passt/tcp.c, branch 2026_06_11.a9c61ff Plug A Simple Socket Transport passt, tcp: Inline CALL_PROTO_HANDLER() and merge tcp_timer() 2026-06-04T04:45:09+00:00 Laurent Vivier lvivier@redhat.com 2026-06-02T13:17:08+00:00 31d0893d47e3d147b3a1597bbede7de65281a62f Since 260075bde769 ("tcp, udp, fwd: Run all port scanning from a single timer"), CALL_PROTO_HANDLER() has only one user (tcp), so inline it at the call site and remove the macro. Merge tcp_timer() into tcp_defer_handler(), moving the timer interval check there, matching the pattern used by flow_defer_handler() and fwd_scan_ports_timer(). The weak declaration and null check for tcp_defer_handler are also dropped as the function is always defined. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Since 260075bde769 ("tcp, udp, fwd: Run all port scanning from a
single timer"), CALL_PROTO_HANDLER() has only one user (tcp), so
inline it at the call site and remove the macro.

Merge tcp_timer() into tcp_defer_handler(), moving the timer interval
check there, matching the pattern used by flow_defer_handler() and
fwd_scan_ports_timer().

The weak declaration and null check for tcp_defer_handler are also
dropped as the function is always defined.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
tcp: Don't leak sockets on error paths 2026-05-27T08:17:42+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-13T07:18:21+00:00 4b2823784aab04a70dfc295b16fd6f0592955790 tcp_listen_handler() has several error paths that will cancel the creation of a new flow, after having accept()ed an incoming socket connection. Coverity pointed out that in those cases we leak the new socket. Correct this by properly closing the socket. Make sure to also set SO_LINGER so that the peer will get an RST. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
tcp_listen_handler() has several error paths that will cancel the creation
of a new flow, after having accept()ed an incoming socket connection.
Coverity pointed out that in those cases we leak the new socket.  Correct
this by properly closing the socket.  Make sure to also set SO_LINGER so
that the peer will get an RST.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
tcp, tcp_splice: Make helper for setting SO_LINGER socket option 2026-05-27T08:17:18+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-13T07:18:20+00:00 98e3c015b3791ff55381e5ee687f541721d1695e Both spliced and non-spliced TCP in some cases set the SO_LINGER socket option in order to to force a TCP RST on a socket side connection. In each case we open code the setsockopt() logic. We're shortly going to add another place that needs this, so move the setsockopt() and error handling logic into a shared helper. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Both spliced and non-spliced TCP in some cases set the SO_LINGER socket
option in order to to force a TCP RST on a socket side connection.  In each
case we open code the setsockopt() logic.  We're shortly going to add
another place that needs this, so move the setsockopt() and error handling
logic into a shared helper.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
tcp: Encode checksum computation flags in a single parameter 2026-05-26T10:17:10+00:00 Laurent Vivier lvivier@redhat.com 2026-05-20T15:10:07+00:00 92845dd9f0450d54c135ccef6b118fc259ea8dad tcp_fill_headers() takes a pointer to a previously computed IPv4 header checksum to avoid recalculating it when the payload length doesn't change, and a separate bool to skip TCP checksum computation. Replace both parameters with a single uint32_t csum_flags that encodes: - IP4_CSUM (bit 31): compute IPv4 header checksum from scratch - TCP_CSUM (bit 30): compute TCP checksum - IP4_CMASK (low 16 bits): cached IPv4 header checksum value When IP4_CSUM is not set, the cached checksum is extracted from the low 16 bits. This is cleaner than the pointer-based approach, and also avoids a potential dangling pointer issue: a subsequent patch makes tcp_fill_headers() access ip4h via with_header(), which scopes it to a temporary variable, so a pointer to ip4h->check would become invalid after the with_header() block. Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Jon Maloy <jmaloy@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
tcp_fill_headers() takes a pointer to a previously computed IPv4 header
checksum to avoid recalculating it when the payload length doesn't
change, and a separate bool to skip TCP checksum computation.

Replace both parameters with a single uint32_t csum_flags that encodes:
- IP4_CSUM (bit 31): compute IPv4 header checksum from scratch
- TCP_CSUM (bit 30): compute TCP checksum
- IP4_CMASK (low 16 bits): cached IPv4 header checksum value

When IP4_CSUM is not set, the cached checksum is extracted from the low
16 bits.  This is cleaner than the pointer-based approach, and also
avoids a potential dangling pointer issue: a subsequent patch makes
tcp_fill_headers() access ip4h via with_header(), which scopes it to a
temporary variable, so a pointer to ip4h->check would become invalid
after the with_header() block.

Suggested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
tcp: Pass explicit data length to tcp_fill_headers() 2026-05-19T23:21:51+00:00 Laurent Vivier lvivier@redhat.com 2026-05-13T11:52:17+00:00 de6387aa0bed9e01c99e58a0f3e01f617bc7fe33 tcp_fill_headers() computed the TCP payload length from iov_tail_size(), but with vhost-user multibuffer frames, the iov_tail will be larger than the actual data. Pass the data length explicitly so that IP total length, pseudo-header, and checksum computations use the correct value. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Jon Maloy <jmaloy@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
tcp_fill_headers() computed the TCP payload length from iov_tail_size(),
but with vhost-user multibuffer frames, the iov_tail will be larger than
the actual data.  Pass the data length explicitly so that IP total
length, pseudo-header, and checksum computations use the correct value.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
checksum: Pass explicit L4 length to checksum functions 2026-05-19T23:21:38+00:00 Laurent Vivier lvivier@redhat.com 2026-05-13T11:52:14+00:00 aa78f63c3c9491a9cad9f3c805a59748bd8c1ae2 The iov_tail passed to csum_iov_tail() may contain padding or trailing data beyond the actual L4 payload. Rather than relying on iov_tail_size() to determine how many bytes to checksum, pass the length explicitly so that only the relevant payload bytes are included in the checksum computation. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Jon Maloy <jmaloy@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
The iov_tail passed to csum_iov_tail() may contain padding or trailing
data beyond the actual L4 payload.  Rather than relying on
iov_tail_size() to determine how many bytes to checksum, pass the
length explicitly so that only the relevant payload bytes are included
in the checksum computation.

Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
treewide: Make some additional variables static 2026-05-11T22:04:08+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-11T10:03:21+00:00 97e478b40d4154cf007641f1e247cc3fef8392ad Mark a number of extra variables local to a single module as static. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Mark a number of extra variables local to a single module as static.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
tcp: Use SO_MEMINFO for accurate send buffer overhead accounting 2026-05-07T06:03:14+00:00 Jon Maloy jmaloy@redhat.com 2026-04-25T19:58:18+00:00 a458719f01838f0d5867e817d84a497637999ee1 The TCP window advertised to the guest/container must balance two competing needs: large enough to trigger kernel socket buffer auto-tuning, but not so large that sendmsg() partially fails, causing retransmissions. The current approach uses the difference (SNDBUF_GET() - SIOCOUTQ), but SNDBUF_GET() returns a scaled value that only roughly accounts for per-skb overhead. The clamped_scale approximation doesn't accurately track the actual per-segment overhead, which can lead to both excessive retransmissions and reduced throughput. We now introduce the use of SO_MEMINFO to obtain SK_MEMINFO_SNDBUF and SK_MEMINFO_WMEM_QUEUED from the kernel. The latter is presented in the kernel's own accounting units, i.e. including the sk_buff overhead, and matches exactly what the kernel's own sk_stream_memory_free() function is using. When data is queued and the overhead ratio is observable, we calculate the per-segment overhead as (wmem_queued - sendq) / num_segments, then determine how many additional segments should fit in the remaining buffer space, considering the calculated per-mss overhead. This approach treats segments as discrete quantities, and produces a more accurate estimate of available buffer space than a linear scaling factor does. When the ratio cannot be observed, e.g. because the queue is empty or we are in a transient state, we fall back to the existing clamped_scale calculation (scaling between 100% and 75% of buffer capacity). When SO_MEMINFO succeeds, we also use SK_MEMINFO_SNDBUF directly to set SNDBUF, avoiding a separate SO_SNDBUF getsockopt() call. If SO_MEMINFO is unavailable, we fall back to the pre-existing SNDBUF_GET() - SIOCOUTQ calculation. Link: https://bugs.passt.top/show_bug.cgi?id=138 Link: https://github.com/containers/podman/issues/28219 Analysed-by: Yumei Huang <yuhuang@redhat.com> Signed-off-by: Jon Maloy <jmaloy@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
The TCP window advertised to the guest/container must balance two
competing needs: large enough to trigger kernel socket buffer
auto-tuning, but not so large that sendmsg() partially fails, causing
retransmissions.

The current approach uses the difference (SNDBUF_GET() - SIOCOUTQ), but
SNDBUF_GET() returns a scaled value that only roughly accounts for
per-skb overhead. The clamped_scale approximation doesn't accurately
track the actual per-segment overhead, which can lead to both excessive
retransmissions and reduced throughput.

We now introduce the use of SO_MEMINFO to obtain SK_MEMINFO_SNDBUF and
SK_MEMINFO_WMEM_QUEUED from the kernel. The latter is presented in the
kernel's own accounting units, i.e. including the sk_buff overhead,
and matches exactly what the kernel's own sk_stream_memory_free()
function is using.

When data is queued and the overhead ratio is observable, we calculate
the per-segment overhead as (wmem_queued - sendq) / num_segments, then
determine how many additional segments should fit in the remaining
buffer space, considering the calculated per-mss overhead. This approach
treats segments as discrete quantities, and produces a more accurate
estimate of available buffer space than a linear scaling factor does.

When the ratio cannot be observed, e.g. because the queue is empty or
we are in a transient state, we fall back to the existing clamped_scale
calculation (scaling between 100% and 75% of buffer capacity).

When SO_MEMINFO succeeds, we also use SK_MEMINFO_SNDBUF directly to
set SNDBUF, avoiding a separate SO_SNDBUF getsockopt() call.

If SO_MEMINFO is unavailable, we fall back to the pre-existing
SNDBUF_GET() - SIOCOUTQ calculation.

Link: https://bugs.passt.top/show_bug.cgi?id=138
Link: https://github.com/containers/podman/issues/28219
Analysed-by: Yumei Huang <yuhuang@redhat.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
tcp: Handle errors from tcp_send_flag() 2026-04-24T21:35:43+00:00 Anshu Kumari anskuma@redhat.com 2026-04-23T06:23:14+00:00 ec96f0124282338cd2b2e65ff1aa3def8882ae23 tcp_send_flag() can fail in two different ways: - tcp_prepare_flags() returns -ECONNRESET when getsockopt(TCP_INFO) fails: the socket is broken and the connection must be reset. - tcp_vu_send_flag() returns -EAGAIN when vu_collect() finds no available vhost-user buffers: this is a transient condition equivalent to a dropped packet on the wire. Have tcp_vu_send_flag() return -EAGAIN instead of a bare -1 for the buffer-unavailable case. Absorb -EAGAIN in the tcp_send_flag() dispatcher so that callers only see fatal errors. Check the return value at each call site and handle fatal errors: - in tcp_data_from_tap(), return -1 so the caller resets - in tcp_tap_handler(), goto reset - in tcp_timer_handler()/tcp_sock_handler()/tcp_conn_from_sock_finish(), call tcp_rst() and return - in tcp_tap_conn_from_sock(), set CLOSING flag, call FLOW_ACTIVATE() to avoid leaving the flow in TYPED state, and return - in tcp_connect_finish(), call tcp_rst() and return - in tcp_keepalive(), call tcp_rst() and continue the loop - in tcp_flow_migrate_target_ext(), goto fail The call in tcp_rst_do() is left unchecked: we are already resetting, and tcp_sock_rst() still needs to run regardless. Link: https://bugs.passt.top/show_bug.cgi?id=194 Signed-off-by: Anshu Kumari <anskuma@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
tcp_send_flag() can fail in two different ways:
   - tcp_prepare_flags() returns -ECONNRESET when getsockopt(TCP_INFO)
     fails: the socket is broken and the connection must be reset.
   - tcp_vu_send_flag() returns -EAGAIN when vu_collect() finds no
     available vhost-user buffers: this is a transient condition
     equivalent to a dropped packet on the wire.

Have tcp_vu_send_flag() return -EAGAIN instead of a bare -1 for the
buffer-unavailable case. Absorb -EAGAIN in the tcp_send_flag()
dispatcher so that callers only see fatal errors.

Check the return value at each call site and handle fatal errors:
   - in tcp_data_from_tap(), return -1 so the caller resets
   - in tcp_tap_handler(), goto reset
   - in tcp_timer_handler()/tcp_sock_handler()/tcp_conn_from_sock_finish(),
     call tcp_rst() and return
   - in tcp_tap_conn_from_sock(), set CLOSING flag, call
     FLOW_ACTIVATE() to avoid leaving the flow in TYPED state, and
     return
   - in tcp_connect_finish(), call tcp_rst() and return
   - in tcp_keepalive(), call tcp_rst() and continue the loop
   - in tcp_flow_migrate_target_ext(), goto fail

The call in tcp_rst_do() is left unchecked: we are already
resetting, and tcp_sock_rst() still needs to run regardless.

Link: https://bugs.passt.top/show_bug.cgi?id=194
Signed-off-by: Anshu Kumari <anskuma@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
tcp: Replace send buffer boost with EPOLLOUT monitoring 2026-04-20T21:20:41+00:00 Yumei Huang yuhuang@redhat.com 2026-03-20T10:32:14+00:00 831857e9b547ac27f868b6c24049c4da435b63fe Currently we use the SNDBUF boost mechanism to force TCP auto-tuning. However, it doesn't always work, and sometimes causes a lot of retransmissions. As a result, the throughput suffers. This patch replaces it with monitoring EPOLLOUT when sendmsg() failure (with EAGAIN and EWOULDBLOCK) and partial sends occur. Tested with iperf3 inside pasta: throughput is now comparable to running iperf3 directly on the host without pasta. However, retransmissions can still be elevated when RTT >= 50ms. For example, when RTT is between 200ms and 500ms, retransmission count varies from 30 to 120 in roughly 80% of test runs. Link: https://bugs.passt.top/show_bug.cgi?id=138 Link: https://github.com/containers/podman/issues/28219 Suggested-by: Stefano Brivio <sbrivio@redhat.com> Signed-off-by: Yumei Huang <yuhuang@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Currently we use the SNDBUF boost mechanism to force TCP auto-tuning.
However, it doesn't always work, and sometimes causes a lot of
retransmissions. As a result, the throughput suffers.

This patch replaces it with monitoring EPOLLOUT when sendmsg() failure
(with EAGAIN and EWOULDBLOCK) and partial sends occur.

Tested with iperf3 inside pasta: throughput is now comparable to running
iperf3 directly on the host without pasta. However, retransmissions can
still be elevated when RTT >= 50ms. For example, when RTT is between
200ms and 500ms, retransmission count varies from 30 to 120 in roughly
80% of test runs.

Link: https://bugs.passt.top/show_bug.cgi?id=138
Link: https://github.com/containers/podman/issues/28219
Suggested-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Yumei Huang <yuhuang@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>