From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202412 header.b=kPjSJlsD;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 62AC35A0275
	for <passt-dev@passt.top>; Mon, 09 Dec 2024 00:29:12 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202412; t=1733700543;
	bh=AXObuRLrFqqOEYiYGE+Ggn7zw44yzwQdwMnG+3CkcvY=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=kPjSJlsDQbxAQNkmQgjZAiDeuVysrBRenIpFZCuOsrh19A0jGvZhqvLriATZrLidq
	 bJXfpkkAirF9Jb5IsN/5Q+WzqKK4VPFek5eKcCOPo206X6m/+2ZsmwNnbU2vGP4tnV
	 hpqMuuSV483StvWS9wCQNVkpkuTrn1d7Kvm8yESTY9Wt350gJ8Et+hgOI1JVP4E/ku
	 Cd6yh8tZwjWjlf5gt5GnSvbf6TF6m/vu/YnzqKcomZU/bh+mL/hiTkZTznYCGxvazR
	 P8h+syzVsCB90kdssri3fPML0vkFxE6aAsn/pwa1xvDlqc6p09NxD4Al9mfWNTGbQR
	 okxXU+hTI/hyg==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Y61R33YQgz4wp0; Mon,  9 Dec 2024 10:29:03 +1100 (AEDT)
Date: Mon, 9 Dec 2024 10:28:03 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [PATCH v4] pasta: make it possible to disable socket splicing
Message-ID: <Z1Yrg0gdfOFz3g4Q@zatzit>
References: <20241208180447.484600-1-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="xuBWqfLdPnhlWyrI"
Content-Disposition: inline
In-Reply-To: <20241208180447.484600-1-jmaloy@redhat.com>
Message-ID-Hash: HYRCILGN4T37DG54SPK7DCWXR7QNEUO7
X-Message-ID-Hash: HYRCILGN4T37DG54SPK7DCWXR7QNEUO7
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, sbrivio@redhat.com, lvivier@redhat.com, dgibson@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z1Yrg0gdfOFz3g4Q@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/HYRCILGN4T37DG54SPK7DCWXR7QNEUO7/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--xuBWqfLdPnhlWyrI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Dec 08, 2024 at 01:04:47PM -0500, Jon Maloy wrote:
> During testing it is sometimes useful to force traffic which would
> normally be forwared by socket splicing through the tap interface.
>=20
> In this commit, we add a command switch enabling such funtionality
> for inbound local traffic.
>=20
> For outbound local traffic this is much trickier, if even possible,
> so leave that for a later commit.
>=20
> Suggested-by: David Gibson <david@gibson.dropbear.id.au>
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

>=20
> ---
> v2: Some minor changes based on feedback from PASST team
> v3: More changes based on feedback from D. Gibson and S. Brivio
>     -Moved new option to pasta-only section
>     -Added description to man-page
> v4: -Changed test on (mode =3D=3D PASST) to (mode !=3D PASTA) as
>      suggested by Stefano Brivio.
> ---
>  conf.c  | 7 ++++++-
>  fwd.c   | 2 +-
>  passt.1 | 4 ++++
>  passt.h | 2 ++
>  4 files changed, 13 insertions(+), 2 deletions(-)
>=20
> diff --git a/conf.c b/conf.c
> index eaa7d99..97d8beb 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -977,7 +977,8 @@ pasta_opts:
>  		"			Don't copy all routes to namespace\n"
>  		"  --no-copy-addrs	DEPRECATED:\n"
>  		"			Don't copy all addresses to namespace\n"
> -		"  --ns-mac-addr ADDR	Set MAC address on tap interface\n");
> +		"  --ns-mac-addr ADDR	Set MAC address on tap interface\n"
> +		"  --no-splice		Disable inbound socket splicing\n");
> =20
>  	exit(status);
>  }
> @@ -1319,6 +1320,7 @@ void conf(struct ctx *c, int argc, char **argv)
>  		{"no-dhcpv6",	no_argument,		&c->no_dhcpv6,	1 },
>  		{"no-ndp",	no_argument,		&c->no_ndp,	1 },
>  		{"no-ra",	no_argument,		&c->no_ra,	1 },
> +		{"no-splice",	no_argument,		&c->no_splice,	1 },
>  		{"freebind",	no_argument,		&c->freebind,	1 },
>  		{"no-map-gw",	no_argument,		&no_map_gw,	1 },
>  		{"ipv4-only",	no_argument,		NULL,		'4' },
> @@ -1756,6 +1758,9 @@ void conf(struct ctx *c, int argc, char **argv)
>  		}
>  	} while (name !=3D -1);
> =20
> +	if (c->mode !=3D MODE_PASTA)
> +		c->no_splice =3D 1;
> +
>  	if (c->mode =3D=3D MODE_PASTA && !c->pasta_conf_ns) {
>  		if (copy_routes_opt)
>  			die("--no-copy-routes needs --config-net");
> diff --git a/fwd.c b/fwd.c
> index 0b7f8b1..2829cd2 100644
> --- a/fwd.c
> +++ b/fwd.c
> @@ -443,7 +443,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_=
t proto,
>  	else if (proto =3D=3D IPPROTO_UDP)
>  		tgt->eport +=3D c->udp.fwd_in.delta[tgt->eport];
> =20
> -	if (c->mode =3D=3D MODE_PASTA && inany_is_loopback(&ini->eaddr) &&
> +	if (!c->no_splice && inany_is_loopback(&ini->eaddr) &&
>  	    (proto =3D=3D IPPROTO_TCP || proto =3D=3D IPPROTO_UDP)) {
>  		/* spliceable */
> =20
> diff --git a/passt.1 b/passt.1
> index b2896a2..c8a5783 100644
> --- a/passt.1
> +++ b/passt.1
> @@ -695,6 +695,10 @@ Configure MAC address \fIaddr\fR on the tap interfac=
e in the namespace.
> =20
>  Default is to let the tap driver build a pseudorandom hardware address.
> =20
> +.TP
> +.BR \-\-no-splice
> +Disable socket splicing for host to NS traffic.
> +
>  .SH EXAMPLES
> =20
>  .SS \fBpasta
> diff --git a/passt.h b/passt.h
> index c038630..0dd4efa 100644
> --- a/passt.h
> +++ b/passt.h
> @@ -229,6 +229,7 @@ struct ip6_ctx {
>   * @no_dhcpv6:		Disable DHCPv6 server
>   * @no_ndp:		Disable NDP handler altogether
>   * @no_ra:		Disable router advertisements
> + * @no_splice:		Disable socket splicing for inbound traffic
>   * @host_lo_to_ns_lo:	Map host loopback addresses to ns loopback address=
es
>   * @freebind:		Allow binding of non-local addresses for forwarding
>   * @low_wmem:		Low probed net.core.wmem_max
> @@ -291,6 +292,7 @@ struct ctx {
>  	int no_dhcpv6;
>  	int no_ndp;
>  	int no_ra;
> +	int no_splice;
>  	int host_lo_to_ns_lo;
>  	int freebind;
> =20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--xuBWqfLdPnhlWyrI
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmdWK4IACgkQzQJF27ox
2Gd9+Q/9HYOoshthQcb5Hpu5yzu05iZ1iXLk3hpOd1ewvothJRwYXqJqcU+xrln2
TMvscU2gv68Kf1kp9fQoHLjLtxHH4i0qEwW7q3M6dGKRGsDwahOW/zi4XnuTQ5U4
ne4Wt0HAQFi2SRQX+vD73rR4CfVV8sujWyOJTWrKgxNSMr7zxzmY81y5cm5zO7fI
zXkr8bs3q6IVx3OVCMmC4lsUp8bL9ypsuw8jytZ9ewJNzvUiml5LRP9z2zPclyIo
YwUIf0nCAcRmpb1KzHYNd6q36YWZca5FqAWbdvk9C82fA9AkM5/B2NyJT/Bzk52r
yfXXHVQ2IdrrdT6ssYsA+Oj7ZdOewgxsO3JY0ejbwAIzFtCy/oRjlbcvcC0tZawx
/VdbOtkaLNETKL9F63orvqRBwVIdIyifbE7+yZXg5ihuC6vOApASVP6rr7tOivAc
ymhUaLQCPEnvtfZdK/QNXCJ895p/3zhyFQ3STl88RHb0wReXq45rM1arJFlxRAZJ
Eu+ndD1L06/J50iRCwFgDOYOLM0TnxAdJjSO4ao3nIA2h+Fy8v0YiLi8DbN8aGTT
k7Oq1PjRnMEIOmvG6odV5YL9TxO4akfBPNuISpGo8VK1c4mdbq5AIUbxkmXiHm9x
QLrlabNn0EW6UIZ59HTynkpxtzD6pQjCu54zKfUQNB3UynrxAQQ=
=wJ8J
-----END PGP SIGNATURE-----

--xuBWqfLdPnhlWyrI--