passt: Add PASTA mode, major rework

PASTA (Pack A Subtle Tap Abstraction) provides quasi-native host connectivity to an otherwise disconnected, unprivileged network and user namespace, similarly to slirp4netns. Given that the implementation is largely overlapping with PASST, no separate binary is built: 'pasta' (and 'passt4netns' for clarity) both link to 'passt', and the mode of operation is selected depending on how the binary is invoked. Usage example: $ unshare -rUn # echo $$ 1871759 $ ./pasta 1871759 # From another terminal # udhcpc -i pasta0 2>/dev/null # ping -c1 pasta.pizza PING pasta.pizza (64.190.62.111) 56(84) bytes of data. 64 bytes from 64.190.62.111 (64.190.62.111): icmp_seq=1 ttl=255 time=34.6 ms --- pasta.pizza ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 34.575/34.575/34.575/0.000 ms # ping -c1 spaghetti.pizza PING spaghetti.pizza(2606:4700:3034::6815:147a (2606:4700:3034::6815:147a)) 56 data bytes 64 bytes from 2606:4700:3034::6815:147a (2606:4700:3034::6815:147a): icmp_seq=1 ttl=255 time=29.0 ms --- spaghetti.pizza ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 28.967/28.967/28.967/0.000 ms This entails a major rework, especially with regard to the storage of tracked connections and to the semantics of epoll(7) references. Indexing TCP and UDP bindings merely by socket proved to be inflexible and unsuitable to handle different connection flows: pasta also provides Layer-2 to Layer-2 socket mapping between init and a separate namespace for local connections, using a pair of splice() system calls for TCP, and a recvmmsg()/sendmmsg() pair for UDP local bindings. For instance, building on the previous example: # ip link set dev lo up # iperf3 -s $ iperf3 -c ::1 -Z -w 32M -l 1024k -P2 | tail -n4 [SUM] 0.00-10.00 sec 52.3 GBytes 44.9 Gbits/sec 283 sender [SUM] 0.00-10.43 sec 52.3 GBytes 43.1 Gbits/sec receiver iperf Done. epoll(7) references now include a generic part in order to demultiplex data to the relevant protocol handler, using 24 bits for the socket number, and an opaque portion reserved for usage by the single protocol handlers, in order to track sockets back to corresponding connections and bindings. A number of fixes pertaining to TCP state machine and congestion window handling are also included here. Signed-off-by: Stefano Brivio <[email protected]>
kdrag0n · Jul 17, 2021 · 33482d5 · 33482d5
1 parent 28fca04
commit 33482d5
Show file tree

Hide file tree

Showing 20 changed files with 2,815 additions and 1,314 deletions.
diff --git a/Makefile b/Makefile
@@ -1,13 +1,20 @@
 CFLAGS += -Wall -Wextra -pedantic
+CFLAGS += -DRLIMIT_STACK_VAL=$(shell ulimit -s)
 
-all: passt qrap
+all: passt pasta passt4netns qrap
 
 passt: passt.c passt.h arp.c arp.h dhcp.c dhcp.h dhcpv6.c dhcpv6.h pcap.c pcap.h  ndp.c ndp.h siphash.c siphash.h tap.c tap.h icmp.c icmp.h tcp.c tcp.h udp.c udp.h util.c util.h
 	$(CC) $(CFLAGS) passt.c arp.c dhcp.c dhcpv6.c pcap.c ndp.c siphash.c tap.c icmp.c tcp.c udp.c util.c -o passt
 
+pasta: passt
+	ln -s passt pasta
+
+passt4netns: passt
+	ln -s passt passt4netns
+
 qrap: qrap.c passt.h
 	$(CC) $(CFLAGS) -DARCH=\"$(shell uname -m)\" qrap.c -o qrap
 
 .PHONY: clean
 clean:
-	-${RM} passt *.o qrap
+	-${RM} passt *.o qrap pasta passt4netns
diff --git a/arp.c b/arp.c
@@ -1,12 +1,15 @@
 // SPDX-License-Identifier: AGPL-3.0-or-later
 
 /* PASST - Plug A Simple Socket Transport
+ *  for qemu/UNIX domain socket mode
+ *
+ * PASTA - Pack A Subtle Tap Abstraction
+ *  for network namespace/tap device mode
  *
  * arp.c - ARP implementation
  *
  * Copyright (c) 2020-2021 Red Hat GmbH
  * Author: Stefano Brivio <[email protected]>
- *
  */
 
 #include <stdio.h>
@@ -22,9 +25,9 @@
 #include <net/if_arp.h>
 #include <arpa/inet.h>
 
+#include "util.h"
 #include "passt.h"
 #include "dhcp.h"
-#include "util.h"
 #include "tap.h"
 #include "arp.h"
 
@@ -66,7 +69,7 @@ int arp(struct ctx *c, struct ethhdr *eh, size_t len)
 	memcpy(eh->h_dest, eh->h_source, ETH_ALEN);
 	memcpy(eh->h_source, c->mac, ETH_ALEN);
 
-	if (tap_send(c->fd_unix, eh, len, 0) < 0)
+	if (tap_send(c, eh, len, 0) < 0)
 		perror("ARP: send");
 
 	return 1;

diff --git a/dhcp.c b/dhcp.c
@@ -1,12 +1,15 @@
 // SPDX-License-Identifier: AGPL-3.0-or-later
 
 /* PASST - Plug A Simple Socket Transport
+ *  for qemu/UNIX domain socket mode
+ *
+ * PASTA - Pack A Subtle Tap Abstraction
+ *  for network namespace/tap device mode
  *
  * dhcp.c - Minimalistic DHCP server for PASST
  *
  * Copyright (c) 2020-2021 Red Hat GmbH
  * Author: Stefano Brivio <[email protected]>
- *
  */
 
 #include <stdio.h>
@@ -21,9 +24,9 @@
 #include <net/if.h>
 #include <arpa/inet.h>
 
+#include "util.h"
 #include "passt.h"
 #include "dhcp.h"
-#include "util.h"
 #include "tap.h"
 
 /**
@@ -322,7 +325,7 @@ int dhcp(struct ctx *c, struct ethhdr *eh, size_t len)
 	memcpy(eh->h_dest, eh->h_source, ETH_ALEN);
 	memcpy(eh->h_source, c->mac, ETH_ALEN);
 
-	if (tap_send(c->fd_unix, eh, len, 0) < 0)
+	if (tap_send(c, eh, len, 0) < 0)
 		perror("DHCP: send");
 
 	return 1;

diff --git a/dhcpv6.c b/dhcpv6.c
@@ -1,12 +1,15 @@
 // SPDX-License-Identifier: AGPL-3.0-or-later
 
 /* PASST - Plug A Simple Socket Transport
+ *  for qemu/UNIX domain socket mode
+ *
+ * PASTA - Pack A Subtle Tap Abstraction
+ *  for network namespace/tap device mode
  *
  * dhcpv6.c - Minimalistic DHCPv6 server for PASST
  *
  * Copyright (c) 2021 Red Hat GmbH
  * Author: Stefano Brivio <[email protected]>
- *
  */
 
 #include <stdio.h>
@@ -23,9 +26,9 @@
 #include <net/if.h>
 #include <net/if_arp.h>
 
+#include "util.h"
 #include "passt.h"
 #include "tap.h"
-#include "util.h"
 
 /**
  * struct opt_hdr - DHCPv6 option header