diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2021-07-17 08:34:53 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2021-07-17 11:04:22 +0200 |
commit | 33482d5bf29312464b208beb01a5302257e82fe6 (patch) | |
tree | 6fcb11961ecca0cbed42bccbba15b1d4fe73a62c /udp.h | |
parent | 28fca04eb990f11608187252ca8949d7df22ce9d (diff) | |
download | passt-33482d5bf29312464b208beb01a5302257e82fe6.tar passt-33482d5bf29312464b208beb01a5302257e82fe6.tar.gz passt-33482d5bf29312464b208beb01a5302257e82fe6.tar.bz2 passt-33482d5bf29312464b208beb01a5302257e82fe6.tar.lz passt-33482d5bf29312464b208beb01a5302257e82fe6.tar.xz passt-33482d5bf29312464b208beb01a5302257e82fe6.tar.zst passt-33482d5bf29312464b208beb01a5302257e82fe6.zip |
passt: Add PASTA mode, major rework
PASTA (Pack A Subtle Tap Abstraction) provides quasi-native host
connectivity to an otherwise disconnected, unprivileged network
and user namespace, similarly to slirp4netns. Given that the
implementation is largely overlapping with PASST, no separate binary
is built: 'pasta' (and 'passt4netns' for clarity) both link to
'passt', and the mode of operation is selected depending on how the
binary is invoked. Usage example:
$ unshare -rUn
# echo $$
1871759
$ ./pasta 1871759 # From another terminal
# udhcpc -i pasta0 2>/dev/null
# ping -c1 pasta.pizza
PING pasta.pizza (64.190.62.111) 56(84) bytes of data.
64 bytes from 64.190.62.111 (64.190.62.111): icmp_seq=1 ttl=255 time=34.6 ms
--- pasta.pizza ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 34.575/34.575/34.575/0.000 ms
# ping -c1 spaghetti.pizza
PING spaghetti.pizza(2606:4700:3034::6815:147a (2606:4700:3034::6815:147a)) 56 data bytes
64 bytes from 2606:4700:3034::6815:147a (2606:4700:3034::6815:147a): icmp_seq=1 ttl=255 time=29.0 ms
--- spaghetti.pizza ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 28.967/28.967/28.967/0.000 ms
This entails a major rework, especially with regard to the storage of
tracked connections and to the semantics of epoll(7) references.
Indexing TCP and UDP bindings merely by socket proved to be
inflexible and unsuitable to handle different connection flows: pasta
also provides Layer-2 to Layer-2 socket mapping between init and a
separate namespace for local connections, using a pair of splice()
system calls for TCP, and a recvmmsg()/sendmmsg() pair for UDP local
bindings. For instance, building on the previous example:
# ip link set dev lo up
# iperf3 -s
$ iperf3 -c ::1 -Z -w 32M -l 1024k -P2 | tail -n4
[SUM] 0.00-10.00 sec 52.3 GBytes 44.9 Gbits/sec 283 sender
[SUM] 0.00-10.43 sec 52.3 GBytes 43.1 Gbits/sec receiver
iperf Done.
epoll(7) references now include a generic part in order to
demultiplex data to the relevant protocol handler, using 24
bits for the socket number, and an opaque portion reserved for
usage by the single protocol handlers, in order to track sockets
back to corresponding connections and bindings.
A number of fixes pertaining to TCP state machine and congestion
window handling are also included here.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'udp.h')
-rw-r--r-- | udp.h | 38 |
1 files changed, 31 insertions, 7 deletions
@@ -3,7 +3,7 @@ #define UDP_TIMER_INTERVAL 1000 /* ms */ -void udp_sock_handler(struct ctx *c, int s, uint32_t events, char *pkt_buf, +void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events, struct timespec *now); int udp_tap_handler(struct ctx *c, int af, void *addr, struct tap_msg *msg, int count, struct timespec *now); @@ -11,16 +11,40 @@ int udp_sock_init(struct ctx *c); void udp_timer(struct ctx *c, struct timespec *ts); /** + * union udp_epoll_ref - epoll reference portion for TCP connections + * @bound: Set if this file descriptor is a bound socket + * @splice: Set if descriptor is associated to "spliced" connection + * @v6: Set for IPv6 sockets or connections + * @port: Source port for connected sockets, bound port otherwise + * @u32: Opaque u32 value of reference + */ +union udp_epoll_ref { + struct { + uint32_t bound:1, + splice:3, +#define UDP_TO_NS 1 +#define UDP_TO_INIT 2 +#define UDP_BACK_TO_NS 3 +#define UDP_BACK_TO_INIT 4 + + v6:1, + port:16; + }; + uint32_t u32; +}; + + +/** * struct udp_ctx - Execution context for UDP - * @fd_min: Lowest file descriptor number for UDP ever used - * @fd_max: Highest file descriptor number for UDP ever used - * @fd_in_seq: 1 if all socket numbers are in sequence, 0 otherwise + * @port_to_tap: Ports bound host/init-side, packets to guest/tap + * @port_to_init: Ports bound namespace-side, spliced to init + * @port_to_ns: Ports bound init-side, spliced to namespace * @timer_run: Timestamp of most recent timer run */ struct udp_ctx { - int fd_min; - int fd_max; - int fd_in_seq; + uint8_t port_to_tap [USHRT_MAX / 8]; + uint8_t port_to_init [USHRT_MAX / 8]; + uint8_t port_to_ns [USHRT_MAX / 8]; struct timespec timer_run; }; |