pool/passt
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
passt/passt.changes

375 lines
20 KiB
Plaintext
Raw Normal View History

Accepting request 1005591 from home:dfaggioli:devel passt is an implementation of user-mode networking for qemu, focusing on security (no dynamic memory allocation, purpose-written codebase, strict seccomp policy), performance (packet and syscall batching, pre-cooked buffers, minimalistic TCP adaptation), network transparency: contrary to libslirp, NAT is not needed, as the guest inherits addressing and routing from the host via DHCP, NDP, DHCPv6. The aim is to bring production readiness to user-mode networking with a simpler implementation, written with the specific goal in mind. passt is also being integrated inside the KubeVirt architecture, thanks to its superior (as compared to libslirp) performance and flexibility. OBS-URL: https://build.opensuse.org/request/show/1005591 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/passt?expand=0&rev=1
2022-09-24 00:32:14 +00:00
-------------------------------------------------------------------
Fri Sep 23 09:33:13 UTC 2022 - dfaggioli@suse.com
- Patches dropped:
0001-Makefile-Allow-define-overrides-by-prepending-not-ap.patch (now upstream)
0002-Fix-the-name-of-the-qemu-system-executable.patch (renamed)
- Patches added:
Fix-the-name-of-the-qemu-system-executable.patch (renamed)
- Update to version 0~git20220923:
* test/distro: Update workarounds for Ubuntu 22.04 on s390x
* test/lib: Wait for DHCPv4 before starting DHCPv6 client in two_guests test
* test/perf: Wait for neper servers in guest to be ready before starting client
* test/lib: Wait for kernel to free up ports used by iperf3 before reusing them
* test/lib: Run also iperf3 clients in background, revert to time-based wait
* test/perf: Disable periodic throughput reports to avoid vhost hang
* test/lib: Wait on iperf3 clients to be done, then send SIGINT to servers
* test/lib: Restore IFS while executing directives in def blocks
* conf, tcp, udp: Arrays for ports need 2^16 values, not 2^16-8
* tap: Check return value of accept4() before calling getsockopt()
* test/perf: Switch performance test duration to 10 seconds instead of 30
* test/perf: Always use /sbin/sysctl in tcp test
* README: Update Availability and Try It sections with new packages
* test/passt_in_ns: Consistent sleep commands before starting socat client
* test/perf: Check for /sbin/sysctl with which(1), not simply sysctl
* doc/demo: Clone and use mbuto in init namespace
* doc/demo: Drop /sbin from dhclient command, pass script file explicitly
* Makefile: Include seccomp.h in HEADERS and require it for static checkers
* Makefile: Allow define overrides by prepending, not appending, CFLAGS
* test: term: When checking if status line is a number, hide errors
* test: Simpler termination handling for UDP tests
* udp: Don't drop zero-length outbound UDP packets
* udp: Don't pre-initialize msghdr array
* test: Move perf.js report file to $LOGDIR/web
* test: Move video processing files to $STATEBASE
* demo: Move pidfiles to state directory
* test: Move pidfiles and nsholder sockets into state directory
* test: Store pcap files in $LOGDIR instead of /tmp
* test: Move pause temporary file to state directory
* test: Use paths in __STATEDIR__ instead of 'temp' and 'tempdir' directives
* test: Don't redundantly regenerate small test file in pasta/tcp
* test: Move context temporary files to state dir
* test: Move passt_test_log_pipe to state directory
* test: Create common state directories for temporary files
* test: Actually run cleanup function
* test: Remove unused variable FFMPEG_PID_FILE
* test: Group tests by mode then protocol, rather than the reverse
* test: Use new-style command issue for passt_in_ns tests
* test: Use context system for two_guests tests
* test: Use context system for guest commands
* test: Extend context system to run commands in namespace for pasta tests
* test: Add nsholder utility
* test: Use new-style contexts for passt pane in the pasta and passt tests
* test: Issue host commands via context for most tests
* test: Integration of old-style pane execution and new context execution
* test: Allow a tmux pane to watch commands executed in contexts
* test: Context execution helpers
* test: Correctly match "background" with "wait" commands
* Allow --userns when pasta spawns a command
* Handle userns isolation and dropping root at the same time
* Correctly handle --netns-only in pasta_start_ns()
* Clean up and rename conf_ns_open()
* Consolidate validation of pasta namespace options
* Move self-isolation code into a separate file
* Safer handling if we can't open /proc/self/uid_map
* Consolidate determination of UID/GID to run as
* Split checking for root from dropping root privilege
* Don't store UID & GID persistently in the context structure
-------------------------------------------------------------------
Thu Sep 22 08:56:39 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>
- Add patch to fix lookup for the qemu-system-* binary:
0002-Fix-the-name-of-the-qemu-system-executable.patch
-------------------------------------------------------------------
Tue Sep 20 16:16:13 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
- Include AppArmor profiles in the package.
-------------------------------------------------------------------
Tue Sep 20 13:18:53 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
- Make SELinux policies (and packages) conditional, and enable them only
on Tumbleweed.
-------------------------------------------------------------------
Tue Sep 20 13:04:49 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
- Take the spec file from the upstream template (targeted at
Fedora, but in use for making openSUSE builds already), with
just a couple modifications.
- Make sure that the CFLAGS coming from the OBS build project are
not overridden.
- Patches added:
* 0001-Makefile-Allow-define-overrides-by-prepending-not-ap.patch
-------------------------------------------------------------------
Tue Sep 13 09:10:35 UTC 2022 - dfaggioli@suse.com
- Updated to latest git commit:
- New in git20220907:
* fedora: Escape % characters in spec file's changelog
* test: Rewrite test_iperf3
* test: Parameterize run time for throughput performance tests
* test: Combine iperf3c and iperf3s into a single DSL command
* gitignore pidfiles other than passt.pid
* Makefile: Honour LDFLAGS for binary targets
* test: Wait for systemd-resolved to be ready on Ubuntu 22.04 for s390x
* fedora: Add selinux-policy Requires: tag
* fedora: Add %dir entries for own SELinux policy directory and documentation
* conf: Fix getopt_long() optstring for current semantics of -D, -S, -p
* test/README: Requirements for socket buffer sizes and hardware performance events
* podman, slirp4netns.sh: Use --netns option on pasta's command line
* contrib: Rebase Podman patch to latest upstream
* Allow pasta to take a command to execute
* Use explicit --netns option rather than multiplexing with PID
* More deterministic detection of whether argument is a PID, PATH or NAME
* Move ENOENT error message into conf_ns_opt()
* Remove --nsrun-dir option
* Correct manpage for --userns
* conf: Use "-D none" and "-S none" instead of missing empty option arguments
* conf: Make the argument to --pcap option mandatory
* fedora: Pass explicit bindir, mandir, docdir, and drop OpenSUSE override
* fedora: Use full versioning for SELinux subpackage Requires: tag
* fedora: Define git_hash in spec file and reuse it
* fedora: Drop comment stating the spec file is an example file
* fedora: Drop SPDX identifier from spec file
* fedora: Adopt versioning guideline for snapshots
* util: Drop any supplementary group before dropping privileges
* Don't unnecessarily avoid CLOEXEC flags
* gitignore README.plain.md
* conf: Fix incorrect bounds checking for sock_path parameter
* Makefile: Use more GNU-style directory variables, explicit docdir for OpenSUSE
* test: debian: Export DEBIAN_FRONTEND=noninteractive for sid
* test: Kill qemu by pidfile rather than ^C
* test: Log debugging output from test script
* test: Use shutdown test for pasta
* test: Rename slightly misleading "valgrind" tests
* test: Only select a single interface or gateway in tests
* test: Split setup/teardown functions for build and distro tests
* test: Ignore video processing temporary files
* test: Remove unused *_XTERM variables
* test: Split cppcheck and clang-tidy tests into different files
* test: Convert distro tests to use socat instead of nc/ncat
* fedora: Fix man pages wildcards in spec file
* fedora: Don't hardcode CFLAGS setting, use %set_build_flags macro instead
* fedora: Build SELinux subpackage as noarch
* fedora: Change source URL to HEAD link with explicit commit SHA
* fedora: Drop VCS tag from spec file
* fedora: Start Release tag from 1, not 0
* fedora: Introduce own rpkg macro for changelog
* fedora: Install "plain" README, instead of web version, and demo script
* Makefile: Install demo.sh too, uninstall stuff under /usr/share
* Makefile: Ugly hack to get a "plain" Markdown version of README
* README: Add link to Copr repositories
* doc: Rewrite demo script
* contrib, test: Rebase Podman patch, enable three-way merge on git am in demo
* passt.1: Default host interfaces are now selected based on IP version
* Make substructures for IPv4 and IPv6 specific context information
* Separate IPv4 and IPv6 configuration
* Clarify semantics of c->v4 and c->v6 variables
* Move passt mac_guest init to be more symmetric with pasta
* Initialize host side MAC when in IPv6 only mode
* Separately locate external interfaces for IPv4 and IPv6
* tests: Correct determination of host interface name in tests
* Allow different external interfaces for IPv4 and IPv6 connectivity
* test: Expand root partition of Debian sid amd64 and aarch64 images
* passt: Truncate PID file on open()
* demo: Use git protocol downloads
* tests: No need to retrieve host ifname in ndp/pasta
* tests: Clean up better after iperf tests
* tests: Use dhclient --no-pid for namespaces in two_guests tests
* tests: Remove unnecessary truncation of temporary files in udp tests
* tests: Remove unnecessary ^D in passt_in_ns teardown
* tests: Use socat instead of netcat
* valgrind needs futex
* tests: Fix creation of test file in udp passt tests
* tests: Fix detection of empty 'hout' responses in passt{,_in_ns} tests
* tests: Correctly handle domain search list in dhclient-script
* tests: Handle the case of a nameserver on host localhost
* tests: More robust parsing of resolv.conf for DHCP tests
* tests: Add some extra dhclient support directories to mbuto.img
* tests: Add rudimentary debugging to dhclient-script
* tests: Let Fedora find dhclient-script in /usr/sbin
* tests: Remove no longer needed /usr/bin/bash link
* test: Drop further ^D in passt demo teardown
* test: Actually use pasta in Podman demo step with HTTP service
* test: Fix Podman build in Podman demo
* test: In pasta demo, issue /sbin/dhclient instead of dhclient
* test: In demos, use pgrep instead of pstree to find namespace PID
* test: In passt demo, bring up eth0 in guest, not in namespace pane
* contrib: Rebase Podman patch to latest upstream
* qrap: Add a neighbour solicitation to probe frames, instead of just ARP
* conf: Reset range endpoints after parsing one excluded port specifier
* demo/passt: Bring interface up before starting dhclient in guest
* conf: Allow to specify ranges and ports excluded from given ranges
* conf: Fix initialisation of IPv6 unicast and link-local addresses
* util: Fix debug print on failed SO_REUSEADDR setting in sock_l4()
* passt: Allow exit_group() system call in seccomp profiles
* arch, passt: Use executable link to form AVX2 binary path
* tests: Remove unused DNS6 calculation from fedora tests
* tests: Prepare distro images during asset build phase
* tests: Move distro image download to asset build makefile
* tests: Explicitly list test files in test/run, remove "onlyfor" support
* tests: Don't automatically traverse directories of test files
* tests: Remove not-very-useful "req" directive
* tests: Remove unused set_mode() function
* Clean up passt.pid file
* tests: Search multiple places for aarch64 EDK2 bios image
* tests: Move mbuto download and execution to asset build
* tests: Introduce makefile for building test assets
* Invoke specific qemu-system-* binaries
* tests: qemu-system-ppc64le isn't a thing
* Handle the case of a DNS server on localhost
* test: Embed script for dhclient(8) in mbuto(1) profile
* qrap: Don't rely on errno after perror(), and reset it before usage
* Remove unused line_read()
* Use new lineread implementation for procfs_scan_listen()
* Parse resolv.conf with new lineread implementation
* Add cleaner line-by-line reading primitives
* test: Add external mbuto profile, drop udhcpc, and switch to it
* qrap: Increase number of retries on connection reset even further
* qrap: Change number of retries and delay on connection reset
* Makefile: Don't create extraneous -.s file
* Makefile: Tweak $(RM) usage
* Makefile: Simplify pasta* targets with a pattern rule
* Makefile: Use $(BIN) and $(MANPAGES) variable to simplify several targets
* Makefile: Avoid using wildcard sources
* conf: In conf_runas(), on static builds, group information is also unused
* tap: Add informational messages for UNIX domain socket connections
* qrap: Add probe retry on connection reset from passt for KubeVirt integration
* Makefile: Suppress unusedStructMember Cppcheck warning in dhcp.c
* tests: Use nmap-ncat instead of openbsd netcat for pasta tests
* Use dhclient instead of udhcpc
* Tweak dhclient arguments for readability
* Don't abbreviate ip(8) arguments in examples and tests
* tests: Use more explicit netcat options for distro/fedora tests
* README: Fix links to static builds
* tcp: Silence warning from gcc 11.3 with -Ofast
* contrib/fedora: Use pre-processing macros in spec file
* contrib/fedora: Drop dashes from version
* conf: Fix one Coverity CID 258163 warning, work around another one
* tcp: Work around gcc 12 bogus warning in tcp_rtt_dst_check()
* conf: Add --runas option, changing to given UID and GID if started as root
* udp: Ignore bogus -Wstringop-overread for write() from gcc 12.1
* tests: Don't check exit code for every command in demo mode
* tests: Don't count number of test units for demos
* demo/pasta: Fix bad sleep directive
* test/run: Return 0 from run(), exit value already reflects failures
* test/perf/pasta_udp: Drop redundant assignment of ::1 to loopback interface
* tests: Simplify explicit checks for command success
* tests: Simplify *tools commands using pane_status
* tests: Add pane_status command to check for success of issued commands
* tests: Don't ignore errors during script
* tests: Improve control character filtering in pane_parse
* tests: Don't globally set tmux default-shell
* tests: Don't use tmux update-environment
* tests: Add some debugging output for the test scripts themselves
* tests: Remove unused XVFB variable
* tests: Update mbuto git URLs
* Add basic .gitignore files
* qrap.1: Clarify it takes a qemu command, not a path
* demo: podman: New port forwarding behaviour for pasta, minor fixes
* contrib: podman: Add bound address configuration, update port specifications
* netlink: In nl_addr() and nl_route(), don't return before set request
* conf, tcp, udp: Allow address specification for forwarded ports
* tcp_splice: Allow up to 8 MiB as pipe size
* test/lib: Add small delay before trying to parse output
* test/distro: Set unprivileged_userns_clone on Debian Buster and earlier
* test/lib: Consistent cols, rows, poster attributes for asciinema player
* arch: Pointer to local outside scope, CWE-562
* udp: Out-of-bounds read, CWE-125 in udp_timer()
* tcp: False "Out-of-bounds read" positive, CWE-125
* tcp, tcp_splice: False "Negative array index read" positives, CWE-129
* tcp_splice: Logically dead code, CWE-561
* tcp: Dereference null return value, CWE-476
* conf, tap: False "Buffer not null terminated" positives, CWE-170
* conf: False "Assign instead of compare" positive, CWE-481
* treewide: Argument cannot be negative, CWE-687
* passt: Improper use of negative value (CWE-394)
* conf, packet: Operands don't affect result, CWE-569
* tap: Resource leak, CWE-404
* treewide: Unchecked return value from library, CWE-252
* tcp: False "Untrusted loop bound" positive, CWE-606
* passt: Ignoring number of bytes read, CWE-252
* treewide: Invalid type in argument to printf format specifier, CWE-686
* passt.1, qrap.1: Update links to qemu out-of-tree patch
* README: Fix link to contrib/debian
* hooks: Copy .webp diagram versions too
* README: Drop red notice about early development phase
* contrib: Add example of Debian package files
* contrib: Add example spec file for Fedora
* tap: Re-read from tap in tap_handler_pasta() on buffer full
* tap: Allow ioctl() and openat() for tap_ns_tun() re-initialisation
* tap, tcp, udp, icmp: Cut down on some oversized buffers
* passt, pasta: Add examples of SELinux policy modules
* passt, pasta: Add examples of AppArmor policies
* tcp: Fix warning by gcc 5.4 on ppc64le about comparison in CONN_OR_NULL()
* passt: Accurate error reporting for sandbox()
* Makefile: Allow implicit test for bugprone-suspicious-string-compare checker
* treewide: Fix android-cloexec-* clang-tidy warnings, re-enable checks
* udp: Move flags before ts in struct udp_tap_port, avoid end padding
* treewide: Mark constant references as const
* treewide: Add include guards
* treewide: Packet abstraction with mandatory boundary checks
* util: Fix function declaration style of write_pidfile()
* tcp, tcp_splice: Use less awkward syntax to swap in/out sockets from pools
* dhcp: Minimum option length implied by RFC 951 is 60 bytes, not 62
* tcp: Fit struct tcp_conn into a single 64-byte cacheline
* README: Update Interfaces and Availability sections
* README: Avoid "here" links
* test/perf: Work-around for virtio_net hang before long streams from guest
* tcp_splice: Close sockets right away on high number of open files
* tcp: Rework timers to use timerfd instead of periodic bitmap scan
* tcp, udp, util: Enforce 24-bit limit on socket numbers
* test, seccomp, Makefile: Switch to valgrind runs for passt functional tests
* test: Add asciinema(1) as requirement for CI in README
* Makefile: Enable a few hardening flags
* udp: Use flags for local, loopback, and configured unicast binds
* dhcpv6, tap, tcp: Use IN6_ARE_ADDR_EQUAL instead of open-coded memcmp()
* udp: Split buffer queueing/writing parts of udp_sock_handler()
* udp: Drop _splice from recv, send, sendto static buffer names
* test/lib/video: Fill in href attributes of video shortcuts
* tcp: Refactor to use events instead of states, split out spliced implementation
* util: Use standard int types
* util: Drop CHECK_SET_MIN_MAX{,_PROTO_FD} macros
* pcap: Fix mistake in printed string
* conf, util, tap: Implement --trace option for extra verbose logging
* README: Make it somewhat readable on mobile devices
* hooks, README: gzipped js snippets, webp alternatives for png
* test/lib/setup: Unshare PID namespace in pasta_setup()
* README: Don't preload CI recording, show poster from end of run
* README: s/guest/namespace/ in pasta "Try it" section
* Makefile, hooks: Static target precondition for pkgs, copy .avx2 builds
* demo/pasta: Clean up before rebuilding with -g
* arp, dhcp: Fix strict aliasing warnings reported by gcc 4.9 with -Ofast
* passt, pasta: Run-time selection of AVX2 build
* test/distro/opensuse: Add Tumbleweed armv7l test
* test/lib/term: Don't run demo when started as ./run
* seccomp, tcp: Add fcntl64 to pasta syscalls for armv6l, armv7l
* hooks/pre-push: Keep original cast on gzip, fix uploading with dash
* demo/pasta: Exit namespace in 'ns' pane before restarting pasta
* seccomp: Adjust list of allowed syscalls for armv6l, armv7l
* passt: Don't warn on failed madvise()
* Makefile: Fix up AUDIT_ARCH for armv6l, armv7l
* tap: Cast ETH_MAX_MTU to signed in comparisons
* seccomp.sh: Handle syscall number defines in the (x + y) form
* udp: Explicitly initialise sin6_scope_id and sin_zero in sockaddr_in{,6}
* passt: Explicitly check return value of chdir()
* hooks: Uploaded compressed .cast files too
* passt.1: Drop duplicate --dns section
* conf, ndp: Disable router advertisements on --config-net
* netlink: Avoid left-over bytes in request on MTU configuration
* test: Fix name of CI asciinema player in perf links handler
-------------------------------------------------------------------
Wed Feb 23 19:41:59 UTC 2022 - mardnh@gmx.de
- Update to version 0~git20220223
-------------------------------------------------------------------
Sat Oct 23 13:38:46 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 0~git20211023
-------------------------------------------------------------------
Wed Oct 20 11:16:49 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Update to version 0~git20211020
-------------------------------------------------------------------
Sun Oct 17 11:01:27 UTC 2021 - Martin Hauke <mardnh@gmx.de>
- Initial package, version 0~git20211016
Reference in New Issue Copy Permalink