From nobody Fri May 3 10:47:58 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1580395524261780.5022841639134; Thu, 30 Jan 2020 06:45:24 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-15-LJBRgMI6MYO6HoocGN9Y3Q-1; Thu, 30 Jan 2020 09:45:19 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 462FF100551B; Thu, 30 Jan 2020 14:45:13 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 09E14CFC7; Thu, 30 Jan 2020 14:45:13 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9616A18089CD; Thu, 30 Jan 2020 14:45:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00UEhB0D026407 for ; Thu, 30 Jan 2020 09:43:11 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8C70087B09; Thu, 30 Jan 2020 14:43:11 +0000 (UTC) Received: from ridgehead.redhat.com (unknown [10.43.2.92]) by smtp.corp.redhat.com (Postfix) with ESMTP id E3E8887B17; Thu, 30 Jan 2020 14:43:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1580395521; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=JM2mGVc5EPD9z6WBkPCnTqiO5UCnE2R9x+N7s3W1+68=; b=X1yTxYYQQ3Mywr2hWuhaDDXEFwyuZR4cmr3v3YE3WYHKnYYZrJ+Dlb3dtn9uYNffg//vQs zFTU4oXNemHQMZ462xEhmbdt3TBbEyrOSQ+DD0vLJH1Pzak8xwelTKCzDHvi9he9++0wyz 4G9+9atMPWak3zBYT1zA39bei8E3eyg= From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt PATCH 1/2] libpcap: Bump the minimum required version to >= 1.5.0 Date: Thu, 30 Jan 2020 15:43:05 +0100 Message-Id: <2b2a9c02d6c2b45271bf8b9bece26294f93d68ac.1580394727.git.eskultet@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-MC-Unique: LJBRgMI6MYO6HoocGN9Y3Q-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" libpcap-1.5.0 introduced a function to enforce immediate mode (on all platforms) which the follow-up patches will rely on. Signed-off-by: Erik Skultety Reviewed-by: Daniel P. Berrang=C3=A9 --- libvirt.spec.in | 2 +- m4/virt-libpcap.m4 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index bbf9748582..b349d1bc7e 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -302,7 +302,7 @@ BuildRequires: yajl-devel %if %{with_sanlock} BuildRequires: sanlock-devel >=3D 2.4 %endif -BuildRequires: libpcap-devel +BuildRequires: libpcap-devel >=3D 1.5.0 BuildRequires: libnl3-devel BuildRequires: libselinux-devel BuildRequires: dnsmasq >=3D 2.41 diff --git a/m4/virt-libpcap.m4 b/m4/virt-libpcap.m4 index 8fa4889ec8..605c2fdea7 100644 --- a/m4/virt-libpcap.m4 +++ b/m4/virt-libpcap.m4 @@ -22,7 +22,7 @@ AC_DEFUN([LIBVIRT_ARG_LIBPCAP], [ ]) AC_DEFUN([LIBVIRT_CHECK_LIBPCAP], [ - LIBPCAP_REQUIRED=3D"1.0.0" + LIBPCAP_REQUIRED=3D"1.5.0" LIBPCAP_CONFIG=3D"pcap-config" LIBPCAP_CFLAGS=3D"" LIBPCAP_LIBS=3D"" -- 2.24.1 From nobody Fri May 3 10:47:58 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1580395527935841.3300056832378; Thu, 30 Jan 2020 06:45:27 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-302-Xai1ozWhO0WO0V2nvUYnUg-1; Thu, 30 Jan 2020 09:45:24 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C4A848018A3; Thu, 30 Jan 2020 14:45:18 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 90A2789A67; Thu, 30 Jan 2020 14:45:18 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2C94787A8B; Thu, 30 Jan 2020 14:45:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 00UEhCnD026415 for ; Thu, 30 Jan 2020 09:43:12 -0500 Received: by smtp.corp.redhat.com (Postfix) id 80C7087B02; Thu, 30 Jan 2020 14:43:12 +0000 (UTC) Received: from ridgehead.redhat.com (unknown [10.43.2.92]) by smtp.corp.redhat.com (Postfix) with ESMTP id D814D87B17; Thu, 30 Jan 2020 14:43:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1580395526; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=QEZ2NLl2Eui3ynh2WL31a4uHgYMiHK23vYQzVetL6Mo=; b=Tu+2mOaV5o7itKCf0Vd3bNSUB3TU6unPKon9DClCbCVBIpxHuE94C8Gy/jLykXM4WimZRK OkHur2at0kXerCneCFlwJLE5hG8tzzhpgD2i/UxzFhlveJfA60ca3OtPHiNvvZ9ExMfIB8 hR8hNmGV4ftvuKxSpo++N6jxKDE182o= From: Erik Skultety To: libvir-list@redhat.com Subject: [libvirt PATCH 2/2] nwfilter: Use immediate paket delivery mode rather than buffering Date: Thu, 30 Jan 2020 15:43:06 +0100 Message-Id: <4a47812bfd44924ad393c8360d28fa722e1de8a4.1580394727.git.eskultet@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Erik Skultety X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: Xai1ozWhO0WO0V2nvUYnUg-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Our nwfilter code doesn't set any timeout on the pcap paket buffer which means that when DHCP snooping is enabled on a guest interface and libvirt is trying to learn the IP address from guest's DHCP traffic, it takes up to 4x longer to ping a guest successfully compared to a case where nwfilter isn't enabled at all or libvirt uses the cached nwfilter leases to populate the corresponding rules to ebtables. With the pcap filter and rate limiting already in place, we should be able to afford enabling the immediate paket delivery, FWIW immediate mode was actually the default prior libpcap-1.5.0 (CentOS 6) regardless of whether a buffer was requested. The lack of any kind of timeout on the pcap buffer messed with the libvirt TCK test suite which, even with a generous timeout in place, timeouts every single time simply because it takes a while until guest actually starts producing any kind of traffic to fill up the buffer in place (appart from the DHCP traffic which happens fairly early on). Signed-off-by: Erik Skultety Reviewed-by: Daniel P. Berrang=C3=A9 --- An alternative I've been also looking into is to use pcap_set_timeout before activating the pcap handle. The question is what should an appropriate time= out look like in that case (e.g. I tried with 500ms), but since prior libpcap < 1.5.0 the capture devices were always in the immediate mode on Li= nux, I'd go down the same road again, quoting the man page: "in 1.5.0 and later, they are, by default, not in immediate mode, so if pcap_set_immediate_mode() is available, it should be used" src/nwfilter/nwfilter_dhcpsnoop.c | 24 +----------------------- 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcp= snoop.c index 10567e9cd3..a1c0c0189e 100644 --- a/src/nwfilter/nwfilter_dhcpsnoop.c +++ b/src/nwfilter/nwfilter_dhcpsnoop.c @@ -242,23 +242,6 @@ struct _virNWFilterDHCPDecodeJob { # define DHCP_PKT_BURST 50 /* pkts/sec */ # define DHCP_BURST_INTERVAL_S 10 /* sec */ -/* - * NB: Any libpcap built with HAVE_TPACKET3 will require - * PCAP_BUFFERSIZE to be at least 262144 (although - * pcap_set_buffer_size() with a lower value will succeed, and the - * error will only show up later when pcap_setfilter() is called). - * - * It is possible that in the future libpcap could increase the - * minimum size even further, but due to the fact that each guest - * using dhcp snooping keeps 2 pcap sockets open (and thus 2 buffers - * allocated) for the life of the guest, we want to minimize the - * length of the buffer, so instead of leaving it at the default size - * (2MB), we are setting it to the minimum viable size and including - * this clue in the source to help quickly resolve the problem when/if - * it reoccurs. - */ -# define PCAP_BUFFERSIZE (256 * 1024) - # define MAX_QUEUED_JOBS (DHCP_PKT_BURST + 2 * DHCP_PKT_RATE) typedef struct _virNWFilterSnoopRateLimitConf virNWFilterSnoopRateLimitCon= f; @@ -1098,13 +1081,8 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacA= ddr *mac, goto cleanup_nohandle; } - /* IMPORTANT: If there is any failure of *any* pcap_* function - * during setup of the socket, look to the comment where - * PCAP_BUFFERSIZE is defined. It may be too small, even if the - * generated error doesn't imply that. - */ if (pcap_set_snaplen(handle, PCAP_PBUFSIZE) < 0 || - pcap_set_buffer_size(handle, PCAP_BUFFERSIZE) < 0 || + pcap_set_immediate_mode(handle, 1) < 0 || pcap_activate(handle) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("setup of pcap handle failed: %s"), -- 2.24.1