Re: [libvirt PATCH 4/9] conf: add passt XML additions to schema
On Thu, 12 Jan 2023 09:45:39 -0500
Laine Stump <laine(a)redhat.com> wrote:
On 1/11/23 1:33 PM, Daniel P. Berrangé wrote:
> On Sun, Jan 08, 2023 at 11:11:07PM -0500, Laine Stump wrote:
>> Initial support for network devices using passt (https://passt.top)
>> for the backend connection will require:
>>
>> * new attributes of the <backend> subelement:
>> * "type" that can have the value "passt" (to
differentiate from
>> slirp, because both slirp and passt will use <interface
>> type='user'>)
>> * "logFile" (a path to a file that passt should use for its
logging)
>> * "upstream" (a netdev name, e.g. "eth0").
>
> IMHO this attribute is inappropriate for <backend>....
>
[...]
>> + <interface type='user'>
>> + <mac address='00:11:22:33:44:55'/>
>> + <ip address='172.17.2.0' family='ipv4'
prefix='24'/>
>> + <ip address='2001:db8:ac10:fd01::feed'
family='ipv6'/>
>> + <portForward proto='tcp'
address='2001:db8:ac10:fd01::1:10'>
>> + <range start='22' to='2022'/>
>> + <range start='1000' end='1050'/>
>> + <range start='1020' exclude='yes'/>
>> + <range start='1030' end='1040'
exclude='yes'/>
>> + </portForward>
>> + <portForward proto='udp' address='1.2.3.4'
dev='eth0'>
>> + <range start='5000' end='5020'
to='6000'/>
>> + <range start='5010' end='5015'
exclude='yes'/>
>> + </portForward>
>> + <portForward proto='tcp'>
>> + <range start='80'/>
>> + </portForward>
>> + <portForward proto='tcp'>
>> + <range start='443' to='344'/>
>> + </portForward>
>> + <model type='rtl8139'/>
>> + <backend type='passt' logFile='/var/log/loglaw.blog'
upstream='eth42'/>
>
> I don't think that 'upstream' is really describing a property of the
> backend.
>
> This is expressing a traffic routing restriction for the 'user'
> networking type. IMHO it should probably be using the existing
> <source dev="xxxx"/> element, that is currently used by the
> 'direct' networking type.
I'm still not sure *exactly* what it does; it apparently grabs the
routes that are fed to the guest from the given host interface; I should
probably ask Stefano to explain it to me again (he described it once,
but that was along with explanations of several other things).
Yes, it's pretty much that... recycling from the man page:
-i, --interface name
Use host interface name to derive addresses and routes. Default
is to use the interfaces with the first default routes for each
IP version.
It's not actually a routing restriction -- passt can't do that. The
only interface binding that passt implements (with Linux kernel
versions >= 5.7) is an optional bound interface specification for port
forwarding.
So it's not *exactly* the same as <source
dev='xxx'/> for type='direct'
(which determines the link-level connection rather than IP routing), but
definitely very similar.
Right, I think so too, and "source" is probably a good name for that in
any case.
--
Stefano