aboutgitcodebugslistschat
path: root/contrib/selinux
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2023-01-05 15:26:24 +1100
committerStefano Brivio <sbrivio@redhat.com>2023-01-13 01:07:09 +0100
commit8d503e825f42289eb9d732b8354804f1f0e2ecfb (patch)
tree3cf5762b73b0cb85d1d53ee9f575443a25cdf2c1 /contrib/selinux
parent8a10f23720682ada5eb5f849404b193efbae6409 (diff)
downloadpasst-8d503e825f42289eb9d732b8354804f1f0e2ecfb.tar
passt-8d503e825f42289eb9d732b8354804f1f0e2ecfb.tar.gz
passt-8d503e825f42289eb9d732b8354804f1f0e2ecfb.tar.bz2
passt-8d503e825f42289eb9d732b8354804f1f0e2ecfb.tar.lz
passt-8d503e825f42289eb9d732b8354804f1f0e2ecfb.tar.xz
passt-8d503e825f42289eb9d732b8354804f1f0e2ecfb.tar.zst
passt-8d503e825f42289eb9d732b8354804f1f0e2ecfb.zip
udp: Decide whether to "splice" per datagram rather than per socket
Currently we have special sockets for receiving datagrams from locahost which can use the optimized "splice" path rather than going across the tap interface. We want to loosen this so that sockets can receive sockets that will be forwarded by both the spliced and non-spliced paths. To do this, we alter the meaning of the @splice bit in the reference to mean that packets receieved on this socket *can* be spliced, not that they *will* be spliced. They'll only actually be spliced if they come from 127.0.0.1 or ::1. We can't (for now) remove the splice bit entirely, unlike with TCP. Our gateway mapping means that if the ns initiates communication to the gw address, we'll translate that to target 127.0.0.1 on the host side. Reply packets will therefore have source address 127.0.0.1 when received on the host, but these need to go via the tap path where that will be translated back to the gateway address. We need the @splice bit to distinguish that case from packets going from localhost to a port mapped explicitly with -u which should be spliced. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'contrib/selinux')
0 files changed, 0 insertions, 0 deletions