From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=cwxD93E3; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id A383C5A0624 for ; Fri, 16 Jan 2026 00:01:39 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1768518098; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=LEnZOio84amTQ7CjJ8WQMEyOTZfoQox7XvuhOc31fZ4=; b=cwxD93E3Wvm2ci1gyZ5j1l8o1m1f8GnsdSGB0Pgvu2wfwRWsUoyos0uHx+5zvProCZUCeD 2gWkwEuhRgzwwnaiPD8h59GUj92z0jVhPOJofAh2BunHPGSJ+DruOObkDzqLWYsVmIBg8K 2oSaBIeMqfvbtwZlSr/zuBAqj/VQsIM= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-381-7upOf7RQOA-e21aaAxXSMg-1; Thu, 15 Jan 2026 18:01:37 -0500 X-MC-Unique: 7upOf7RQOA-e21aaAxXSMg-1 X-Mimecast-MFC-AGG-ID: 7upOf7RQOA-e21aaAxXSMg_1768518096 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-47ee1fe7b24so10478835e9.1 for ; Thu, 15 Jan 2026 15:01:36 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768518096; x=1769122896; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LEnZOio84amTQ7CjJ8WQMEyOTZfoQox7XvuhOc31fZ4=; b=Ptj1HR9gM1jTiL/VeZtiY4yMTfHDPiu7Qpv2nVJDiOZczB7IuK5d0Hr3B1L1Rb0C8u iFNq2qGIRx2P1zHz/Mr/2KOhoqYRu6LWrmVo3Qtn1o0IApkrKL0FV3IcteeByBb17oIV bJDKfiV3F5EJIhYwXntfYDBiqAXojb7VXjmTGboLpVFKXQb2PuPERH0szIAptBAkAZ5b /KthFgEB1rxRIgDNu9mbSDvqy2qsYxth+dsaQngPGa1lPCdrK3bCVTej7uHv11nYSJzS +/Py/YtVAxYrb0yFPXgx4Jjshjr28j4SyKEavPOrpLbsSqCzqw35hJF0PTJZZ9ZVqjw8 pydg== X-Gm-Message-State: AOJu0YxUcdGqfhWc/TWWNfYgmDMKbSpkljjMBikRCKfS2THpI0EpVqZv g+EtGiatmzE95JbgRxuFvCH4zEo49zosoRNH2S+YcGS7xoehypIzyNz2MhomI0TVxrQhp5QhhQF qp5PtF7EkFKWmel9z0rm76gI0B3dUBn3aDwNT7DVYw+Mhayh9N7aB6g== X-Gm-Gg: AY/fxX6kXFSLrrx/ZpXwk8ariHhyi4NsQHXZmlfC9KRrmbeS4uSTE7e/GJFE/V/NveC Vequh930ZrI4E6X4FsPPLa3RAHZV7d/D5iMVHiTaE3kWjWNHuane0lXcws5eRzlk5E1rXGQBX1e ViyBYJjT8zwlHnw6rjUqwi2fzgRbGQF7RVoERRArowX8aUsWrLT8Uml4q6irLS6L5eYWX3CtjZp 7R5iSXXeDq+DOIiw8ETDsDFbiD06LjN5D6Ayw9k7VWK04gKwZmLeGRFSeMSPB745W8ADJk/mJ94 1cXC13Hh1lt32eX3ogUojriNzdg8mvysUwkcYXCMePwMhbPfpEqx9kgK6fAJYtNsjAqH57YdUaA n2hWlwwJ3uy/VF7j7lsSj X-Received: by 2002:a05:600c:4e43:b0:47e:d943:ec08 with SMTP id 5b1f17b1804b1-4801e33dc26mr13990905e9.28.1768518095747; Thu, 15 Jan 2026 15:01:35 -0800 (PST) X-Received: by 2002:a05:600c:4e43:b0:47e:d943:ec08 with SMTP id 5b1f17b1804b1-4801e33dc26mr13988195e9.28.1768518090599; Thu, 15 Jan 2026 15:01:30 -0800 (PST) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4801e9ebc1bsm4821055e9.5.2026.01.15.15.01.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jan 2026 15:01:29 -0800 (PST) Date: Fri, 16 Jan 2026 00:01:27 +0100 From: Stefano Brivio To: David Gibson Subject: Re: [PATCH v4 02/14] conf, fwd: Keep a table of our port forwarding configuration Message-ID: <20260116000127.6f195de5@elisabeth> In-Reply-To: <20260115085045.3309818-3-david@gibson.dropbear.id.au> References: <20260115085045.3309818-1-david@gibson.dropbear.id.au> <20260115085045.3309818-3-david@gibson.dropbear.id.au> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 6rUqXTkfbr4lxT_lHv_Y5pq_45ivykolOgUY4sYHl6k_1768518096 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: HPSY6ZDKSOQZ7JSYIEFEUXQWTRORHZJ5 X-Message-ID-Hash: HPSY6ZDKSOQZ7JSYIEFEUXQWTRORHZJ5 X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Thu, 15 Jan 2026 19:50:33 +1100 David Gibson wrote: > @@ -313,6 +330,90 @@ bool fwd_port_is_ephemeral(in_port_t port) > return (port >= fwd_ephemeral_min) && (port <= fwd_ephemeral_max); > } > > +/** > + * fwd_rule_add() - Add a rule to a forwarding table > + * @fwd: Table to add to > + * @flags: Flags for this entry > + * @addr: Our address to forward (NULL for both 0.0.0.0 and ::) > + * @ifname: Only forward from this interface name, if non-empty > + * @first: First port number to forward > + * @last: Last port number to forward > + * @to: First port of target port range to map to > + */ > +void fwd_rule_add(struct fwd_ports *fwd, uint8_t flags, > + const union inany_addr *addr, const char *ifname, > + in_port_t first, in_port_t last, in_port_t to) > +{ > + /* Flags which can be set from the caller */ > + const uint8_t allowed_flags = FWD_WEAK; > + struct fwd_rule *new; > + unsigned port; > + > + ASSERT(!(flags & ~allowed_flags)); > + > + if (fwd->count >= ARRAY_SIZE(fwd->rules)) > + die("Too many port forwarding ranges"); > + > + new = &fwd->rules[fwd->count++]; > + new->flags = flags; > + > + if (addr) { > + new->addr = *addr; > + } else { > + new->addr = inany_any6; > + new->flags |= FWD_DUAL_STACK_ANY; > + } > + > + memset(new->ifname, 0, sizeof(new->ifname)); > + if (ifname) { > + if (strlen(ifname) + 1 > sizeof(new->ifname)) > + die("Interface name %s is too long", ifname); > + strncpy(new->ifname, ifname, sizeof(new->ifname)); > + } This looks safe to me now, but: /home/sbrivio/passt/fwd.c:394:3: Type: Buffer not null terminated (BUFFER_SIZE) /home/sbrivio/passt/fwd.c:354:2: 1. path: Condition "!(flags & -7 /* ~allowed_flags */)", taking true branch. /home/sbrivio/passt/fwd.c:356:2: 2. path: Condition "fwd->count >= 255U /* (int)(sizeof (fwd->rules) / sizeof (fwd->rules[0])) */", taking false branch. /home/sbrivio/passt/fwd.c:358:2: 3. path: Condition "fwd->sock_count + num > 196608U /* (int)(sizeof (fwd->socks) / sizeof (fwd->socks[0])) */", taking false branch. /home/sbrivio/passt/fwd.c:362:2: 4. path: Condition "i < fwd->count", taking true branch. /home/sbrivio/passt/fwd.c:366:3: 5. path: Condition "!inany_matches(addr, fwd_rule_addr(rule))", taking false branch. /home/sbrivio/passt/fwd.c:370:3: 6. path: Condition "last < rule->first", taking true branch. /home/sbrivio/passt/fwd.c:372:4: 7. path: Continuing loop. /home/sbrivio/passt/fwd.c:362:2: 8. path: Condition "i < fwd->count", taking true branch. /home/sbrivio/passt/fwd.c:366:3: 9. path: Condition "!inany_matches(addr, fwd_rule_addr(rule))", taking false branch. /home/sbrivio/passt/fwd.c:370:3: 10. path: Condition "last < rule->first", taking true branch. /home/sbrivio/passt/fwd.c:372:4: 11. path: Continuing loop. /home/sbrivio/passt/fwd.c:362:2: 12. path: Condition "i < fwd->count", taking true branch. /home/sbrivio/passt/fwd.c:366:3: 13. path: Condition "!inany_matches(addr, fwd_rule_addr(rule))", taking false branch. /home/sbrivio/passt/fwd.c:370:3: 14. path: Condition "last < rule->first", taking false branch. /home/sbrivio/passt/fwd.c:370:3: 15. path: Condition "rule->last < first", taking true branch. /home/sbrivio/passt/fwd.c:372:4: 16. path: Continuing loop. /home/sbrivio/passt/fwd.c:362:2: 17. path: Condition "i < fwd->count", taking false branch. /home/sbrivio/passt/fwd.c:383:2: 18. path: Condition "addr", taking true branch. /home/sbrivio/passt/fwd.c:385:2: 19. path: Falling through to end of if statement. /home/sbrivio/passt/fwd.c:391:2: 20. path: Condition "ifname", taking true branch. /home/sbrivio/passt/fwd.c:392:3: 21. path: Condition "strlen(ifname) + 1 > 16UL /* sizeof (new->ifname) */", taking false branch. /home/sbrivio/passt/fwd.c:394:3: 22. buffer_size_warning: Calling "strncpy" with a maximum size argument of 16 bytes on destination array "new->ifname" of size 16 bytes might leave the destination string unterminated. /home/sbrivio/passt/fwd.c:397:2: 23. path: Condition "first <= last", taking true branch. /home/sbrivio/passt/fwd.c:406:2: 24. path: Condition "port <= new->last", taking true branch. /home/sbrivio/passt/fwd.c:410:3: 25. path: Condition "!(new->flags & (4UL /* 1UL << 2 */))", taking true branch. /home/sbrivio/passt/fwd.c:412:2: 26. path: Jumping back to the beginning of the loop. /home/sbrivio/passt/fwd.c:406:2: 27. path: Condition "port <= new->last", taking false branch. ...perhaps worth switching to the usual snprintf() approach with return check (see handling of c->ip4.ifname_out in conf()) and be done with it? I'd be slightly more confident if Coverity Scan didn't complain at all (and happier without the noise, too). Other than that, this version looks good to me. I would make a new release just before merging it (with this "fixed") so that we can debug things a bit more conveniently should something go wrong with it. -- Stefano