diff --git a/fc-agent/src/network.rs b/fc-agent/src/network.rs index c361e7d0..c7b0e615 100644 --- a/fc-agent/src/network.rs +++ b/fc-agent/src/network.rs @@ -144,9 +144,9 @@ pub async fn kill_stale_tcp_connections() { } // Kill only external connections using ss filter. - // Preserve: loopback (127.0.0.0/8, [::1]), VM gateway (10.0.2.0/24). - // Note: ss doesn't support IPv6 CIDR in brackets — [fd00::]/64 fails. - // fd00:: traffic goes through the gateway anyway (preserved by 10.0.2.0/24 rule). + // Preserve: loopback (127.0.0.0/8, [::1]), VM gateway IPv4 (10.0.2.0/24), + // and pasta ULA IPv6 (fd00::/64 — gateway fd00::2, guest fd00::100). + // Note: ss IPv6 CIDR uses bare prefix (fd00::/64), not bracketed ([fd00::]/64). let kill_output = Command::new("ss") .args([ "-K", @@ -164,6 +164,10 @@ pub async fn kill_stale_tcp_connections() { "!", "dst", "10.0.2.0/24", + "and", + "!", + "dst", + "fd00::/64", ")", ]) .output() diff --git a/src/cli/args.rs b/src/cli/args.rs index d436eb42..07f8ec3e 100644 --- a/src/cli/args.rs +++ b/src/cli/args.rs @@ -351,9 +351,10 @@ pub struct SnapshotRunArgs { #[arg(long)] pub exec: Option, - /// Disable KVM dirty page tracking. File-backed pages stay shared through - /// the host page cache — multiple clones from the same snapshot share - /// physical memory pages. Tradeoff: diff snapshots from this VM won't work. + /// Disable KVM dirty page tracking. Reduces KVM overhead by not maintaining + /// dirty bitmaps, but diff snapshots from this VM won't work. Note: this + /// does NOT enable page sharing — MAP_PRIVATE CoW still copies pages to + /// Private_Clean on access (see DESIGN.md Clone Memory Sharing). #[arg(long)] pub no_dirty_tracking: bool, diff --git a/src/commands/common.rs b/src/commands/common.rs index 79e43eaa..5d833171 100644 --- a/src/commands/common.rs +++ b/src/commands/common.rs @@ -687,11 +687,12 @@ pub struct RestoreParams<'a> { /// For routed mode clones: the unique per-clone IPv6 that fc-agent should /// configure on eth0, replacing the snapshot's shared guest IPv6. pub clone_ipv6: Option, - /// Enable KVM dirty page tracking. When true, KVM CoW-copies file-backed - /// pages for dirty tracking (needed for subsequent diff snapshots from this VM). - /// When false, pages stay shared through page cache — multiple clones from - /// the same snapshot share physical memory pages. Disabled for hugepage VMs - /// (KVM would split 2MB TLB entries to 4K). + /// Enable KVM dirty page tracking. When true, KVM maintains dirty bitmaps + /// to track modified pages (needed for subsequent diff snapshots from this VM). + /// When false, reduces KVM overhead but diff snapshots won't work. + /// Note: disabling dirty tracking does NOT enable page sharing — MAP_PRIVATE + /// CoW still copies pages to Private_Clean on access (see DESIGN.md). + /// Disabled for hugepage VMs (KVM would split 2MB TLB entries to 4K). pub track_dirty_pages: bool, } diff --git a/src/commands/snapshot.rs b/src/commands/snapshot.rs index 3b7756cf..faa55d1e 100644 --- a/src/commands/snapshot.rs +++ b/src/commands/snapshot.rs @@ -871,10 +871,9 @@ pub async fn cmd_snapshot_run(args: SnapshotRunArgs) -> Result<()> { }; // Run clone setup using shared restore function - // Dirty tracking: KVM CoW-copies file-backed pages so it can track which - // pages are modified (needed for diff snapshots from this VM). - // Without it, pages stay shared through the host page cache — multiple - // clones from the same snapshot share physical memory. + // Dirty tracking: KVM maintains a dirty bitmap to track which pages are + // modified (needed for diff snapshots from this VM). Disabling it reduces + // KVM overhead but prevents subsequent diff snapshots. // CLI: --no-dirty-tracking disables it for clones. // Internal: startup_snapshot_base_key forces it on (needs diff snapshot). // Hugepages: always disable — KVM splits 2MB Stage 2 block mappings to 4K