- dev - passt

[PATCH] treewide: Allow additional system calls for i386/i686
by Stefano Brivio 20 Aug '24

20 Aug '24

I haven't tested i386 for a long time (after playing with some openSUSE i586 image a couple of years ago). It turns out that a number of system calls we actually need were denied by the seccomp filter, and not even basic functionality works. Add some system calls that glibc started using with the 64-bit time ("t64") transition, see also: https://wiki.debian.org/ReleaseGoals/64bit-time that is: clock_gettime64, timerfd_gettime64, fcntl64, and recvmmsg_time64. Add further system calls that are needed regardless of time_t width, that is, mmap2 (valgrind profile only), _llseek and sigreturn (common outside x86_64), and socketcall (same as s390x). I validated this against an almost full run of the test suite, with just a few selected tests skipped. Fixes needed to run most tests on i386/i686, and other assorted fixes for tests, are included in upcoming patches. Reported-by: Uroš Knupleš <uros(a)knuples.net> Analysed-by: Faidon Liambotis <paravoid(a)debian.org> Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078981 Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- Makefile | 2 +- log.c | 2 +- passt.c | 6 +++--- pasta.c | 2 +- tcp.c | 2 +- tcp_splice.c | 2 +- udp.c | 2 +- udp_flow.c | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index b6329e3..01fada4 100644 --- a/Makefile +++ b/Makefile @@ -129,7 +129,7 @@ qrap: $(QRAP_SRCS) passt.h valgrind: EXTRA_SYSCALLS += rt_sigprocmask rt_sigtimedwait rt_sigaction \ rt_sigreturn getpid gettid kill clock_gettime mmap \ - munmap open unlink gettimeofday futex + mmap2 munmap open unlink gettimeofday futex valgrind: FLAGS += -g -DVALGRIND valgrind: all diff --git a/log.c b/log.c index e7202d0..433b552 100644 --- a/log.c +++ b/log.c @@ -98,7 +98,7 @@ const char *logfile_prefix[] = { * @fd: Log file descriptor * @now: Current timestamp * - * #syscalls lseek ppc64le:_llseek ppc64:_llseek arm:_llseek + * #syscalls lseek ppc64le:_llseek ppc64:_llseek arm:_llseek i686:_llseek */ static void logfile_rotate_fallocate(int fd, const struct timespec *now) { diff --git a/passt.c b/passt.c index 4b3c306..f9670b3 100644 --- a/passt.c +++ b/passt.c @@ -191,11 +191,11 @@ void exit_handler(int signal) * Return: non-zero on failure * * #syscalls read write writev - * #syscalls socket bind connect getsockopt setsockopt s390x:socketcall close - * #syscalls recvfrom sendto shutdown + * #syscalls socket getsockopt setsockopt s390x:socketcall i686:socketcall close + * #syscalls bind connect recvfrom sendto shutdown * #syscalls arm:recv ppc64le:recv arm:send ppc64le:send * #syscalls accept4|accept listen epoll_ctl epoll_wait|epoll_pwait epoll_pwait - * #syscalls clock_gettime arm:clock_gettime64 + * #syscalls clock_gettime arm:clock_gettime64 i686:clock_gettime64 */ int main(int argc, char **argv) { diff --git a/pasta.c b/pasta.c index 1142f03..49b56db 100644 --- a/pasta.c +++ b/pasta.c @@ -13,7 +13,7 @@ * * #syscalls:pasta clone waitid exit exit_group rt_sigprocmask * #syscalls:pasta rt_sigreturn|sigreturn - * #syscalls:pasta arm:sigreturn ppc64:sigreturn s390x:sigreturn + * #syscalls:pasta arm:sigreturn ppc64:sigreturn s390x:sigreturn i686:sigreturn */ #include <sched.h> diff --git a/tcp.c b/tcp.c index c0820ce..c542a78 100644 --- a/tcp.c +++ b/tcp.c @@ -2143,7 +2143,7 @@ cancel: * @c: Execution context * @ref: epoll reference of timer (not connection) * - * #syscalls timerfd_gettime + * #syscalls timerfd_gettime i686:timerfd_gettime64 */ void tcp_timer_handler(struct ctx *c, union epoll_ref ref) { diff --git a/tcp_splice.c b/tcp_splice.c index 483e45d..9f5cc27 100644 --- a/tcp_splice.c +++ b/tcp_splice.c @@ -28,7 +28,7 @@ * - FIN_SENT_0: FIN (write shutdown) sent to accepted socket * - FIN_SENT_1: FIN (write shutdown) sent to target socket * - * #syscalls:pasta pipe2|pipe fcntl arm:fcntl64 ppc64:fcntl64 + * #syscalls:pasta pipe2|pipe fcntl arm:fcntl64 ppc64:fcntl64 i686:fcntl64 */ #include <sched.h> diff --git a/udp.c b/udp.c index 7731257..851881e 100644 --- a/udp.c +++ b/udp.c @@ -460,7 +460,7 @@ static bool udp_sock_recverr(int s) * @events: epoll events bitmap * @mmh mmsghdr array to receive into * - * #syscalls recvmmsg + * #syscalls recvmmsg i686:recvmmsg_time64 */ static int udp_sock_recv(const struct ctx *c, int s, uint32_t events, struct mmsghdr *mmh) diff --git a/udp_flow.c b/udp_flow.c index 8b25ad1..b1133c0 100644 --- a/udp_flow.c +++ b/udp_flow.c @@ -174,7 +174,7 @@ cancel: * @s_in: Source socket address, filled in by recvmmsg() * @now: Timestamp * - * #syscalls fcntl + * #syscalls fcntl arm:fcntl64 ppc64:fcntl64 i686:fcntl64 * * Return: sidx for the destination side of the flow for this packet, or * FLOW_SIDX_NONE if we couldn't find or create a flow. -- 2.43.0

2 1

[PATCH v4 0/7] Prevent DAD for link-local addresses in containers
by Stefano Brivio 17 Aug '24

17 Aug '24

There's no point in letting a container perform duplicate address detection as we'll silently discard neighbour solicitations with unspecified source addresses anyway, without relaying them to anybody. And we realised that it's not harmless, see the whole discussion around https://github.com/containers/podman/pull/23561#discussion_r1711639663: we can't communicate with the container right away because of that, which is surely annoying for tests, but it could also be an issue for use cases with very short-lived containers or namespaces. Disabling DAD via procfs configuration would be simpler than all this, but we don't own the namespace (unless we spawn a shell), so we shouldn't mess up with procfs entries, assuming it's even possible. Set the nodad attribute, and prevent DAD from being triggered before on link up, before we can set that attribute. v4: - fix botched rebase, changes meant for 4/7 in v3 ended up in 6/7 v3: - in 4/7, actually handle all the netlink responses for the case where we change multiple addresses v2: - in 4/7, instead of doing the whole nl_routes_dup()-vendored dance to keep addresses in a single buffer, send NLM_F_REPLACE requests right away, but use nlmsg_send() instead of nl_do(), and check for answers to our further requests later. Use warn() instead of die() if we can't set nodad attributes - in 5/7, make nl_addr_get_ll() get a pointer to struct in6_addr instead of a generic void pointer, and warn(), don't die(), if it fails Stefano Brivio (7): netlink: Fix typo in function comment for nl_addr_get() netlink, pasta: Split MTU setting functionality out of nl_link_up() netlink, pasta: Turn nl_link_up() into a generic function to set link flags netlink, pasta: Disable DAD for link-local addresses on namespace interface netlink, pasta: Fetch link-local address from namespace interface once it's up pasta: Disable neighbour solicitations on device up to prevent DAD netlink: Fix typo in function comment for nl_addr_set() netlink.c | 146 +++++++++++++++++++++++++++++++++++++++++++++++++----- netlink.h | 6 ++- pasta.c | 29 ++++++++++- 3 files changed, 166 insertions(+), 15 deletions(-) -- 2.43.0

2 8

[PATCH v3 0/7] Prevent DAD for link-local addresses in containers
by Stefano Brivio 17 Aug '24

17 Aug '24

There's no point in letting a container perform duplicate address detection as we'll silently discard neighbour solicitations with unspecified source addresses anyway, without relaying them to anybody. And we realised that it's not harmless, see the whole discussion around https://github.com/containers/podman/pull/23561#discussion_r1711639663: we can't communicate with the container right away because of that, which is surely annoying for tests, but it could also be an issue for use cases with very short-lived containers or namespaces. Disabling DAD via procfs configuration would be simpler than all this, but we don't own the namespace (unless we spawn a shell), so we shouldn't mess up with procfs entries, assuming it's even possible. Set the nodad attribute, and prevent DAD from being triggered before on link up, before we can set that attribute. v3: - in 4/7, actually handle all the netlink responses for the case where we change multiple addresses v2: - in 4/7, instead of doing the whole nl_routes_dup()-vendored dance to keep addresses in a single buffer, send NLM_F_REPLACE requests right away, but use nlmsg_send() instead of nl_do(), and check for answers to our further requests later. Use warn() instead of die() if we can't set nodad attributes - in 5/7, make nl_addr_get_ll() get a pointer to struct in6_addr instead of a generic void pointer, and warn(), don't die(), if it fails Stefano Brivio (7): netlink: Fix typo in function comment for nl_addr_get() netlink, pasta: Split MTU setting functionality out of nl_link_up() netlink, pasta: Turn nl_link_up() into a generic function to set link flags netlink, pasta: Disable DAD for link-local addresses on namespace interface netlink, pasta: Fetch link-local address from namespace interface once it's up pasta: Disable neighbour solicitations on device up to prevent DAD netlink: Fix typo in function comment for nl_addr_set() netlink.c | 146 +++++++++++++++++++++++++++++++++++++++++++++++++----- netlink.h | 6 ++- pasta.c | 29 ++++++++++- 3 files changed, 166 insertions(+), 15 deletions(-) -- 2.43.0

2 10

[PATCH v2 0/7] Prevent DAD for link-local addresses in containers
by Stefano Brivio 16 Aug '24

16 Aug '24

There's no point in letting a container perform duplicate address detection as we'll silently discard neighbour solicitations with unspecified source addresses anyway, without relaying them to anybody. And we realised that it's not harmless, see the whole discussion around https://github.com/containers/podman/pull/23561#discussion_r1711639663: we can't communicate with the container right away because of that, which is surely annoying for tests, but it could also be an issue for use cases with very short-lived containers or namespaces. Disabling DAD via procfs configuration would be simpler than all this, but we don't own the namespace (unless we spawn a shell), so we shouldn't mess up with procfs entries, assuming it's even possible. Set the nodad attribute, and prevent DAD from being triggered before on link up, before we can set that attribute. v2: - in 4/7, instead of doing the whole nl_routes_dup()-vendored dance to keep addresses in a single buffer, send NLM_F_REPLACE requests right away, but use nlmsg_send() instead of nl_do(), and check for answers to our further requests later. Use warn() instead of die() if we can't set nodad attributes - in 5/7, make nl_addr_get_ll() get a pointer to struct in6_addr instead of a generic void pointer, and warn(), don't die(), if it fails Stefano Brivio (7): netlink: Fix typo in function comment for nl_addr_get() netlink, pasta: Split MTU setting functionality out of nl_link_up() netlink, pasta: Turn nl_link_up() into a generic function to set link flags netlink, pasta: Disable DAD for link-local addresses on namespace interface netlink, pasta: Fetch link-local address from namespace interface once it's up pasta: Disable neighbour solicitations on device up to prevent DAD netlink: Fix typo in function comment for nl_addr_set() netlink.c | 144 +++++++++++++++++++++++++++++++++++++++++++++++++----- netlink.h | 6 ++- pasta.c | 29 ++++++++++- 3 files changed, 164 insertions(+), 15 deletions(-) -- 2.43.0

2 12

[PATCH 0/7] Prevent DAD for link-local addresses in containers
by Stefano Brivio 15 Aug '24

15 Aug '24

There's no point in letting a container perform duplicate address detection as we'll silently discard neighbour solicitations with unspecified source addresses anyway, without relaying them to anybody. And we realised that it's not harmless, see the whole discussion around https://github.com/containers/podman/pull/23561#discussion_r1711639663: we can't communicate with the container right away because of that, which is surely annoying for tests, but it could also be an issue for use cases with very short-lived containers or namespaces. Disabling DAD via procfs configuration would be simpler than all this, but we don't own the namespace (unless we spawn a shell), so we shouldn't mess up with procfs entries, assuming it's even possible. Set the nodad attribute, and prevent DAD from being triggered before on link up, before we can set that attribute. Stefano Brivio (7): netlink: Fix typo in function comment for nl_addr_get() netlink, pasta: Split MTU setting functionality out of nl_link_up() netlink, pasta: Turn nl_link_up() into a generic function to set link flags netlink, pasta: Disable DAD for link-local addresses on namespace interface netlink, pasta: Fetch link-local address from namespace interface once it's up pasta: Disable neighbour solicitations on device up to prevent DAD netlink: Fix typo in function comment for nl_addr_set() netlink.c | 186 ++++++++++++++++++++++++++++++++++++++++++++++++++---- netlink.h | 6 +- pasta.c | 29 ++++++++- 3 files changed, 206 insertions(+), 15 deletions(-) -- 2.43.0

2 16

[PATCH 0/3] Assorted fixes related to addressing
by David Gibson 15 Aug '24

15 Aug '24

Here are fixes for a number of bugs I encountered while working toward configurable host mapping. There are more coming, but I'm still working on getting them ready. David Gibson (3): Correct inaccurate comments on ip[46]_ctx::addr conf: Delay handling -D option until after addresses are configured fwd: Rework inconsistencies in translation of inbound flows conf.c | 84 +++++++++++++++++++++++++++++------------------------- fwd.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++++-------- passt.h | 4 +-- 3 files changed, 124 insertions(+), 52 deletions(-) -- 2.46.0

2 5

[PATCH v2 0/4] Add vhost-user support to passt. (part 3)
by Laurent Vivier 15 Aug '24

15 Aug '24

This series of patches adds vhost-user support to passt and then allows passt to connect to QEMU network backend using virtqueue rather than a socket. With QEMU, rather than using to connect: -netdev stream,id=s,server=off,addr.type=unix,addr.path=/tmp/passt_1.socket we will use: -chardev socket,id=chr0,path=/tmp/passt_1.socket -netdev vhost-user,id=netdev0,chardev=chr0 -device virtio-net,netdev=netdev0 -object memory-backend-memfd,id=memfd0,share=on,size=$RAMSIZE -numa node,memdev=memfd0 The memory backend is needed to share data between passt and QEMU. Performance comparison between "-netdev stream" and "-netdev vhost-user": $ iperf3 -c localhost -p 10001 -t 60 -6 -u -b 50G socket: [ 5] 0.00-60.05 sec 95.6 GBytes 13.7 Gbits/sec 0.017 ms 6998988/10132413 (69%) receiver vhost-user: [ 5] 0.00-60.04 sec 237 GBytes 33.9 Gbits/sec 0.006 ms 53673/7813770 (0.69%) receiver $ iperf3 -c localhost -p 10001 -t 60 -4 -u -b 50G socket: [ 5] 0.00-60.05 sec 98.9 GBytes 14.1 Gbits/sec 0.018 ms 6260735/9501832 (66%) receiver vhost-user: [ 5] 0.00-60.05 sec 235 GBytes 33.7 Gbits/sec 0.008 ms 37581/7752699 (0.48%) receiver $ iperf3 -c localhost -p 10001 -t 60 -6 socket: [ 5] 0.00-60.00 sec 17.3 GBytes 2.48 Gbits/sec 0 sender [ 5] 0.00-60.06 sec 17.3 GBytes 2.48 Gbits/sec receiver vhost-user: [ 5] 0.00-60.00 sec 191 GBytes 27.4 Gbits/sec 0 sender [ 5] 0.00-60.05 sec 191 GBytes 27.3 Gbits/sec receiver $ iperf3 -c localhost -p 10001 -t 60 -4 socket: [ 5] 0.00-60.00 sec 15.6 GBytes 2.24 Gbits/sec 0 sender [ 5] 0.00-60.06 sec 15.6 GBytes 2.24 Gbits/sec receiver vhost-user: [ 5] 0.00-60.00 sec 189 GBytes 27.1 Gbits/sec 0 sender [ 5] 0.00-60.04 sec 189 GBytes 27.0 Gbits/sec receiver v2: - remove PATCH 4 - rewrite PATCH 2 and 3 to follow passt coding style - move some code from PATCH 3 to PATCH 4 (previously PATCH 5) - partially addressed David's comment on PATCH 5 Laurent Vivier (4): packet: replace struct desc by struct iovec vhost-user: introduce virtio API vhost-user: introduce vhost-user API vhost-user: add vhost-user Makefile | 4 +- checksum.c | 1 - conf.c | 24 +- iov.c | 1 - isolation.c | 15 +- packet.c | 97 ++-- packet.h | 16 +- passt.c | 16 +- passt.h | 10 + pcap.c | 1 - tap.c | 114 ++++- tap.h | 5 +- tcp.c | 17 +- tcp_vu.c | 560 +++++++++++++++++++++ tcp_vu.h | 12 + udp.c | 54 +- udp_internal.h | 39 ++ udp_vu.c | 240 +++++++++ udp_vu.h | 11 + util.h | 11 + vhost_user.c | 1273 ++++++++++++++++++++++++++++++++++++++++++++++++ vhost_user.h | 197 ++++++++ virtio.c | 605 +++++++++++++++++++++++ virtio.h | 190 ++++++++ 24 files changed, 3392 insertions(+), 121 deletions(-) create mode 100644 tcp_vu.c create mode 100644 tcp_vu.h create mode 100644 udp_internal.h create mode 100644 udp_vu.c create mode 100644 udp_vu.h create mode 100644 vhost_user.c create mode 100644 vhost_user.h create mode 100644 virtio.c create mode 100644 virtio.h -- 2.45.2

3 12

[PATCH] test: Speed up by cutting on eye candy and performance test duration
by Stefano Brivio 15 Aug '24

15 Aug '24

We have a number of delays when we switch to new layouts that were added to make the tests visually easier to follow, together with blinking status bars. Shorten the delays and avoid blinking the status bar if $FAST is set to 1 (no demo mode). Shorten delays in busy loops to 10ms, instead of 100ms, and skip the one-second fixed delay when we wait for the status of a command. Cut the duration of throughput and latency tests to one second, down from ten. Somewhat surprisingly, the results we get are rather consistent, and not significantly different from what we'd get with 10 seconds. This, together with Podman's commit 20f3e8909e3a ("test/system: pasta_test_do add explicit port check"), cuts the time needed on my setup for full test run from approximately 37 minutes to...: $ time ./run [exited] PASS: 165, FAIL: 0 Log at /home/sbrivio/passt/test/test_logs/test.log real 15m34.253s user 0m0.011s sys 0m0.011s Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- test/lib/layout | 14 +++++++------- test/lib/term | 31 +++++++++++++++---------------- test/lib/test | 2 +- test/pasta_options/log_to_file | 4 ++-- test/perf/passt_tcp | 18 +++++++++--------- test/perf/passt_udp | 2 +- test/perf/pasta_tcp | 34 +++++++++++++++++----------------- test/perf/pasta_udp | 2 +- 8 files changed, 53 insertions(+), 54 deletions(-) diff --git a/test/lib/layout b/test/lib/layout index f9a1cf1..4d03572 100644 --- a/test/lib/layout +++ b/test/lib/layout @@ -15,7 +15,7 @@ # layout_pasta() - Panes for host, pasta, and separate one for namespace layout_pasta() { - sleep 3 + sleep 1 tmux kill-pane -a -t 0 cmd_write 0 clear @@ -46,7 +46,7 @@ layout_pasta() { # layout_passt() - Panes for host, passt, and guest layout_passt() { - sleep 3 + sleep 1 tmux kill-pane -a -t 0 cmd_write 0 clear @@ -77,7 +77,7 @@ layout_passt() { # layout_passt_in_pasta() - Host, passt within pasta, namespace and guest layout_passt_in_pasta() { - sleep 3 + sleep 1 tmux kill-pane -a -t 0 cmd_write 0 clear @@ -113,7 +113,7 @@ layout_passt_in_pasta() { # layout_two_guests() - Two guest panes, two passt panes, plus host and log layout_two_guests() { - sleep 3 + sleep 1 tmux kill-pane -a -t 0 cmd_write 0 clear @@ -152,7 +152,7 @@ layout_two_guests() { # layout_demo_pasta() - Four panes for pasta demo layout_demo_pasta() { - sleep 3 + sleep 1 cmd_write 0 cd ${BASEPATH} cmd_write 0 clear @@ -188,7 +188,7 @@ layout_demo_pasta() { # layout_demo_passt() - Four panes for passt demo layout_demo_passt() { - sleep 3 + sleep 1 cmd_write 0 cd ${BASEPATH} cmd_write 0 clear @@ -224,7 +224,7 @@ layout_demo_passt() { # layout_demo_podman() - Four panes for pasta demo with Podman layout_demo_podman() { - sleep 3 + sleep 1 cmd_write 0 cd ${BASEPATH} cmd_write 0 clear diff --git a/test/lib/term b/test/lib/term index 262937e..3834092 100755 --- a/test/lib/term +++ b/test/lib/term @@ -97,7 +97,6 @@ display_delay() { switch_pane() { tmux select-pane -t ${1} PR_DELAY=${PR_DELAY_INIT} - display_delay "0.2" } # cmd_write() - Write a command to a pane, letter by letter, and execute it @@ -199,7 +198,7 @@ pane_run() { # $1: Pane name pane_wait() { __lc="$(echo "${1}" | tr [A-Z] [a-z])" - sleep 0.1 || sleep 1 + sleep 0.01 || sleep 1 __done=0 while @@ -207,7 +206,7 @@ pane_wait() { case ${__l} in *"$ " | *"# ") return ;; esac - do sleep 0.1 || sleep 1; done + do sleep 0.01 || sleep 1; done } # pane_parse() - Print last line, @EMPTY@ if command had no output @@ -231,7 +230,7 @@ pane_status() { __status="$(pane_parse "${1}")" while ! [ "${__status}" -eq "${__status}" ] 2>/dev/null; do - sleep 1 + sleep 0.01 || sleep 1 pane_run "${1}" 'echo $?' pane_wait "${1}" __status="$(pane_parse "${1}")" @@ -383,6 +382,16 @@ info_check_failed() { printf " < failed.\n" >> "${LOGFILE}" } +# status_bar_blink() - Make status bar blink +status_bar_blink() { + for i in `seq 1 3`; do + tmux set status-right-style 'bg=colour1 fg=colour196 bold' + sleep 0.1 || sleep 1 + tmux set status-right-style 'bg=colour1 fg=colour233 bold' + sleep 0.1 || sleep 1 + done +} + # info_passed() - Display, log, and make status bar blink when a test passes info_passed() { switch_pane ${PANE_INFO} @@ -391,12 +400,7 @@ info_passed() { log "...passed." log - for i in `seq 1 3`; do - tmux set status-right-style 'bg=colour1 fg=colour2 bold' - sleep "0.1" - tmux set status-right-style 'bg=colour1 fg=colour233 bold' - sleep "0.1" - done + [ ${FAST} -eq 1 ] || status_bar_blink } # info_failed() - Display, log, and make status bar blink when a test passes @@ -407,12 +411,7 @@ info_failed() { log "...failed." log - for i in `seq 1 3`; do - tmux set status-right-style 'bg=colour1 fg=colour196 bold' - sleep "0.1" - tmux set status-right-style 'bg=colour1 fg=colour233 bold' - sleep "0.1" - done + [ ${FAST} -eq 1 ] || status_bar_blink pause_continue \ "Press any key to pause test session" \ diff --git a/test/lib/test b/test/lib/test index c525f8e..e6726be 100755 --- a/test/lib/test +++ b/test/lib/test @@ -33,7 +33,7 @@ test_iperf3k() { pane_or_context_run "${__sctx}" 'kill -INT $(cat s.pid); rm s.pid' - sleep 3 # Wait for kernel to free up ports + sleep 1 # Wait for kernel to free up ports } # test_iperf3() - Ugly helper for iperf3 directive diff --git a/test/pasta_options/log_to_file b/test/pasta_options/log_to_file index fe50e50..3ead06c 100644 --- a/test/pasta_options/log_to_file +++ b/test/pasta_options/log_to_file @@ -19,7 +19,7 @@ sleep 1 endef def flood_log_client -host tcp_crr --nolog -P 10001 -C 10002 -6 -c -H ::1 +host tcp_crr --nolog -l1 -P 10001 -C 10002 -6 -c -H ::1 endef def check_log_size_mountns @@ -42,7 +42,7 @@ pout PID2 echo $! check head -1 __LOG_FILE__ | grep '^pasta .* [(]__PID2__[)]$' test Maximum log size -passtb ./pasta --config-net -d -f -l __LOG_FILE__ --log-size $((100 * 1024)) -- sh -c 'while true; do tcp_crr --nolog -P 10001 -C 10002 -6; done' +passtb ./pasta --config-net -d -f -l __LOG_FILE__ --log-size $((100 * 1024)) -- sh -c 'while true; do tcp_crr --nolog -l1 -P 10001 -C 10002 -6; done' sleep 1 flood_log_client diff --git a/test/perf/passt_tcp b/test/perf/passt_tcp index 14343cb..695479f 100644 --- a/test/perf/passt_tcp +++ b/test/perf/passt_tcp @@ -38,7 +38,7 @@ hout FREQ_CPUFREQ (echo "scale=1"; printf '( %i + 10^5 / 2 ) / 10^6\n' $(cat /sy hout FREQ [ -n "__FREQ_CPUFREQ__" ] && echo __FREQ_CPUFREQ__ || echo __FREQ_PROCFS__ set THREADS 4 -set TIME 10 +set TIME 1 set OMIT 0.1 set OPTS -Z -P __THREADS__ -l 1M -O__OMIT__ @@ -75,7 +75,7 @@ lat - lat - lat - nsb tcp_rr --nolog -6 -gout LAT tcp_rr --nolog -6 -c -H __GW6__%__IFNAME__ | sed -n 's/^throughput=$.*$/\1/p' +gout LAT tcp_rr --nolog -l1 -6 -c -H __GW6__%__IFNAME__ | sed -n 's/^throughput=$.*$/\1/p' lat __LAT__ 200 150 tl TCP CRR latency over IPv6: guest to host @@ -85,7 +85,7 @@ lat - lat - lat - nsb tcp_crr --nolog -6 -gout LAT tcp_crr --nolog -6 -c -H __GW6__%__IFNAME__ | sed -n 's/^throughput=$.*$/\1/p' +gout LAT tcp_crr --nolog -l1 -6 -c -H __GW6__%__IFNAME__ | sed -n 's/^throughput=$.*$/\1/p' lat __LAT__ 500 400 tr TCP throughput over IPv4: guest to host @@ -119,7 +119,7 @@ lat - lat - lat - nsb tcp_rr --nolog -4 -gout LAT tcp_rr --nolog -4 -c -H __GW__ | sed -n 's/^throughput=$.*$/\1/p' +gout LAT tcp_rr --nolog -l1 -4 -c -H __GW__ | sed -n 's/^throughput=$.*$/\1/p' lat __LAT__ 200 150 tl TCP CRR latency over IPv4: guest to host @@ -129,7 +129,7 @@ lat - lat - lat - nsb tcp_crr --nolog -4 -gout LAT tcp_crr --nolog -4 -c -H __GW__ | sed -n 's/^throughput=$.*$/\1/p' +gout LAT tcp_crr --nolog -l1 -4 -c -H __GW__ | sed -n 's/^throughput=$.*$/\1/p' lat __LAT__ 500 400 tr TCP throughput over IPv6: host to guest @@ -153,7 +153,7 @@ lat - lat - guestb tcp_rr --nolog -P 10001 -C 10011 -6 sleep 1 -nsout LAT tcp_rr --nolog -P 10001 -C 10011 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_rr --nolog -l1 -P 10001 -C 10011 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' lat __LAT__ 200 150 tl TCP CRR latency over IPv6: host to guest @@ -164,7 +164,7 @@ lat - lat - guestb tcp_crr --nolog -P 10001 -C 10011 -6 sleep 1 -nsout LAT tcp_crr --nolog -P 10001 -C 10011 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_crr --nolog -l1 -P 10001 -C 10011 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' lat __LAT__ 500 350 @@ -189,7 +189,7 @@ lat - lat - guestb tcp_rr --nolog -P 10001 -C 10011 -4 sleep 1 -nsout LAT tcp_rr --nolog -P 10001 -C 10011 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_rr --nolog -l1 -P 10001 -C 10011 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' lat __LAT__ 200 150 tl TCP CRR latency over IPv6: host to guest @@ -200,7 +200,7 @@ lat - lat - guestb tcp_crr --nolog -P 10001 -C 10011 -4 sleep 1 -nsout LAT tcp_crr --nolog -P 10001 -C 10011 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_crr --nolog -l1 -P 10001 -C 10011 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' lat __LAT__ 500 300 te diff --git a/test/perf/passt_udp b/test/perf/passt_udp index 8919280..f25c903 100644 --- a/test/perf/passt_udp +++ b/test/perf/passt_udp @@ -31,7 +31,7 @@ hout FREQ_CPUFREQ (echo "scale=1"; printf '( %i + 10^5 / 2 ) / 10^6\n' $(cat /sy hout FREQ [ -n "__FREQ_CPUFREQ__" ] && echo __FREQ_CPUFREQ__ || echo __FREQ_PROCFS__ set THREADS 2 -set TIME 10 +set TIME 1 set OPTS -u -P __THREADS__ --pacing-timer 1000 info Throughput in Gbps, latency in µs, __THREADS__ threads at __FREQ__ GHz diff --git a/test/perf/pasta_tcp b/test/perf/pasta_tcp index 8d2f911..a443f5a 100644 --- a/test/perf/pasta_tcp +++ b/test/perf/pasta_tcp @@ -22,7 +22,7 @@ ns /sbin/sysctl -w net.ipv4.tcp_timestamps=0 set THREADS 4 -set TIME 10 +set TIME 1 set OMIT 0.1 set OPTS -Z -w 4M -l 1M -P __THREADS__ -O__OMIT__ @@ -46,13 +46,13 @@ iperf3k host tl TCP RR latency over IPv6: ns to host hostb tcp_rr --nolog -P 10003 -C 10013 -6 -nsout LAT tcp_rr --nolog -P 10003 -C 10013 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_rr --nolog -l1 -P 10003 -C 10013 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' hostw lat __LAT__ 150 100 tl TCP CRR latency over IPv6: ns to host hostb tcp_crr --nolog -P 10003 -C 10013 -6 -nsout LAT tcp_crr --nolog -P 10003 -C 10013 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_crr --nolog -l1 -P 10003 -C 10013 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' hostw lat __LAT__ 500 350 @@ -67,13 +67,13 @@ iperf3k host tl TCP RR latency over IPv4: ns to host hostb tcp_rr --nolog -P 10003 -C 10013 -4 -nsout LAT tcp_rr --nolog -P 10003 -C 10013 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_rr --nolog -l1 -P 10003 -C 10013 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' hostw lat __LAT__ 150 100 tl TCP CRR latency over IPv4: ns to host hostb tcp_crr --nolog -P 10003 -C 10013 -4 -nsout LAT tcp_crr --nolog -P 10003 -C 10013 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_crr --nolog -l1 -P 10003 -C 10013 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' hostw lat __LAT__ 500 350 @@ -87,13 +87,13 @@ iperf3k ns tl TCP RR latency over IPv6: host to ns nsb tcp_rr --nolog -P 10002 -C 10012 -6 -hout LAT tcp_rr --nolog -P 10002 -C 10012 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' +hout LAT tcp_rr --nolog -l1 -P 10002 -C 10012 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' nsw lat __LAT__ 150 100 tl TCP CRR latency over IPv6: host to ns nsb tcp_crr --nolog -P 10002 -C 10012 -6 -hout LAT tcp_crr --nolog -P 10002 -C 10012 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' +hout LAT tcp_crr --nolog -l1 -P 10002 -C 10012 -6 -c -H ::1 | sed -n 's/^throughput=$.*$/\1/p' nsw lat __LAT__ 1000 700 @@ -108,13 +108,13 @@ iperf3k ns tl TCP RR latency over IPv4: host to ns nsb tcp_rr --nolog -P 10002 -C 10012 -4 -hout LAT tcp_rr --nolog -P 10002 -C 10012 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' +hout LAT tcp_rr --nolog -l1 -P 10002 -C 10012 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' nsw lat __LAT__ 150 100 tl TCP CRR latency over IPv4: host to ns nsb tcp_crr --nolog -P 10002 -C 10012 -4 -hout LAT tcp_crr --nolog -P 10002 -C 10012 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' +hout LAT tcp_crr --nolog -l1 -P 10002 -C 10012 -4 -c -H 127.0.0.1 | sed -n 's/^throughput=$.*$/\1/p' nsw lat __LAT__ 1000 700 @@ -156,7 +156,7 @@ lat - lat - lat - hostb tcp_rr --nolog -P 10003 -C 10013 -6 -nsout LAT tcp_rr --nolog -P 10003 -C 10013 -6 -c -H __GW6__%__IFNAME__ | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_rr --nolog -l1 -P 10003 -C 10013 -6 -c -H __GW6__%__IFNAME__ | sed -n 's/^throughput=$.*$/\1/p' hostw lat __LAT__ 150 100 @@ -165,7 +165,7 @@ lat - lat - lat - hostb tcp_crr --nolog -P 10003 -C 10013 -6 -nsout LAT tcp_crr --nolog -P 10003 -C 10013 -6 -c -H __GW6__%__IFNAME__ | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_crr --nolog -l1 -P 10003 -C 10013 -6 -c -H __GW6__%__IFNAME__ | sed -n 's/^throughput=$.*$/\1/p' hostw lat __LAT__ 1500 500 @@ -193,7 +193,7 @@ lat - lat - lat - hostb tcp_rr --nolog -P 10003 -C 10013 -4 -nsout LAT tcp_rr --nolog -P 10003 -C 10013 -4 -c -H __GW__ | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_rr --nolog -l1 -P 10003 -C 10013 -4 -c -H __GW__ | sed -n 's/^throughput=$.*$/\1/p' hostw lat __LAT__ 150 100 @@ -202,7 +202,7 @@ lat - lat - lat - hostb tcp_crr --nolog -P 10003 -C 10013 -4 -nsout LAT tcp_crr --nolog -P 10003 -C 10013 -4 -c -H __GW__ | sed -n 's/^throughput=$.*$/\1/p' +nsout LAT tcp_crr --nolog -l1 -P 10003 -C 10013 -4 -c -H __GW__ | sed -n 's/^throughput=$.*$/\1/p' hostw lat __LAT__ 1500 500 @@ -224,7 +224,7 @@ lat - lat - lat - nsb tcp_rr --nolog -P 10002 -C 10012 -6 -hout LAT tcp_rr --nolog -P 10002 -C 10012 -6 -c -H __ADDR6__ | sed -n 's/^throughput=$.*$/\1/p' +hout LAT tcp_rr --nolog -l1 -P 10002 -C 10012 -6 -c -H __ADDR6__ | sed -n 's/^throughput=$.*$/\1/p' nsw lat __LAT__ 150 100 @@ -234,7 +234,7 @@ lat - lat - sleep 1 nsb tcp_crr --nolog -P 10002 -C 10012 -6 -hout LAT tcp_crr --nolog -P 10002 -C 10012 -6 -c -H __ADDR6__ | sed -n 's/^throughput=$.*$/\1/p' +hout LAT tcp_crr --nolog -l1 -P 10002 -C 10012 -6 -c -H __ADDR6__ | sed -n 's/^throughput=$.*$/\1/p' nsw lat __LAT__ 5000 10000 @@ -256,7 +256,7 @@ lat - lat - lat - nsb tcp_rr --nolog -P 10002 -C 10012 -4 -hout LAT tcp_rr --nolog -P 10002 -C 10012 -4 -c -H __ADDR__ | sed -n 's/^throughput=$.*$/\1/p' +hout LAT tcp_rr --nolog -l1 -P 10002 -C 10012 -4 -c -H __ADDR__ | sed -n 's/^throughput=$.*$/\1/p' nsw lat __LAT__ 150 100 @@ -266,7 +266,7 @@ lat - lat - sleep 1 nsb tcp_crr --nolog -P 10002 -C 10012 -4 -hout LAT tcp_crr --nolog -P 10002 -C 10012 -4 -c -H __ADDR__ | sed -n 's/^throughput=$.*$/\1/p' +hout LAT tcp_crr --nolog -l1 -P 10002 -C 10012 -4 -c -H __ADDR__ | sed -n 's/^throughput=$.*$/\1/p' nsw lat __LAT__ 5000 10000 diff --git a/test/perf/pasta_udp b/test/perf/pasta_udp index 6acbfd3..9fed62e 100644 --- a/test/perf/pasta_udp +++ b/test/perf/pasta_udp @@ -21,7 +21,7 @@ hout FREQ_CPUFREQ (echo "scale=1"; printf '( %i + 10^5 / 2 ) / 10^6\n' $(cat /sy hout FREQ [ -n "__FREQ_CPUFREQ__" ] && echo __FREQ_CPUFREQ__ || echo __FREQ_PROCFS__ set THREADS 1 -set TIME 10 +set TIME 1 set OPTS -u -P __THREADS__ info Throughput in Gbps, latency in µs, one thread at __FREQ__ GHz -- 2.43.0

2 1

[net] tcp: add SO_PEEK_OFF socket option tor TCPv6
by jmaloy＠redhat.com 14 Aug '24

14 Aug '24

From: Jon Maloy <jmaloy(a)redhat.com> When we added the SO_PEEK_OFF socket option to TCP we forgot to add it even for TCP on IPv6. We do that here. Fixes: 05ea491641d3 ("tcp: add support for SO_PEEK_OFF socket option") Signed-off-by: Jon Maloy <jmaloy(a)redhat.com> --- net/ipv6/af_inet6.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 90d2c7e3f5e9..ba69b86f1c7d 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -708,6 +708,7 @@ const struct proto_ops inet6_stream_ops = { .splice_eof = inet_splice_eof, .sendmsg_locked = tcp_sendmsg_locked, .splice_read = tcp_splice_read, + .set_peek_off = sk_set_peek_off, .read_sock = tcp_read_sock, .read_skb = tcp_read_skb, .peek_len = tcp_peek_len, -- 2.45.2

5 4

passt: new version 2024_08_14.61c0b0d available
by Stefano Brivio 14 Aug '24

14 Aug '24

The new version with tag 2024_08_14.61c0b0d includes the following changes: 61c0b0d flow: Don't crash if guest attempts to connect to port 0 baba284 conf: Don't ignore -t and -u options after -D c16141e ndp.c: Turn NDP responder into more declarative implementation f6d5a52 conf: Delay handling -D option until after addresses are configured 86bdd96 Correct inaccurate comments on ip[46]_ctx::addr fecb1b6 log: Don't prefix message with timestamp on --debug if it's a continuation baccfb9 conf: Stop parsing options at first non-option argument 09603ca passt, util: Close any open file that the parent might have leaked 755f9fd nstool: Propagate SIGTERM to processes executed in the namespace 5ca61c2 nstool: Fix some trivial typos a628cb9 log: Avoid duplicate calls to logtime() 2c7558d log: Handle errors from clock_gettime() b91bae1 log: Correct formatting of timestamps 95569e4 util: Some corrections for timespec_diff_us fbb0c95 conf, pasta: Make -g and -a skip route/addresses copy for matching IP version only https://passt.top/passt/log/?qt=range&q=2024_08_06.ee36266..2024_08_14.61c0… Packages: - Alpine Linux: https://pkgs.alpinelinux.org/packages?name=passt - Arch Linux: https://www.archlinux.org/packages/extra/x86_64/passt/ https://archlinuxarm.org/packages/aarch64/passt https://archlinuxarm.org/packages/armv7h/passt - Chimera: https://pkgs.chimera-linux.org/packages?name=passt - Clear Linux: https://github.com/clearlinux-pkgs/passt/ - Debian tracker: https://tracker.debian.org/pkg/passt - Copr (CentOS Stream, EPEL, Fedora, Mageia): https://copr.fedorainfracloud.org/coprs/sbrivio/passt/build/7907497/ permanent mirror: https://passt.top/builds/copr/0^20240814.g61c0b0d/ - Fedora updates: https://bodhi.fedoraproject.org/updates/?packages=passt - Gentoo versions: https://packages.gentoo.org/packages/net-misc/passt - GNU Guix: https://packages.guix.gnu.org/packages/passt/ - Homebrew: https://formulae.brew.sh/formula/passt - NixOS: https://github.com/NixOS/nixpkgs/tree/nixos-unstable/pkgs/by-name/pa/passt - openSUSE: https://software.opensuse.org/package/passt - PLD Linux: https://git.pld-linux.org/cgi-bin/gitweb.cgi?p=packages/passt.git - Solus: https://github.com/getsolus/packages/tree/main/packages/p/passt - Ubuntu tracker: https://launchpad.net/ubuntu/+source/passt - Void Linux: https://voidlinux.org/packages/?q=passt - Static builds: - Package for other RPM-based distributions, x86_64 only: https://passt.top/builds/latest/x86_64/passt-g61c0b0d-1.x86_64.rpm - x86_64 static binaries: https://passt.top/builds/latest/x86_64/ - Debian package, from x86_64 static build: https://passt.top/builds/latest/x86_64/passt_61c0b0d-1_all.deb -- Stefano

1 0