public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
From: Stefano Brivio <sbrivio@redhat.com>
To: Paul Holzinger <pholzing@redhat.com>
Cc: passt-dev@passt.top
Subject: Re: pasta does not correctly handle bind errors with port ranges
Date: Fri, 9 Feb 2024 22:09:39 +0100	[thread overview]
Message-ID: <20240209220939.2f477a76@elisabeth> (raw)
In-Reply-To: <ef7dbce7-bde4-4925-81d4-acbf783f62c5@redhat.com>

Hi Paul,

On Fri, 9 Feb 2024 17:57:05 +0100
Paul Holzinger <pholzing@redhat.com> wrote:

> Hi all,
> I found some issues with the pasta port binding logic, it does not 
> correctly handle errors when trying to bind a port range.
> Let's first bind a port so we can force an error condition it:
> $ nc -l -p 8080 &
> $ pasta -t 8080  true
> Failed to bind any port for '-t 8080', exiting <-- fails as expected
> $ pasta -t 8081 -t 8080  true
> Failed to bind any port for '-t 8080', exiting <-- here it also fails 
> correctly
> $ pasta -t 8080-8081  true
> <-- no error even though pasta could not bind 8080

This is actually intended: it only fails if it can't bind *any* port in
a given range, so that users don't have to explicitly exclude ports
from ranges in case some are already taken, knowingly or not. That's
why the error message says "any port".

For two ports it probably makes no sense, but for larger ranges
excluding dozens of ports can get quite annoying for the user. And
warnings on failed bind() calls could get quite noisy, too.

If it's a problem for Podman, I can think of two solutions. One would
be an option such as --strict-bind or suchlike (better names warmly
welcome).

Another idea would be that the back-end in Podman passes ranges as
single ports... but then the command line might explode and that's
not ideal for users, either. I'd rather favour the extra option.

> Also besides this I find the error message less than ideal. It missing 
> the errno from the bind syscall so important context gets lost (i.e. 
> Address already in use vs Permission denied).

The problem is that we might fail to bind multiple ports, so there
isn't necessarily a single bind() error. But if we go with
--strict-bind, we could report the first error (including return code
from the system call) and exit right away.

Let me know if any of this would address your problem, I can write a
patch in the next days in case (or feel free to submit one).

-- 
Stefano


  reply	other threads:[~2024-02-09 21:10 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-02-09 16:57 pasta does not correctly handle bind errors with port ranges Paul Holzinger
2024-02-09 21:09 ` Stefano Brivio [this message]
2024-02-12 11:45   ` Paul Holzinger
2024-02-12 14:13     ` Stefano Brivio
2024-02-12 14:43       ` Paul Holzinger
2024-02-12 16:56         ` Stefano Brivio
2024-02-14  9:15           ` Stefano Brivio
2024-02-14 10:24             ` Paul Holzinger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240209220939.2f477a76@elisabeth \
    --to=sbrivio@redhat.com \
    --cc=passt-dev@passt.top \
    --cc=pholzing@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).