From 9311ceb8b6fe7064cffca3efda051ef1e1801642 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Fri, 21 May 2021 11:14:53 +0200
Subject: icmp: Implement lazy bind for ping sockets

It turns out that binding ICMP/ICMPv6 echo sockets takes a long
time. Instead of binding all of them (one for each possible echo
identification number, that is, 2^17) at start-up, bind them as
ICMP/ICMPv6 packets are sent by the guest.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 icmp.c | 12 ++++++++++--
 util.c |  4 +++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/icmp.c b/icmp.c
index 08e7324..378e787 100644
--- a/icmp.c
+++ b/icmp.c
@@ -105,7 +105,8 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
 		struct icmphdr *ih = (struct icmphdr *)msg[0].l4h;
 		struct sockaddr_in sa = {
 			.sin_family = AF_INET,
-			.sin_addr = *(struct in_addr *)addr,
+			.sin_addr = { .s_addr = INADDR_ANY },
+			.sin_port = ih->un.echo.id,
 		};
 
 		if (msg[0].l4_len < sizeof(*ih) || ih->type != ICMP_ECHO)
@@ -114,6 +115,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
 		if ((s = icmp_s_v4[ntohs(ih->un.echo.id)]) < 0)
 			return 1;
 
+		bind(s, (struct sockaddr *)&sa, sizeof(sa));
+
+		sa.sin_addr = *(struct in_addr *)addr;
 		sendto(s, msg[0].l4h, msg[0].l4_len,
 		       MSG_DONTWAIT | MSG_NOSIGNAL,
 		       (struct sockaddr *)&sa, sizeof(sa));
@@ -121,7 +125,8 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
 		struct icmp6hdr *ih = (struct icmp6hdr *)msg[0].l4h;
 		struct sockaddr_in6 sa = {
 			.sin6_family = AF_INET6,
-			.sin6_addr = *(struct in6_addr *)addr,
+			.sin6_addr = IN6ADDR_ANY_INIT,
+			.sin6_port = ih->icmp6_identifier,
 		};
 
 		if (msg[0].l4_len < sizeof(*ih) ||
@@ -131,6 +136,9 @@ int icmp_tap_handler(struct ctx *c, int af, void *addr,
 		if ((s = icmp_s_v6[ntohs(ih->icmp6_identifier)]) < 0)
 			return 1;
 
+		bind(s, (struct sockaddr *)&sa, sizeof(sa));
+
+		sa.sin6_addr = *(struct in6_addr *)addr;
 		sendto(s, msg[0].l4h, msg[0].l4_len,
 		       MSG_DONTWAIT | MSG_NOSIGNAL,
 		       (struct sockaddr *)&sa, sizeof(sa));
diff --git a/util.c b/util.c
index 9748cbe..bcec7be 100644
--- a/util.c
+++ b/util.c
@@ -17,7 +17,6 @@
 #include <arpa/inet.h>
 #include <net/ethernet.h>
 #include <net/if.h>
-#include <netinet/ip.h>
 #include <netinet/tcp.h>
 #include <netinet/udp.h>
 #include <sys/epoll.h>
@@ -207,6 +206,9 @@ int sock_l4(struct ctx *c, int af, uint16_t proto, uint16_t port)
 	if (proto == IPPROTO_UDP && PORT_IS_EPHEMERAL(port))
 		goto epoll_add;
 
+	if (proto == IPPROTO_ICMP || proto == IPPROTO_ICMPV6)
+		goto epoll_add;
+
 	if (bind(fd, sa, sl) < 0) {
 		/* We'll fail to bind to low ports if we don't have enough
 		 * capabilities, and we'll fail to bind on already bound ports,
-- 
cgit v1.2.3