From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=DByWyHHh;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id C5B715A0619
	for <passt-dev@passt.top>; Fri, 10 Apr 2026 03:03:16 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202602; t=1775782992;
	bh=97oQCnnWUTnDKZpNYChoZPZHAdE3WXo6QAzHycjN7oM=;
	h=From:To:Cc:Subject:Date:From;
	b=DByWyHHhT9ti+QOweEElUeAk7RVgAfobbXXCbbyJooE9sYvFqlOCKFbTCxdChyqmT
	 EEpm1o8YOgst5C7+nKcpTWKrc7EEiz6vz759y0tszQ8HJmm7M/ttQQVnuS6xfJolY9
	 1/kwcQ3g28OVL4l0+c48FdrVmdn0hY/DEBjrRxjfhlf720r9N+XPtEcUwrgcoatpEq
	 wST1/7Ff1x79bkXpZclEbj4CvAItPafIzUW4sqGQY7xWdVVf/a/TWH9lLLQ4YYA3MA
	 2/UkMyiJ7kCxFjq1mN+uMVWthyEz9BElTZUZcq2Ay9E0Yv6O/yujTpVjhzc6zSt5Es
	 fNi+xOX3eNQgg==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4fsJSw5zSRz4wSS; Fri, 10 Apr 2026 11:03:12 +1000 (AEST)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH v2 00/23] Rework forwarding option parsing
Date: Fri, 10 Apr 2026 11:02:46 +1000
Message-ID: <20260410010309.736855-1-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.53.0
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: GAIWJX5KBHVMXXCDTRJFLYEPIWXC75EW
X-Message-ID-Hash: GAIWJX5KBHVMXXCDTRJFLYEPIWXC75EW
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260410010309.736855-1-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/GAIWJX5KBHVMXXCDTRJFLYEPIWXC75EW/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

This series makes a number of significant reworks to how we process
forwarding options (-t, -u, -T and -U) in passt & pasta.  This is
largely motivated by moving towards being able to share this code with
a configuration update tool.  However, along the way it also enables
some forwarding configurations that were technically possible with the
forwarding table but couldn't be specified on the command line, in
particular bug 180.

There is still a bunch of work needed to make the parsing code truly
shareable with pesto, but this is a solid start.

v2:
 * Assorted minor changes based on Stefano's review, including
   * Explicitly state "guest or namespace" in the manpage
   * Clearer description of @rulesocks field
 * Worked around a gcc < 15 bug causing a false positive warning
 * Update man page and usage() for new capabilities
 * Additional patches moving rule parsing out of conf.c

David Gibson (23):
  conf: Split parsing of port specifiers from the rest of -[tuTU]
    parsing
  conf: Simplify handling of default forwarding mode
  conf: Move first pass handling of -[TU] next to handling of -[tu]
  doc: Consolidate -[tu] option descriptions for passt and pasta
  conf: Permit -[tTuU] all in pasta mode
  fwd: Better split forwarding rule specification from associated
    sockets
  fwd_rule: Move forwarding rule formatting
  conf: Pass protocol explicitly to conf_ports_range_except()
  fwd: Split rule building from rule adding
  fwd_rule: Move rule conflict checking from fwd_rule_add() to caller
  fwd: Improve error handling in fwd_rule_add()
  conf: Don't be strict about exclusivity of forwarding mode
  conf: Rework stepping through chunks of port specifiers
  conf: Rework checking for garbage after a range
  doc: Rework man page description of port specifiers
  conf: Move "all" handling to port specifier
  conf: Allow user-specified auto-scanned port forwarding ranges
  conf: Move SO_BINDTODEVICE workaround to conf_ports()
  conf: Don't pass raw commandline argument to conf_ports_spec()
  fwd, conf: Add capabilities bits to each forwarding table
  conf, fwd: Stricter rule checking in fwd_rule_add()
  fwd_rule: Move ephemeral port probing to fwd_rule.c
  fwd, conf: Move rule parsing code to fwd_rule.[ch]

 Makefile   |  10 +-
 conf.c     | 524 ++++++-----------------------------------
 fwd.c      | 261 +++------------------
 fwd.h      |  46 ----
 fwd_rule.c | 676 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 fwd_rule.h |  59 +++++
 passt.1    | 288 ++++++++++-------------
 7 files changed, 973 insertions(+), 891 deletions(-)
 create mode 100644 fwd_rule.c

-- 
2.53.0