET) {
+		struct icmphdr ih_storage;
 		const struct icmphdr *ih;
 
-		if (!(pkt = packet_get(p, 0, 0, sizeof(*ih), &dlen)))
+		ih = IOV_PEEK_HEADER(data, ih_storage);
+		if (!ih)
 			return 1;
 
-		ih =  (struct icmphdr *)pkt;
-		l4len = dlen + sizeof(*ih);
-
 		if (ih->type != ICMP_ECHO)
 			return 1;
 
@@ -267,14 +279,13 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af,
 		id = ntohs(ih->un.echo.id);
 		seq = ntohs(ih->un.echo.sequence);
 	} else if (af == AF_INET6) {
+		struct icmp6hdr ih_storage;
 		const struct icmp6hdr *ih;
 
-		if (!(pkt = packet_get(p, 0, 0, sizeof(*ih), &dlen)))
+		ih = IOV_PEEK_HEADER(data, ih_storage);
+		if (!ih)
 			return 1;
 
-		ih = (struct icmp6hdr *)pkt;
-		l4len = dlen + sizeof(*ih);
-
 		if (ih->icmp6_type != ICMPV6_ECHO_REQUEST)
 			return 1;
 
@@ -282,26 +293,38 @@ int icmp_tap_handler(const struct ctx *c, uint8_t pif, sa_family_t af,
 		id = ntohs(ih->icmp6_identifier);
 		seq = ntohs(ih->icmp6_sequence);
 	} else {
-		ASSERT(0);
+		assert(0);
 	}
 
+	cnt = iov_tail_clone(&iov[0], MAX_IOV_ICMP, data);
+	if (cnt < 0)
+		return 1;
+
 	flow = flow_at_sidx(flow_lookup_af(c, proto, PIF_TAP,
 					   af, saddr, daddr, id, id));
 
 	if (flow)
 		pingf = &flow->ping;
-	else if (!(pingf = icmp_ping_new(c, af, id, saddr, daddr)))
+	else if (!(pingf = icmp_ping_new(c, af, id, saddr, daddr, now)))
 		return 1;
 
 	tgt = &pingf->f.side[TGTSIDE];
 
-	ASSERT(flow_proto[pingf->f.type] == proto);
+	assert(flow_proto[pingf->f.type] == proto);
 	pingf->ts = now->tv_sec;
 
-	pif_sockaddr(c, &sa, &sl, PIF_HOST, &tgt->eaddr, 0);
-	if (sendto(pingf->sock, pkt, l4len, MSG_NOSIGNAL, &sa.sa, sl) < 0) {
-		flow_dbg(pingf, "failed to relay request to socket: %s",
-			 strerror(errno));
+	pif_sockaddr(c, &sa, PIF_HOST, &tgt->eaddr, 0);
+	msh.msg_name = &sa;
+	msh.msg_namelen = socklen_inany(&sa);
+	msh.msg_iov = iov;
+	msh.msg_iovlen = cnt;
+	msh.msg_control = NULL;
+	msh.msg_controllen = 0;
+	msh.msg_flags = 0;
+
+	if (sendmsg(pingf->sock, &msh, MSG_NOSIGNAL) < 0) {
+		flow_warn_perror_ratelimit(pingf, now,
+					   "failed to relay request to socket");
 	} else {
 		flow_dbg(pingf,
 			 "echo request to socket, ID: %"PRIu16", seq: %"PRIu16,