33482d5bf2
PASTA (Pack A Subtle Tap Abstraction) provides quasi-native host connectivity to an otherwise disconnected, unprivileged network and user namespace, similarly to slirp4netns. Given that the implementation is largely overlapping with PASST, no separate binary is built: 'pasta' (and 'passt4netns' for clarity) both link to 'passt', and the mode of operation is selected depending on how the binary is invoked. Usage example: $ unshare -rUn # echo $$ 1871759 $ ./pasta 1871759 # From another terminal # udhcpc -i pasta0 2>/dev/null # ping -c1 pasta.pizza PING pasta.pizza (64.190.62.111) 56(84) bytes of data. 64 bytes from 64.190.62.111 (64.190.62.111): icmp_seq=1 ttl=255 time=34.6 ms --- pasta.pizza ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 34.575/34.575/34.575/0.000 ms # ping -c1 spaghetti.pizza PING spaghetti.pizza(2606:4700:3034::6815:147a (2606:4700:3034::6815:147a)) 56 data bytes 64 bytes from 2606:4700:3034::6815:147a (2606:4700:3034::6815:147a): icmp_seq=1 ttl=255 time=29.0 ms --- spaghetti.pizza ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 28.967/28.967/28.967/0.000 ms This entails a major rework, especially with regard to the storage of tracked connections and to the semantics of epoll(7) references. Indexing TCP and UDP bindings merely by socket proved to be inflexible and unsuitable to handle different connection flows: pasta also provides Layer-2 to Layer-2 socket mapping between init and a separate namespace for local connections, using a pair of splice() system calls for TCP, and a recvmmsg()/sendmmsg() pair for UDP local bindings. For instance, building on the previous example: # ip link set dev lo up # iperf3 -s $ iperf3 -c ::1 -Z -w 32M -l 1024k -P2 | tail -n4 [SUM] 0.00-10.00 sec 52.3 GBytes 44.9 Gbits/sec 283 sender [SUM] 0.00-10.43 sec 52.3 GBytes 43.1 Gbits/sec receiver iperf Done. epoll(7) references now include a generic part in order to demultiplex data to the relevant protocol handler, using 24 bits for the socket number, and an opaque portion reserved for usage by the single protocol handlers, in order to track sockets back to corresponding connections and bindings. A number of fixes pertaining to TCP state machine and congestion window handling are also included here. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
73 lines
1.9 KiB
C
73 lines
1.9 KiB
C
void err(const char *format, ...);
|
|
void warn(const char *format, ...);
|
|
void info(const char *format, ...);
|
|
|
|
#ifdef DEBUG
|
|
void debug(const char *format, ...);
|
|
#else
|
|
#define debug(...) { }
|
|
#endif
|
|
|
|
#define CHECK_SET_MIN_MAX(basename, fd) \
|
|
do { \
|
|
if ((fd) < basename##min) \
|
|
basename##min = (fd); \
|
|
if ((fd) > basename##max) \
|
|
basename##max = (fd); \
|
|
} while (0)
|
|
|
|
#define CHECK_SET_MIN_MAX_PROTO_FD(proto, ipproto, proto_ctx, fd) \
|
|
do { \
|
|
if ((proto) == (ipproto)) \
|
|
CHECK_SET_MIN_MAX(c->proto_ctx.fd_, (fd)); \
|
|
} while (0)
|
|
|
|
#ifndef MIN
|
|
#define MIN(x, y) (((x) < (y)) ? (x) : (y))
|
|
#endif
|
|
#ifndef MAX
|
|
#define MAX(x, y) (((x) > (y)) ? (x) : (y))
|
|
#endif
|
|
|
|
#define SWAP(a, b) \
|
|
do { \
|
|
typeof(a) __x = (a); (a) = (b); (b) = __x; \
|
|
} while (0) \
|
|
|
|
#define STRINGIFY(x) #x
|
|
#define STR(x) STRINGIFY(x)
|
|
|
|
#define V4 0
|
|
#define V6 1
|
|
#define IP_VERSIONS 2
|
|
|
|
#define ARRAY_SIZE(a) ((int)(sizeof(a) / sizeof((a)[0])))
|
|
|
|
#define IN_INTERVAL(a, b, x) ((x) >= (a) && (x) <= (b))
|
|
#define FD_PROTO(x, proto) \
|
|
(IN_INTERVAL(c->proto.fd_min, c->proto.fd_max, (x)))
|
|
|
|
#define PORT_EPHEMERAL_MIN ((1 << 15) + (1 << 14)) /* RFC 6335 */
|
|
#define PORT_IS_EPHEMERAL(port) ((port) >= PORT_EPHEMERAL_MIN)
|
|
|
|
#define NS_FN_STACK_SIZE (RLIMIT_STACK_VAL * 1024 / 4)
|
|
|
|
#include <linux/ipv6.h>
|
|
#include <net/if.h>
|
|
#include <linux/ip.h>
|
|
#include <limits.h>
|
|
|
|
struct ctx;
|
|
|
|
uint16_t csum_fold(uint32_t sum);
|
|
uint16_t csum_ip4(void *buf, size_t len);
|
|
void csum_tcp4(struct iphdr *iph);
|
|
char *ipv6_l4hdr(struct ipv6hdr *ip6h, uint8_t *proto);
|
|
int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port, int lo,
|
|
uint32_t data);
|
|
int timespec_diff_ms(struct timespec *a, struct timespec *b);
|
|
void bitmap_set(uint8_t *map, int bit);
|
|
void bitmap_clear(uint8_t *map, int bit);
|
|
int bitmap_isset(uint8_t *map, int bit);
|
|
void procfs_scan_listen(char *name, uint8_t *map);
|
|
int ns_enter(int target_pid);
|