virtio-devices: implement a PostMigrationAnnouncer for virtio-net

amphi · amphi · commit 2190da8a709b · 2026-01-19T16:12:33.000+01:00
To announce the new location in a network, virtio-net devices can send
reverse ARP packets.

On-behalf-of: SAP sebastian.eydam@sap.com
Signed-off-by: Sebastian Eydam &lt;sebastian.eydam@cyberus-technology.de&gt;
diff --git a/net_util/src/lib.rs b/net_util/src/lib.rs
@@ -101,7 +101,7 @@ fn create_unix_socket() -> Result<net::UdpSocket> {
     Ok(unsafe { net::UdpSocket::from_raw_fd(sock) })
 }
 
-fn vnet_hdr_len() -> usize {
+pub fn vnet_hdr_len() -> usize {
     std::mem::size_of::<virtio_net_hdr_v1>()
 }
 
diff --git a/virtio-devices/src/net.rs b/virtio-devices/src/net.rs
@@ -20,8 +20,9 @@ use log::{debug, error, info, trace};
 #[cfg(not(fuzzing))]
 use net_util::virtio_features_to_tap_offload;
 use net_util::{
-    CtrlQueue, MacAddr, NetCounters, NetQueuePair, OpenTapError, RxVirtio, Tap, TapError, TxVirtio,
-    VirtioNetConfig, build_net_config_space, build_net_config_space_with_mq, open_tap,
+    CtrlQueue, MAC_ADDR_LEN, MacAddr, NetCounters, NetQueuePair, OpenTapError, RxVirtio, Tap,
+    TapError, TxVirtio, VirtioNetConfig, build_net_config_space, build_net_config_space_with_mq,
+    open_tap, vnet_hdr_len,
 };
 use seccompiler::SeccompAction;
 use serde::{Deserialize, Serialize};
@@ -40,6 +41,7 @@ use super::{
     EpollHelperHandler, Error as DeviceError, RateLimiterConfig, VirtioCommon, VirtioDevice,
     VirtioDeviceType, VirtioInterruptType,
 };
+use crate::device::PostMigrationAnnouncer;
 use crate::seccomp_filters::Thread;
 use crate::thread_helper::spawn_virtio_thread;
 use crate::{GuestMemoryMmap, VirtioInterrupt};
@@ -655,6 +657,38 @@ impl Net {
     pub fn wait_for_epoll_threads(&mut self) {
         self.common.wait_for_epoll_threads();
     }
+
+    fn build_rarp_announce(&self) -> [u8; 60] {
+        const ETH_P_RARP: u16 = 0x8035; // Ethertype RARP
+        const ARP_HTYPE_ETH: u16 = 0x1; // Hardware type Ethernet
+        const ARP_PTYPE_IP: u16 = 0x0800; // Protocol type IPv4
+        const ARP_OP_REQUEST_REV: u16 = 0x0003; // RARP Request opcode
+
+        const IPV4_ADDR_LENGTH: usize = 4; // Size of an IPv4 address
+
+        let mut buf = [0u8; 60];
+
+        // Ethernet header
+        buf[0..6].copy_from_slice(&[0xff; MAC_ADDR_LEN]); // This is a broadcast
+        buf[6..12].copy_from_slice(&self.config.mac); // Src is this NIC
+        buf[12..14].copy_from_slice(&ETH_P_RARP.to_be_bytes()); // This is a RARP packet
+
+        // ARP Header
+        buf[14..16].copy_from_slice(&ARP_HTYPE_ETH.to_be_bytes());
+        buf[16..18].copy_from_slice(&ARP_PTYPE_IP.to_be_bytes());
+        buf[18] = MAC_ADDR_LEN as u8; // Hardware address length (ethernet)
+        buf[19] = IPV4_ADDR_LENGTH as u8; // Protocol address length (IPv4)
+        // This is a "fake RARP" packet, we don't want to perform a real RARP lookup.
+        // Thus the content of the next fields is largely irrelevant. Setting source
+        // hardware address = target hardware address is fine according to RFC 903.
+        buf[20..22].copy_from_slice(&ARP_OP_REQUEST_REV.to_be_bytes());
+        buf[22..28].copy_from_slice(&self.config.mac); // Source hardware address
+        buf[28..32].copy_from_slice(&[0x00; IPV4_ADDR_LENGTH]); // Source protocol address
+        buf[32..38].copy_from_slice(&self.config.mac); // Target hardware address
+        buf[38..42].copy_from_slice(&[0x00; IPV4_ADDR_LENGTH]); // Target protocol address
+
+        buf
+    }
 }
 
 impl Drop for Net {
@@ -870,6 +904,13 @@ impl VirtioDevice for Net {
     fn set_access_platform(&mut self, access_platform: Arc<dyn AccessPlatform>) {
         self.common.set_access_platform(access_platform);
     }
+
+    fn post_migration_announcer(&self) -> std::option::Option<Box<dyn PostMigrationAnnouncer>> {
+        Some(Box::new(TapRarpAnnouncer::new(
+            self.build_rarp_announce(),
+            self.taps.clone(),
+        )))
+    }
 }
 
 impl Pausable for Net {
@@ -898,3 +939,34 @@ impl Snapshottable for Net {
 }
 impl Transportable for Net {}
 impl Migratable for Net {}
+
+pub struct TapRarpAnnouncer {
+    announce: [u8; 60],
+    taps: Vec<Tap>,
+}
+
+impl TapRarpAnnouncer {
+    pub fn new(announce: [u8; 60], taps: Vec<Tap>) -> Self {
+        Self { announce, taps }
+    }
+}
+
+impl PostMigrationAnnouncer for TapRarpAnnouncer {
+    fn announce_once(&mut self) {
+        // We have to add a virtio-net header to the announce.
+        let mut buf = vec![0u8; vnet_hdr_len() + self.announce.len()];
+        buf[vnet_hdr_len()..].copy_from_slice(&self.announce);
+
+        for tap in &self.taps {
+            // SAFETY: `buf.as_ptr()` is valid for `buf.len()` bytes and remains
+            // valid until the syscall returns. `tap.as_raw_fd()` is a valid TAP fd.
+            let _ = unsafe {
+                libc::write(
+                    tap.as_raw_fd(),
+                    buf.as_ptr() as *const libc::c_void,
+                    buf.len(),
+                )
+            };
+        }
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ fn create_unix_socket() -> Result<net::UdpSocket> {`
`101`	`101`	`Ok(unsafe { net::UdpSocket::from_raw_fd(sock) })`
`102`	`102`	`}`
`103`	`103`
`104`		`-fn vnet_hdr_len() -> usize {`
	`104`	`+pub fn vnet_hdr_len() -> usize {`
`105`	`105`	`std::mem::size_of::<virtio_net_hdr_v1>()`
`106`	`106`	`}`
`107`	`107`