From mboxrd@z Thu Jan  1 00:00:00 1970
Received: by passt.top (Postfix, from userid 1000)
	id B88265A0269; Wed, 06 May 2026 23:31:55 +0200 (CEST)
From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH v11 00/23] Dynamic configuration update implementation
Date: Wed,  6 May 2026 23:31:32 +0200
Message-ID: <20260506213155.1886983-1-sbrivio@redhat.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: PMQBLWXZPINCSQL3RNPFUCPK37WNCFBC
X-Message-ID-Hash: PMQBLWXZPINCSQL3RNPFUCPK37WNCFBC
X-MailFrom: sbrivio@passt.top
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jon Maloy <jmaloy@redhat.com>, David Gibson <david@gibson.dropbear.id.au>, Laurent Vivier <lvivier@redhat.com>, Paul Holzinger <pholzing@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260506213155.1886983-1-sbrivio@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/PMQBLWXZPINCSQL3RNPFUCPK37WNCFBC/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Changes in v11:
 * Drop debugging left-overs in 10/23, reported by Paul
 * In 9/23, don't declare argv as const argument for conf_pasta_ns(),
   because some versions of gcc (perhaps depending on the glibc
   version?), at least gcc 16.0.1 from Fedora Rawhide, are not happy
   with that. Suppress the cppcheck warning instead
 
Changes in v10:
 * For some reason, changes in 9/23 now trigger seemingly unrelated,
   but valid, cppcheck warnings: fix them directly there
 * In 19/23, only consider exact matches for rules we're deleting,
   report an error if there are conflicts that are not exact matches.
   Further, address (other) comments by Laurent: a typo in the man
   page, a typo in a comment in fwd_rule_del(), and a serious issue
   in pesto's main where we would use the "inbound" table for -T / -U

Changes in v9:
 * Rework Makefile changes and solve conflicts so that we can drop the
   dependency on "Improvements to static checker invocation"
 * In 8/23, drop the "experimental" note from the man page
 * In 10/23, switch to protocol version 1, add basil to the magic sauce
 * In 11/23, initialise struct pesto_pif_info sent by the server
   (details in commit message)
 * In 15/23, add description for -s / --show to pesto.1 as well
 * In 18/23, make comments about redundant checks more verbose
 * In 19/23, make it clear that tables handled by fwd_rule_del() can't
   refer to any open socket, add a TODO to fwd_rule_clear() in that
   sense as well, and use pif_conf_by_name() in pesto to find the
   table we need to clear
 * Add 19/23 to 23/23 (LSM policies, packaging stuff) to make pesto
   ready for shipping

Changes in v8:
 * Implement --add, --delete, and --clear in 19/19, to add forwarding
   rules instead of replacing tables, delete existing rules, and
   explicitly clear tables
 * Address Laurent's comments for 15/19 and 17/19
 * In 10/19, instead of passing SOCK_NONBLOCK to accept4(), explicitly
   set O_NONBLOCK on the listening socket. Using SOCK_NONBLOCK doesn't
   do what we want, as it results in setting O_NONBLOCK on the new
   socket rather than on the listening one
 * Note: 18/19 is left as it is, I didn't address pending comments
   yet
 * Note: this doesn't include yet changes for AppArmor and SELinux
   policies, as well as changes for the template Fedora spec file.
   I'm still working on them

Changes in v7:
 * Addressed comments from Laurent in 6/18, 8/18, 9/18, 10/18, 11/18,
   12/18, 14/18, 15/18 (details in commit messages of single patches,
   before my Signed-off-by)
 * Note: this doesn't include yet --add and --delete, I'm still
   working on that

Changes in v6:
 * Addressed comments from Jon in 10/18, 11/18, 14/18, and 16/18
 * Dodged all warnings from static checkers (Coverity Scan and
   clang-tidy) with changes in 10/18, 11/18, 16/18, and with a
   new patch, 18/18
 * This does *not* include yet the implementation of --add and
   --delete switches for pesto as I originally intended, I'm
   rather far from being done with those. At the moment I just
   have a "mode selection" implementation for command line
   parsing but merging rules to / removing rules from / clearing
   the current table is something I barely started (and what I
   have at the moment isn't really valuable anyway)

David wrote:

---
Here's the next draft of dynamic configuration updates.  This now can
successfully update rules, though I've not tested it very extensively.

Patches 1..8/18 are preliminary reworks that make sense even without
pesto - feel free to apply if you're happy with them.  I don't think
the rest should be applied yet; we need to at least harden it so passt
can't be blocked indefinitely by a client which sends a partial update
then waits.

Based on my earlier series reworking static checking invocation.

TODO:
 - Don't allow a client which sends a partial configuration then
   blocks also block passt
 - Allow pesto to clear existing configuration, not just add
 - Allow pesto selectively delete existing rules, not just add

Changes in v5:
 * If multiple clients connect at once, they're now blocked until the
   first one finishes, instead of later ones being discarded
Changes in v4:
 * Merged with remainder of forward rule parsing rework series
   * Fix some bugs in rule checking pointed out by Laurent
 * Significantly cleaned up option parsing code
 * Changed from replacing all existing rules to adding new rules
   (clear and remove still TBD)
 * Somewhat simplified protocol (pif names and rules sent in a single
   pass)
 * pesto is now allocation free
 * Fixed commit message and style nits pointed out by Stefano
Changes in v3:
 * Removed already applied ASSERT() rename
 * Renamed serialisation functions
 * Incorporated Stefano's extensions, reworked and fixed
 * Several additional cleanups / preliminary reworks
Changes in v2:
 * Removed already applied cleanups
 * Reworked assert() patch to handle -DNDEBUG properly
 * Numerous extra patches:
   * Factored out serialisation helpers and use them for migration as
     well
   * Reworked to allow ip.[ch] and inany.[ch] to be shared with pesto
   * Reworks to share some forwarding rule datatypes with pesto
   * Implemented sending pif names and current ruleset to pesto
---

David Gibson (17):
  conf, fwd: Stricter rule checking in fwd_rule_add()
  fwd_rule: Move ephemeral port probing to fwd_rule.c
  fwd, conf: Move rule parsing code to fwd_rule.[ch]
  fwd_rule: Move conflict checking back within fwd_rule_add()
  fwd: Generalise fwd_rules_info()
  pif: Limit pif names to 128 bytes
  fwd_rule: Fix some format specifiers
  pesto: Introduce stub configuration tool
  pesto, log: Share log.h (but not log.c) with pesto tool
  pesto, conf: Have pesto connect to passt and check versions
  pesto: Expose list of pifs to pesto and display them
  ip: Prepare ip.[ch] for sharing with pesto tool
  inany: Prepare inany.[ch] for sharing with pesto tool
  pesto: Read current ruleset from passt/pasta and optionally display it
  pesto: Parse and add new rules from command line
  pesto, conf: Send updated rules from pesto back to passt/pasta
  conf, fwd: Allow switching to new rules received from pesto

Stefano Brivio (6):
  fwd_rule: Fix static checkers warnings in fwd_rule_add()
  pesto, conf, fwd_rule: Add options and modes to add, delete, clear
    rules
  apparmor: Add policy file for pesto
  selinux: Add file context and type enforcement for pesto
  fedora: Install pesto, its SELinux policy, and the man page from the
    spec file
  hooks: Copy static build of pesto and related man page to server

 .gitignore                     |   2 +
 Makefile                       |  35 +-
 common.h                       | 116 ++++++
 conf.c                         | 696 ++++++++++++++------------------
 conf.h                         |   2 +
 contrib/apparmor/usr.bin.pesto |  23 ++
 contrib/fedora/passt.spec      |  14 +-
 contrib/selinux/pesto.fc       |  11 +
 contrib/selinux/pesto.te       |  95 +++++
 epoll_type.h                   |   4 +
 flow.c                         |   4 +-
 fwd.c                          | 169 ++------
 fwd.h                          |  41 +-
 fwd_rule.c                     | 705 +++++++++++++++++++++++++++++++--
 fwd_rule.h                     |  68 +++-
 hooks/pre-push                 |   1 +
 inany.c                        |  19 +-
 inany.h                        |  17 +-
 ip.c                           |  56 +--
 ip.h                           |   4 +-
 lineread.c                     |   2 +-
 log.h                          |  53 ++-
 passt.1                        |   5 +
 passt.c                        |   8 +
 passt.h                        |   8 +
 pasta.c                        |   4 +-
 pesto.1                        | 275 +++++++++++++
 pesto.c                        | 522 ++++++++++++++++++++++++
 pesto.h                        |  54 +++
 pif.c                          |   2 +-
 pif.h                          |   7 +-
 serialise.c                    |   7 +
 serialise.h                    |   1 +
 siphash.h                      |  13 +
 tap.c                          |  64 ++-
 util.h                         | 110 +----
 36 files changed, 2419 insertions(+), 798 deletions(-)
 create mode 100644 common.h
 create mode 100644 contrib/apparmor/usr.bin.pesto
 create mode 100644 contrib/selinux/pesto.fc
 create mode 100644 contrib/selinux/pesto.te
 create mode 100644 pesto.1
 create mode 100644 pesto.c
 create mode 100644 pesto.h

-- 
2.43.0