aboutgitcodebugslistschat
Commit message (Collapse)AuthorAgeFilesLines
...
* pasta, tcp: Drop EPOLLET for spliced, established connectionsStefano Brivio2021-09-161-5/+5
| | | | | | | ...tcp_handler_splice() doesn't guarantee we read all the available data, the sending buffer might be full. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Read SO_SNDBUF unconditionallyStefano Brivio2021-09-161-17/+11
| | | | | | | | Checking it only when the cached value is smaller than the current window of the receiver is not enough: it might shrink further while the receiver window is growing. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta: Clean up FIN connection flags once a connection is deletedStefano Brivio2021-09-151-0/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta: Set spliced connection flag in epoll reference on compactionStefano Brivio2021-09-151-2/+2
| | | | | | ...otherwise, we'll mix indices with non-spliced connections. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta: Clean up namespace processes on exit, reap zombies from clone()Stefano Brivio2021-09-151-9/+83
| | | | | | | | | | | | If pasta created the namespace, it's probably expected that processes started in the same namespace are terminated once pasta exits. Scan procfs namespace links for corresponding processes, send SIGQUIT and SIGKILL (after one second) if found. While at it, make the signal handler reap otherwise-zombies resulting from clone(). Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* checksum: Add checksum.hStefano Brivio2021-09-141-0/+5
| | | | | | I forgot to commit this. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Request retransmission with updated sequence also on partial write to ↵Stefano Brivio2021-09-141-11/+8
| | | | | | | | | | | socket If we couldn't write the whole batch of received packets to the socket, and we have missing segments, we still need to request their retransmission right away, otherwise it will take ages for the guest to figure out we're missing them. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: In ESTABLISHED state, acknowledge segments as they're sent to the socketStefano Brivio2021-09-141-6/+15
| | | | | | | | | ...instead of waiting for the remote peer to do that -- it's especially important in case we request retransmissions from the guest, but it also helps speeding up slow start. This should probably be a configurable behaviour in the future. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Properly time out ACK wait from tapStefano Brivio2021-09-141-3/+3
| | | | | | | | | Seen with iperf3: a control connection is established, no data flows for a while, all segments are acknowledged. The socket starts closing it, and we immediately time out because the last ACK from tap was one minute before that. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Don't mistake a FIN segment with no data for a Fast Retransmit requestStefano Brivio2021-09-141-1/+2
| | | | | | | It carries no data and usually duplicates the previous ACK sequence, but it's just a FIN. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Check errno on sendmmsg() failure, not just the return valueStefano Brivio2021-09-141-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Make sure sending window is initialised before sending to tapStefano Brivio2021-09-141-1/+1
| | | | | | | Seen with iperf3: the first packet from socket (data connection) is 65520 bytes and doesn't fit in the window. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* qrap: Set x-txburst as temporary workaround for virtio-net TX stallStefano Brivio2021-09-091-1/+1
| | | | | | | | Flooding a virtio-net interface connected to a socket back-end results in a TX stall I'm still debugging. The stall goes away by setting a higher value for x-txburst (256 by default). Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Reset iov_base after sending partial message on sendmmsg() failureStefano Brivio2021-09-091-0/+2
| | | | | | | We set the length while processing messges, but the starting address is pre-initialised. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Fix comparison of seen IPv4 address for local connectionsStefano Brivio2021-09-091-1/+2
| | | | | | c->addr4_seen is stored in network order. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Fixes for closing states, spliced connections, out-of-order packets, etc.Stefano Brivio2021-09-091-207/+400
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a number of issues found with some heavier testing with uperf and neper: - in most closing states, we can still accept data, check for EPOLLIN when appropriate - introduce a new state, ESTABLISHED_SOCK_FIN_SENT, to track the fact we already sent a FIN segment to the tap device, for proper sequence number bookkeeping - for pasta mode only: spliced connections also need tracking of (inferred) FIN segments and clean half-pipe shutdowns - streamline resetting epoll_wait bitmaps with a new function, tcp_tap_epoll_mask(), instead of repeating the logic all over the place - set EPOLLET for tap connections too, whenever we are waiting for EPOLLRDHUP or an event from the tap to proceed with data transfer, to avoid useless loops with EPOLLIN set - impose an additional limit on the sending window advertised to the guest, given by SO_SNDBUF: it makes no sense to completely fill the sending buffer and send a zero window: stop a bit before we hit that - handle *all* interrupted system calls as needed - simplify the logic for reordering of out-of-order segments received from tap: it's not a corner case, and the previous logic allowed for deadloops - fix comparison of seen IPv4 address when we get a new connection from a socket directed to the configured guest address Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tap: Fix calculation of number of tap scatter-gather IO messagesStefano Brivio2021-09-091-2/+3
| | | | | | Messages are typically smaller than ETH_MAX_MTU. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta: Set ping_group_range upon namespace creationStefano Brivio2021-09-091-0/+4
| | | | | | | ...this allows processes running as the only group available in the namespace to create ICMP Echo sockets. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt: Add epoll event indication and passt/pasta mode in socket debug messageStefano Brivio2021-09-091-1/+3
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* conf: Fix help message about default behaviour for UDP port forwardingStefano Brivio2021-09-091-6/+4
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* conf, dhcp, ndp: Fix message about default MTU, make NDP consistentStefano Brivio2021-09-093-4/+16
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Fix retry mechanism on partial sendmmsg()Stefano Brivio2021-09-091-3/+3
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* qrap: Drop debugging left-overs, enable timeout for connect() tooStefano Brivio2021-09-091-5/+3
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* conf: Introduce PASST_LEGACY_NO_OPTIONS ifdef for legacyStefano Brivio2021-09-091-0/+12
| | | | | | | | Before introducing options, the default behaviour in passt mode was to forward all ports, to run in foreground and to log to stderr. Make it a bit more convenient to restore that at build time. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp, udp: Restore usage of gateway for guest to connect to local hostStefano Brivio2021-09-012-6/+11
| | | | | | | This went lost in a recent rework: if the guest wants to connect directly to the host, it can use the address of the default gateway. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* Makefile: Make sure destination directories exist on installStefano Brivio2021-09-011-0/+1
| | | | | | Mostly theoretical, but convenient for testing. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* udp: Handle partial failure in sendmmsg() to UNIX domain socketStefano Brivio2021-09-011-20/+60
| | | | | | | | | | | | | | | Similarly to the handling introduced by commit "tcp: Proper error handling for sendmmsg() to UNIX domain socket" for TCP, we need to deal with partial sendmmsg() failures for UDP as well. Here, we can lose messages, but we need to make sure that the last message is delivered completely, otherwise qemu will fail to reassemble further packets. For UDP, this is somewhat complicated by the fact that one message might include multiple datagrams, and we need to respect message boundaries: go through headers, and calculate what we need to re-send, if anything. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* doc/demo: Also forward all UDP ports from namespaceStefano Brivio2021-09-011-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* doc/demo: Explicitly run in foreground, drop pipe to catStefano Brivio2021-09-011-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* dhcp: Send option 121 if the default gateway is not on the assigned subnetStefano Brivio2021-09-011-0/+11
| | | | | | | | This enables CirrOS with udhcpc to set up a route to a gateway that's not on the assigned subnet, together with: https://bugs.launchpad.net/cirros/+bug/1190372 Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* conf: Fix check for IPv6 DNS address being already setStefano Brivio2021-09-011-1/+1
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* arp: Don't resolve own, configured IPv4 addressStefano Brivio2021-09-011-0/+4
| | | | | | | DHCP clients might try to resolve the assigned address to check if it's already in use: don't resolve the configured IPv4 address. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* Makefile: Quick hack to build convenience Debian and RPM packagesStefano Brivio2021-09-011-1/+15
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* Makefile: Add install, uninstall targetsStefano Brivio2021-09-011-1/+16
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt, qrap: Add man pagesStefano Brivio2021-09-012-0/+784
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* qrap: Minor fixes in comments and usage messageStefano Brivio2021-09-011-2/+2
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* pasta: If a new namespace is created, wait for it to be ready before proceedingStefano Brivio2021-09-011-1/+15
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* conf: Minor fixes for usage messageStefano Brivio2021-09-011-4/+4
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* arp: Don't answer announcements from guest or namespaceStefano Brivio2021-09-011-0/+6
| | | | | | | Depending on the configuration, the host might have the same address. Don't answer them to avoid a duplicate IP address detection. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* passt, pasta: Introduce command-line options and port re-mappingStefano Brivio2021-09-0117-691/+1644
| | | | Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Fixes for early data in SOCK_SYN_SENT, closing states, clamping windowStefano Brivio2021-09-011-23/+30
| | | | | | More details here after rebase. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tap: Make sure we don't receive frames bigger than ETH_MAX_MTU from qemuStefano Brivio2021-09-011-5/+4
| | | | | | | And while at it, remove some attributes that are not needed anymore after introducing command line options. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* dhcpv6: Fix parsing for IA_ADDR suboptions of IA_NA/IA_TAStefano Brivio2021-09-011-7/+11
| | | | | | | | | | | Once we're past the IA_NA or IA_TA option itself, before we start looking for IA_ADDR suboptions, we need to subtract the length of the option we parsed so far, otherwise we might end up reading past the end of the message, or miss some parts. While at it, streamline calculations in dhcpv6_opt(). Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Proper error handling for sendmmsg() to UNIX domain socketStefano Brivio2021-08-261-37/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As data from socket is forwarded to the guest, sendmmsg() might send fewer bytes than requested in three different ways: - failing altogether with a negative error code -- ignore that, we'll get an error on the UNIX domain socket later if there's really an issue with it and reset the connection to the guest - sending less than 'vlen' messages -- instead of assuming success in that case and waiting for the guest to send a duplicate ACK indicating missing data, update the sequence number according to what was actually sent and spare some retransmissions - somewhat unexpectedly to me, sending 'vlen' or less than 'vlen' messages, returning up to 'vlen', with the last message being partially sent, and no further indication of errors other than the returned msg_len for the last partially sent message being less than iov_len. In this case, we would assume success and proceed as nothing happened. However, qemu would fail to parse any further message, having received a partial descriptor, and eventually close the connection, logging: serious error: oversized packet received,connection terminated. as the length descriptor for the next message would be sourced from the middle of the next successfully sent message, not from its header. Handle this by checking the msg_len returned for the last (even partially) sent message, and force re-sending the missing bytes, if any, with a blocking sendmsg() -- qemu must not receive anything else than that anyway. While at it, allow to send up to 64KiB for each message, the previous 32KiB limit isn't actually required, and just switch to a new message at each iteration on sending buffers, they are already MSS-sized anyway, so the check in the loop isn't really needed. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Never send ACK because of pending unacknowleged data when sending SYNStefano Brivio2021-08-241-1/+3
| | | | | | | | | | | | | | With a kernel older than 5.3 (no_snd_wnd set), ack_pending in tcp_send_to_tap() might be true at the beginning of a new connection initiated by a socket. This means we send the first SYN segment to the tap together with ACK set, which is clearly invalid and triggers the receiver to reply with an RST segment right away. Set ack_pending to 0 whenever we're sending a SYN segment. In case of a SYN, ACK segment sent by the caller, the caller passes the ACK flag explicitly. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Drop EPOLLET for non-spliced connectionsStefano Brivio2021-08-241-4/+4
| | | | | | | Socket-facing functions don't guarantee that all data is handled before they return: stick to level-triggered mode for TCP sockets. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* util: Don't close ping sockets if bind() failsStefano Brivio2021-08-041-3/+6
| | | | | | | ...they're still usable, thanks to the workaround implemented in icmp_tap_handler(). Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* util: Fix millisecond logging timestamp calculationStefano Brivio2021-08-041-1/+1
| | | | | | | Four sub-second digits means 0.1ms units: divide nanoseconds by 10^5, not 10^6. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Fast re-transmit, more fixes for closing states and no_snd_wndStefano Brivio2021-08-041-45/+73
| | | | | | | | | | | ...and while at it, fix an issue in the calculation of the last IOV buffer size: if we can't receive enough data to fill up the window, the last buffer can be filled completely. Also streamline the code setting iovec lengths if cached values are not matching. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
* tcp: Always allow ACKs when pending, fixes for no_snd_wnd and closing statesStefano Brivio2021-08-041-10/+23
| | | | | | | | | | | | | | | | We won't necessarily have another choice to ACK in a timely fashion if we skip ACKs from a number of states (including ESTABLISHED) when there's enough window left. Check for ACKed bytes as soon as it makes sense. If the sending window is not reported by the kernel, ACK as soon as we queue onto the socket, given that we're forced to use a rather small window. In FIN_WAIT_1_SOCK_FIN, we also have to account for the FIN flag sent by the peer in the sequence. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>