From: Laurent Vivier <lvivier@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>,
passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v3 07/11] conf, fwd: Stricter rule checking in fwd_rule_add()
Date: Mon, 20 Apr 2026 18:48:48 +0200 [thread overview]
Message-ID: <10b179ed-fdab-4306-a92a-4dfb104a942f@redhat.com> (raw)
In-Reply-To: <20260417050520.102247-8-david@gibson.dropbear.id.au>
On 4/17/26 07:05, David Gibson wrote:
> Although fwd_rule_add() performs some sanity checks on the rule it is
> given, there are invalid rules we don't check for, assuming that its
> callers will do that.
>
> That won't be enough when we can get rules inserted by a dynamic update
> client without going through the existing parsing code. So, add stricter
> checks to fwd_rule_add(), which is now possible thanks to the capabilities
> bits in the struct fwd_table. Where those duplicate existing checks in the
> callers, remove the old copies.
>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> conf.c | 19 -------------------
> fwd.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
> 2 files changed, 46 insertions(+), 24 deletions(-)
>
> diff --git a/conf.c b/conf.c
> index ecc3a342..3b373b22 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -310,10 +310,6 @@ static void conf_ports_spec(struct fwd_table *fwd, uint8_t proto,
> if (p != ep) /* Garbage after the ranges */
> goto bad;
>
> - if (orig_range.first == 0) {
> - die("Can't forward port 0 included in '%s'", spec);
> - }
> -
We remove the die() here but we keep the "assert(first != 0)" in
conf_ports_range_except(), so the user can trigger it with "-t 0" before the call to
fwd_rule_add().
> conf_ports_range_except(fwd, proto, addr, ifname,
> orig_range.first, orig_range.last,
> exclude,
> @@ -356,11 +352,6 @@ static void conf_ports(char optname, const char *optarg, struct fwd_table *fwd)
> return;
> }
>
> - if (proto == IPPROTO_TCP && !(fwd->caps & FWD_CAP_TCP))
> - die("TCP port forwarding requested but TCP is disabled");
> - if (proto == IPPROTO_UDP && !(fwd->caps & FWD_CAP_UDP))
> - die("UDP port forwarding requested but UDP is disabled");
> -
> strncpy(buf, optarg, sizeof(buf) - 1);
>
> if ((spec = strchr(buf, '/'))) {
> @@ -405,16 +396,6 @@ static void conf_ports(char optname, const char *optarg, struct fwd_table *fwd)
> addr = NULL;
> }
>
> - if (addr) {
> - if (!(fwd->caps & FWD_CAP_IPV4) && inany_v4(addr)) {
> - die("IPv4 is disabled, can't use -%c %s",
> - optname, optarg);
> - } else if (!(fwd->caps & FWD_CAP_IPV6) && !inany_v4(addr)) {
> - die("IPv6 is disabled, can't use -%c %s",
> - optname, optarg);
> - }
> - }
> -
> if (optname == 'T' || optname == 'U') {
> assert(!addr && !ifname);
>
> diff --git a/fwd.c b/fwd.c
> index c7fd1a9d..aa966731 100644
> --- a/fwd.c
> +++ b/fwd.c
> @@ -367,17 +367,58 @@ int fwd_rule_add(struct fwd_table *fwd, const struct fwd_rule *new)
> new->first, new->last);
> return -EINVAL;
> }
> + if (!new->first) {
> + warn("Forwarding rule attempts to map from port 0");
> + return -EINVAL;
> + }
> + if (!new->to || (new->to + new->last - new->first) < new->to) {
Why do we need the second part?
We know new->first < new->last and this cannot overflow as values are uint16_t and
arithmetic uses int.
FWIW:
(gdb) print (unsigned short)65535
$1 = 65535
(gdb) print (unsigned short)65536
$2 = 0
(gdb) print (unsigned short)65535 + (unsigned short)1
$3 = 65536
> + warn("Forwarding rule attempts to map to port 0");
> + return -EINVAL;
> + }
> if (new->flags & ~allowed_flags) {
> warn("Rule has invalid flags 0x%hhx",
> new->flags & ~allowed_flags);
> return -EINVAL;
> }
> - if (new->flags & FWD_DUAL_STACK_ANY &&
> - !inany_equals(&new->addr, &inany_any6)) {
> - char astr[INANY_ADDRSTRLEN];
> + if (new->flags & FWD_DUAL_STACK_ANY) {
> + if (!inany_equals(&new->addr, &inany_any6)) {
> + char astr[INANY_ADDRSTRLEN];
>
> - warn("Dual stack rule has non-wildcard address %s",
> - inany_ntop(&new->addr, astr, sizeof(astr)));
> + warn("Dual stack rule has non-wildcard address %s",
> + inany_ntop(&new->addr, astr, sizeof(astr)));
> + return -EINVAL;
> + }
> + if (!(fwd->caps & FWD_CAP_IPV4)) {
> + warn("Dual stack forward, but IPv4 not enabled");
> + return -EINVAL;
> + }
> + if (!(fwd->caps & FWD_CAP_IPV6)) {
> + warn("Dual stack forward, but IPv6 not enabled");
> + return -EINVAL;
> + }
> + } else {
> + if (inany_v4(&new->addr) && !(fwd->caps & FWD_CAP_IPV4)) {
> + warn("IPv4 forward, but IPv4 not enabled");
> + return -EINVAL;
> + }
> + if (!inany_v4(&new->addr) && !(fwd->caps & FWD_CAP_IPV6)) {
> + warn("IPv6 forward, but IPv6 not enabled");
> + return -EINVAL;
> + }
> + }
> + if (new->proto == IPPROTO_TCP) {
> + if (!(fwd->caps & FWD_CAP_TCP)) {
> + warn("Can't add TCP forwarding rule, TCP not enabled");
> + return -EINVAL;
> + }
> + } else if (new->proto == IPPROTO_UDP) {
> + if (!(fwd->caps & FWD_CAP_UDP)) {
> + warn("Can't add UDP forwarding rule, UDP not enabled");
> + return -EINVAL;
> + }
> + } else {
> + warn("Unsupported protocol 0x%hhx (%s) for forwarding rule",
> + new->proto, ipproto_name(new->proto));
> return -EINVAL;
> }
>
next prev parent reply other threads:[~2026-04-20 16:49 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-17 5:05 [PATCH v3 00/11] Rework forwarding option parsing David Gibson
2026-04-17 5:05 ` [PATCH v3 01/11] doc: Rework man page description of port specifiers David Gibson
2026-04-20 13:31 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 02/11] conf: Move "all" handling to port specifier David Gibson
2026-04-20 13:44 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 03/11] conf: Allow user-specified auto-scanned port forwarding ranges David Gibson
2026-04-20 14:45 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 04/11] conf: Move SO_BINDTODEVICE workaround to conf_ports() David Gibson
2026-04-20 15:06 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 05/11] conf: Don't pass raw commandline argument to conf_ports_spec() David Gibson
2026-04-20 16:11 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 06/11] fwd, conf: Add capabilities bits to each forwarding table David Gibson
2026-04-20 16:17 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 07/11] conf, fwd: Stricter rule checking in fwd_rule_add() David Gibson
2026-04-20 16:48 ` Laurent Vivier [this message]
2026-04-17 5:05 ` [PATCH v3 08/11] fwd_rule: Move ephemeral port probing to fwd_rule.c David Gibson
2026-04-20 16:52 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 09/11] fwd, conf: Move rule parsing code to fwd_rule.[ch] David Gibson
2026-04-20 17:06 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 10/11] fwd_rule: Move conflict checking back within fwd_rule_add() David Gibson
2026-04-20 17:15 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 11/11] fwd: Generalise fwd_rules_info() David Gibson
2026-04-20 17:21 ` Laurent Vivier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10b179ed-fdab-4306-a92a-4dfb104a942f@redhat.com \
--to=lvivier@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).