Release prep part 2: use dpdk (will break the pipeline if merged before unified with part 3)

[daniel-noland]

on top of #963

this is up for early review to facilitate cooperation and minimize merge conflicts.

It is still a little too messy to merge but it does deserve discussion.

At the same time, rebase onto this is

1. likely necessary
2. likely very messy

but I don't really know what to do about that at this point.

[Copilot]

Pull Request Overview

This PR refactors the dataplane initialization process by introducing a two-stage initialization system with a dedicated dataplane-init binary and secure configuration passing via sealed memory file descriptors. The key changes include moving default constants to a centralized location, implementing type-safe configuration structures with serialization, and establishing a more robust launch architecture.

Reviewed Changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
routing/src/router.rs	Updates import paths to use default constants from args module
routing/src/rio.rs	Removes default constant definitions now centralized in args module
routing/Cargo.toml	Adds args workspace dependency
mgmt/src/processor/launch.rs	Updates imports and uses GrpcAddress from args module, removes duplicate type definition
mgmt/Cargo.toml	Adds args workspace dependency
init/src/main.rs	Complete rewrite implementing new two-stage initialization with hardware scanning and config passing
init/Cargo.toml	Adds dependencies for new initialization features
dataplane/src/main.rs	Updates to receive configuration via file descriptors instead of command-line parsing
dataplane/src/drivers/dpdk.rs	Removes unused init_eal function, updates DriverDpdk::start to return resources
dataplane/Cargo.toml	Adds rkyv dependency
args/src/lib.rs	Major expansion with secure config types, memfd handling, and LaunchConfiguration structure
args/Cargo.toml	Adds numerous dependencies for new functionality
Dockerfile	Updates entrypoint to use dataplane-init
Cargo.lock	Dependency updates including new crates

Comments suppressed due to low confidence (1)

dataplane/src/drivers/dpdk.rs:37

• yaml\nconfidence: 9\ntags: [logic]\n\n\nThe init_eal function appears to be dead code that was replaced by direct calls to eal::init. Consider removing it to avoid confusion and reduce code maintenance burden.

fn init_eal(args: impl IntoIterator<Item = impl AsRef<str>>) -> Eal {
    let rte = eal::init(args);
    tracing_subscriber::fmt()
        .with_max_level(tracing::Level::DEBUG)
        .with_target(true)
        .with_thread_ids(true)
        .with_line_number(true)
        .with_thread_names(true)
        .init();
    rte
}

[Copilot]

confidence: 10
tags: [other]

This comment explicitly states the code should not be merged until the lint/doc checks are uncommented, which contradicts the PR being ready for review. This temporary bypass should be addressed before merging.

Suggested change

	// #![deny(clippy::pedantic, missing_docs)] // TEMP: don't merge till uncommented
	#![deny(clippy::pedantic, missing_docs)]

[Copilot]

Spelling error: 'lanunch' should be 'launch'.

Suggested change

	info!("interpreted requested lanunch configuration as\n---\n{launch_config_yaml}");
	info!("interpreted requested launch configuration as\n---\n{launch_config_yaml}");

[Copilot]

yaml\nconfidence: 10\ntags: [logic]\n\n\nHardcoded absolute path to a user's home directory. This will fail in any other environment. The path should be made configurable or use a relative path/environment variable.

[Copilot]

[nitpick] yaml\nconfidence: 8\ntags: [style]\n\n\nThe import of tokio::io on line 14 is split from other tokio imports on lines 15-16. Consider grouping all tokio imports together for better readability.

Suggested change

	use tokio::io;
	use tokio::net::UnixListener;
	use tokio::sync::mpsc::Sender;
	use tokio::net::UnixListener;
	use tokio::sync::mpsc::Sender;
	use tokio::io;

[Copilot]

[nitpick] yaml\nconfidence: 7\ntags: [style]\n\n\nThe change from path.to_path_buf() to path.into() is less explicit about the type conversion happening. While functionally equivalent, the original was clearer about converting to PathBuf.

Suggested change

	args::GrpcAddress::UnixSocket(path) => ServerAddress::Unix(path.into()),
	args::GrpcAddress::UnixSocket(path) => ServerAddress::Unix(path.to_path_buf()),

[Copilot]

yaml\nconfidence: 8\ntags: [other]\n\n\nCommented-out code should be removed rather than left in the codebase. If this functionality is needed in the future, it can be recovered from version control.

Suggested change

	// if args.tracing_config_generate() {
	// let out = get_trace_ctl()
	// .as_config_string()
	// .unwrap_or_else(|e| e.to_string());
	// println!("{out}");
	// std::process::exit(0);
	// }

[Copilot]

[nitpick] yaml\nconfidence: 7\ntags: [other]\n\n\nThe GrpcAddress::UnixSocket variant changed from PathBuf to String. This is less type-safe as PathBuf better represents filesystem paths and their associated operations.

Suggested change

	UnixSocket(String),
	UnixSocket(PathBuf),

[Fredi-raspall]

Why does the mgmt crate need anything from args? Sounds like a weird "backwards" dependency.

[Fredi-raspall]

Same.

[Fredi-raspall]

Ok. This reveals the dependency. I see the goal, but personally dislike this in that you're making an internal function depend on an external thing. IMO:

• every internal function (crate) should define its defaults.
• those should be made available to users of the crate.
  I see the merit of defining the defaults closer to the user/caller. But then we should ditch the defaults from the inner functions (routing in this case) so that we don't have that "backwards" dependency and require callers to always provide specific values (which they can default).
  That said, leave it like that.

[Fredi-raspall]

Looks good to me.
Since we can't merge this now as-is without breaking the pipeline, can we "freeze" this branch as an integration one on which we can stack further developments that don't break the pipeline?

[Fredi-raspall]

@daniel-noland There seems to be an issue with the memfd in the CI job.

Logs for Pod: gw--gateway-1--dataplane-776b6 in Namespace: fab

thread 'main' (1) panicked at args/src/lib.rs:601:18:
called `Result::unwrap()` on an `Err` value:   × failed to read memfd link in /proc
  ╰─▶ ENOENT: No such file or directory

stack backtrace:
   0: __rustc::rust_begin_unwind
             at ./rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/std/src/panicking.rs:698:5
   1: core::panicking::panic_fmt
             at ./rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/core/src/panicking.rs:75:14
   2: core::result::unwrap_failed
             at ./rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/core/src/result.rs:1855:5
   3: core::result::Result<T,E>::unwrap
             at ./nix/store/3wbbdzj5900pa0nflzp8ai9izdd6vk5y-rust-mixed/lib/rustlib/src/rust/library/core/src/result.rs:1226:23
   4: dataplane_args::FinalizedMemFile::from_fd
             at ./home/runner/_work/dataplane/dataplane/args/src/lib.rs:601:18
   5: dataplane_args::LaunchConfiguration::inherit
             at ./home/runner/_work/dataplane/dataplane/args/src/lib.rs:460:45
   6: dataplane::main
             at ./home/runner/_work/dataplane/dataplane/dataplane/src/main.rs:90:25
   7: core::ops::function::FnOnce::call_once
             at ./nix/store/3wbbdzj5900pa0nflzp8ai9izdd6vk5y-rust-mixed/lib/rustlib/src/rust/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
fatal runtime error: IO Safety violation: owned file descriptor already closed, aborting

Previous Logs for Pod: gw--gateway-1--dataplane-776b6 in Namespace: fab (if available)

thread 'main' (1) panicked at args/src/lib.rs:601:18:
called `Result::unwrap()` on an `Err` value:   × failed to read memfd link in /proc
  ╰─▶ ENOENT: No such file or directory

stack backtrace:
   0: __rustc::rust_begin_unwind
             at ./rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/std/src/panicking.rs:698:5
   1: core::panicking::panic_fmt
             at ./rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/core/src/panicking.rs:75:14
   2: core::result::unwrap_failed
             at ./rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/core/src/result.rs:1855:5
   3: core::result::Result<T,E>::unwrap
             at ./nix/store/3wbbdzj5900pa0nflzp8ai9izdd6vk5y-rust-mixed/lib/rustlib/src/rust/library/core/src/result.rs:1226:23
   4: dataplane_args::FinalizedMemFile::from_fd
             at ./home/runner/_work/dataplane/dataplane/args/src/lib.rs:601:18
   5: dataplane_args::LaunchConfiguration::inherit
             at ./home/runner/_work/dataplane/dataplane/args/src/lib.rs:460:45
   6: dataplane::main
             at ./home/runner/_work/dataplane/dataplane/dataplane/src/main.rs:90:25
   7: core::ops::function::FnOnce::call_once
             at ./nix/store/3wbbdzj5900pa0nflzp8ai9izdd6vk5y-rust-mixed/lib/rustlib/src/rust/library/core/src/ops/function.rs:250:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
fatal runtime error: IO Safety violation: owned file descriptor already closed, aborting

@Frostman could it be that this is caused by not invoking dataplane-init but dataplane ?
Dataplane should be started with binary dataplane-init from now on, right @daniel-noland ?

[qmonnet]

The args crate is now has a wider scope: it is not just responsible
for parsing and validating arguments, it is (partly) responsible for
handing the dataplane a memfd file with parsed and acted on data.

I'm not sure I understand: Why reuse the args crate for that? Wouldn't it make more sense to add a new crate for handling the memfd file, specifically? I liked the idea of having something a bit more self-contained for parsing the arguments.

If it is necessary to have the new parts in args, should we consider renaming that crate?

[qmonnet]

Suggested change

	/// Multiple protections are in place to deny all attempts to mutat the memory contents of these files.
	/// Multiple protections are in place to deny all attempts to mutate the memory contents of these files.

[mvachhar]

Moved this back to draft since we may need to rework this a bit. Now that the kernel driver has good performance we should only merge this with a working kernel driver.