From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=M1lCcMTZ;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTPS id C439E5A0778
	for <passt-dev@passt.top>; Fri, 16 Jan 2026 04:45:01 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1768535100;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=zUEBR0Vr1bI2JTqn548MxPBubOEQooS08qbqi32Y0TM=;
	b=M1lCcMTZpRdVtpxMjHxcJavjYF9jPLf7N/i07zIE9OWALP5EZjKHqWDN5t2YstSweuz+YW
	dTfsl/MYxXLsl/Ryvrflrp/k/R4qP6UbfoQG9cRAa7ZgRnxPPPqGASfbMwUtU2SfbLzJR8
	fi1NDQYIh6g8GM5BTPcNHla9m7yY+jE=
Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com
 [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-416-B4ec3bIOMAeXKmAbpIBYgw-1; Thu, 15 Jan 2026 22:44:59 -0500
X-MC-Unique: B4ec3bIOMAeXKmAbpIBYgw-1
X-Mimecast-MFC-AGG-ID: B4ec3bIOMAeXKmAbpIBYgw_1768535098
Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-432586f2c82so1078178f8f.0
        for <passt-dev@passt.top>; Thu, 15 Jan 2026 19:44:59 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768535097; x=1769139897;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=zUEBR0Vr1bI2JTqn548MxPBubOEQooS08qbqi32Y0TM=;
        b=EG4lNP0cHwtVlNBycOywG+j21pYM48LUMzgiSB5qixMBLIjoj0/J7BSvelFQ+2pFSU
         BjnMvuwFIT8GGfcBM1KtWzkw7w1MdifabJ5pF2vOkP7fBd77rA7CYyy+sdHvfsI8jIQv
         vwsPYdO59eYRp/VDG53ZUeQKvM2TdJUMJrKqDCrSnruLczzefQXjKmCGL4GcslLW1sY6
         HeYUJk5UW31pRjO/Cewq4I3cliZlkUaZhVth37vf40HYMZeedKVdB56y5I+r3giKFXcr
         dEWyHH+BoI4O5QZiKch2vREjfZHqa/iFqd87jkU2f31o3Pj0FegBZAN3D0ovLBOTGJVY
         AKfg==
X-Gm-Message-State: AOJu0YyVUzrDJaXf5pzUqvAWH1nUMKastnxWbAF/9W/Ml49JFoK5U6bP
	qik3qI/Bj/Qayb4nc5SlqpMV34rzHMp+RF4xpQrPl34yQZbk69smHewM1X0FdihqctneWZvPerF
	epdS25CjpIFk8UcblLawUmMqDQCkj1RoBbRBWeiXQ4JUtGDNgXKC2MARec7ROkA==
X-Gm-Gg: AY/fxX4lGia7gdYiuNQFMkW0Hi0Qcsc5ebwWm03i0bgsJ9bHUuv47FWcjyuOMiGgKvZ
	M2mLyC/q/yjsrb65YkJrHTSq3bYqzJlrX6ya1uP1TNpJYVsgd/CBfImZnBleyKKGJByNb5e8E6j
	KPb37EhSp+7wNKq2M/l9/8c3xUyZsJwEQKHU16pQhkWX+ftmHaekDnTOeUOzwosMVmdEbwKFqDg
	KWMkbBrzNmoT+Pnua3fb7IoPBTkMA462j1TE5en/t7ATPf/CqNegZLM7ayth9WyVfdfJE4a+yEM
	mJR3UsLwHSB7sTMuh4M4Yenf6j820Y0CHMxwM3tW2dWz75lxj8b1b7fF3gGOtS8MM77e1mKTJc1
	9XXgVs8EO6q/xYakvwjS6
X-Received: by 2002:a5d:5d0e:0:b0:430:fcbc:dc52 with SMTP id ffacd0b85a97d-4356957ac58mr2020370f8f.30.1768535097528;
        Thu, 15 Jan 2026 19:44:57 -0800 (PST)
X-Received: by 2002:a5d:5d0e:0:b0:430:fcbc:dc52 with SMTP id ffacd0b85a97d-4356957ac58mr2020349f8f.30.1768535097151;
        Thu, 15 Jan 2026 19:44:57 -0800 (PST)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435696fbea8sm2644686f8f.0.2026.01.15.19.44.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 15 Jan 2026 19:44:56 -0800 (PST)
Date: Fri, 16 Jan 2026 04:44:54 +0100
From: Stefano Brivio <sbrivio@redhat.com>
To: Yumei Huang <yuhuang@redhat.com>
Subject: Re: [PATCH v2] conf, pasta: Add --splice-only option
Message-ID: <20260116044454.3da0958a@elisabeth>
In-Reply-To: <20260116032509.1480589-1-yuhuang@redhat.com>
References: <20260116032509.1480589-1-yuhuang@redhat.com>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: GFUdvGIsDcM2sGZvJDm300bBqiM9W6Mp-4hiWROp3N0_1768535098
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: K2WJX3VCFBRUPL6NXFJDQQ2AM5AOVXTN
X-Message-ID-Hash: K2WJX3VCFBRUPL6NXFJDQQ2AM5AOVXTN
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, david@gibson.dropbear.id.au
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260116044454.3da0958a@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/K2WJX3VCFBRUPL6NXFJDQQ2AM5AOVXTN/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Fri, 16 Jan 2026 11:25:09 +0800
Yumei Huang <yuhuang@redhat.com> wrote:

> This patch introduces a mode where we only forward loopback connections
> and traffic between two namespaces (via the loopback interface, 'lo'),
> without a tap device.
> 
> It might be used to fix up podman IPv4 / IPv6 loopback mapping when using
> rootlesskit for forwarding ports, or a way to implement isolated containers.
> 
> In this mode, --host-lo-to-ns-lo and --no-icmp are automatically enabled.
> Option --no-splice is rejected.
> 
> Link: https://bugs.passt.top/show_bug.cgi?id=149
> Signed-off-by: Yumei Huang <yuhuang@redhat.com>
> ---
>  conf.c  | 39 ++++++++++++++++++++++++++++-----------
>  fwd.c   |  3 +++
>  passt.1 |  5 +++++
>  passt.h |  2 ++
>  pasta.c |  3 +++
>  tap.c   | 11 +++++++----
>  6 files changed, 48 insertions(+), 15 deletions(-)
> 
> diff --git a/conf.c b/conf.c
> index dbff87c..9d88ad7 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -1059,7 +1059,8 @@ pasta_opts:
>  		"  --no-copy-addrs	DEPRECATED:\n"
>  		"			Don't copy all addresses to namespace\n"
>  		"  --ns-mac-addr ADDR	Set MAC address on tap interface\n"
> -		"  --no-splice		Disable inbound socket splicing\n");
> +		"  --no-splice		Disable inbound socket splicing\n"
> +		"  --splice-only	Only enable loopback forwarding\n");
>  
>  	passt_exit(status);
>  }
> @@ -1142,7 +1143,7 @@ static void conf_print(const struct ctx *c)
>  		     inet_ntop(AF_INET6, &c->ip6.addr_out, buf6, sizeof(buf6)));
>  	}
>  
> -	if (c->mode == MODE_PASTA)
> +	if (c->mode == MODE_PASTA && !c->splice_only)
>  		info("Namespace interface: %s", c->pasta_ifn);
>  
>  	info("MAC:");

Actually, I just realised, also the MAC address information printed here
is meaningless for the --splice-only mode:

$ ./pasta --debug --splice-only
0.0019: MAC:
0.0019:     host: 9a:55:9a:55:9a:55

...but that MAC address will never appear anywhere.

But in any case the patch looks good to me (with or without that
"fixed").

-- 
Stefano