From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=jM9LDxU7;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTPS id E333D5A065C
	for <passt-dev@passt.top>; Sun, 03 May 2026 23:56:46 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1777845405;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Aq5KhLEvtfDE3GtVZemLDiaOf735Vr3+aEFLySgcpk0=;
	b=jM9LDxU7TF+n2hn6sC2mrHi6ESuUDCk7/IDs8h5HJOCA2U9FgUwRDQAVzyqvFjCnXwRYfe
	n8sI9ceEExycsDcB41x3UlFXvmL7ZrOysTfZxZz4u8auLTB9M3lPH8qodazolkox5BLlFm
	zUw3xnJwl1OvyJhNJftGSigIsWwkmy4=
Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com
 [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-101-a1sUsxdqN7ampAmHvJcIyQ-1; Sun, 03 May 2026 17:56:44 -0400
X-MC-Unique: a1sUsxdqN7ampAmHvJcIyQ-1
X-Mimecast-MFC-AGG-ID: a1sUsxdqN7ampAmHvJcIyQ_1777845403
Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-4836abfc742so27311695e9.0
        for <passt-dev@passt.top>; Sun, 03 May 2026 14:56:44 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777845403; x=1778450203;
        h=date:content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Aq5KhLEvtfDE3GtVZemLDiaOf735Vr3+aEFLySgcpk0=;
        b=h2qwsvAHtifByKEj13OcSHuP5Vhz9/cSjdCu0ouyaHsEidnm+FV91vFj7WigaJq92X
         7EjGIY0oC31KeBmVUsr0e98WUmBlCf9oOObdUEHhIBbqzKL2VVDSflI4nZYHYt5Fb6uo
         Mt3dzRnu5UgiH14pFh6p8l1r4D4DPv/Cdwm/c2S8RxEnVjKNhnHtX3SUJi3hwVwJO+Rq
         n/l1K3fJH3VqyLUCltJjRZqEjADU2fEfdjAsCm80diDyjPAxF3hxi1gIrq7shAGujfqI
         hA28/xkuaN6evFqSk8yo7KU4Jb03qxUNgGMft7n0zSV96MDrsS2R8OPw3yZp/FmwU3Nn
         +Upg==
X-Forwarded-Encrypted: i=1; AFNElJ+l8o+Wgh1/1zf9zr/Nnm+gmQJwCsuVBYKC8ATdBZTjzCAVRz+qTi+jYu6t3KQ1osWOAxsAenzbN4A=@passt.top
X-Gm-Message-State: AOJu0YwPvb1fCQ7XNwFm76lAYUMxndxiDKI+PWFtdEJmOvxfR7NINQ3P
	N0CPEHnuTIj1yf/Ui13jY/3cHdubASCwBnMw53b3fMojyLEp0cr2EgegjWPCNhraOVqCDl1xgDX
	7tHaIx1Ff67AFYOtNYpc3XgbkMbym/GdlFDQlz/k4SQgmxoJze0FHTQ==
X-Gm-Gg: AeBDievCIpwGRo4qFd1XsR36WUoZzl6qEs+Fnh2MghWl4GAVuhNY8dUu5Oc3NzztIx7
	gMWcf2zC13RxHeA/cTfuL5bg6xryzOq9xP3ni45d/UUKLaMzMOg4vucYdEkBySXV4fKBknOcLXn
	JI44ahbKJcch1irRERsnIeoIp4U5BVG5d7c4VGl17McjWOcJ8a3IkHJeTnGncFpp7UAO+IasWM2
	2q+iUnRcCiZ9zRdSj4n43vRuVbjh0HHnohTe9G1TjXsYxqBgAcB88r2h9Dwxzw1UKYeN1iS4qhd
	FsMC51A1I5zKKokvSUlQ2uaa586IjTKk62VTSR6z/Jo2mpFHayKo5c8kyokpc7kTAP4l9akL2H4
	ldJ/3gS67M2iz0MKjuEgnGvfZd8FT9lu+PJM1J2ZBD4g=
X-Received: by 2002:a05:600c:8b0f:b0:488:ab1d:dcc5 with SMTP id 5b1f17b1804b1-48a986734c9mr118903885e9.27.1777845403383;
        Sun, 03 May 2026 14:56:43 -0700 (PDT)
X-Received: by 2002:a05:600c:8b0f:b0:488:ab1d:dcc5 with SMTP id 5b1f17b1804b1-48a986734c9mr118903655e9.27.1777845402823;
        Sun, 03 May 2026 14:56:42 -0700 (PDT)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48af0d5a613sm69078095e9.2.2026.05.03.14.56.41
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 03 May 2026 14:56:41 -0700 (PDT)
From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Subject: Re: [PATCH v5 17/18] pesto, conf: Send updated rules from pesto
 back to passt/pasta
Message-ID: <20260503235640.01a73fcd@elisabeth>
In-Reply-To: <afGVYIy177_ucK7g@zatzit>
References: <20260421062516.2601204-1-david@gibson.dropbear.id.au>
	<20260421062516.2601204-18-david@gibson.dropbear.id.au>
	<9c7a09d6-b4f2-429f-b5c9-7aed19a81902@redhat.com>
	<20260425113604.045c7a72@elisabeth>
	<afGVYIy177_ucK7g@zatzit>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Date: Sun, 03 May 2026 23:56:41 +0200 (CEST)
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: s1OCSmOWIpNvb6yasj0SgSiBRIum2mSZT4AIUiXwx3A_1777845403
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: GVUKEHKC4OZB3DFXLFY6QGIQHFBFZRYU
X-Message-ID-Hash: GVUKEHKC4OZB3DFXLFY6QGIQHFBFZRYU
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jon Maloy <jmaloy@redhat.com>, passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260503235640.01a73fcd@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/GVUKEHKC4OZB3DFXLFY6QGIQHFBFZRYU/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Wed, 29 Apr 2026 15:21:36 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:

> On Sat, Apr 25, 2026 at 11:36:05AM +0200, Stefano Brivio wrote:
> > On Fri, 24 Apr 2026 18:38:57 -0400
> > Jon Maloy <jmaloy@redhat.com> wrote:
> >   
> > > On 2026-04-21 02:25, David Gibson wrote:  
> > > > Extend pesto to send the updated rule configuration back to passt/pasta.
> > > > Extend passt/pasta to read the new configuration and store the new rules in
> > > > a "pending" table.   We don't yet attempt to activate them.
> > > > 
> > > > Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> > > > Message-ID: <20260322141843.4095972-3-sbrivio@redhat.com>
> > > > [dwg: Based on an early draft from Stefano]\
> > > > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>    
> > > 
> > > [...]  
> > > >   
> > > > +/**
> > > > + * conf_recv_rules() - Receive forwarding rules from configuration client
> > > > + * @c:		Execution context
> > > > + * @fd:		Socket to the client
> > > > + *
> > > > + * Return: 0 on success, -1 on failure
> > > > + */
> > > > +static int conf_recv_rules(const struct ctx *c, int fd)
> > > > +{
> > > > +	while (1) {
> > > > +		struct fwd_table *fwd;
> > > > +		struct fwd_rule r;
> > > > +		uint32_t count;
> > > > +		uint8_t pif;
> > > > +		unsigned i;
> > > > +
> > > > +		if (read_u8(fd, &pif))
> > > > +			return -1;
> > > > +
> > > > +		if (pif == PIF_NONE)
> > > > +			break;
> > > > +
> > > > +		if (pif >= ARRAY_SIZE(c->fwd_pending) ||
> > > > +		    !(fwd = c->fwd_pending[pif])) {
> > > > +			err("Received rules for non-existent table");
> > > > +			return -1;
> > > > +		}
> > > > +
> > > > +		if (read_u32(fd, &count))
> > > > +			return -1;
> > > > +
> > > > +		if (count > MAX_FWD_RULES) {
> > > > +			err("Received %"PRIu32" rules (maximum %u)",
> > > > +			    count, MAX_FWD_RULES);
> > > > +			return -1;
> > > > +		}
> > > > +
> > > > +		for (i = 0; i < count; i++) {
> > > > +			fwd_rule_read(fd, &r);    
> > > 
> > > Since we don't check the return value I think we risk passing an only 
> > > partially initialized fwd_rule to fwd_rule_add() if the read fails.
> > > Maybe:
> > >    if (fwd_rule_read(fd, &r))
> > >        return -1;  
> > 
> > Right, yes, that makes sense in general, even though I think this will
> > need a small rework (I didn't get to that yet) to implement this point
> > of the to-do list (see cover letter):
> >   
> > > - Don't allow a client which sends a partial configuration then
> > >   blocks also block passt  
> 
> Right.  In retrospect this requirement makes the way I structured the
> helpers in serialise.c not so helpful after all.
> 
> > ...because at that point we'll want to permit partial reads and keep a
> > buffer with a counter of received bytes (perhaps rules / PIFs too).
> > 
> > But actually it doesn't even need to be in this series or in a first
> > implementation. It could simply be a limitation (in that case, I'll add
> > the return -1 you suggest).
> > 
> > A user who can connect to passt could anyway configure it to be useless
> > so I don't see any particular security concern with it.  
> 
> That's a good point.  At the moment the limitations of the protocol
> (specifically the lack of TAP rules) limits the amount of damage a
> client can do, but we do hope to extend that, so I think the argument
> makes sense anyway.

Good, changed to include return -1 in v6.

-- 
Stefano