| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping passt to version 2025_03_20.32f6212-11-gcf4d3f0, which comprises the following commits:
cf4d3f0 packet: Upgrade severity of most packet errors
0857515 packet: ASSERT on signs of pool corruption
9153aca util: Add abort_with_msg() and ASSERT_WITH_MSG() helpers
38bcce9 packet: Rework packet_get() versus packet_get_try()
961aa6a packet: Move checks against PACKET_MAX_LEN to packet_check_range()
37d9f37 packet: Avoid integer overflows in packet_get_do()
c48331c packet: Correct type of PACKET_MAX_LEN
9866d14 tap: Clarify calculation of TAP_MSGS
a41d6d1 tap: Make size of pool_tap[46] purely a tuning parameter
e43e007 packet: More cautious checks to avoid pointer arithmetic UB
4592719 vu_common: Tighten vu_packet_check_range()
32f6212 Makefile: Enable -Wformat-security
07c2d58 conf: Include libgen.h for basename(), fix build against musl
ebdd463 tcp: Flush socket before checking for more data in active close state
c250ffc migrate: Bump migration version number
cfb3740 migrate, tcp: Migrate RFC 7323 timestamp
28772ee migrate, tcp: More careful marshalling of mss parameter during migration
51f3c07 passt-repair: Fix build with -Werror=format-security
cb5b593 tcp, flow: Better use flow specific logging heleprs
96fe554 conf: Unify several paths in conf_ports()
78f1f0f test/perf: Simplify iperf3 server lifetime management
26df8a3 conf: Limit maximum MTU based on backend frame size
9d1a6b3 pcap: Correctly set snaplen based on tap backend type
b6945e0 Simplify sizing of pkt_buf
c4bfa33 tap: Use explicit defines for maximum length of L2 frame
1eda8de packet: Remove redundant TAP_BUF_BYTES define
c43972a packet: Give explicit name to maximum packet size
74cd82a conf: Detect vhost-user mode earlier
4b17d04 conf: Move mode detection into helper function
bb00a04 conf: Use the same optstring for passt and pasta modes
c8b520c flow, repair: Wait for a short while for passt-repair to connect
0470170 passt-repair: Add directory watch
2b58b22 cppcheck: Add suppressions for "logically" exported functions
a83c806 vhost_user: Don't export several functions
27395e6 tcp: Don't export tcp_update_csum()
12d5b36 checksum: Don't export various functions
e36c35c log: Don't export passt_vsyslog()
57d2db3 treewide: Mark assorted functions static
68b0418 udp: create and send ICMPv6 to local peer when applicable
87e6a46 tap: break out building of udp header from tap_udp6_send function
55431f0 udp: create and send ICMPv4 to local peer when applicable
82a839b tap: break out building of udp header from tap_udp4_send function
1924e25 conf: Be more precise about minimum MTUs
672d786 tcp: Send RST in response to guest packets that match no connection
1f23681 tap: Consider IPv6 flow label when building packet sequences
0081756 ip: Helpers to access IPv6 flow label
52419a6 migrate, tcp: Don't flow_alloc_cancel() during incoming migration
b270821 tcp: Unconditionally move to CLOSED state on tcp_rst()
56ce03e tcp: Correct error code handling from tcp_flow_repair_socket()
39f85bc migrate, flow: Don't attempt to migrate TCP flows without passt-repair
7b92f2e migrate, flow: Trivially succeed if migrating with no flows
8747173 selinux: Fixes/workarounds for passt and passt-repair, mostly for libvirt usage
be86232 seccomp.sh: Silence stty errors
ea69ca6 tap: always set the no_frag flag in IPv4 headers
4dac235 contrib/fedora: Actually install passt-repair SELinux policy file
16553c8 dhcp: Add option code byte in calculation for OPT_MAX boundary check
183bedf Makefile: Use mmap2() as alternative for mmap() in valgrind extra syscalls
1cc5d4c conf: Use 0 instead of -1 as "unassigned" mtu value
3dc7da6 conf: More thorough error checking when parsing --mtu option
65e317a flow: Clean up and generalise flow traversal macros
b79a22d flow: Remove unneeded bound parameter from flow traversal macros
7ffca35 flow: Remove unneeded index from foreach_* macros
adb46c1 flow: Add flow_perror() helper
ba0823f tcp: Don't pass both flow pointer and flow index
854bc7b tcp: Remove spurious prototype for tcp_flow_migrate_shrink_window
e56c803 tcp: More type safety for tcp_flow_migrate_target_ext()
5a07eb3 tcp_vu: head_cnt need not be global
6b40651 tap: Remove unused ETH_HDR_INIT() macro
354bc0b packet: Don't pass start and offset separately to packet_check_range()
0a51060 packet: Use flexible array member in struct pool
bcc4908 dhcp: Remove option 255 length byte
a1e48a0 test: Add migration tests
89ecf2f migrate: Migrate TCP flows
3e903bb repair, passt-repair: Build and warning fixes for musl
01b6a16 tcp_splice: A typo three years ago and SO_RCVLOWAT is gone
667caa0 tcp_splice: Don't wake up on input data if we can't write it anywhere
7c33b12 vhost_user: Clear ring address on GET_VRING_BASE
71249ef tcp, tcp_splice: Don't set SO_SNDBUF and SO_RCVBUF to maximum values
30f1e08 tcp: Keep updating window and checking for socket data after FIN from guest
98d474c contrib/selinux: Enable mapping guest memory for libvirt guests
9a84df4 selinux: Add rules needed to run tests
a301158 rampstream: Add utility to test for corruption of data streams
6f122f0 tcp: Get bound address for connected inbound sockets too
f3fe795 vhost_user: Make source quit after reporting migration state
b899141 Add interfaces and configuration bits for passt-repair
155cd0c migrate: Migrate guest observed addresses
5911e08 migrate: Skeleton of live migration logic
836fe21 passt-repair: Fix off-by-one in check for number of file descriptors
def7de4 tcp_vu: Fix off-by one in header count array adjustment
90f91fe tcp: Implement conservative zero-window probe on ACK timeout
472e2e9 tcp: Don't discard window information on keep-alive segments
31e8109 dhcp, dhcpv6: Add hostname and client fqdn ops
a3d142a conf: Don't map DNS traffic to host, if host gateway is a resolver
864be47 passt-repair: Send one confirmation *per command*, not *per socket*
fe8b6a7 dhcp: Don't re-use request message for reply
b7b70ba passt-repair: Dodge "structurally unreachable code" warning from Coverity
0f009ea passt-repair: Fix calculation of payload length from cmsg_len
a0b7f56 passt-repair: Don't use perror(), accept ECONNRESET as termination
a5cca99 conf, passt.1: Un-deprecate --host-lo-to-ns-lo
0da87b3 debug: Add tcpdump to mbuto.img
f66769c apparmor: Workaround for unconfined libvirtd when triggered by unprivileged user
593be32 passt-repair.1: Fix indication of TCP_REPAIR constants
9215f68 passt-repair: Build fixes for musl
a9d63f9 passt-repair: use _exit() over return
d0006fa treewide: use _exit() over exit()
745c163 tcp: Simplify handling of getsockname()
b4a7b5d migrate: Fix several errors with passt-repair
dcf014b doc: Add mock of migration source and target
52e57f9 tcp: Get socket port and address using getsockname() when connecting from guest
8c24301 Introduce passt-repair
e894d9a vhost_user: Turn some vhost-user message reports to trace()
e25a930 util: Add read_remainder() and read_all_buf()
71fa736 tcp_splice, udp_flow: fcntl64() support on PPC64 depends on glibc version
b75ad15 vhost_user: On 32-bit ARM, mmap() is not available, mmap2() is used instead
722d347 tcp: Don't reset outbound connection on SYN retries
bf28608 pasta.te: fix demo.sh and remove one duplicate rule
dcd6d81 tcp: Add HOSTSIDE(x), HOSTFLOW(x) macros
0349cf6 util: Rename and make global vu_remove_watch()
10c4a9e tcp: Always pass NULL event with EPOLL_CTL_DEL
dd6a685 vhost-user: Implement an empty VHOST_USER_SEND_RARP command
d477a1f netlink: Skip loopback interface while looking for a template
4f2c8e7 vhost_user: Drop packet with unsupported iovec array
ec5c4d9 tcp: Set PSH flag for last incoming packets in a batch
db2c91a tcp: Set ACK flag on *all* RST segments, even for client in SYN-SENT state
54bb972 tcp: Disable Nagle's algorithm (set TCP_NODELAY) on all sockets
8757834 tcp: Buffer sizes are *not* inherited on accept()/accept4()
c96a88d vhost_user: remove ASSERT() on iovec number
412ed4f vhost-user: Report to front-end we support VHOST_USER_PROTOCOL_F_DEVICE_STATE
31d7002 vhost-user: add VHOST_USER_SET_DEVICE_STATE_FD command
878e163 vhost-user: add VHOST_USER_CHECK_DEVICE_STATE command
78c73e9 vhost-user: Report to front-end we support VHOST_USER_PROTOCOL_F_LOG_SHMFD
3c1d91b vhost-user: add VHOST_USER_SET_LOG_BASE command
538312a vhost-user: Pass vu_dev to more virtio functions
b04195c vhost-user: add VHOST_USER_SET_LOG_FD command
6016e04 vhost-user: update protocol features and commands list
a8f4fc4 tcp: Mask EPOLLIN altogether if we're blocked waiting on an ACK from the guest
b8f573c tcp: Set EPOLLET when when reading from a socket fails with EAGAIN
22cf08b tcp: Don't subscribe to EPOLLOUT events on STALLED
707f77b tcp: Fix ACK sequence getting out of sync on EPOLLOUT wake-up
1b95bd6 vhost_user: fix multibuffer from linux
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping passt to version 2024_12_11.09478d5-9-g1b95bd6, which comprises the following commits:
1b95bd6 vhost_user: fix multibuffer from linux
f04b483 test/pasta_podman: Run Podman tests on a single CPU thread
2c174f1 checksum: fix checksum with odd base address
725acd1 tcp_splice: Set (again) TCP_NODELAY on both sides
3876fc7 seccomp: Unconditionally allow accept(2) even if accept4(2) is present
898e853 virtio: Use const pointer for vu_dev
324233b udp_flow: Don't block multicast and broadcast messages
2385b69 Makefile: Report error and stop if we can't set TARGET
e5ba8ad README: Mark vhost-user as supported
09478d5 treewide: Dodge dynamic memory allocation in strerror() from glibc > 2.40
e24f026 pasta: make it possible to disable socket splicing
947f5cd tap: Call vu_init() with --fd
2139ad3 tap: Use a common function to start a new connection
8996d18 udp_vu: update segment size
1908297 flow: Remove over-zealous sanity checks in flow_sidx_hash()
1db4f77 udp: Improve detail of UDP endpoint sanity checking
966fdc8 perf/passt_vu_tcp: Make it shine
020c8b7 tcp_vu: Compute IPv4 header checksum if dlen changes
d9c0f8e Makefile: Use make internal string functions
b6e79ef tcp_vu: Remove unnecessary tcp_vu_update_check() function
a6348ca tcp: Merge tcp_fill_headers[46]() with each other
2abf5ab tcp: Merge tcp_update_check_tcp[46]()
08ea3cc tcp: Pass TCP header and payload separately to tcp_fill_headers[46]()
2ee0769 tcp: Pass TCP header and payload separately to tcp_update_check_tcp[46]()
6715109 iov, checksum: Replace csum_iov() with csum_iov_tail()
f931103 iov: iov tail helpers
804a7ce tcp_vu: Change 'dlen' to ssize_t in tcp_vu_data_from_sock()
00cc230 Fix build on 32bit target
6fae899 virtio: check if avail ring is configured
7e131e9 tcp: Move tcp_l2_buf_fill_headers() to tcp_buf.c
676bf54 test: Add tests for passt in vhost-user mode
28997fc vhost-user: add vhost-user
b2e62f7 passt: rename tap_sock_init() to tap_backend_init()
b7c292b tcp: Export headers functions
5a8b33c udp: Prepare udp.c to be shared with vhost-user
31117b2 vhost-user: introduce vhost-user API
7d1cd4d vhost-user: introduce virtio API
dd143e3 packet: replace struct desc by struct iovec
c0fbc7e dhcp: Honour broadcast flag (RFC 2131, 4.1)
9da2038 dhcp: Introduce support for Rapid Commit (option 80, RFC 4039)
d6e9e24 dhcp: Use -1 as "missing option" length instead of 0
14b84a7 treewide: Introduce 'local mode' for disconnected setups
c6e6106 test: Improve logic for waiting for SLAAC & DAD to complete in NDP tests
cda7f16 ndp: Don't send first periodic router advertisement right after guest connects
2bf8ffc test/perf: Select a single IPv6 namespace address in pasta tests
6819b2e conf, passt.1: Update --mac-addr default in usage() and man page
b61be84 passt.1: Fix "default" note about --map-guest-addr
238c69f tcp: Acknowledge keep-alive segments, ignore them for the rest
af464c4 tcp: Reset ACK_TO_TAP_DUE flag whenever an ACK isn't needed anymore
5ae2184 ndp: Don't send unsolicited RAs if NDP is disabled
bf94927 ndp: Don't send unsolicited router advertisement if we can't, yet
5e24466 selinux: Use auth_read_passwd() interface for all our getpwnam() needs
6e1e442 ndp: Send unsolicited Router Advertisements
b39760c passt: Seed libc's pseudo random number generator
71d5dee util: Add general low-level random bytes helper
a60703e ndp: Make route lifetime a #define
36c070e ndp: Use struct assignment in preference to memcpy() for IPv6 addresses
cbc83e1 ndp: Split out helpers for sending specific NDP message types
4e47167 ndp: Add ndp_send() helper
71f228d ndp: Remove redundant update to addr_seen
0588163 cppcheck: Don't check the system headers
14dd70e linux_dep: Fix CLOSE_RANGE_UNSHARE availability handling
d64f257 linux_dep: Move close_range() conditional handling to linux_dep.h
b84cd05 log: Only check for FALLOC_FL_COLLAPSE_RANGE availability at runtime
58fa550 tap, tcp, util: Add some missing SOCK_CLOEXEC flags
71869e2 passt: Use NOLINT clang-tidy block instead of NOLINTNEXTLINE
d4f09c9 util: Define small and big thresholds for socket buffers as unsigned long long
87940f9 tap: Cast TAP_BUF_BYTES - ETH_MAX_MTU to ssize_t, not TAP_BUF_BYTES
1feb90f dhcpv6: Turn some option headers pointers to const
5f5e814 dhcpv6: Use for loop instead of goto to avoid false positive cppcheck warning
78da088 tcp: unify payload and flags l2 frames array
9a0e544 test: Improve test for NDP assigned prefix
910f4f9 test: Don't require 64-bit prefixes in perf tests
1699083 test: Make nstool hold robust against interruptions to control clients
b456ee1 test: Rename propagating signal handler
867db07 util: Work around cppcheck bug 6936
6f913b3 udp: Don't dereference uflow before NULL check in udp_reply_sock_handler()
d8e05a3 ndp: Use const pointer for ndp_ns packet
0d7b820 linux_dep: Generalise tcp_info.h to handling Linux extension compatibility
c5f4e4d fwd: Squash different-signedness comparison warning
1e76a19 util: Remove unused ffsl() function
1d7cff3 clang: Add rudimentary clangd configuration
c560e2f Makefile: Don't attempt to auto-detect stack size
13fc6d5 Makefile: Use -DARCH for qrap only
7917159 seccomp: Simplify handling of AUDIT_ARCH
93bce40 Makefile: Move NETNS_RUN_DIR definition to C code
c938d8a netlink: RTA_PAYLOAD() returns int, not size_t
f6b546c flow: Correct type of flowside_at_sidx()
30b4f88 arch: Avoid explicit access to 'environ'
b78e72d clang: Move clang-tidy configuration from Makefile to .clang-tidy
8346216 Makefile: Simplify exclusion of qrap from static checks
8f1b6a0 clang: Add .clang-format file
5e93bcd test: Adjust misplaced sleeps in two_guests code
9afce0b tap: Explicitly cast TUNSETIFF to fix build warning with musl on ppc64le
d165d36 tcp: Fix build against musl, __sum16 comes from linux/types.h
ee7d0b6 util: Don't use errno after a successful call in __daemon()
b1a607f udp: Take care of cert-int09-c clang-tidy warning for enum udp_iov_idx
099ace6 treewide: Address cert-err33-c clang-tidy warnings for clock and timer functions
59fe34e treewide: Suppress clang-tidy warning if we already use O_CLOEXEC
134b4d5 Makefile: Disable readability-math-missing-parentheses clang-tidy check
7442478 treewide: Silence cert-err33-c clang-tidy warnings for fprintf()
98efe7c treewide: Comply with CERT C rule ERR33-C for snprintf()
988a4d7 Makefile: Exclude qrap.c from clang-tidy checks
ba38e67 tcp: unify l2 TCPv4 and TCPv6 queues and structures
2053c36 tcp: set ip and eth headers in l2 tap queues on the fly
5563d5f test: remove obsolete images
f43f7d5 tcp: cleanup tcp_buf_data_from_sock()
e7fcd0c tcp: Use runtime tests for TCP_INFO fields
8114381 tcp: Generalise probing for tcpi_snd_wnd field
13f0291 tcp: Remove compile-time dependency on struct tcp_info version
9e4615b tcp_splice: fcntl(2) returns the size of the pipe, if F_SETPIPE_SZ succeeds
149f457 tcp_splice: splice() all we have to the writing side, not what we just read
9e5df35 tcp: Use structures to construct initial TCP options
b4dace8 fwd: Direct inbound spliced forwards to the guest's external address
58e6d68 test: Clarify test for spliced inbound transfers
1fa4211 passt.1: Clarify and update "Handling of local addresses" section
ef8a516 passt.1: Mark --stderr as deprecated more prominently
53176ca test: Wait for DAD on DHCPv6 addresses
75b9c0f test: Explicitly wait for DAD to complete on SLAAC addresses
f9d677b arp: Fix a handful of small warts
2d7f734 tcp: Send "empty" handshake ACK before first data segment
7612cb8 test: Pass TRACE from run_term() into ./run from_term
b40880c test/lib/term: Always use printf for messages with escape sequences
ff63ac9 conf: Add --dns-host option to configure host side nameserver
9d66df9 conf: Add command line switch to enable IP_FREEBIND socket option
151dbe0 udp: Update UDP checksum using an iovec array
3d484aa tcp: Update TCP checksum using an iovec array
e6548c6 checksum: Add an offset argument in csum_iov()
fd8334b pcap: Add an offset argument in pcap_iov()
72e7d30 tcp: Use tcp_payload_t rather than tcphdr
def8acd test: Kernel binary can now be passed via the KERNEL environmental variable
b55013b inany: Add inany_pton() helper
cbde419 tcp, udp: Make {tcp,udp}_sock_init() take an inany address
b8d4fac util, pif: Replace sock_l4() with pif_sock_l4()
204e77c udp: Don't attempt to get dual-stack sockets in nonsensical cases
8f8c4d2 tcp: Allow checksum to be disabled
4fe5f4e udp: Allow checksum to be disabled
d836d9e util: Remove possible quadratic behaviour from write_remainder()
bfc294b util: Add helper to write() all of a buffer
bb41901 tcp: Make tcp_update_seqack_wnd()s force_seq parameter explicitly boolean
265b209 tcp: Simplify ifdef logic in tcp_update_seqack_wnd()
4aff6f9 tcp: Clean up tcpi_snd_wnd probing
7d8804b tcp: Make some extra functions private
5ff5d55 tcp: Avoid overlapping memcpy() in DUP_ACK handling
1f414ed tcp: Remove redundant initialisation of iov[TCP_IOV_ETH].iov_base
6b38f07 apparmor: Allow read access to /proc/sys/net/ipv4/ip_local_port_range
116bc82 selinux: Allow read access to /proc/sys/net/ipv4/ip_local_port_range
a33ecaf tap: Don't risk truncating frames on full buffer in tap_pasta_input()
d2a1dc7 tap: Restructure in tap_pasta_input()
11e2905 tap: Improve handling of EINTR in tap_passt_input()
49fc4e0 tap: Split out handling of EPOLLIN events
63513e5 util: Fix order of operands and carry of one second in timespec_diff_us()
748ef4c cppcheck: Work around some cppcheck 2.15.0 redundantInitialization warnings
afedc24 tcp: Use EPOLLET for any state of not established connections
aff5a49 udp: Handle more error conditions in udp_sock_errs()
bd99f02 udp: Treat errors getting errors as unrecoverable
bd092ca udp: Split socket error handling out from udp_sock_recv()
88bfa38 flow: Helpers to log details of a flow
1166401 udp: Allow UDP flows to be prematurely closed
7ad9f9b flow: Fix incorrect hash probe in flowside_lookup()
0ea60e5 log: Don't prefix log file messages with time and severity if they're continuations
3836396 Makefile: Enable _FORTIFY_SOURCE iff needed
eedc81b fwd, conf: Probe host's ephemeral ports
4a41dc5 conf, fwd: Don't attempt to forward port 0
1daf6f4 conf, fwd: Make ephemeral port logic more flexible
712ca32 seccomp.sh: Try to account for terminal width while formatting list of system calls
e0be6bc udp: Use dual stack sockets for port forwarding when possible
c78b194 udp: Remove unnnecessary local from udp_sock_init()
620e19a udp: Merge udp[46]_mh_recv arrays
418feb3 test: Look for possible sshd-session paths (if it's there at all) in mbuto's profile
1d6142f README: pasta is indeed a supported back-end for rootless Docker
f00ebda util: Don't stop on unrelated values when looking for --fd in close_open_files()
05453ea test: Update list of dependencies in README.md
1a66806 tcp, udp: Allow timerfd_gettime64() and recvmmsg_time64() on arm (armhf)
6e9ecf5 util: Provide own version of close_range(), and no-op fallback
7291b70 udp_flow: Add missing unistd.h include for close()
3963075 test: Duplicate existing recvfrom() valgrind suppression for recv()
d6817b3 test/passt.mbuto: Install sshd-session OpenSSH's split process
34be8ee test/passt.mbuto: Run sshd from vsock proxy with absolute path
aded2b6 test/lib/setup: Transform i686 kernel architecture name into QEMU name (i386)
2aea1da treewide: Allow additional system calls for i386/i686
57b7bd2 fwd, conf: Allow NAT of the guest's assigned address
8436c0d fwd: Distinguish translatable from untranslatable addresses on inbound
e813a4d conf: Allow address remapped to host to be configured
dbaaebb test: Reconfigure IPv6 address after changing MTU
935bd81 conf, fwd: Split notion of gateway/router from guest-visible host address
90e83d5 Don't take "our" MAC address from the host
356de97 fwd: Split notion of "our tap address" from gateway for IPv4
4d8dd1f fwd: Helpers to clarify what host addresses aren't guest accessible
975cfa5 Initialise our_tap_ll to ip6.gw when suitable
8d4baa4 Clarify which addresses in ip[46]_ctx are meaningful where
a42fb9c treewide: Change misleading 'addr_ll' name
c9f0ec3 util: Correct sock_l4() binding for link local addresses
57532f1 conf: Remove incorrect initialisation of addr_ll_seen
0b25cac conf: Treat --dns addresses as guest visible addresses
a6066f4 conf: Correct setting of dns_match address in add_dns6()
7c083ee conf: Move adding of a nameserver from resolv.conf into subfunction
1d10760 conf: Move DNS array bounds checks into add_dns[46]
6852bd0 conf: More accurately count entries added in get_dns()
c679894 conf: Use array indices rather than pointers for DNS array slots
ceea52c treewide: Use struct assignment instead of memcpy() for IP addresses
905ecd2 treewide: Rename MAC address fields for clarity
066e699 util: Helper for formatting MAC addresses
e6feb5a treewide: Use "our address" instead of "forwarding address"
32c3868 netlink: Fix typo in function comment for nl_addr_set()
f4e9f26 pasta: Disable neighbour solicitations on device up to prevent DAD
d6f0220 netlink, pasta: Fetch link-local address from namespace interface once it's up
74e508c netlink, pasta: Disable DAD for link-local addresses on namespace interface
0c74068 netlink, pasta: Turn nl_link_up() into a generic function to set link flags
8231ce5 netlink, pasta: Split MTU setting functionality out of nl_link_up()
b91d337 netlink: Fix typo in function comment for nl_addr_get()
9462064 test: Speed up by cutting on eye candy and performance test duration
61c0b0d flow: Don't crash if guest attempts to connect to port 0
baba284 conf: Don't ignore -t and -u options after -D
c16141e ndp.c: Turn NDP responder into more declarative implementation
f6d5a52 conf: Delay handling -D option until after addresses are configured
86bdd96 Correct inaccurate comments on ip[46]_ctx::addr
fecb1b6 log: Don't prefix message with timestamp on --debug if it's a continuation
baccfb9 conf: Stop parsing options at first non-option argument
09603ca passt, util: Close any open file that the parent might have leaked
755f9fd nstool: Propagate SIGTERM to processes executed in the namespace
5ca61c2 nstool: Fix some trivial typos
a628cb9 log: Avoid duplicate calls to logtime()
2c7558d log: Handle errors from clock_gettime()
b91bae1 log: Correct formatting of timestamps
95569e4 util: Some corrections for timespec_diff_us
fbb0c95 conf, pasta: Make -g and -a skip route/addresses copy for matching IP version only
ee36266 log, passt: Keep printing to stderr when passt is running in foreground
3a082c4 tcp_splice: Fix side in OUT_WAIT flag setting
031df33 util: Use unsigned (size_t) value for iov length
e877f90 udp_flow: move all udp_flow functions to udp_flow.c
623ceb1 udp_flow: Remove udp_meta_t from the parameters of udp_flow_from_sock()
a5bbefa log: Make logfile_write() private
f30ed68 pasta: Save errno on signal handler entry, restore on return when needed
0149d11 pasta: modify hostname when detaching new namespace
8fae3b7 Fix typo in README file
f87b11c fedora/rpkg: List myself as author for changelog entries
57a21d2 tap: Improve handling of partially received frames on qemu socket
37e3b24 tap: Correctly handle frames of odd length
4684f60 tap: Don't use EPOLLET on Qemu sockets
9e3f235 tap: Don't attempt to carry on if we get a bad frame length from qemu
a06db27 tap: Better report errors receiving from QEMU socket
77c092e log: Fetch log times with CLOCK_MONOTONIC, not CLOCK_REALTIME
e5c37ba log: Initialise timestamp for relative log time also if we use a log file
327d9d4 log, util: Fix sub-second part in relative log time calculation
2ce1d37 test/lib/perf_report: Fix highlight
e9a5423 test: Fix spurious test failure with systemd-resolved
becf81a fwd: Broaden what we consider for DNS specific forwarding rules
0ada84e fwd: Refactor tests in fwd_nat_from_tap() for clarity
4a333c8 conf: Accept addresses enclosed by square brackets in port forwarding specifiers
6ff702f tap: Exit if we fail to bind a UNIX domain socket with explicit path
f72d35a test: iperf3 3.16 introduces multiple threads, drop our own implementation of that
606e0c7 test: Update names of symbols and slabinfo entries
f16f8f5 test: Fix memory/passt tests, --netns-only is not a valid option for passt
1cd7730 log: Drop newlines in the middle of the perror()-like messages
1329558 tcp: Change SO_PEEK_OFF support message to debug()
d19b396 tap: Don't quit if pasta gets EIO on writev() to tap, interface might be down
a09aeb4 tcp: Correctly update SO_PEEK_OFF when tcp_send_frames() drops frames
9cb6b50 tcp: probe for SO_PEEK_OFF both in tcpv4 and tcp6
882599e udp: Rename UDP listening sockets
d29fa08 udp: Remove rdelta port forwarding maps
d89b3aa udp: Remove obsolete socket tracking
898f797 udp: Direct datagrams from host to guest via flow table
b7ad193 udp: Find or create flows for datagrams from tap interface
8126f7a udp: Remove obsolete splice tracking
e0647ad udp: Handle "spliced" datagrams with per-flow sockets
a45a7e9 udp: Create flows for datagrams from originating sockets
8abd06e fwd: Update flow forwarding logic for UDP
c000f2a flow, icmp: Use general flow forwarding rules for ICMP
060f24e flow, tcp: Flow based NAT and port forwarding for TCP
4cd753e icmp: Manage outbound socket address via flow table
781164e flow: Helper to create sockets based on flowside
2faf6fc icmp: Eliminate icmp_id_map
2f40a01 icmp: Look up ping flows using flow hash
6d76278 icmp: Obtain destination addresses from the flowsides
5cffb1b icmp: Remove redundant id field from flow table entry
508adde tcp: Re-use flow hash for initial sequence number generation
acca423 flow, tcp: Generalise TCP hash table to general flow hash table
163a339 tcp, flow: Replace TCP specific hash function with general flow hash
f19a8f7 tcp_splice: Eliminate SPLICE_V6 flag
528a651 tcp: Simplify endpoint validation using flowside information
e2ea10e tcp: Manage outbound address via flow table
52d45f1 tcp: Obtain guest address from flowside
f9fe212 tcp, flow: Remove redundant information, repack connection structures
4e2d36e flow: Common address information for target side
8012f5f flow: Common address information for initiating side
ba74b1f doc: Extend zero-recv test with methods using msghdr
01e5611 doc: Test behaviour of closing duplicate UDP sockets
66a02c9 tcp_splice: Use parameterised macros for per-side event/flag bits
5235c47 flow: Introduce flow_foreach_sidei() macro
71d7985 flow, tcp_splice: Prefer 'sidei' for variables referring to side index
9b125e7 flow, icmp, tcp: Clean up helpers for getting flow from index
2fa91ee udp: Handle errors on UDP sockets
6bd8283 util: Add AF_UNSPEC support to sockaddr_ntop()
4e1f850 udp, tcp: Tweak handling of no_udp and no_tcp flags
272d1d0 udp: Make udp_sock_recv static
f79c423 conf: Don't configure port forwarding for a disabled protocol
a740e16 tcp: handle shrunk window advertisements from guest
e63d281 tcp: leverage support of SO_PEEK_OFF socket option when available
8bd57bf doc: Trivial fix for reuseaddr-priority
ec2691a doc: Test behaviour of zero length datagram recv()s
299c407 doc: Add program to document and test assumptions about SO_REUSEADDR
be0214c udp: Consolidate datagram batching
69e5393 udp: Move some more of sock_handler tasks into sub-functions
c6c61a9 udp: Don't repeatedly initialise udp[46]_eth_hdr
55aff45 udp: Unify udp[46]_l2_iov
9f9b15f udp: Unify udp[46]_mh_splice
fbd78b6 udp: Rename IOV and mmsghdr arrays
f62c33d udp: Pass full epoll reference through more of sock handler path
8f8eb73 flow: Add flow_sidx_valid() helper
74c1c5e util: sock_l4() determine protocol from epoll type rather than the reverse
b625ed5 conf: Use the right maximum buffer size for c->sock_path
403a7c1 tcp_splice: Check return value of setsockopt() for SO_RCVLOWAT
21ee1eb conf: Copy up to MAXDNSRCH - 1 bytes, not MAXDNSRCH
1ee2eca udp: Reduce scope of rport in udp_invert_portmap()
0546975 Revert "udp: Make rport calculation more local"
c66f034 log: Don't report syslog failures to stderr after initialisation
e7323e5 conf, passt: Don't call __openlog() if a log file is used
dba7f0f treewide: Replace strerror() calls
92a22fe treewide: Replace perror() calls with calls to logging functions
c1140df log: Add _perror() logging function variants
afd9cdc log, passt: Always print to stderr before initialisation is complete
8c2f24a conf, log: Instead of abusing log levels, add log_conf_parsed flag
bca0fef conf, passt: Make --stderr do nothing, and deprecate it
b748016 conf, passt: Don't try to log to stderr after we close it
65923ba conf: Accept duplicate and conflicting options, the last one wins
62de614 netlink: Strip nexthop identifiers when duplicating routes
1544a43 passt.1, qrap.1: align license description with SPDX identifier
f301bb1 netlink: Ignore EHOSTUNREACH failures when duplicating routes
450a613 netlink: With no default route, pick the first interface with a route
54a9d38 tcp: Don't rely on bind() to fail to decide that connection target is valid
020ff7a siphash: Remove stale prototypes
7e87bd9 udp: Move management of udp[46]_localname into udp_splice_send()
ff57f8d udp: Rework how we divide queued datagrams between sending methods
63db7dc udp: Fold checking of splice flag into udp_mmh_splice_port()
523fbc5 util: Split construction of bind socket address from the rest of sock_l4()
4070bac tap: use in->buf_size rather than sizeof(pkt_buf)
7290335 iov: remove iov_copy()
0c335d7 vhost-user: compare mode MODE_PASTA and not MODE_PASST
377b666 udp: rename udp_sock_handler() to udp_buf_sock_handler()
e7ac995 udp: refactor UDP header update functions
9ecf7fe tap: refactor packets handling functions
fba2b54 tcp: move buffers management functions to their own file
ec26fa0 tcp: extract buffer management from tcp_send_flag()
d949667 cppcheck: Suppress constParameterCallback errors
8a83b53 selinux: Allow access to user_devpts
ec416fd tcp, flow: Fix some error paths which didn't clean up flows properly
3f63743 util: Use 'long' to represent millisecond durations
f9e8ee0 lineread: Use ssize_t for line lengths
c919bbb conf: Safer parsing of MAC addresses
bda80ef util: Use unsigned indices for bits in bitmaps
0e36fe1 clang-tidy: Enable the bugprone-macro-parentheses check
7094b91 Remove pointless macro parameters in CALL_PROTO_HANDLER
c80fa6a udp: Make rport calculation more local
d2afb4b tcp: Make pointer const in tcp_revert_seq
b3aeb00 log: Remove log_to_stdout option
7cb2088 conf: Don't print usage via the logging subsystem
e651197 conf: Remove unhelpful usage() wrapper
e84a01e tcp: move seq_to_tap update to when frame is queued
765eb0b apparmor: Fix comments after PID file and AF_UNIX socket creation refactoring
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
|
|
Introducing the pasta package as an alternative for non-priviledged
container networking:
https://passt.top/passt/about/
passt: Plug A Simple Socket Transport
passt implements a translation layer between a Layer-2 network interface and native
Layer-4 sockets (TCP, UDP, ICMP/ICMPv6 echo) on a host. It doesn't require any
capabilities or privileges, and it can be used as a simple replacement for Slirp.
pasta: Pack A Subtle Tap Abstraction
pasta (same binary as passt, different command) offers equivalent functionality,
for network namespaces: traffic is forwarded using a tap interface inside the
namespace, without the need to create further interfaces on the host, hence not
requiring any capabilities or privileges.
It also implements a tap bypass path for local connections: packets with a local
destination address are moved directly between Layer-4 sockets, avoiding Layer-2
translations, using the splice(2) and recvmmsg(2)/sendmmsg(2) system calls for
TCP and UDP, respectively.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
