From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=lZIlIQMw; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 822FD5A068A for ; Fri, 10 Apr 2026 03:03:23 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202602; t=1775782992; bh=Vml/tSVMqA2jqMpq/n+PE0yV8AJ8EF6SEvRlSmfjVYQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lZIlIQMwtrfHMnzei4J8hKyKSvs4UxC4z6pXjugmSemN8htEFUCA5XCl2SUr9H0GB Aj6oRSKZ2D/VScqZEBlVsFbJVhMlsTi3G4uSR5sq51X1WKqJv/D4+5P8xHOJ/kMhRF YoIrC7ulmQbLbUj8jjTaaEzfqnRiOptTpS6LNPhVcetQHbBpdqALll4YBVzrghgIM/ Ulk6dnR0sO9tLVOZ2vseBBCfSiVADPKkKjQnZsvwJTiFQ0Jl3jM7yR0rQnupi+ub5k eQa9wt3d31hEj2XU9w+kXTjC7y201w/BwnoU5PxyqL+e2VD1y+DbO9e5FL6pkMTHx4 4FrBFpPFUOPAw== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4fsJSw6s5Jz4wT1; Fri, 10 Apr 2026 11:03:12 +1000 (AEST) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH v2 05/23] conf: Permit -[tTuU] all in pasta mode Date: Fri, 10 Apr 2026 11:02:51 +1000 Message-ID: <20260410010309.736855-6-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260410010309.736855-1-david@gibson.dropbear.id.au> References: <20260410010309.736855-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: JNWAMOMRZ6XI6XKSHO7W7HBIIOJFXMUW X-Message-ID-Hash: JNWAMOMRZ6XI6XKSHO7W7HBIIOJFXMUW X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Currently we explicitly forbid -[tTuU] all in pasta mode. While these are primarily useful for passt, there's no particular reason they can't be used in pasta mode as well. Indeed you can do the same thing in pasta by using "-t ~32768-60999" (assuming default Linux configuration of ephemeral ports). For consistency, permit "all" for pasta as well. Signed-off-by: David Gibson --- conf.c | 7 ++----- passt.1 | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/conf.c b/conf.c index 64ee8f00..15044f3c 100644 --- a/conf.c +++ b/conf.c @@ -358,9 +358,6 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, if (*mode) goto mode_conflict; - if (c->mode == MODE_PASTA) - die("'all' port forwarding is only allowed for passt"); - *mode = FWD_MODE_ALL; /* Exclude ephemeral ports */ @@ -1036,6 +1033,7 @@ static void usage(const char *name, FILE *f, int status) " can be specified multiple times\n" " SPEC can be:\n" " 'none': don't forward any ports\n" + " 'all': forward all unbound, non-ephemeral ports\n" "%s" " a comma-separated list, optionally ranged with '-'\n" " and optional target ports after ':', with optional\n" @@ -1059,8 +1057,7 @@ static void usage(const char *name, FILE *f, int status) guest, strstr(name, "pasta") ? " 'auto': forward all ports currently bound in namespace\n" - : - " 'all': forward all unbound, non-ephemeral ports\n", + : "", guest, guest, guest, fwd_default, guest, fwd_default); if (strstr(name, "pasta")) diff --git a/passt.1 b/passt.1 index 976f3f0c..7da4fe5f 100644 --- a/passt.1 +++ b/passt.1 @@ -435,7 +435,7 @@ Configure TCP port forwarding to guest or namespace. \fIspec\fR can be one of: Don't forward any ports .TP -.BR all " " (\fBpasst\fR " " only) +.BR all Forward all unbound, non-ephemeral ports, as permitted by current capabilities. For low (< 1024) ports, see \fBNOTES\fR. No failures are reported for unavailable ports, unless no ports could be forwarded at all. -- 2.53.0