From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 8C91A5A026E for ; Thu, 17 Nov 2022 03:08:57 +0100 (CET) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4NCNcx35FYz4xbT; Thu, 17 Nov 2022 13:08:49 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1668650929; bh=w8mEV0LlRXBdqgVyu4Ou3thsD6nS270a6SwBKdVSWYU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=p0hPYQVQ0sMybRiQJVHyWRJXUmCfcH3F71zsiWyL6De6uHxLUW+8BwWhl+VYDAGUE l0h+whtKGJgMmtsiINTORcQIc+x0xM5xT8nVjwwGqHhflEqTCqFpjYWQ3dJtZe3hYy jqToa8fnMYWdAz2OYL//xT87xllFqA4KCfVO+G3M= Date: Thu, 17 Nov 2022 13:08:42 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH 32/32] tcp: Use dual stack sockets for port forwarding when possible Message-ID: References: <20221116044212.3876516-1-david@gibson.dropbear.id.au> <20221116044212.3876516-33-david@gibson.dropbear.id.au> <20221117011530.2b8a7ca5@elisabeth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="PNrSw3o/GGcpfE9G" Content-Disposition: inline In-Reply-To: <20221117011530.2b8a7ca5@elisabeth> Message-ID-Hash: RSQWCABWBRTHSPCW3NL7HN435AXBNI25 X-Message-ID-Hash: RSQWCABWBRTHSPCW3NL7HN435AXBNI25 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --PNrSw3o/GGcpfE9G Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 17, 2022 at 01:15:30AM +0100, Stefano Brivio wrote: > On Wed, 16 Nov 2022 15:42:12 +1100 > David Gibson wrote: >=20 > > Platforms like Linux allow IPv6 sockets to listen for IPv4 connections = as > > well as native IPv6 connections. By doing this we halve the number of > > listening sockets we need for TCP (assuming passt/pasta is listening on= the > > same ports for IPv4 and IPv6). When forwarding many ports (e.g. -t all) > > this can significantly reduce the amount of kernel memory that passt > > consumes. > >=20 > > When forwarding all TCP and UDP ports for both IPv4 and IPv6 (-t all > > -u all), this reduces kernel memory usage from ~677MiB to ~487MiB > > (kernel version 6.0.8 on Fedora 37, x86_64). >=20 > Oh, nice, that's quite significant. >=20 > > Signed-off-by: David Gibson > > --- > > tcp.c | 14 ++++++++++++-- > > 1 file changed, 12 insertions(+), 2 deletions(-) > >=20 > > diff --git a/tcp.c b/tcp.c > > index 616b9d0..5860c9f 100644 > > --- a/tcp.c > > +++ b/tcp.c > > @@ -2991,8 +2991,12 @@ static int tcp_sock_init_af(const struct ctx *c,= int af, in_port_t port, > > =20 > > s =3D sock_l4(c, af, IPPROTO_TCP, addr, ifname, port, tref.u32); > > =20 > > - if (c->tcp.fwd_in.mode =3D=3D FWD_AUTO) > > - tcp_sock_init_ext[port][(af =3D=3D AF_INET) ? V4 : V6] =3D s; > > + if (c->tcp.fwd_in.mode =3D=3D FWD_AUTO) { > > + if (af =3D=3D AF_INET || af =3D=3D AF_UNSPEC) > > + tcp_sock_init_ext[port][V4] =3D s; > > + if (af =3D=3D AF_INET6 || af =3D=3D AF_UNSPEC) >=20 > Nit: you could align the || af =3D=3D AF_UNSPEC above with an extra > whitespace (as it's done in the context below). Done. > > + tcp_sock_init_ext[port][V6] =3D s; > > + } > > =20 > > if (s < 0) > > return -1; > > @@ -3012,6 +3016,12 @@ static int tcp_sock_init_af(const struct ctx *c,= int af, in_port_t port, > > void tcp_sock_init(const struct ctx *c, sa_family_t af, const void *ad= dr, > > const char *ifname, in_port_t port) > > { > > + if (af =3D=3D AF_UNSPEC && c->ifi4 && c->ifi6) > > + /* Attempt to get a dual stack socket */ > > + if (tcp_sock_init_af(c, AF_UNSPEC, port, addr, ifname) >=3D 0) > > + return; > > + > > + /* Otherwise create a socket per IP version */ >=20 > ...this looks surprisingly clean by the way, at least much cleaner than > I expected. Right. The trick is in realizing that the properties (spliced, IP version) of an established connection don't need to be tied to the properties of the listening socket which created it in the first place. > > if ((af =3D=3D AF_INET || af =3D=3D AF_UNSPEC) && c->ifi4) > > tcp_sock_init_af(c, AF_INET, port, addr, ifname); > > if ((af =3D=3D AF_INET6 || af =3D=3D AF_UNSPEC) && c->ifi6) >=20 > I just finished reviewing this series, in general it looks great to me, > I would have another look (and test!) on Thursday -- either using this > version or a re-spin. >=20 --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --PNrSw3o/GGcpfE9G Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoULxWu4/Ws0dB+XtgypY4gEwYSIFAmN1l6QACgkQgypY4gEw YSIVVA//fEVw/4iAErCmuJpTn3w2ET8xbzam/o0OK4i7DK6z5ANi4PKIP6XHtwza aP6llc+klw1GY7/TLskGKy4+kBRAuSMy4K7VaVnl6RnWP+/PNf6jlv/gMqLb04Xj bLZ/zNYKHnZamoW0kesRUiZVTwoh3cXL4BK4Bkl8pUEZWgYB4QkSWcHa3O30AJS5 YQFfr1uXXxpluA36iQzi3IIOicaf2Ym/PM5yGMuDKMGrgl5ZfzdfKYqDGMnpehxK s/orgBBCTGx29gGld6hHHO7GAuWXFMU+OcOb1JxUgPzhkHdASFrexVTcPyBiVEQ0 AjC642OS8VKTZDp5jNhWr7mhTEiSJpKWxOkI9CerE/6RkB3N/eNYhBiKOINaCD2W 5ckEenXhXWERLNs1joO7PEascLeKSxhKuLkI5pr+ac1iiqYelwOP5+grBgcRy/Lv 12aHR9Nac4vYMHB/6jqTQQlqB1hBZLR3g3b2NJrbIu0RaYhRNXwvYK1ttKWkE3hM LN/SEUVSVIGlLjov3qvvcMepi1V/nQXBHCRQXbH0TEb+kBc9Ne6exB2AAhZKy9XB qNhukw8G30gRbyWHT4zwhghy26J5RCEffFL3/RCWOUmebdmig45M93zwy8BVjGFl GcdcrxHmka3Mh/5NNSpAXSpOGCwvHE/5At8Jb1IIBI313aRIlvg= =wFGj -----END PGP SIGNATURE----- --PNrSw3o/GGcpfE9G--