aboutgitcodebugslistschat
Commit message (Collapse)AuthorAgeFilesLines
* tcp, udp, util: Enforce 24-bit limit on socket numbersStefano Brivio2022-03-295-1/+42
| | | | | | | This should never happen, but there are no formal guarantees: ensure socket numbers are below SOCKET_MAX. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test, seccomp, Makefile: Switch to valgrind runs for passt functional testsStefano Brivio2022-03-298-14/+99
| | | | | | | | | | | | | | Pass to seccomp.sh a list of additional syscalls valgrind needs as EXTRA_SYSCALLS in a new 'valgrind' make target, and add corresponding support in seccomp.sh itself. In test setup functions, start passt with valgrind, but not for performance tests. Add tests checking that valgrind exits without errors after all the other tests in the group are done. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test: Add asciinema(1) as requirement for CI in READMEStefano Brivio2022-03-281-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* Makefile: Enable a few hardening flagsStefano Brivio2022-03-281-2/+8
| | | | | | | They don't have a measurable performance impact and make things a bit safer. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Use flags for local, loopback, and configured unicast bindsStefano Brivio2022-03-281-25/+23
| | | | | | | | | | | There's no value in keeping a separate timestamp for activity and for aging of local binds, given that they have the same timeout. Reduce that to a single timestamp, with a flag indicating the local bind. Also use flags instead of separate int fields for loopback and configured unicast address usage as source address. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* dhcpv6, tap, tcp: Use IN6_ARE_ADDR_EQUAL instead of open-coded memcmp()Stefano Brivio2022-03-283-9/+9
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Split buffer queueing/writing parts of udp_sock_handler()Stefano Brivio2022-03-281-171/+193
| | | | | | | | | | ...it became too hard to follow: split it off to udp_sock_fill_data_v{4,6}. While at it, use IN6_ARE_ADDR_EQUAL(a, b), courtesy of netinet/in.h, instead of open-coded memcmp(). Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Drop _splice from recv, send, sendto static buffer namesStefano Brivio2022-03-281-29/+23
| | | | | | | It's already implied by the fact they don't have "l2" in their names, and dropping it improves readability a bit. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test/lib/video: Fill in href attributes of video shortcutsStefano Brivio2022-03-281-1/+1
| | | | | | ...so that they can be indexed. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Refactor to use events instead of states, split out spliced implementationStefano Brivio2022-03-287-1501/+1755
| | | | | | | | | | | | | | | | | | | | | Using events and flags instead of states makes the implementation much more straightforward: actions are mostly centered on events that occurred on the connection rather than states. An example is given by the ESTABLISHED_SOCK_FIN_SENT and FIN_WAIT_1_SOCK_FIN abominations: we don't actually care about which side started closing the connection to handle closing of connection halves. Split out the spliced implementation, as it has very little in common with the "regular" TCP path. Refactor things here and there to improve clarity. Add helpers to trace where resets and flag settings come from. No functional changes intended. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* util: Use standard int typesStefano Brivio2022-03-251-6/+6
| | | | | | ...instead of kernel-like short notations. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* util: Drop CHECK_SET_MIN_MAX{,_PROTO_FD} macrosStefano Brivio2022-03-251-14/+0
| | | | | | | ...those were used when epoll references used to be socket numbers, they should have gone away a long time ago. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pcap: Fix mistake in printed stringStefano Brivio2022-03-251-1/+1
| | | | | | Packets are saved *to* a file, not *at* it. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* conf, util, tap: Implement --trace option for extra verbose loggingStefano Brivio2022-03-259-4/+55
| | | | | | | | --debug can be a bit too noisy, especially as single packets or socket messages are logged: implement a new option, --trace, implying --debug, that enables all debug messages. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* README: Make it somewhat readable on mobile devicesStefano Brivio2022-03-046-35/+161
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* hooks, README: gzipped js snippets, webp alternatives for pngStefano Brivio2022-03-022-4/+17
| | | | | | | | Upload gzipped js snippets for usage with gzip_static in nginx or equivalent. Convert png drawings to webp for smaller size, use them as alternatives in README. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test/lib/setup: Unshare PID namespace in pasta_setup()Stefano Brivio2022-03-021-4/+8
| | | | | | ...otherwise, we'll leave processes (dhclient) around. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* README: Don't preload CI recording, show poster from end of runStefano Brivio2022-03-011-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* README: s/guest/namespace/ in pasta "Try it" sectionStefano Brivio2022-03-011-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* Makefile, hooks: Static target precondition for pkgs, copy .avx2 buildsStefano Brivio2022-03-013-9/+7
| | | | | | Convenience packages are anyway built from static builds. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* demo/pasta: Clean up before rebuilding with -gStefano Brivio2022-03-011-0/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* arp, dhcp: Fix strict aliasing warnings reported by gcc 4.9 with -OfastStefano Brivio2022-02-282-8/+9
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt, pasta: Run-time selection of AVX2 buildStefano Brivio2022-02-289-48/+92
| | | | | | | | | | | | | Build-time selection of AVX2 flags and routines is not practical for distributions, but limiting AVX2 usage to checksum routines with specific run-time detection doesn't allow for easy performance gains from auto-vectorisation of batched packet handling routines. For x86_64, build non-AVX2 and AVX2 binaries, and implement a simple wrapper replacing the current executable with the AVX2 build if it's available, and if AVX2 is supported by the current CPU. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test/distro/opensuse: Add Tumbleweed armv7l testStefano Brivio2022-02-281-0/+29
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test/lib/term: Don't run demo when started as ./runStefano Brivio2022-02-281-1/+1
| | | | | | | I changed this in a previous commit by mistake, restore the original command. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* seccomp, tcp: Add fcntl64 to pasta syscalls for armv6l, armv7lStefano Brivio2022-02-281-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* hooks/pre-push: Keep original cast on gzip, fix uploading with dashStefano Brivio2022-02-281-2/+3
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* demo/pasta: Exit namespace in 'ns' pane before restarting pastaStefano Brivio2022-02-281-0/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* seccomp: Adjust list of allowed syscalls for armv6l, armv7lStefano Brivio2022-02-263-5/+9
| | | | | | | | | | | It looks like glibc commonly implements clock_gettime(2) with clock_gettime64(), and uses recv() instead of recvfrom(), send() instead of sendto(), and sigreturn() instead of rt_sigreturn() on armv6l and armv7l. Adjust the list of system calls for armv6l and armv7l accordingly. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt: Don't warn on failed madvise()Stefano Brivio2022-02-261-2/+1
| | | | | | | | A kernel might not be configured with CONFIG_TRANSPARENT_HUGEPAGE, especially on embedded systems. Ignore the error, it doesn't affect functionality. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* Makefile: Fix up AUDIT_ARCH for armv6l, armv7lStefano Brivio2022-02-261-0/+1
| | | | | | | There's a single AUDIT_ARCH_ARM define available (and big-endian shouldn't be a concern with those). Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tap: Cast ETH_MAX_MTU to signed in comparisonsStefano Brivio2022-02-261-2/+2
| | | | | | At least gcc 8.3 and 10.2 emit a warning on armv6l and armv7l. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* seccomp.sh: Handle syscall number defines in the (x + y) formStefano Brivio2022-02-261-0/+3
| | | | | | | This is the case at least for current glibc headers on armv6l and armv7l. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Explicitly initialise sin6_scope_id and sin_zero in sockaddr_in{,6}Stefano Brivio2022-02-251-0/+2
| | | | | | | Not functionally needed, but gcc versions 7 to 9 (at least) will issue a warning otherwise. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt: Explicitly check return value of chdir()Stefano Brivio2022-02-251-1/+3
| | | | | | | | ...it doesn't actually matter as we're checking errno at the very end, but, depending on build flags, chdir() might be declared with warn_unused_result and the compiler issues a warning. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* hooks: Uploaded compressed .cast files tooStefano Brivio2022-02-231-3/+6
| | | | | | ...to benefit from gzip_static in nginx or equivalent. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt.1: Drop duplicate --dns sectionStefano Brivio2022-02-231-11/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* conf, ndp: Disable router advertisements on --config-netStefano Brivio2022-02-232-1/+6
| | | | | | | | | If we statically configure a default route, and also advertise it for SLAAC, the kernel will try moments later to add the same route: ICMPv6: RA: ndisc_router_discovery failed to add default route Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* netlink: Avoid left-over bytes in request on MTU configurationStefano Brivio2022-02-231-4/+7
| | | | | | | | | When nl_link() configures the MTU, it shouldn't send extra bytes, otherwise we'll get a kernel warning: netlink: 4 bytes leftover after parsing attributes in process `pasta'. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test: Fix name of CI asciinema player in perf links handlerStefano Brivio2022-02-231-5/+4
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* README: Fix demo div grid layoutStefano Brivio2022-02-231-17/+23
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt: Drop PASST_LEGACY_NO_OPTIONS sectionsStefano Brivio2022-02-224-25/+0
| | | | | | ...nobody uses those builds anymore. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* demo, ci: Switch to asciinema(1) for terminal recordingsStefano Brivio2022-02-227-108/+142
| | | | | | | | | | For demos, cool-retro-term(1) looked fancier, but several threads of that and ffmpeg(1) are just messing up with performance testing. The CI videos started getting really big as well, and they were difficult to read. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test: Add demo for Podman with pastaStefano Brivio2022-02-227-6/+959
| | | | | | | | ...showing setup steps, some peculiarities as --net option, and a general side-to-side comparison with slirp4netns(1), including "quick" TCP and UDP throughput and latency benchmarks. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* contrib: Add patch for Podman integrationStefano Brivio2022-02-211-0/+542
| | | | | | | | The patch introduces a "pasta" networking mode for rootless container, similar to the existing slirp4netns mode. Notable differences are described in the commit message. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* README, hooks: Build HTML man page on push, add a linkStefano Brivio2022-02-212-0/+5
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* man page: Update REPORTING BUGS sectionStefano Brivio2022-02-211-4/+5
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test/perf/passt_udp: Drop threshold for 256B testStefano Brivio2022-02-211-2/+2
| | | | | | | | | That test fails sometimes, it looks like iperf3 is still sending initial messages that are too big. I'll need to figure out why, but given that 256 bytes is not really an expected MTU, drop the thresholds to zero for the moment being. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* test/distro/ubuntu: Use DEBIAN_FRONTEND=noninteractive for apt on 22.04Stefano Brivio2022-02-211-0/+1
| | | | | | | | | Removing the needrestart package doesn't seem to work anymore, and I'm getting again prompts to restart services after installing gcc and make: export DEBIAN_FRONTEND=noninteractive before installing packages to avoid that. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta: By default, quit if filesystem-bound net namespace goes awayStefano Brivio2022-02-217-12/+107
| | | | | | | | | | | | This should be convenient for users managing filesystem-bound network namespaces: monitor the base directory of the namespace and exit if the namespace given as PATH or NAME target is deleted. We can't add an inotify watch directly on the namespace directory, that won't work with nsfs. Add an option to disable this behaviour, --no-netns-quit. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>