On Tue, Dec 10, 2024 at 01:36:45PM -0500, Jon Maloy wrote: > During testing it is sometimes useful to force traffic which would > normally be forwared by socket splicing through the tap interface. > > In this commit, we add a command switch enabling such funtionality > for inbound local traffic. > > For outbound local traffic this is much trickier, if even possible, > so leave that for a later commit. > > Suggested-by: David Gibson > Signed-off-by: Jon Maloy Reviewed-by: David Gibson > > --- > v2: Some minor changes based on feedback from PASST team > v3: More changes based on feedback from D. Gibson and S. Brivio > -Moved new option to pasta-only section > -Added description to man-page > v4: -Changed test on (mode == PASST) to (mode != PASTA) as > suggested by Stefano Brivio. > v5: -Updated text in man pages as suggested by Stefano Brivio. > --- > conf.c | 7 ++++++- > fwd.c | 2 +- > passt.1 | 5 +++++ > passt.h | 2 ++ > 4 files changed, 14 insertions(+), 2 deletions(-) > > diff --git a/conf.c b/conf.c > index eaa7d99..97d8beb 100644 > --- a/conf.c > +++ b/conf.c > @@ -977,7 +977,8 @@ pasta_opts: > " Don't copy all routes to namespace\n" > " --no-copy-addrs DEPRECATED:\n" > " Don't copy all addresses to namespace\n" > - " --ns-mac-addr ADDR Set MAC address on tap interface\n"); > + " --ns-mac-addr ADDR Set MAC address on tap interface\n" > + " --no-splice Disable inbound socket splicing\n"); > > exit(status); > } > @@ -1319,6 +1320,7 @@ void conf(struct ctx *c, int argc, char **argv) > {"no-dhcpv6", no_argument, &c->no_dhcpv6, 1 }, > {"no-ndp", no_argument, &c->no_ndp, 1 }, > {"no-ra", no_argument, &c->no_ra, 1 }, > + {"no-splice", no_argument, &c->no_splice, 1 }, > {"freebind", no_argument, &c->freebind, 1 }, > {"no-map-gw", no_argument, &no_map_gw, 1 }, > {"ipv4-only", no_argument, NULL, '4' }, > @@ -1756,6 +1758,9 @@ void conf(struct ctx *c, int argc, char **argv) > } > } while (name != -1); > > + if (c->mode != MODE_PASTA) > + c->no_splice = 1; > + > if (c->mode == MODE_PASTA && !c->pasta_conf_ns) { > if (copy_routes_opt) > die("--no-copy-routes needs --config-net"); > diff --git a/fwd.c b/fwd.c > index 0b7f8b1..2829cd2 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -443,7 +443,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto, > else if (proto == IPPROTO_UDP) > tgt->eport += c->udp.fwd_in.delta[tgt->eport]; > > - if (c->mode == MODE_PASTA && inany_is_loopback(&ini->eaddr) && > + if (!c->no_splice && inany_is_loopback(&ini->eaddr) && > (proto == IPPROTO_TCP || proto == IPPROTO_UDP)) { > /* spliceable */ > > diff --git a/passt.1 b/passt.1 > index b2896a2..d9cd33e 100644 > --- a/passt.1 > +++ b/passt.1 > @@ -695,6 +695,11 @@ Configure MAC address \fIaddr\fR on the tap interface in the namespace. > > Default is to let the tap driver build a pseudorandom hardware address. > > +.TP > +.BR \-\-no-splice > +Disable the bypass path for inbound, local traffic. See the section \fBHandling > +of local traffic in pasta\fR in the \fBNOTES\fR for more details. > + > .SH EXAMPLES > > .SS \fBpasta > diff --git a/passt.h b/passt.h > index c038630..0dd4efa 100644 > --- a/passt.h > +++ b/passt.h > @@ -229,6 +229,7 @@ struct ip6_ctx { > * @no_dhcpv6: Disable DHCPv6 server > * @no_ndp: Disable NDP handler altogether > * @no_ra: Disable router advertisements > + * @no_splice: Disable socket splicing for inbound traffic > * @host_lo_to_ns_lo: Map host loopback addresses to ns loopback addresses > * @freebind: Allow binding of non-local addresses for forwarding > * @low_wmem: Low probed net.core.wmem_max > @@ -291,6 +292,7 @@ struct ctx { > int no_dhcpv6; > int no_ndp; > int no_ra; > + int no_splice; > int host_lo_to_ns_lo; > int freebind; > -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson