From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=aaisJW7i;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTPS id 7BC9C5A0623
	for <passt-dev@passt.top>; Wed, 19 Feb 2025 06:37:40 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1739943459;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=/zQKxbFwmVX6E3hLMe7Msl5+pzhOKW0Z0E5eX+XG/To=;
	b=aaisJW7iEel5uGAG7sCAYuygPYgOVA8UP0L4mlzdOfVX8a2cfiAmLSvyRHlOxpzrEskEg6
	dpLL1kS2tktvmOu40fx6UNXyx1CNqxKaDi/vZxCtaEuGf27+4qUKI3muJl1Uk6jn9pteo7
	XqoN12+7AQnxrht/HTWXnhZplbFzA+8=
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
 [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-686-7ehpUdMuPZCbu-g6kolGZw-1; Wed, 19 Feb 2025 00:37:36 -0500
X-MC-Unique: 7ehpUdMuPZCbu-g6kolGZw-1
X-Mimecast-MFC-AGG-ID: 7ehpUdMuPZCbu-g6kolGZw_1739943455
Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-43945f32e2dso52749565e9.2
        for <passt-dev@passt.top>; Tue, 18 Feb 2025 21:37:36 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739943455; x=1740548255;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=/zQKxbFwmVX6E3hLMe7Msl5+pzhOKW0Z0E5eX+XG/To=;
        b=vYDXlUJz0I/eY595aQGRt1m3nJcDvGjoR9CzVls/28GJubWaxCn6moq54csamhQLpJ
         S5JpyOgoWSNuB383jqKKpA91UyAusa1x0V/IiPjOb4KpuIbokT2OUAuEfZSLAIt3iiMi
         3CUAqROuE3/WFHYsFv+rOGVYEn//DV7bHo7v3a4QxgfN7OyBvoJlDFllNbUaozBtbLJP
         QViC8Rn6UAHYzeVX+t08BV5/BPUkW8tC758aydyc/fuQsllnaioUp8CxqCrhbhrIjO4u
         L3LDhbIfRzbsi6JK/lYLP/J4KHVqHUq1cQRcN/Pdg5LV8WMHKc5pAlm2qGl1LTPNaoMq
         sbsg==
X-Gm-Message-State: AOJu0YzkU1r15kQ8m/4Cs8y6TW77RMYePiGhaUUOtdv64sv4ctnSRj3R
	Zk3zOMtkdY8R9od1QBpLWWDbNW9n/K74TSodvRUuQ+nCda8Pdkq0qIazAqXuLApTs6KiwvtFCpB
	x3HFc3O2uWiOcCpkeBCT52V6usuoqb7AetC1+CQHmLeZ0nXGJ4w==
X-Gm-Gg: ASbGncvQM6GaYdfXI8gbDzce/T9ZvycDAljMj9P/Dg7TgHPXHbWwR4IC4Am0ZLXjcp8
	d3bPxCqj76yJbHF+PzBUurQ9R2pN3E5hIYUnuwrmZeGjciM/xuR8Z66FbBbwHWQutjYuJK48gRN
	YH03o/yTX1DBJS2ne8d0MiCeV/mqFpjFBqp/Sn+53fWXMlUDit9NOQDxTXva+QnA7amV4SAtCHT
	sEmbMcEflv13O5FQj+coSzZ8dgQ+TsoUsX7KNiCUk6rRsTkk1k/ZaU4MRi2vMxSi5KwYum+m0G8
	aUdCiGB4mkm4ainl
X-Received: by 2002:a05:600c:348e:b0:439:8544:1903 with SMTP id 5b1f17b1804b1-43985441bcbmr95918395e9.20.1739943454758;
        Tue, 18 Feb 2025 21:37:34 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFjeFK9CbZsDgZzyOG+sFfjivO4VvRgxziCDzkWgt6HPcJiX1fZmGe4Y2V9X9ze2lsyadEyBA==
X-Received: by 2002:a05:600c:348e:b0:439:8544:1903 with SMTP id 5b1f17b1804b1-43985441bcbmr95918295e9.20.1739943454296;
        Tue, 18 Feb 2025 21:37:34 -0800 (PST)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-439872b5a46sm69692245e9.32.2025.02.18.21.37.33
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 18 Feb 2025 21:37:33 -0800 (PST)
Date: Wed, 19 Feb 2025 06:37:32 +0100
From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH] conf: Unify several paths in conf_ports()
Message-ID: <20250219063732.1e32dfb7@elisabeth>
In-Reply-To: <20250219035444.4067664-1-david@gibson.dropbear.id.au>
References: <20250219035444.4067664-1-david@gibson.dropbear.id.au>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.41; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: d6tg8E9vgi4HRP86Gotip4NQV3ZxeFP7U8uXMoWTbcI_1739943455
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: MCT7WVJBILDPK4HDP6MXNRII72PVBPUK
X-Message-ID-Hash: MCT7WVJBILDPK4HDP6MXNRII72PVBPUK
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20250219063732.1e32dfb7@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/MCT7WVJBILDPK4HDP6MXNRII72PVBPUK/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Wed, 19 Feb 2025 14:54:44 +1100
David Gibson <david@gibson.dropbear.id.au> wrote:

> In conf_ports() we have three different paths which actually do the setup
> of an individual forwarded port: one for the "all" case, one for the
> exclusions only case and one for the range of ports with possible
> exclusions case.
> 
> We can unify those cases using a new helper which handles a single range
> of ports, with a bitmap of exclusions.  Although this is slightly longer
> (largely due to the new helpers function comment), it reduces duplicated
> logic.  It will also make future improvements to the tracking of port
> forwards easier.
> 
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
>  conf.c | 175 +++++++++++++++++++++++++++++----------------------------
>  1 file changed, 90 insertions(+), 85 deletions(-)
> 
> diff --git a/conf.c b/conf.c
> index 18017f51..f862845b 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -123,6 +123,75 @@ static int parse_port_range(const char *s, char **endptr,
>  	return 0;
>  }
>  
> +/**
> + * conf_ports_range_except() - Set up forwarding for a range of ports minus a
> + *                             bitmap of exclusions
> + * @c:		Execution context
> + * @optname:	Short option name, t, T, u, or U
> + * @optarg:	Option argument (port specification)
> + * @fwd:	Pointer to @fwd_ports to be updated
> + * @addr:	Listening address
> + * @ifname:	Listening interface
> + * @first:	First port to forward
> + * @last:	Last port to forward
> + * @exclude:	Bitmap of ports to exclude
> + * @to:		Port to translate @first to when forwarding
> + * @weak:	Ignore errors, as long as at least one port is mapped
> + */
> +static void conf_ports_range_except(const struct ctx *c, char optname,
> +				    const char *optarg, struct fwd_ports *fwd,
> +				    const union inany_addr *addr,
> +				    const char *ifname,
> +				    uint16_t first, uint16_t last,
> +				    const uint8_t *exclude, uint16_t to,
> +				    bool weak)

...ouch, bool anything_else? I think this patch is strictly better than
the existing duplication, so I'm fine with it as it is. I don't see any
obvious way to make the prototype smaller (other than things that would
reduce readability by hiding information), so... yeah. I just wanted to
mention that the prototype is a bit heavy.

> +{
> +	bool bound_one = false;
> +	unsigned i;
> +	int ret;
> +
> +	if (first == 0) {
> +		die("Can't forward port 0 for option '-%c %s'",
> +		    optname, optarg);
> +	}
> +
> +	for (i = first; i <= last; i++) {
> +		if (bitmap_isset(exclude, i))
> +			continue;
> +
> +		if (bitmap_isset(fwd->map, i)) {
> +			warn(
> +"Altering mapping of already mapped port number: %s", optarg);
> +		}
> +
> +		bitmap_set(fwd->map, i);
> +		fwd->delta[i] = to - first;
> +
> +		if (optname == 't')
> +			ret = tcp_sock_init(c, addr, ifname, i);
> +		else if (optname == 'u')
> +			ret = udp_sock_init(c, 0, addr, ifname, i);
> +		else
> +			/* No way to check in advance for -T and -U */
> +			ret = 0;
> +
> +		if (ret == -ENFILE || ret == -EMFILE) {
> +			die("Can't open enough sockets for port specifier: %s",
> +			    optarg);
> +		}
> +
> +		if (!ret) {
> +			bound_one = true;
> +		} else if (!weak) {
> +			die("Failed to bind port %u (%s) for option '-%c %s'",
> +			    i, strerror_(-ret), optname, optarg);
> +		}
> +	}
> +
> +	if (!bound_one)
> +		die("Failed to bind any port for '-%c %s'", optname, optarg);
> +}
> +
>  /**
>   * conf_ports() - Parse port configuration options, initialise UDP/TCP sockets
>   * @c:		Execution context
> @@ -135,10 +204,9 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
>  {
>  	union inany_addr addr_buf = inany_any6, *addr = &addr_buf;
>  	char buf[BUFSIZ], *spec, *ifname = NULL, *p;
> -	bool exclude_only = true, bound_one = false;
>  	uint8_t exclude[PORT_BITMAP_SIZE] = { 0 };
> +	bool exclude_only = true;
>  	unsigned i;
> -	int ret;
>  
>  	if (!strcmp(optarg, "none")) {
>  		if (fwd->mode)
> @@ -173,32 +241,14 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
>  
>  		fwd->mode = FWD_ALL;
>  
> -		/* Skip port 0.  It has special meaning for many socket APIs, so
> -		 * trying to bind it is not really safe.
> -		 */
> -		for (i = 1; i < NUM_PORTS; i++) {
> +		/* Also exclude ephemeral ports */

"Also" implies the reader figures out that conf_ports_range_except()
skips port zero while looking at this line, which is not really
something you can expect, I guess.

We could probably just drop this comment, or change it as you did below.

> +		for (i = 0; i < NUM_PORTS; i++)
>  			if (fwd_port_is_ephemeral(i))
> -				continue;
> -
> -			bitmap_set(fwd->map, i);
> -			if (optname == 't') {
> -				ret = tcp_sock_init(c, NULL, NULL, i);
> -				if (ret == -ENFILE || ret == -EMFILE)
> -					goto enfile;
> -				if (!ret)
> -					bound_one = true;
> -			} else if (optname == 'u') {
> -				ret = udp_sock_init(c, 0, NULL, NULL, i);
> -				if (ret == -ENFILE || ret == -EMFILE)
> -					goto enfile;
> -				if (!ret)
> -					bound_one = true;
> -			}
> -		}
> -
> -		if (!bound_one)
> -			goto bind_all_fail;
> -
> +				bitmap_set(exclude, i);

I would add an extra blank line here, otherwise it's quite confusing.

> +		conf_ports_range_except(c, optname, optarg, fwd,
> +					NULL, NULL,
> +					1, NUM_PORTS - 1, exclude,
> +					1, true);
>  		return;
>  	}
>  
> @@ -275,37 +325,14 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
>  	} while ((p = next_chunk(p, ',')));
>  
>  	if (exclude_only) {
> -		/* Skip port 0.  It has special meaning for many socket APIs, so
> -		 * trying to bind it is not really safe.
> -		 */
> -		for (i = 1; i < NUM_PORTS; i++) {
> -			if (fwd_port_is_ephemeral(i) ||
> -			    bitmap_isset(exclude, i))
> -				continue;
> -
> -			bitmap_set(fwd->map, i);
> -
> -			if (optname == 't') {
> -				ret = tcp_sock_init(c, addr, ifname, i);
> -				if (ret == -ENFILE || ret == -EMFILE)
> -					goto enfile;
> -				if (!ret)
> -					bound_one = true;
> -			} else if (optname == 'u') {
> -				ret = udp_sock_init(c, 0, addr, ifname, i);
> -				if (ret == -ENFILE || ret == -EMFILE)
> -					goto enfile;
> -				if (!ret)
> -					bound_one = true;
> -			} else {
> -				/* No way to check in advance for -T and -U */
> -				bound_one = true;
> -			}
> -		}
> -
> -		if (!bound_one)
> -			goto bind_all_fail;
> -
> +		/* Exclude ephemeral ports */
> +		for (i = 0; i < NUM_PORTS; i++)
> +			if (fwd_port_is_ephemeral(i))
> +				bitmap_set(exclude, i);

Same here, a blank line would be nice.

> +		conf_ports_range_except(c, optname, optarg, fwd,
> +					addr, ifname,
> +					1, NUM_PORTS - 1, exclude,
> +					1, true);
>  		return;
>  	}
>  
> @@ -334,40 +361,18 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
>  		if ((*p != '\0')  && (*p != ',')) /* Garbage after the ranges */
>  			goto bad;
>  
> -		for (i = orig_range.first; i <= orig_range.last; i++) {
> -			if (bitmap_isset(fwd->map, i))
> -				warn(
> -"Altering mapping of already mapped port number: %s", optarg);
> -
> -			if (bitmap_isset(exclude, i))
> -				continue;
> -
> -			bitmap_set(fwd->map, i);
> -
> -			fwd->delta[i] = mapped_range.first - orig_range.first;
> -
> -			ret = 0;
> -			if (optname == 't')
> -				ret = tcp_sock_init(c, addr, ifname, i);
> -			else if (optname == 'u')
> -				ret = udp_sock_init(c, 0, addr, ifname, i);
> -			if (ret)
> -				goto bind_fail;
> -		}
> +		conf_ports_range_except(c, optname, optarg, fwd,
> +					addr, ifname,
> +					orig_range.first, orig_range.last,
> +					exclude,
> +					mapped_range.first, false);
>  	} while ((p = next_chunk(p, ',')));
>  
>  	return;
> -enfile:
> -	die("Can't open enough sockets for port specifier: %s", optarg);
>  bad:
>  	die("Invalid port specifier %s", optarg);
>  mode_conflict:
>  	die("Port forwarding mode '%s' conflicts with previous mode", optarg);
> -bind_fail:
> -	die("Failed to bind port %u (%s) for option '-%c %s', exiting",
> -	    i, strerror_(-ret), optname, optarg);
> -bind_all_fail:
> -	die("Failed to bind any port for '-%c %s', exiting", optname, optarg);
>  }
>  
>  /**

-- 
Stefano