From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=BOS5pz8a; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 62C2C5A026E for ; Mon, 20 Apr 2026 18:52:44 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1776703963; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=MlT706NORGe53gMwhnoIddGq2NTQn4l+Avl+oXF8O2Q=; b=BOS5pz8aaGiYBjolhxgTX9SdJY4mM440Dgo78pkZ3khjzXm7bKUZPOEriFidDOh6apMm7k dTRYcFSvSzNlwJ0Mtsi1IKdoaBW+IUC5wtE4AwfDgQgArL5thWVfRDUBOOa/K78OP2bL9D aPyRi9NP1s+iy3h3hwovhtU6d2Zo2vE= Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-190-YOlTR55ROUS-GLk1OB-W4Q-1; Mon, 20 Apr 2026 12:52:42 -0400 X-MC-Unique: YOlTR55ROUS-GLk1OB-W4Q-1 X-Mimecast-MFC-AGG-ID: YOlTR55ROUS-GLk1OB-W4Q_1776703961 Received: by mail-pf1-f199.google.com with SMTP id d2e1a72fcca58-82f71437218so2092140b3a.2 for ; Mon, 20 Apr 2026 09:52:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776703961; x=1777308761; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=MlT706NORGe53gMwhnoIddGq2NTQn4l+Avl+oXF8O2Q=; b=behEROfkN8nq4DhePpsJfmpYRSd4DyH9sU22CNkwzXoItU4XNt6Cy57P2XdYvy8zR0 m3Zu11BxN4OHtMoK8gOJ3VjdqGVAr+Yoo97hAPmgVag19ayGg/HftZho0fz7sEisfKTc wIGDl1XbZBIOi1fj/aU14BwuqMrop3OYW2DIG7TYKDLv6cXnoNVis2j4D7pubGVujjjD DhJLjxZo1/mSjYBkVPPmQHGHwbSQ9qoSgE+LV5Wc5SbCvwx1EOBxkmLaoSxN4flqlGhL 4Gxnx6b12/Kc/IM27CUTz++0jaOgP0VAl3Qo9GqaVNkV+y5a2z5ETXTQWOXAfVX/rcgk gCsQ== X-Forwarded-Encrypted: i=1; AFNElJ+Taf62idzAlAnY1aiLdSpDrvX5BlOH4cA6GZLuyOwYBuOnJeg48Yywv+thCgqtLU3jcOhS3XySkes=@passt.top X-Gm-Message-State: AOJu0YzTmpS/rHreznGAXxBWh+oCDld061c/hhF2M4t+ZnmntFdzxZhd CeG5OwT39fdpDYWvdzvmdn1ZHr8vMib2FU69dBHIcfDkYXz45tX2TPzEcNDlwLUdmcgkefkzVHV LVp+tE17Jb66UxtwmmHIpBeM0nO9e9e53x2gqA5smSrakXyOWNUns3HvQVrKA5w== X-Gm-Gg: AeBDiet0H5pvOMqHvM8G9d6UHt3y/efEHuKIdsd1C8qqugvWGq/gViTcIauEBMP336w SeqeHVl1C/qap2hWIImFSAvOPV6L2SZn1SdpHhWPIaUYQ9Yu35XV+OYTgiP65Mdc4ttrDo+6GYU WKlNZqJf2MYq7XdLSEAe+gSOjTgxRXaMyCc4hAHTTL/7TxqBUgDHX17P03wxIPB7T/p1GFMovGb mJoVK7/jR/iRV0roTQj6YHjkg2SujDg2XcYAQ7dDJecHVpYGcmHyPstTdEkXHx/iBR9f/qW9sxf wIPn26zCsMaFxI4y2OGMCenfLVQJxmihgQmDYteHtpV3LBPDjPcM5vc0S5mE7Tn4H/cB4+o8GiX eLIqph1n4IB6bfnpa5MZzVBPSvUcdm5ys61w8ZtOgukSd1oYQsEbUugfaTubhOhckSA== X-Received: by 2002:a05:6a00:1826:b0:82f:37e3:ae6e with SMTP id d2e1a72fcca58-82f8c961f73mr14778545b3a.31.1776703960581; Mon, 20 Apr 2026 09:52:40 -0700 (PDT) X-Received: by 2002:a05:6a00:1826:b0:82f:37e3:ae6e with SMTP id d2e1a72fcca58-82f8c961f73mr14778507b3a.31.1776703960042; Mon, 20 Apr 2026 09:52:40 -0700 (PDT) Received: from [192.168.100.100] (82-64-211-94.subs.proxad.net. [82.64.211.94]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82f8ebb3829sm11721592b3a.31.2026.04.20.09.52.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 20 Apr 2026 09:52:39 -0700 (PDT) Message-ID: <619d75bc-4b1c-4563-b6e9-0db37598e19f@redhat.com> Date: Mon, 20 Apr 2026 18:52:33 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 08/11] fwd_rule: Move ephemeral port probing to fwd_rule.c To: David Gibson , passt-dev@passt.top, Stefano Brivio References: <20260417050520.102247-1-david@gibson.dropbear.id.au> <20260417050520.102247-9-david@gibson.dropbear.id.au> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: <20260417050520.102247-9-david@gibson.dropbear.id.au> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: C3jll-DA_Eh06q-CeK6yjqyBtgJPAhdo5fOaoptY_is_1776703961 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: RDN2ZDJARIVBYXIOETHRI5NW4ZSN36JM X-Message-ID-Hash: RDN2ZDJARIVBYXIOETHRI5NW4ZSN36JM X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 4/17/26 07:05, David Gibson wrote: > We want to move parsing of forward rule options to fwd_rule.c so it can > eventually be shared with a configuration client. As a preliminary step, > move the ephemeral port probing there, which that will need to use. > > Signed-off-by: David Gibson Reviewed-by: Laurent Vivier > --- > fwd.c | 73 -------------------------------------------------- > fwd.h | 6 ----- > fwd_rule.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > fwd_rule.h | 6 +++++ > 4 files changed, 84 insertions(+), 79 deletions(-) > > diff --git a/fwd.c b/fwd.c > index aa966731..9a7053fd 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -34,12 +34,6 @@ > #include "arp.h" > #include "ndp.h" > > -/* Ephemeral port range: values from RFC 6335 */ > -static in_port_t fwd_ephemeral_min = (1 << 15) + (1 << 14); > -static in_port_t fwd_ephemeral_max = NUM_PORTS - 1; > - > -#define PORT_RANGE_SYSCTL "/proc/sys/net/ipv4/ip_local_port_range" > - > #define NEIGH_TABLE_SLOTS 1024 > #define NEIGH_TABLE_SIZE (NEIGH_TABLE_SLOTS / 2) > static_assert((NEIGH_TABLE_SLOTS & (NEIGH_TABLE_SLOTS - 1)) == 0, > @@ -249,73 +243,6 @@ void fwd_neigh_table_init(const struct ctx *c) > fwd_neigh_table_update(c, &mga, c->our_tap_mac, true); > } > > -/** fwd_probe_ephemeral() - Determine what ports this host considers ephemeral > - * > - * Work out what ports the host thinks are emphemeral and record it for later > - * use by fwd_port_is_ephemeral(). If we're unable to probe, assume the range > - * recommended by RFC 6335. > - */ > -void fwd_probe_ephemeral(void) > -{ > - char *line, *tab, *end; > - struct lineread lr; > - long min, max; > - ssize_t len; > - int fd; > - > - fd = open(PORT_RANGE_SYSCTL, O_RDONLY | O_CLOEXEC); > - if (fd < 0) { > - warn_perror("Unable to open %s", PORT_RANGE_SYSCTL); > - return; > - } > - > - lineread_init(&lr, fd); > - len = lineread_get(&lr, &line); > - close(fd); > - > - if (len < 0) > - goto parse_err; > - > - tab = strchr(line, '\t'); > - if (!tab) > - goto parse_err; > - *tab = '\0'; > - > - errno = 0; > - min = strtol(line, &end, 10); > - if (*end || errno) > - goto parse_err; > - > - errno = 0; > - max = strtol(tab + 1, &end, 10); > - if (*end || errno) > - goto parse_err; > - > - if (min < 0 || min >= (long)NUM_PORTS || > - max < 0 || max >= (long)NUM_PORTS) > - goto parse_err; > - > - fwd_ephemeral_min = min; > - fwd_ephemeral_max = max; > - > - return; > - > -parse_err: > - warn("Unable to parse %s", PORT_RANGE_SYSCTL); > -} > - > -/** > - * fwd_port_map_ephemeral() - Mark ephemeral ports in a bitmap > - * @map: Bitmap to update > - */ > -void fwd_port_map_ephemeral(uint8_t *map) > -{ > - unsigned port; > - > - for (port = fwd_ephemeral_min; port <= fwd_ephemeral_max; port++) > - bitmap_set(map, port); > -} > - > /* Forwarding table storage, generally accessed via pointers in struct ctx */ > static struct fwd_table fwd_in; > static struct fwd_table fwd_out; > diff --git a/fwd.h b/fwd.h > index 3e365d35..e664d1d0 100644 > --- a/fwd.h > +++ b/fwd.h > @@ -20,12 +20,6 @@ > > struct flowside; > > -/* Number of ports for both TCP and UDP */ > -#define NUM_PORTS (1U << 16) > - > -void fwd_probe_ephemeral(void); > -void fwd_port_map_ephemeral(uint8_t *map); > - > #define FWD_RULE_BITS 8 > #define MAX_FWD_RULES MAX_FROM_BITS(FWD_RULE_BITS) > #define FWD_NO_HINT (-1) > diff --git a/fwd_rule.c b/fwd_rule.c > index 47d8df1c..9d489827 100644 > --- a/fwd_rule.c > +++ b/fwd_rule.c > @@ -15,9 +15,87 @@ > * Author: David Gibson > */ > > +#include > +#include > #include > +#include > > #include "fwd_rule.h" > +#include "lineread.h" > +#include "log.h" > + > +/* Ephemeral port range: values from RFC 6335 */ > +static in_port_t fwd_ephemeral_min = (1 << 15) + (1 << 14); > +static in_port_t fwd_ephemeral_max = NUM_PORTS - 1; > + > +#define PORT_RANGE_SYSCTL "/proc/sys/net/ipv4/ip_local_port_range" > + > +/** fwd_probe_ephemeral() - Determine what ports this host considers ephemeral > + * > + * Work out what ports the host thinks are emphemeral and record it for later > + * use by fwd_port_is_ephemeral(). If we're unable to probe, assume the range > + * recommended by RFC 6335. > + */ > +void fwd_probe_ephemeral(void) > +{ > + char *line, *tab, *end; > + struct lineread lr; > + long min, max; > + ssize_t len; > + int fd; > + > + fd = open(PORT_RANGE_SYSCTL, O_RDONLY | O_CLOEXEC); > + if (fd < 0) { > + warn_perror("Unable to open %s", PORT_RANGE_SYSCTL); > + return; > + } > + > + lineread_init(&lr, fd); > + len = lineread_get(&lr, &line); > + close(fd); > + > + if (len < 0) > + goto parse_err; > + > + tab = strchr(line, '\t'); > + if (!tab) > + goto parse_err; > + *tab = '\0'; > + > + errno = 0; > + min = strtol(line, &end, 10); > + if (*end || errno) > + goto parse_err; > + > + errno = 0; > + max = strtol(tab + 1, &end, 10); > + if (*end || errno) > + goto parse_err; > + > + if (min < 0 || min >= (long)NUM_PORTS || > + max < 0 || max >= (long)NUM_PORTS) > + goto parse_err; > + > + fwd_ephemeral_min = min; > + fwd_ephemeral_max = max; > + > + return; > + > +parse_err: > + warn("Unable to parse %s", PORT_RANGE_SYSCTL); > +} > + > +/** > + * fwd_port_map_ephemeral() - Mark ephemeral ports in a bitmap > + * @map: Bitmap to update > + */ > +void fwd_port_map_ephemeral(uint8_t *map) > +{ > + unsigned port; > + > + for (port = fwd_ephemeral_min; port <= fwd_ephemeral_max; port++) > + bitmap_set(map, port); > +} > > /** > * fwd_rule_addr() - Return match address for a rule > diff --git a/fwd_rule.h b/fwd_rule.h > index edba6782..5c7b67aa 100644 > --- a/fwd_rule.h > +++ b/fwd_rule.h > @@ -17,6 +17,9 @@ > #include "inany.h" > #include "bitmap.h" > > +/* Number of ports for both TCP and UDP */ > +#define NUM_PORTS (1U << 16) > + > /* Forwarding capability bits */ > #define FWD_CAP_IPV4 BIT(0) > #define FWD_CAP_IPV6 BIT(1) > @@ -51,6 +54,9 @@ struct fwd_rule { > uint8_t flags; > }; > > +void fwd_probe_ephemeral(void); > +void fwd_port_map_ephemeral(uint8_t *map); > + > #define FWD_RULE_STRLEN \ > (IPPROTO_STRLEN - 1 \ > + INANY_ADDRSTRLEN - 1 \