mirrors/passt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

README: Feature list, links to lists, bugs, chat

Browse source 
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2021-10-23 12:12:23 +02:00
parent a77c5ef93a
commit 2c7431ffcf
1 changed files with 120 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

128
README.md
View file

@ -115,7 +115,7 @@ for TCP and UDP, respectively.
<img src="/builds/latest/web/pasta_overview.png" class="bright" style="z-index: 20; position: relative;"> <img src="/builds/latest/web/pasta_overview.png" class="bright" style="z-index: 20; position: relative;">
- [Motivation](#motivation) - [Motivation](#motivation)
- [Non-functional Targets](#non-functional-targets) - [Features](#features)
- [Interfaces and Environment](#interfaces-and-environment) - [Interfaces and Environment](#interfaces-and-environment)
- [Services](#services) - [Services](#services)
- [Addresses](#addresses) - [Addresses](#addresses)
@ -126,6 +126,7 @@ for TCP and UDP, respectively.
- [Performance](#performance) - [Performance](#performance)
- [Try it](#try-it) - [Try it](#try-it)
- [Contribute](#contribute) - [Contribute](#contribute)
- [Security and Vulnerability Reports](#security-and-vulnerability-reports)
## Motivation ## Motivation
@ -192,13 +193,109 @@ speeding up local connections, and usually requiring NAT. _pasta_:
* with default options, maps routing and addressing information to the * with default options, maps routing and addressing information to the
namespace, avoiding any need for NAT namespace, avoiding any need for NAT
## Non-functional Targets ## Features
Security and maintainability goals: ### Protocols
* ✅ IPv4
* ✅ all features, except for
* ❌ fragmentation
* ✅ IPv6
* ✅ all features, except for
* ❌ fragmentation
* ❌ jumbograms
* ✅ [TCP](/passt/tree/tcp.c)
* ✅ Window Scaling (RFC 7323)
* ✅ Defenses against Sequence Number Attacks (RFC 6528)
* ⌚ [Protection Against Wrapped Sequences](https://bugs.passt.top/show_bug.cgi?id=1) (PAWS, RFC 7323)
* ⌚ [Timestamps](https://bugs.passt.top/show_bug.cgi?id=1) (RFC 7323)
* ❌ Selective Acknowledgment (RFC 2018)
* ✅ [UDP](/passt/tree/udp.c)
* ✅ ICMP/ICMPv6 Echo
* ⌚ [IGMP/MLD](https://bugs.passt.top/show_bug.cgi?id=1) proxy
* ⌚ [SCTP](https://bugs.passt.top/show_bug.cgi?id=3)
* no dynamic memory allocation ### Portability
* ~5 000 LoC target * Linux
* no external dependencies * ✅ starting from 4.18 kernel version
* 🛠 starting from 3.8 kernel version
* 🛠 build-time selection of AVX2 instructions (as much as possible)
* ⌚ [_musl_](https://bugs.passt.top/show_bug.cgi?id=4) and
[_uClibc-ng_](https://bugs.passt.top/show_bug.cgi?id=5)
* ⌚ [FreeBSD](https://bugs.passt.top/show_bug.cgi?id=6),
[Darwin](https://bugs.passt.top/show_bug.cgi?id=6)
* ⌚ [NetBSD](https://bugs.passt.top/show_bug.cgi?id=7),
[OpenBSD](https://bugs.passt.top/show_bug.cgi?id=7)
* ⌚ [Win2k](https://bugs.passt.top/show_bug.cgi?id=8)
### Security
* ✅ no dynamic memory allocation (`sbrk`(2), `brk`(2), `mmap`(2) [blocked via
`seccomp`](/passt/tree/seccomp.sh))
* ✅ root operation not allowed outside user namespaces
* ✅ all capabilities dropped, other than `CAP_NET_BIND_SERVICE` (if granted)
* ✅ no external dependencies (other than a standard C library)
* ✅ restrictive seccomp profiles (46 syscalls allowed for _passt_, 58 for
_pasta_)
* ✅ static checkers in continuous integration (clang-tidy, cppcheck)
* 🛠️ rework of TCP state machine (flags instead of states), TCP timers, and code
de-duplication
* 🛠️ clearly defined packet abstraction
* 🛠️ ~5 000 LoC target
* ⌚ [fuzzing](https://bugs.passt.top/show_bug.cgi?id=9), _packetdrill_ tests
* ⌚ stricter [synflood protection](https://bugs.passt.top/show_bug.cgi?id=10)
* 💡 [your](https://lists.passt.top/) [ideas](https://bugs.passt.top/)
[here](https://chat.passt.top)
### Configurability
* ✅ all addresses, ports, port ranges
* ✅ optional NAT, not required
* ✅ all protocols
* ✅ _pasta_: auto-detection of bound ports
* 🛠 run-time configuration of port ranges without autodetection
* 🛠 configuration of port ranges for autodetection
* 💡 [your](https://lists.passt.top/) [ideas](https://bugs.passt.top/)
[here](https://chat.passt.top)
### Performance
* ✅ maximum two (cache hot) copies on every data path
* ✅ _pasta_: zero-copy for local connections by design (no configuration
needed)
* ✅ generalised coalescing and batching on every path for every supported
protocol
* ✅ 4 to 50 times IPv4 TCP throughput of existing, conceptually similar
solutions depending on MTU (UDP and IPv6 hard to compare)
* 🛠 _vhost-user_ support for maximum one copy on every data path and lower
request-response latency
* ⌚ [multithreading](https://bugs.passt.top/show_bug.cgi?id=13)
* ⌚ [raw IP socket support](https://bugs.passt.top/show_bug.cgi?id=14) if
`CAP_NET_RAW` is granted
* ⌚ eBPF support (might not improve performance over vhost-user)
### Interfaces
* ✅ qemu, libvirt support with [`qrap` wrapper](/passt/tree/qrap.c)
* ✅ out-of-tree patches for [qemu](/passt/tree/qemu) and
[libvirt](/passt/tree/libvirt) available
* 🛠 bug-to-bug compatible
[_slirp4netns_ replacement](/passt/tree/slirp4netns.sh) (rootless Podman,
RootlessKit)
* 🛠 native [qemu](https://bugs.passt.top/show_bug.cgi?id=11),
[libvirt](https://bugs.passt.top/show_bug.cgi?id=12) support
* ⌚ drop-in replacement for VPNKit (rootless Docker)
### Availability
* ✅ convenience unofficial packages for Debian, RPM-based distributions on
x86_64 (static builds)
* 🛠 official
[OpenSUSE packages](https://build.opensuse.org/package/show/home:mnhauke/passt)
* 🛠 testing on non-x86 architectures
* ⌚ packages for Debian, Fedora, etc.
### Services
* ✅ built-in [ARP proxy](/passt/tree/arp.c)
* ✅ minimalistic [DHCP server](/passt/tree/dhcp.c)
* ✅ minimalistic [NDP proxy](/passt/tree/ndp.c) with router advertisements and
SLAAC support
* ✅ minimalistic [DHCPv6 server](/passt/tree/dhcpv6.c)
* ⌚ fine-grained configurability of DHCP, NDP, DHCPv6 options
## Interfaces and Environment ## Interfaces and Environment
@ -433,5 +530,20 @@ Test logs [here](/builds/latest/test/).
## Contribute ## Contribute
Public bug tracker and mailing lists are coming soon. For the moment being, send ### [Mailing Lists](/passt/lists)
patches and issue reports to [sbrivio@redhat.com](mailto:sbrivio@redhat.com). * Submit, review patches, and discuss development ideas on
[`passt-dev`](https://lists.passt.top/postorius/lists/passt-dev.passt.top/)
* Ask your questions and discuss usage needs on
[`passt-user`](https://lists.passt.top/postorius/lists/passt-user.passt.top/)
### [Bug Reports and Feature Requests](/passt/bugs)
* [File a bug](https://bugs.passt.top/enter_bug.cgi) for those
### [Chat](/passt/chat)
* Somebody might be available on [IRC](https://irc.passt.top)
## Security and Vulnerability Reports
* Please send an email to [passt-sec](mailto:passt-sec@passt.top), private list,
no subscription required