aboutgitcodebugslistschat
Commit message (Collapse)AuthorAgeFilesLines
* tcp: Check pending ACK every two thirds of window, not every halfStefano Brivio2021-10-041-1/+1
| | | | | | | ...to spare some syscalls. If it's not enough, the timer will take care of it. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Don't set ACK flag while merely updating window valueStefano Brivio2021-10-041-15/+19
| | | | | | The receiver might take this as a duplicate ACK othewise. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Set TCP_TAP_FRAMES back to 32Stefano Brivio2021-10-041-1/+1
| | | | | | | Now that we fixed the issue with small receiving buffers, we can safely increase this back and get slightly lower syscall overhead. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Probe net.core.{r,w}mem_max, don't set SO_{RCV,SND}BUF if lowStefano Brivio2021-10-042-16/+26
| | | | | | | | | | | | | | | If net.core.rmem_max and net.core.wmem_max sysctls have low values, we can get bigger buffers by not trying to set them high -- the kernel would lock their values to what we get. Try, instead, to get bigger buffers by queueing as much as possible, and if maximum values in tcp_wmem and tcp_rmem are bigger than this, that will work. While at it, drop QUICKACK option for non-spliced sockets, I set that earlier by mistake. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Check if connection is local or low RTT was seen before using large MSSStefano Brivio2021-10-041-0/+59
| | | | | | | | If the connection is local or the RTT was comparable to the time it takes to queue a batch of messages, we can safely use a large MSS regardless of the sending buffer, but otherwise not. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Adjust usage of sending buffer depending on its sizeStefano Brivio2021-10-041-12/+63
| | | | | | | | | | | | | If we start with a very small sending buffer, we can make the kernel expand it if we cause the congestion window to get bigger, but this won't reliably happen if we use just half (other half is accounted as overhead). Scale usage depending on its own size, we might eventually get some retransmissions because we can't queue messages the sender sends us in-window, but it's better than keeping that small buffer forever. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Derive MSS announced to guest/namespace from configured MTU if presentStefano Brivio2021-09-291-1/+14
| | | | | | | | | | | ...and from the sending socket only if the MTU is not configured. Otherwise, a connection to a host from a local guest, with a non-loopback destination address, will get its MSS from the MTU of the outbound interface with that address, which is unnecessary as we know the guest can send us larger segments. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test: Record CI and demo videos in Xvfb by default, fix demo setup sequenceStefano Brivio2021-09-296-8/+54
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* README: Fix pasta anchor in Try it sectionStefano Brivio2021-09-281-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* doc: Add source Excalidraw scene files for diagramsStefano Brivio2021-09-272-0/+7984
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test: Add CI/demo scriptsStefano Brivio2021-09-2731-0/+4816
| | | | | | Not really quick, definitely dirty. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* README: Add demo sectionStefano Brivio2021-09-271-0/+15
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* conf, tcp: Periodic detection of bound ports for pasta port forwardingStefano Brivio2021-09-278-97/+316
| | | | | | | | | | Detecting bound ports at start-up time isn't terribly useful: do this periodically instead, if configured. This is only implemented for TCP at the moment, UDP is somewhat more complicated: leave a TODO there. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* util: Fix parsing of next option in ipv6_l4hdr()Stefano Brivio2021-09-271-2/+1
| | | | | | | We need to update next header and header length as soon as we meet a new option header. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Rework window handling, timers, add SO_RCVLOWAT and pools for sockets/pipesStefano Brivio2021-09-272-458/+727
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces a number of fundamental changes that would be quite messy to split. Summary: - advertised window scaling can be as big as we want, we just need to clamp window sizes to avoid exceeding the size of our "discard" buffer for unacknowledged data from socket - add macros to compare sequence numbers - force sending ACK to guest/tap on PSH segments, always in pasta mode, whenever we see an overlapping segment, or when we reach a given threshold compared to our window - we don't actually use recvmmsg() here, fix comments and label - introduce pools for pre-opened sockets and pipes, to decrease latency on new connections - set receiving and sending buffer sizes to the maximum allowed, kernel will clamp and round appropriately - defer clean-up of spliced and non-spliced connection to timer - in tcp_send_to_tap(), there's no need anymore to keep a large buffer, shrink it down to what we actually need - introduce SO_RCVLOWAT setting and activity tracking for spliced connections, to coalesce data moved by splice() calls as much as possible - as we now have a compacted connection table, there's no need to keep sparse bitmaps tracking connection activity -- simply go through active connections with a loop in the timer handler - always clamp the advertised window to half our sending buffer, too, to minimise retransmissions from the guest/tap - set TCP_QUICKACK for originating socket in spliced connections, there's no need to delay them - fix up timeout for unacknowledged data from socket Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Drop TODO about sequence collision attacksStefano Brivio2021-09-271-1/+0
| | | | | | | A random initial sequence number based on a secret has already been there for a while. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tap: Don't leak file descriptor used to bring up loopback interfaceStefano Brivio2021-09-271-6/+11
| | | | | | ...and while at it, set the socket as non-blocking directly on open(). Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tap: Fix comment for tap_sock_init_tun_ns()Stefano Brivio2021-09-271-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tap: Bring up tap device too, configure previous MAC address if anyStefano Brivio2021-09-271-2/+74
| | | | | | | In case we need to reinitialise the tap interface, make that relatively transparent to processes running in the namespace. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pcap: Drop O_DSYNC from pcap file descriptorStefano Brivio2021-09-271-1/+1
| | | | | | | passt is stable enough, and dropping O_DSYNC makes reduces the impact of capturing packets on timing, while running tests. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pcap: Don't make pcap files world-readableStefano Brivio2021-09-271-1/+1
| | | | | | | Even if it's just a debugging feature, it's not nice to leak packets to everybody around. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pcap: Don't reinitialise packet capture if we already have oneStefano Brivio2021-09-271-1/+1
| | | | | | | | If the guest disconnects, and a given name (without timestamp) for the pcap file is passed, we would otherwise lose the packets captured until that point. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt: Actually initialise timers for protocol handlersStefano Brivio2021-09-271-2/+16
| | | | | | | The initial timestamp was not initialised, so timers for protocol handlers wouldn't run at all sometimes. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* ndp: Set router lifetime to 9000s instead of 3600sStefano Brivio2021-09-271-1/+1
| | | | | | | | | | Seen while testing: lifetime expires while we're flooding a tap interface with UDP packets, the router advertisement comes too late, and the kernel drops the default router in the namespace. This should only affect testing, so go for the maximum allowed value, that is, 9000 seconds. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tap: Completely de-serialise input message batchesStefano Brivio2021-09-277-266/+435
| | | | | | | | | | | | | Until now, messages would be passed to protocol handlers in a single batch only if they happened to be dequeued in a row. Packets interleaved between different connections would result in multiple calls to the same protocol handler for a single connection. Instead, keep track of incoming packet descriptors, arrange them in sequences, and call protocol handlers only as we completely sorted input messages in batches. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* conf: Actually zero-terminate DNS and search list arraysStefano Brivio2021-09-271-6/+11
| | | | | | This worked pretty much by chance until now. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt: Align pkt_buf to PAGE_SIZE (start and size), try to fit in huge pagesStefano Brivio2021-09-274-3/+10
| | | | | | | | | If transparent huge pages are available, madvise() will do the trick. While at it, decrease EPOLL_EVENTS for the main loop from 10 to 8, for slightly better socket fairness. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* README: pasta mode, CI, performance, updated links, etc.Stefano Brivio2021-09-271-66/+185
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* Makefile: Visually separate CFLAGS from input files in resulting cc commandsStefano Brivio2021-09-271-2/+4
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Switch to new socket message after 32KiB instead of 64KiBStefano Brivio2021-09-271-2/+2
| | | | | | | For some reason, this measurably improves performance with qemu and virtio-net. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Decrease UDP_TAP_FRAMES to 16Stefano Brivio2021-09-271-1/+1
| | | | | | | Similarly to the decrease in TCP_TAP_FRAMES, this improves fairness, with a very small impact on performance. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Decrease TCP_TAP_FRAMES to 8Stefano Brivio2021-09-271-1/+1
| | | | | | This significantly improves fairness in serving concurrent connections. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta, tcp: Update comment about spliced connection statesStefano Brivio2021-09-271-1/+4
| | | | | | ...we now have SPLICE_FIN_{FROM,TO,BOTH} too. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt: Increase TAP_BUF_BYTES to 256 maximum-sized descriptorsStefano Brivio2021-09-191-1/+1
| | | | | | ...this actually improves performance. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* README: Source jsStefano Brivio2021-09-181-0/+8
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Don't reset connection from ESTABLISHED state on EPOLLHUPStefano Brivio2021-09-161-6/+1
| | | | | | | | | | | That might just mean we shut down the socket -- but we still have to go through the other states to ensure a orderly shutdown guest-side. While at it, drop the EPOLLHUP check for unhandled states: we should never hit that, but if we do, resetting the connection at that point is probably the wrong thing to do. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta, tcp: Mask EPOLLIN and EPOLLRDHUP after sending FINStefano Brivio2021-09-161-2/+14
| | | | | | | Now that we dropped EPOLLET, we'll keep getting EPOLLRDHUP, and possibly EPOLLIN, even if there's nothing to read anymore. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta, tcp: Break splice() loop once we've written everything that was readStefano Brivio2021-09-161-2/+7
| | | | | | That's a guarantee that we don't need to retry writing. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta, tcp: Don't set SPLICE_FIN_BOTH state on EPOLLHUPStefano Brivio2021-09-161-3/+1
| | | | | | | EPOLLHUP just means we shut down one side of the connection on *one* socket: remember, we have two sockets here. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta, tcp: Don't reset 'never_read' flag on write retriesStefano Brivio2021-09-161-2/+3
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta, tcp: Don't set TCP_CORK on spliced socketsStefano Brivio2021-09-161-6/+1
| | | | | | | | ...throughput isn't everything: this leads (of course) to horrible latency with small, sparse messages. As a consequence, there's no need to set TCP_NODELAY either. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Fix setting window from maximum ACK sequence in batchStefano Brivio2021-09-161-6/+2
| | | | | | | | | If we're at the first message in a batch, it's safe to get the window value from it, and there's no need to subtract anything for a comparison on that's not even done -- we'll override it later in any case if we find messages with a higher ACK sequence number. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta, tcp: Set pipe descriptor numbers to -1 after closingStefano Brivio2021-09-161-0/+4
| | | | | | ...so that we don't try to close them again, even if harmless. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta, tcp: Drop EPOLLET for spliced, established connectionsStefano Brivio2021-09-161-5/+5
| | | | | | | ...tcp_handler_splice() doesn't guarantee we read all the available data, the sending buffer might be full. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Read SO_SNDBUF unconditionallyStefano Brivio2021-09-161-17/+11
| | | | | | | | Checking it only when the cached value is smaller than the current window of the receiver is not enough: it might shrink further while the receiver window is growing. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta: Clean up FIN connection flags once a connection is deletedStefano Brivio2021-09-151-0/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta: Set spliced connection flag in epoll reference on compactionStefano Brivio2021-09-151-2/+2
| | | | | | ...otherwise, we'll mix indices with non-spliced connections. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta: Clean up namespace processes on exit, reap zombies from clone()Stefano Brivio2021-09-151-9/+83
| | | | | | | | | | | | If pasta created the namespace, it's probably expected that processes started in the same namespace are terminated once pasta exits. Scan procfs namespace links for corresponding processes, send SIGQUIT and SIGKILL (after one second) if found. While at it, make the signal handler reap otherwise-zombies resulting from clone(). Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* checksum: Add checksum.hStefano Brivio2021-09-141-0/+5
| | | | | | I forgot to commit this. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Request retransmission with updated sequence also on partial write to ↵Stefano Brivio2021-09-141-11/+8
| | | | | | | | | | | socket If we couldn't write the whole batch of received packets to the socket, and we have missing segments, we still need to request their retransmission right away, otherwise it will take ages for the guest to figure out we're missing them. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>