From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id C56C45A0276 for ; Fri, 3 Nov 2023 03:23:16 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1698978187; bh=badJZEnJL5NERMU0V0LmMjcvZjrLotS3LWMeblPjcOg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=isrks75QiB/Ite5MtrLE8DrxZ5NI3D8JNmaIcODKPjmCWypB+qh5bKvdXkYEJKTkJ 1NEmn7dHElha+Luz+nMaehxbjWLVgeBmJwieiII0Brdm1clyHOQn4v7RJtyFNKAA7e TY+KzYw+bVO0syg7SUPD5hz1r8R6wHJJl2bSq7LM= Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4SM4KR63NWz4xVg; Fri, 3 Nov 2023 13:23:07 +1100 (AEDT) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH v2 6/9] port_fwd: Don't NS_CALL get_bound_ports() Date: Fri, 3 Nov 2023 13:23:00 +1100 Message-ID: <20231103022303.968638-7-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20231103022303.968638-1-david@gibson.dropbear.id.au> References: <20231103022303.968638-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: XJAES5QZSR3FMKRR6AKQX5WP4OPG4DM7 X-Message-ID-Hash: XJAES5QZSR3FMKRR6AKQX5WP4OPG4DM7 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: When we want to scan for bound ports in the namespace we use NS_CALL() to run get_bound_ports() in the namespace. However, the only thing it actually needed to be in the namespace for was to open the /proc/net file it was scanning. Since we now always pre-open those, we no longer need to switch to the namespace for the actual get_bound_ports() calls. That in turn means that tcp_port_detect() doesn't need to run in the ns either, and we can just replace it with inline calls to get_bound_ports(). Signed-off-by: David Gibson --- port_fwd.c | 37 ++----------------------------------- tcp.c | 38 ++------------------------------------ 2 files changed, 4 insertions(+), 71 deletions(-) diff --git a/port_fwd.c b/port_fwd.c index 045ad7a..f400766 100644 --- a/port_fwd.c +++ b/port_fwd.c @@ -109,43 +109,12 @@ void get_bound_ports(struct ctx *c, int ns, uint8_t proto) } } -/** - * struct get_bound_ports_ns_arg - Arguments for get_bound_ports_ns() - * @c: Execution context - * @proto: Protocol number (IPPROTO_TCP or IPPROTO_UDP) - */ -struct get_bound_ports_ns_arg { - struct ctx *c; - uint8_t proto; -}; - -/** - * get_bound_ports_ns() - Get maps of ports in namespace with bound sockets - * @arg: See struct get_bound_ports_ns_arg - * - * Return: 0 - */ -static int get_bound_ports_ns(void *arg) -{ - struct get_bound_ports_ns_arg *a = (struct get_bound_ports_ns_arg *)arg; - struct ctx *c = a->c; - - if (!c->pasta_netns_fd) - return 0; - - ns_enter(c); - get_bound_ports(c, 1, a->proto); - - return 0; -} - /** * port_fwd_init() - Initial setup for port forwarding * @c: Execution context */ void port_fwd_init(struct ctx *c) { - struct get_bound_ports_ns_arg ns_ports_arg = { .c = c }; const int flags = O_RDONLY | O_CLOEXEC; c->proc_net_tcp[V4][0] = c->proc_net_tcp[V4][1] = -1; @@ -156,14 +125,12 @@ void port_fwd_init(struct ctx *c) if (c->tcp.fwd_in.mode == FWD_AUTO) { c->proc_net_tcp[V4][1] = open_in_ns(c, "/proc/net/tcp", flags); c->proc_net_tcp[V6][1] = open_in_ns(c, "/proc/net/tcp6", flags); - ns_ports_arg.proto = IPPROTO_TCP; - NS_CALL(get_bound_ports_ns, &ns_ports_arg); + get_bound_ports(c, 1, IPPROTO_TCP); } if (c->udp.fwd_in.f.mode == FWD_AUTO) { c->proc_net_udp[V4][1] = open_in_ns(c, "/proc/net/udp", flags); c->proc_net_udp[V6][1] = open_in_ns(c, "/proc/net/udp6", flags); - ns_ports_arg.proto = IPPROTO_UDP; - NS_CALL(get_bound_ports_ns, &ns_ports_arg); + get_bound_ports(c, 1, IPPROTO_UDP); } if (c->tcp.fwd_out.mode == FWD_AUTO) { c->proc_net_tcp[V4][0] = open("/proc/net/tcp", flags); diff --git a/tcp.c b/tcp.c index c6cc020..6fe9cdd 100644 --- a/tcp.c +++ b/tcp.c @@ -3196,37 +3196,6 @@ int tcp_init(struct ctx *c) return 0; } -/** - * struct tcp_port_detect_arg - Arguments for tcp_port_detect() - * @c: Execution context - * @detect_in_ns: Detect ports bound in namespace, not in init - */ -struct tcp_port_detect_arg { - struct ctx *c; - int detect_in_ns; -}; - -/** - * tcp_port_detect() - Detect ports bound in namespace or init - * @arg: See struct tcp_port_detect_arg - * - * Return: 0 - */ -static int tcp_port_detect(void *arg) -{ - struct tcp_port_detect_arg *a = (struct tcp_port_detect_arg *)arg; - - if (a->detect_in_ns) { - ns_enter(a->c); - - get_bound_ports(a->c, 1, IPPROTO_TCP); - } else { - get_bound_ports(a->c, 0, IPPROTO_TCP); - } - - return 0; -} - /** * struct tcp_port_rebind_arg - Arguments for tcp_port_rebind() * @c: Execution context @@ -3315,19 +3284,16 @@ void tcp_timer(struct ctx *c, const struct timespec *ts) (void)ts; if (c->mode == MODE_PASTA) { - struct tcp_port_detect_arg detect_arg = { c, 0 }; struct tcp_port_rebind_arg rebind_arg = { c, 0 }; if (c->tcp.fwd_out.mode == FWD_AUTO) { - detect_arg.detect_in_ns = 0; - tcp_port_detect(&detect_arg); + get_bound_ports(c, 0, IPPROTO_TCP); rebind_arg.bind_in_ns = 1; NS_CALL(tcp_port_rebind, &rebind_arg); } if (c->tcp.fwd_in.mode == FWD_AUTO) { - detect_arg.detect_in_ns = 1; - NS_CALL(tcp_port_detect, &detect_arg); + get_bound_ports(c, 1, IPPROTO_TCP); rebind_arg.bind_in_ns = 0; tcp_port_rebind(&rebind_arg); } -- 2.41.0