From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202412 header.b=nbJ5MPr2;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 35C6F5A004E
	for <passt-dev@passt.top>; Wed, 11 Dec 2024 01:29:01 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202412; t=1733876926;
	bh=8bH5x8Aefl9avDe8TzZC5xPUdG9grl9rwHsFYqce2Z8=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=nbJ5MPr2b/jip8on7PZWYvSUfIbEQ+765sBncR/hbB82LSvez8PKZUDMBiymAArxf
	 2Zfso8CAcg8+mlKmKz9/pjg8DCnMPIZLa0BK3B41muaF5ak/HmI8yrtRAF+SvRZVfc
	 YRpeJlrrdoBSyLqXwbhkz+f85cKclZEDXdIkedv6DLJbc40EglRhowI5yzJK1aDzBJ
	 /YzRnhVd+LAqpDMDyvNzBwZulw48c04gD2hfUvYIs9yBNl4MIzuvNd2vCga9wZBQtg
	 6VebLWyEG3AyHoRMAxY5kq7NQz0xuC9EojBt0lbPNpQbUJJi/CKRe9eardxQCrAWgH
	 DaVZQUvti9MuQ==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Y7Gg251B3z4wdF; Wed, 11 Dec 2024 11:28:46 +1100 (AEDT)
Date: Wed, 11 Dec 2024 11:28:46 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Jon Maloy <jmaloy@redhat.com>
Subject: Re: [PATCH v5] pasta: make it possible to disable socket splicing
Message-ID: <Z1jcvuN8KfsuV2Bm@zatzit>
References: <20241210183645.17626-1-jmaloy@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="DotlOzHlazRYUC9C"
Content-Disposition: inline
In-Reply-To: <20241210183645.17626-1-jmaloy@redhat.com>
Message-ID-Hash: MQOG4BIWFYNQ4MVW7WQK5B62IV2RRWCO
X-Message-ID-Hash: MQOG4BIWFYNQ4MVW7WQK5B62IV2RRWCO
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, sbrivio@redhat.com, lvivier@redhat.com, dgibson@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Z1jcvuN8KfsuV2Bm@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/MQOG4BIWFYNQ4MVW7WQK5B62IV2RRWCO/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--DotlOzHlazRYUC9C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 10, 2024 at 01:36:45PM -0500, Jon Maloy wrote:
> During testing it is sometimes useful to force traffic which would
> normally be forwared by socket splicing through the tap interface.
>=20
> In this commit, we add a command switch enabling such funtionality
> for inbound local traffic.
>=20
> For outbound local traffic this is much trickier, if even possible,
> so leave that for a later commit.
>=20
> Suggested-by: David Gibson <david@gibson.dropbear.id.au>
> Signed-off-by: Jon Maloy <jmaloy@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

>=20
> ---
> v2: Some minor changes based on feedback from PASST team
> v3: More changes based on feedback from D. Gibson and S. Brivio
>     -Moved new option to pasta-only section
>     -Added description to man-page
> v4: -Changed test on (mode =3D=3D PASST) to (mode !=3D PASTA) as
>      suggested by Stefano Brivio.
> v5: -Updated text in man pages as suggested by Stefano Brivio.
> ---
>  conf.c  | 7 ++++++-
>  fwd.c   | 2 +-
>  passt.1 | 5 +++++
>  passt.h | 2 ++
>  4 files changed, 14 insertions(+), 2 deletions(-)
>=20
> diff --git a/conf.c b/conf.c
> index eaa7d99..97d8beb 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -977,7 +977,8 @@ pasta_opts:
>  		"			Don't copy all routes to namespace\n"
>  		"  --no-copy-addrs	DEPRECATED:\n"
>  		"			Don't copy all addresses to namespace\n"
> -		"  --ns-mac-addr ADDR	Set MAC address on tap interface\n");
> +		"  --ns-mac-addr ADDR	Set MAC address on tap interface\n"
> +		"  --no-splice		Disable inbound socket splicing\n");
> =20
>  	exit(status);
>  }
> @@ -1319,6 +1320,7 @@ void conf(struct ctx *c, int argc, char **argv)
>  		{"no-dhcpv6",	no_argument,		&c->no_dhcpv6,	1 },
>  		{"no-ndp",	no_argument,		&c->no_ndp,	1 },
>  		{"no-ra",	no_argument,		&c->no_ra,	1 },
> +		{"no-splice",	no_argument,		&c->no_splice,	1 },
>  		{"freebind",	no_argument,		&c->freebind,	1 },
>  		{"no-map-gw",	no_argument,		&no_map_gw,	1 },
>  		{"ipv4-only",	no_argument,		NULL,		'4' },
> @@ -1756,6 +1758,9 @@ void conf(struct ctx *c, int argc, char **argv)
>  		}
>  	} while (name !=3D -1);
> =20
> +	if (c->mode !=3D MODE_PASTA)
> +		c->no_splice =3D 1;
> +
>  	if (c->mode =3D=3D MODE_PASTA && !c->pasta_conf_ns) {
>  		if (copy_routes_opt)
>  			die("--no-copy-routes needs --config-net");
> diff --git a/fwd.c b/fwd.c
> index 0b7f8b1..2829cd2 100644
> --- a/fwd.c
> +++ b/fwd.c
> @@ -443,7 +443,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_=
t proto,
>  	else if (proto =3D=3D IPPROTO_UDP)
>  		tgt->eport +=3D c->udp.fwd_in.delta[tgt->eport];
> =20
> -	if (c->mode =3D=3D MODE_PASTA && inany_is_loopback(&ini->eaddr) &&
> +	if (!c->no_splice && inany_is_loopback(&ini->eaddr) &&
>  	    (proto =3D=3D IPPROTO_TCP || proto =3D=3D IPPROTO_UDP)) {
>  		/* spliceable */
> =20
> diff --git a/passt.1 b/passt.1
> index b2896a2..d9cd33e 100644
> --- a/passt.1
> +++ b/passt.1
> @@ -695,6 +695,11 @@ Configure MAC address \fIaddr\fR on the tap interfac=
e in the namespace.
> =20
>  Default is to let the tap driver build a pseudorandom hardware address.
> =20
> +.TP
> +.BR \-\-no-splice
> +Disable the bypass path for inbound, local traffic. See the section \fBH=
andling
> +of local traffic in pasta\fR in the \fBNOTES\fR for more details.
> +
>  .SH EXAMPLES
> =20
>  .SS \fBpasta
> diff --git a/passt.h b/passt.h
> index c038630..0dd4efa 100644
> --- a/passt.h
> +++ b/passt.h
> @@ -229,6 +229,7 @@ struct ip6_ctx {
>   * @no_dhcpv6:		Disable DHCPv6 server
>   * @no_ndp:		Disable NDP handler altogether
>   * @no_ra:		Disable router advertisements
> + * @no_splice:		Disable socket splicing for inbound traffic
>   * @host_lo_to_ns_lo:	Map host loopback addresses to ns loopback address=
es
>   * @freebind:		Allow binding of non-local addresses for forwarding
>   * @low_wmem:		Low probed net.core.wmem_max
> @@ -291,6 +292,7 @@ struct ctx {
>  	int no_dhcpv6;
>  	int no_ndp;
>  	int no_ra;
> +	int no_splice;
>  	int host_lo_to_ns_lo;
>  	int freebind;
> =20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--DotlOzHlazRYUC9C
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmdY3L0ACgkQzQJF27ox
2GeudRAAhmFiRy+jROcQj171cU5Rq2rkqqV55ak7nDBYRwnWSUV2Q8aI5mo6tnFO
JUcZuXG28fB3PvzxlfBmB5dECsVMNNMLp65J3W/VXHhltH7EGImr6wmdiAca1KxO
5ritBMOpcFTp0rx6xB9sw6N8NMw19JC6KkeAam1LAbk4KEF158iEdMHLqt5eJtlF
CHJxpu2KfUw9HHZ5caF0EC7J/aI1gZdzA7WQHRvmW7vf6aj6MT1JSKsnCcQmM+Ho
1cEofRiYa2CQgxRDZPTOT3wkv+66TMutFVBnGt3qyya/22Op1mZ+s1sN4t03vYnO
iiRwIAqhVK/mutZtoq2gfmWEYFb5VOnRAK+z3YSZXvQzvuKOMD0ESTjz2KGW0lDs
U1uXXCme0TyKYorvK3arKHzbyhaYRpm6c5v6dt5aVLHi/suo+4X3pkxXU9cKW2Wr
17nMMV4zoUiFMHjgS0IHIyuZ3Ia7TPZ4SxNovO82RB/Ki7nscr2IwQniLFx4O+xU
VFx/wzPBDA6KSMeIDOs0B8nuCjXwGdS6cuzZX/EtNoqu4emQvT1CLy3Brc6WRfRM
5soOMfIYdoHEbd7B7Zl2E7LvWKxX48tJy5sBUW5nWpcOTaZPXno250Gu9hf28UdJ
yAo5bQCXmPvd0PAj+3Wu41DtEoEbdN7tpm6iDRZE4znuJyCa40U=
=kMwf
-----END PGP SIGNATURE-----

--DotlOzHlazRYUC9C--