Commit graph

1685 commits

Author SHA1 Message Date
Stefano Brivio
216a266a75 hooks, README: gzipped js snippets, webp alternatives for png
Upload gzipped js snippets for usage with gzip_static in nginx or
equivalent. Convert png drawings to webp for smaller size, use them
as alternatives in README.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-02 14:02:03 +01:00
Stefano Brivio
bec6d3e084 test/lib/setup: Unshare PID namespace in pasta_setup()
...otherwise, we'll leave processes (dhclient) around.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-02 05:00:21 +01:00
Stefano Brivio
71ab6d9972 README: Don't preload CI recording, show poster from end of run
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-01 22:31:42 +01:00
Stefano Brivio
628c4f0cae README: s/guest/namespace/ in pasta "Try it" section
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-01 21:43:41 +01:00
Stefano Brivio
06f8e4f960 Makefile, hooks: Static target precondition for pkgs, copy .avx2 builds
Convenience packages are anyway built from static builds.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-01 21:41:22 +01:00
Stefano Brivio
763f281155 demo/pasta: Clean up before rebuilding with -g
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-03-01 21:32:08 +01:00
Stefano Brivio
2fa1cef016 arp, dhcp: Fix strict aliasing warnings reported by gcc 4.9 with -Ofast
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-28 22:17:32 +01:00
Stefano Brivio
213c397492 passt, pasta: Run-time selection of AVX2 build
Build-time selection of AVX2 flags and routines is not practical for
distributions, but limiting AVX2 usage to checksum routines with
specific run-time detection doesn't allow for easy performance gains
from auto-vectorisation of batched packet handling routines.

For x86_64, build non-AVX2 and AVX2 binaries, and implement a simple
wrapper replacing the current executable with the AVX2 build if it's
available, and if AVX2 is supported by the current CPU.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-28 16:46:28 +01:00
Stefano Brivio
deca1ebe50 test/distro/opensuse: Add Tumbleweed armv7l test
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-28 04:25:53 +01:00
Stefano Brivio
7992995d35 test/lib/term: Don't run demo when started as ./run
I changed this in a previous commit by mistake, restore the original
command.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-28 04:24:54 +01:00
Stefano Brivio
04fd94ab07 seccomp, tcp: Add fcntl64 to pasta syscalls for armv6l, armv7l
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-28 04:23:31 +01:00
Stefano Brivio
8d33ec62de hooks/pre-push: Keep original cast on gzip, fix uploading with dash
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-28 02:51:34 +01:00
Stefano Brivio
28fb960451 demo/pasta: Exit namespace in 'ns' pane before restarting pasta
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-28 02:50:25 +01:00
Stefano Brivio
6d661dc5b2 seccomp: Adjust list of allowed syscalls for armv6l, armv7l
It looks like glibc commonly implements clock_gettime(2) with
clock_gettime64(), and uses recv() instead of recvfrom(), send()
instead of sendto(), and sigreturn() instead of rt_sigreturn() on
armv6l and armv7l.

Adjust the list of system calls for armv6l and armv7l accordingly.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-26 23:39:19 +01:00
Stefano Brivio
a095fbc457 passt: Don't warn on failed madvise()
A kernel might not be configured with CONFIG_TRANSPARENT_HUGEPAGE,
especially on embedded systems. Ignore the error, it doesn't affect
functionality.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-26 23:37:05 +01:00
Stefano Brivio
6dc1ec3c7a Makefile: Fix up AUDIT_ARCH for armv6l, armv7l
There's a single AUDIT_ARCH_ARM define available (and big-endian
shouldn't be a concern with those).

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-26 23:34:40 +01:00
Stefano Brivio
bd7340e815 tap: Cast ETH_MAX_MTU to signed in comparisons
At least gcc 8.3 and 10.2 emit a warning on armv6l and armv7l.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-26 23:32:50 +01:00
Stefano Brivio
601f7ee78e seccomp.sh: Handle syscall number defines in the (x + y) form
This is the case at least for current glibc headers on armv6l and
armv7l.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-26 23:32:02 +01:00
Stefano Brivio
eed6933e6c udp: Explicitly initialise sin6_scope_id and sin_zero in sockaddr_in{,6}
Not functionally needed, but gcc versions 7 to 9 (at least) will
issue a warning otherwise.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-25 22:54:35 +01:00
Stefano Brivio
9b61bd0b39 passt: Explicitly check return value of chdir()
...it doesn't actually matter as we're checking errno at the very
end, but, depending on build flags, chdir() might be declared with
warn_unused_result and the compiler issues a warning.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-25 22:42:36 +01:00
Stefano Brivio
e221ca7613 hooks: Uploaded compressed .cast files too
...to benefit from gzip_static in nginx or equivalent.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-23 13:28:26 +01:00
Stefano Brivio
03f7eb945b passt.1: Drop duplicate --dns section
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-23 13:22:08 +01:00
Stefano Brivio
e5bd8dbb24 conf, ndp: Disable router advertisements on --config-net
If we statically configure a default route, and also advertise it for
SLAAC, the kernel will try moments later to add the same route:

  ICMPv6: RA: ndisc_router_discovery failed to add default route

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-23 13:21:52 +01:00
Stefano Brivio
ed58ad1a59 netlink: Avoid left-over bytes in request on MTU configuration
When nl_link() configures the MTU, it shouldn't send extra bytes,
otherwise we'll get a kernel warning:

  netlink: 4 bytes leftover after parsing attributes in process `pasta'.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-23 13:21:52 +01:00
Stefano Brivio
08b7a2ec38 test: Fix name of CI asciinema player in perf links handler
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-23 13:21:52 +01:00
Stefano Brivio
c47d9f7ee0 README: Fix demo div grid layout
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-23 11:49:15 +01:00
Stefano Brivio
5e0c75d609 passt: Drop PASST_LEGACY_NO_OPTIONS sections
...nobody uses those builds anymore.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-22 18:42:51 +01:00
Stefano Brivio
337f55166f demo, ci: Switch to asciinema(1) for terminal recordings
For demos, cool-retro-term(1) looked fancier, but several threads of
that and ffmpeg(1) are just messing up with performance testing.

The CI videos started getting really big as well, and they were
difficult to read.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-22 18:36:24 +01:00
Stefano Brivio
be2a7898e9 test: Add demo for Podman with pasta
...showing setup steps, some peculiarities as --net option, and a
general side-to-side comparison with slirp4netns(1), including
"quick" TCP and UDP throughput and latency benchmarks.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-22 18:34:44 +01:00
Stefano Brivio
e17731ba97 contrib: Add patch for Podman integration
The patch introduces a "pasta" networking mode for rootless
container, similar to the existing slirp4netns mode. Notable
differences are described in the commit message.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
39a3531270 README, hooks: Build HTML man page on push, add a link
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
d634c498c3 man page: Update REPORTING BUGS section
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
edb64ecbad test/perf/passt_udp: Drop threshold for 256B test
That test fails sometimes, it looks like iperf3 is still sending
initial messages that are too big. I'll need to figure out why,
but given that 256 bytes is not really an expected MTU, drop the
thresholds to zero for the moment being.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
550e2744ab test/distro/ubuntu: Use DEBIAN_FRONTEND=noninteractive for apt on 22.04
Removing the needrestart package doesn't seem to work anymore, and
I'm getting again prompts to restart services after installing gcc
and make: export DEBIAN_FRONTEND=noninteractive before installing
packages to avoid that.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
745a9ba428 pasta: By default, quit if filesystem-bound net namespace goes away
This should be convenient for users managing filesystem-bound network
namespaces: monitor the base directory of the namespace and exit if
the namespace given as PATH or NAME target is deleted. We can't add
an inotify watch directly on the namespace directory, that won't work
with nsfs.

Add an option to disable this behaviour, --no-netns-quit.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
6c93111864 tcp, udp: Receive batching doesn't pay off when writing single frames to tap
In pasta mode, when we get data from sockets and write it as single
frames to the tap device, we batch receive operations considerably,
and then (conceptually) split the data in many smaller writes.

It looked like an obvious choice, but performance is actually better
if we receive data in many small frame-sized recvmsg()/recvmmsg().

The syscall overhead with the previous behaviour, observed by perf,
comes predominantly from write operations, but receiving data in
shorter chunks probably improves cache locality by a considerable
amount.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
9afd87b733 udp: Allow loopback connections from host using configured unicast address
Likely for testing purposes only: allow connections from host to
guest or namespace using, as connection target, the configured,
possibly global unicast address.

In this case, we have to map the destination address to a link-local
address, and for port-based tracked responses, the source address
needs to be again the unicast address: not loopback, not link-local.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
89678c5157 conf, udp: Introduce basic DNS forwarding
For compatibility with libslirp/slirp4netns users: introduce a
mechanism to map, in the UDP routines, an address facing guest or
namespace to the first IPv4 or IPv6 address resulting from
configuration as resolver. This can be enabled with the new
--dns-forward option.

This implies that sourcing and using DNS addresses and search lists,
passed via command line or read from /etc/resolv.conf, is not bound
anymore to DHCP/DHCPv6/NDP usage: for example, pasta users might just
want to use addresses from /etc/resolv.conf as mapping target, while
not passing DNS options via DHCP.

Reflect this in all the involved code paths by differentiating
DHCP/DHCPv6/NDP usage from DNS configuration per se, and in the new
options --dhcp-dns, --dhcp-search for pasta, and --no-dhcp-dns,
--no-dhcp-search for passt.

This should be the last bit to enable substantial compatibility
between slirp4netns.sh and slirp4netns(1): pass the --dns-forward
option from the script too.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
01ae772dcc conf: Given IPv4 address and no netmask, assign RFC 790-style classes
Provide a sane default, instead of /0, if an address is given, and it
doesn't correspond to any host address we could find via netlink.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
eb18f862cb conf: Don't print configuration on --quiet
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
53489b8e6e slirp4netns.sh: Implement API socket option for port forwarding
Introduce the equivalent of the --api-socket option from slirp4netns:
spawn a subshell to handle requests, netcat binds to a UNIX domain
socket and jq parses messages.

Three minor differences compared to slirp4netns:

- IPv6 ports are forwarded too

- error messages are not as specific, for example we don't tell
  apart malformed JSON requests from invalid parameters

- host addresses are always 0.0.0.0 and ::1, pasta doesn't bind on
  specific addresses for different ports

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
ce4e7b4d5d Makefile, conf, passt: Drop passt4netns references, explicit argc check
Nobody currently calls this as passt4netns, that was the name I used
before 'pasta', drop any reference before it's too late.

While at it, explicitly check that argc is bigger than or equal to
one, just as a defensive measure: argv[0] being NULL is not an issue
anyway.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
fb70301b13 passt: Make process not dumpable after sandboxing
Two effects:

- ptrace() on passt and pasta can only be done by root, so that even
  if somebody gains access to the same user, they won't be able to
  check data passed in syscalls anyway. No core dumps allowed either

- /proc/PID files are owned by root:root, and they can't be read by
  the same user as the one passt or pasta are running with

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
0515adceaa passt, pasta: Namespace-based sandboxing, defer seccomp policy application
To reach (at least) a conceptually equivalent security level as
implemented by --enable-sandbox in slirp4netns, we need to create a
new mount namespace and pivot_root() into a new (empty) mountpoint, so
that passt and pasta can't access any filesystem resource after
initialisation.

While at it, also detach IPC, PID (only for passt, to prevent
vulnerabilities based on the knowledge of a target PID), and UTS
namespaces.

With this approach, if we apply the seccomp filters right after the
configuration step, the number of allowed syscalls grows further. To
prevent this, defer the application of seccomp policies after the
initialisation phase, before the main loop, that's where we expect bad
things to happen, potentially. This way, we get back to 22 allowed
syscalls for passt and 34 for pasta, on x86_64.

While at it, move #syscalls notes to specific code paths wherever it
conceptually makes sense.

We have to open all the file handles we'll ever need before
sandboxing:

- the packet capture file can only be opened once, drop instance
  numbers from the default path and use the (pre-sandbox) PID instead

- /proc/net/tcp{,v6} and /proc/net/udp{,v6}, for automatic detection
  of bound ports in pasta mode, are now opened only once, before
  sandboxing, and their handles are stored in the execution context

- the UNIX domain socket for passt is also bound only once, before
  sandboxing: to reject clients after the first one, instead of
  closing the listening socket, keep it open, accept and immediately
  discard new connection if we already have a valid one

Clarify the (unchanged) behaviour for --netns-only in the man page.

To actually make passt and pasta processes run in a separate PID
namespace, we need to unshare(CLONE_NEWPID) before forking to
background (if configured to do so). Introduce a small daemon()
implementation, __daemon(), that additionally saves the PID file
before forking. While running in foreground, the process itself can't
move to a new PID namespace (a process can't change the notion of its
own PID): mention that in the man page.

For some reason, fork() in a detached PID namespace causes SIGTERM
and SIGQUIT to be ignored, even if the handler is still reported as
SIG_DFL: add a signal handler that just exits.

We can now drop most of the pasta_child_handler() implementation,
that took care of terminating all processes running in the same
namespace, if pasta started a shell: the shell itself is now the
init process in that namespace, and all children will terminate
once the init process exits.

Issuing 'echo $$' in a detached PID namespace won't return the
actual namespace PID as seen from the init namespace: adapt
demo and test setup scripts to reflect that.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-21 13:41:13 +01:00
Stefano Brivio
fcc3db78cd slirp4netns: Add EXIT as condition for trap
...otherwise, we don't terminate pasta on regular exit, i.e.
on a read from the "exit" file descriptor.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-04 18:14:13 +01:00
Stefano Brivio
a5d4a5156f slirp4netns: Look up pasta command, exit if not found
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-04 17:24:14 +01:00
Stefano Brivio
70c05e678e test/perf/passt_tcp: Drop iperf3 window size for host-to-guest tests
With a recent 5.15 kernel, passing a huge window size to iperf3 with
lower MTUs makes iperf3 stop sending packets after a few seconds --
I haven't investigated this in detail, but the window size will be
adjusted dynamically anyway and not passing it doesn't actually
affect throughput, so simply drop the option.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-01 17:12:24 +01:00
Stefano Brivio
80283e6aea util: Avoid return of possibly truncated unsigned long in bitmap_isset()
Oops. If *word & BITMAP_BIT(bit) is bigger than an int (which is the
case for half of the possible bits of a bitmap on 64-bit archs), we'll
return that as an int, that is, zero, even if the bit at hand is set.

Just return zero or one there, no callers are interested in the actual
bitmap as return value.

Issue found as pasta wouldn't automatically detect some bound ports.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-02-01 02:36:16 +01:00
Stefano Brivio
154216d483 test/distro/ubuntu: Skip apt-get update for 16.04 on powerpc
Some recent change to xenial-updates broke dependencies for gcc,
it can't be installed anymore. Skipping apt-get update leaves gcc
dependencies in a consistent state, though.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-01-30 04:06:43 +01:00
Stefano Brivio
ec7b65fd79 test/distro: Avoid race between display of ns_msg and netcat exiting
The shell might report 'nc -6 -l -p 9999 > /tmp/ns_msg' as done
even after the subsequent 'echo' is done: wait one second before
reading out /tmp/ns_msg, to ensure we read that instead of the
"Done" message.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-01-30 03:09:46 +01:00