From: Laurent Vivier <lvivier@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>,
passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v3 02/11] conf: Move "all" handling to port specifier
Date: Mon, 20 Apr 2026 15:44:06 +0200 [thread overview]
Message-ID: <60574d49-d0d5-4cce-8268-aa72f4ab3880@redhat.com> (raw)
In-Reply-To: <20260417050520.102247-3-david@gibson.dropbear.id.au>
On 4/17/26 07:05, David Gibson wrote:
> Currently -[tTuU] all is handled separately in conf_ports() before calling
> conf_ports_spec(). Earlier changes mean we can now move this handling to
> conf_ports_spec(). This makes the code slightly simpler, but more
> importantly it allows some useful combinations we couldn't previously do,
> such as
> -t 127.0.0.1/all
> or
> -u %eth2/all
>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> conf.c | 24 +++++++++---------------
> passt.1 | 28 ++++++++++++++++++++--------
> 2 files changed, 29 insertions(+), 23 deletions(-)
>
> diff --git a/conf.c b/conf.c
> index 6b5d2bd1..dacea182 100644
> --- a/conf.c
> +++ b/conf.c
> @@ -251,6 +251,11 @@ static void conf_ports_spec(const struct ctx *c,
> const char *p, *ep;
> unsigned i;
>
> + if (!strcmp(spec, "all")) {
> + /* Treat "all" as equivalent to "": all non-ephemeral ports */
> + spec = "";
> + }
> +
> /* Mark all exclusions first, they might be given after base ranges */
> for_each_chunk(p, ep, spec, ",") {
> struct port_range xrange;
> @@ -372,19 +377,6 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
> return;
> }
>
> - if (!strcmp(optarg, "all")) {
> - uint8_t exclude[PORT_BITMAP_SIZE] = { 0 };
> -
> - /* Exclude ephemeral ports */
> - fwd_port_map_ephemeral(exclude);
> -
> - conf_ports_range_except(c, optname, optarg, fwd,
> - proto, NULL, NULL,
> - 1, NUM_PORTS - 1, exclude,
> - 1, FWD_WEAK);
> - return;
> - }
> -
> strncpy(buf, optarg, sizeof(buf) - 1);
>
> if ((spec = strchr(buf, '/'))) {
> @@ -1039,14 +1031,16 @@ static void usage(const char *name, FILE *f, int status)
> " can be specified multiple times\n"
> " SPEC can be:\n"
> " 'none': don't forward any ports\n"
> - " 'all': forward all unbound, non-ephemeral ports\n"
> "%s"
> " [ADDR[%%IFACE]/]PORTS: forward specific ports\n"
> - " PORTS is a comma-separated list of ports, optionally\n"
> + " PORTS is either 'all' (forward all unbound, non-ephemeral\n"
> + " ports), or a comma-separated list of ports, optionally\n"
> " ranged with '-' and optional target ports after ':'.\n"
> " Ranges can be reduced by excluding ports or ranges\n"
> " prefixed by '~'\n"
> " Examples:\n"
> + " -t all Forward all ports\n"
> + " -t ::1/all Forward all ports from local address ::1\n"
> " -t 22 Forward local port 22 to 22 on %s\n"
> " -t 22:23 Forward local port 22 to 23 on %s\n"
> " -t 22,25 Forward ports 22, 25 to ports 22, 25\n"
> diff --git a/passt.1 b/passt.1
> index c47452ce..20dc72ca 100644
> --- a/passt.1
> +++ b/passt.1
> @@ -434,12 +434,6 @@ Configure TCP port forwarding to guest or namespace. \fIspec\fR can be one of:
> .BR none
> Don't forward any ports
>
> -.TP
> -.BR all
> -Forward all unbound, non-ephemeral ports, as permitted by current capabilities.
> -For low (< 1024) ports, see \fBNOTES\fR. No failures are reported for
> -unavailable ports, unless no ports could be forwarded at all.
> -
> .TP
> .BR auto " " (\fBpasta\fR " " only)
> Dynamically forward ports bound in the namespace. The list of ports is
> @@ -449,10 +443,20 @@ periodically derived (every second) from listening sockets reported by
> .TP
> [\fIaddress\fR[\fB%\fR\fIinterface\fR]\fB/\fR]\fIports\fR ...
> Specific ports to forward. Optionally, a specific listening address
> -and interface name (since Linux 5.7) can be specified. \fIports\fR is
> -a comma-separated list of entries which may be any of:
> +and interface name (since Linux 5.7) can be specified. \fIports\fR
> +may be either:
> .RS
> .TP
> +\fBall\fR
> +Forward all unbound, non-ephemeral ports, as permitted by current
> +capabilities. For low (< 1024) ports, see \fBNOTES\fR. No failures
> +are reported for unavailable ports, unless no ports could be forwarded
> +at all.
> +.RE
> +
> +.RS
> +or a comma-separated list of entries which may be any of:
> +.TP
> \fIfirst\fR[\fB-\fR\fIlast\fR][\fB:\fR\fItofirst\fR[\fB-\fR\fItolast\fR]]
> Include range. Forward port numbers between \fIfirst\fR and \fIlast\fR
> (inclusive) to ports between \fItofirst\fR and \fItolast\fR. If
> @@ -473,6 +477,14 @@ unavailable ports, unless no ports could be forwarded at all.
> Examples:
> .RS
> .TP
> +-t all
> +Forward all unbound, non-ephemeral ports as permitted by current
> +capabilities to the corresponding port on the guest or namespace
> +.TP
> +-t ::1/all
> +For the local address ::1, forward all unbound, non-ephemeral ports as
> +permitted by current capabilities
> +.TP
> -t 22
> Forward local port 22 to port 22 on the guest or namespace
> .TP
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
next prev parent reply other threads:[~2026-04-20 13:44 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-17 5:05 [PATCH v3 00/11] Rework forwarding option parsing David Gibson
2026-04-17 5:05 ` [PATCH v3 01/11] doc: Rework man page description of port specifiers David Gibson
2026-04-20 13:31 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 02/11] conf: Move "all" handling to port specifier David Gibson
2026-04-20 13:44 ` Laurent Vivier [this message]
2026-04-17 5:05 ` [PATCH v3 03/11] conf: Allow user-specified auto-scanned port forwarding ranges David Gibson
2026-04-20 14:45 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 04/11] conf: Move SO_BINDTODEVICE workaround to conf_ports() David Gibson
2026-04-20 15:06 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 05/11] conf: Don't pass raw commandline argument to conf_ports_spec() David Gibson
2026-04-20 16:11 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 06/11] fwd, conf: Add capabilities bits to each forwarding table David Gibson
2026-04-20 16:17 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 07/11] conf, fwd: Stricter rule checking in fwd_rule_add() David Gibson
2026-04-20 16:48 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 08/11] fwd_rule: Move ephemeral port probing to fwd_rule.c David Gibson
2026-04-20 16:52 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 09/11] fwd, conf: Move rule parsing code to fwd_rule.[ch] David Gibson
2026-04-20 17:06 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 10/11] fwd_rule: Move conflict checking back within fwd_rule_add() David Gibson
2026-04-20 17:15 ` Laurent Vivier
2026-04-17 5:05 ` [PATCH v3 11/11] fwd: Generalise fwd_rules_info() David Gibson
2026-04-20 17:21 ` Laurent Vivier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=60574d49-d0d5-4cce-8268-aa72f4ab3880@redhat.com \
--to=lvivier@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).