From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=FCP/zN1W;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id BA64B5A0627
	for <passt-dev@passt.top>; Fri, 10 Apr 2026 03:03:24 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202602; t=1775782993;
	bh=BXDZH24Awkb+ZSW9mQuzsOXxpM4b6SoDcaWvEifMDXE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=FCP/zN1W4vtbMA0RKpnyGAkFxU2+kn5G52Y3d+FCqdnpFvx1Way6z/wmPXI8ceNWh
	 BdjDexdsfuIrNBJWR5qw66H4JxKAYdtreUHQwPoEV6dlkW0WTcSsg/foat9YGtupni
	 n4F37kYIJgMx8mA/R9jkpqDDI1AeRyTz6Dd/gruQpvo2b8FD4NUVJFht2GGo4IjXTi
	 WSdhiZFX8/3AUjbASJEcBmosqesT8HwoMxSgTiV4EsbuN3k0jIkb4zWq8XkjFg+tk7
	 mJKTSjG/KcqJTNgkbh8/Ji0j2IPjx1TAzXCb5o8doyHSSh7jtcgQms3cWoTAHas1WB
	 zMp2VTsQo/0cQ==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4fsJSx0ydKz4wsP; Fri, 10 Apr 2026 11:03:13 +1000 (AEST)
From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top,
	Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH v2 16/23] conf: Move "all" handling to port specifier
Date: Fri, 10 Apr 2026 11:03:02 +1000
Message-ID: <20260410010309.736855-17-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260410010309.736855-1-david@gibson.dropbear.id.au>
References: <20260410010309.736855-1-david@gibson.dropbear.id.au>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: OPR6ZZSPQVLKBAOPPIEXNXIRXMTE2NAF
X-Message-ID-Hash: OPR6ZZSPQVLKBAOPPIEXNXIRXMTE2NAF
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260410010309.736855-17-david@gibson.dropbear.id.au/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/OPR6ZZSPQVLKBAOPPIEXNXIRXMTE2NAF/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Currently -[tTuU] all is handled separately in conf_ports() before calling
conf_ports_spec().  Earlier changes mean we can now move this handling to
conf_ports_spec().  This makes the code slightly simpler, but more
importantly it allows some useful combinations we couldn't previously do,
such as
	-t 127.0.0.1/all
or
	-u %eth2/all

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
 conf.c  | 25 ++++++++++---------------
 passt.1 | 28 ++++++++++++++++++++--------
 2 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/conf.c b/conf.c
index 5d6517c3..f62109b5 100644
--- a/conf.c
+++ b/conf.c
@@ -251,6 +251,11 @@ static void conf_ports_spec(const struct ctx *c,
 	const char *p, *ep;
 	unsigned i;
 
+	if (!strcmp(spec, "all")) {
+		/* Treat "all" as equivalent to "": all non-ephemeral ports */
+		spec = "";
+	}
+
 	/* Mark all exclusions first, they might be given after base ranges */
 	for_each_chunk(p, ep, spec, ",") {
 		struct port_range xrange;
@@ -372,19 +377,6 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
 		return;
 	}
 
-	if (!strcmp(optarg, "all")) {
-		uint8_t exclude[PORT_BITMAP_SIZE] = { 0 };
-
-		/* Exclude ephemeral ports */
-		fwd_port_map_ephemeral(exclude);
-
-		conf_ports_range_except(c, optname, optarg, fwd,
-					proto, NULL, NULL,
-					1, NUM_PORTS - 1, exclude,
-					1, FWD_WEAK);
-		return;
-	}
-
 	strncpy(buf, optarg, sizeof(buf) - 1);
 
 	if ((spec = strchr(buf, '/'))) {
@@ -1039,14 +1031,17 @@ static void usage(const char *name, FILE *f, int status)
 		"    can be specified multiple times\n"
 		"    SPEC can be:\n"
 		"      'none': don't forward any ports\n"
-		"      'all': forward all unbound, non-ephemeral ports\n"
 		"%s"
 		"      [ADDR[%%IFACE]/]PORTS: forward specific ports\n"
-		"        PORTS is a comma-separated list of ports, optionally\n"
+		"        PORTS is either 'all' (forward all unbound, non-ephemeral\n"
+		"        ports), or a comma-separated list of ports, optionally\n"
 		"        ranged with '-' and optional target ports after ':'.\n"
 		"        Ranges can be reduced by excluding ports or ranges\n"
 		"        prefixed by '~'\n"
 		"        Examples:\n"
+		"        -t all         Forward all ports\n"
+		"        -t 127.0.0.1/all Forward all ports from local address\n"
+		"                         127.0.0.1\n"
 		"        -t 22		Forward local port 22 to 22 on %s\n"
 		"        -t 22:23	Forward local port 22 to 23 on %s\n"
 		"        -t 22,25	Forward ports 22, 25 to ports 22, 25\n"
diff --git a/passt.1 b/passt.1
index d329f8f0..3ba447d5 100644
--- a/passt.1
+++ b/passt.1
@@ -434,12 +434,6 @@ Configure TCP port forwarding to guest or namespace. \fIspec\fR can be one of:
 .BR none
 Don't forward any ports
 
-.TP
-.BR all
-Forward all unbound, non-ephemeral ports, as permitted by current capabilities.
-For low (< 1024) ports, see \fBNOTES\fR. No failures are reported for
-unavailable ports, unless no ports could be forwarded at all.
-
 .TP
 .BR auto " " (\fBpasta\fR " " only)
 Dynamically forward ports bound in the namespace. The list of ports is
@@ -449,10 +443,20 @@ periodically derived (every second) from listening sockets reported by
 .TP
 [\fIaddress\fR[\fB%\fR\fIinterface\fR]\fB/\fR]\fIports\fR ...
 Specific ports to forward.  Optionally, a specific listening address
-and interface name (since Linux 5.7) can be specified.  \fIports\fR is
-a comma-separated list of entries which may be any of:
+and interface name (since Linux 5.7) can be specified.  \fIports\fR
+may be either:
 .RS
 .TP
+\fBall\fR
+Forward all unbound, non-ephemeral ports, as permitted by current
+capabilities.  For low (< 1024) ports, see \fBNOTES\fR. No failures
+are reported for unavailable ports, unless no ports could be forwarded
+at all.
+.RE
+
+.RS
+or a comma-separated list of entries which may be any of:
+.TP
 \fIfirst\fR[\fB-\fR\fIlast\fR][\fB:\fR\fItofirst\fR[\fB-\fR\fItolast\fR]]
 Include range. Forward port numbers between \fIfirst\fR and \fIlast\fR
 (inclusive) to ports between \fItofirst\fR and \fItolast\fR.  If
@@ -473,6 +477,14 @@ unavailable ports, unless no ports could be forwarded at all.
 Examples:
 .RS
 .TP
+-t all
+Forward all unbound, non-ephemeral ports as permitted by current
+capabilities to the corresponding port on the guest or namespace
+.TP
+-t 127.0.0.1/all
+For the local address 127.0.0.1, forward all unbound, non-ephemeral
+ports as permitted by current capabilities.
+.TP
 -t 22
 Forward local port 22 to port 22 on the guest or namespace
 .TP
-- 
2.53.0