diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2025-02-13 23:14:13 +1100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2025-02-17 08:29:03 +0100 |
| commit | 89ecf2fd40adab549bdf25cdb68996f56d67b13e (patch) | |
| tree | 41b96e5cdddf13d6a96173d3a7ee0243a20199e9 /contrib | |
| parent | 3e903bbb1f386ebb892b1196d339d2d705bce8a2 (diff) | |
| download | passt-89ecf2fd40adab549bdf25cdb68996f56d67b13e.tar passt-89ecf2fd40adab549bdf25cdb68996f56d67b13e.tar.gz passt-89ecf2fd40adab549bdf25cdb68996f56d67b13e.tar.bz2 passt-89ecf2fd40adab549bdf25cdb68996f56d67b13e.tar.lz passt-89ecf2fd40adab549bdf25cdb68996f56d67b13e.tar.xz passt-89ecf2fd40adab549bdf25cdb68996f56d67b13e.tar.zst passt-89ecf2fd40adab549bdf25cdb68996f56d67b13e.zip | |
migrate: Migrate TCP flows
This implements flow preparation on the source, transfer of data with
a format roughly inspired by struct tcp_tap_conn, plus a specific
structure for parameters that don't fit in the flow table, and flow
insertion on the target, with all the appropriate window options,
window scaling, MSS, etc.
Contents of pending queues are transferred as well.
The target side is rather convoluted because we first need to create
sockets and switch them to repair mode, before we can apply options
that are *not* stored in the flow table. This also means that, if
we're testing this on the same machine, in the same namespace, we need
to close the listening socket on the source before we can start moving
data.
Further, we need to connect() the socket on the target before we can
restore data queues, but we can't do that (again, on the same machine)
as long as the matching source socket is open, which implies an
arbitrary limit on queue sizes we can transfer, because we can only
dump pending queues on the source as long as the socket is open, of
course.
Co-authored-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/selinux/passt.te | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/contrib/selinux/passt.te b/contrib/selinux/passt.te index fc1320d..f595079 100644 --- a/contrib/selinux/passt.te +++ b/contrib/selinux/passt.te @@ -45,7 +45,7 @@ require { type net_conf_t; type proc_net_t; type node_t; - class tcp_socket { create accept listen name_bind name_connect }; + class tcp_socket { create accept listen name_bind name_connect getattr }; class udp_socket { create accept listen }; class icmp_socket { bind create name_bind node_bind setopt read write }; class sock_file { create unlink write }; @@ -129,7 +129,7 @@ corenet_udp_sendrecv_all_ports(passt_t) allow passt_t node_t:icmp_socket { name_bind node_bind }; allow passt_t port_t:icmp_socket name_bind; -allow passt_t self:tcp_socket { create getopt setopt connect bind listen accept shutdown read write }; +allow passt_t self:tcp_socket { create getopt setopt connect bind listen accept shutdown read write getattr }; allow passt_t self:udp_socket { create getopt setopt connect bind read write }; allow passt_t self:icmp_socket { bind create setopt read write }; |