Commit graph

67 commits

Author SHA1 Message Date
Stefano Brivio
1d6142f362 README: pasta is indeed a supported back-end for rootless Docker
...https://github.com/moby/moby/issues/48257 just reminded me.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
2024-08-21 12:05:26 +02:00
AbdAlRahman Gad
8fae3b73cb Fix typo in README file
- remove duplicated 'the' in the 'Services' section

Signed-off-by: AbdAlRahman Gad <abdobngad@gmail.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2024-07-29 19:02:35 +02:00
Stefano Brivio
bbea2752f6 README.md: Alpine, Guix and OpenSUSE now have packages for passt
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
2024-04-05 12:12:23 +02:00
Stefano Brivio
62b94c3ec8 README: Default SLAAC prefix comes from address (not prefix) on host
Reported-by: Yalan Zhang <yalzhang@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-12-30 11:45:27 +01:00
Stefano Brivio
e197c4e490 README: Fix broken link to CentOS Stream package
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-12-30 11:45:27 +01:00
Stefano Brivio
a672705e4d README: Update "Availability" section
It's been a while -- there are now official packages for Arch Linux,
Gentoo, Void Linux.

Suggested-by: Rahil Bhimjiani <me@rahil.website>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-12-27 19:29:45 +01:00
Stefano Brivio
ca2749e1bd passt: Relicense to GPL 2.0, or any later version
In practical terms, passt doesn't benefit from the additional
protection offered by the AGPL over the GPL, because it's not
suitable to be executed over a computer network.

Further, restricting the distribution under the version 3 of the GPL
wouldn't provide any practical advantage either, as long as the passt
codebase is concerned, and might cause unnecessary compatibility
dilemmas.

Change licensing terms to the GNU General Public License Version 2,
or any later version, with written permission from all current and
past contributors, namely: myself, David Gibson, Laine Stump, Andrea
Bolognani, Paul Holzinger, Richard W.M. Jones, Chris Kuhn, Florian
Weimer, Giuseppe Scrivano, Stefan Hajnoczi, and Vasiliy Ulyanov.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-04-06 18:00:33 +02:00
Stefano Brivio
7c7625ddff README: Update Features section, plus minor improvements
...it's been a while.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
2023-03-09 03:44:21 +01:00
Stefano Brivio
708b366016 README: Add link to weekly development meeting
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-11-21 10:55:33 +01:00
Stefano Brivio
3eb26fecf5 README: Fix left-over and indentation for Podman example command
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-11-16 23:36:55 +01:00
Stefano Brivio
ace074cf49 README: The upcoming version of Podman adds support for pasta
Don't update the demo yet: we could just wait until Podman 4.3.2 is
out and packaged.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-11-16 17:29:11 +01:00
Stefano Brivio
b6400db3a6 README: Add links to Debian package tracker
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
2022-11-16 15:10:53 +01:00
Stefano Brivio
11efaefa1e passt, qrap, README: Update notes and documentation for AF_UNIX support in qemu
We can't get rid of qrap quite yet, but at least we should start
telling users it's not going to be needed anymore starting from qemu
7.2.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-11-04 12:04:32 +01:00
Stefano Brivio
ea5e046646 README: Add Podman, vhost-user links, and links to Bugzilla queries
Unfortunately Bugzilla doesn't enable sharing of queries to
unregistered users:
  https://bugzilla.mozilla.org/show_bug.cgi?id=400063

...but we can still use ugly search links.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-10-27 22:41:37 +02:00
Stefano Brivio
01efc71ddd log, conf: Add support for logging to file
In some environments, such as KubeVirt pods, we might not have a
system logger available. We could choose to run in foreground, but
this takes away the convenient synchronisation mechanism derived from
forking to background when interfaces are ready.

Add optional logging to file with -l/--log-file and --log-size.

Unfortunately, this means we need to duplicate features that are more
appropriately implemented by a system logger, such as rotation. Keep
that reasonably simple, by using fallocate() with range collapsing
where supported (Linux kernel >= 3.15, extent-based ext4 and XFS) and
falling back to an unsophisticated block-by-block moving of entries
toward the beginning of the file once we reach the (mandatory) size
limit.

While at it, clarify the role of LOG_EMERG in passt.c.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
2022-10-14 17:38:28 +02:00
Stefano Brivio
8338135777 README: Add missing parenthesis in Try It section
Signed-off-by: Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-24 09:00:22 +02:00
Stefano Brivio
9232065641 README: Drop excess whitespace in Try It section
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-24 08:59:16 +02:00
Stefano Brivio
16ad76d680 README: Add legend for Features section
As suggested by David: those emojis might not be entirely obvious.

Suggested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-24 00:33:15 +02:00
Stefano Brivio
715677b699 README: Fix paragraph in Try It section of passt
The qemu patch isn't mentioned there anymore: replace reference with
a link.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-24 00:28:52 +02:00
Stefano Brivio
229b16cba3 README: Fix indentation in "Try It" section
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-24 00:23:38 +02:00
Stefano Brivio
be41639c20 README: Point openSUSE links to Dario's OBS repository
...instead of my Copr. It's also not official yet, but surely more
appropriate now.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-24 00:18:40 +02:00
Stefano Brivio
8b3443c561 README: Fix misspellings of openSUSE
For some reason, I used a capital O everywhere.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-24 00:14:47 +02:00
Stefano Brivio
47d424d083 README: Update Availability and Try It sections with new packages
We now have official packages for Fedora, unofficial (Fedora Copr)
for other common RPM-based distributions, and the existing
packages with static builds for Debian, and for other RPM-based
distributions.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-09-22 16:53:35 +02:00
Stefano Brivio
f3aaced135 README: Add link to Copr repositories
These have packages covering all recent versions of CentOS Stream,
EPEL, Fedora, Mageia and OpenSUSE Tumbleweed.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-18 21:17:39 +02:00
Stefano Brivio
bda79ba401 doc: Rewrite demo script
The original demo script was written when pasta wasn't a thing yet,
so it needed to run as root, set up a veth pair, and configure
addresses and routes by itself.

Now pasta can do all that for us, and become part of the demo as
well.

Further, extend it to start qemu, optionally preparing a basic demo
image with mbuto (https://mbuto.sh), and execute one logical step at
a time, for clarity.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-08-18 21:17:29 +02:00
Stefano Brivio
1d223e4b4c passt: Allow exit_group() system call in seccomp profiles
We handle SIGQUIT and SIGTERM calling exit(), which is usually
implemented with the exit_group() system call.

If we don't allow exit_group(), we'll get a SIGSYS while handling
SIGQUIT and SIGTERM, which means a misleading non-zero exit code.

Reported-by: Wenli Quan <wquan@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2101990
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-07-14 01:36:05 +02:00
Stefano Brivio
d7d467f60c README: Fix links to static builds
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-06-08 11:17:59 +02:00
Stefano Brivio
8cc6c9b490 README: Fix link to contrib/debian
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-30 14:34:42 +02:00
Stefano Brivio
baf79c033e README: Drop red notice about early development phase
Last famous words: it should be tested enough by now.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-30 05:52:39 +02:00
Stefano Brivio
bc925b1da4 contrib: Add example of Debian package files
...using dh_apparmor to ship and apply AppArmor profiles. Tried on
current Debian testing (Bookworm, 12).

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-30 05:52:39 +02:00
Stefano Brivio
8d85b6a99e tap: Allow ioctl() and openat() for tap_ns_tun() re-initialisation
If the tun interface disappears, we'll call tap_ns_tun() after the
seccomp profile is applied: add ioctl() and openat() to it.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-30 05:49:46 +02:00
Stefano Brivio
1f4b7fa0d7 passt, pasta: Add examples of SELinux policy modules
These should cover any reasonably common use case in distributions.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-29 15:35:38 +02:00
Stefano Brivio
bb70811183 treewide: Packet abstraction with mandatory boundary checks
Implement a packet abstraction providing boundary and size checks
based on packet descriptors: packets stored in a buffer can be queued
into a pool (without storage of its own), and data can be retrieved
referring to an index in the pool, specifying offset and length.

Checks ensure data is not read outside the boundaries of buffer and
descriptors, and that packets added to a pool are within the buffer
range with valid offset and indices.

This implies a wider rework: usage of the "queueing" part of the
abstraction mostly affects tap_handler_{passt,pasta}() functions and
their callees, while the "fetching" part affects all the guest or tap
facing implementations: TCP, UDP, ICMP, ARP, NDP, DHCP and DHCPv6
handlers.

Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-29 15:35:38 +02:00
Stefano Brivio
bc4ec1a8e9 README: Update Interfaces and Availability sections
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-29 15:35:38 +02:00
Stefano Brivio
e80f608710 README: Avoid "here" links
They look a bit lame: rephrase sentences to avoid them.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-29 15:35:38 +02:00
Stefano Brivio
be5bbb9b06 tcp: Rework timers to use timerfd instead of periodic bitmap scan
With a lot of concurrent connections, the bitmap scan approach is
not really sustainable.

Switch to per-connection timerfd timers, set based on events and on
two new flags, ACK_FROM_TAP_DUE and ACK_TO_TAP_DUE. Timers are added
to the common epoll list, and implement the existing timeouts.

While at it, drop the CONN_ prefix from flag names, otherwise they
get quite long, and fix the logic to decide if a connection has a
local, possibly unreachable endpoint: we shouldn't go through the
rest of tcp_conn_from_tap() if we reset the connection due to a
successful bind(2), and we'll get EACCES if the port number is low.

Suggested by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-29 15:35:38 +02:00
Stefano Brivio
14c4c0253c README: Make it somewhat readable on mobile devices
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-04 19:23:45 +01:00
Stefano Brivio
216a266a75 hooks, README: gzipped js snippets, webp alternatives for png
Upload gzipped js snippets for usage with gzip_static in nginx or
equivalent. Convert png drawings to webp for smaller size, use them
as alternatives in README.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-02 14:02:03 +01:00
Stefano Brivio
71ab6d9972 README: Don't preload CI recording, show poster from end of run
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-01 22:31:42 +01:00
Stefano Brivio
628c4f0cae README: s/guest/namespace/ in pasta "Try it" section
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-01 21:43:41 +01:00
Stefano Brivio
06f8e4f960 Makefile, hooks: Static target precondition for pkgs, copy .avx2 builds
Convenience packages are anyway built from static builds.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-01 21:41:22 +01:00
Stefano Brivio
213c397492 passt, pasta: Run-time selection of AVX2 build
Build-time selection of AVX2 flags and routines is not practical for
distributions, but limiting AVX2 usage to checksum routines with
specific run-time detection doesn't allow for easy performance gains
from auto-vectorisation of batched packet handling routines.

For x86_64, build non-AVX2 and AVX2 binaries, and implement a simple
wrapper replacing the current executable with the AVX2 build if it's
available, and if AVX2 is supported by the current CPU.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-28 16:46:28 +01:00
Stefano Brivio
c47d9f7ee0 README: Fix demo div grid layout
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-23 11:49:15 +01:00
Stefano Brivio
337f55166f demo, ci: Switch to asciinema(1) for terminal recordings
For demos, cool-retro-term(1) looked fancier, but several threads of
that and ffmpeg(1) are just messing up with performance testing.

The CI videos started getting really big as well, and they were
difficult to read.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-22 18:36:24 +01:00
Stefano Brivio
be2a7898e9 test: Add demo for Podman with pasta
...showing setup steps, some peculiarities as --net option, and a
general side-to-side comparison with slirp4netns(1), including
"quick" TCP and UDP throughput and latency benchmarks.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-22 18:34:44 +01:00
Stefano Brivio
39a3531270 README, hooks: Build HTML man page on push, add a link
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
0515adceaa passt, pasta: Namespace-based sandboxing, defer seccomp policy application
To reach (at least) a conceptually equivalent security level as
implemented by --enable-sandbox in slirp4netns, we need to create a
new mount namespace and pivot_root() into a new (empty) mountpoint, so
that passt and pasta can't access any filesystem resource after
initialisation.

While at it, also detach IPC, PID (only for passt, to prevent
vulnerabilities based on the knowledge of a target PID), and UTS
namespaces.

With this approach, if we apply the seccomp filters right after the
configuration step, the number of allowed syscalls grows further. To
prevent this, defer the application of seccomp policies after the
initialisation phase, before the main loop, that's where we expect bad
things to happen, potentially. This way, we get back to 22 allowed
syscalls for passt and 34 for pasta, on x86_64.

While at it, move #syscalls notes to specific code paths wherever it
conceptually makes sense.

We have to open all the file handles we'll ever need before
sandboxing:

- the packet capture file can only be opened once, drop instance
  numbers from the default path and use the (pre-sandbox) PID instead

- /proc/net/tcp{,v6} and /proc/net/udp{,v6}, for automatic detection
  of bound ports in pasta mode, are now opened only once, before
  sandboxing, and their handles are stored in the execution context

- the UNIX domain socket for passt is also bound only once, before
  sandboxing: to reject clients after the first one, instead of
  closing the listening socket, keep it open, accept and immediately
  discard new connection if we already have a valid one

Clarify the (unchanged) behaviour for --netns-only in the man page.

To actually make passt and pasta processes run in a separate PID
namespace, we need to unshare(CLONE_NEWPID) before forking to
background (if configured to do so). Introduce a small daemon()
implementation, __daemon(), that additionally saves the PID file
before forking. While running in foreground, the process itself can't
move to a new PID namespace (a process can't change the notion of its
own PID): mention that in the man page.

For some reason, fork() in a detached PID namespace causes SIGTERM
and SIGQUIT to be ignored, even if the handler is still reported as
SIG_DFL: add a signal handler that just exits.

We can now drop most of the pasta_child_handler() implementation,
that took care of terminating all processes running in the same
namespace, if pasta started a shell: the shell itself is now the
init process in that namespace, and all children will terminate
once the init process exits.

Issuing 'echo $$' in a detached PID namespace won't return the
actual namespace PID as seen from the init namespace: adapt
demo and test setup scripts to reflect that.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
6e61b4040a test: Add distribution tests for several architectures and kernel versions
The new tests check build and a simple case with pasta sending a
short message in both directions (namespace to init, init to
namespace).

Tests cover a mix of Debian, Fedora, OpenSUSE and Ubuntu combinations
on aarch64, i386, ppc64, ppc64le, s390x, x86_64.

Builds tested starting from approximately glibc 2.19, gcc 4.7, and
actual functionality approximately from 4.4 kernels, glibc 2.25,
gcc 4.8, all the way up to current glibc/gcc/kernel versions.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-01-28 18:51:50 +01:00
Stefano Brivio
21b1a8445b README: Fix link to IGMP/MLD proxy ticket
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-01-28 02:05:19 +01:00
Stefano Brivio
2fbec4d300 README: Fix anchor for Performance section
It shouldn't refer to the subsection under "Features".

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-01-27 16:44:05 +01:00