From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202410 header.b=P/wvHUtB;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 255B15A061C
	for <passt-dev@passt.top>; Tue, 03 Dec 2024 04:44:03 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202410; t=1733197392;
	bh=DeS0/aFGdABYemlDJ6fOzsmTAt81ynjgkCAF4nyzZig=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=P/wvHUtBWPOpYuPPVO144On0A6VF1V99NPLe30MeKEaz5GrwMg0pVYzimVT1p3pTw
	 1s0XLJd5/jkwqiG5LqL07eVb/bRUX/qnA2hC/OzS2yCigk/st1bgjnaoVhuc3C0yNt
	 S1puriDPVB6ISBS5xeYOx4M+63tDPNLNHuGj+a28n5PqcupzuSEr6dW9PBRp/RWeqE
	 7I1ggVs6isrcKP2hX6ptzAsmWOTqaGtJlhd/tV6d2eJVLMPRcI3eUSrJYIudU4v9vs
	 h6OFVwf3buOGQe4FZcUB+xKdsPP5d/W7USwDBQkHINseBn2iKo9VV48VQxDjm2MQXr
	 ONtfq2hXQ1V2g==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Y2RM41Cjbz4wyw; Tue,  3 Dec 2024 14:43:12 +1100 (AEDT)
Date: Tue, 3 Dec 2024 14:43:04 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [PATCH v2] pasta: make it possible to disable socket splicing
Message-ID: <Z05-SFyHAcGhEP5L@zatzit>
References: <20241129224946.2664970-1-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="sDQtSscD3qhXLQhc"
Content-Disposition: inline
In-Reply-To: <20241129224946.2664970-1-jmaloy@redhat.com>
Message-ID-Hash: MDNWVUSK46DVJAJJRGT6EGRJLCUNCY4B
X-Message-ID-Hash: MDNWVUSK46DVJAJJRGT6EGRJLCUNCY4B
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, sbrivio@redhat.com, lvivier@redhat.com, dgibson@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z05-SFyHAcGhEP5L@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/MDNWVUSK46DVJAJJRGT6EGRJLCUNCY4B/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--sDQtSscD3qhXLQhc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Nov 29, 2024 at 05:49:46PM -0500, Jon Maloy wrote:
> During testing it is sometimes useful to force traffic which would
> normally be forwared by socket splicing through the tap interface.
>=20
> In this commit, we add a command switch enabling such funtionality
> for inbound local traffic.
>=20
> For outbound local traffic this is much trickier, if even possible,
> so leave that for a later commit.
>=20
> Suggested-by: David Gibson <david@gibson.dropbear.id.au>
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>

One nit, and the man page needs updating as Stefano mentions,
otherwise LGTM.

> ---
> v2: Some minor changes based on feedback from PASST team
> ---
>  conf.c  | 5 +++++
>  fwd.c   | 2 +-
>  passt.h | 2 ++
>  3 files changed, 8 insertions(+), 1 deletion(-)
>=20
> diff --git a/conf.c b/conf.c
> index 5107549..fe6fa04 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -846,6 +846,7 @@ static void usage(const char *name, FILE *f, int stat=
us)
>  		"  --no-ndp		Disable NDP responses\n"
>  		"  --no-dhcpv6		Disable DHCPv6 server\n"
>  		"  --no-ra		Disable router advertisements\n"
> +		"  --no-splice		Disable inbound socket splicing\n"

This is currently listed in the common options, but has no effect for
passt mode.  Is that what we want?  Or should we move this to the
pasta specific options?

>  		"  --freebind		Bind to any address for forwarding\n"
>  		"  --no-map-gw		Don't map gateway address to host\n"
>  		"  -4, --ipv4-only	Enable IPv4 operation only\n"
> @@ -1274,6 +1275,7 @@ void conf(struct ctx *c, int argc, char **argv)
>  		{"no-dhcpv6",	no_argument,		&c->no_dhcpv6,	1 },
>  		{"no-ndp",	no_argument,		&c->no_ndp,	1 },
>  		{"no-ra",	no_argument,		&c->no_ra,	1 },
> +		{"no-splice",	no_argument,		&c->no_splice,	1 },
>  		{"freebind",	no_argument,		&c->freebind,	1 },
>  		{"no-map-gw",	no_argument,		&no_map_gw,	1 },
>  		{"ipv4-only",	no_argument,		NULL,		'4' },
> @@ -1701,6 +1703,9 @@ void conf(struct ctx *c, int argc, char **argv)
>  		}
>  	} while (name !=3D -1);
> =20
> +	if (c->mode =3D=3D MODE_PASST)
> +		c->no_splice =3D 1;
> +
>  	if (c->mode =3D=3D MODE_PASTA && !c->pasta_conf_ns) {
>  		if (copy_routes_opt)
>  			die("--no-copy-routes needs --config-net");
> diff --git a/fwd.c b/fwd.c
> index 0b7f8b1..2829cd2 100644
> --- a/fwd.c
> +++ b/fwd.c
> @@ -443,7 +443,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_=
t proto,
>  	else if (proto =3D=3D IPPROTO_UDP)
>  		tgt->eport +=3D c->udp.fwd_in.delta[tgt->eport];
> =20
> -	if (c->mode =3D=3D MODE_PASTA && inany_is_loopback(&ini->eaddr) &&
> +	if (!c->no_splice && inany_is_loopback(&ini->eaddr) &&
>  	    (proto =3D=3D IPPROTO_TCP || proto =3D=3D IPPROTO_UDP)) {
>  		/* spliceable */
> =20
> diff --git a/passt.h b/passt.h
> index 72c7f72..45ad26a 100644
> --- a/passt.h
> +++ b/passt.h
> @@ -225,6 +225,7 @@ struct ip6_ctx {
>   * @no_dhcpv6:		Disable DHCPv6 server
>   * @no_ndp:		Disable NDP handler altogether
>   * @no_ra:		Disable router advertisements
> + * @no_splice:		Disable socket splicing for inbound traffic
>   * @host_lo_to_ns_lo:	Map host loopback addresses to ns loopback address=
es
>   * @freebind:		Allow binding of non-local addresses for forwarding
>   * @low_wmem:		Low probed net.core.wmem_max
> @@ -286,6 +287,7 @@ struct ctx {
>  	int no_dhcpv6;
>  	int no_ndp;
>  	int no_ra;
> +	int no_splice;
>  	int host_lo_to_ns_lo;
>  	int freebind;
> =20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--sDQtSscD3qhXLQhc
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmdOfjwACgkQzQJF27ox
2GcEtg/+O+K47jqemtPtZJSK/7R5GwRmsvJon2ksEfJwdYzmUeeHeEZsaFH65gZ9
m1ch71s0l3Cd3vz2l3Jw8nWycOgIICHJE63YQqFD8Wy2Fz3bpS+XBa3ML0xI2Io9
aBH+EsKpBAAEBvkejyIH3zcfa/alJbBQPrzak9j+CdxTOdrZnW2eWqEpn65AOklY
3EknP3aevYj1N/NX5q+V9DZyAlICHLLbXnlmyok3UvzJr9+c8uqwXjnwWM80LUCj
h6MPT9/rnS2AY5Iyoa9AWPrrLMssIrBbQA1XZQRdgYzfQ0KIAsUDoV91u6dzx+cL
Ml7x8Tm4om/ZaTfRQq02IEBPIjBG9/ZJNvrkB6G+moWi8C5y56u+SfY/p5QINBww
sxS2uAOgN1ya6lYZpr9SIEnvpyE4OAsUYLRIq12tsfgaIiV4njMVB+/8WaTLr4pJ
WXBc/KlstNrXRQ9RlepiOASI3NCeX4nstoMNQjxb3jBMmEeBwH81uB2UBw7N2aO2
bFhMy5KpjlXLeP4lRIM8kXw0FItJ+d+u4J6lXuS904NcZlQag9k+LNKR4hiws1sc
OIlYbwhJKDOSttP5y59XPv/TVDidyTtikJhaSXUBUhWZ5UT934iyr5zb5wPzy1qP
VIOo8P1mfepnlP9zT2Hm6DPkRkUxISAbcgSaTAjONG051Q4qX30=
=21wi
-----END PGP SIGNATURE-----

--sDQtSscD3qhXLQhc--