From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202410 header.b=IGhlwKgc;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 390995A061B
	for <passt-dev@passt.top>; Fri, 29 Nov 2024 04:31:49 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202410; t=1732851088;
	bh=/hKMkcA0uxzzDLHwOFsjoDdoRyTbC3Kdblnq8iih9Wg=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=IGhlwKgcQl2AuoTE40cEQMGAuN6FNr4G83pxiDL+LAnCmbXftROc0/IZRKxqKrtA9
	 07PTMbAvonm1z+G9Xl+Su/yBkeOdPBpK9CrRoHVo9O6J1BTKJq+WyA2yTiaFy0T6I5
	 Ps2qQ2/M/lHewSCyGYldXRO2cPVFYlI2SAJcwlxkrfOZri4yi6rMV5sNIB3FwYQp/d
	 IBWWMJjdM0r61R78x9T65UUFwsKovRygHa3tjeI0vWuOkAofAEzZQt7k00TT3D9keh
	 r8C4j2bWql3Y1iq7u1CV01iyhcbfWnt0yVysW/RbwYml/o4kF4J985nzc/2T+/Hrl7
	 5GxH3e/WLby4Q==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4XzzHN5nKyz4x4w; Fri, 29 Nov 2024 14:31:28 +1100 (AEDT)
Date: Fri, 29 Nov 2024 13:48:51 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [PATCH] pasta: make it possible to disable socket splicing
Message-ID: <Z0krk846Vdnod64V@zatzit>
References: <20241129004532.2514834-1-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="8ytfnX8LbmeOMrLa"
Content-Disposition: inline
In-Reply-To: <20241129004532.2514834-1-jmaloy@redhat.com>
Message-ID-Hash: TFUPEKOVWFS5ZNJTMJIOB5VFQV2QNKL5
X-Message-ID-Hash: TFUPEKOVWFS5ZNJTMJIOB5VFQV2QNKL5
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, sbrivio@redhat.com, lvivier@redhat.com, dgibson@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z0krk846Vdnod64V@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/TFUPEKOVWFS5ZNJTMJIOB5VFQV2QNKL5/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--8ytfnX8LbmeOMrLa
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 28, 2024 at 07:45:32PM -0500, Jon Maloy wrote:
> During testing it is sometimes useful to force traffic which would
> normally be forwarded by socket splicing through the tap interface.
>=20
> In this commit, we add a command switch making it possible to disable
> splicing for inbound local traffic.
>=20
> For outbound local traffic this seems to be much trickier, so I leave
> that for a possible later commit.

See comments on your other mail.

> Suggested-by: David Gibson <dgibson@redhat.com>
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>

This LGTM, excepting minor details.  Arguably it's even enough, since
you can effectively disable outbound splicing by not using -T or -U.

> ---
>  conf.c  | 5 +++++
>  fwd.c   | 2 +-
>  passt.h | 1 +
>  3 files changed, 7 insertions(+), 1 deletion(-)
>=20
> diff --git a/conf.c b/conf.c
> index eaa7d99..8d58652 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -890,6 +890,7 @@ static void usage(const char *name, FILE *f, int stat=
us)
>  		"  --no-ndp		Disable NDP responses\n"
>  		"  --no-dhcpv6		Disable DHCPv6 server\n"
>  		"  --no-ra		Disable router advertisements\n"
> +		"  --no-splice		Disable outbound socket splicing\n"

This should be "inbound" not "outbound" yes?

For a final version this would need to be added to the manpage as
well.  I guess unless we wanted to leave it undocumented as an option
intended only for developer testing.

>  		"  --freebind		Bind to any address for forwarding\n"
>  		"  --no-map-gw		Don't map gateway address to host\n"
>  		"  -4, --ipv4-only	Enable IPv4 operation only\n"
> @@ -1319,6 +1320,7 @@ void conf(struct ctx *c, int argc, char **argv)
>  		{"no-dhcpv6",	no_argument,		&c->no_dhcpv6,	1 },
>  		{"no-ndp",	no_argument,		&c->no_ndp,	1 },
>  		{"no-ra",	no_argument,		&c->no_ra,	1 },
> +		{"no-splice",	no_argument,		&c->no_splice,	1 },
>  		{"freebind",	no_argument,		&c->freebind,	1 },
>  		{"no-map-gw",	no_argument,		&no_map_gw,	1 },
>  		{"ipv4-only",	no_argument,		NULL,		'4' },
> @@ -1756,6 +1758,9 @@ void conf(struct ctx *c, int argc, char **argv)
>  		}
>  	} while (name !=3D -1);
> =20
> +	if (c->mode =3D=3D MODE_PASST)
> +		c->no_splice =3D 1;
> +
>  	if (c->mode =3D=3D MODE_PASTA && !c->pasta_conf_ns) {
>  		if (copy_routes_opt)
>  			die("--no-copy-routes needs --config-net");
> diff --git a/fwd.c b/fwd.c
> index 0b7f8b1..2829cd2 100644
> --- a/fwd.c
> +++ b/fwd.c
> @@ -443,7 +443,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_=
t proto,
>  	else if (proto =3D=3D IPPROTO_UDP)
>  		tgt->eport +=3D c->udp.fwd_in.delta[tgt->eport];
> =20
> -	if (c->mode =3D=3D MODE_PASTA && inany_is_loopback(&ini->eaddr) &&
> +	if (!c->no_splice && inany_is_loopback(&ini->eaddr) &&
>  	    (proto =3D=3D IPPROTO_TCP || proto =3D=3D IPPROTO_UDP)) {
>  		/* spliceable */
> =20
> diff --git a/passt.h b/passt.h
> index c038630..0271e7c 100644
> --- a/passt.h
> +++ b/passt.h
> @@ -291,6 +291,7 @@ struct ctx {
>  	int no_dhcpv6;
>  	int no_ndp;
>  	int no_ra;
> +	int no_splice;
>  	int host_lo_to_ns_lo;
>  	int freebind;
> =20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--8ytfnX8LbmeOMrLa
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmdJK3wACgkQzQJF27ox
2GcStg/+NBoXKGQLSG4ZF5okrzyJ78P3XAqinyL7lLN7csKm1IvClH+OKu2FGZc6
CQwp+0IEVZf7/X1oQzpWajd708rNKoh8AjXzHs7/9xUK5osgU5+yB1wjIn32dp/P
z+gQk26Ljy1s9FGuJiyF7EYb5iRjdgURmUjEksFw88w+f6GK7ToB/HoHhY/Dhug9
y0WhSB23gqQTNqwuLoAJK1saHSTw1Xis4bXVW84iCbTKWW49ljhY/cMu8359JsXB
uggbcvNuwuqaDATDUfX/JIPWsYd490ySlh9DkN/BKHYAWdGauMLT8YXy8qvuf4hN
gSaK60oYapFUEqZtbApQvSbiKvRIg4mpup4q/HZ0sMcRrQypxce0FWPBKOZ5XHOb
Mxa2CmUAisUGf33ofgm+Oj9honnbp9UsKQc4CJe+2vLpu6p5iL7I5Q1qLPptsr5R
0UkCbhMBAXdtlq0FcTdi/eH/653UlKC2nP7kZBK3ncaKEgCxQruYjyv0S1o11AMC
ahnln5g1/TppKWFi1oN2Lm/MFmdh7qAzErIplPKkWF7DAtXrzFDcn6a937XwdAGu
02NeI2zjHyDkQVbt2CeWqAmIZ5oimjA+iBKABMGrIQz9j3+uLngHf17Egz49VdH0
liTqbU9ac/tQYvkaNqrlCAbHV7b/ULUXRbNS66i2FbS+zTAyYqY=
=e0+w
-----END PGP SIGNATURE-----

--8ytfnX8LbmeOMrLa--