From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202512 header.b=NeN1NTFn;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 5B8425A0778
	for <passt-dev@passt.top>; Fri, 19 Dec 2025 15:19:17 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202512; t=1766153948;
	bh=fZYvrps1WDgjUfjCFyTm/PQI/XCBrBh7mqZdk/a273o=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=NeN1NTFn14idSWjPS7jkZ0IZgPJp0uNDiNVqyDrJbiWRAiF/fXgoBNp0vp7BN4EKU
	 U+gmb8WoVkBMJAPVN33ThadKrqhgsC5/8L97L1jHSJgxM/LylLGEqMC/BW7fSSBUlC
	 mV9aB3N61la94yPR/2JUqrv6Hc5QB/3v9ybqS7wwx9/ATai57ZsgO/Qw/X95H93Kfz
	 g2CIvVDmqjvHM0qMsf6UjZwhE0eKOu/MUyFO2P9jzLNNV/U20d5fpJ/KtRVQUPAIZw
	 T948zAaIi+tUoJIo3XUBzNpBzblsp+gzC+HWs5v5bfCDEX0os/gk4lMbLIVZIHFgpg
	 41TL21YJHG2yA==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4dXqR03S7Tz4wQb; Sat, 20 Dec 2025 01:19:08 +1100 (AEDT)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH v2 11/12] fwd: Generate auto-forward exclusions from socket fd tables
Date: Sat, 20 Dec 2025 01:19:03 +1100
Message-ID: <20251219141904.1758072-12-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20251219141904.1758072-1-david@gibson.dropbear.id.au>
References: <20251219141904.1758072-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: BDRNA26JWC36SZFYEO5Q56GVJJCSRZWT
X-Message-ID-Hash: BDRNA26JWC36SZFYEO5Q56GVJJCSRZWT
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20251219141904.1758072-12-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/BDRNA26JWC36SZFYEO5Q56GVJJCSRZWT/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

When auto-forwarding based on port scans, we must exclude our own
listening ports, to avoid circular forwards.  Currently we use the (old)
forwarding bitmaps for the reverse direction to determine that.

Instead, generate it from the tables of listening sockets that we now
maintain.  For now this seems like a lot more work to get to the same
place.  However, it does mean we're basing our exclusions directly on the
relevant information: which of the scanned listens belong to us.  More
importantly, it's a step towards removing the bitmaps entirely.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 fwd.c | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/fwd.c b/fwd.c
index 21e852af..848930a9 100644
--- a/fwd.c
+++ b/fwd.c
@@ -628,6 +628,28 @@ static void fwd_scan_ports_udp(struct fwd_ports *fwd,
 	bitmap_and_not(fwd->map, PORT_BITMAP_SIZE, fwd->map, exclude);
 }
 
+/**
+ * current_listen_map() - Get bitmap of which ports we're already listening on
+ * @map:	Bitmap to populate
+ * @fwd:	Forwarding table to consider
+ */
+static void current_listen_map(uint8_t *map, const struct fwd_ports *fwd)
+{
+	unsigned i;
+
+	memset(map, 0, PORT_BITMAP_SIZE);
+
+	for (i = 0; i < fwd->count; i++) {
+		const struct fwd_entry *fe = &fwd->tab[i];
+		unsigned port;
+
+		for (port = fe->first; port <= fe->last; port++) {
+			if (fe->socks[port - fe->first] >= 0)
+				bitmap_set(map, port);
+		}
+	}
+}
+
 /**
  * fwd_scan_ports() - Scan automatic port forwarding information
  * @c:		Execution context
@@ -637,10 +659,10 @@ static void fwd_scan_ports(struct ctx *c)
 	uint8_t excl_tcp_out[PORT_BITMAP_SIZE], excl_udp_out[PORT_BITMAP_SIZE];
 	uint8_t excl_tcp_in[PORT_BITMAP_SIZE], excl_udp_in[PORT_BITMAP_SIZE];
 
-	memcpy(excl_tcp_out, c->tcp.fwd_in.map, sizeof(excl_tcp_out));
-	memcpy(excl_tcp_in, c->tcp.fwd_out.map, sizeof(excl_tcp_in));
-	memcpy(excl_udp_out, c->udp.fwd_in.map, sizeof(excl_udp_out));
-	memcpy(excl_udp_in, c->udp.fwd_out.map, sizeof(excl_udp_in));
+	current_listen_map(excl_tcp_out, &c->tcp.fwd_in);
+	current_listen_map(excl_tcp_in, &c->tcp.fwd_out);
+	current_listen_map(excl_udp_out, &c->udp.fwd_in);
+	current_listen_map(excl_udp_in, &c->udp.fwd_out);
 
 	fwd_scan_ports_tcp(&c->tcp.fwd_out, excl_tcp_out);
 	fwd_scan_ports_tcp(&c->tcp.fwd_in, excl_tcp_in);
-- 
2.52.0