On Sun, Dec 08, 2024 at 01:04:47PM -0500, Jon Maloy wrote:

During testing it is sometimes useful to force traffic which would normally be forwared by socket splicing through the tap interface.

In this commit, we add a command switch enabling such funtionality for inbound local traffic.

For outbound local traffic this is much trickier, if even possible, so leave that for a later commit.

Suggested-by: David Gibson Signed-off-by: Jon Maloy

Reviewed-by: David Gibson

--- v2: Some minor changes based on feedback from PASST team v3: More changes based on feedback from D. Gibson and S. Brivio -Moved new option to pasta-only section -Added description to man-page v4: -Changed test on (mode == PASST) to (mode != PASTA) as suggested by Stefano Brivio. --- conf.c | 7 ++++++- fwd.c | 2 +- passt.1 | 4 ++++ passt.h | 2 ++ 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/conf.c b/conf.c index eaa7d99..97d8beb 100644 --- a/conf.c +++ b/conf.c @@ -977,7 +977,8 @@ pasta_opts: " Don't copy all routes to namespace\n" " --no-copy-addrs DEPRECATED:\n" " Don't copy all addresses to namespace\n" - " --ns-mac-addr ADDR Set MAC address on tap interface\n"); + " --ns-mac-addr ADDR Set MAC address on tap interface\n" + " --no-splice Disable inbound socket splicing\n");

exit(status); } @@ -1319,6 +1320,7 @@ void conf(struct ctx *c, int argc, char **argv) {"no-dhcpv6", no_argument, &c->no_dhcpv6, 1 }, {"no-ndp", no_argument, &c->no_ndp, 1 }, {"no-ra", no_argument, &c->no_ra, 1 }, + {"no-splice", no_argument, &c->no_splice, 1 }, {"freebind", no_argument, &c->freebind, 1 }, {"no-map-gw", no_argument, &no_map_gw, 1 }, {"ipv4-only", no_argument, NULL, '4' }, @@ -1756,6 +1758,9 @@ void conf(struct ctx *c, int argc, char **argv) } } while (name != -1);

+ if (c->mode != MODE_PASTA) + c->no_splice = 1; + if (c->mode == MODE_PASTA && !c->pasta_conf_ns) { if (copy_routes_opt) die("--no-copy-routes needs --config-net"); diff --git a/fwd.c b/fwd.c index 0b7f8b1..2829cd2 100644 --- a/fwd.c +++ b/fwd.c @@ -443,7 +443,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto, else if (proto == IPPROTO_UDP) tgt->eport += c->udp.fwd_in.delta[tgt->eport];

- if (c->mode == MODE_PASTA && inany_is_loopback(&ini->eaddr) && + if (!c->no_splice && inany_is_loopback(&ini->eaddr) && (proto == IPPROTO_TCP || proto == IPPROTO_UDP)) { /* spliceable */

diff --git a/passt.1 b/passt.1 index b2896a2..c8a5783 100644 --- a/passt.1 +++ b/passt.1 @@ -695,6 +695,10 @@ Configure MAC address \fIaddr\fR on the tap interface in the namespace.

Default is to let the tap driver build a pseudorandom hardware address.

+.TP +.BR \-\-no-splice +Disable socket splicing for host to NS traffic. + .SH EXAMPLES

.SS \fBpasta diff --git a/passt.h b/passt.h index c038630..0dd4efa 100644 --- a/passt.h +++ b/passt.h @@ -229,6 +229,7 @@ struct ip6_ctx { * @no_dhcpv6: Disable DHCPv6 server * @no_ndp: Disable NDP handler altogether * @no_ra: Disable router advertisements + * @no_splice: Disable socket splicing for inbound traffic * @host_lo_to_ns_lo: Map host loopback addresses to ns loopback addresses * @freebind: Allow binding of non-local addresses for forwarding * @low_wmem: Low probed net.core.wmem_max @@ -291,6 +292,7 @@ struct ctx { int no_dhcpv6; int no_ndp; int no_ra; + int no_splice; int host_lo_to_ns_lo; int freebind;

-- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson