public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Cc: passt-dev@passt.top
Subject: Re: [PATCH v3 04/15] tcp_splice,flow: Maintain flow information for spliced connections
Date: Thu, 18 Jan 2024 12:01:32 +1100	[thread overview]
Message-ID: <Zah4bGebbuDab1tw@zatzit> (raw)
In-Reply-To: <20240117205536.25e6de59@elisabeth>

[-- Attachment #1: Type: text/plain, Size: 7577 bytes --]

On Wed, Jan 17, 2024 at 08:59:14PM +0100, Stefano Brivio wrote:
> On Thu, 21 Dec 2023 18:02:26 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
> 
> > Every flow in the flow table now has space for the the addresses as seen by
> > both the host and guest side.  We fill that information in for regular
> > "tap" TCP connections, but not for spliced connections.
> > 
> > Fill in that information for spliced connections too, so it's now uniformly
> > available for all flow types (that are implemented so far).
> 
> I wonder if carrying the address for spliced connections is in any way
> useful -- other than being obviously useful as a simplification (which
> justifies this of course).

The simplification / consistency is even more important than it seems
right here.  One of the big aims of this (though I haven't implemented
it yet) is to allow our NAT to be done generically, rather that
per-protocol.  That requires having the addressing information in the
common structure regardless of flow type.

> That is, for a spliced connection, addresses and ports are kind of
> meaningless to us once the connection is established: we operate
> exclusively above Layer 4.
> 
> Also, conceptually, all that's there to represent for a spliced
> connection is that addresses are loopback.
> 
> To be clear: I'm not suggesting any change to this -- I just want to
> raise the conceptual inconsistency if it didn't occur to you.

Hmm.. I would say in this case it's conceptual consistency leading to
redundancy of information in practice rather than a conceptual
inconsistency.

> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> >  tcp.c        | 35 +++++++++++++----------------
> >  tcp_splice.c | 62 +++++++++++++++++++++++++++++++++++++---------------
> >  tcp_splice.h |  3 +--
> >  3 files changed, 60 insertions(+), 40 deletions(-)
> > 
> > diff --git a/tcp.c b/tcp.c
> > index 18ab3ac..6d77cf6 100644
> > --- a/tcp.c
> > +++ b/tcp.c
> > @@ -2658,32 +2658,23 @@ static void tcp_snat_inbound(const struct ctx *c, union inany_addr *addr)
> >   * tcp_tap_conn_from_sock() - Initialize state for non-spliced connection
> >   * @c:		Execution context
> >   * @ref:	epoll reference of listening socket
> > - * @conn:	connection structure to initialize
> > + * @conn:	connection structure (with TAPFSIDE(@conn) completed)
> >   * @s:		Accepted socket
> > - * @sa:		Peer socket address (from accept())
> >   * @now:	Current timestamp
> > - *
> > - * Return: true if able to create a tap connection, false otherwise
> >   */
> > -static bool tcp_tap_conn_from_sock(struct ctx *c,
> > +static void tcp_tap_conn_from_sock(struct ctx *c,
> >  				   union tcp_listen_epoll_ref ref,
> >  				   struct tcp_tap_conn *conn, int s,
> > -				   const struct sockaddr *sa,
> >  				   const struct timespec *now)
> >  {
> > +	ASSERT(flowside_complete(SOCKFSIDE(conn)));
> > +
> >  	conn->f.type = FLOW_TCP;
> >  	conn->sock = s;
> >  	conn->timer = -1;
> >  	conn->ws_to_tap = conn->ws_from_tap = 0;
> >  	conn_event(c, conn, SOCK_ACCEPTED);
> >  
> > -	if (flowside_from_sock(SOCKFSIDE(conn), PIF_HOST, s, NULL, sa) < 0) {
> > -		err("tcp: Failed to get local name, connection dropped");
> > -		return false;
> > -	}
> > -
> > -	ASSERT(flowside_complete(SOCKFSIDE(conn)));
> > -
> >  	TAPFSIDE(conn)->pif = PIF_TAP;
> >  	TAPFSIDE(conn)->faddr = SOCKFSIDE(conn)->eaddr;
> >  	TAPFSIDE(conn)->fport = SOCKFSIDE(conn)->eport;
> > @@ -2712,8 +2703,6 @@ static bool tcp_tap_conn_from_sock(struct ctx *c,
> >  	conn_flag(c, conn, ACK_FROM_TAP_DUE);
> >  
> >  	tcp_get_sndbuf(conn);
> > -
> > -	return true;
> >  }
> >  
> >  /**
> > @@ -2737,15 +2726,21 @@ void tcp_listen_handler(struct ctx *c, union epoll_ref ref,
> >  	if (s < 0)
> >  		goto cancel;
> >  
> > -	if (c->mode == MODE_PASTA &&
> > -	    tcp_splice_conn_from_sock(c, ref.tcp_listen, &flow->tcp_splice,
> > -				      s, (struct sockaddr *)&sa))
> > +	if (flowside_from_sock(&flow->f.side[0], ref.tcp_listen.pif, s,
> > +			       NULL, &sa) < 0) {
> > +		err("tcp: Failed to get local name, connection dropped");
> > +		close(s);
> > +		flow_alloc_cancel(flow);
> >  		return;
> > +	}
> >  
> > -	if (tcp_tap_conn_from_sock(c, ref.tcp_listen, &flow->tcp, s,
> > -				   (struct sockaddr *)&sa, now))
> > +	if (c->mode == MODE_PASTA &&
> > +	    tcp_splice_conn_from_sock(c, ref.tcp_listen, &flow->tcp_splice, s))
> >  		return;
> >  
> > +	tcp_tap_conn_from_sock(c, ref.tcp_listen, &flow->tcp, s, now);
> > +	return;	
> > +
> >  cancel:
> >  	/* Failed to create the connection */
> >  	if (s >= 0)
> > diff --git a/tcp_splice.c b/tcp_splice.c
> > index eec02fe..0faeb1b 100644
> > --- a/tcp_splice.c
> > +++ b/tcp_splice.c
> > @@ -72,6 +72,9 @@ static int ns_sock_pool6	[TCP_SOCK_POOL_SIZE];
> >  /* Pool of pre-opened pipes */
> >  static int splice_pipe_pool		[TCP_SPLICE_PIPE_POOL_SIZE][2];
> >  
> > +#define FSIDE0(conn)			(&(conn)->f.side[0])
> > +#define FSIDE1(conn)			(&(conn)->f.side[1])
> > +
> >  #define CONN_V6(x)			(x->flags & SPLICE_V6)
> >  #define CONN_V4(x)			(!CONN_V6(x))
> >  #define CONN_HAS(conn, set)		((conn->events & (set)) == (set))
> > @@ -280,9 +283,21 @@ bool tcp_splice_flow_defer(union flow *flow)
> >  static int tcp_splice_connect_finish(const struct ctx *c,
> >  				     struct tcp_splice_conn *conn)
> >  {
> > +	struct sockaddr_storage sa;
> > +	socklen_t sl = sizeof(sa);
> >  	unsigned side;
> >  	int i = 0;
> >  
> > +	if (getsockname(conn->s[1], (struct sockaddr *)&sa, &sl) < 0) {
> > +		int ret = -errno;
> > +		conn_flag(c, conn, CLOSING);
> > +		return ret;
> > +	}
> > +	inany_from_sockaddr(&FSIDE1(conn)->faddr, &FSIDE1(conn)->fport,
> > +			    (struct sockaddr *)&sa);
> > +
> > +	ASSERT(flowside_complete(FSIDE1(conn)));
> > +
> >  	for (side = 0; side < SIDES; side++) {
> >  		conn->pipe[side][0] = conn->pipe[side][1] = -1;
> >  
> > @@ -352,13 +367,24 @@ static int tcp_splice_connect(const struct ctx *c, struct tcp_splice_conn *conn,
> >  			   conn->s[1]);
> >  	}
> >  
> > +	/* It would be nicer if we could initialise FSIDE1 all at once with
> > +	 * flowaddrs_from_af() or flowaddrs_from_sock().  However, we can't get
> > +	 * the forwarding port until the connect() has finished and we don't
> > +	 * want to block to wait for it.  Meanwhile we have the endpoint address
> 
> [...] endpoint address and port [...]. Or, if "address" includes the
> port too, then the comment should also say "forwarding address", not
> "forwarding port".
> 
> It's confusing otherwise: why is there anything special with the
> endpoint *address* as opposed to the forwarding *port*?
> 
> > +	 * here, but don't have a place to stash it other than in the flowaddrs
> > +	 * itself. So, initialisation of FSIDE1 is split between here and
> > +	 * tcp_splice_connect_finish().  Ugly but necessary.
> > +	 */
> >  	if (CONN_V6(conn)) {
> >  		sa = (struct sockaddr *)&addr6;
> >  		sl = sizeof(addr6);
> > +		inany_from_af(&FSIDE1(conn)->eaddr, AF_INET6, &addr6.sin6_addr);
> >  	} else {
> >  		sa = (struct sockaddr *)&addr4;
> >  		sl = sizeof(addr4);
> > +		inany_from_af(&FSIDE1(conn)->eaddr, AF_INET, &addr4.sin_addr);
> >  	}
> > +	FSIDE1(conn)->eport = port;
> 

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

  reply	other threads:[~2024-01-18  1:15 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-21  7:02 [PATCH v3 00/15] RFC: Unified flow table David Gibson
2023-12-21  7:02 ` [PATCH v3 01/15] flow: Common data structures for tracking flow addresses David Gibson
2024-01-13 22:50   ` Stefano Brivio
2024-01-16  6:14     ` David Gibson
2023-12-21  7:02 ` [PATCH v3 02/15] tcp, flow: Maintain guest side flow information David Gibson
2024-01-13 22:51   ` Stefano Brivio
2024-01-16  6:23     ` David Gibson
2023-12-21  7:02 ` [PATCH v3 03/15] tcp, flow: Maintain host " David Gibson
2023-12-21  7:02 ` [PATCH v3 04/15] tcp_splice,flow: Maintain flow information for spliced connections David Gibson
2024-01-17 19:59   ` Stefano Brivio
2024-01-18  1:01     ` David Gibson [this message]
2023-12-21  7:02 ` [PATCH v3 05/15] flow, tcp, tcp_splice: Uniform debug helpers for new flows David Gibson
2024-01-17 19:59   ` Stefano Brivio
2024-01-18  1:04     ` David Gibson
2024-01-18 15:40       ` Stefano Brivio
2023-12-21  7:02 ` [PATCH v3 06/15] tcp, flow: Replace TCP specific hash function with general flow hash David Gibson
2024-01-17 19:59   ` Stefano Brivio
2024-01-18  1:15     ` David Gibson
2024-01-18 15:42       ` Stefano Brivio
2024-01-18 23:55         ` David Gibson
2023-12-21  7:02 ` [PATCH v3 07/15] flow: Add helper to determine a flow's protocol David Gibson
2023-12-21  7:02 ` [PATCH v3 08/15] flow, tcp: Generalise TCP hash table to general flow hash table David Gibson
2023-12-21  7:02 ` [PATCH v3 09/15] tcp: Re-use flow hash for initial sequence number generation David Gibson
2023-12-21  7:02 ` [PATCH v3 10/15] icmp: Store ping socket information in the flow table David Gibson
2023-12-21  7:02 ` [PATCH v3 11/15] icmp: Populate guest side information for ping flows David Gibson
2023-12-21  7:02 ` [PATCH v3 12/15] icmp: Populate and use host side flow information David Gibson
2024-01-17 19:59   ` Stefano Brivio
2024-01-18  1:22     ` David Gibson
2024-01-18 15:43       ` Stefano Brivio
2024-01-18 23:58         ` David Gibson
2023-12-21  7:02 ` [PATCH v3 13/15] icmp: Use 'flowside' epoll references for ping sockets David Gibson
2023-12-21  7:02 ` [PATCH v3 14/15] icmp: Merge EPOLL_TYPE_ICMP and EPOLL_TYPE_ICMPV6 David Gibson
2023-12-21  7:02 ` [PATCH v3 15/15] icmp: Eliminate icmp_id_map David Gibson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Zah4bGebbuDab1tw@zatzit \
    --to=david@gibson.dropbear.id.au \
    --cc=passt-dev@passt.top \
    --cc=sbrivio@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).