From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=TTJP7xCt; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id B3ACE5A026D for ; Thu, 16 Apr 2026 00:04:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1776290688; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Xqy1pPQl4S4eUKRkiF/GsTjnr6UK2kIHAOnoKaQa+sE=; b=TTJP7xCt2QrBM8sFiInHz4wSoxtPHrVKRTvHbElJtwM7Tw/n2fbv35kpn++RNvilwhKcYW nNB7hxJBo29yEiZTvCk3p4rV51YThz7rOUnp+lBYirfIKJ47omkTmuVg9q4c9mkqP9SNKb KOkjMFZ7vCiXyS6WHp+HfvzL5yoinMk= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-622-0CMIzt2HOEiLw-8wKiQMMA-1; Wed, 15 Apr 2026 18:04:47 -0400 X-MC-Unique: 0CMIzt2HOEiLw-8wKiQMMA-1 X-Mimecast-MFC-AGG-ID: 0CMIzt2HOEiLw-8wKiQMMA_1776290686 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-43cf5b4dac8so7926959f8f.0 for ; Wed, 15 Apr 2026 15:04:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776290685; x=1776895485; h=date:content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Xqy1pPQl4S4eUKRkiF/GsTjnr6UK2kIHAOnoKaQa+sE=; b=jHqy6fAFVV36zZJDAVtQoHjOORkM/DtykDOnAXK2gPZDV33JV/SfE9pO4F+40SY4k0 Cv1i3kX4GeLMxuu/rK6BsGpz4klLdSPF1zSoTtqP7e9w4B5KkjCctUzkmXD1MQkY9l7l HRnKlDmazTD1ts6lRKQYHnKT3EFMnyHpa1jRWd8ulywNbKoQsD6c3V3NMoQAN9I50n3m ldsFjTJlTX9dHT1US22Khav0H1i97pxid15y/rJbUBFsSB/pZ2Uyt/btjLPNZ18qKks9 nX1ljZyZ+DcnS+KSbk5kdCu6sPi61lwdjXn4Jl+aTGnqWLuNsmFgwC5Gfq7jb5Sbevcc Z6Tw== X-Gm-Message-State: AOJu0Yz29MErurCsEthuHgGxbbiyH9VN3cLiW9LPINeQH1z5+9HOX8Aw QWD59vKZiY00r8hCWFAZ8V5cjtGPyglsNIJKucKNdy3AW0uNcbRdw0z/nfzfUWKGX54U7qkEyFJ MGYW8hJwBPUvMSTbSLySiSY9Ey1BpTr0Y48YWqTYhzaqSXZqIV+z0MvfraxyEzQ== X-Gm-Gg: AeBDietnNqFsO80rpa/24q3ZUlTkTYCvLHMUkOKU3x5LWGolod8cFvJ32IttKJBc5I+ /gXh/R9QmB9mcPrfP0gcvlXVneLgK/bNgnjYi/Abm7RcPd0n9dKFjTEns0hgHNIYWAC7F1xmi0x jUnNepywtlOQ7pd0ldXTayj0zn92MAg3fDbZSZvKfzwhPUPsZeBUQEFboj5T86WAv0XTatRrim3 1EvtrAGBT8HFnAH0j830qiRRaimvlixr/QYWzx6BEEOoxQWtTD/IPF/8Ns4yoRACLJA+xoyJhRs S1tBMwED8Tc1R2OEftQunrZZNgjpq+oMO1+mRhpeqthphYJ0qidjx7tkZuxEgrJ0CNxeoDe7FF8 FoZ5gq9rtSKxYPBKvBKAGIYBJTysq4SIq X-Received: by 2002:a05:6000:24c3:b0:43d:77a8:3bb6 with SMTP id ffacd0b85a97d-43d77a83df5mr21392619f8f.47.1776290685519; Wed, 15 Apr 2026 15:04:45 -0700 (PDT) X-Received: by 2002:a05:6000:24c3:b0:43d:77a8:3bb6 with SMTP id ffacd0b85a97d-43d77a83df5mr21392600f8f.47.1776290684963; Wed, 15 Apr 2026 15:04:44 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43ead3ebd38sm8628496f8f.31.2026.04.15.15.04.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Apr 2026 15:04:44 -0700 (PDT) From: Stefano Brivio To: David Gibson Subject: Re: [PATCH v2 16/23] conf: Move "all" handling to port specifier Message-ID: <20260416000443.5372dc46@elisabeth> In-Reply-To: <20260410010309.736855-17-david@gibson.dropbear.id.au> References: <20260410010309.736855-1-david@gibson.dropbear.id.au> <20260410010309.736855-17-david@gibson.dropbear.id.au> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 Date: Thu, 16 Apr 2026 00:04:43 +0200 (CEST) X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: pgF9pWHoRcuTiVamJy-gmHScLtlTB-koreA97dgMzrM_1776290686 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: ANV4FF7VSYB45T7YGJLJOO3TLCJJXUS2 X-Message-ID-Hash: ANV4FF7VSYB45T7YGJLJOO3TLCJJXUS2 X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Fri, 10 Apr 2026 11:03:02 +1000 David Gibson wrote: > Currently -[tTuU] all is handled separately in conf_ports() before calling > conf_ports_spec(). Earlier changes mean we can now move this handling to > conf_ports_spec(). This makes the code slightly simpler, but more > importantly it allows some useful combinations we couldn't previously do, > such as > -t 127.0.0.1/all > or > -u %eth2/all > > Signed-off-by: David Gibson > --- > conf.c | 25 ++++++++++--------------- > passt.1 | 28 ++++++++++++++++++++-------- > 2 files changed, 30 insertions(+), 23 deletions(-) > > diff --git a/conf.c b/conf.c > index 5d6517c3..f62109b5 100644 > --- a/conf.c > +++ b/conf.c > @@ -251,6 +251,11 @@ static void conf_ports_spec(const struct ctx *c, > const char *p, *ep; > unsigned i; > > + if (!strcmp(spec, "all")) { > + /* Treat "all" as equivalent to "": all non-ephemeral ports */ > + spec = ""; > + } > + > /* Mark all exclusions first, they might be given after base ranges */ > for_each_chunk(p, ep, spec, ",") { > struct port_range xrange; > @@ -372,19 +377,6 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, > return; > } > > - if (!strcmp(optarg, "all")) { > - uint8_t exclude[PORT_BITMAP_SIZE] = { 0 }; > - > - /* Exclude ephemeral ports */ > - fwd_port_map_ephemeral(exclude); > - > - conf_ports_range_except(c, optname, optarg, fwd, > - proto, NULL, NULL, > - 1, NUM_PORTS - 1, exclude, > - 1, FWD_WEAK); > - return; > - } > - > strncpy(buf, optarg, sizeof(buf) - 1); > > if ((spec = strchr(buf, '/'))) { > @@ -1039,14 +1031,17 @@ static void usage(const char *name, FILE *f, int status) > " can be specified multiple times\n" > " SPEC can be:\n" > " 'none': don't forward any ports\n" > - " 'all': forward all unbound, non-ephemeral ports\n" > "%s" > " [ADDR[%%IFACE]/]PORTS: forward specific ports\n" > - " PORTS is a comma-separated list of ports, optionally\n" > + " PORTS is either 'all' (forward all unbound, non-ephemeral\n" > + " ports), or a comma-separated list of ports, optionally\n" > " ranged with '-' and optional target ports after ':'.\n" > " Ranges can be reduced by excluding ports or ranges\n" > " prefixed by '~'\n" > " Examples:\n" > + " -t all Forward all ports\n" Nit: the examples below have a tab as a separator, which makes it slightly easier to ensure we indent them properly. > + " -t 127.0.0.1/all Forward all ports from local address\n" > + " 127.0.0.1\n" This makes things pretty hard on eyes as it's not consistent with the rest of the "table". Could we perhaps do: " -t ::1/all Forward all ports from ::1\n" ? > " -t 22 Forward local port 22 to 22 on %s\n" > " -t 22:23 Forward local port 22 to 23 on %s\n" > " -t 22,25 Forward ports 22, 25 to ports 22, 25\n" > diff --git a/passt.1 b/passt.1 > index d329f8f0..3ba447d5 100644 > --- a/passt.1 > +++ b/passt.1 > @@ -434,12 +434,6 @@ Configure TCP port forwarding to guest or namespace. \fIspec\fR can be one of: > .BR none > Don't forward any ports > > -.TP > -.BR all > -Forward all unbound, non-ephemeral ports, as permitted by current capabilities. > -For low (< 1024) ports, see \fBNOTES\fR. No failures are reported for > -unavailable ports, unless no ports could be forwarded at all. > - > .TP > .BR auto " " (\fBpasta\fR " " only) > Dynamically forward ports bound in the namespace. The list of ports is > @@ -449,10 +443,20 @@ periodically derived (every second) from listening sockets reported by > .TP > [\fIaddress\fR[\fB%\fR\fIinterface\fR]\fB/\fR]\fIports\fR ... > Specific ports to forward. Optionally, a specific listening address > -and interface name (since Linux 5.7) can be specified. \fIports\fR is > -a comma-separated list of entries which may be any of: > +and interface name (since Linux 5.7) can be specified. \fIports\fR > +may be either: > .RS > .TP > +\fBall\fR > +Forward all unbound, non-ephemeral ports, as permitted by current > +capabilities. For low (< 1024) ports, see \fBNOTES\fR. No failures > +are reported for unavailable ports, unless no ports could be forwarded > +at all. > +.RE > + > +.RS > +or a comma-separated list of entries which may be any of: > +.TP > \fIfirst\fR[\fB-\fR\fIlast\fR][\fB:\fR\fItofirst\fR[\fB-\fR\fItolast\fR]] > Include range. Forward port numbers between \fIfirst\fR and \fIlast\fR > (inclusive) to ports between \fItofirst\fR and \fItolast\fR. If > @@ -473,6 +477,14 @@ unavailable ports, unless no ports could be forwarded at all. > Examples: > .RS > .TP > +-t all > +Forward all unbound, non-ephemeral ports as permitted by current > +capabilities to the corresponding port on the guest or namespace > +.TP > +-t 127.0.0.1/all > +For the local address 127.0.0.1, forward all unbound, non-ephemeral > +ports as permitted by current capabilities. Nit: all the other examples have no dot at the end (I tend to think it fits better this type of list, but all I care about is that it's consistent). > +.TP > -t 22 > Forward local port 22 to port 22 on the guest or namespace > .TP -- Stefano