From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH v2 7/9] fwd: Always open /proc/net{tcp,tcp6,udp,udp6} in pasta mode
Date: Wed, 11 Mar 2026 23:03:12 +1100 [thread overview]
Message-ID: <20260311120314.933546-8-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20260311120314.933546-1-david@gibson.dropbear.id.au>
Currently we open these files only if have forwarding rules based on the
scanning these are used for. We plan to allow dynamic updates to the
forwarding rules, which could add such a rule after the point
fwd_scan_ports_init() is called. We can't open the /proc files later,
because of our self-isolation.
In any case, not opening these files when unneeded doesn't have very much
advantage. So, in anticipation of dynamic updates, always open these files
when in pasta mode.
This also fixes an arguable small bug. To deal with certain protocols like
iperf3, we automatically forward UDP ports if the corresponding TCP ports
are open. However, we only open /proc/net/tcp* if we have TCP port scans.
That means that:
$ pasta --config-net -T none -U auto
might open different UDP ports than:
$ pasta --config-net -T auto -U auto
which is surprising behaviour. This change removes that buglet as a side
effect.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
fwd.c | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/fwd.c b/fwd.c
index 1843ec8b..bedbf98a 100644
--- a/fwd.c
+++ b/fwd.c
@@ -877,23 +877,19 @@ void fwd_scan_ports_init(struct ctx *c)
c->udp.scan_in.scan4 = c->udp.scan_in.scan6 = -1;
c->udp.scan_out.scan4 = c->udp.scan_out.scan6 = -1;
- if (has_scan_rules(&c->fwd_in, IPPROTO_TCP)) {
- c->tcp.scan_in.scan4 = open_in_ns(c, "/proc/net/tcp", flags);
- c->tcp.scan_in.scan6 = open_in_ns(c, "/proc/net/tcp6", flags);
- }
- if (has_scan_rules(&c->fwd_in, IPPROTO_UDP)) {
- c->udp.scan_in.scan4 = open_in_ns(c, "/proc/net/udp", flags);
- c->udp.scan_in.scan6 = open_in_ns(c, "/proc/net/udp6", flags);
- }
- if (has_scan_rules(&c->fwd_out, IPPROTO_TCP)) {
+ if (c->mode == MODE_PASTA) {
c->tcp.scan_out.scan4 = open("/proc/net/tcp", flags);
c->tcp.scan_out.scan6 = open("/proc/net/tcp6", flags);
- }
- if (has_scan_rules(&c->fwd_out, IPPROTO_UDP)) {
c->udp.scan_out.scan4 = open("/proc/net/udp", flags);
c->udp.scan_out.scan6 = open("/proc/net/udp6", flags);
+
+ c->tcp.scan_in.scan4 = open_in_ns(c, "/proc/net/tcp", flags);
+ c->tcp.scan_in.scan6 = open_in_ns(c, "/proc/net/tcp6", flags);
+ c->udp.scan_in.scan4 = open_in_ns(c, "/proc/net/udp", flags);
+ c->udp.scan_in.scan6 = open_in_ns(c, "/proc/net/udp6", flags);
+
+ fwd_scan_ports(c);
}
- fwd_scan_ports(c);
}
/* Last time we scanned for open ports */
--
2.53.0
next prev parent reply other threads:[~2026-03-11 12:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-11 12:03 [PATCH v2 0/9] Unify TCP and UDP forwarding tables David Gibson
2026-03-11 12:03 ` [PATCH v2 1/9] conf, fwd: Make overall forwarding mode local to conf path David Gibson
2026-03-11 12:03 ` [PATCH v2 2/9] tcp: Remove stale description of port_to_tap field David Gibson
2026-03-11 12:03 ` [PATCH v2 3/9] fwd: Don't initialise unused port bitmaps David Gibson
2026-03-11 12:03 ` [PATCH v2 4/9] Fix misnamed field in struct ctx comments David Gibson
2026-03-11 12:03 ` [PATCH v2 5/9] fwd: Split forwarding table from port scanning state David Gibson
2026-03-11 12:03 ` [PATCH v2 6/9] fwd: Unify TCP and UDP forwarding tables David Gibson
2026-03-11 12:03 ` David Gibson [this message]
2026-03-11 12:03 ` [PATCH v2 8/9] conf: Don't defer handling of --dns option David Gibson
2026-03-11 12:03 ` [PATCH v2 9/9] conf: Parse all forwarding options at the same time David Gibson
2026-03-11 21:12 ` [PATCH v2 0/9] Unify TCP and UDP forwarding tables Stefano Brivio
2026-03-11 23:33 ` David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260311120314.933546-8-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).