From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=KUdpuU/P; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id D1D305A026E for ; Mon, 20 Apr 2026 15:44:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1776692657; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=PixYEd18E/kCi+vr26ajJ0gZ8Bx238L6LBZ0rg9XBlI=; b=KUdpuU/P4f4XuBd41fki2Sp7DUnX7Rjp9YKU7oy7blQLk5pwMZ3DUVU+8+rv2YyQx2AA4e CmtFKm0sXSNPIfXc8Ra2wmuxCD2gpVVTNIa2t7/4ViV5cnQn7pZ9ctQwGgIf0XbImMn5Df 9qfe+cdptY+42mt57exO2Re+2hOI3oc= Received: from mail-pj1-f69.google.com (mail-pj1-f69.google.com [209.85.216.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-184-IBqh5jfpNHmvhd2FLAPY8A-1; Mon, 20 Apr 2026 09:44:15 -0400 X-MC-Unique: IBqh5jfpNHmvhd2FLAPY8A-1 X-Mimecast-MFC-AGG-ID: IBqh5jfpNHmvhd2FLAPY8A_1776692653 Received: by mail-pj1-f69.google.com with SMTP id 98e67ed59e1d1-3594620fe97so7119922a91.1 for ; Mon, 20 Apr 2026 06:44:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776692653; x=1777297453; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=PixYEd18E/kCi+vr26ajJ0gZ8Bx238L6LBZ0rg9XBlI=; b=UeAPSb81DJ679hQy9K8idptYWkVS9xaLtRtfFwWoaZFd6XpkAiKACHTe9nHwPvCf4Y hK9paI99IKkzERonGU4TxF36GAU2aVnbyMwyWDAWaI/jCRCP2cQ/MJykg3w2LPCXF8wa XoLOnsWJfqMrPJQSJ5qtlpw/lmy9bnfXvQRVw97FByd0EDJWgsOs7txAn2E9rtR2+EGm td99ZHcd6Q9pmQgVEU5o3ZubSniCJNUtvLENktjOvQieMqyX9i0E8yDZ0YQtF88i6xDC SxiQS1eNYQPDmpdubbXQTHeWu15yRD8LaNrVsj/UuXDT8KywjW75L+i7BnKZnzs00fyk sBEA== X-Forwarded-Encrypted: i=1; AFNElJ8HFBY6FPYbRIKFh+bHIGaMQuuo89QyNJBVn2aeYb50SrFHXOebp4E9/cPZWeyQywKRfoEq3giKrf4=@passt.top X-Gm-Message-State: AOJu0Yzy73hYcW49V9cnji6LhI6/zi1ZR9Cv11jGNKSmzcSX2IoiReF9 +8z2l9DesdKYLLAEPyuea0+EY3s7DBt1cp6M7FjyDqiUeq2Ze8cFnY81h/5kGiedKAQtnoIbSfR wfOju+IS/Rbrr4vZuWhAz5H5Mxf4WO7d++y8ZLbrWtYiazKNOrPrPCQ== X-Gm-Gg: AeBDiev0njebIrvkYb4H2LqIQ/xLfUlyxF5ySO+g2I2oI3fz+ZlWVXlzt5tGQK6flmJ qDYdr88s85DU2I4iazPvd68VFsDET1qPOK7a11JmGDudRwDPYzhRZnJI805ot4OUco+5Rtgszmh El0eRLu2f4c7nOFFtQWe1hZGk7M7S6vLqs6fNs1nnvKWanOJmyc9D23agKAS0yHIK4V2c1h/x9h xbqwy4qsXviQYbNW3PnRe8Fr7Iva0zkheseEB+zkQJkPHxbepsJO6dfR6sI166aXK0x4UNCo9K7 HxB/xPPcktUOplGDGvTXIbsjLKGZmLfqaV+166cL1z8eSnVUOajq3XbNNAry7h8kk/tugpXr7g+ HnBER19wzhgqs1Xs8oOyrfpBXQ6lijHQ+gukyypNoOHcx1BKv+bWBAnmNwMFV62Jj6w== X-Received: by 2002:a17:90b:3c48:b0:35f:9ab2:a5c2 with SMTP id 98e67ed59e1d1-361403af9b9mr14187636a91.6.1776692652908; Mon, 20 Apr 2026 06:44:12 -0700 (PDT) X-Received: by 2002:a17:90b:3c48:b0:35f:9ab2:a5c2 with SMTP id 98e67ed59e1d1-361403af9b9mr14187617a91.6.1776692652367; Mon, 20 Apr 2026 06:44:12 -0700 (PDT) Received: from [192.168.100.100] (82-64-211-94.subs.proxad.net. [82.64.211.94]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-3613fa91d31sm5668213a91.2.2026.04.20.06.44.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 20 Apr 2026 06:44:11 -0700 (PDT) Message-ID: <60574d49-d0d5-4cce-8268-aa72f4ab3880@redhat.com> Date: Mon, 20 Apr 2026 15:44:06 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 02/11] conf: Move "all" handling to port specifier To: David Gibson , passt-dev@passt.top, Stefano Brivio References: <20260417050520.102247-1-david@gibson.dropbear.id.au> <20260417050520.102247-3-david@gibson.dropbear.id.au> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: <20260417050520.102247-3-david@gibson.dropbear.id.au> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: HAJ66lH7zFrBiRA-GpHJcH3np_kVM66KCtoJHD2uGlE_1776692653 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: KYI7CYPEXKYHUHXJY3BJQSSNK6AGTSD5 X-Message-ID-Hash: KYI7CYPEXKYHUHXJY3BJQSSNK6AGTSD5 X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 4/17/26 07:05, David Gibson wrote: > Currently -[tTuU] all is handled separately in conf_ports() before calling > conf_ports_spec(). Earlier changes mean we can now move this handling to > conf_ports_spec(). This makes the code slightly simpler, but more > importantly it allows some useful combinations we couldn't previously do, > such as > -t 127.0.0.1/all > or > -u %eth2/all > > Signed-off-by: David Gibson > --- > conf.c | 24 +++++++++--------------- > passt.1 | 28 ++++++++++++++++++++-------- > 2 files changed, 29 insertions(+), 23 deletions(-) > > diff --git a/conf.c b/conf.c > index 6b5d2bd1..dacea182 100644 > --- a/conf.c > +++ b/conf.c > @@ -251,6 +251,11 @@ static void conf_ports_spec(const struct ctx *c, > const char *p, *ep; > unsigned i; > > + if (!strcmp(spec, "all")) { > + /* Treat "all" as equivalent to "": all non-ephemeral ports */ > + spec = ""; > + } > + > /* Mark all exclusions first, they might be given after base ranges */ > for_each_chunk(p, ep, spec, ",") { > struct port_range xrange; > @@ -372,19 +377,6 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, > return; > } > > - if (!strcmp(optarg, "all")) { > - uint8_t exclude[PORT_BITMAP_SIZE] = { 0 }; > - > - /* Exclude ephemeral ports */ > - fwd_port_map_ephemeral(exclude); > - > - conf_ports_range_except(c, optname, optarg, fwd, > - proto, NULL, NULL, > - 1, NUM_PORTS - 1, exclude, > - 1, FWD_WEAK); > - return; > - } > - > strncpy(buf, optarg, sizeof(buf) - 1); > > if ((spec = strchr(buf, '/'))) { > @@ -1039,14 +1031,16 @@ static void usage(const char *name, FILE *f, int status) > " can be specified multiple times\n" > " SPEC can be:\n" > " 'none': don't forward any ports\n" > - " 'all': forward all unbound, non-ephemeral ports\n" > "%s" > " [ADDR[%%IFACE]/]PORTS: forward specific ports\n" > - " PORTS is a comma-separated list of ports, optionally\n" > + " PORTS is either 'all' (forward all unbound, non-ephemeral\n" > + " ports), or a comma-separated list of ports, optionally\n" > " ranged with '-' and optional target ports after ':'.\n" > " Ranges can be reduced by excluding ports or ranges\n" > " prefixed by '~'\n" > " Examples:\n" > + " -t all Forward all ports\n" > + " -t ::1/all Forward all ports from local address ::1\n" > " -t 22 Forward local port 22 to 22 on %s\n" > " -t 22:23 Forward local port 22 to 23 on %s\n" > " -t 22,25 Forward ports 22, 25 to ports 22, 25\n" > diff --git a/passt.1 b/passt.1 > index c47452ce..20dc72ca 100644 > --- a/passt.1 > +++ b/passt.1 > @@ -434,12 +434,6 @@ Configure TCP port forwarding to guest or namespace. \fIspec\fR can be one of: > .BR none > Don't forward any ports > > -.TP > -.BR all > -Forward all unbound, non-ephemeral ports, as permitted by current capabilities. > -For low (< 1024) ports, see \fBNOTES\fR. No failures are reported for > -unavailable ports, unless no ports could be forwarded at all. > - > .TP > .BR auto " " (\fBpasta\fR " " only) > Dynamically forward ports bound in the namespace. The list of ports is > @@ -449,10 +443,20 @@ periodically derived (every second) from listening sockets reported by > .TP > [\fIaddress\fR[\fB%\fR\fIinterface\fR]\fB/\fR]\fIports\fR ... > Specific ports to forward. Optionally, a specific listening address > -and interface name (since Linux 5.7) can be specified. \fIports\fR is > -a comma-separated list of entries which may be any of: > +and interface name (since Linux 5.7) can be specified. \fIports\fR > +may be either: > .RS > .TP > +\fBall\fR > +Forward all unbound, non-ephemeral ports, as permitted by current > +capabilities. For low (< 1024) ports, see \fBNOTES\fR. No failures > +are reported for unavailable ports, unless no ports could be forwarded > +at all. > +.RE > + > +.RS > +or a comma-separated list of entries which may be any of: > +.TP > \fIfirst\fR[\fB-\fR\fIlast\fR][\fB:\fR\fItofirst\fR[\fB-\fR\fItolast\fR]] > Include range. Forward port numbers between \fIfirst\fR and \fIlast\fR > (inclusive) to ports between \fItofirst\fR and \fItolast\fR. If > @@ -473,6 +477,14 @@ unavailable ports, unless no ports could be forwarded at all. > Examples: > .RS > .TP > +-t all > +Forward all unbound, non-ephemeral ports as permitted by current > +capabilities to the corresponding port on the guest or namespace > +.TP > +-t ::1/all > +For the local address ::1, forward all unbound, non-ephemeral ports as > +permitted by current capabilities > +.TP > -t 22 > Forward local port 22 to port 22 on the guest or namespace > .TP Reviewed-by: Laurent Vivier