From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=eb92BSZL; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 080985A061E for ; Mon, 23 Mar 2026 09:32:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202602; t=1774254767; bh=nx9tRvoep6sLo4qKjF7G09oykCFfb4lF6gtJWJuXEJ0=; h=From:To:Cc:Subject:Date:From; b=eb92BSZLyUDsLWQwZ7GupGITEP4jWnRmQJtGW7OoojHDSRbtjDR5aIfqynnw8IRtE joW0sKnOl+39cNhtpgcEP2D4VDoWO5tqznqM2zZObPe1iRYkRctLOh8QetCIGQd9Yv arfiMDPwyxYbfcntrw0BZ1hkMj5eNR2qBVpioun4eRxlpZsrYInoWMv0koAv3Xopvx qIBvjd32urr31bVLugIdhTXzb/idQmjgdPjo1tvZAhz51GKVXC7xRVFDXxu4IFpr08 y8Tlq3xK+jHBl5yB6bEk1fdjXCUUQIonJDCv107YFvyed25WUSXZdLhs0FD7cY+pMe tiDsPL7UHwDyw== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4ffRHz3Mryz4wDx; Mon, 23 Mar 2026 19:32:47 +1100 (AEDT) From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH v3 00/25] RFC: Read-only dynamic update implementation Date: Mon, 23 Mar 2026 18:37:07 +1100 Message-ID: <20260323073732.3158468-1-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.53.0 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: 7EMVJ7L3X4GBUV4I33LI6V5JGT3U6X2T X-Message-ID-Hash: 7EMVJ7L3X4GBUV4I33LI6V5JGT3U6X2T X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Here's a new draft of dynamic updates. This now can successfully update rules, though I've not tested it very extensively. Essentially this is just barely enough to work, it still could do with rather a lot of polish. Patches 1..12/22 are preliminary reworks that make moderate sense even without pesto - feel free to apply if you're happy with them. Changes in v3: * Removed already applied ASSERT() rename * Renamed serialisation functions * Incorporated Stefano's extensions, reworked and fixed * Several additional cleanups / preliminary reworks Changes in v2: * Removed already applied cleanups * Reworked assert() patch to handle -DNDEBUG properly * Numerous extra patches: * Factored out serialisation helpers and use them for migration as well * Reworked to allow ip.[ch] and inany.[ch] to be shared with pesto * Reworks to share some forwarding rule datatypes with pesto * Implemented sending pif names and current ruleset to pesto David Gibson (22): conf: runas can be const vhost_user: Fix assorted minor cppcheck warnings serialise: Split functions user for serialisation from util.c serialise: Add helpers for serialising unsigned integers fwd: Move selecting correct scan bitmap into fwd_sync_one() fwd: Look up rule index in fwd_sync_one() fwd: Store forwarding tables indexed by (origin) pif fwd: Allow FWD_DUAL_STACK_ANY flag to be passed directly to fwd_rule_add() fwd, conf: Expose ephemeral ports as bitmap rather than function conf: Don't bother complaining about overlapping excluded ranges conf: Move check for mapping port 0 to caller conf: Move check for disabled interfaces earlier pesto: Introduce stub configuration interface and tool pesto: Add command line option parsing and debug messages pesto: Expose list of pifs to pesto ip: Prepare ip.[ch] for sharing with pesto tool inany: Prepare inany.[ch] for sharing with pesto tool fwd: Split forwading rule specification from its implementation state ip: Define a bound for the string returned by ipproto_name() fwd_rule: Move forwarding rule text formatting to common code pesto: Read current ruleset from passt/pasta and display it conf, fwd: Allow switching to new rules received from pesto Stefano Brivio (3): conf: Move port parsing functions to own file, ports.c conf, fwd, ports, util: Move things around for pesto pesto, conf: Parse, send and receive new rules .gitignore | 2 + Makefile | 42 +-- common.h | 178 +++++++++++++ conf.c | 740 ++++++++++++++++++++++++--------------------------- conf.h | 2 + epoll_type.h | 4 + flow.c | 37 ++- fwd.c | 347 +++++++----------------- fwd.h | 82 +----- fwd_rule.c | 204 ++++++++++++++ fwd_rule.h | 112 ++++++++ inany.c | 16 +- inany.h | 16 +- iov.c | 1 + ip.c | 74 ++---- ip.h | 4 +- lineread.c | 1 - log.c | 1 + log.h | 33 +++ migrate.c | 1 + passt.1 | 5 + passt.c | 9 + passt.h | 14 +- pcap.c | 1 + pesto.1 | 46 ++++ pesto.c | 412 ++++++++++++++++++++++++++++ pesto.h | 34 +++ pif.h | 2 + ports.c | 444 +++++++++++++++++++++++++++++++ ports.h | 48 ++++ serialise.c | 147 ++++++++++ serialise.h | 24 ++ siphash.h | 13 + tap.c | 52 ++++ tcp.c | 1 + util.c | 154 +---------- util.h | 87 ------ vhost_user.c | 16 +- virtio.c | 1 + virtio.h | 2 +- vu_common.c | 2 +- 41 files changed, 2334 insertions(+), 1077 deletions(-) create mode 100644 common.h create mode 100644 fwd_rule.c create mode 100644 fwd_rule.h create mode 100644 pesto.1 create mode 100644 pesto.c create mode 100644 pesto.h create mode 100644 ports.c create mode 100644 ports.h create mode 100644 serialise.c create mode 100644 serialise.h -- 2.53.0