From mboxrd@z Thu Jan 1 00:00:00 1970 Received: by passt.top (Postfix, from userid 1000) id AEF685A0269; Wed, 06 May 2026 11:22:41 +0200 (CEST) From: Stefano Brivio To: passt-dev@passt.top Subject: [PATCH v9 00/23] Dynamic configuration update implementation Date: Wed, 6 May 2026 11:22:18 +0200 Message-ID: <20260506092241.1607480-1-sbrivio@redhat.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: 6BAGWV2SILLETU7KCAVXRKL5BU6IX746 X-Message-ID-Hash: 6BAGWV2SILLETU7KCAVXRKL5BU6IX746 X-MailFrom: sbrivio@passt.top X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Jon Maloy , David Gibson , Laurent Vivier X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Changes in v9: * Rework Makefile changes and solve conflicts so that we can drop the dependency on "Improvements to static checker invocation" * In 8/23, drop the "experimental" note from the man page * In 10/23, switch to protocol version 1, add basil to the magic sauce * In 11/23, initialise struct pesto_pif_info sent by the server (details in commit message) * In 15/23, add description for -s / --show to pesto.1 as well * In 18/23, make comments about redundant checks more verbose * In 19/23, make it clear that tables handled by fwd_rule_del() can't refer to any open socket, add a TODO to fwd_rule_clear() in that sense as well, and use pif_conf_by_name() in pesto to find the table we need to clear * Add 19/23 to 23/23 (LSM policies, packaging stuff) to make pesto ready for shipping Changes in v8: * Implement --add, --delete, and --clear in 19/19, to add forwarding rules instead of replacing tables, delete existing rules, and explicitly clear tables * Address Laurent's comments for 15/19 and 17/19 * In 10/19, instead of passing SOCK_NONBLOCK to accept4(), explicitly set O_NONBLOCK on the listening socket. Using SOCK_NONBLOCK doesn't do what we want, as it results in setting O_NONBLOCK on the new socket rather than on the listening one * Note: 18/19 is left as it is, I didn't address pending comments yet * Note: this doesn't include yet changes for AppArmor and SELinux policies, as well as changes for the template Fedora spec file. I'm still working on them Changes in v7: * Addressed comments from Laurent in 6/18, 8/18, 9/18, 10/18, 11/18, 12/18, 14/18, 15/18 (details in commit messages of single patches, before my Signed-off-by) * Note: this doesn't include yet --add and --delete, I'm still working on that Changes in v6: * Addressed comments from Jon in 10/18, 11/18, 14/18, and 16/18 * Dodged all warnings from static checkers (Coverity Scan and clang-tidy) with changes in 10/18, 11/18, 16/18, and with a new patch, 18/18 * This does *not* include yet the implementation of --add and --delete switches for pesto as I originally intended, I'm rather far from being done with those. At the moment I just have a "mode selection" implementation for command line parsing but merging rules to / removing rules from / clearing the current table is something I barely started (and what I have at the moment isn't really valuable anyway) David wrote: --- Here's the next draft of dynamic configuration updates. This now can successfully update rules, though I've not tested it very extensively. Patches 1..8/18 are preliminary reworks that make sense even without pesto - feel free to apply if you're happy with them. I don't think the rest should be applied yet; we need to at least harden it so passt can't be blocked indefinitely by a client which sends a partial update then waits. Based on my earlier series reworking static checking invocation. TODO: - Don't allow a client which sends a partial configuration then blocks also block passt - Allow pesto to clear existing configuration, not just add - Allow pesto selectively delete existing rules, not just add Changes in v5: * If multiple clients connect at once, they're now blocked until the first one finishes, instead of later ones being discarded Changes in v4: * Merged with remainder of forward rule parsing rework series * Fix some bugs in rule checking pointed out by Laurent * Significantly cleaned up option parsing code * Changed from replacing all existing rules to adding new rules (clear and remove still TBD) * Somewhat simplified protocol (pif names and rules sent in a single pass) * pesto is now allocation free * Fixed commit message and style nits pointed out by Stefano Changes in v3: * Removed already applied ASSERT() rename * Renamed serialisation functions * Incorporated Stefano's extensions, reworked and fixed * Several additional cleanups / preliminary reworks Changes in v2: * Removed already applied cleanups * Reworked assert() patch to handle -DNDEBUG properly * Numerous extra patches: * Factored out serialisation helpers and use them for migration as well * Reworked to allow ip.[ch] and inany.[ch] to be shared with pesto * Reworks to share some forwarding rule datatypes with pesto * Implemented sending pif names and current ruleset to pesto --- David Gibson (17): conf, fwd: Stricter rule checking in fwd_rule_add() fwd_rule: Move ephemeral port probing to fwd_rule.c fwd, conf: Move rule parsing code to fwd_rule.[ch] fwd_rule: Move conflict checking back within fwd_rule_add() fwd: Generalise fwd_rules_info() pif: Limit pif names to 128 bytes fwd_rule: Fix some format specifiers pesto: Introduce stub configuration tool pesto, log: Share log.h (but not log.c) with pesto tool pesto, conf: Have pesto connect to passt and check versions pesto: Expose list of pifs to pesto and display them ip: Prepare ip.[ch] for sharing with pesto tool inany: Prepare inany.[ch] for sharing with pesto tool pesto: Read current ruleset from passt/pasta and optionally display it pesto: Parse and add new rules from command line pesto, conf: Send updated rules from pesto back to passt/pasta conf, fwd: Allow switching to new rules received from pesto Stefano Brivio (6): fwd_rule: Fix static checkers warnings in fwd_rule_add() pesto, conf, fwd_rule: Add options and modes to add, delete, clear rules apparmor: Add policy file for pesto selinux: Add file context and type enforcement for pesto fedora: Install pesto, its SELinux policy, and the man page from the spec file hooks: Copy static build of pesto and related man page to server .gitignore | 2 + Makefile | 35 +- common.h | 116 ++++++ conf.c | 696 +++++++++++++++------------------ conf.h | 2 + contrib/apparmor/usr.bin.pesto | 23 ++ contrib/fedora/passt.spec | 14 +- contrib/selinux/pesto.fc | 11 + contrib/selinux/pesto.te | 95 +++++ epoll_type.h | 4 + flow.c | 4 +- fwd.c | 169 ++------ fwd.h | 41 +- fwd_rule.c | 691 ++++++++++++++++++++++++++++++-- fwd_rule.h | 68 +++- hooks/pre-push | 1 + inany.c | 19 +- inany.h | 17 +- ip.c | 56 +-- ip.h | 4 +- lineread.c | 2 +- log.h | 53 ++- passt.1 | 5 + passt.c | 8 + passt.h | 8 + pesto.1 | 275 +++++++++++++ pesto.c | 522 +++++++++++++++++++++++++ pesto.h | 54 +++ pif.c | 2 +- pif.h | 7 +- serialise.c | 7 + serialise.h | 1 + siphash.h | 13 + tap.c | 52 +++ util.h | 110 +----- 35 files changed, 2393 insertions(+), 794 deletions(-) create mode 100644 common.h create mode 100644 contrib/apparmor/usr.bin.pesto create mode 100644 contrib/selinux/pesto.fc create mode 100644 contrib/selinux/pesto.te create mode 100644 pesto.1 create mode 100644 pesto.c create mode 100644 pesto.h -- 2.43.0