February 2025 - dev

[PATCH v11] dhcp, dhcpv6: Add hostname and client fqdn ops
by Enrique Llorente 11 Feb '25

11 Feb '25

Both DHCPv4 and DHCPv6 has the capability to pass the hostname to clients, the DHCPv4 uses option 12 (hostname) while the DHCPv6 uses option 39 (client fqdn), for some virt deployments like kubevirt is expected to have the VirtualMachine name as the guest hostname. This change add the following arguments: - -H --hostname NAME to configure the hostname DHCPv4 option(12) - --fqdn NAME to configure client fqdn option for both DHCPv4(81) and DHCPv6(39) Signed-off-by: Enrique Llorente <… [View More]ellorent(a)redhat.com> --- conf.c | 20 ++++++++-- dhcp.c | 61 +++++++++++++++++++++++++---- dhcpv6.c | 99 ++++++++++++++++++++++++++++++++++++++++-------- passt.1 | 10 +++++ passt.h | 5 +++ pasta.c | 17 +++++++-- test/lib/setup | 10 ++--- test/passt.mbuto | 6 ++- test/passt/dhcp | 15 +++++++- util.c | 24 ++++++++++++ util.h | 6 +++ 11 files changed, 235 insertions(+), 38 deletions(-) diff --git a/conf.c b/conf.c index f5d04db..02fb9a2 100644 --- a/conf.c +++ b/conf.c @@ -854,7 +854,9 @@ static void usage(const char *name, FILE *f, int status) FPRINTF(f, " default: use addresses from /etc/resolv.conf\n"); FPRINTF(f, " -S, --search LIST Space-separated list, search domains\n" - " a single, empty option disables the DNS search list\n"); + " a single, empty option disables the DNS search list\n" + " -H, --hostname NAME Hostname to configure client with\n" + " --fqdn NAME FQDN to configure client with\n"); if (strstr(name, "pasta")) FPRINTF(f, " default: don't use any search list\n"); else @@ -1312,6 +1314,7 @@ void conf(struct ctx *c, int argc, char **argv) {"outbound", required_argument, NULL, 'o' }, {"dns", required_argument, NULL, 'D' }, {"search", required_argument, NULL, 'S' }, + {"hostname", required_argument, NULL, 'H' }, {"no-tcp", no_argument, &c->no_tcp, 1 }, {"no-udp", no_argument, &c->no_udp, 1 }, {"no-icmp", no_argument, &c->no_icmp, 1 }, @@ -1356,6 +1359,7 @@ void conf(struct ctx *c, int argc, char **argv) /* vhost-user backend program convention */ {"print-capabilities", no_argument, NULL, 26 }, {"socket-path", required_argument, NULL, 's' }, + {"fqdn", required_argument, NULL, 27 }, { 0 }, }; const char *logname = (c->mode == MODE_PASTA) ? "pasta" : "passt"; @@ -1378,9 +1382,9 @@ void conf(struct ctx *c, int argc, char **argv) if (c->mode == MODE_PASTA) { c->no_dhcp_dns = c->no_dhcp_dns_search = 1; fwd_default = FWD_AUTO; - optstring = "+dqfel:hF:I:p:P:m:a:n:M:g:i:o:D:S:46t:u:T:U:"; + optstring = "+dqfel:hF:I:p:P:m:a:n:M:g:i:o:D:S:H:46t:u:T:U:"; } else { - optstring = "+dqfel:hs:F:p:P:m:a:n:M:g:i:o:D:S:461t:u:"; + optstring = "+dqfel:hs:F:p:P:m:a:n:M:g:i:o:D:S:H:461t:u:"; } c->tcp.fwd_in.mode = c->tcp.fwd_out.mode = FWD_UNSET; @@ -1557,6 +1561,11 @@ void conf(struct ctx *c, int argc, char **argv) case 26: vu_print_capabilities(); break; + case 27: + if (snprintf_check(c->fqdn, PASST_MAXDNAME, + "%s", optarg)) + die("Invalid FQDN: %s", optarg); + break; case 'd': c->debug = 1; c->quiet = 0; @@ -1726,6 +1735,11 @@ void conf(struct ctx *c, int argc, char **argv) die("Cannot use DNS search domain %s", optarg); break; + case 'H': + if (snprintf_check(c->hostname, PASST_MAXDNAME, + "%s", optarg)) + die("Invalid hostname: %s", optarg); + break; case '4': v4_only = true; v6_only = false; diff --git a/dhcp.c b/dhcp.c index 2a23ed4..401cb5b 100644 --- a/dhcp.c +++ b/dhcp.c @@ -63,6 +63,11 @@ static struct opt opts[255]; #define OPT_MIN 60 /* RFC 951 */ +/* Total option size (excluding end option) is 576 (RFC 2131), minus + * offset of options (268), minus end option and its length (2). + */ +#define OPT_MAX 306 + /** * dhcp_init() - Initialise DHCP options */ @@ -122,7 +127,7 @@ struct msg { uint8_t sname[64]; uint8_t file[128]; uint32_t magic; - uint8_t o[308]; + uint8_t o[OPT_MAX + 2 /* End option and its length */ ]; } __attribute__((__packed__)); /** @@ -130,15 +135,28 @@ struct msg { * @m: Message to fill * @o: Option number * @offset: Current offset within options field, updated on insertion + * + * Return: false if m has space to write the option, true otherwise */ -static void fill_one(struct msg *m, int o, int *offset) +static bool fill_one(struct msg *m, int o, int *offset) { + size_t slen = opts[o].slen; + + /* If we don't have space to write the option, then just skip */ + if (*offset + 1 /* length of option */ + slen > OPT_MAX) + return true; + m->o[*offset] = o; - m->o[*offset + 1] = opts[o].slen; - memcpy(&m->o[*offset + 2], opts[o].s, opts[o].slen); + m->o[*offset + 1] = slen; + + /* Move to option */ + *offset += 2; + + memcpy(&m->o[*offset], opts[o].s, slen); opts[o].sent = 1; - *offset += 2 + opts[o].slen; + *offset += slen; + return false; } /** @@ -159,17 +177,20 @@ static int fill(struct msg *m) * Put it there explicitly, unless requested via option 55. */ if (opts[55].clen > 0 && !memchr(opts[55].c, 53, opts[55].clen)) - fill_one(m, 53, &offset); + if (fill_one(m, 53, &offset)) + debug("DHCP: skipping option 53"); for (i = 0; i < opts[55].clen; i++) { o = opts[55].c[i]; if (opts[o].slen != -1) - fill_one(m, o, &offset); + if (fill_one(m, o, &offset)) + debug("DHCP: skipping option %i", o); } for (o = 0; o < 255; o++) { if (opts[o].slen != -1 && !opts[o].sent) - fill_one(m, o, &offset); + if (fill_one(m, o, &offset)) + debug("DHCP: skipping option %i", o); } m->o[offset++] = 255; @@ -411,6 +432,30 @@ int dhcp(const struct ctx *c, const struct pool *p) if (!opts[6].slen) opts[6].slen = -1; + opt_len = strlen(c->hostname); + if (opt_len > 0) { + opts[12].slen = opt_len; + memcpy(opts[12].s, &c->hostname, opt_len); + } + + opt_len = strlen(c->fqdn); + if (opt_len > 0) { + opt_len += 3 /* flags */ + + 2; /* Length byte for first label, and terminator */ + + if (sizeof(opts[81].s) >= opt_len) { + opts[81].s[0] = 0x4; /* flags (E) */ + opts[81].s[1] = 0xff; /* RCODE1 */ + opts[81].s[2] = 0xff; /* RCODE2 */ + + encode_domain_name((char *)opts[81].s + 3, c->fqdn); + + opts[81].slen = opt_len; + } else { + debug("DHCP: client FQDN option doesn't fit, skipping"); + } + } + if (!c->no_dhcp_dns_search) opt_set_dns_search(c, sizeof(m->o)); diff --git a/dhcpv6.c b/dhcpv6.c index 0523bba..373a988 100644 --- a/dhcpv6.c +++ b/dhcpv6.c @@ -48,6 +48,7 @@ struct opt_hdr { # define STATUS_NOTONLINK htons_constant(4) # define OPT_DNS_SERVERS htons_constant(23) # define OPT_DNS_SEARCH htons_constant(24) +# define OPT_CLIENT_FQDN htons_constant(39) #define STR_NOTONLINK "Prefix not appropriate for link." uint16_t l; @@ -58,6 +59,9 @@ struct opt_hdr { sizeof(struct opt_hdr)) #define OPT_VSIZE(x) (sizeof(struct opt_##x) - \ sizeof(struct opt_hdr)) +#define OPT_MAX_SIZE IPV6_MIN_MTU - (sizeof(struct ipv6hdr) + \ + sizeof(struct udphdr) + \ + sizeof(struct msg_hdr)) /** * struct opt_client_id - DHCPv6 Client Identifier option @@ -163,6 +167,18 @@ struct opt_dns_search { char list[MAXDNSRCH * NS_MAXDNAME]; } __attribute__((packed)); +/** + * struct opt_client_fqdn - Client FQDN option (RFC 4704) + * @hdr: Option header + * @flags: Flags described by RFC 4704 + * @domain_name: Client FQDN + */ +struct opt_client_fqdn { + struct opt_hdr hdr; + uint8_t flags; + char domain_name[PASST_MAXDNAME]; +} __attribute__((packed)); + /** * struct msg_hdr - DHCPv6 client/server message header * @type: DHCP message type @@ -193,6 +209,7 @@ struct msg_hdr { * @client_id: Client Identifier, variable length * @dns_servers: DNS Recursive Name Server, here just for storage size * @dns_search: Domain Search List, here just for storage size + * @client_fqdn: Client FQDN, variable length */ static struct resp_t { struct msg_hdr hdr; @@ -203,6 +220,7 @@ static struct resp_t { struct opt_client_id client_id; struct opt_dns_servers dns_servers; struct opt_dns_search dns_search; + struct opt_client_fqdn client_fqdn; } __attribute__((__packed__)) resp = { { 0 }, SERVER_ID, @@ -228,6 +246,10 @@ static struct resp_t { { { OPT_DNS_SEARCH, 0, }, { 0 }, }, + + { { OPT_CLIENT_FQDN, 0, }, + 0, { 0 }, + }, }; static const struct opt_status_code sc_not_on_link = { @@ -346,7 +368,6 @@ static size_t dhcpv6_dns_fill(const struct ctx *c, char *buf, int offset) { struct opt_dns_servers *srv = NULL; struct opt_dns_search *srch = NULL; - char *p = NULL; int i; if (c->no_dhcp_dns) @@ -383,34 +404,81 @@ search: if (!name_len) continue; + name_len += 2; /* Length byte for first label, and terminator */ + if (name_len > + NS_MAXDNAME + 1 /* Length byte for first label */ || + name_len > 255) { + debug("DHCP: DNS search name '%s' too long, skipping", + c->dns_search[i].n); + continue; + } + if (!srch) { srch = (struct opt_dns_search *)(buf + offset); offset += sizeof(struct opt_hdr); srch->hdr.t = OPT_DNS_SEARCH; srch->hdr.l = 0; - p = srch->list; } - *p = '.'; - p = stpncpy(p + 1, c->dns_search[i].n, name_len); - p++; - srch->hdr.l += name_len + 2; - offset += name_len + 2; + encode_domain_name(buf + offset, c->dns_search[i].n); + + srch->hdr.l += name_len; + offset += name_len; + } - if (srch) { - for (i = 0; i < srch->hdr.l; i++) { - if (srch->list[i] == '.') { - srch->list[i] = strcspn(srch->list + i + 1, - "."); - } - } + if (srch) srch->hdr.l = htons(srch->hdr.l); - } return offset; } +/** + * dhcpv6_client_fqdn_fill() - Fill in client FQDN option + * @c: Execution context + * @buf: Response message buffer where options will be appended + * @offset: Offset in message buffer for new options + * + * Return: updated length of response message buffer. + */ +static size_t dhcpv6_client_fqdn_fill(const struct pool *p, const struct ctx *c, + char *buf, int offset) + +{ + struct opt_client_fqdn const *req_opt; + struct opt_client_fqdn *o; + size_t opt_len; + + opt_len = strlen(c->fqdn); + if (opt_len == 0) { + return offset; + } + + opt_len += 2; /* Length byte for first label, and terminator */ + if (opt_len > OPT_MAX_SIZE - (offset + + sizeof(struct opt_hdr) + + 1 /* flags */ )) { + debug("DHCPv6: client FQDN option doesn't fit, skipping"); + return offset; + } + + o = (struct opt_client_fqdn *)(buf + offset); + encode_domain_name(o->domain_name, c->fqdn); + req_opt = (struct opt_client_fqdn *)dhcpv6_opt(p, &(size_t){ 0 }, + OPT_CLIENT_FQDN); + if (req_opt && req_opt->flags & 0x01 /* S flag */) + o->flags = 0x02 /* O flag */; + else + o->flags = 0x00; + + opt_len++; + + o->hdr.t = OPT_CLIENT_FQDN; + o->hdr.l = htons(opt_len); + + return offset + sizeof(struct opt_hdr) + opt_len; +} + /** * dhcpv6() - Check if this is a DHCPv6 message, reply as needed * @c: Execution context @@ -544,6 +612,7 @@ int dhcpv6(struct ctx *c, const struct pool *p, n = offsetof(struct resp_t, client_id) + sizeof(struct opt_hdr) + ntohs(client_id->l); n = dhcpv6_dns_fill(c, (char *)&resp, n); + n = dhcpv6_client_fqdn_fill(p, c, (char *)&resp, n); resp.hdr.xid = mh->xid; diff --git a/passt.1 b/passt.1 index 2928af5..5921907 100644 --- a/passt.1 +++ b/passt.1 @@ -401,6 +401,16 @@ Enable IPv6-only operation. IPv4 traffic will be ignored. By default, IPv4 operation is enabled as long as at least an IPv4 route and an interface address are configured on a given host interface. +.TP +.BR \-H ", " \-\-hostname " " \fIname +Hostname to configure the client with. +Send \fIname\fR as DHCP option 12 (hostname). + +.TP +.BR \-\-fqdn " " \fIname +FQDN to configure the client with. +Send \fIname\fR as Client FQDN: DHCP option 81 and DHCPv6 option 39. + .SS \fBpasst\fR-only options .TP diff --git a/passt.h b/passt.h index 0dd4efa..f3151f0 100644 --- a/passt.h +++ b/passt.h @@ -209,6 +209,8 @@ struct ip6_ctx { * @ifi4: Template interface for IPv4, -1: none, 0: IPv4 disabled * @ip: IPv4 configuration * @dns_search: DNS search list + * @hostname: Guest hostname + * @fqdn: Guest FQDN * @ifi6: Template interface for IPv6, -1: none, 0: IPv6 disabled * @ip6: IPv6 configuration * @pasta_ifn: Name of namespace interface for pasta @@ -269,6 +271,9 @@ struct ctx { struct fqdn dns_search[MAXDNSRCH]; + char hostname[PASST_MAXDNAME]; + char fqdn[PASST_MAXDNAME]; + int ifi6; struct ip6_ctx ip6; diff --git a/pasta.c b/pasta.c index f15084d..585a51c 100644 --- a/pasta.c +++ b/pasta.c @@ -169,10 +169,12 @@ void pasta_open_ns(struct ctx *c, const char *netns) * struct pasta_spawn_cmd_arg - Argument for pasta_spawn_cmd() * @exe: Executable to run * @argv: Command and arguments to run + * @ctx: Context to read config from */ struct pasta_spawn_cmd_arg { const char *exe; char *const *argv; + struct ctx *c; }; /** @@ -186,6 +188,7 @@ static int pasta_spawn_cmd(void *arg) { char hostname[HOST_NAME_MAX + 1] = HOSTNAME_PREFIX; const struct pasta_spawn_cmd_arg *a; + size_t conf_hostname_len; sigset_t set; /* We run in a detached PID and mount namespace: mount /proc over */ @@ -195,9 +198,15 @@ static int pasta_spawn_cmd(void *arg) if (write_file("/proc/sys/net/ipv4/ping_group_range", "0 0")) warn("Cannot set ping_group_range, ICMP requests might fail"); - if (!gethostname(hostname + sizeof(HOSTNAME_PREFIX) - 1, - HOST_NAME_MAX + 1 - sizeof(HOSTNAME_PREFIX)) || - errno == ENAMETOOLONG) { + a = (const struct pasta_spawn_cmd_arg *)arg; + + conf_hostname_len = strlen(a->c->hostname); + if (conf_hostname_len > 0) { + if (sethostname(a->c->hostname, conf_hostname_len)) + warn("Unable to set configured hostname"); + } else if (!gethostname(hostname + sizeof(HOSTNAME_PREFIX) - 1, + HOST_NAME_MAX + 1 - sizeof(HOSTNAME_PREFIX)) || + errno == ENAMETOOLONG) { hostname[HOST_NAME_MAX] = '\0'; if (sethostname(hostname, strlen(hostname))) warn("Unable to set pasta-prefixed hostname"); @@ -208,7 +217,6 @@ static int pasta_spawn_cmd(void *arg) sigaddset(&set, SIGUSR1); sigwaitinfo(&set, NULL); - a = (const struct pasta_spawn_cmd_arg *)arg; execvp(a->exe, a->argv); die_perror("Failed to start command or shell"); @@ -230,6 +238,7 @@ void pasta_start_ns(struct ctx *c, uid_t uid, gid_t gid, struct pasta_spawn_cmd_arg arg = { .exe = argv[0], .argv = argv, + .c = c, }; char uidmap[BUFSIZ], gidmap[BUFSIZ]; char *sh_argv[] = { NULL, NULL }; diff --git a/test/lib/setup b/test/lib/setup index 580825f..ee67152 100755 --- a/test/lib/setup +++ b/test/lib/setup @@ -49,7 +49,7 @@ setup_passt() { context_run passt "make clean" context_run passt "make valgrind" - context_run_bg passt "valgrind --max-stackframe=$((4 * 1024 * 1024)) --trace-children=yes --vgdb=no --error-exitcode=1 --suppressions=test/valgrind.supp ./passt ${__opts} -s ${STATESETUP}/passt.socket -f -t 10001 -u 10001 -P ${STATESETUP}/passt.pid" + context_run_bg passt "valgrind --max-stackframe=$((4 * 1024 * 1024)) --trace-children=yes --vgdb=no --error-exitcode=1 --suppressions=test/valgrind.supp ./passt ${__opts} -s ${STATESETUP}/passt.socket -f -t 10001 -u 10001 -H hostname1 --fqdn fqdn1.passt.test -P ${STATESETUP}/passt.pid" # pidfile isn't created until passt is listening wait_for [ -f "${STATESETUP}/passt.pid" ] @@ -160,11 +160,11 @@ setup_passt_in_ns() { if [ ${VALGRIND} -eq 1 ]; then context_run passt "make clean" context_run passt "make valgrind" - context_run_bg passt "valgrind --max-stackframe=$((4 * 1024 * 1024)) --trace-children=yes --vgdb=no --error-exitcode=1 --suppressions=test/valgrind.supp ./passt -f ${__opts} -s ${STATESETUP}/passt.socket -t 10001,10011,10021,10031 -u 10001,10011,10021,10031 -P ${STATESETUP}/passt.pid --map-host-loopback ${__map_ns4} --map-host-loopback ${__map_ns6}" + context_run_bg passt "valgrind --max-stackframe=$((4 * 1024 * 1024)) --trace-children=yes --vgdb=no --error-exitcode=1 --suppressions=test/valgrind.supp ./passt -f ${__opts} -s ${STATESETUP}/passt.socket -H hostname1 --fqdn fqdn1.passt.test -t 10001,10011,10021,10031 -u 10001,10011,10021,10031 -P ${STATESETUP}/passt.pid --map-host-loopback ${__map_ns4} --map-host-loopback ${__map_ns6}" else context_run passt "make clean" context_run passt "make" - context_run_bg passt "./passt -f ${__opts} -s ${STATESETUP}/passt.socket -t 10001,10011,10021,10031 -u 10001,10011,10021,10031 -P ${STATESETUP}/passt.pid --map-host-loopback ${__map_ns4} --map-host-loopback ${__map_ns6}" + context_run_bg passt "./passt -f ${__opts} -s ${STATESETUP}/passt.socket -H hostname1 --fqdn fqdn1.passt.test -t 10001,10011,10021,10031 -u 10001,10011,10021,10031 -P ${STATESETUP}/passt.pid --map-host-loopback ${__map_ns4} --map-host-loopback ${__map_ns6}" fi wait_for [ -f "${STATESETUP}/passt.pid" ] @@ -243,7 +243,7 @@ setup_two_guests() { [ ${TRACE} -eq 1 ] && __opts="${__opts} --trace" [ ${VHOST_USER} -eq 1 ] && __opts="${__opts} --vhost-user" - context_run_bg passt_1 "./passt -s ${STATESETUP}/passt_1.socket -P ${STATESETUP}/passt_1.pid -f ${__opts} -t 10001 -u 10001" + context_run_bg passt_1 "./passt -s ${STATESETUP}/passt_1.socket -P ${STATESETUP}/passt_1.pid -f ${__opts} --fqdn fqdn1.passt.test -H hostname1 -t 10001 -u 10001" wait_for [ -f "${STATESETUP}/passt_1.pid" ] __opts= @@ -252,7 +252,7 @@ setup_two_guests() { [ ${TRACE} -eq 1 ] && __opts="${__opts} --trace" [ ${VHOST_USER} -eq 1 ] && __opts="${__opts} --vhost-user" - context_run_bg passt_2 "./passt -s ${STATESETUP}/passt_2.socket -P ${STATESETUP}/passt_2.pid -f ${__opts} -t 10004 -u 10004" + context_run_bg passt_2 "./passt -s ${STATESETUP}/passt_2.socket -P ${STATESETUP}/passt_2.pid -f ${__opts} --hostname hostname2 --fqdn fqdn2 -t 10004 -u 10004" wait_for [ -f "${STATESETUP}/passt_2.pid" ] __vmem="$((${MEM_KIB} / 1024 / 4))" diff --git a/test/passt.mbuto b/test/passt.mbuto index d4d57cb..e45a284 100755 --- a/test/passt.mbuto +++ b/test/passt.mbuto @@ -13,7 +13,7 @@ PROGS="${PROGS:-ash,dash,bash ip mount ls insmod mkdir ln cat chmod lsmod modprobe find grep mknod mv rm umount jq iperf3 dhclient hostname sed tr chown sipcalc cut socat dd strace ping tail killall sleep sysctl - nproc tcp_rr tcp_crr udp_rr which tee seq bc sshd ssh-keygen cmp tcpdump}" + nproc tcp_rr tcp_crr udp_rr which tee seq bc sshd ssh-keygen cmp tcpdump env}" # OpenSSH 9.8 introduced split binaries, with sshd being the daemon, and # sshd-session the per-session program. We need the latter as well, and the path @@ -41,6 +41,7 @@ FIXUP="${FIXUP}"' #!/bin/sh LOG=/var/log/dhclient-script.log echo \${reason} \${interface} >> \$LOG +env >> \$LOG set >> \$LOG [ -n "\${new_interface_mtu}" ] && ip link set dev \${interface} mtu \${new_interface_mtu} @@ -54,7 +55,8 @@ set >> \$LOG [ -n "\${new_ip6_address}" ] && ip addr add \${new_ip6_address}/\${new_ip6_prefixlen} dev \${interface} [ -n "\${new_dhcp6_name_servers}" ] && for d in \${new_dhcp6_name_servers}; do echo "nameserver \${d}%\${interface}" >> /etc/resolv.conf; done [ -n "\${new_dhcp6_domain_search}" ] && (printf "search"; for d in \${new_dhcp6_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf -[ -n "\${new_host_name}" ] && hostname "\${new_host_name}" +[ -n "\${new_host_name}" ] && echo "\${new_host_name}" > /tmp/new_host_name +[ -n "\${new_fqdn_fqdn}" ] && echo "\${new_fqdn_fqdn}" > /tmp/new_fqdn_fqdn exit 0 EOF chmod 755 /sbin/dhclient-script diff --git a/test/passt/dhcp b/test/passt/dhcp index 9925ab9..145f1ba 100644 --- a/test/passt/dhcp +++ b/test/passt/dhcp @@ -11,7 +11,7 @@ # Copyright (c) 2021 Red Hat GmbH # Author: Stefano Brivio <sbrivio(a)redhat.com> -gtools ip jq dhclient sed tr +gtools ip jq dhclient sed tr hostname htools ip jq sed tr head test Interface name @@ -47,7 +47,16 @@ gout SEARCH sed 's/\. / /g' /etc/resolv.conf | sed 's/\.$//g' | sed -n 's/^searc hout HOST_SEARCH sed 's/\. / /g' /etc/resolv.conf | sed 's/\.$//g' | sed -n 's/^search $.*$/\1/p' | tr ' \n' ',' | sed 's/,$//;s/$/\n/' check [ "__SEARCH__" = "__HOST_SEARCH__" ] +test DHCP: Hostname +gout NEW_HOST_NAME cat /tmp/new_host_name +check [ "__NEW_HOST_NAME__" = "hostname1" ] + +test DHCP: Client FQDN +gout NEW_FQDN_FQDN cat /tmp/new_fqdn_fqdn +check [ "__NEW_FQDN_FQDN__" = "fqdn1.passt.test" ] + test DHCPv6: address +guest rm /tmp/new_fqdn_fqdn guest /sbin/dhclient -6 __IFNAME__ # Wait for DAD to complete guest while ip -j -6 addr show tentative | jq -e '.[].addr_info'; do sleep 0.1; done @@ -70,3 +79,7 @@ test DHCPv6: search list gout SEARCH6 sed 's/\. / /g' /etc/resolv.conf | sed 's/\.$//g' | sed -n 's/^search $.*$/\1/p' | tr ' \n' ',' | sed 's/,$//;s/$/\n/' hout HOST_SEARCH6 sed 's/\. / /g' /etc/resolv.conf | sed 's/\.$//g' | sed -n 's/^search $.*$/\1/p' | tr ' \n' ',' | sed 's/,$//;s/$/\n/' check [ "__SEARCH6__" = "__HOST_SEARCH6__" ] + +test DHCPv6: Hostname +gout NEW_FQDN_FQDN cat /tmp/new_fqdn_fqdn +check [ "__NEW_FQDN_FQDN__" = "fqdn1.passt.test" ] diff --git a/util.c b/util.c index 4d51e04..ba33866 100644 --- a/util.c +++ b/util.c @@ -930,4 +930,28 @@ void raw_random(void *buf, size_t buflen) void epoll_del(const struct ctx *c, int fd) { epoll_ctl(c->epollfd, EPOLL_CTL_DEL, fd, NULL); + +} + +/** + * encode_domain_name() - Encode domain name according to RFC 1035, section 3.1 + * @buf: Buffer to fill in with encoded domain name + * @domain_name: Input domain name string with terminator + * + * The buffer's 'buf' size has to be >= strlen(domain_name) + 2 + */ +void encode_domain_name(char *buf, const char *domain_name) +{ + size_t i; + char *p; + + buf[0] = strcspn(domain_name, "."); + p = buf + 1; + for (i = 0; domain_name[i]; i++) { + if (domain_name[i] == '.') + p[i] = strcspn(domain_name + i + 1, "."); + else + p[i] = domain_name[i]; + } + p[i] = 0L; } diff --git a/util.h b/util.h index 23b165c..9c92a37 100644 --- a/util.h +++ b/util.h @@ -40,6 +40,9 @@ #ifndef IP_MAX_MTU #define IP_MAX_MTU USHRT_MAX #endif +#ifndef IPV6_MIN_MTU +#define IPV6_MIN_MTU 1280 +#endif #ifndef MIN #define MIN(x, y) (((x) < (y)) ? (x) : (y)) @@ -352,4 +355,7 @@ static inline int wrap_accept4(int sockfd, struct sockaddr *addr, #define accept4(s, addr, addrlen, flags) \ wrap_accept4((s), (addr), (addrlen), (flags)) +#define PASST_MAXDNAME 254 /* 253 (RFC 1035) + 1 (the terminator) */ +void encode_domain_name(char *buf, const char *domain_name); + #endif /* UTIL_H */ -- 2.47.0 [View Less]

3 3

[PATCH v13 0/6] State migration, kind of draft again
by Stefano Brivio 10 Feb '25

10 Feb '25

Some concerns came to my mind during the weekend and now I tried a bit quickly to fix them. A couple of functions became horrible as a result. More tests: IPv6 too, iperf3 inbound and outbound. From another read of: https://github.com/checkpoint-restore/criu/blob/criu-dev/soccr/soccr.c I noticed that the way I was dumping and restoring queues was almost entirely bogus. It should be fixed now. Handling of FIN might be needed, though: we might have an off-by-one when we restore queues, I … [View More]guess. Riddle of this version: enabling the flow_migrate_source_early() callback (shrinking the window early on) breaks things if I run the source without strace: the source (I think? sends a reset when we close the sockets after we switch repair mode on the second time (we flip that twice). So it's commented out for the moment. By itself, it works, and effectively limits what the peer sends during migration. There must be some other race or issue in passt-repair or in the matching interface, but I couldn't figure it out. David Gibson (1): migrate: Migrate guest observed addresses Stefano Brivio (5): migrate: Skeleton of live migration logic Add interfaces and configuration bits for passt-repair vhost_user: Make source quit after reporting migration state migrate: Migrate TCP flows test: Add migration tests Makefile | 14 +- conf.c | 44 ++- epoll_type.h | 6 +- flow.c | 248 ++++++++++++ flow.h | 8 + migrate.c | 309 +++++++++++++++ migrate.h | 54 +++ passt.1 | 11 + passt.c | 21 +- passt.h | 15 + repair.c | 211 ++++++++++ repair.h | 16 + tap.c | 65 +-- tcp.c | 789 +++++++++++++++++++++++++++++++++++++ tcp_conn.h | 95 +++++ test/lib/layout | 55 ++- test/lib/setup | 134 +++++++ test/lib/test | 48 +++ test/migrate/basic | 59 +++ test/migrate/bidirectional | 64 +++ test/migrate/iperf3_in4 | 50 +++ test/migrate/iperf3_in6 | 58 +++ test/migrate/iperf3_out4 | 50 +++ test/migrate/iperf3_out6 | 58 +++ test/run | 10 + util.c | 62 +++ util.h | 30 ++ vhost_user.c | 68 +--- virtio.h | 4 - vu_common.c | 49 +-- vu_common.h | 2 +- 31 files changed, 2524 insertions(+), 183 deletions(-) create mode 100644 migrate.c create mode 100644 migrate.h create mode 100644 repair.c create mode 100644 repair.h create mode 100644 test/migrate/basic create mode 100644 test/migrate/bidirectional create mode 100644 test/migrate/iperf3_in4 create mode 100644 test/migrate/iperf3_in6 create mode 100644 test/migrate/iperf3_out4 create mode 100644 test/migrate/iperf3_out6 -- 2.43.0 [View Less]

2 13

[PATCH v14 00/14] State migration
by David Gibson 10 Feb '25

10 Feb '25

Changes from v13: * Split shrinking of windows before migration to a separate patch * Added assorted fixups for small issues David Gibson (7): fixup: Remove unused iov field in struct migrate_stage migrate: Migrate guest observed addresses fixup: Reorder conf options fixup: Correctly type repair_cmd global fixup: Sanity check passt-repair reply message fixup: Don't close repair socket after first migration attempt fixup: Adjust conditions under which we quite after completing … [View More] migration Stefano Brivio (7): migrate: Skeleton of live migration logic Add interfaces and configuration bits for passt-repair vhost_user: Make source quit after reporting migration state migrate: Migrate TCP flows fixup: Check for errors on repair mode rollback test: Add migration tests WIP: migrate, tcp: Shrink windows before migration Makefile | 14 +- conf.c | 44 ++- epoll_type.h | 6 +- flow.c | 250 ++++++++++++ flow.h | 8 + migrate.c | 307 +++++++++++++++ migrate.h | 51 +++ passt.1 | 11 + passt.c | 21 +- passt.h | 15 + repair.c | 218 ++++++++++ repair.h | 16 + tap.c | 65 +-- tcp.c | 788 +++++++++++++++++++++++++++++++++++++ tcp_conn.h | 95 +++++ test/lib/layout | 55 ++- test/lib/setup | 134 +++++++ test/lib/test | 48 +++ test/migrate/basic | 59 +++ test/migrate/bidirectional | 64 +++ test/migrate/iperf3_in4 | 50 +++ test/migrate/iperf3_in6 | 58 +++ test/migrate/iperf3_out4 | 50 +++ test/migrate/iperf3_out6 | 58 +++ test/run | 10 + util.c | 62 +++ util.h | 30 ++ vhost_user.c | 67 +--- virtio.h | 4 - vu_common.c | 49 +-- vu_common.h | 2 +- 31 files changed, 2524 insertions(+), 185 deletions(-) create mode 100644 migrate.c create mode 100644 migrate.h create mode 100644 repair.c create mode 100644 repair.h create mode 100644 test/migrate/basic create mode 100644 test/migrate/bidirectional create mode 100644 test/migrate/iperf3_in4 create mode 100644 test/migrate/iperf3_in6 create mode 100644 test/migrate/iperf3_out4 create mode 100644 test/migrate/iperf3_out6 -- 2.48.1 [View Less]

1 14

[PATCH] conf: Don't map DNS traffic to host, if host gateway is a resolver
by Stefano Brivio 09 Feb '25

09 Feb '25

This should be a relatively common case and I'm a bit surprised it's been broken since I added the "gateway mapping" functionality, but it doesn't happen with Podman, and not with systemd-resolved or similar local proxies, and also not with servers where typically the gateway is just a router and not a DNS resolver. That could be the reason why nobody noticed until now. By default, we'll map the address of the default gateway, in containers and guests, to represent "the host", so that we have … [View More]a well-defined way to reach the host. Say: 0.0029: NAT to host 127.0.0.1: 192.168.100.1 But if the host gateway is also a DNS resolver: 0.0029: DNS: 0.0029: 192.168.100.1 then we'll send DNS queries directed to it to the host instead: 0.0372: Flow 0 (INI): TAP [192.168.100.157]:41892 -> [192.168.100.1]:53 => ? 0.0372: Flow 0 (TGT): INI -> TGT 0.0373: Flow 0 (TGT): TAP [192.168.100.157]:41892 -> [192.168.100.1]:53 => HOST [0.0.0.0]:41892 -> [127.0.0.1]:53 0.0373: Flow 0 (UDP flow): TGT -> TYPED 0.0373: Flow 0 (UDP flow): TAP [192.168.100.157]:41892 -> [192.168.100.1]:53 => HOST [0.0.0.0]:41892 -> [127.0.0.1]:53 0.0373: Flow 0 (UDP flow): Side 0 hash table insert: bucket: 31049 0.0374: Flow 0 (UDP flow): TYPED -> ACTIVE 0.0374: Flow 0 (UDP flow): TAP [192.168.100.157]:41892 -> [192.168.100.1]:53 => HOST [0.0.0.0]:41892 -> [127.0.0.1]:53 which doesn't quite work, of course: 0.0374: pasta: epoll event on UDP reply socket 95 (events: 0x00000008) 0.0374: ICMP error on UDP socket 95: Connection refused unless the host is a resolver itself... but then we wouldn't find the address of the gateway in its /etc/resolv.conf, presumably. Fix this by making an exception for DNS traffic: if the default gateway is a resolver, match on DNS traffic going to the default gateway, and explicitly forward it to the configured resolver. Reported-by: Prafulla Giri <prafulla.giri(a)protonmail.com> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- conf.c | 16 ++++++++++------ passt.1 | 14 ++++++++++---- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/conf.c b/conf.c index df2b016..360ce21 100644 --- a/conf.c +++ b/conf.c @@ -426,10 +426,12 @@ static void add_dns_resolv(struct ctx *c, const char *nameserver, if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns_host)) c->ip4.dns_host = ns4; - /* Guest or container can only access local addresses via - * redirect + /* Special handling if guest or container can only access local + * addresses via redirect, or if the host gateway is also a + * resolver and we shadow its address */ - if (IN4_IS_ADDR_LOOPBACK(&ns4)) { + if (IN4_IS_ADDR_LOOPBACK(&ns4) || + IN4_ARE_ADDR_EQUAL(&ns4, &c->ip4.map_host_loopback)) { if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_host_loopback)) return; @@ -445,10 +447,12 @@ static void add_dns_resolv(struct ctx *c, const char *nameserver, if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns_host)) c->ip6.dns_host = ns6; - /* Guest or container can only access local addresses via - * redirect + /* Special handling if guest or container can only access local + * addresses via redirect, or if the host gateway is also a + * resolver and we shadow its address */ - if (IN6_IS_ADDR_LOOPBACK(&ns6)) { + if (IN6_IS_ADDR_LOOPBACK(&ns6) || + IN6_ARE_ADDR_EQUAL(&ns6, &c->ip6.map_host_loopback)) { if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback)) return; diff --git a/passt.1 b/passt.1 index d9cd33e..7b6eabd 100644 --- a/passt.1 +++ b/passt.1 @@ -941,10 +941,16 @@ with destination 127.0.0.10, and the default IPv4 gateway is 192.0.2.1, while the last observed source address from guest or namespace is 192.0.2.2, this will be translated to a connection from 192.0.2.1 to 192.0.2.2. -Similarly, for traffic coming from guest or namespace, packets with -destination address corresponding to the \fB\-\-map-host-loopback\fR -address will have their destination address translated to a loopback -address. +Similarly, for traffic coming from guest or namespace, packets with destination +address corresponding to the \fB\-\-map-host-loopback\fR address will have their +destination address translated to a loopback address. + +As an exception, traffic identified as DNS, originally directed to the +\fB\-\-map-host-loopback\fR address, if this address matches a resolver address +on the host, is \fBnot\fR translated to loopback, but rather handled in the same +way as if specified as \-\-dns-forward address, if no such option was given. +In the common case where the host gateway also acts a resolver, this avoids that +the host mapping shadows the gateway/resolver itself. .SS Handling of local traffic in pasta -- 2.43.0 [View Less]

2 2

[PATCH v12 0/6] Non-draft state migration
by Stefano Brivio 08 Feb '25

08 Feb '25

v12: - clean up, add comments, complete error handling - add iperf3 test with 6 concurrent flows and migration under flood This looks reasonably stable and polished to me, probably enough to be merged. The behaviour now looks solid under flood, too. Still to do, I guess: 1. more iperf3 tests, with IPv6, in the other direction, and with mixed flows 2. support for other types of flow (assuming that we care at all... things already work) 3. find a way to close the window socket-… [View More]side early on, and reopen it in the target, to entirely avoid retransmissions. I can set the socket in repair mode in the source, fetch TCP_REPAIR_WINDOW parameters, just change rcv_wnd to 0, set them back, then disable repair mode. Nothing bad happens and the window probe from TCP_REPAIR_OFF is visible, but the window isn't updated, because it's not actually recalculated using rcv_wnd meanwhile. Dummy send/recv() calls don't really change things, either. But there must be some other way. I haven't tried doing this guest-side but that part should be trivial. David Gibson (1): migrate: Migrate guest observed addresses Stefano Brivio (5): migrate: Skeleton of live migration logic Add interfaces and configuration bits for passt-repair vhost_user: Make source quit after reporting migration state migrate: Migrate TCP flows test: Add migration tests Makefile | 14 +- conf.c | 44 ++- epoll_type.h | 6 +- flow.c | 202 +++++++++++++ flow.h | 6 + migrate.c | 300 +++++++++++++++++++ migrate.h | 54 ++++ passt.1 | 11 + passt.c | 15 +- passt.h | 15 + repair.c | 211 ++++++++++++++ repair.h | 16 + tap.c | 65 +---- tcp.c | 583 +++++++++++++++++++++++++++++++++++++ tcp_conn.h | 87 ++++++ test/lib/layout | 55 +++- test/lib/setup | 128 ++++++++ test/lib/test | 48 +++ test/migrate/basic | 54 ++++ test/migrate/bidirectional | 59 ++++ test/migrate/iperf3_out4 | 42 +++ test/run | 10 + util.c | 62 ++++ util.h | 30 ++ vhost_user.c | 68 ++--- virtio.h | 4 - vu_common.c | 49 +--- vu_common.h | 2 +- 28 files changed, 2060 insertions(+), 180 deletions(-) create mode 100644 migrate.c create mode 100644 migrate.h create mode 100644 repair.c create mode 100644 repair.h create mode 100644 test/migrate/basic create mode 100644 test/migrate/bidirectional create mode 100644 test/migrate/iperf3_out4 -- 2.43.0 [View Less]

1 7

migrate/bidirectional debugging
by David Gibson 08 Feb '25

08 Feb '25

I've spent today trying to debug this failure. I've gathered a bunch of information, but no breakthroughs, alas. At this point I suspect a kernel bug, though I hope I'm wrong. # Background. I think these are as you described it on your system: * Most (but not every) time I run migrate/bidirectional it fails, with the "outbound" stream only getting the before migration piece * I can't reproduce if I put strace on the guest 2 passt. Possibly unlike you: * I'm able to use TRACE=1, and … [View More]the problem still reproduces * I can put strace on the outer pasta and the problem still reproduces The specific anomolies I was focused on were: * The passt_2 pcap shows "and from guest 2" coming _inbound_ a bit after it (correctly) went outbound * The pasta_1 pcap doesn't seem to show "and from guest 2" in either direction # Observations * I added a hack (see other series) that let me log comments to the pcap file as ethertype 0xffff, this was so I could have debugging messages in order with the the captured packets. * I used that to bin down exactly where the bogus output "and from guest 2" was being recorded, and it's in tcp_vu_data_from_sock() * I traced back from there, and passt_2 really does seem to be getting "and from guest 2" from a recvmsg() on the socket. I see from my pcap comments that we're getting 17 bytes from recvmsg() right before capturing the inbound packet, at any rate. * As noted, I couldn't reproduce with an strace on passt_2, so I couldn't confirm that piece that way It kind of seemed like we were sendmsg()ing "and from guest 2" and it was bouncing straight back to our socket, instead of being delivered to the outer pasta. * I tried putting a dumpcap on 'lo' in the pasta namespace, thinking I might see this weird passt->passt packet. But, nothing. There are thousands of packets of the qemu migration stream, and absolutely nothing else. * I also tried dumpcap on the external interface in the pasta namspace, and I didn't see anything different from what pasta captured (although I didn't check super carefully). In particular I didn't seem to see "and from guest 2" in either direction there either * Since I couldn't strace() passt_2, I instead tried logging TCP sendmsg() and recvmsg() calls of length 17 using systemtap (script attached). At this point it gets even weirder: On a working run (achieved by adding the strace), I get this: BEGIN tcp sendmsg(-129530279294592) len=17 - ./passt -s /tmp/passt-tests-niICXS/migrate/passt_2.socket -P /tmp/passt-tests-niICXS/migrate/passt_2.pid -f --vhost-user -p /home/dwg/src/passt/test/test_logs/passt_2.pcap --trace -t 10004 -u 10004 tcp sendmsg(-129489810388608) len=17 - ./pasta -p /home/dwg/src/passt/test/test_logs/pasta_1.pcap --trace --trace -l /tmp/pasta1.log -P /tmp/passt-tests-niICXS/migrate/pasta_1.pid -t 10001,10002,10004 -T 10003 -u 10001,10002,10004 -U 10003 --map-guest-addr 169.254.1.1 --config-net /home/dwg/src/passt/test/nstool hold /tmp/passt-tests-niICXS/migrate/ns1.hold END This mostly makes sense. passt_2 sends the expected outbound packet to the namespace, then pasta_1 forwards it on to the host. I don't know why I'm not seeing the recvmsg() from the socat server, though. In the failing case, though, I get this: BEGIN tcp sendmsg(-129471392995840) len=17 - ./passt -s /tmp/passt-tests-CV71zo/migrate/passt_2.socket -P /tmp/passt-tests-CV71zo/migrate/passt_2.pid -f --vhost-user -p /home/dwg/src/passt/test/test_logs/passt_2.pcap --trace -t 10004 -u 10004 tcp recvmsg(-129476447043584) len=17 - ./pasta -p /home/dwg/src/passt/test/test_logs/pasta_1.pcap --trace --trace -l /tmp/pasta1.log -P /tmp/passt-tests-CV71zo/migrate/pasta_1.pid -t 10001,10002,10004 -T 10003 -u 10001,10002,10004 -U 10003 --map-guest-addr 169.254.1.1 --config-net /home/dwg/src/passt/test/nstool hold /tmp/passt-tests-CV71zo/migrate/ns1.hold END First event seems the same: passt_2 sending the outbound packet, as expected. The second, though, is weird: the outer pasta seems to receive the data from a socket, not from tap as we'd expect. That might explain the other symptoms, if pasta received it on its socket, it would send inwards. But... I don't see pasta sending that "and from guest 2" inbound in its packet capture. And, weirder still, although I see that recvmsg() with systemtap, I don't see it in an strace of pasta. ...and.. that's where I'm at. Attaching my systemtap script and a ball of logs. Hoping they're helpful :/. -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson [View Less]

2 3

[PATCH] passt-repair: Send one confirmation *per command*, not *per socket*
by Stefano Brivio 08 Feb '25

08 Feb '25

It looks like me, myself and I couldn't agree on the "simple" protocol between passt and passt-repair. The man page and passt say it's one confirmation per command, but the passt-repair implementation had one confirmation per socket instead. This caused all sort of mysterious issues with repair mode pseudo-randomly enabled, and leading to hours of fun (mostly not mine). Oops. Switch to one confirmation per command (of course). Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- … [View More]

2 1

[PATCH v2] dhcp: Don't re-use request message for reply
by Enrique Llorente 07 Feb '25

07 Feb '25

The logic composing the DHCP reply message is reusing the request message to compose it, future long options like FQDN may exceed the request message limit making it go beyond the lower bound. This change creates a new reply message with a fixed options size of 308 and fills it in with proper fields from requests adding on top the generated options, this way the reply lower bound does not depend on the request. Signed-off-by: Enrique Llorente <ellorent(a)redhat.com> --- dhcp.c | 27 ++++… [View More]++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/dhcp.c b/dhcp.c index d8515aa..2a23ed4 100644 --- a/dhcp.c +++ b/dhcp.c @@ -151,9 +151,6 @@ static int fill(struct msg *m) { int i, o, offset = 0; - m->op = BOOTREPLY; - m->secs = 0; - for (o = 0; o < 255; o++) opts[o].sent = 0; @@ -291,8 +288,9 @@ int dhcp(const struct ctx *c, const struct pool *p) const struct ethhdr *eh; const struct iphdr *iph; const struct udphdr *uh; + struct msg const *m; + struct msg reply; unsigned int i; - struct msg *m; eh = packet_get(p, 0, offset, sizeof(*eh), NULL); offset += sizeof(*eh); @@ -321,6 +319,22 @@ int dhcp(const struct ctx *c, const struct pool *p) m->op != BOOTREQUEST) return -1; + reply.op = BOOTREPLY; + reply.htype = m->htype; + reply.hlen = m->hlen; + reply.hops = 0; + reply.xid = m->xid; + reply.secs = 0; + reply.flags = m->flags; + reply.ciaddr = m->ciaddr; + reply.yiaddr = c->ip4.addr; + reply.siaddr = 0; + reply.giaddr = m->giaddr; + memcpy(&reply.chaddr, m->chaddr, sizeof(reply.chaddr)); + memset(&reply.sname, 0, sizeof(reply.sname)); + memset(&reply.file, 0, sizeof(reply.file)); + reply.magic = m->magic; + offset += offsetof(struct msg, o); for (i = 0; i < ARRAY_SIZE(opts); i++) @@ -364,7 +378,6 @@ int dhcp(const struct ctx *c, const struct pool *p) info(" from %s", eth_ntop(m->chaddr, macstr, sizeof(macstr))); - m->yiaddr = c->ip4.addr; mask.s_addr = htonl(0xffffffff << (32 - c->ip4.prefix_len)); memcpy(opts[1].s, &mask, sizeof(mask)); memcpy(opts[3].s, &c->ip4.guest_gw, sizeof(c->ip4.guest_gw)); @@ -401,14 +414,14 @@ int dhcp(const struct ctx *c, const struct pool *p) if (!c->no_dhcp_dns_search) opt_set_dns_search(c, sizeof(m->o)); - dlen = offsetof(struct msg, o) + fill(m); + dlen = offsetof(struct msg, o) + fill(&reply); if (m->flags & FLAG_BROADCAST) dst = in4addr_broadcast; else dst = c->ip4.addr; - tap_udp4_send(c, c->ip4.our_tap_addr, 67, dst, 68, m, dlen); + tap_udp4_send(c, c->ip4.our_tap_addr, 67, dst, 68, &reply, dlen); return 1; } -- 2.47.0 [View Less]

2 1

[PATCH] passt-repair: Don't use perror(), accept ECONNRESET as termination
by Stefano Brivio 07 Feb '25

07 Feb '25

If we use glibc's perror(), we need to allow dup() and fcntl() in our seccomp profiles, which are a bit too much for this simple helper. On top of that, we would probably need a wrapper to avoid allocation for translated messages. While at it: ECONNRESET is just a close() from passt, treat it like EOF. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- passt-repair.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/passt-repair.c b/passt-repair.c … [View More]

2 4

[PATCH 0/2] Migration debugging hacks
by David Gibson 07 Feb '25

07 Feb '25

Here are a couple of hacky patches I was using for debugging the failures in the migrate/bidirectional test. Further details on where I'm at coming in another email. David Gibson (2): pcap comment hacks debug pcap.c | 20 ++++++++++++++++++++ pcap.h | 2 ++ tap.c | 1 + tcp_vu.c | 6 ++++++ test/lib/setup | 8 +++++--- test/migrate/bidirectional | 15 ++++++++++++++- vu_common.c … [View More]

1 2

2025

2024

2023

2022

2021

dev February 2025