From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 9472FCADD;
	Tue, 23 Sep 2025 15:14:33 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 3B6BBCAD3; Tue, 23 Sep 2025 15:14:31 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=4.0.1
Received: from fhigh-a8-smtp.messagingengine.com
 (fhigh-a8-smtp.messagingengine.com [103.168.172.159])
	by atuin.qyliss.net (Postfix) with ESMTPS id D86CDCAD2
	for <devel@spectrum-os.org>; Tue, 23 Sep 2025 15:14:29 +0000 (UTC)
Received: from phl-compute-05.internal (phl-compute-05.internal [10.202.2.45])
	by mailfhigh.phl.internal (Postfix) with ESMTP id 1EFB614000C9;
	Tue, 23 Sep 2025 11:14:29 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-05.internal (MEProxy); Tue, 23 Sep 2025 11:14:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:content-type:date:date:from:from:in-reply-to
	:in-reply-to:message-id:mime-version:references:reply-to:subject
	:subject:to:to; s=fm3; t=1758640469; x=1758726869; bh=KzG86W4EQV
	+gdaMaZis6q+g0RAPzHdojzqqlf6A0hPE=; b=E3j1pi5fYJu2WVQ64j6QHlB1M3
	yRyEwcMMzlM7he1WYIfI9dXrQH1ckklZyIEEDkdTv+a/nkuQalz1RRssLh5hTCkV
	2lnWntlmlSceNES/yk/skkzFOSV1SoZ8fCSThzlCA2miGi4bCoIy1+SgRW9oajPX
	6WLa78aUr2AdpNZlSO1TeV9LroTlgA1exIR0nBW7Ymb+o5xAoxE4E0R2Peplj2/y
	+s30BRTm0CDDLyAH+PHgR+9bn7mYckgukVYf04b7LTnMVK/YVgTUtUtC7hbnMM8s
	e3yUuzsBzy4Jk+9SYHyiCWVUOYG+LWlAMvchYNLX18rBJmrwmACdugVdLYSQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:subject:subject:to
	:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
	1758640469; x=1758726869; bh=KzG86W4EQV+gdaMaZis6q+g0RAPzHdojzqq
	lf6A0hPE=; b=Zi5Jfpquy8K0rnEbFUg3ueVBkJ8QwvL/tRuv99lBjsrGsab7MeP
	xzxaM7nPRz91akK/LY475n1CAj5OHe7YaJiNQVBj8wV1XjzjBsohaZV68+YDnZbr
	IX93DzzaEGz461qGvXwl39nEjDIEoUbyMaxpjRv/QQT22ZYSnNIhMi9bPVcZSK6G
	rW8JjlwkMeMsOlG3/JlSDEN0eVC9eZZ+Oj3TEnQsOu1qKZc3CkWjaOr2A3hARPiq
	lUEW4apubkoOgcHhuG4zNXlDmQ0zoS3NZd8LmlkILkLOjbHmrnq6IJbMXPSSmiX7
	SOiKmyHFNEllNtbXUKjo8T0TBQIHa4gSqww==
X-ME-Sender: <xms:VLnSaMZh0TIOsXP0ymYGu2hzvIM0aqehwausjMheCoQSDGuDOl_z9Q>
    <xme:VLnSaLtwHjVjbLoOmIFwMVXuVSKTggb_MJUmtOLuhC0PROFtDvZrsTZFOUFWaQYiM
    5zEpcta0IyrQtP-hsA4Oh6z_i_t1eBkT-wewMoFu-NAAjBNxnl1>
X-ME-Received: 
 <xmr:VLnSaGG0NulQLLKkszXJTqXv34_elkXXcBZHsCSo7U-ziFi1cA9YeN0gyZxxpH8pfA>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggdeiuddtiecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr
    ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug
    hrpefhvfevufgjfhffkfggtgesghdtreertddttdenucfhrhhomheptehlhihsshgrucft
    ohhsshcuoehhihesrghlhihsshgrrdhisheqnecuggftrfgrthhtvghrnhepiefhtdfgje
    ellefghffhgfetkefhteeuleeggeeljeetleekhfevgedtieffveejnecuffhomhgrihhn
    pehsthguvghnvhdrtggtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg
    hilhhfrhhomhephhhisegrlhihshhsrgdrihhspdhnsggprhgtphhtthhopeefpdhmohgu
    vgepshhmthhpohhuthdprhgtphhtthhopeihuhhrvghkrgestgihsggvrhgthhgrohhsrd
    guvghvpdhrtghpthhtohepuggvmhhiohgsvghnohhurhesghhmrghilhdrtghomhdprhgt
    phhtthhopeguvghvvghlsehsphgvtghtrhhumhdqohhsrdhorhhg
X-ME-Proxy: <xmx:VLnSaOzql4vGDDvohUiJnBsm7j3pt2S8JcvRO_lQ3UUTzWpvJsCVWg>
    <xmx:VLnSaNgWzVoWxec068VqQE7Q45ni29juw7B2XPAecTrFW-BvUirF4Q>
    <xmx:VLnSaJxNwzO3cFCmLP2HqopPQGz91bNkYTt7vKkbPUUFVL5aZRVpzw>
    <xmx:VLnSaAKvE8BVbEYr6kmWnLqO4NuawAyUewCVvB2vMDsP5e_eq7Rq-A>
    <xmx:VbnSaJzopoWS5Euaq9LXNZcviJA88kJaMRTrWLfSd1ApA2JSOrRwdqjR>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 23 Sep 2025 11:14:28 -0400 (EDT)
Received: by rock.qyliss.net (Postfix, from userid 1000)
	id 51FCD15869B9; Tue, 23 Sep 2025 17:14:17 +0200 (CEST)
From: Alyssa Ross <hi@alyssa.is>
To: Yureka Lilian <yureka@cyberchaos.dev>
Subject: Re: [PATCH v4 2/5] tools: add xdp-forwarder
In-Reply-To: <20250923132012.28013-3-yureka@cyberchaos.dev>
References: <20250923132012.28013-1-yureka@cyberchaos.dev>
 <20250923132012.28013-3-yureka@cyberchaos.dev>
Date: Tue, 23 Sep 2025 17:14:14 +0200
Message-ID: <87plbhurp5.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: JFF5O3ZJFEALCLT5CIYG23KDG3JGRNSJ
X-Message-ID-Hash: JFF5O3ZJFEALCLT5CIYG23KDG3JGRNSJ
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>, devel@spectrum-os.org
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/JFF5O3ZJFEALCLT5CIYG23KDG3JGRNSJ/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Yureka Lilian <yureka@cyberchaos.dev> writes:

> The xdp-forwarder's purpose is implementing the functionality needed
> within the net-vm (a VM running the Linux drivers for any physical
> interfaces on the spectrum system).
>
> In the future, the net-vm will load the included XDP programs on the
> passed-through physical interfaces as well as the downstream virtio
> interface going into the router (recognized by its special MAC address).
>
> The net-vm needs to multiplex between the physical interfaces, as there
> might be several interfaces in the same IOMMU-group.
>
> For this, the XDP program loaded on the physical interfaces
> (`prog_physical.o`) applies a VLAN tag corresponding to the interface id
> and redirects the packets to the router interface (identified by the
> `router_iface` bpf map). In the other direction the XDP program loaded on
> the router interface (`prog_router.o`) removes one layer of VLAN tagging
> and redirects the packets to the interface read from the VLAN tag.
>
> The helper program `set_router_iface` is used to update the `router_iface`
> bpf map to point to the interface passed as argument to the program.
>
> Co-authored-by: Demi Marie Obenour <demiobenour@gmail.com>
> Signed-off-by: Yureka Lilian <yureka@cyberchaos.dev>
> ---
>  pkgs/default.nix                              |   4 +
>  release/checks/pkg-tests.nix                  |   1 +
>  tools/default.nix                             |  15 +-
>  tools/meson.build                             |   4 +
>  tools/meson_options.txt                       |   3 +
>  tools/xdp-forwarder/include/parsing_helpers.h | 274 ++++++++++++++++++
>  tools/xdp-forwarder/include/rewrite_helpers.h | 146 ++++++++++
>  tools/xdp-forwarder/meson.build               |  48 +++
>  tools/xdp-forwarder/prog_physical.c           |  39 +++
>  tools/xdp-forwarder/prog_router.c             |  43 +++
>  tools/xdp-forwarder/set_router_iface.c        |  30 ++
>  11 files changed, 604 insertions(+), 3 deletions(-)
>  create mode 100644 tools/xdp-forwarder/include/parsing_helpers.h
>  create mode 100644 tools/xdp-forwarder/include/rewrite_helpers.h
>  create mode 100644 tools/xdp-forwarder/meson.build
>  create mode 100644 tools/xdp-forwarder/prog_physical.c
>  create mode 100644 tools/xdp-forwarder/prog_router.c
>  create mode 100644 tools/xdp-forwarder/set_router_iface.c
>
> diff --git a/tools/default.nix b/tools/default.nix
> index 201afae..e92f453 100644
> --- a/tools/default.nix
> +++ b/tools/default.nix
> @@ -1,13 +1,16 @@
>  # SPDX-License-Identifier: MIT
>  # SPDX-FileCopyrightText: 2022-2025 Alyssa Ross <hi@alyssa.is>
> +# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
>=20=20
>  import ../lib/call-package.nix (
>  { src, lib, stdenv, fetchCrate, fetchurl, runCommand, buildPackages
>  , meson, ninja, pkg-config, rustc
>  , clang-tools, clippy
>  , dbus
> +, clang_21, libbpf

Could you explain in a comment why we have the pin, so it's clear when
it can be removed?

>  , appSupport ? true
>  , hostSupport ? false
> +, driverSupport ? false
>  }:
>=20=20
>  let
> @@ -70,15 +73,18 @@ stdenv.mkDerivation (finalAttrs: {
>        ./lsvm
>        ./start-vmm
>        ./subprojects
> +    ] ++ lib.optionals driverSupport [
> +      ./xdp-forwarder
>      ]));
>    };
>    sourceRoot =3D "source/tools";
>=20=20
>    depsBuildBuild =3D lib.optionals hostSupport [ buildPackages.stdenv.cc=
 ];
>    nativeBuildInputs =3D [ meson ninja ]
> -    ++ lib.optionals appSupport [ pkg-config ]
> -    ++ lib.optionals hostSupport [ rustc ];
> -  buildInputs =3D lib.optionals appSupport [ dbus ];
> +    ++ lib.optionals (appSupport || driverSupport) [ pkg-config ]
> +    ++ lib.optionals hostSupport [ rustc ]
> +    ++ lib.optionals driverSupport [ clang_21 ];
> +  buildInputs =3D lib.optionals appSupport [ dbus ] ++ lib.optionals dri=
verSupport [ libbpf ];
>=20=20
>    postPatch =3D lib.optionals hostSupport (lib.concatMapStringsSep "\n" =
(crate: ''
>      mkdir -p subprojects/packagecache
> @@ -88,12 +94,15 @@ stdenv.mkDerivation (finalAttrs: {
>    mesonFlags =3D [
>      (lib.mesonBool "app" appSupport)
>      (lib.mesonBool "host" hostSupport)
> +    (lib.mesonBool "driver" driverSupport)
>      "-Dhostfsrootdir=3D/run/virtiofs/virtiofs0"
>      "-Dtests=3Dfalse"
>      "-Dunwind=3Dfalse"
>      "-Dwerror=3Dtrue"
>    ];
>=20=20
> +  hardeningDisable =3D lib.optionals driverSupport [ "zerocallusedregs" =
];
> +

Could we instead do this in bpf_o_cmd, so it's not disabled for
userspace programs?

> diff --git a/tools/xdp-forwarder/meson.build b/tools/xdp-forwarder/meson.=
build
> new file mode 100644
> index 0000000..e6d91ca
> --- /dev/null
> +++ b/tools/xdp-forwarder/meson.build
> @@ -0,0 +1,48 @@
> +# SPDX-License-Identifier: EUPL-1.2+
> +# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
> +# SPDX-FileCopyrightText: 2025 Demi Marie Obenour <demiobenour@gmail.com>
> +
> +libbpf =3D dependency('libbpf', version : '1.6.2')
> +
> +executable('set-router-iface', 'set_router_iface.c',
> +  dependencies : libbpf,
> +  install : true)
> +
> +clang =3D find_program('clang')

Should be native: true I think.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmjSuUcACgkQ+dvtSFmy
ccADjRAAoDXLbBDlNGOoj4z5n4Ux0w999eVXPQ9fq7lJ6bqAW/elRnHiUG4uyoK5
sBRR6+R8Xc0VwY6sCHL52Y5T/M067sYLpILrNHScuPDugU49ZKDh6oETHiGceJ/B
dOuky6jB3rYjRy95npXvRcx2aMLcuAro92MOLRgFeKmaygi5qapBhmTQ/4TMrDM0
ccQl8h078ByPaSMEera0pC0+Pi7izyYDg3DxQBtYhUwSPa3vCx+yz4ZaivKSL+zd
4G0RMOS+eShPn7TrEFSm/g7DgOHauh/Ept9qtvLnwNlzLZ4cnxFl2Y4LtA8UeNRm
pComY4qPHxB++uWj74FfCMmFgU0aTs1vCKst40xClwdRSwpcKhC5K4OYBqEjgf94
Ks1tUJNJ0F14v07KI3y4+bZUMaZa4mDMoJNQ7xCymT/Ra3SBaGZtr1CbfH11E03o
GFkQHXwXQxKP17r487uPLsh9GgwqK63N3pckTiT2V1FoHPGboO51jksmIldJE3OR
iVSb2wfdAG0h7LYk+392Ya20CLdj1N6LVnSWBk1xbpnID8bBXcpm1+AHill5AsgY
P0y0cXC2FfPjXI9RMBub9PmCWn75RUyEFKNtM+OjkMbWQ/zyp0dad234KBNRTyBL
sNkrCpXvC7P0zEcfhGBM3leehsrEqtc67/tW9DpD6U0jtCmB4A4=
=LIf8
-----END PGP SIGNATURE-----
--=-=-=--