From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=FnTHm1Ix;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id EDDA05A061E
	for <passt-dev@passt.top>; Mon, 23 Mar 2026 09:33:00 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202602; t=1774254767;
	bh=SdsfFslSTAF/NBSvtPN0BsSKDOO2GEeLcAOagrKpE1g=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=FnTHm1Ix9xtqiwW8xr3ED/JLSqD2NA8NKs7uGsGuvWFmxZXOtqq/RAkeAfpRntLC2
	 7KDGYDKbpsnL/RrkPJNwL+tCLuGdjLeGCMpMGTgTIZgh5lR7Hji00oVvotrHDFEpAa
	 qM/0xDVxrqhp/LTwjkx7k+MUc1yJv5a/4+fhU82FJQlbjs7Sct3euxfyAU8tgb3lAd
	 eyqRC/qg4LJg5ilp0SCaAwPJzTNnT1kcTOyn40XZvJOh30yrwVpLfwDB95FSuBEVkm
	 jGfiSav7b93CUCaoAarUQ+rFg4+doOOuFRkEKgs8FJ3FdU6Y5YAKzthiYl1/SOYjge
	 yfeVbJ3EgQHQA==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4ffRHz6K3yz4wSk; Mon, 23 Mar 2026 19:32:47 +1100 (AEDT)
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>,
	passt-dev@passt.top
Subject: [PATCH v3 25/25] conf, fwd: Allow switching to new rules received from pesto
Date: Mon, 23 Mar 2026 18:37:32 +1100
Message-ID: <20260323073732.3158468-26-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260323073732.3158468-1-david@gibson.dropbear.id.au>
References: <20260323073732.3158468-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: JV3DE6Q5PKXYY3MIJDDQVE5BSBDN5374
X-Message-ID-Hash: JV3DE6Q5PKXYY3MIJDDQVE5BSBDN5374
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260323073732.3158468-26-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/JV3DE6Q5PKXYY3MIJDDQVE5BSBDN5374/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

We can now receive updates to the forwarding rules from the pesto client
and store them in a "pending" copy of the forwarding tables.  Implement
switching to using the new rules.

The logic is in a new fwd_listen_switch().  For now this closes all
listening sockets related to the old tables, swaps the active and pending
tables, then listens based on the new tables.  In future we look to improve
this so that we don't temporarily stop listening on ports that both the
old and new tables specify.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 conf.c |  2 ++
 fwd.c  | 34 ++++++++++++++++++++++++++++++++++
 fwd.h  |  1 +
 3 files changed, 37 insertions(+)

diff --git a/conf.c b/conf.c
index b4c2074e..b2c99a74 100644
--- a/conf.c
+++ b/conf.c
@@ -2164,6 +2164,8 @@ void conf_listen_handler(struct ctx *c, uint32_t events)
 		fwd_rules_print(c->fwd_pending[i]);
 	}
 
+	fwd_listen_switch(c);
+
 	return;
 
 fail:
diff --git a/fwd.c b/fwd.c
index d54a1f15..2f1479de 100644
--- a/fwd.c
+++ b/fwd.c
@@ -531,6 +531,40 @@ int fwd_listen_init(const struct ctx *c)
 	return 0;
 }
 
+/**
+ * fwd_listen_switch() - Switch from current to pending rules table
+ * @c:		Execution context
+ */
+void fwd_listen_switch(struct ctx *c)
+{
+	struct fwd_table *tmp[PIF_NUM_TYPES];
+	unsigned i;
+
+	/* Stop listening on the old tables */
+	for (i = 0; i < PIF_NUM_TYPES; i++) {
+		struct fwd_table *fwd = c->fwd[i];
+
+		if (!fwd)
+			continue;
+
+		debug("Flushing %u old %s rules", fwd->count, pif_name(i));
+		fwd_listen_close(fwd);
+		memset(fwd, 0, sizeof(*fwd));
+	}
+
+	/* Swap active and pending tables */
+	static_assert(sizeof(tmp) == sizeof(c->fwd) &&
+		      sizeof(tmp) == sizeof(c->fwd_pending),
+		      "Temporary has wrong size");
+	memcpy(&tmp, (void *)c->fwd, sizeof(tmp));
+	memcpy((void *)c->fwd, (void *)c->fwd_pending, sizeof(tmp));
+	memcpy((void *)c->fwd_pending, &tmp, sizeof(tmp));
+
+	/* Start listening on the new tables */
+	if (fwd_listen_init(c) < 0)
+		err("Error switching to new forwarding rules");
+}
+
 /* See enum in kernel's include/net/tcp_states.h */
 #define UDP_LISTEN	0x07
 #define TCP_LISTEN	0x0a
diff --git a/fwd.h b/fwd.h
index a00fe52d..2e068f23 100644
--- a/fwd.h
+++ b/fwd.h
@@ -53,6 +53,7 @@ int fwd_listen_sync(const struct ctx *c, uint8_t pif,
 		    const struct fwd_scan *tcp, const struct fwd_scan *udp);
 void fwd_listen_close(const struct fwd_table *fwd);
 int fwd_listen_init(const struct ctx *c);
+void fwd_listen_switch(struct ctx *c);
 
 bool nat_inbound(const struct ctx *c, const union inany_addr *addr,
 		 union inany_addr *translated);
-- 
2.53.0