From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=jBuY2wWy; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 9E81A5A0265 for ; Mon, 04 May 2026 14:01:14 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1777896073; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=5zb2v1fFYKpuPPgivi7ooDet8y4D7EZeev8j7LkxUNM=; b=jBuY2wWyFLDfTAh26ee1ZFprUINgXMha6ydO8N+a8k+N3Umx5J12NA9ajJjvDZxOVtXXv2 bQIWrRBZ7FxGc4thcGAFPFmj9OblyYzQklv+l8E0SCyl9+rXEvTuOAvD4X4hBzn21mggxK CVZLXE3oGVDQs7ijpuyL/Meu6wWQtlI= Received: from mail-ej1-f71.google.com (mail-ej1-f71.google.com [209.85.218.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-686-He8LQtSJNOahk6xPGRQlbw-1; Mon, 04 May 2026 08:01:09 -0400 X-MC-Unique: He8LQtSJNOahk6xPGRQlbw-1 X-Mimecast-MFC-AGG-ID: He8LQtSJNOahk6xPGRQlbw_1777896068 Received: by mail-ej1-f71.google.com with SMTP id a640c23a62f3a-bc2043bdc6aso86056666b.2 for ; Mon, 04 May 2026 05:01:09 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777896068; x=1778500868; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5zb2v1fFYKpuPPgivi7ooDet8y4D7EZeev8j7LkxUNM=; b=Il4OMsxWZvVjlbnuMyrossyz7hArQv0B83541cLOZDXvPWTfyKonCA7zXGJ51Q4WTr UGQNHjtWkr8qLCqCc2k34uuXG9Q8Yi1tkscBHI9VUwS0IO4mwLttkBTsbsvGZP/BMliY Iyb3++nLBYHolCZcDYcEtcVHzyXqUYleivhoIhAWiNfMGLmCdrxpJF94brW3cwXFvJZu o6kDWdm3mxyFxWP0apSQnCKJd2HVKn9YAiL5RMdPjPDNMpbOH8jc0VLPyABdK7M2XBsL G2kWT7iyepaglwX7Wt9xpXwrzG0bkUI1eMWEklYn2bXtkiPg61Z61b3R+nSoLV/hayGb 9tJw== X-Forwarded-Encrypted: i=1; AFNElJ9yU1oKanx8xI+QGzYSwNAvulV43EO7y+aNxMDQGe6nuzLVrKEgGYZQHdHV1SdkK7EMiEq9Ag3VYYY=@passt.top X-Gm-Message-State: AOJu0Yz2HFxueO+Pq8ep0ZmP6yZzeST4ksMjJIOyWxjulIu8VQNf/cwN VxI8dCI3z4zX5qzxbEH+WBGcHz9VuVQN8q+Bk+EHEiESEGvgZ4023E8PxHbYeu52tLhOU+uDru7 pqD0hOn1NLsd2wFjeIg1gmDrQNzFXpAKHWk5oeV5HoIt2BNuJt5B6H7FWfXBwAQ== X-Gm-Gg: AeBDies8l1uKQHcsif5Q2WjMxi3oFAtpPSIm6v32/wdTOr6iQKtk9V2Vm/yFA89nAHD wSIOorDgFxnPmNrTHMlDwZb4G1MCAhYAJtNX23GEZZ3LJV45a2Hda9ZP9Iw3gbJa/FjPyPcYxwL 6dqKWdL3QT5KCRSPszia9kW+SlKma4BsBOUbLUkk5l4Atx9xmgQgc/AoDLHvIaOIw/A22xz6Z2a EtG+/+9O3vP2R6vj9vsi+RSaGuLml0bvAFh5trXaNlIx4xISX7SN9afT43SHRFDWKVW4+5vZboK Mi/fZiCoFp0k72i/rTCOHzg1V45C2WjyPCwzXi8afj4fDOZslj3SY5+McZ1owyY4tMa+HFbzvCI /+DyPCEPMbzkGAxqWNUZc371CN0lvl1+JRVziLa1qhDdetBlttPLVVFgjhhWI7y0jlQ== X-Received: by 2002:a17:907:709:b0:ba6:5728:39f7 with SMTP id a640c23a62f3a-bbffc6899f8mr519450866b.27.1777896067814; Mon, 04 May 2026 05:01:07 -0700 (PDT) X-Received: by 2002:a17:907:709:b0:ba6:5728:39f7 with SMTP id a640c23a62f3a-bbffc6899f8mr519448366b.27.1777896067120; Mon, 04 May 2026 05:01:07 -0700 (PDT) Received: from [192.168.100.100] (82-64-211-94.subs.proxad.net. [82.64.211.94]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-44acad8f974sm23112673f8f.23.2026.05.04.05.01.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 May 2026 05:01:06 -0700 (PDT) Message-ID: <2f9659a4-ffe3-4f7d-bff1-8a9025553a79@redhat.com> Date: Mon, 4 May 2026 14:01:05 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v6 10/18] pesto, conf: Have pesto connect to passt and check versions To: Stefano Brivio , passt-dev@passt.top References: <20260503215601.823029-1-sbrivio@redhat.com> <20260503215601.823029-11-sbrivio@redhat.com> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: <20260503215601.823029-11-sbrivio@redhat.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: YI0BW1rIw2txNXbyyQQZLG4VS8v4pG8P63DJqXJSroI_1777896068 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: WHMJC7RY57ZXIAVKTYWXK7FMMPAKHLML X-Message-ID-Hash: WHMJC7RY57ZXIAVKTYWXK7FMMPAKHLML X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Jon Maloy , David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 5/3/26 23:55, Stefano Brivio wrote: > From: David Gibson > > Start implementing pesto in earnest. Create a control/configuration > socket in passt. Have pesto connect to it and retrieve a server greeting > Perform some basic version checking. > > Signed-off-by: David Gibson > [sbrivio: Avoid potential recursive calling between conf_accept() and > conf_close(), reported by clang-tidy] > [sbrivio: In conf(), check we're not exceeding sizeof(c->control_path) > instead of sizeof(c->socket_path), and in pesto's main, print > argv[optind] instead of argv[1] to indicate an invalid socket path, > both reported by Jon Maloy] > Signed-off-by: Stefano Brivio Reviewed-by: Laurent Vivier > --- > Makefile | 8 ++- > conf.c | 183 ++++++++++++++++++++++++++++++++++++++++++++++++++- > conf.h | 2 + > epoll_type.h | 4 ++ > passt.1 | 5 ++ > passt.c | 8 +++ > passt.h | 6 ++ > pesto.c | 47 ++++++++++++- > pesto.h | 22 +++++++ > serialise.c | 3 + > 10 files changed, 282 insertions(+), 6 deletions(-) > > diff --git a/Makefile b/Makefile > index f6cec8a..1718ddb 100644 > --- a/Makefile > +++ b/Makefile > @@ -47,7 +47,7 @@ PASST_SRCS = arch.c arp.c bitmap.c checksum.c conf.c dhcp.c dhcpv6.c \ > vhost_user.c virtio.c vu_common.c > QRAP_SRCS = qrap.c > PASST_REPAIR_SRCS = passt-repair.c > -PESTO_SRCS = pesto.c > +PESTO_SRCS = pesto.c serialise.c > SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS) $(PESTO_SRCS) > > MANPAGES = passt.1 pasta.1 pesto.1 qrap.1 passt-repair.1 > @@ -61,7 +61,7 @@ PASST_HEADERS = arch.h arp.h bitmap.h checksum.h common.h conf.h dhcp.h \ > vhost_user.h virtio.h vu_common.h > QRAP_HEADERS = arp.h ip.h passt.h util.h > PASST_REPAIR_HEADERS = linux_dep.h > -PESTO_HEADERS = common.h pesto.h log.h > +PESTO_HEADERS = common.h pesto.h log.h serialise.h > > C := \#include \nint main(){int a=getrandom(0, 0, 0);} > ifeq ($(shell printf "$(C)" | $(CC) -S -xc - -o - >/dev/null 2>&1; echo $$?),0) > @@ -228,7 +228,9 @@ passt.cppcheck: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h > passt-repair.cppcheck: $(PASST_REPAIR_SRCS) $(PASST_REPAIR_HEADERS) seccomp_repair.h > > pesto.cppcheck: BASE_CPPFLAGS += -DPESTO > -pesto.cppcheck: CPPCHECK_FLAGS += --suppress=unmatchedSuppression > +pesto.cppcheck: CPPCHECK_FLAGS += \ > + --suppress=unusedFunction:serialise.c \ > + --suppress=staticFunction:serialise.c > pesto.cppcheck: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h > > qrap.cppcheck: BASE_CPPFLAGS += -DARCH=\"$(TARGET_ARCH)\" > diff --git a/conf.c b/conf.c > index 0586107..823e08d 100644 > --- a/conf.c > +++ b/conf.c > @@ -48,6 +48,10 @@ > #include "isolation.h" > #include "log.h" > #include "vhost_user.h" > +#include "epoll_ctl.h" > +#include "conf.h" > +#include "pesto.h" > +#include "serialise.h" > > #define NETNS_RUN_DIR "/run/netns" > > @@ -541,6 +545,7 @@ static void usage(const char *name, FILE *f, int status) > " --runas UID|UID:GID Run as given UID, GID, which can be\n" > " numeric, or login and group names\n" > " default: drop to user \"nobody\"\n" > + " -c, --conf-path PATH Configuration socket path\n" > " -h, --help Display this help message and exit\n" > " --version Show version and exit\n"); > > @@ -779,6 +784,9 @@ static void conf_print(const struct ctx *c) > char buf[INANY_ADDRSTRLEN]; > int i; > > + if (c->fd_control_listen >= 0) > + info("Configuration socket: %s", c->control_path); > + > if (c->ifi4 > 0 || c->ifi6 > 0) { > char ifn[IFNAMSIZ]; > > @@ -1072,6 +1080,17 @@ static void conf_open_files(struct ctx *c) > if (c->pidfile_fd < 0) > die_perror("Couldn't open PID file %s", c->pidfile); > } > + > + c->fd_control = -1; > + if (*c->control_path) { > + c->fd_control_listen = sock_unix(c->control_path); > + if (c->fd_control_listen < 0) { > + die_perror("Couldn't open control socket %s", > + c->control_path); > + } > + } else { > + c->fd_control_listen = -1; > + } > } > > /** > @@ -1107,6 +1126,25 @@ fail: > die("Invalid MAC address: %s", str); > } > > +/** > + * conf_sock_listen() - Start listening for connections on configuration socket > + * @c: Execution context > + */ > +static void conf_sock_listen(const struct ctx *c) > +{ > + union epoll_ref ref = { .type = EPOLL_TYPE_CONF_LISTEN }; > + > + if (c->fd_control_listen < 0) > + return; > + > + if (listen(c->fd_control_listen, 0)) > + die_perror("Couldn't listen on configuration socket"); > + > + ref.fd = c->fd_control_listen; > + if (epoll_add(c->epollfd, EPOLLIN | EPOLLET, ref)) > + die_perror("Couldn't add configuration socket to epoll"); > +} > + > /** > * conf() - Process command-line arguments and set configuration > * @c: Execution context > @@ -1189,9 +1227,10 @@ void conf(struct ctx *c, int argc, char **argv) > {"migrate-exit", no_argument, NULL, 29 }, > {"migrate-no-linger", no_argument, NULL, 30 }, > {"stats", required_argument, NULL, 31 }, > + {"conf-path", required_argument, NULL, 'c' }, > { 0 }, > }; > - const char *optstring = "+dqfel:hs:F:I:p:P:m:a:n:M:g:i:o:D:S:H:461t:u:T:U:"; > + const char *optstring = "+dqfel:hs:c:F:I:p:P:m:a:n:M:g:i:o:D:S:H:461t:u:T:U:"; > const char *logname = (c->mode == MODE_PASTA) ? "pasta" : "passt"; > bool opt_t = false, opt_T = false, opt_u = false, opt_U = false; > char userns[PATH_MAX] = { 0 }, netns[PATH_MAX] = { 0 }; > @@ -1449,6 +1488,13 @@ void conf(struct ctx *c, int argc, char **argv) > > c->fd_tap = -1; > break; > + case 'c': > + ret = snprintf(c->control_path, sizeof(c->control_path), > + "%s", optarg); > + if (ret <= 0 || ret >= (int)sizeof(c->control_path)) > + die("Invalid configuration path: %s", optarg); > + c->fd_control_listen = c->fd_control = -1; > + break; > case 'F': > errno = 0; > fd_tap_opt = strtol(optarg, NULL, 0); > @@ -1871,6 +1917,141 @@ void conf(struct ctx *c, int argc, char **argv) > fwd_rule_parse('U', "auto", c->fwd[PIF_SPLICE]); > } > > + conf_sock_listen(c); > + > if (!c->quiet) > conf_print(c); > } > + > +static void conf_accept(struct ctx *c); > + > +/** > + * conf_close() - Close configuration / control socket and clean up > + * @c: Execution context > + */ > +static void conf_close(struct ctx *c) > +{ > + debug("Closing configuration socket"); > + epoll_ctl(c->epollfd, EPOLL_CTL_DEL, c->fd_control, NULL); > + close(c->fd_control); > + c->fd_control = -1; > +} > + > +/** > + * conf_listen_handler() - Handle events on configuration listening socket > + * @c: Execution context > + * @events: epoll events > + */ > +void conf_listen_handler(struct ctx *c, uint32_t events) > +{ > + if (events != EPOLLIN) { > + err("Unexpected event 0x%04x on configuration socket", events); > + return; > + } > + > + if (c->fd_control >= 0) { > + /* Ignore the new connection for now, blocking it until the > + * current one finishes. > + */ > + return; > + } > + > + conf_accept(c); > +} > + > +/** > + * conf_accept() - Accept a new control connection > + * @c: Execution context > + */ > +static void conf_accept(struct ctx *c) > +{ > + struct pesto_hello hello = { > + .magic = PESTO_SERVER_MAGIC, > + .version = htonl(PESTO_PROTOCOL_VERSION), > + }; > + union epoll_ref ref = { .type = EPOLL_TYPE_CONF }; > + struct ucred uc = { 0 }; > + socklen_t len = sizeof(uc); > + int fd, rc; > + > +retry: > + err("%s: %i", __func__, __LINE__); > + fd = accept4(c->fd_control_listen, NULL, NULL, > + SOCK_NONBLOCK | SOCK_CLOEXEC); > + if (fd < 0) { > + err("%s: %i", __func__, __LINE__); > + if (errno != EAGAIN) > + warn_perror("accept4() on configuration listening socket"); > + return; > + } > + > + err("%s: %i", __func__, __LINE__); > + > + if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &uc, &len) < 0) > + warn_perror("Can't get configuration client credentials"); > + > + c->fd_control = ref.fd = fd; > + rc = epoll_add(c->epollfd, EPOLLIN | EPOLLET, ref); > + if (rc < 0) { > + warn_perror("epoll_ctl() on configuration socket"); > + goto fail; > + } > + > + rc = write_all_buf(fd, &hello, sizeof(hello)); > + if (rc < 0) { > + warn_perror("Error writing configuration protocol hello"); > + goto fail; > + } > + > + info("Accepted configuration client, PID %i", uc.pid); > + if (!PESTO_PROTOCOL_VERSION) { > + warn( > +"Warning: Using experimental unsupported configuration protocol"); > + } > + > + return; > + > +fail: > + conf_close(c); > + goto retry; > +} > + > +/** > + * conf_handler() - Handle events on configuration socket > + * @c: Execution context > + * @events: epoll events > + */ > +void conf_handler(struct ctx *c, uint32_t events) > +{ > + if (events & EPOLLIN) { > + char discard[BUFSIZ]; > + ssize_t n; > + > + do { > + n = read(c->fd_control, discard, sizeof(discard)); > + if (n > 0) > + debug("Discarded %zd bytes of config data", n); > + } while (n > 0); > + if (n == 0) { > + debug("Configuration client EOF"); > + goto close; > + } > + if (errno != EAGAIN && errno != EWOULDBLOCK) { > + err_perror("Error reading config data"); > + goto close; > + } > + } > + > + if (events & EPOLLHUP) { > + debug("Configuration client hangup"); > + goto close; > + } > + > + return; > + > +close: > + conf_close(c); > + > + /* Check if any other clients are waiting to connect */ > + conf_accept(c); > +} > diff --git a/conf.h b/conf.h > index b45ad74..16f9718 100644 > --- a/conf.h > +++ b/conf.h > @@ -8,5 +8,7 @@ > > enum passt_modes conf_mode(int argc, char *argv[]); > void conf(struct ctx *c, int argc, char **argv); > +void conf_listen_handler(struct ctx *c, uint32_t events); > +void conf_handler(struct ctx *c, uint32_t events); > > #endif /* CONF_H */ > diff --git a/epoll_type.h b/epoll_type.h > index a90ffb6..061325a 100644 > --- a/epoll_type.h > +++ b/epoll_type.h > @@ -46,6 +46,10 @@ enum epoll_type { > EPOLL_TYPE_REPAIR, > /* Netlink neighbour subscription socket */ > EPOLL_TYPE_NL_NEIGH, > + /* Configuration listening socket */ > + EPOLL_TYPE_CONF_LISTEN, > + /* Configuration socket */ > + EPOLL_TYPE_CONF, > > EPOLL_NUM_TYPES, > }; > diff --git a/passt.1 b/passt.1 > index 6303aeb..908fd4a 100644 > --- a/passt.1 > +++ b/passt.1 > @@ -127,6 +127,11 @@ login name and group name can be passed. This requires privileges (either > initial effective UID 0 or CAP_SETUID capability) to work. > Default is to change to user \fInobody\fR if started as root. > > +.TP > +.BR \-c ", " \-\-conf-path " " \fIpath " " (EXPERIMENTAL) > +Path for configuration and control socket used by \fBpesto\fR(1) to > +dynamically update passt or pasta's configuration. > + > .TP > .BR \-h ", " \-\-help > Display a help message and exit. > diff --git a/passt.c b/passt.c > index f84419c..bc42ea3 100644 > --- a/passt.c > +++ b/passt.c > @@ -80,6 +80,8 @@ char *epoll_type_str[] = { > [EPOLL_TYPE_REPAIR_LISTEN] = "TCP_REPAIR helper listening socket", > [EPOLL_TYPE_REPAIR] = "TCP_REPAIR helper socket", > [EPOLL_TYPE_NL_NEIGH] = "netlink neighbour notifier socket", > + [EPOLL_TYPE_CONF_LISTEN] = "configuration listening socket", > + [EPOLL_TYPE_CONF] = "configuration socket", > }; > static_assert(ARRAY_SIZE(epoll_type_str) == EPOLL_NUM_TYPES, > "epoll_type_str[] doesn't match enum epoll_type"); > @@ -303,6 +305,12 @@ static void passt_worker(void *opaque, int nfds, struct epoll_event *events) > case EPOLL_TYPE_NL_NEIGH: > nl_neigh_notify_handler(c); > break; > + case EPOLL_TYPE_CONF_LISTEN: > + conf_listen_handler(c, eventmask); > + break; > + case EPOLL_TYPE_CONF: > + conf_handler(c, eventmask); > + break; > default: > /* Can't happen */ > assert(0); > diff --git a/passt.h b/passt.h > index 62b8dcd..b3f049d 100644 > --- a/passt.h > +++ b/passt.h > @@ -158,6 +158,7 @@ struct ip6_ctx { > * @foreground: Run in foreground, don't log to stderr by default > * @nofile: Maximum number of open files (ulimit -n) > * @sock_path: Path for UNIX domain socket > + * @control_path: Path for control/configuration UNIX domain socket > * @repair_path: TCP_REPAIR helper path, can be "none", empty for default > * @pcap: Path for packet capture file > * @pidfile: Path to PID file, empty string if not configured > @@ -169,6 +170,8 @@ struct ip6_ctx { > * @epollfd: File descriptor for epoll instance > * @fd_tap_listen: File descriptor for listening AF_UNIX socket, if any > * @fd_tap: AF_UNIX socket, tuntap device, or pre-opened socket > + * @fd_control_listen: Listening control/configuration socket, if any > + * @fd_control: Control/configuration socket, if any > * @fd_repair_listen: File descriptor for listening TCP_REPAIR socket, if any > * @fd_repair: Connected AF_UNIX socket for TCP_REPAIR helper > * @our_tap_mac: Pasta/passt's MAC on the tap link > @@ -223,6 +226,7 @@ struct ctx { > int foreground; > int nofile; > char sock_path[UNIX_PATH_MAX]; > + char control_path[UNIX_PATH_MAX]; > char repair_path[UNIX_PATH_MAX]; > char pcap[PATH_MAX]; > > @@ -240,6 +244,8 @@ struct ctx { > int epollfd; > int fd_tap_listen; > int fd_tap; > + int fd_control_listen; > + int fd_control; > int fd_repair_listen; > int fd_repair; > unsigned char our_tap_mac[ETH_ALEN]; > diff --git a/pesto.c b/pesto.c > index f0916e8..762cfe9 100644 > --- a/pesto.c > +++ b/pesto.c > @@ -33,6 +33,7 @@ > > #include "common.h" > #include "seccomp_pesto.h" > +#include "serialise.h" > #include "pesto.h" > #include "log.h" > > @@ -66,6 +67,8 @@ static void usage(const char *name, FILE *f, int status) > * > * Return: 0 on success, won't return on failure > * > + * #syscalls:pesto socket s390x:socketcall i686:socketcall > + * #syscalls:pesto connect shutdown close > * #syscalls:pesto exit_group fstat read write > */ > int main(int argc, char **argv) > @@ -76,9 +79,12 @@ int main(int argc, char **argv) > {"version", no_argument, NULL, 1 }, > { 0 }, > }; > + struct sockaddr_un a = { AF_UNIX, "" }; > const char *optstring = "dh"; > + struct pesto_hello hello; > struct sock_fprog prog; > - int optname; > + int optname, ret, s; > + uint32_t s_version; > > prctl(PR_SET_DUMPABLE, 0); > > @@ -122,5 +128,42 @@ int main(int argc, char **argv) > > debug("debug_flag=%d, path=\"%s\"", debug_flag, argv[optind]); > > - die("pesto is not implemented yet"); > + if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) > + die_perror("Failed to create AF_UNIX socket"); > + > + ret = snprintf(a.sun_path, sizeof(a.sun_path), "%s", argv[optind]); > + if (ret <= 0 || ret >= (int)sizeof(a.sun_path)) > + die("Invalid socket path \"%s\"", argv[optind]); > + > + ret = connect(s, (struct sockaddr *)&a, sizeof(a)); > + if (ret < 0) { > + die_perror("Failed to connect to %s", a.sun_path); > + } > + > + ret = read_all_buf(s, &hello, sizeof(hello)); > + if (ret < 0) > + die_perror("Couldn't read server greeting"); > + > + if (memcmp(hello.magic, PESTO_SERVER_MAGIC, sizeof(hello.magic))) > + die("Bad magic number from server"); > + > + s_version = ntohl(hello.version); > + > + if (s_version > PESTO_PROTOCOL_VERSION) { > + die("Unknown server protocol version %"PRIu32" > %"PRIu32"\n", > + s_version, PESTO_PROTOCOL_VERSION); > + } > + > + /* cppcheck-suppress knownConditionTrueFalse */ > + if (!s_version) { > + if (PESTO_PROTOCOL_VERSION) > + die("Unsupported experimental server protocol"); > + FPRINTF(stderr, > +"Warning: Using experimental protocol version, client and server must match\n"); > + } > + > + if (shutdown(s, SHUT_RDWR) < 0 || close(s) < 0) > + die_perror("Error shutting down control socket"); > + > + exit(0); > } > diff --git a/pesto.h b/pesto.h > index e9b329f..92d4df3 100644 > --- a/pesto.h > +++ b/pesto.h > @@ -9,4 +9,26 @@ > #ifndef PESTO_H > #define PESTO_H > > +#include > +#include > + > +#define PESTO_SERVER_MAGIC "pesto:s" > + > +/* Version 0 is reserved for unreleased / unsupported experimental versions */ > +#define PESTO_PROTOCOL_VERSION 0 > + > +/** > + * struct pesto_hello - Server introduction message > + * @magic: PESTO_SERVER_MAGIC > + * @version: Version number > + */ > +struct pesto_hello { > + char magic[8]; > + uint32_t version; > +} __attribute__ ((__packed__)); > + > +static_assert(sizeof(PESTO_SERVER_MAGIC) > + == sizeof(((struct pesto_hello *)0)->magic), > + "PESTO_SERVER_MAGIC has wrong size"); > + > #endif /* PESTO_H */ > diff --git a/serialise.c b/serialise.c > index 944e741..346df99 100644 > --- a/serialise.c > +++ b/serialise.c > @@ -6,6 +6,9 @@ > * PASTA - Pack A Subtle Tap Abstraction > * for network namespace/tap device mode > * > + * PESTO - Programmable Extensible Socket Translation Orchestrator > + * front-end for passt(1) and pasta(1) forwarding configuration > + * > * serialise.c - Serialisation of data structures over bytestreams > * > * Copyright Red Hat