From e24f0262229a1f9c673dca3452ad103cbe06b866 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 10 Dec 2024 13:36:45 -0500
Subject: [PATCH] pasta: make it possible to disable socket splicing

During testing it is sometimes useful to force traffic which would
normally be forwared by socket splicing through the tap interface.

In this commit, we add a command switch enabling such funtionality
for inbound local traffic.

For outbound local traffic this is much trickier, if even possible,
so leave that for a later commit.

Suggested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 conf.c  | 7 ++++++-
 fwd.c   | 2 +-
 passt.1 | 5 +++++
 passt.h | 2 ++
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/conf.c b/conf.c
index eaa7d99..97d8beb 100644
--- a/conf.c
+++ b/conf.c
@@ -977,7 +977,8 @@ pasta_opts:
 		"			Don't copy all routes to namespace\n"
 		"  --no-copy-addrs	DEPRECATED:\n"
 		"			Don't copy all addresses to namespace\n"
-		"  --ns-mac-addr ADDR	Set MAC address on tap interface\n");
+		"  --ns-mac-addr ADDR	Set MAC address on tap interface\n"
+		"  --no-splice		Disable inbound socket splicing\n");
 
 	exit(status);
 }
@@ -1319,6 +1320,7 @@ void conf(struct ctx *c, int argc, char **argv)
 		{"no-dhcpv6",	no_argument,		&c->no_dhcpv6,	1 },
 		{"no-ndp",	no_argument,		&c->no_ndp,	1 },
 		{"no-ra",	no_argument,		&c->no_ra,	1 },
+		{"no-splice",	no_argument,		&c->no_splice,	1 },
 		{"freebind",	no_argument,		&c->freebind,	1 },
 		{"no-map-gw",	no_argument,		&no_map_gw,	1 },
 		{"ipv4-only",	no_argument,		NULL,		'4' },
@@ -1756,6 +1758,9 @@ void conf(struct ctx *c, int argc, char **argv)
 		}
 	} while (name != -1);
 
+	if (c->mode != MODE_PASTA)
+		c->no_splice = 1;
+
 	if (c->mode == MODE_PASTA && !c->pasta_conf_ns) {
 		if (copy_routes_opt)
 			die("--no-copy-routes needs --config-net");
diff --git a/fwd.c b/fwd.c
index 0b7f8b1..2829cd2 100644
--- a/fwd.c
+++ b/fwd.c
@@ -443,7 +443,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
 	else if (proto == IPPROTO_UDP)
 		tgt->eport += c->udp.fwd_in.delta[tgt->eport];
 
-	if (c->mode == MODE_PASTA && inany_is_loopback(&ini->eaddr) &&
+	if (!c->no_splice && inany_is_loopback(&ini->eaddr) &&
 	    (proto == IPPROTO_TCP || proto == IPPROTO_UDP)) {
 		/* spliceable */
 
diff --git a/passt.1 b/passt.1
index b2896a2..d9cd33e 100644
--- a/passt.1
+++ b/passt.1
@@ -695,6 +695,11 @@ Configure MAC address \fIaddr\fR on the tap interface in the namespace.
 
 Default is to let the tap driver build a pseudorandom hardware address.
 
+.TP
+.BR \-\-no-splice
+Disable the bypass path for inbound, local traffic. See the section \fBHandling
+of local traffic in pasta\fR in the \fBNOTES\fR for more details.
+
 .SH EXAMPLES
 
 .SS \fBpasta
diff --git a/passt.h b/passt.h
index c038630..0dd4efa 100644
--- a/passt.h
+++ b/passt.h
@@ -229,6 +229,7 @@ struct ip6_ctx {
  * @no_dhcpv6:		Disable DHCPv6 server
  * @no_ndp:		Disable NDP handler altogether
  * @no_ra:		Disable router advertisements
+ * @no_splice:		Disable socket splicing for inbound traffic
  * @host_lo_to_ns_lo:	Map host loopback addresses to ns loopback addresses
  * @freebind:		Allow binding of non-local addresses for forwarding
  * @low_wmem:		Low probed net.core.wmem_max
@@ -291,6 +292,7 @@ struct ctx {
 	int no_dhcpv6;
 	int no_ndp;
 	int no_ra;
+	int no_splice;
 	int host_lo_to_ns_lo;
 	int freebind;