From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202410 header.b=bVouoreK;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 81A8A5A061E
	for <passt-dev@passt.top>; Wed, 04 Dec 2024 03:09:34 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202410; t=1733278154;
	bh=NFviJso6GvQWRK2V45O7BqhmjuOoAF0BqRrjwyBiU7Q=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=bVouoreKJe3W0IrFpZWBN19l7mSunW0LYXy0MR9juxzeLK1A1e/tkskxs6JHRWtke
	 vvdhyrCxcwYk8m2yeGFzXIy3VSo1AAu2muyev5brMY+BqzC9qVg0GtTCkdE3TLUo29
	 u7cSrX/RspMOqm2rK0HM510GYCIRqFLEIjdtCU6c8dPIJ6rkMZnBKd47kP5zdjfhL2
	 +slvQeHJ545dDpH4yeDtDqXEYTb1XKYcDjCHWF8yAjD0/kP3r2BO6SMBhG9cDbER0D
	 uJRwYOUK+r2tuUSOspc/upmUkMtqzNjrgNiLq6ClzTbRMc10Oz108fAjQ5EpFOIL7d
	 REeuyezLtrq5g==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Y31DB0p6rz4xf7; Wed,  4 Dec 2024 13:09:14 +1100 (AEDT)
Date: Wed, 4 Dec 2024 13:09:11 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [PATCH v3] pasta: make it possible to disable socket splicing
Message-ID: <Z0-5x0Q2V0-78Yj0@zatzit>
References: <20241203215302.3773941-1-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="RnnsJOAI2YFz4fSu"
Content-Disposition: inline
In-Reply-To: <20241203215302.3773941-1-jmaloy@redhat.com>
Message-ID-Hash: E4XQVKEDRFMPVY7YUS64KYFHUK6LJAJR
X-Message-ID-Hash: E4XQVKEDRFMPVY7YUS64KYFHUK6LJAJR
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, sbrivio@redhat.com, lvivier@redhat.com, dgibson@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z0-5x0Q2V0-78Yj0@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/E4XQVKEDRFMPVY7YUS64KYFHUK6LJAJR/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--RnnsJOAI2YFz4fSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 03, 2024 at 04:53:02PM -0500, Jon Maloy wrote:
> During testing it is sometimes useful to force traffic which would
> normally be forwared by socket splicing through the tap interface.
>=20
> In this commit, we add a command switch enabling such funtionality
> for inbound local traffic.
>=20
> For outbound local traffic this is much trickier, if even possible,
> so leave that for a later commit.
>=20
> Suggested-by: David Gibson <david@gibson.dropbear.id.au>
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

With the exception that I second Stefano's suggestion to improve the
text in the man page.

>=20
> ---
> v2: Some minor changes based on feedback from PASST team
> v3: More changes based on feedback from D. Gibson and S. Brivio
>     -Moved new option to pasta-only section
>     -Added description to man-page
> ---
>  conf.c  | 7 ++++++-
>  fwd.c   | 2 +-
>  passt.1 | 4 ++++
>  passt.h | 2 ++
>  4 files changed, 13 insertions(+), 2 deletions(-)
>=20
> diff --git a/conf.c b/conf.c
> index eaa7d99..53f6770 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -977,7 +977,8 @@ pasta_opts:
>  		"			Don't copy all routes to namespace\n"
>  		"  --no-copy-addrs	DEPRECATED:\n"
>  		"			Don't copy all addresses to namespace\n"
> -		"  --ns-mac-addr ADDR	Set MAC address on tap interface\n");
> +		"  --ns-mac-addr ADDR	Set MAC address on tap interface\n"
> +		"  --no-splice		Disable inbound socket splicing\n");
> =20
>  	exit(status);
>  }
> @@ -1319,6 +1320,7 @@ void conf(struct ctx *c, int argc, char **argv)
>  		{"no-dhcpv6",	no_argument,		&c->no_dhcpv6,	1 },
>  		{"no-ndp",	no_argument,		&c->no_ndp,	1 },
>  		{"no-ra",	no_argument,		&c->no_ra,	1 },
> +		{"no-splice",	no_argument,		&c->no_splice,	1 },
>  		{"freebind",	no_argument,		&c->freebind,	1 },
>  		{"no-map-gw",	no_argument,		&no_map_gw,	1 },
>  		{"ipv4-only",	no_argument,		NULL,		'4' },
> @@ -1756,6 +1758,9 @@ void conf(struct ctx *c, int argc, char **argv)
>  		}
>  	} while (name !=3D -1);
> =20
> +	if (c->mode =3D=3D MODE_PASST)
> +		c->no_splice =3D 1;
> +
>  	if (c->mode =3D=3D MODE_PASTA && !c->pasta_conf_ns) {
>  		if (copy_routes_opt)
>  			die("--no-copy-routes needs --config-net");
> diff --git a/fwd.c b/fwd.c
> index 0b7f8b1..2829cd2 100644
> --- a/fwd.c
> +++ b/fwd.c
> @@ -443,7 +443,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_=
t proto,
>  	else if (proto =3D=3D IPPROTO_UDP)
>  		tgt->eport +=3D c->udp.fwd_in.delta[tgt->eport];
> =20
> -	if (c->mode =3D=3D MODE_PASTA && inany_is_loopback(&ini->eaddr) &&
> +	if (!c->no_splice && inany_is_loopback(&ini->eaddr) &&
>  	    (proto =3D=3D IPPROTO_TCP || proto =3D=3D IPPROTO_UDP)) {
>  		/* spliceable */
> =20
> diff --git a/passt.1 b/passt.1
> index b2896a2..c8a5783 100644
> --- a/passt.1
> +++ b/passt.1
> @@ -695,6 +695,10 @@ Configure MAC address \fIaddr\fR on the tap interfac=
e in the namespace.
> =20
>  Default is to let the tap driver build a pseudorandom hardware address.
> =20
> +.TP
> +.BR \-\-no-splice
> +Disable socket splicing for host to NS traffic.
> +
>  .SH EXAMPLES
> =20
>  .SS \fBpasta
> diff --git a/passt.h b/passt.h
> index c038630..0dd4efa 100644
> --- a/passt.h
> +++ b/passt.h
> @@ -229,6 +229,7 @@ struct ip6_ctx {
>   * @no_dhcpv6:		Disable DHCPv6 server
>   * @no_ndp:		Disable NDP handler altogether
>   * @no_ra:		Disable router advertisements
> + * @no_splice:		Disable socket splicing for inbound traffic
>   * @host_lo_to_ns_lo:	Map host loopback addresses to ns loopback address=
es
>   * @freebind:		Allow binding of non-local addresses for forwarding
>   * @low_wmem:		Low probed net.core.wmem_max
> @@ -291,6 +292,7 @@ struct ctx {
>  	int no_dhcpv6;
>  	int no_ndp;
>  	int no_ra;
> +	int no_splice;
>  	int host_lo_to_ns_lo;
>  	int freebind;
> =20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--RnnsJOAI2YFz4fSu
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmdPuccACgkQzQJF27ox
2GdzQA/+KTOKMdJUdPZb0yGAC4cEGObcj55Pk7KaA4zOv/Lvv8efLBtiIOk1KKa9
ySN1Qz4C+py0QbhPSkRnmyRci7GpKgmcaGaPwg9KkeGsvdBuNOTMD+dJSCn1Bt68
paZqt/ezGh+/iiix3HK00Kd++NlSIPwb4dv2RZ/zh0VUnau/gBfOdq9NcR3uiRmC
IsmdyAF11YyTwbZKaBWm4Y9hIf0Y68U+AwMHYYbXsF3epA1Jafg7AoTMIDW1Asv/
w/1j9gdkmGRKtva14b9719+C1lk516+WmRK16/eHtQaM50DD2kS8Oi8qnLD1Qy/8
MqwDJ7z7E5BuiWIYtdDo0tgNSgYh5OUkLtn2HJuL79RFpHQAb7Eg/KoOXbp9L+t8
vAozs2DHmYbyf+IzVczXz2QIcPqPR6vI5AfdMZquVQhkJ8E2Oe1f+3tTKIjzFxS9
XjHS3WAebgRXtzdD2kg2vqoO9gM3gCeNmYbQrzPsOGfQ+5CNTHhL90MOyley8zfn
0E7k70RPfC3msmyXvahsvkmjmRX9Dqh5iIYXJrF+CQ0LoJi1FooJ4TTGm1rycF1v
cFsLKn1B/fDfQh1xLFzAMW9sYzoyrpFZcgvlbK6QqcYdx6FIgf+yKTubHf2KIZLL
acTSAdv13A/diyVrMF+u4JzIvGBAQZ/Gcz8pD2BwcTS5a/W68f4=
=XYef
-----END PGP SIGNATURE-----

--RnnsJOAI2YFz4fSu--