- dev - passt

passt: new version 2024_07_26.57a21d2 available
by Stefano Brivio 26 Jul '24

26 Jul '24

The new version with tag 2024_07_26.57a21d2 includes the following changes: 57a21d2 tap: Improve handling of partially received frames on qemu socket 37e3b24 tap: Correctly handle frames of odd length 4684f60 tap: Don't use EPOLLET on Qemu sockets 9e3f235 tap: Don't attempt to carry on if we get a bad frame length from qemu a06db27 tap: Better report errors receiving from QEMU socket 77c092e log: Fetch log times with CLOCK_MONOTONIC, not CLOCK_REALTIME e5c37ba log: Initialise timestamp for relative log time also if we use a log file 327d9d4 log, util: Fix sub-second part in relative log time calculation 2ce1d37 test/lib/perf_report: Fix highlight e9a5423 test: Fix spurious test failure with systemd-resolved becf81a fwd: Broaden what we consider for DNS specific forwarding rules 0ada84e fwd: Refactor tests in fwd_nat_from_tap() for clarity 4a333c8 conf: Accept addresses enclosed by square brackets in port forwarding specifiers 6ff702f tap: Exit if we fail to bind a UNIX domain socket with explicit path f72d35a test: iperf3 3.16 introduces multiple threads, drop our own implementation of that 606e0c7 test: Update names of symbols and slabinfo entries f16f8f5 test: Fix memory/passt tests, --netns-only is not a valid option for passt 1cd7730 log: Drop newlines in the middle of the perror()-like messages 1329558 tcp: Change SO_PEEK_OFF support message to debug() d19b396 tap: Don't quit if pasta gets EIO on writev() to tap, interface might be down a09aeb4 tcp: Correctly update SO_PEEK_OFF when tcp_send_frames() drops frames 9cb6b50 tcp: probe for SO_PEEK_OFF both in tcpv4 and tcp6 882599e udp: Rename UDP listening sockets d29fa08 udp: Remove rdelta port forwarding maps d89b3aa udp: Remove obsolete socket tracking 898f797 udp: Direct datagrams from host to guest via flow table b7ad193 udp: Find or create flows for datagrams from tap interface 8126f7a udp: Remove obsolete splice tracking e0647ad udp: Handle "spliced" datagrams with per-flow sockets a45a7e9 udp: Create flows for datagrams from originating sockets 8abd06e fwd: Update flow forwarding logic for UDP c000f2a flow, icmp: Use general flow forwarding rules for ICMP 060f24e flow, tcp: Flow based NAT and port forwarding for TCP 4cd753e icmp: Manage outbound socket address via flow table 781164e flow: Helper to create sockets based on flowside 2faf6fc icmp: Eliminate icmp_id_map 2f40a01 icmp: Look up ping flows using flow hash 6d76278 icmp: Obtain destination addresses from the flowsides 5cffb1b icmp: Remove redundant id field from flow table entry 508adde tcp: Re-use flow hash for initial sequence number generation acca423 flow, tcp: Generalise TCP hash table to general flow hash table 163a339 tcp, flow: Replace TCP specific hash function with general flow hash f19a8f7 tcp_splice: Eliminate SPLICE_V6 flag 528a651 tcp: Simplify endpoint validation using flowside information e2ea10e tcp: Manage outbound address via flow table 52d45f1 tcp: Obtain guest address from flowside f9fe212 tcp, flow: Remove redundant information, repack connection structures 4e2d36e flow: Common address information for target side 8012f5f flow: Common address information for initiating side ba74b1f doc: Extend zero-recv test with methods using msghdr 01e5611 doc: Test behaviour of closing duplicate UDP sockets 66a02c9 tcp_splice: Use parameterised macros for per-side event/flag bits 5235c47 flow: Introduce flow_foreach_sidei() macro 71d7985 flow, tcp_splice: Prefer 'sidei' for variables referring to side index 9b125e7 flow, icmp, tcp: Clean up helpers for getting flow from index 2fa91ee udp: Handle errors on UDP sockets 6bd8283 util: Add AF_UNSPEC support to sockaddr_ntop() 4e1f850 udp, tcp: Tweak handling of no_udp and no_tcp flags 272d1d0 udp: Make udp_sock_recv static f79c423 conf: Don't configure port forwarding for a disabled protocol a740e16 tcp: handle shrunk window advertisements from guest e63d281 tcp: leverage support of SO_PEEK_OFF socket option when available 8bd57bf doc: Trivial fix for reuseaddr-priority ec2691a doc: Test behaviour of zero length datagram recv()s 299c407 doc: Add program to document and test assumptions about SO_REUSEADDR be0214c udp: Consolidate datagram batching 69e5393 udp: Move some more of sock_handler tasks into sub-functions c6c61a9 udp: Don't repeatedly initialise udp[46]_eth_hdr 55aff45 udp: Unify udp[46]_l2_iov 9f9b15f udp: Unify udp[46]_mh_splice fbd78b6 udp: Rename IOV and mmsghdr arrays f62c33d udp: Pass full epoll reference through more of sock handler path 8f8eb73 flow: Add flow_sidx_valid() helper 74c1c5e util: sock_l4() determine protocol from epoll type rather than the reverse b625ed5 conf: Use the right maximum buffer size for c->sock_path 403a7c1 tcp_splice: Check return value of setsockopt() for SO_RCVLOWAT 21ee1eb conf: Copy up to MAXDNSRCH - 1 bytes, not MAXDNSRCH https://passt.top/passt/log/?qt=range&q=2024_06_24.1ee2eca..2024_07_26.57a2… Packages: - Alpine Linux: https://pkgs.alpinelinux.org/packages?name=passt - Arch Linux: https://www.archlinux.org/packages/extra/x86_64/passt/ https://archlinuxarm.org/packages/aarch64/passt https://archlinuxarm.org/packages/armv7h/passt - Chimera: https://pkgs.chimera-linux.org/packages?name=passt - Clear Linux: https://github.com/clearlinux-pkgs/passt/ - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/7793866/ permanent mirror: https://passt.top/builds/copr/0^20240726.g57a21d2/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Gentoo versions: https://packages.gentoo.org/packages/net-misc/passt - GNU Guix: https://packages.guix.gnu.org/packages/passt/ - NixOS: https://github.com/NixOS/nixpkgs/tree/nixos-unstable/pkgs/by-name/pa/passt - openSUSE: https://software.opensuse.org/package/passt - PLD Linux: https://git.pld-linux.org/cgi-bin/gitweb.cgi?p=packages/passt.git - Solus: https://github.com/getsolus/packages/tree/main/packages/p/passt - Ubuntu tracker: https://launchpad.net/ubuntu/+source/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g57a21d2-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_57a21d2-1_all.deb -- Stefano

1 0

[PATCH 0/5] Fix assorted errors in the Qemu socket tap receive handler
by David Gibson 26 Jul '24

26 Jul '24

A long time ago Matej Hrica pointed out a possible buffer overrun when receiving data from the qemu socket. Stefano recently proposed a fix for this, but I don't think it's quite right. This series is a different approach to fixing that problem and a few adjacent ones. David Gibson (5): tap: Better report errors receiving from QEMU socket tap: Don't attempt to carry on if we get a bad frame length from qemu tap: Don't use EPOLLET on Qemu sockets tap: Correctly handle frames of odd length tap: Improve handling of partially received frames on qemu socket passt.h | 1 - tap.c | 72 ++++++++++++++++++++++++++++++--------------------------- util.h | 16 +++++++++++++ 3 files changed, 54 insertions(+), 35 deletions(-) -- 2.45.2

2 16

[PATCH 0/3] Fixes for log timestamps
by Stefano Brivio 26 Jul '24

26 Jul '24

Taken out of the "Minor assorted fixes, mostly logging and tests" series I recently posted. Stefano Brivio (3): log, util: Fix sub-second part in relative log time calculation log: Initialise timestamp for relative log time also if we use a log file log: Fetch log times with CLOCK_MONOTONIC, not CLOCK_REALTIME log.c | 46 +++++++++++++++++++++++----------------------- log.h | 1 + passt.c | 2 ++ util.c | 25 ++++++++++++++++++------- util.h | 1 + 5 files changed, 45 insertions(+), 30 deletions(-) -- 2.43.0

2 6

[PATCH 00/11] Minor assorted fixes, mostly logging and tests
by Stefano Brivio 26 Jul '24

26 Jul '24

Here are a bunch of mostly unrelated assorted fixes for small issues I found in the past few weeks but didn't really find time to report. Stefano Brivio (11): tap: Don't quit if pasta gets EIO on writev() to tap, interface might be down tcp: Change SO_PEEK_OFF support message to debug() log: Drop newlines in the middle of the perror()-like messages log: Fix sub-second part in relative log time calculation log: Initialise timestamp for relative log time also if we use a log file test: Fix memory/passt tests, --netns-only is not a valid option for passt test: Update names of symbols and slabinfo entries test: iperf3 3.16 introduces multiple threads, drop our own implementation of that tap: Exit if we fail to bind a UNIX domain socket with explicit path tap: Discard guest data on length descriptor mismatch conf: Accept addresses enclosed by square brackets in port forwarding specifiers conf.c | 24 ++++++++---- flow.c | 2 +- log.c | 76 +++++++++++++++++++++----------------- log.h | 19 +++++----- passt.c | 2 + tap.c | 18 ++++++--- tcp.c | 2 +- test/lib/perf_report | 2 +- test/lib/test | 31 +++++----------- test/memory/passt | 35 ++++++++---------- test/passt.mem.mbuto | 9 +---- test/perf/passt_tcp | 39 ++++++++++---------- test/perf/passt_udp | 55 ++++++++++++++-------------- test/perf/pasta_tcp | 58 ++++++++++++++--------------- test/perf/pasta_udp | 87 ++++++++++++++++++++++---------------------- 15 files changed, 229 insertions(+), 230 deletions(-) -- 2.43.0

2 32

[PATCH] test: Fix spurious test failure with systemd-resolved
by David Gibson 25 Jul '24

25 Jul '24

systemd-resolved has the rather strange behaviour of listening on the non-standard loopback address 127.0.0.53. Various changes we've made in passt mean that we now usually work fine on a host using systemd-resolved. However our tests still fail in this case. We have a special case for when the guest's resolv.conf needs to differ from the host's because the resolver is on a host loopback address. However, we only consider the case where the host resolver is on 127.0.0.1, not other loopback addresses. Correct this with a different test condition. Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au> --- test/passt/dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/passt/dhcp b/test/passt/dhcp index 3ec2faf2..e05a4bb1 100644 --- a/test/passt/dhcp +++ b/test/passt/dhcp @@ -38,7 +38,7 @@ check [ __MTU__ = 65520 ] test DHCP: DNS gout DNS sed -n 's/^nameserver $[0-9]*\.$$.*$/\1\2/p' /etc/resolv.conf | tr '\n' ',' | sed 's/,$//;s/$/\n/' hout HOST_DNS sed -n 's/^nameserver $[0-9]*\.$$.*$/\1\2/p' /etc/resolv.conf | head -n3 | tr '\n' ',' | sed 's/,$//;s/$/\n/' -check [ "__DNS__" = "__HOST_DNS__" ] || [ "__DNS__" = "__HOST_GW__" -a "__HOST_DNS__" = "127.0.0.1" ] +check [ "__DNS__" = "__HOST_DNS__" ] || ( [ "__DNS__" = "__HOST_GW__" ] && expr "__HOST_DNS__" : "127[.]" ) # FQDNs should be terminated by dots, but the guest DHCP client might omit them: # strip them first -- 2.45.2

2 1

[PATCH v2 0/2] Broaden DNS forwarding
by David Gibson 25 Jul '24

25 Jul '24

When looking through outstanding bugs in various trackers, I noticed this one: https://github.com/containers/podman/issues/23239 Now that the flow table is merged, this is very easy to fix, so, here's a fix. While we're at it, handle encrypted DNS on port 853 as well, which Red Hat certainly seems to be interested in for one. Changes since v1: * Fix some stylistic errors in 1/2 * Update man page to reflect new behaviour in 2/2 David Gibson (2): fwd: Refactor tests in fwd_nat_from_tap() for clarity fwd: Broaden what we consider for DNS specific forwarding rules fwd.c | 39 ++++++++++++++++++++++++++------------- passt.1 | 10 +++++----- 2 files changed, 31 insertions(+), 18 deletions(-) -- 2.45.2

3 7

[PATCH 0/2] Small fixes for SO_PEEK_OFF
by David Gibson 24 Jul '24

24 Jul '24

We discovered some problems caused by the recent merge of SO_PEEK_OFF support. 1/2 is a fix from Jon, modified by Stefano. 2/2 is a fix for a different issue. David Gibson (1): tcp: Correctly update SO_PEEK_OFF when tcp_send_frames() drops frames Jon Maloy (1): tcp: probe for SO_PEEK_OFF both in tcpv4 and tcp6 tcp.c | 37 +++++++++++++++++++++++++------------ tcp_buf.c | 23 ++++++++++++++--------- tcp_buf.h | 2 +- 3 files changed, 40 insertions(+), 22 deletions(-) -- 2.45.2

2 3

[PATCH 0/2] Broaden DNS forwarding
by David Gibson 24 Jul '24

24 Jul '24

When looking through outstanding bugs in various trackers, I noticed this one: https://github.com/containers/podman/issues/23239 Now that the flow table is merged, this is very easy to fix, so, here's a fix. While we're at it, handle encrypted DNS on port 853 as well, which Red Hat certainly seems to be interested in for one. David Gibson (2): fwd: Refactor tests in fwd_nat_from_tap() for clarity fwd: Broaden what we consider for DNS specific forwarding rules fwd.c | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) -- 2.45.2

2 5

[PATCH v2] tcp: probe for SO_PEEK_OFF both in tcpv4 and tcp6
by Stefano Brivio 24 Jul '24

24 Jul '24

From: Jon Maloy <jmaloy(a)redhat.com> Based on an original patch by Jon Maloy: -- The recently added socket option SO_PEEK_OFF is not supported for TCP/IPv6 sockets. Until we get that support into the kernel we need to test for support in both protocols to set the global 'peek_offset_cap´ to true. -- Compared to the original patch: - only check for SO_PEEK_OFF support for enabled IP versions - use sa_family_t instead of int to pass the address family around Fixes: e63d281871ef ("tcp: leverage support of SO_PEEK_OFF socket option when available") Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- tcp.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/tcp.c b/tcp.c index 0c66ac8..c031f13 100644 --- a/tcp.c +++ b/tcp.c @@ -2470,6 +2470,29 @@ static void tcp_sock_refill_init(const struct ctx *c) } } +/** + * tcp_probe_peek_offset_cap() - Check if SO_PEEK_OFF is supported by kernel + * @af: Address family, IPv4 or IPv6 + * + * Return: true if supported, false otherwise + */ +bool tcp_probe_peek_offset_cap(sa_family_t af) +{ + bool ret = false; + int s, optv = 0; + + s = socket(af, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP); + if (s < 0) { + warn_perror("Temporary TCP socket creation failed"); + } else { + if (!setsockopt(s, SOL_SOCKET, SO_PEEK_OFF, &optv, sizeof(int))) + ret = true; + close(s); + } + + return ret; +} + /** * tcp_init() - Get initial sequence, hash secret, initialise per-socket data * @c: Execution context @@ -2478,9 +2501,6 @@ static void tcp_sock_refill_init(const struct ctx *c) */ int tcp_init(struct ctx *c) { - unsigned int optv = 0; - int s; - ASSERT(!c->no_tcp); if (c->ifi4) @@ -2502,15 +2522,8 @@ int tcp_init(struct ctx *c) NS_CALL(tcp_ns_socks_init, c); } - /* Probe for SO_PEEK_OFF support */ - s = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP); - if (s < 0) { - warn_perror("Temporary TCP socket creation failed"); - } else { - if (!setsockopt(s, SOL_SOCKET, SO_PEEK_OFF, &optv, sizeof(int))) - peek_offset_cap = true; - close(s); - } + peek_offset_cap = (!c->ifi4 || tcp_probe_peek_offset_cap(AF_INET)) && + (!c->ifi6 || tcp_probe_peek_offset_cap(AF_INET6)); info("SO_PEEK_OFF%ssupported", peek_offset_cap ? " " : " not "); return 0; -- 2.43.0

2 5

[net] tcp: add SO_PEEK_OFF socket option tor TCPv6
by jmaloy＠redhat.com 23 Jul '24

23 Jul '24

From: Jon Maloy <jmaloy(a)redhat.com> When we added the SO_PEEK_OFF socket option to TCP we forgot to add it even for TCP on IPv6. We do that here. Fixes: 05ea491641d3 ("tcp: add support for SO_PEEK_OFF socket option") Signed-off-by: Jon Maloy <jmaloy(a)redhat.com> --- net/ipv6/af_inet6.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 90d2c7e3f5e9..ba69b86f1c7d 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -708,6 +708,7 @@ const struct proto_ops inet6_stream_ops = { .splice_eof = inet_splice_eof, .sendmsg_locked = tcp_sendmsg_locked, .splice_read = tcp_splice_read, + .set_peek_off = sk_set_peek_off, .read_sock = tcp_read_sock, .read_skb = tcp_read_skb, .peek_len = tcp_peek_len, -- 2.45.2

4 3

2024

2023

2022

2021

dev