From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=YwbfNJJ5; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 8A81A5A026E for ; Tue, 07 Apr 2026 05:16:41 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202602; t=1775531792; bh=+hSZGeEapChjE1cFzgeyRP0/WkOHVYFT5kkQhunIFIY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YwbfNJJ5yLbC7nmUYsj6hRhuBJhERZ3mecMsf/MsgvoXjGVzyIGNtkaBsovviFnyr sq06WxmjwYgouOEfpU2XyLmifYh5O4AAhG/Kcz9ZvxVrDbdZYsGvmpCuF8SiGzlF30 8Y2/SVuSpzvdFFLyftpd3LDc6NkKHCE6g/WAbLWC2botxyaV7in13DWSacnn5ac98V luZdzbReqAOxcGqubF1jETl6AX4/inZjh5DcASih8Av9cD2g6Z7DHEnFgMVMnp/hs7 InwsmHFoj8rxY4FEuzC7oFY9QCyUxFsahrTuDpJBpnPaseu5wChHODjbncMrUNns9o g+BFOcp5VTL+w== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4fqWZ85Dj7z4wL0; Tue, 07 Apr 2026 13:16:32 +1000 (AEST) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH 05/18] conf: Permit -[tTuU] all in pasta mode Date: Tue, 7 Apr 2026 13:16:17 +1000 Message-ID: <20260407031630.2457081-6-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260407031630.2457081-1-david@gibson.dropbear.id.au> References: <20260407031630.2457081-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: 5MGCIC44DNI2O26XKFJITQL5JJDTXWXR X-Message-ID-Hash: 5MGCIC44DNI2O26XKFJITQL5JJDTXWXR X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Currently we explicitly forbid -[tTuU] all in pasta mode. While these are primarily useful for passt, there's no particular reason they can't be used in pasta mode as well. Indeed you can do the same thing in pasta by using "-t ~32768-60999" (assuming default Linux configuration of ephemeral ports). For consistency, permit "all" for pasta as well. Signed-off-by: David Gibson --- conf.c | 7 ++----- passt.1 | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/conf.c b/conf.c index 751e500f..870712af 100644 --- a/conf.c +++ b/conf.c @@ -358,9 +358,6 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, if (*mode) goto mode_conflict; - if (c->mode == MODE_PASTA) - die("'all' port forwarding is only allowed for passt"); - *mode = FWD_MODE_ALL; /* Exclude ephemeral ports */ @@ -1028,6 +1025,7 @@ static void usage(const char *name, FILE *f, int status) " can be specified multiple times\n" " SPEC can be:\n" " 'none': don't forward any ports\n" + " 'all': forward all unbound, non-ephemeral ports\n" "%s" " a comma-separated list, optionally ranged with '-'\n" " and optional target ports after ':', with optional\n" @@ -1050,8 +1048,7 @@ static void usage(const char *name, FILE *f, int status) " default: %s\n", strstr(name, "pasta") ? " 'auto': forward all ports currently bound in namespace\n" - : - " 'all': forward all unbound, non-ephemeral ports\n", + : "", strstr(name, "pasta") ? "auto" : "none", strstr(name, "pasta") ? "auto" : "none"); diff --git a/passt.1 b/passt.1 index a9a8a42a..44113929 100644 --- a/passt.1 +++ b/passt.1 @@ -435,7 +435,7 @@ Configure TCP port forwarding to guest. \fIspec\fR can be one of: Don't forward any ports .TP -.BR all (\fBpasst\fR only) +.BR all Forward all unbound, non-ephemeral ports, as permitted by current capabilities. For low (< 1024) ports, see \fBNOTES\fR. No failures are reported for unavailable ports, unless no ports could be forwarded at all. -- 2.53.0