From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=VOi2zMzJ; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 309215A0265 for ; Wed, 06 May 2026 09:15:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778051704; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=WwL1VhfUYeXpL380Y3Fk97hGzuSquTh60BWIV2SRYuY=; b=VOi2zMzJSLGbIE8YRdNLv79AacPseYi5DMj+gKec/vsWouMMxNt5oh4TVdEeM6lAPe/O2Q MKpZzBxsBFKcdhMoWMAYr0YX2NnUH0FOZ8BMmaX89Px9S0I+S4wkeSMR3jcH80hbsjqIJe 2n4MOCdM/EvG1QoUAyAN0v82WDwEsik= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-656-6TPqRoD1PFKNATIDHZLkOQ-1; Wed, 06 May 2026 03:15:03 -0400 X-MC-Unique: 6TPqRoD1PFKNATIDHZLkOQ-1 X-Mimecast-MFC-AGG-ID: 6TPqRoD1PFKNATIDHZLkOQ_1778051702 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-488f973ddfeso44230515e9.3 for ; Wed, 06 May 2026 00:15:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778051702; x=1778656502; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=WwL1VhfUYeXpL380Y3Fk97hGzuSquTh60BWIV2SRYuY=; b=pxlMtx6TdG3xaYOr7WQ2DuSsAWSj4tSodgt4rz+ngzJ/1sfNZzNdWeUW0CR7aPTf07 KLJaV38vwPme1EnwmfQrydPlp6OwXl1Q4Udt8AlCt2obTVJzv02meGktXO+7xclBKEI8 NjgEbtSB8t7oi/cpRzIGalmE1EwpBK1wpjYEw4NzYrAHSVbOWPNTdxHwYLA3Q/1j/hHb ankyJcQIwDRV1FOTNXvPUtdpScOz22L5CErOvIk74X+6GV2HfGj792j56cUd7jroq+Ws Ix5ZGZ/qOYoUtcTQD6XvQa51p8FPlPUb16201awQ4olBf5Zf1EPBO91SLEC5PHEFdsc+ FQBQ== X-Forwarded-Encrypted: i=1; AFNElJ8bavJm5IYlG6DdcU1rEHwOTmt6vFuKvl2zHa0gJK6PqDVGy7jEgStSBsMy2lmAWsrtOwAyMxzUrNs=@passt.top X-Gm-Message-State: AOJu0Yzxt03ieXJMQw8pdqighY5nBXzqLtx5bl78MXd2pUNs0ewgiG0r PlYkkdCIM5ob7AP05QIbfBtnR0UyYF2xrWH/Ajim7iaRmBXHSY+1E1bZAln6vhkW0UH7FWLQgVD Z/RW/rh3trITrjl8SJXnM/Rr3wk7sv/w/30Cqz95323nbcpyTnVtOlw== X-Gm-Gg: AeBDieti6uADHsKxMv2PzhP+MrpXQrGBrDoMZX/PoBsa1hRJKrk0XBOWfVQ5u3Avd1g jxCn4qsN7GFtSrj+D5OvnMXsP7YReP417J//yNCSPiooDI47O9seyBe9bX9ctq67iFfgAaFzTop jQMA5HPu7P8AVVbLQcbl71GQuL2VwumsCu1R+qW/iw626n3oDIX+qusT8UY/VRG057RRTqpWi3J 3rCpc5mWVZylV7Y5+lxtgd4Yan6cdWbk1tZlhjToE5SD5M5St9SKvDh0HlO+mqhid6r6TGAS9IX sECx7adCvzshq0/SODGQ3VfprFX6c3k2pskFqYFDwbL1ej1XGWuWVSqsVN6wJfAZa26T7VVXwfv TCq/q2CYG4rtwCzKWP3UlcguCpmaUt8R8xw45HuZGuOAWUwJtTneWCAbkP4gkB4bFeg== X-Received: by 2002:a05:600c:c11c:b0:489:1e8a:90b4 with SMTP id 5b1f17b1804b1-48e51f37212mr25620225e9.21.1778051702156; Wed, 06 May 2026 00:15:02 -0700 (PDT) X-Received: by 2002:a05:600c:c11c:b0:489:1e8a:90b4 with SMTP id 5b1f17b1804b1-48e51f37212mr25619705e9.21.1778051701619; Wed, 06 May 2026 00:15:01 -0700 (PDT) Received: from [192.168.100.100] (82-64-211-94.subs.proxad.net. [82.64.211.94]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48e530b21e1sm10941215e9.6.2026.05.06.00.15.00 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 06 May 2026 00:15:01 -0700 (PDT) Message-ID: <3d7f5cdb-5975-46f4-bee0-189114b7d90c@redhat.com> Date: Wed, 6 May 2026 09:15:00 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v8 17/19] conf, fwd: Allow switching to new rules received from pesto To: Stefano Brivio , passt-dev@passt.top References: <20260505234719.1437340-1-sbrivio@redhat.com> <20260505234719.1437340-18-sbrivio@redhat.com> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: <20260505234719.1437340-18-sbrivio@redhat.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 49k-3kqrnIOvTJZbvfsnWUGI-o6cTOm61vLa5RrJ5Rg_1778051702 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: QUKL77M6BU3Y5IJIGXIUE6AT7FM5RRMO X-Message-ID-Hash: QUKL77M6BU3Y5IJIGXIUE6AT7FM5RRMO X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Jon Maloy , David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 5/6/26 01:47, Stefano Brivio wrote: > From: David Gibson > > We can now receive updates to the forwarding rules from the pesto client > and store them in a "pending" copy of the forwarding tables. Implement > switching to using the new rules. > > The logic is in a new fwd_listen_switch(). For now this closes all > listening sockets related to the old tables, swaps the active and pending > tables, then listens based on the new tables. In future we look to improve > this so that we don't temporarily stop listening on ports that both the > old and new tables specify. > > Signed-off-by: David Gibson > [sbrivio: In fwd_listen_switch(), use the destination size as argument > to memcpy(), instead of sizeof(tmp), as suggested by Laurent] > Signed-off-by: Stefano Brivio Reviewed-by: Laurent Vivier > --- > conf.c | 5 ++--- > fwd.c | 34 ++++++++++++++++++++++++++++++++++ > fwd.h | 1 + > 3 files changed, 37 insertions(+), 3 deletions(-) > > diff --git a/conf.c b/conf.c > index 76344da..3f48793 100644 > --- a/conf.c > +++ b/conf.c > @@ -2160,15 +2160,14 @@ void conf_handler(struct ctx *c, uint32_t events) > fwd_rules_dump(info, fwd->rules, fwd->count, > " ", ""); > } > + > + fwd_listen_switch(c); > } > > if (events & EPOLLHUP) { > debug("Configuration client hangup"); > - goto close; > } > > - return; > - > close: > conf_close(c); > > diff --git a/fwd.c b/fwd.c > index d93d2e5..0697435 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -534,6 +534,40 @@ int fwd_listen_init(const struct ctx *c) > return 0; > } > > +/** > + * fwd_listen_switch() - Switch from current to pending rules table > + * @c: Execution context > + */ > +void fwd_listen_switch(struct ctx *c) > +{ > + struct fwd_table *tmp[PIF_NUM_TYPES]; > + unsigned i; > + > + /* Stop listening on the old tables */ > + for (i = 0; i < PIF_NUM_TYPES; i++) { > + struct fwd_table *fwd = c->fwd[i]; > + > + if (!fwd) > + continue; > + > + debug("Flushing %u old %s rules", fwd->count, pif_name(i)); > + fwd_listen_close(fwd); > + fwd->count = fwd->sock_count = 0; > + } > + > + /* Swap active and pending tables */ > + static_assert(sizeof(tmp) == sizeof(c->fwd) && > + sizeof(tmp) == sizeof(c->fwd_pending), > + "Temporary has wrong size"); > + memcpy(&tmp, (void *)c->fwd, sizeof(tmp)); > + memcpy((void *)c->fwd, (void *)c->fwd_pending, sizeof(c->fwd)); > + memcpy((void *)c->fwd_pending, &tmp, sizeof(c->fwd_pending)); > + > + /* Start listening on the new tables */ > + if (fwd_listen_init(c) < 0) > + err("Error switching to new forwarding rules"); > +} > + > /* See enum in kernel's include/net/tcp_states.h */ > #define UDP_LISTEN 0x07 > #define TCP_LISTEN 0x0a > diff --git a/fwd.h b/fwd.h > index ac24782..b60697d 100644 > --- a/fwd.h > +++ b/fwd.h > @@ -61,6 +61,7 @@ int fwd_listen_sync(const struct ctx *c, uint8_t pif, > const struct fwd_scan *tcp, const struct fwd_scan *udp); > void fwd_listen_close(const struct fwd_table *fwd); > int fwd_listen_init(const struct ctx *c); > +void fwd_listen_switch(struct ctx *c); > > bool nat_inbound(const struct ctx *c, const union inany_addr *addr, > union inany_addr *translated);