From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH 00/18] slirp4netns, sandboxing, Podman integration, assorted fixes Date: Tue, 22 Feb 2022 02:34:16 +0100 Message-ID: <20220222013434.4116044-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6086218468918994744==" --===============6086218468918994744== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit This series: - completes slirp4netns(1) compatibility of slirp4netns.sh and introduces equivalent features in pasta (patches 1/18, 2/18, 6/18, 9/18) - enables namespace-based sandboxing that's _at least_ equivalent to the one implemented by slirp4netns (patches 3/18 and 4/18) - carries a number of fixes for minor ssues I found while doing this (patches 5/18, 7/18, 8/18, 10/18, 11/18) - introduce a self-quit mechanism for pasta for easier integration with container runtimes (patch 12/18) - fixes a few items in documentation and tests (patches 13/18 to 16/18) - adds Podman integration as out-of-tree patch (patch 17/18) - adds a demo for Podman operation with pasta and side-by-side comparison with slirp4netns (patch 18/18). I already ran a demo recording for the Podman demo: https://passt.top/builds/latest/web/demo_podman.webm Stefano Brivio (18): slirp4netns: Look up pasta command, exit if not found slirp4netns: Add EXIT as condition for trap passt, pasta: Namespace-based sandboxing, defer seccomp policy application passt: Make process not dumpable after sandboxing Makefile, conf, passt: Drop passt4netns references, explicit argc check slirp4netns.sh: Implement API socket option for port forwarding conf: Don't print configuration on --quiet conf: Given IPv4 address and no netmask, assign RFC 790-style classes conf, udp: Introduce basic DNS forwarding udp: Allow loopback connections from host using configured unicast address tcp, udp: Receive batching doesn't pay off when writing single frames to tap pasta: By default, quit if filesystem-bound net namespace goes away test/distro/ubuntu: Use DEBIAN_FRONTEND=noninteractive for apt on 22.04 test/perf/passt_udp: Drop threshold for 256B test man page: Update REPORTING BUGS section README, hooks: Build HTML man page on push, add a link contrib: Add patch for Podman integration test: Add demo for Podman with pasta Makefile | 10 +- README.md | 18 +- conf.c | 219 +++-- ...001-libpod-Add-pasta-networking-mode.patch | 542 +++++++++++ dhcp.c | 5 +- dhcpv6.c | 7 + hooks/pre-push | 3 + ndp.c | 6 +- passt.1 | 92 +- passt.c | 140 ++- passt.h | 28 +- pasta.c | 217 ++--- pasta.h | 2 + pcap.c | 5 +- pcap.h | 2 +- slirp4netns.sh | 198 +++- tap.c | 58 +- tcp.c | 49 +- test/demo/passt | 3 +- test/demo/pasta | 5 +- test/demo/podman | 843 ++++++++++++++++++ test/distro/ubuntu | 1 + test/lib/layout | 38 +- test/lib/setup | 49 +- test/lib/term | 10 + test/lib/test | 35 + test/perf/passt_udp | 4 +- test/run | 8 + udp.c | 76 +- util.c | 129 ++- util.h | 12 +- 31 files changed, 2430 insertions(+), 384 deletions(-) create mode 100644 contrib/podman/0001-libpod-Add-pasta-networking-mode.patch create mode 100644 test/demo/podman -- 2.34.1 --===============6086218468918994744==--