passt/doc/demo.sh

70 lines
1.9 KiB
Bash
Raw Normal View History

passt: New design and implementation with native Layer 4 sockets This is a reimplementation, partially building on the earlier draft, that uses L4 sockets (SOCK_DGRAM, SOCK_STREAM) instead of SOCK_RAW, providing L4-L2 translation functionality without requiring any security capability. Conceptually, this follows the design presented at: https://gitlab.com/abologna/kubevirt-and-kvm/-/blob/master/Networking.md The most significant novelty here comes from TCP and UDP translation layers. In particular, the TCP state and translation logic follows the intent of being minimalistic, without reimplementing a full TCP stack in either direction, and synchronising as much as possible the TCP dynamic and flows between guest and host kernel. Another important introduction concerns addressing, port translation and forwarding. The Layer 4 implementations now attempt to bind on all unbound ports, in order to forward connections in a transparent way. While at it: - the qemu 'tap' back-end can't be used as-is by qrap anymore, because of explicit checks now introduced in qemu to ensure that the corresponding file descriptor is actually a tap device. For this reason, qrap now operates on a 'socket' back-end type, accounting for and building the additional header reporting frame length - provide a demo script that sets up namespaces, addresses and routes, and starts the daemon. A virtual machine started in the network namespace, wrapped by qrap, will now directly interface with passt and communicate using Layer 4 sockets provided by the host kernel. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2021-02-16 07:25:09 +01:00
#!/bin/sh -e
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# PASST - Plug A Simple Socket Transport
#
# demo.sh - Set up namespaces, addresses and routes to show PASST functionality
#
# Copyright (c) 2020-2021 Red Hat GmbH
# Author: Stefano Brivio <sbrivio@redhat.com>
get_token() {
IFS=' '
__next=0
for __token in ${@}; do
[ ${__next} -eq 2 ] && echo "${__token}" && return
[ "${__token}" = "${1}" ] && __next=$((__next + 1))
done
unset IFS
}
ipv6_dev() { get_token "dev" $(ip -o -6 ro show default); }
ipv6_devaddr() { get_token "inet6" $(ip -o -6 ad sh dev "${1}" scope global); }
ipv6_ll_addr() { get_token "inet6" $(ip -o -6 ad sh dev "${1}" scope link); }
ipv6_mask() { echo ${1#*/}; }
ipv6_mangle() {
IFS=':'
__c=0
for __16b in ${1%%/*}; do
if [ ${__c} -lt 7 ]; then
printf "${__16b}:"
else
printf "abcd\n" && break
fi
__c=$((__c + 1))
done
unset IFS
}
ndp_setup() {
sysctl -w net.ipv6.conf.all.proxy_ndp=1
ip -6 neigh add proxy "${1}" dev "$(ipv6_dev)"
}
ip netns del passt 2>/dev/null || :
ip link del veth_passt 2>/dev/null || :
ip netns add passt
ip link add veth_passt up netns passt type veth peer name veth_passt
ip link set dev veth_passt up
ip -n passt addr add 192.0.2.2/24 dev veth_passt
ip addr add 192.0.2.1/24 dev veth_passt
ip -n passt route add default via 192.0.2.1
ipv6_addr="$(ipv6_devaddr "$(ipv6_dev)")"
ipv6_passt="$(ipv6_mangle "${ipv6_addr}")"
ndp_setup "${ipv6_passt}"
ip -n passt addr add "${ipv6_passt}/$(ipv6_mask "${ipv6_addr}")" dev veth_passt
ip addr add "${ipv6_addr}" dev veth_passt
passt_ll="$(ipv6_ll_addr "veth_passt")"
main_ll="$(get_token "link/ether" $(ip -o li sh veth_passt))"
ip -n passt neigh add "${passt_ll%%/*}" dev veth_passt lladdr "${main_ll}"
ip -n passt route add default via "${passt_ll%%/*}" dev veth_passt
ethtool -K veth_passt tx off
ip netns exec passt ethtool -K veth_passt tx off
ulimit -n 300000
ip netns exec passt ./passt