From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 7135722BB0; Sat, 23 Aug 2025 22:22:00 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 4476522B75; Sat, 23 Aug 2025 22:21:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail.cyberchaos.dev (mail.cyberchaos.dev [IPv6:2a0f:4ac0::3a11]) by atuin.qyliss.net (Postfix) with ESMTPS id E85E422B71 for ; Sat, 23 Aug 2025 22:21:56 +0000 (UTC) From: Yureka Lilian DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyberchaos.dev; s=mail; t=1755987710; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=xungN6ddqMn6niaWFZMdLYlF6X6mB5HwShXDbFtP20o=; b=DJu6jJRqzwy5eh78SXS4inPw+o/SbfvlbXJXIGdznKj6ALfABAQcFrArS6rZzN6hXxCX3q DoxECe33yJ0DTrVPd2VcrjNlhdYfMka6E8l1T+VfrfioCS9DbyHkDpCmXV4Ei+ajv/AHBl 2jedzTuVPaj/7pp1TZk13m0mPC+oi/A= To: devel@spectrum-os.org Subject: [DO_NOT_APPLY 0/2] xdp-forwarder Date: Sun, 24 Aug 2025 00:21:30 +0200 Message-ID: <20250823222134.1772413-1-yureka@cyberchaos.dev> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: BQ5KKLO2ASKZNZXGVHF4NK2R43I5JW7G X-Message-ID-Hash: BQ5KKLO2ASKZNZXGVHF4NK2R43I5JW7G X-MailFrom: yureka@cyberchaos.dev X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Yureka Lilian X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hi all, Since this worsens the networking situation unless combined with the userspace Router (which is to-be-done), I am formally sending this out for comments without expecting it to be applied for now. The net-vm's purpose is running the Linux drivers for any physical interfaces on the spectrum system. A net-vm (there could be multiple, one per IOMMU-group) will load the included XDP programs on the passed-through physical interfaces as well as the downstream virtio interface going into the router (recognized by its special MAC address) using mdev events. The net-vm needs to multiplex between the physical interfaces, as there might be several interfaces in the same IOMMU-group. For this, the XDP program loaded on the physical interfaces applies a VLAN tag corresponding to the interface id, and redirects the packets to the router interface (identified by the router_iface bpf map). In the other direction the XDP program loaded on the router interface removes one layer of VLAN tagging, and redirects the packets to the interface read from the VLAN tag. I have verified that when running a wpa_supplicant / iwd in the interface, a WiFi interface can correctly function as a physical interface with the XDP forwarder, assuming that the router sends packets with the correct source MAC address. Yureka Lilian (2): integrate xdp-forwarder into net-vm temporary changes for testing lib/nixpkgs.default.nix | 4 +- vm/sys/net/Makefile | 8 +- vm/sys/net/default.nix | 38 +++++-- vm/sys/net/etc/fstab | 1 + vm/sys/net/etc/mdev/iface | 23 +--- vm/sys/net/etc/nftables.conf | 8 -- vm/sys/net/etc/s6-rc/connman/dependencies | 4 - vm/sys/net/etc/s6-rc/connman/type | 1 - vm/sys/net/etc/s6-rc/connman/type.license | 2 - vm/sys/net/etc/s6-rc/nftables/type | 1 - vm/sys/net/etc/s6-rc/nftables/type.license | 2 - vm/sys/net/etc/s6-rc/nftables/up | 6 - vm/sys/net/xdp-forwarder/README.md | 9 ++ vm/sys/net/xdp-forwarder/default.nix | 35 ++++++ .../xdp-forwarder/include/parsing_helpers.h | 38 +++++++ .../xdp-forwarder/include/rewrite_helpers.h | 103 ++++++++++++++++++ vm/sys/net/xdp-forwarder/load_physical | 4 + vm/sys/net/xdp-forwarder/load_router | 6 + vm/sys/net/xdp-forwarder/prog_physical.c | 28 +++++ vm/sys/net/xdp-forwarder/prog_router.c | 34 ++++++ vm/sys/net/xdp-forwarder/set_router_iface.c | 31 ++++++ 21 files changed, 325 insertions(+), 61 deletions(-) delete mode 100644 vm/sys/net/etc/nftables.conf delete mode 100644 vm/sys/net/etc/s6-rc/connman/dependencies delete mode 100644 vm/sys/net/etc/s6-rc/connman/type delete mode 100644 vm/sys/net/etc/s6-rc/connman/type.license delete mode 100644 vm/sys/net/etc/s6-rc/nftables/type delete mode 100644 vm/sys/net/etc/s6-rc/nftables/type.license delete mode 100644 vm/sys/net/etc/s6-rc/nftables/up create mode 100644 vm/sys/net/xdp-forwarder/README.md create mode 100644 vm/sys/net/xdp-forwarder/default.nix create mode 100644 vm/sys/net/xdp-forwarder/include/parsing_helpers.h create mode 100644 vm/sys/net/xdp-forwarder/include/rewrite_helpers.h create mode 100755 vm/sys/net/xdp-forwarder/load_physical create mode 100755 vm/sys/net/xdp-forwarder/load_router create mode 100644 vm/sys/net/xdp-forwarder/prog_physical.c create mode 100644 vm/sys/net/xdp-forwarder/prog_router.c create mode 100644 vm/sys/net/xdp-forwarder/set_router_iface.c -- 2.50.1