passt, branch 2022_08_04.b516d15 Plug A Simple Socket Transport contrib, test: Rebase Podman patch, enable three-way merge on git am in demo 2022-08-01T10:45:05+00:00 Stefano Brivio sbrivio@redhat.com 2022-08-01T10:45:05+00:00 b516d151b186835c554e7521b685b41971aabb0d Given that a three-way git merge was enough to cope with context changes in man pages, it's probably a good idea to enable that for 'git am' in the demo too. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Given that a three-way git merge was enough to cope with context
changes in man pages, it's probably a good idea to enable that for
'git am' in the demo too.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
passt.1: Default host interfaces are now selected based on IP version 2022-07-30T20:17:07+00:00 Stefano Brivio sbrivio@redhat.com 2022-07-30T20:17:07+00:00 0070e35d2bd94327562beb0329625f5e01cc9d9f Reflect the changes from commit 4b2e018d70f3 ("Allow different external interfaces for IPv4 and IPv6 connectivity") into the manual. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Reflect the changes from commit 4b2e018d70f3 ("Allow different
external interfaces for IPv4 and IPv6 connectivity") into the manual.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Make substructures for IPv4 and IPv6 specific context information 2022-07-30T20:14:07+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-22T05:31:18+00:00 16f5586bb811dd344c3bbeadc88f30568986adbc The context structure contains a batch of fields specific to IPv4 and to IPv6 connectivity. Split those out into a sub-structure. This allows the conf_ip4() and conf_ip6() functions, which take the entire context but touch very little of it, to be given more specific parameters, making it clearer what it affects without stepping through the code. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
The context structure contains a batch of fields specific to IPv4 and to
IPv6 connectivity.  Split those out into a sub-structure.

This allows the conf_ip4() and conf_ip6() functions, which take the
entire context but touch very little of it, to be given more specific
parameters, making it clearer what it affects without stepping through the
code.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Separate IPv4 and IPv6 configuration 2022-07-30T20:12:50+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-22T05:31:17+00:00 5e12d23acbda8871848c6221a4f14e5b7daff66f After recent changes, conf_ip() now has essentially entirely disjoint paths for IPv4 and IPv6 configuration. So, it's cleaner to split them out into different functions conf_ip4() and conf_ip6(). Splitting these out also lets us make the interface a bit nicer, having them return success or failure directly, rather than manipulating c->v4 and c->v6 to indicate success/failure of the two versions. Since these functions may also initialize the interface index for each protocol, it turns out we can then drop c->v4 and c->v6 entirely, replacing tests on those with tests on whether c->ifi4 or c->ifi6 is non-zero (since a 0 interface index is never valid). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Whitespace fixes] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
After recent changes, conf_ip() now has essentially entirely disjoint paths
for IPv4 and IPv6 configuration.  So, it's cleaner to split them out into
different functions conf_ip4() and conf_ip6().

Splitting these out also lets us make the interface a bit nicer, having
them return success or failure directly, rather than manipulating c->v4
and c->v6 to indicate success/failure of the two versions.

Since these functions may also initialize the interface index for each
protocol, it turns out we can then drop c->v4 and c->v6 entirely, replacing
tests on those with tests on whether c->ifi4 or c->ifi6 is non-zero (since
a 0 interface index is never valid).

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Whitespace fixes]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Clarify semantics of c->v4 and c->v6 variables 2022-07-30T20:09:38+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-22T05:31:16+00:00 c984ee5afdd84098fc103e110f4501d0ea196fe8 The v4 and v6 fields of the context structure can be confusing, because they change meaning part way through the code: Before conf_ip(), they are booleans which indicate whether the -4 or -6 options have been given. After conf_ip() they are DISABLED|ENABLED|PROBE enums which indicate whether the IP version is available (which means both that it was allowed on the command line and we were able to configure it). The PROBE variant of the enum is only used locally within conf_ip() and since recent changes there it no longer has a real purpose different from ENABLED. Simplify this all by making the context fields always just a boolean indicating the availability of the IP version. They both default to 1, but can be set to 0 by either command line options or configuration failures. We use some local variables in conf() for tracking the state of the command line options on their own. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Minor coding style fix in conf.c] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
The v4 and v6 fields of the context structure can be confusing, because
they change meaning part way through the code:  Before conf_ip(), they are
booleans which indicate whether the -4 or -6 options have been given.
After conf_ip() they are DISABLED|ENABLED|PROBE enums which indicate
whether the IP version is available (which means both that it was allowed
on the command line and we were able to configure it).  The PROBE variant
of the enum is only used locally within conf_ip() and since recent changes
there it no longer has a real purpose different from ENABLED.

Simplify this all by making the context fields always just a boolean
indicating the availability of the IP version.  They both default to 1, but
can be set to 0 by either command line options or configuration failures.
We use some local variables in conf() for tracking the state of the command
line options on their own.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Minor coding style fix in conf.c]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Move passt mac_guest init to be more symmetric with pasta 2022-07-30T19:57:50+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-22T05:31:15+00:00 4bc883aeab9b05d66baa4fcf3c0e993ffa6f8a0b In pasta mode, the guest's MAC address is set up in pasta_ns_cobf() called from tap_sock_tun_init(). If we have a guest MAC configured with --ns-mac-addr, this will set the given MAC on the kernel tuntap device, or if we haven't configured one it will update our record of the guest MAC to the kernel assigned one from the device. For passt, we don't initially know the guest's MAC until we receive packets from it, so we have to initially use a broadcast address. This is - oddly - set up in an entirely different place, in conf_ip() conditional on the mode. Move it to the logically matching place for passt - tap_sock_unix_init(). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
In pasta mode, the guest's MAC address is set up in pasta_ns_cobf() called
from tap_sock_tun_init().  If we have a guest MAC configured with
--ns-mac-addr, this will set the given MAC on the kernel tuntap device, or
if we haven't configured one it will update our record of the guest MAC to
the kernel assigned one from the device.

For passt, we don't initially know the guest's MAC until we receive packets
from it, so we have to initially use a broadcast address.  This is - oddly
- set up in an entirely different place, in conf_ip() conditional on the
mode.

Move it to the logically matching place for passt - tap_sock_unix_init().

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Initialize host side MAC when in IPv6 only mode 2022-07-30T19:57:50+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-22T05:31:14+00:00 3f190726407109fdb74ed7b5f8ddd7e68a56d7aa When sending packets to the guest we need a source MAC address, which we currently take from the host side interface we're using (though it's basically arbitrary). However if not given on the command line this MAC is initialized in an IPv4 specific path, and will end up as 00:00:00:00:00:00 when running "passt 6". The MAC address is also used for IPv6 packets, though. Interestingly, we largely seem to get away with using an all-zero MAC, but it's probably not a good idea. Make the IPv6 path pick the MAC address from its interface if the IPv4 path hasn't already done so. While we're there, use the existing MAC_IS_ZERO macro to make the code a little clearer. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
When sending packets to the guest we need a source MAC address, which we
currently take from the host side interface we're using (though it's
basically arbitrary).  However if not given on the command line this MAC
is initialized in an IPv4 specific path, and will end up as
00:00:00:00:00:00 when running "passt 6".  The MAC address is also used
for IPv6 packets, though.

Interestingly, we largely seem to get away with using an all-zero MAC, but
it's probably not a good idea.  Make the IPv6 path pick the MAC address
from its interface if the IPv4 path hasn't already done so.

While we're there, use the existing MAC_IS_ZERO macro to make the code a
little clearer.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Separately locate external interfaces for IPv4 and IPv6 2022-07-30T19:57:50+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-22T05:31:13+00:00 06abfcf6d95762976d37aa5721c16802c649efd4 Now that the back end allows passt/pasta to use different external interfaces for IPv4 and IPv6, use that to do the right thing in the case that the host has IPv4 and IPv6 connectivity via different interfaces. If the user hasn't explicitly chosen an interface, separately search for a suitable external interface for each protocol. As a bonus, this substantially simplifies the external interface probe. It also eliminates a subtle confusing case where in some circumstances we would pick the first interface in interface index order, and sometimes in order of routes returned from netlink. On some network configurations that could cause tests to fail, because the logic in the tests was subtly different (it always used route order). Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
Now that the back end allows passt/pasta to use different external
interfaces for IPv4 and IPv6, use that to do the right thing in the case
that the host has IPv4 and IPv6 connectivity via different interfaces.
If the user hasn't explicitly chosen an interface, separately search for
a suitable external interface for each protocol.

As a bonus, this substantially simplifies the external interface probe.  It
also eliminates a subtle confusing case where in some circumstances we
would pick the first interface in interface index order, and sometimes in
order of routes returned from netlink.  On some network configurations that
could cause tests to fail, because the logic in the tests was subtly
different (it always used route order).

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
tests: Correct determination of host interface name in tests 2022-07-30T19:57:14+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-15T05:21:40+00:00 3eaf9f532021326a47f70046b05854d8b1819825 By default, passt itself attaches to the first host interface with a default route. However, when determining the host interface name the tests implicitly select the *last* host interface: they use a jq expression which will list all interfaces with default routes, but the way output detection works in the scripts, it will only pick up the last line. If there are multiple interfaces with default routes on the host, and they each have a different address, this can cause spurious test failures. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
By default, passt itself attaches to the first host interface with a
default route.  However, when determining the host interface name the tests
implicitly select the *last* host interface: they use a jq expression which
will list all interfaces with default routes, but the way output detection
works in the scripts, it will only pick up the last line.

If there are multiple interfaces with default routes on the host, and they
each have a different address, this can cause spurious test failures.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Allow different external interfaces for IPv4 and IPv6 connectivity 2022-07-30T19:50:41+00:00 David Gibson david@gibson.dropbear.id.au 2022-07-22T05:31:12+00:00 4b2e018d70f33d1e337b039d620823a020711ba5 It's quite plausible for a host to have both IPv4 and IPv6 connectivity, but only via different interfaces. For example, this will happen in the case that IPv6 connectivity is via a tunnel (e.g. 6in4 or 6rd). It would also happen in the case that IPv4 access is via a tunnel on an otherwise IPv6 only local network, which is a setup that might become more common in the post IPv4 address exhaustion world. In turns out there's no real need for passt/pasta to get its IPv4 and IPv6 connectivity via the same interface, so we can handle this situation fairly easily. Change the core to allow eparate external interfaces for IPv4 and IPv6. We don't actually set these separately for now. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 
It's quite plausible for a host to have both IPv4 and IPv6 connectivity,
but only via different interfaces.  For example, this will happen in the
case that IPv6 connectivity is via a tunnel (e.g. 6in4 or 6rd).  It would
also happen in the case that IPv4 access is via a tunnel on an otherwise
IPv6 only local network, which is a setup that might become more common in
the post IPv4 address exhaustion world.

In turns out there's no real need for passt/pasta to get its IPv4 and IPv6
connectivity via the same interface, so we can handle this situation fairly
easily.  Change the core to allow eparate external interfaces for IPv4 and
IPv6.  We don't actually set these separately for now.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>