From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 4348ECC71;
	Tue, 23 Sep 2025 15:24:39 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id AAB96CC46; Tue, 23 Sep 2025 15:24:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_PASS,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=4.0.1
Received: from mail.cyberchaos.dev (mail.cyberchaos.dev
 [IPv6:2a0f:4ac0::3a11])
	by atuin.qyliss.net (Postfix) with ESMTPS id C54F4CC42
	for <devel@spectrum-os.org>; Tue, 23 Sep 2025 15:24:32 +0000 (UTC)
Message-ID: <8b9edb28-1c04-43c6-b86e-f6b9c6e2b66b@yuka.dev>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yuka.dev; s=mail;
	t=1758641067;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=vnWyR0S5XeUC+8DKusz24doIc0LfoVWJmKNS5vXsMXk=;
	b=cG69p9sD8LeZR27j01vcUAAEcLQb5dQDn8S9qv3O3z992axPakYV1ZLLf/xntsdFJI4r6J
	K3rZZRPJGT3LzWtOE7RXRGsMBCjPD+d9/eMWCynU40/08E1aI5dKQ5KifwgK7n5/0ZH5Ov
	8ynHJ49bTRg8j9dLg+6PWm9lH1BBHIg=
Date: Tue, 23 Sep 2025 17:24:26 +0200
MIME-Version: 1.0
From: Yureka <yuka@yuka.dev>
Subject: Re: [PATCH RFC v4 5/5] vm/sys/net: integrate xdp-forwarder
To: devel@spectrum-os.org
References: <20250923132012.28013-1-yureka@cyberchaos.dev>
 <20250923132012.28013-6-yureka@cyberchaos.dev>
Content-Language: en-US
In-Reply-To: <20250923132012.28013-6-yureka@cyberchaos.dev>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID-Hash: G3YHUE44GCMI7DFY2XQV2DLTSAJYA3T5
X-Message-ID-Hash: G3YHUE44GCMI7DFY2XQV2DLTSAJYA3T5
X-MailFrom: yuka@yuka.dev
X-Mailman-Rule-Hits: member-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/G3YHUE44GCMI7DFY2XQV2DLTSAJYA3T5/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>

I just noticed some unresolved conflicts ended up in this one, so it'll 
definitely need to be re-done (although it's not ready to be pulled 
anyways).

On 9/23/25 15:20, Yureka Lilian wrote:
> ---
> vm/sys/net/Makefile | 19 +++++++++++--
> vm/sys/net/default.nix | 21 ++++++++-------
> vm/sys/net/image/etc/fstab | 2 ++
> vm/sys/net/image/etc/mdev/iface | 27 ++++++-------------
> vm/sys/net/image/etc/nftables.conf | 8 ------
> vm/sys/net/image/etc/s6-rc/connman/type | 1 -
> .../net/image/etc/s6-rc/connman/type.license | 2 --
> .../net/image/etc/s6-rc/mdevd-coldplug/type | 1 -
> .../net/image/etc/s6-rc/nftables/type.license | 2 --
> vm/sys/net/image/etc/s6-rc/nftables/up | 6 -----
> 10 files changed, 39 insertions(+), 50 deletions(-)
> delete mode 100644 vm/sys/net/image/etc/nftables.conf
> delete mode 100644 vm/sys/net/image/etc/s6-rc/connman/type
> delete mode 100644 vm/sys/net/image/etc/s6-rc/connman/type.license
> delete mode 100644 vm/sys/net/image/etc/s6-rc/mdevd-coldplug/type
> delete mode 100644 vm/sys/net/image/etc/s6-rc/nftables/type.license
> delete mode 100644 vm/sys/net/image/etc/s6-rc/nftables/up
>
> diff --git a/vm/sys/net/Makefile b/vm/sys/net/Makefile
> index 0193cc8..28e924b 100644
> --- a/vm/sys/net/Makefile
> +++ b/vm/sys/net/Makefile
> @@ -34,12 +34,11 @@ VM_FILES = \
> image/etc/init \
> image/etc/mdev.conf \
> image/etc/mdev/iface \
> - image/etc/nftables.conf \
> image/etc/passwd \
> image/etc/s6-linux-init/run-image/service/getty-hvc0/run \
> image/etc/s6-linux-init/scripts/rc.init \
> image/etc/sysctl.conf
> -VM_DIRS = dev etc/s6-linux-init/env run proc sys var/lib/connman
> +VM_DIRS = dev etc/s6-linux-init/env proc run sys
> # These are separate because they need to be included, but putting
> # them as make dependencies would confuse make.
> @@ -59,6 +58,7 @@ build/rootfs.erofs: ../../../scripts/make-erofs.sh 
> $(PACKAGES_FILE) $(VM_FILES)
> ) | ../../../scripts/make-erofs.sh $@
> VM_S6_RC_FILES = \
> +<<<<<<< HEAD
> image/etc/s6-rc/connman/dependencies.d/dbus \
> image/etc/s6-rc/connman/run \
> image/etc/s6-rc/connman/type \
> @@ -77,6 +77,21 @@ VM_S6_RC_FILES = \
> image/etc/s6-rc/ok-all/type \
> image/etc/s6-rc/sysctl/type \
> image/etc/s6-rc/sysctl/up
> +=======
> + etc/s6-rc/dbus/notification-fd \
> + etc/s6-rc/dbus/run \
> + etc/s6-rc/dbus/type \
> + etc/s6-rc/mdevd-coldplug/dependencies \
> + etc/s6-rc/mdevd-coldplug/type \
> + etc/s6-rc/mdevd-coldplug/up \
> + etc/s6-rc/mdevd/notification-fd \
> + etc/s6-rc/mdevd/run \
> + etc/s6-rc/mdevd/type \
> + etc/s6-rc/ok-all/contents \
> + etc/s6-rc/ok-all/type \
> + etc/s6-rc/sysctl/type \
> + etc/s6-rc/sysctl/up
> +>>>>>>> 45850c5 (vm/sys/net: integrate xdp-forwarder)
> build/etc/s6-rc: $(VM_S6_RC_FILES)
> mkdir -p $$(dirname $@)
> diff --git a/vm/sys/net/default.nix b/vm/sys/net/default.nix
> index 2953c3a..8159247 100644
> --- a/vm/sys/net/default.nix
> +++ b/vm/sys/net/default.nix
> @@ -1,13 +1,14 @@
> # SPDX-License-Identifier: MIT
> # SPDX-FileCopyrightText: 2021-2023 Alyssa Ross <hi@alyssa.is>
> +# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
> -import ../../../lib/call-package.nix ({ lseek, src, terminfo, pkgsMusl }:
> +import ../../../lib/call-package.nix ({ lseek, spectrum-driver-tools, 
> src, terminfo, pkgsMusl }:
> pkgsMusl.callPackage (
> { lib, stdenvNoCC, nixos, runCommand, writeClosure
> , erofs-utils, jq, s6-rc, util-linux, xorg
> -, busybox, connmanMinimal, dbus, execline, kmod, linux_latest, mdevd, 
> nftables
> -, s6, s6-linux-init
> +, busybox, dbus, execline, kmod, linux_latest, mdevd
> +, s6, s6-linux-init, xdp-tools
> }:
> let
> @@ -50,10 +51,8 @@ let
> ];
> });
> - connman = connmanMinimal;
> -
> packages = [
> - connman dbus execline kmod mdevd s6 s6-linux-init s6-rc
> + dbus execline kmod mdevd s6 s6-linux-init s6-rc xdp-tools
> (busybox.override {
> extraConfig = ''
> @@ -66,13 +65,16 @@ let
> CONFIG_RMMOD n
> '';
> })
> -
> - (nftables.override { withCli = false; })
> ];
> # Packages that should be fully linked into /usr,
> # (not just their bin/* files).
> - usrPackages = [ connman dbus firmware kernel.modules terminfo ];
> + usrPackages = [
> + dbus firmware kernel terminfo
> +
> + # for xdp-forwarder
> + spectrum-driver-tools
> + ];
> packagesSysroot = runCommand "packages-sysroot" {
> inherit packages;
> @@ -94,6 +96,7 @@ let
> system.stateVersion = lib.trivial.release;
> });
> +
> in
> stdenvNoCC.mkDerivation {
> diff --git a/vm/sys/net/image/etc/fstab b/vm/sys/net/image/etc/fstab
> index 6a82ecc..5a1bbf4 100644
> --- a/vm/sys/net/image/etc/fstab
> +++ b/vm/sys/net/image/etc/fstab
> @@ -1,6 +1,8 @@
> # SPDX-License-Identifier: CC0-1.0
> # SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is>
> +# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
> proc /proc proc defaults 0 0
> devpts /dev/pts devpts defaults,gid=4,mode=620 0 0
> tmpfs /dev/shm tmpfs defaults 0 0
> sysfs /sys sysfs defaults 0 0
> +bpffs /sys/fs/bpf bpf defaults 0 0
> diff --git a/vm/sys/net/image/etc/mdev/iface 
> b/vm/sys/net/image/etc/mdev/iface
> index 2306575..ff4bf53 100755
> --- a/vm/sys/net/image/etc/mdev/iface
> +++ b/vm/sys/net/image/etc/mdev/iface
> @@ -1,36 +1,25 @@
> #!/bin/execlineb -P
> # SPDX-License-Identifier: EUPL-1.2+
> # SPDX-FileCopyrightText: 2020-2021 Alyssa Ross <hi@alyssa.is>
> +# SPDX-FileCopyrightText: 2025 Yureka Lilian <yureka@cyberchaos.dev>
> importas -Si INTERFACE
> ifte
> {
> - # This interface is connected to another VM.
> -
> - # The other VM's IP is encoded in the NIC-specific portion of the
> - # interface's MAC address.
> - backtick -E CLIENT_IP {
> - awk -F: "{printf \"100.64.%d.%d\\n\", \"0x\" $5, \"0x\" $6}"
> - /sys/class/net/${INTERFACE}/address
> - }
> -
> - if { ip address add 169.254.0.1/32 dev $INTERFACE }
> - if { ip link set $INTERFACE up }
> - ip route add $CLIENT_IP dev $INTERFACE
> + # This interface is connected to the router
> + if { xdp-loader load $INTERFACE /usr/lib/xdp/prog_router.o -m skb -p 
> /sys/fs/bpf }
> + if { ip link set $INTERFACE promisc on }
> + if { set-router-iface $INTERFACE }
> + ip link set $INTERFACE up
> }
> {
> if { test $INTERFACE != lo }
> # This is a physical connection to a network device.
> - background { s6-rc -bu change connman }
> - if { s6-rc -bu change nftables }
> - if {
> - forx -pE module { nft_counter nft_masq }
> - modprobe $module
> - }
> - nft add rule ip nat postrouting oifname $INTERFACE counter masquerade
> + if { xdp-loader load $INTERFACE /usr/lib/xdp/prog_physical.o -m skb 
> -p /sys/fs/bpf }
> + ip link set $INTERFACE up
> }
> grep -iq ^02:01: /sys/class/net/${INTERFACE}/address
> diff --git a/vm/sys/net/image/etc/nftables.conf 
> b/vm/sys/net/image/etc/nftables.conf
> deleted file mode 100644
> index 296d92c..0000000
> --- a/vm/sys/net/image/etc/nftables.conf
> +++ /dev/null
> @@ -1,8 +0,0 @@
> -# SPDX-License-Identifier: EUPL-1.2+
> -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
> -
> -table nat {
> - chain postrouting {
> - type nat hook postrouting priority 100;
> - }
> -}
> diff --git a/vm/sys/net/image/etc/s6-rc/connman/type 
> b/vm/sys/net/image/etc/s6-rc/connman/type
> deleted file mode 100644
> index 5883cff..0000000
> --- a/vm/sys/net/image/etc/s6-rc/connman/type
> +++ /dev/null
> @@ -1 +0,0 @@
> -longrun
> diff --git a/vm/sys/net/image/etc/s6-rc/connman/type.license 
> b/vm/sys/net/image/etc/s6-rc/connman/type.license
> deleted file mode 100644
> index 2b3b032..0000000
> --- a/vm/sys/net/image/etc/s6-rc/connman/type.license
> +++ /dev/null
> @@ -1,2 +0,0 @@
> -SPDX-License-Identifier: CC0-1.0
> -SPDX-FileCopyrightText: 2020 Alyssa Ross <hi@alyssa.is>
> diff --git a/vm/sys/net/image/etc/s6-rc/mdevd-coldplug/type 
> b/vm/sys/net/image/etc/s6-rc/mdevd-coldplug/type
> deleted file mode 100644
> index bdd22a1..0000000
> --- a/vm/sys/net/image/etc/s6-rc/mdevd-coldplug/type
> +++ /dev/null
> @@ -1 +0,0 @@
> -oneshot
> diff --git a/vm/sys/net/image/etc/s6-rc/nftables/type.license 
> b/vm/sys/net/image/etc/s6-rc/nftables/type.license
> deleted file mode 100644
> index c49c11b..0000000
> --- a/vm/sys/net/image/etc/s6-rc/nftables/type.license
> +++ /dev/null
> @@ -1,2 +0,0 @@
> -SPDX-License-Identifier: CC0-1.0
> -SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
> diff --git a/vm/sys/net/image/etc/s6-rc/nftables/up 
> b/vm/sys/net/image/etc/s6-rc/nftables/up
> deleted file mode 100644
> index 7d5f141..0000000
> --- a/vm/sys/net/image/etc/s6-rc/nftables/up
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -# SPDX-License-Identifier: EUPL-1.2+
> -# SPDX-FileCopyrightText: 2021 Alyssa Ross <hi@alyssa.is>
> -
> -if { modprobe nft_chain_nat }
> -
> -nft -f /etc/nftables.conf