From: Stefano Brivio <sbrivio@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>
Cc: passt-dev@passt.top, Jon Maloy <jmaloy@redhat.com>,
Laurent Vivier <lvivier@redhat.com>,
Paul Holzinger <pholzing@redhat.com>
Subject: Re: [PATCH v11 19/23] pesto, conf, fwd_rule: Add options and modes to add, delete, clear rules
Date: Thu, 07 May 2026 04:10:33 +0200 (CEST) [thread overview]
Message-ID: <20260507041032.065058a1@elisabeth> (raw)
In-Reply-To: <afvT7vavwqP6droa@zatzit>
On Thu, 7 May 2026 09:51:10 +1000
David Gibson <david@gibson.dropbear.id.au> wrote:
> On Wed, May 06, 2026 at 11:31:51PM +0200, Stefano Brivio wrote:
> > Instead of just being able to add to the existing tables, implement
> > an explicit --clear option to replace them, which now becomes the
> > default behaviour, and implement explicit --add and --delete options
> > to maintain the table and add or delete specific ports.
> >
> > The option --clear PIF forces the clearing of a table, instead.
> >
> > These options can be combined arbitrarily and are handled as
> > sequential commands, as now described in pesto(1).
> >
> > If no option is given before forwarding specifiers for a matching
> > table, the command line is interpreted as a replacement of the
> > existing rules.
> >
> > To this end:
> >
> > - there's no protocol change, as pesto is anyway sending updated
> > copies of the table
> >
> > - the forwarding table functions now include a new fwd_rule_del(),
> > which deletes existing rule only if a matching one is found
> >
> > - a trivial fwd_rule_clear() is factored out from the existing
> > conf_handler() implementation, so that it can be directly used
> > in pesto
> >
> > The entry points for parsing of port specifiers now take an additional
> > 'del' parameter which is passed down all the way before reaching the
> > fwd_rule_add() implementation. If a rule should be deleted, at that
> > point, fwd_rule_del() is called instead.
> >
> > Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> > Reviewed-by: Laurent Vivier <lvivier@redhat.com>
>
> Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
>
> Several concerns below, but they can all be addressed as follow ups.
Just to set expectations: I won't take care of those, mostly because
there are actual blocking issues (not with this series, they would also
be follow up) that I'm trying to take care of instead, see e.g.:
https://github.com/containers/container-libs/pull/755#issuecomment-4392427315
so you'll need to follow up with patches, in case (and expect delays in
reviews).
--
Stefano
next prev parent reply other threads:[~2026-05-07 2:10 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-06 21:31 [PATCH v11 00/23] Dynamic configuration update implementation Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 01/23] conf, fwd: Stricter rule checking in fwd_rule_add() Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 02/23] fwd_rule: Move ephemeral port probing to fwd_rule.c Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 03/23] fwd, conf: Move rule parsing code to fwd_rule.[ch] Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 04/23] fwd_rule: Move conflict checking back within fwd_rule_add() Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 05/23] fwd: Generalise fwd_rules_info() Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 06/23] pif: Limit pif names to 128 bytes Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 07/23] fwd_rule: Fix some format specifiers Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 08/23] pesto: Introduce stub configuration tool Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 09/23] pesto, log: Share log.h (but not log.c) with pesto tool Stefano Brivio
2026-05-06 23:41 ` David Gibson
2026-05-06 21:31 ` [PATCH v11 10/23] pesto, conf: Have pesto connect to passt and check versions Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 11/23] pesto: Expose list of pifs to pesto and display them Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 12/23] ip: Prepare ip.[ch] for sharing with pesto tool Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 13/23] inany: Prepare inany.[ch] " Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 14/23] pesto: Read current ruleset from passt/pasta and optionally display it Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 15/23] pesto: Parse and add new rules from command line Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 16/23] pesto, conf: Send updated rules from pesto back to passt/pasta Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 17/23] conf, fwd: Allow switching to new rules received from pesto Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 18/23] fwd_rule: Fix static checkers warnings in fwd_rule_add() Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 19/23] pesto, conf, fwd_rule: Add options and modes to add, delete, clear rules Stefano Brivio
2026-05-06 23:51 ` David Gibson
2026-05-07 2:10 ` Stefano Brivio [this message]
2026-05-07 3:18 ` David Gibson
2026-05-06 21:31 ` [PATCH v11 20/23] apparmor: Add policy file for pesto Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 21/23] selinux: Add file context and type enforcement " Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 22/23] fedora: Install pesto, its SELinux policy, and the man page from the spec file Stefano Brivio
2026-05-06 21:31 ` [PATCH v11 23/23] hooks: Copy static build of pesto and related man page to server Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260507041032.065058a1@elisabeth \
--to=sbrivio@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=jmaloy@redhat.com \
--cc=lvivier@redhat.com \
--cc=passt-dev@passt.top \
--cc=pholzing@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).