passt-repair - Man Page

Helper setting TCP_REPAIR socket options for passt(1)

Synopsis

passt-repair PATH

Description

passt-repair is a privileged helper setting and clearing repair mode on TCP sockets on behalf of passt(1), as instructed via single-byte commands over a UNIX domain socket.

It can be used to migrate TCP connections between guests without granting additional capabilities to passt(1) itself: to migrate TCP connections, passt(1) leverages repair mode, which needs the CAP_NET_ADMIN capability (see capabilities(7)) to be set or cleared.

If PATH represents a UNIX domain socket, passt-repair(1) attempts to connect to it. If it is a directory, passt-repair(1) waits until a file ending with .repair appears in it, and then attempts to connect to it.

Protocol

passt-repair(1) connects to passt(1) using the socket specified via --repair-path option in passt(1) itself. By default, the name is the same as the UNIX domain socket used for guest communication, suffixed by .repair.

The messages consist of one 8-bit signed integer that can be TCP_REPAIR_ON (1), TCP_REPAIR_OFF (0), or TCP_REPAIR_OFF_NO_WP (-1), as defined by the Linux kernel user API, and one to SCM_MAX_FD (253) sockets as SCM_RIGHTS (see unix(7)) ancillary message, sent by the server, passt(1).

The client, passt-repair(1), replies with the same byte (and no ancillary message) to indicate success, and closes the connection on failure.

The server closes the connection on error or completion.

Notes

passt-repair(1) can be granted the CAP_NET_ADMIN capability (preferred, as it limits privileges to the strictly necessary ones), or it can be run as root.

Author

Stefano Brivio <sbrivio@redhat.com>.

Reporting Bugs

Please report issues on the bug tracker at https://bugs.passt.top/, or send a message to the passt-user@passt.top mailing list, see https://lists.passt.top/.

See Also

passt(1), qemu(1), capabilities(7), unix(7).

Referenced By

passt(1).