From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH 17/18] conf: Move SO_BINDTODEVICE workaround to conf_ports()
Date: Tue, 7 Apr 2026 13:16:29 +1000 [thread overview]
Message-ID: <20260407031630.2457081-18-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20260407031630.2457081-1-david@gibson.dropbear.id.au>
For historical reasons we apply our workaround for -[TU] handling when
SO_BINDTODEVICE is unavailable inside conf_ports_range_except(). We've
now removed the reasons it had to be there, so it can move to conf_ports(),
the caller's caller.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
conf.c | 77 ++++++++++++++++++++++------------------------------------
1 file changed, 29 insertions(+), 48 deletions(-)
diff --git a/conf.c b/conf.c
index 86c30c7f..de262ef5 100644
--- a/conf.c
+++ b/conf.c
@@ -138,9 +138,6 @@ static int parse_keyword(const char *s, const char **endptr, const char *kw)
/**
* conf_ports_range_except() - Set up forwarding for a range of ports minus a
* bitmap of exclusions
- * @c: Execution context
- * @optname: Short option name, t, T, u, or U
- * @optarg: Option argument (port specification)
* @fwd: Forwarding table to be updated
* @proto: Protocol to forward
* @addr: Listening address
@@ -151,9 +148,8 @@ static int parse_keyword(const char *s, const char **endptr, const char *kw)
* @to: Port to translate @first to when forwarding
* @flags: Flags for forwarding entries
*/
-static void conf_ports_range_except(const struct ctx *c, char optname,
- const char *optarg, struct fwd_table *fwd,
- uint8_t proto, const union inany_addr *addr,
+static void conf_ports_range_except(struct fwd_table *fwd, uint8_t proto,
+ const union inany_addr *addr,
const char *ifname,
uint16_t first, uint16_t last,
const uint8_t *exclude, uint16_t to,
@@ -195,42 +191,10 @@ static void conf_ports_range_except(const struct ctx *c, char optname,
rule.last = i - 1;
rule.to = base + delta;
- if ((optname == 'T' || optname == 'U') && c->no_bindtodevice) {
- /* FIXME: Once the fwd bitmaps are removed, move this
- * workaround to the caller
- */
- struct fwd_rule rulev = {
- .ifname = { 0 },
- .flags = flags,
- .first = base,
- .last = i - 1,
- .to = base + delta,
- };
-
- assert(!addr && ifname && !strcmp(ifname, "lo"));
- warn(
-"SO_BINDTODEVICE unavailable, forwarding only 127.0.0.1 and ::1 for '-%c %s'",
- optname, optarg);
+ fwd_rule_conflict_check(&rule, fwd->rules, fwd->count);
+ if (fwd_rule_add(fwd, &rule) < 0)
+ goto fail;
- if (c->ifi4) {
- rulev.addr = inany_loopback4;
- fwd_rule_conflict_check(&rulev,
- fwd->rules, fwd->count);
- if (fwd_rule_add(fwd, &rulev) < 0)
- goto fail;
- }
- if (c->ifi6) {
- rulev.addr = inany_loopback6;
- fwd_rule_conflict_check(&rulev,
- fwd->rules, fwd->count);
- if (fwd_rule_add(fwd, &rulev) < 0)
- goto fail;
- }
- } else {
- fwd_rule_conflict_check(&rule, fwd->rules, fwd->count);
- if (fwd_rule_add(fwd, &rule) < 0)
- goto fail;
- }
base = i - 1;
}
return;
@@ -321,8 +285,7 @@ static void conf_ports_spec(const struct ctx *c,
/* Exclude ephemeral ports */
fwd_port_map_ephemeral(exclude);
- conf_ports_range_except(c, optname, optarg, fwd,
- proto, addr, ifname,
+ conf_ports_range_except(fwd, proto, addr, ifname,
1, NUM_PORTS - 1, exclude,
1, flags | FWD_WEAK);
return;
@@ -357,8 +320,7 @@ static void conf_ports_spec(const struct ctx *c,
optname, optarg);
}
- conf_ports_range_except(c, optname, optarg, fwd,
- proto, addr, ifname,
+ conf_ports_range_except(fwd, proto, addr, ifname,
orig_range.first, orig_range.last,
exclude,
mapped_range.first, flags);
@@ -461,14 +423,33 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
}
}
+ if (optname == 'T' || optname == 'U') {
+ assert(!addr && !ifname);
+
+ if (c->no_bindtodevice) {
+ warn(
+"SO_BINDTODEVICE unavailable, forwarding only 127.0.0.1 and ::1 for '-%c %s'",
+ optname, optarg);
+
+ if (c->ifi4) {
+ conf_ports_spec(c, optname, optarg, fwd, proto,
+ &inany_loopback4, NULL, spec);
+ }
+ if (c->ifi6) {
+ conf_ports_spec(c, optname, optarg, fwd, proto,
+ &inany_loopback6, NULL, spec);
+ }
+ return;
+ }
+
+ ifname = "lo";
+ }
+
if (ifname && c->no_bindtodevice) {
die(
"Device binding for '-%c %s' unsupported (requires kernel 5.7+)",
optname, optarg);
}
- /* Outbound forwards come from guest loopback */
- if ((optname == 'T' || optname == 'U') && !ifname)
- ifname = "lo";
conf_ports_spec(c, optname, optarg, fwd, proto, addr, ifname, spec);
}
--
2.53.0
next prev parent reply other threads:[~2026-04-07 3:16 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-07 3:16 [PATCH 00/18] Rework forwarding option parsing David Gibson
2026-04-07 3:16 ` [PATCH 01/18] conf: Split parsing of port specifiers from the rest of -[tuTU] parsing David Gibson
2026-04-07 3:16 ` [PATCH 02/18] conf: Simplify handling of default forwarding mode David Gibson
2026-04-07 23:14 ` Stefano Brivio
2026-04-08 1:10 ` David Gibson
2026-04-07 3:16 ` [PATCH 03/18] conf: Move first pass handling of -[TU] next to handling of -[tu] David Gibson
2026-04-07 3:16 ` [PATCH 04/18] doc: Consolidate -[tu] option descriptions for passt and pasta David Gibson
2026-04-07 23:14 ` Stefano Brivio
2026-04-08 1:23 ` David Gibson
2026-04-07 3:16 ` [PATCH 05/18] conf: Permit -[tTuU] all in pasta mode David Gibson
2026-04-07 3:16 ` [PATCH 06/18] fwd: Better split forwarding rule specification from associated sockets David Gibson
2026-04-07 23:14 ` Stefano Brivio
2026-04-08 1:30 ` David Gibson
2026-04-08 21:39 ` Stefano Brivio
2026-04-09 0:47 ` David Gibson
2026-04-07 3:16 ` [PATCH 07/18] fwd_rule: Move forwarding rule formatting David Gibson
2026-04-07 3:16 ` [PATCH 08/18] conf: Pass protocol explicitly to conf_ports_range_except() David Gibson
2026-04-07 3:16 ` [PATCH 09/18] fwd: Split rule building from rule adding David Gibson
2026-04-07 3:16 ` [PATCH 10/18] fwd_rule: Move rule conflict checking from fwd_rule_add() to caller David Gibson
2026-04-07 23:14 ` Stefano Brivio
2026-04-08 1:37 ` David Gibson
2026-04-08 4:42 ` David Gibson
2026-04-07 3:16 ` [PATCH 11/18] fwd: Improve error handling in fwd_rule_add() David Gibson
2026-04-08 21:40 ` Stefano Brivio
2026-04-09 0:10 ` David Gibson
2026-04-07 3:16 ` [PATCH 12/18] conf: Don't be strict about exclusivity of forwarding mode David Gibson
2026-04-08 21:40 ` Stefano Brivio
2026-04-09 0:12 ` David Gibson
2026-04-07 3:16 ` [PATCH 13/18] conf: Rework stepping through chunks of port specifiers David Gibson
2026-04-08 21:40 ` Stefano Brivio
2026-04-09 0:13 ` David Gibson
2026-04-07 3:16 ` [PATCH 14/18] conf: Rework checking for garbage after a range David Gibson
2026-04-08 21:40 ` Stefano Brivio
2026-04-09 0:15 ` David Gibson
2026-04-07 3:16 ` [PATCH 15/18] conf: Move "all" handling to port specifier David Gibson
2026-04-08 21:40 ` Stefano Brivio
2026-04-07 3:16 ` [PATCH 16/18] conf: Allow user-specified auto-scanned port forwarding ranges David Gibson
2026-04-08 21:40 ` Stefano Brivio
2026-04-07 3:16 ` David Gibson [this message]
2026-04-07 3:16 ` [PATCH 18/18] conf: Don't pass raw commandline argument to conf_ports_spec() David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260407031630.2457081-18-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).