diff options
author | Jon Maloy <jmaloy@redhat.com> | 2024-12-10 13:36:45 -0500 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-12-11 01:47:37 +0100 |
commit | e24f0262229a1f9c673dca3452ad103cbe06b866 (patch) | |
tree | 8a29785cfd4d58114c4679afe364eba638a4e298 | |
parent | 947f5cdb93062fd4e56adbab9901bbbb8aa8b5cb (diff) | |
download | passt-e24f0262229a1f9c673dca3452ad103cbe06b866.tar passt-e24f0262229a1f9c673dca3452ad103cbe06b866.tar.gz passt-e24f0262229a1f9c673dca3452ad103cbe06b866.tar.bz2 passt-e24f0262229a1f9c673dca3452ad103cbe06b866.tar.lz passt-e24f0262229a1f9c673dca3452ad103cbe06b866.tar.xz passt-e24f0262229a1f9c673dca3452ad103cbe06b866.tar.zst passt-e24f0262229a1f9c673dca3452ad103cbe06b866.zip |
pasta: make it possible to disable socket splicing
During testing it is sometimes useful to force traffic which would
normally be forwared by socket splicing through the tap interface.
In this commit, we add a command switch enabling such funtionality
for inbound local traffic.
For outbound local traffic this is much trickier, if even possible,
so leave that for a later commit.
Suggested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r-- | conf.c | 7 | ||||
-rw-r--r-- | fwd.c | 2 | ||||
-rw-r--r-- | passt.1 | 5 | ||||
-rw-r--r-- | passt.h | 2 |
4 files changed, 14 insertions, 2 deletions
@@ -977,7 +977,8 @@ pasta_opts: " Don't copy all routes to namespace\n" " --no-copy-addrs DEPRECATED:\n" " Don't copy all addresses to namespace\n" - " --ns-mac-addr ADDR Set MAC address on tap interface\n"); + " --ns-mac-addr ADDR Set MAC address on tap interface\n" + " --no-splice Disable inbound socket splicing\n"); exit(status); } @@ -1319,6 +1320,7 @@ void conf(struct ctx *c, int argc, char **argv) {"no-dhcpv6", no_argument, &c->no_dhcpv6, 1 }, {"no-ndp", no_argument, &c->no_ndp, 1 }, {"no-ra", no_argument, &c->no_ra, 1 }, + {"no-splice", no_argument, &c->no_splice, 1 }, {"freebind", no_argument, &c->freebind, 1 }, {"no-map-gw", no_argument, &no_map_gw, 1 }, {"ipv4-only", no_argument, NULL, '4' }, @@ -1756,6 +1758,9 @@ void conf(struct ctx *c, int argc, char **argv) } } while (name != -1); + if (c->mode != MODE_PASTA) + c->no_splice = 1; + if (c->mode == MODE_PASTA && !c->pasta_conf_ns) { if (copy_routes_opt) die("--no-copy-routes needs --config-net"); @@ -443,7 +443,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto, else if (proto == IPPROTO_UDP) tgt->eport += c->udp.fwd_in.delta[tgt->eport]; - if (c->mode == MODE_PASTA && inany_is_loopback(&ini->eaddr) && + if (!c->no_splice && inany_is_loopback(&ini->eaddr) && (proto == IPPROTO_TCP || proto == IPPROTO_UDP)) { /* spliceable */ @@ -695,6 +695,11 @@ Configure MAC address \fIaddr\fR on the tap interface in the namespace. Default is to let the tap driver build a pseudorandom hardware address. +.TP +.BR \-\-no-splice +Disable the bypass path for inbound, local traffic. See the section \fBHandling +of local traffic in pasta\fR in the \fBNOTES\fR for more details. + .SH EXAMPLES .SS \fBpasta @@ -229,6 +229,7 @@ struct ip6_ctx { * @no_dhcpv6: Disable DHCPv6 server * @no_ndp: Disable NDP handler altogether * @no_ra: Disable router advertisements + * @no_splice: Disable socket splicing for inbound traffic * @host_lo_to_ns_lo: Map host loopback addresses to ns loopback addresses * @freebind: Allow binding of non-local addresses for forwarding * @low_wmem: Low probed net.core.wmem_max @@ -291,6 +292,7 @@ struct ctx { int no_dhcpv6; int no_ndp; int no_ra; + int no_splice; int host_lo_to_ns_lo; int freebind; |