NAME¶

passt-repair - Helper setting TCP_REPAIR socket options for passt(1)

SYNOPSIS¶

passt-repair PATH

DESCRIPTION¶

passt-repair is a privileged helper setting and clearing repair mode on TCP sockets on behalf of passt(1), as instructed via single-byte commands over a UNIX domain socket, specified by PATH.

It can be used to migrate TCP connections between guests without granting additional capabilities to passt(1) itself: to migrate TCP connections, passt(1) leverages repair mode, which needs the CAP_NET_ADMIN capability (see capabilities(7)) to be set or cleared.

PROTOCOL¶

passt-repair(1) connects to passt(1) using the socket specified via --repair-path option in passt(1) itself. By default, the name is the same as the UNIX domain socket used for guest communication, suffixed by .repair.

The messages consist of one 8-bit signed integer that can be TCP_REPAIR_ON (1), TCP_REPAIR_OFF (0), or TCP_REPAIR_OFF_NO_WP (-1), as defined by the Linux kernel user API, and one to SCM_MAX_FD (253) sockets as SCM_RIGHTS (see unix(7)) ancillary message, sent by the server, passt(1).

The client, passt-repair(1), replies with the same byte (and no ancillary message) to indicate success, and closes the connection on failure.

The server closes the connection on error or completion.

NOTES¶

passt-repair(1) can be granted the CAP_NET_ADMIN capability (preferred, as it limits privileges to the strictly necessary ones), or it can be run as root.

AUTHOR¶

Stefano Brivio <sbrivio@redhat.com>.

REPORTING BUGS¶

Please report issues on the bug tracker at https://bugs.passt.top/, or send a message to the passt-user@passt.top mailing list, see https://lists.passt.top/.

COPYRIGHT¶

Copyright (c) 2025 Red Hat GmbH.

passt-repair is free software: you can redistribute them and/or modify them under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

SEE ALSO¶

passt(1), qemu(1), capabilities(7), unix(7).