Re: [PATCH] qemu: don't add --mac-addr option to passt commandline

Laszlo Ersek <lersek@xxxxxxxxxx> · Fri, 14 Jul 2023 09:31:00 +0200

On 7/13/23 18:30, Laine Stump wrote:
> When I implemented passt support in libvirt, I saw the --mac-addr
> option on the passt commandline, immediately assumed that this was
> used for setting the guest interface's mac address somewhere within
> passt, and read no further. As a result, "--mac-addr" is always added
> to the passt commandline, specifying the setting from
> <mac addr='blah'/> in the guest's interface config.
> 
> But as pointed out in this bugzilla comment:
> 
> https://bugzilla.redhat.com/2184967#c8
> 
> That is *not at all* what passt's --mac-addr option does. Instead, it
> is used to force the *remote* mac address for incoming traffic to a
> specific value. So setting --mac-addr results in all traffic on the
> interface having the same (the guest's) mac address for both source
> and destination in all traffic. Surprisingly, this still works, so
> nobody noticed it during testing.
> 
> The proper thing is to not specify any mac address to passt - the
> remote MAC addresses can and should remain untouched, and the local
> MAC address will end up being known to passt and beyond just by the
> guest sending out packets with that MAC address.
> 
> Reported-by: Laszlo Ersek <lersek@xxxxxxxxxx>
> Signed-off-by: Laine Stump <laine@xxxxxxxxxx>
> ---
>  src/qemu/qemu_passt.c | 2 --
>  1 file changed, 2 deletions(-)
> 
> diff --git a/src/qemu/qemu_passt.c b/src/qemu/qemu_passt.c
> index 3679bf75fc..d36856e92e 100644
> --- a/src/qemu/qemu_passt.c
> +++ b/src/qemu/qemu_passt.c
> @@ -176,7 +176,6 @@ qemuPasstStart(virDomainObj *vm,
>      g_autofree char *passtSocketName = qemuPasstCreateSocketPath(vm, net);
>      g_autoptr(virCommand) cmd = NULL;
>      g_autofree char *pidfile = qemuPasstCreatePidFilename(vm, net);
> -    char macaddr[VIR_MAC_STRING_BUFLEN];
>      bool needUnlink = false;
>      size_t i;
>  
> @@ -187,7 +186,6 @@ qemuPasstStart(virDomainObj *vm,
>      virCommandAddArgList(cmd,
>                           "--one-off",
>                           "--socket", passtSocketName,
> -                         "--mac-addr", virMacAddrFormat(&net->mac, macaddr),
>                           "--pid", pidfile,
>                           NULL);
>  

I've been thinking more about this. It is certainly an improvement. Per
my reading of the passt manual, "--mac-addr" and "--gateway" should
either be specified together, or none of them should be specified; and
this change satisfies that condition.

Reviewed-by: Laszlo Ersek <lersek@xxxxxxxxxx>