From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=W27WN2m6; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id DA6F35A0262 for ; Tue, 05 May 2026 12:15:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1777976119; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KQovOAw+9sYVWsjbXvGxMYs9IAcjiG3nDE3Z4kc3fwI=; b=W27WN2m6QICCT8SBZpeX/cEB5ntiyZ6IBd/+eV18miN9GtUoJvxNvRMlXkBOvmbxHc2Aan LwoM0C7S88gLFNfV03pS6azWb8VWGrCq7SvUa+sCVoAnzcN0NFORWt8oGVFMY37Qvq8jPM 8QRnh9Vj+iiYAc/O4V84LAbn7aMwbno= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-509-iQbJ3z-5N7inMApM_FKWkg-1; Tue, 05 May 2026 06:15:18 -0400 X-MC-Unique: iQbJ3z-5N7inMApM_FKWkg-1 X-Mimecast-MFC-AGG-ID: iQbJ3z-5N7inMApM_FKWkg_1777976117 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-48919890a95so33063385e9.2 for ; Tue, 05 May 2026 03:15:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777976117; x=1778580917; h=date:content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KQovOAw+9sYVWsjbXvGxMYs9IAcjiG3nDE3Z4kc3fwI=; b=bnG6Ak/I+WYbGcc6MOF0J6zCDneO8R+mHB7bIGnacs5Nf2ISqpb1i8yNWs8dYaG6KO M7SYch4IZAeDQvR1QEELm2DmPDU5uSHMK7tgdOTKjqQ0FD/bPf3s62oPWpoPaBOxRAIz XWsYOmk3UVHNPlAOuzYkUPIR1rL6FOXcaAVSlJ1WEWUMJeyq3ncw54hGGaWfmT+HIjQA gnp0lPyVCBhK8okpgEL/dS8hkK79DORX8zGALYAMRsZlOmDszPSTqzXO2SSYYIQs3Tpt j2my34SafF+7JC2eGQmhtB/TO0mEV1kVqIJ6ZiKLd2SwGchSJj+SxIMeCxV2jCRLRJ2e 0v0Q== X-Forwarded-Encrypted: i=1; AFNElJ9tMy+5f3Hma+aeFnbrojHG8VR5dyGYKF+gmTIjACZRwyGBdRAxSHdrM2Txh4M49HHGXjFNmOUWl9E=@passt.top X-Gm-Message-State: AOJu0Yxnbxi7/YaKQSuLg+Wzz5IDWN0QAvLWm804yAsiY/feAgTj1za2 5umiA92SFjeAig7u5ANJCy/akhRG1EzDUAqwA+61H/7+mKtc03z2FvXpS2VneRxFj3DhNB8dVe6 JEfUT9UWaMZKOVOWyfttGEp8DYa7nyNhm3Wl5RmMBJqn6hT5PrTndwA== X-Gm-Gg: AeBDievX1tWv9XkpZWbXKxNPAN2+1mNQTUpHbVxmWkZm7/ZsxfBNIfSHeLHTd0Ky6gH Y88s/zwOWXLYQulVCZhBnAgNqyt7cy8djGpl53OlvlIJYWS4lIKQNadbFVWOCSaeXz+X1+v4Tf5 TjoUehp60v4i4r/8gunvFV2gXw5rwJnyuvpIjiqcIA6hEnm5SE0hye5hCpAxWmqexYe9DV7G2p8 teyONzQtGB3GahBecFNAEDfQRdE9bLSNn91l2qDqo/qSOf5twtRYZcJdwh52VP29E90GioF9QLm MbNb4ehuM+xqHdSaTlSWxxvzv/On3xOEXBxkvQvkx63c43vGp6a9PdbqcrWtBhLrP/SAgTyBxEs ZlDzfRVzKUdkv9z4Ec2wVHkVXAb97c//ok0MO5Y2fcM76q0vOFb+NSMlUsftS X-Received: by 2002:a05:600c:828a:b0:488:78f2:6b0 with SMTP id 5b1f17b1804b1-48a986790e9mr222028585e9.29.1777976117069; Tue, 05 May 2026 03:15:17 -0700 (PDT) X-Received: by 2002:a05:600c:828a:b0:488:78f2:6b0 with SMTP id 5b1f17b1804b1-48a986790e9mr222027955e9.29.1777976116473; Tue, 05 May 2026 03:15:16 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8ebc4201sm547159975e9.15.2026.05.05.03.15.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 May 2026 03:15:15 -0700 (PDT) From: Stefano Brivio To: David Gibson Subject: Re: [PATCH v7 17/18] conf, fwd: Allow switching to new rules received from pesto Message-ID: <20260505121513.2ce28bfd@elisabeth> In-Reply-To: References: <20260504231142.1118652-1-sbrivio@redhat.com> <20260504231142.1118652-18-sbrivio@redhat.com> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 Date: Tue, 05 May 2026 12:15:14 +0200 (CEST) X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: wAgvI_cO9K9MQX8MZC7YyBv3xd8lRwn-z7Y8Gbs2Fv0_1777976117 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: CLBTZ6FHMBVSQYHLZPQYGXRVIMDAXTHP X-Message-ID-Hash: CLBTZ6FHMBVSQYHLZPQYGXRVIMDAXTHP X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Laurent Vivier , passt-dev@passt.top, Jon Maloy X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Tue, 5 May 2026 19:53:43 +1000 David Gibson wrote: > On Tue, May 05, 2026 at 11:08:27AM +0200, Laurent Vivier wrote: > > On 5/5/26 01:11, Stefano Brivio wrote: > > > From: David Gibson > > > > > > We can now receive updates to the forwarding rules from the pesto client > > > and store them in a "pending" copy of the forwarding tables. Implement > > > switching to using the new rules. > > > > > > The logic is in a new fwd_listen_switch(). For now this closes all > > > listening sockets related to the old tables, swaps the active and pending > > > tables, then listens based on the new tables. In future we look to improve > > > this so that we don't temporarily stop listening on ports that both the > > > old and new tables specify. > > > > > > Signed-off-by: David Gibson > > > Signed-off-by: Stefano Brivio > > > --- > > > conf.c | 5 ++--- > > > fwd.c | 34 ++++++++++++++++++++++++++++++++++ > > > fwd.h | 1 + > > > 3 files changed, 37 insertions(+), 3 deletions(-) > > > > > > diff --git a/conf.c b/conf.c > > > index f035fd3..75b8291 100644 > > > --- a/conf.c > > > +++ b/conf.c > > > @@ -2159,15 +2159,14 @@ void conf_handler(struct ctx *c, uint32_t events) > > > fwd_rules_dump(info, fwd->rules, fwd->count, > > > " ", ""); > > > } > > > + > > > + fwd_listen_switch(c); > > > } > > > if (events & EPOLLHUP) { > > > debug("Configuration client hangup"); > > > - goto close; > > > } > > > - return; > > > - > > > close: > > > conf_close(c); > > > diff --git a/fwd.c b/fwd.c > > > index d93d2e5..35b9e2b 100644 > > > --- a/fwd.c > > > +++ b/fwd.c > > > @@ -534,6 +534,40 @@ int fwd_listen_init(const struct ctx *c) > > > return 0; > > > } > > > +/** > > > + * fwd_listen_switch() - Switch from current to pending rules table > > > + * @c: Execution context > > > + */ > > > +void fwd_listen_switch(struct ctx *c) > > > +{ > > > + struct fwd_table *tmp[PIF_NUM_TYPES]; > > > + unsigned i; > > > + > > > + /* Stop listening on the old tables */ > > > + for (i = 0; i < PIF_NUM_TYPES; i++) { > > > + struct fwd_table *fwd = c->fwd[i]; > > > + > > > + if (!fwd) > > > + continue; > > > + > > > + debug("Flushing %u old %s rules", fwd->count, pif_name(i)); > > > + fwd_listen_close(fwd); > > > + fwd->count = fwd->sock_count = 0; > > > > Perhaps we can reset fwd->count and fwd->sock_count in fwd_listen_close() as > > after fwd_listen_close() these values are wrong? > > No, they're not. fwd_listen_close() closes the listening sockets, but > it doesn't remove the rules. fwd->sock_count isn't the number of > *open* listening sockets, it's the maximum potential number of sockets > for all the rules. Having some or all of the sockets close (-1 stored > in the array) is an allowed state. It's rare for most rules, but > routine for SCAN ("auto") rules. Ah, oops, I didn't realise that would be the case for "auto" rules. I'll leave this part as it is then. -- Stefano