net_tap: enable vnet header and TX/RX offloads#2996
Merged
jstarks merged 4 commits intomicrosoft:mainfrom Mar 17, 2026
Merged
Conversation
Enable IFF_VNET_HDR on TAP device creation and translate between net_backend's protocol-specific TxMetadata/RxMetadata and the virtio net header's general csum_start/csum_offset representation. linux_net_bindings: - Add ioctl wrappers: TUNSETOFFLOAD, TUNSETVNETHDRSZ (write), TUNGETIFF, TUNGETVNETHDRSZ (read) - Remove VirtioNetHdr and zerocopy dependency (moved to net_tap) net_tap/tap: - Split into open_tap() (opens /dev/net/tun, returns OwnedFd) and Tap::new(OwnedFd) (validates IFF_VNET_HDR via TUNGETIFF, sets vnet header size to 12-byte v1 format) - Tap::set_offloads() method for TUNSETOFFLOAD - Prepares for accepting pre-opened fds (e.g. Kata fd passing) net_tap: - VirtioNetHdr struct and constants in inline vnet_hdr module - TapEndpoint::new(Tap) sets offloads (CSUM|TSO4|TSO6|TSO_ECN) and returns Result; advertises full TxOffloadSupport as a constant - build_vnet_hdr (TxMetadata -> VirtioNetHdr) and parse_vnet_hdr (VirtioNetHdr -> RxMetadata) translation functions - Software IPv4 header checksum for non-TSO packets when offload_ip_header_checksum is set (virtio net header has no mechanism for this; needed for netvsp/NDIS guests in bridged configurations) - TX path uses writev with vnet header; RX path strips vnet header - Resolver simplified to open_tap -> Tap::new -> TapEndpoint::new - 9 new unit tests covering offload translation paths
|
This PR modifies files containing For more on why we check whole files, instead of just diffs, check out the Rustonomicon |
Contributor
There was a problem hiding this comment.
Pull request overview
Enables TAP IFF_VNET_HDR and configures TAP TX/RX offloads, adding translation between net_backend’s TxMetadata/RxMetadata and the Linux virtio-net TAP header format to support checksum/TSO behaviors.
Changes:
- Add new
linux_net_bindingsioctl wrappers and restructure TAP creation/validation aroundOwnedFd. - Add virtio-net header prepend/strip on TX/RX, advertise offload support, and implement IPv4 header checksum fixup for specific guest offload requests.
- Update resolver + unit tests (including a new TX-offloads test) and add
zerocopydependency for header parsing/serialization.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| vm/devices/net/net_tap/tests/tap_tests.rs | Switch tests to new TAP open/construct flow; add TX offload coverage. |
| vm/devices/net/net_tap/src/tap.rs | Split TAP open vs. validate/wrap; add vnet hdr size validation and offload ioctl. |
| vm/devices/net/net_tap/src/resolver.rs | Resolve TAP endpoints via open_tap + Tap::new + TapEndpoint::new. |
| vm/devices/net/net_tap/src/lib.rs | Implement vnet header handling + offload support + checksum fixup; update TX/RX paths. |
| vm/devices/net/net_tap/Cargo.toml | Add zerocopy dependency. |
| vm/devices/net/linux_net_bindings/src/lib.rs | Add ioctl wrappers for offloads and vnet header configuration/query. |
| Cargo.lock | Lockfile update for zerocopy dependency. |
You can also share your feedback on Copilot code review. Take the survey.
- Set TUN offloads to 0 instead of TUN_F_CSUM|TUN_F_TSO*. These flags are RX-direction capabilities (like VIRTIO_NET_F_GUEST_*) that tell the kernel it can send partial-checksum and GSO packets. Since net_backend's RxMetadata cannot represent partial checksums, we let the kernel complete checksums and segment packets before delivery. The TX path is unaffected. - Remove the NEEDS_CSUM branch from parse_vnet_hdr. With RX offloads disabled, the kernel will never send NEEDS_CSUM packets. - Add is_ipv4() guard to the fixup_ipv4_header_checksum call site. - Size the RX buffer to 65535 + vnet header size to avoid truncation. - Fix Tap doc comment: set_offloads must be called before passing to TapEndpoint, not before constructing Tap.
chris-oo
reviewed
Mar 16, 2026
Address PR feedback from chris-oo: - Replace raw u8 constants for VirtioNetHdr flags with a VirtioNetHdrFlags bitfield (needs_csum, data_valid). - Replace flat VirtioNetHdrGsoType open_enum + VIRTIO_NET_HDR_GSO_ECN const with a VirtioNetHdrGso bitfield wrapping a VirtioNetHdrGsoProtocol open_enum, matching the pattern in virtio_net. - Fix Tap::new to compare actual_sz against the local expected_sz variable instead of redundantly calling size_of::<VirtioNetHdr>() again. - Add TODO noting duplication with virtio_net header definitions.
Contributor
There was a problem hiding this comment.
Pull request overview
Enables TAP IFF_VNET_HDR support in net_tap and adds translation between net_backend TX/RX offload metadata and the Linux virtio-net header format, so the TAP backend can pass checksum/GSO intent via the vnet header.
Changes:
- Add new
linux_net_bindingsioctl wrappers for TAP/TUN offload + vnet header configuration/query. - Refactor TAP creation/validation (
open_tap+Tap::new(OwnedFd)) and update resolver/tests to use the new flow. - Implement vnet header build/parse logic, switch TX to
writev(hdr + packet), and strip vnet header on RX; add unit + integration tests.
Reviewed changes
Copilot reviewed 6 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| vm/devices/net/net_tap/tests/tap_tests.rs | Update TAP integration tests to the new open/validate/endpoint construction flow; add offload TX test. |
| vm/devices/net/net_tap/src/tap.rs | Split TAP open vs. validate/configure; add vnet header size validation and offload ioctl setter; add vectored write support. |
| vm/devices/net/net_tap/src/resolver.rs | Update resource resolver to open + validate TAP fd before constructing the endpoint. |
| vm/devices/net/net_tap/src/lib.rs | Add virtio-net header definitions + translation, implement TX/RX vnet header handling, and advertise TX offload support. |
| vm/devices/net/net_tap/Cargo.toml | Add dependencies needed for vnet header bitfields and zerocopy serialization. |
| vm/devices/net/linux_net_bindings/src/lib.rs | Add new TAP/TUN ioctl wrappers for offload and vnet header sizing/queries. |
| Cargo.lock | Lockfile updates for newly-added crate dependencies. |
You can also share your feedback on Copilot code review. Take the survey.
chris-oo
approved these changes
Mar 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Enable IFF_VNET_HDR on TAP device creation and translate between net_backend's protocol-specific TxMetadata/RxMetadata and the virtio net header's general csum_start/csum_offset representation.
linux_net_bindings:
net_tap/tap:
net_tap: