From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=M/N05lXd; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 2E67E5A0262 for ; Thu, 02 Jul 2026 07:31:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1782970281; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6VL7WLTMYtn4m1ecIPWFXValwYJIRcY/UiAxrLaHyuE=; b=M/N05lXdRsYW5YuZPdNHZOvuLqjy491sO4/vgRNSKuXtKMb/rI0825C+ZgRRrzpJOwbB4C KsqTGvKTSfcAljTgbq8nDmCnQn1O98CN0tSWaxPVt7qbxY5SqC32ZzfDhp+/pKoHIsWmGN BKVBFMb3WrhMbU8F0HniWQdpyhl6cyk= Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-692--Gga185UN06s18ytLzY19g-1; Thu, 02 Jul 2026 01:31:19 -0400 X-MC-Unique: -Gga185UN06s18ytLzY19g-1 X-Mimecast-MFC-AGG-ID: -Gga185UN06s18ytLzY19g_1782970279 Received: by mail-wr1-f71.google.com with SMTP id ffacd0b85a97d-470cb859d96so848102f8f.3 for ; Wed, 01 Jul 2026 22:31:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782970278; x=1783575078; h=date:content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6VL7WLTMYtn4m1ecIPWFXValwYJIRcY/UiAxrLaHyuE=; b=SKyBTE8lYG2qskXoRrBiJuz/cW5wMzw1Boi6BgyT5v2WK6NKmjPAPmiM/B3dOdBXOw sAsXTB3+o4UEkgmcmB5y4YLeDeQStLqJb6UbvZH6lh2oplHwUkhOp4JMlQR05lyraae4 oZMoO5kipUUtXgmrNW5Kv2cegI3csTLrl/+G+5EPXD6u9bLv9dFYCwDD6xMRyFga5GNy Y/tDyq41jkXTFBYuGAZqMzeySpurLnjIoOMuaNMUobnvfPdF/yQvZT0ChQp3MmcqqI1P B1zH8wRRRYn0VNfQvFqaYssbLGEQqh+vQDUe8zw8K8sJXNtaaYcSbQhJkZIXjehX2Zfb tKBA== X-Gm-Message-State: AOJu0YyaEPFXUY9aJ0JrCL8WdvjpICxlbPMUa8aRXrK4u1VVhBXZbmua lSTLR/IXj4yk30t4Aif9jGFoeiwZde1vgHHEFvtahmBguf/WJQdJ01L1VzHiNBzkOlKM7jQ4tJk FjqyzZ3UJeZVpC5Y0G5BCII+GoMXMR19m0mNAbe+XeLBLH0a08xsPwGLRqPFYFw== X-Gm-Gg: AfdE7cmGhbeoyu32rkGT1iF4hc1OL1oEKmsWf9B7XW9cMsYGeamEjGGSeqKVfFcdyMK 9+0H7k4BXqSnmUTu0clVpex4k5XeL5+pqEuBjRPhyASyT7BItQgGZySEispEOG4hJkaUjz4FlPs 6be7Is4yhv3BqqXoAUmwfUjP15VETGCq7O6hXEVUjopUHZIV916qB0yZhC88PuAzbyFBsUPgLSP v/6YNe2Tk0OUbnyAf4AOOa8dfTowqUbCF92HQFrWbhmMvm1kqCHU1ZANfqJ/1n8GWewgsmN0H22 xW2uq5d/OOVkdhlj8Mgbn9efFEH1FyBhdOWOwEZCLSYVtrFOa+n8p1ZbfdePnpLCYuZKU3KCbKm S1V1+nFXNkpp+EjUvye2xfA== X-Received: by 2002:a05:6000:468a:b0:475:f0f0:9ec9 with SMTP id ffacd0b85a97d-477b5a526f4mr3420449f8f.52.1782970278325; Wed, 01 Jul 2026 22:31:18 -0700 (PDT) X-Received: by 2002:a05:6000:468a:b0:475:f0f0:9ec9 with SMTP id ffacd0b85a97d-477b5a526f4mr3420415f8f.52.1782970277650; Wed, 01 Jul 2026 22:31:17 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-477db8a4b83sm6554176f8f.12.2026.07.01.22.31.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Jul 2026 22:31:16 -0700 (PDT) From: Stefano Brivio To: David Gibson Subject: Re: [PATCH 1/3] fwd_rule: Parse target adddresses for forwarding rules Message-ID: <20260702073109.35613343@elisabeth> In-Reply-To: References: <20260701070811.1944139-1-david@gibson.dropbear.id.au> <20260701070811.1944139-2-david@gibson.dropbear.id.au> <20260702065821.745bbd05@elisabeth> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 Date: Thu, 02 Jul 2026 07:31:10 +0200 (CEST) X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: QzHls08nTGooRoXbsaNEB1eXbFGKFyxrIwV5pr75jE4_1782970279 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: YQXEV22FQ2MOEXOEXOXE5UARRM3XIORL X-Message-ID-Hash: YQXEV22FQ2MOEXOEXOXE5UARRM3XIORL X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Thu, 2 Jul 2026 15:21:29 +1000 David Gibson wrote: > On Thu, Jul 02, 2026 at 06:58:23AM +0200, Stefano Brivio wrote: > > Nit, in the title: addresses. > > Received this moments before I was going to send out a v2 :) > > Fixed the title. > > > On Wed, 1 Jul 2026 17:08:09 +1000 > > David Gibson wrote: > > > > > Extend the parsing of forwarding rules (-[tu]) to allow the destination > > > address on the target side to be specified. For now just parse them, and > > > give an error if we try to create rules with a specified target address. > > > We'll implement the actual forwarding logic in another patch. > > > > > > Format (for either command line or pesto): > > > -t 2222:192.0.2.1/2222 > > > > > > This should work along with all the other bits, that is, say: > > > -t 192.0.2.1%eth0/2222-2225:192.0.2.2/22-25 > > > > > > FIXME: Ban for -[TU] for now > > > FIXME: Check interaction with splice handling > > > > > > Signed-off-by: Stefano Brivio > > > [dwg: Syntax from Stefano's earlier draft, largely rewritten on top of new > > > parsing helpers] > > > Signed-off-by: David Gibson > > > --- > > > fwd_rule.c | 38 +++++++++++++++++++++++++++++++------- > > > 1 file changed, 31 insertions(+), 7 deletions(-) > > > > > > diff --git a/fwd_rule.c b/fwd_rule.c > > > index ca409eaf..e8abc884 100644 > > > --- a/fwd_rule.c > > > +++ b/fwd_rule.c > > > @@ -378,14 +378,17 @@ int fwd_rule_add(struct fwd_table *fwd, const struct fwd_rule *new) > > > * @first: First port to forward > > > * @last: Last port to forward > > > * @exclude: Bitmap of ports to exclude (may be NULL) > > > - * @to: Port to translate @first to when forwarding > > > + * @tgt_addr: Destination address on the target side > > > + * @tgt_first: Destination port to use for @first on the traget side > > > > Nit: target. > > Fixed. > > > > > > * @flags: Flags for forwarding entries > > > */ > > > static void fwd_rule_range_except(struct fwd_table *fwd, bool del, > > > uint8_t proto, const union inany_addr *addr, > > > const char *ifname, > > > uint16_t first, uint16_t last, > > > - const uint8_t *exclude, uint16_t to, > > > + const uint8_t *exclude, > > > + const union inany_addr *tgt_addr, > > > + uint16_t tgt_first, > > > uint8_t flags) > > > { > > > struct fwd_rule rule = { > > > @@ -395,9 +398,17 @@ static void fwd_rule_range_except(struct fwd_table *fwd, bool del, > > > .flags = flags, > > > }; > > > char rulestr[FWD_RULE_STRLEN]; > > > - unsigned delta = to - first; > > > + unsigned delta = tgt_first - first; > > > > Nit: should be moved above now. > > Fixed. > > > > unsigned base, i; > > > > > > + if (tgt_addr && !inany_is_unspecified(tgt_addr)) { > > > + char astr[INANY_ADDRSTRLEN]; > > > + > > > + info("Target address: %s", > > > + inany_ntop(tgt_addr, astr, sizeof(astr))); > > > + die("Target address remapping not yet implemented"); > > > + } > > > + > > > if (!addr) > > > rule.flags |= FWD_DUAL_STACK_ANY; > > > if (ifname) { > > > @@ -458,14 +469,17 @@ enum fwd_port_chunk_kind { > > > * @cursor: Parsing point (see parse.c) > > > * @kindp: Updated with kind of chunk we parsed > > > * @lrange: Updated with listening port range (for INCLUDE & EXCLUDE) > > > + * @taddr: Updated with target address (for INCLUDE) > > > * @trange: Updated with target port range (for INCLUDE) > > > */ > > > static bool parse_port_chunk(const char **cursor, > > > enum fwd_port_chunk_kind *kindp, > > > struct port_range *lrange, > > > + union inany_addr *taddr, > > > struct port_range *trange) > > > { > > > struct port_range lr = { 0 }, tr = { 0 }; > > > + union inany_addr taddr_tmp = inany_any6; > > > enum fwd_port_chunk_kind kind; > > > const char *p = *cursor; > > > > > > @@ -481,6 +495,12 @@ static bool parse_port_chunk(const char **cursor, > > > kind = CHUNK_INCLUDE; > > > > > > if (parse_literal(&p, ":")) { > > > + const char *tgtspec = p; > > > + > > > + if (!parse_inany(&p, &taddr_tmp) || > > > + !parse_literal(&p, "/")) > > > > This is to support ":/PORT" together with ":ADDR/PORT", right? > > No, this is checking for the case where we didn't get a target address > at all. De Morgan's law might make it clearer: > !( && But I already reworked this to allow port to be omitted with address, > and I think the new code is clearer. Or at least unclear in an > unrelated way :/. > > > I think > > it's nice to have for users, but it looks inconsistent here, so maybe > > you could add a comment before that, say: > > > > /* Accept :/PORT as well as :ADDR/PORT */ > > > > > + p = tgtspec; /* No target address, backtrack */ > > > + > > > if (!parse_port_range(&p, &tr)) > > > return false; > > > } else { > > > @@ -492,6 +512,8 @@ static bool parse_port_chunk(const char **cursor, > > > > > > *kindp = kind; > > > *lrange = lr; > > > + if (taddr) > > > + *taddr = taddr_tmp; > > > if (trange) > > > *trange = tr; > > > *cursor = p; > > > @@ -561,7 +583,7 @@ static void fwd_rule_parse_ports(struct fwd_table *fwd, bool del, uint8_t proto, > > > /* Consider excluded ranges and "auto" in the first pass */ > > > p = spec; > > > do { > > > - if (!parse_port_chunk(&p, &kind, &lrange, NULL)) > > > + if (!parse_port_chunk(&p, &kind, &lrange, NULL, NULL)) > > > goto bad; > > > > > > switch (kind) { > > > @@ -586,8 +608,9 @@ static void fwd_rule_parse_ports(struct fwd_table *fwd, bool del, uint8_t proto, > > > p = spec; > > > do { > > > struct port_range trange; > > > + union inany_addr taddr; > > > > > > - if (!parse_port_chunk(&p, &kind, &lrange, &trange)) > > > + if (!parse_port_chunk(&p, &kind, &lrange, &taddr, &trange)) > > > goto bad; > > > > > > switch (kind) { > > > @@ -604,7 +627,8 @@ static void fwd_rule_parse_ports(struct fwd_table *fwd, bool del, uint8_t proto, > > > > > > fwd_rule_range_except(fwd, del, proto, addr, ifname, > > > lrange.first, lrange.last, > > > - exclude, trange.first, flags); > > > + exclude, &taddr, trange.first, > > > + flags); > > > break; > > > default: > > > goto bad; > > > @@ -620,7 +644,7 @@ static void fwd_rule_parse_ports(struct fwd_table *fwd, bool del, uint8_t proto, > > > > > > fwd_rule_range_except(fwd, del, proto, addr, ifname, > > > 1, NUM_PORTS - 1, exclude, > > > - 1, flags | FWD_WEAK); > > > + NULL, 1, flags | FWD_WEAK); > > > } > > > return; > > > bad: > > > > The rest of the series looks good to me, but I didn't test things at > > all. By the way, man page and usage changes for 3/3 are missing. > > Ugh, yeah, I belatedly realised that. > > > I haven't seen anything preventing mapping between IPv4 and IPv6, but I > > guess I missed something. I actually think it would be a nice feature > > but I guess it needs some more effort to properly support it. > > Oh sod, good point. I forgot to add that check. I think we need it > for now, because I'm pretty sure it won't work end to end yet. I guess probably worth a quick check, I wouldn't be surprised if things actually kind of work for TCP. -- Stefano