From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=X/X2Bmj5; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 71E5D5A061C for ; Mon, 04 May 2026 18:10:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1777911053; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=5Qea9jd0kkIidORvcW5H/1stQg70nyjCtcTRjaRT+Sk=; b=X/X2Bmj5H+DSSB8MuiJCOQ2I7UxLCZ1sSeojtkDibxdJGenSuBo7UfRvIQ3MAVmWv75QY+ ftReh70WEjsck7F7zjcxtiMpg5Yz0Gd//SJqAvIDrqdetRfPhDaJ/XoZrOWCBfgE8j7jYo eBArS7wgdQmOjMKYwNrc9sZXCGvog+E= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-563-gliVOGvPM9yJzqXceFlE6Q-1; Mon, 04 May 2026 12:10:51 -0400 X-MC-Unique: gliVOGvPM9yJzqXceFlE6Q-1 X-Mimecast-MFC-AGG-ID: gliVOGvPM9yJzqXceFlE6Q_1777911051 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-44dad1b938fso869892f8f.1 for ; Mon, 04 May 2026 09:10:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777911051; x=1778515851; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5Qea9jd0kkIidORvcW5H/1stQg70nyjCtcTRjaRT+Sk=; b=idwttDplU5JrkP/QSmNpldqk7BAp2/84PvscuS96xtkRlDwUdfNudzlSYzAJPvjNZh vGim/tAfSaw+1c8AWMIRTV7G6DsaIi97ObbeXUsqCxm6epoRhJy/wJPiZdyb9EyKCu6E pqB8q5IPvbQx2FxiCLHZV9MtlMFPG10k7NTBOMterNaXtOaM/sj25wSQDO7Jx7L1ph3Z iVmxZsn7v9U48JgBgR0QFfG3a9Kyz9INbTILEjWzeDVK7vo0+6w5Yezm2aSIsunTtT8r wB9SaW8tbJkF/XMPcPxDrSH6Mk0HQz2/XkxbluR3bJMW4Z9J4ELgwSTMv1lkAgRUCvog wkqg== X-Forwarded-Encrypted: i=1; AFNElJ8/NAKiwZf7DfXrF7WZnv6bh/WjCU+ljO7EvEhXKi8LBP/udJp7VUEnAilY2gwz6bl+s8N1ylJwvyM=@passt.top X-Gm-Message-State: AOJu0YzIJZR1VQjN9+4VUe3HIFOOzKkPqF8b4qsfjQ7Ro6ep6IPG8yzh XzEBT7bO+iXFe1TqyogwuXtbBaKFN1PxtyLUFEZv4+2cIbbbLNNTz/vc6IMJkEUZVmRYB+pNL0I 6VO4ezez9qXTUrD8z3vCUSQBLHTHG0zQL5JhcvJWNC9h7I+W6Is4/Yw== X-Gm-Gg: AeBDieueYvroixsO02BvFvNASRtxBD9waZpFoSZE/6EYv92G6JorMO7ipv5ZCBc3xsq CuQqwehoKRwyntSD4J4A2AU87oKOALgz6pzLZ5cetlWD041B5BoggRw7sZBqaVDub4gD88TGRuc K5Wca4daVx/bjMb5jciDcKmdW77zkBDJAlTJldtHCbLMekxeVcFzee5qvUuFRzrPoS7YStDgVec leOMEBN+H/oD/saU7ijEGEBB/8jLkLH1Bhb5zTBQ+UILqTNSSKgPrWiKkib5UcELbjcGxD4eqna 3qYUvcUHqObJ9sJzGHVL2CBxtNcEth4Stz5NGeJ5xNYOmY/+1uWpOa93jwA9y7fEM7GD7GTp+4r tM3oDHK927LCZRuxL1/PIQ02d/f0nq73stQjrI6P+aw4b9UZ4h/bmqJ0aMFGiKfcrqA== X-Received: by 2002:a05:6000:2f87:b0:43d:1cec:4766 with SMTP id ffacd0b85a97d-44bb52abc17mr17396198f8f.23.1777911050222; Mon, 04 May 2026 09:10:50 -0700 (PDT) X-Received: by 2002:a05:6000:2f87:b0:43d:1cec:4766 with SMTP id ffacd0b85a97d-44bb52abc17mr17396127f8f.23.1777911049583; Mon, 04 May 2026 09:10:49 -0700 (PDT) Received: from [192.168.100.100] (82-64-211-94.subs.proxad.net. [82.64.211.94]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-44a981defbfsm28677279f8f.17.2026.05.04.09.10.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 04 May 2026 09:10:49 -0700 (PDT) Message-ID: <709b03c7-23b8-441a-a240-c55c4e4d9e36@redhat.com> Date: Mon, 4 May 2026 18:10:48 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v6 14/18] pesto: Read current ruleset from passt/pasta and optionally display it To: Stefano Brivio , passt-dev@passt.top References: <20260503215601.823029-1-sbrivio@redhat.com> <20260503215601.823029-15-sbrivio@redhat.com> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: <20260503215601.823029-15-sbrivio@redhat.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: YExdkYxx4i2J_IR4_geaRrASCmSFdVeJxeH3qMd377o_1777911051 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: BZWM3KJK7F24QNDLDZBR2X2HOQRRPWLA X-Message-ID-Hash: BZWM3KJK7F24QNDLDZBR2X2HOQRRPWLA X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Jon Maloy , David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 5/3/26 23:55, Stefano Brivio wrote: > From: David Gibson > > Implement serialisation of our current forwarding rules in conf.c, > deserialising it to display in the pesto client. Doing this requires > adding ip.c, inany.c, bitmap.c, lineread.c and fwd_rule.c to the pesto > build. With previous preparations that now requires only a trivial change > to lineread.c. > > Signed-off-by: David Gibson > [sbrivio: Use ntohs() for rule->to instead of htons() in > fwd_rule_read(), reported by Jon Maloy] > Signed-off-by: Stefano Brivio With the "pc->fwd.count <= MAX_FWD_RULES" check added below, add: Reviewed-by: Laurent Vivier More cosmetics nit below > --- > Makefile | 17 +++++++++++++---- > conf.c | 12 +++++++++++- > fwd_rule.c | 41 +++++++++++++++++++++++++++++++++++++++++ > fwd_rule.h | 4 ++++ > lineread.c | 2 +- > pesto.c | 37 ++++++++++++++++++++++++++++++++++--- > pesto.h | 6 ++++++ > 7 files changed, 110 insertions(+), 9 deletions(-) > > diff --git a/Makefile b/Makefile > index 6da76b4..057e4eb 100644 > --- a/Makefile > +++ b/Makefile > @@ -47,7 +47,7 @@ PASST_SRCS = arch.c arp.c bitmap.c checksum.c conf.c dhcp.c dhcpv6.c \ > vhost_user.c virtio.c vu_common.c > QRAP_SRCS = qrap.c > PASST_REPAIR_SRCS = passt-repair.c > -PESTO_SRCS = pesto.c serialise.c > +PESTO_SRCS = pesto.c bitmap.c fwd_rule.c inany.c ip.c lineread.c serialise.c > SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS) $(PESTO_SRCS) > > MANPAGES = passt.1 pasta.1 pesto.1 qrap.1 passt-repair.1 > @@ -62,6 +62,8 @@ PASST_HEADERS = arch.h arp.h bitmap.h checksum.h common.h conf.h dhcp.h \ > QRAP_HEADERS = arp.h ip.h passt.h util.h > PASST_REPAIR_HEADERS = linux_dep.h > PESTO_HEADERS = common.h pesto.h log.h serialise.h Duplicate PESTO_HEADERS ^ v > +PESTO_HEADERS = common.h pesto.h bitmap.h fwd_rule.h inany.h ip.h lineread.h \ > + log.h serialise.h > > C := \#include \nint main(){int a=getrandom(0, 0, 0);} > ifeq ($(shell printf "$(C)" | $(CC) -S -xc - -o - >/dev/null 2>&1; echo $$?),0) > @@ -223,15 +225,22 @@ cppcheck: passt.cppcheck passt-repair.cppcheck pesto.cppcheck qrap.cppcheck > $(CPPCHECK) $(CPPCHECK_FLAGS) $(BASE_CPPFLAGS) $^ > > passt.cppcheck: BASE_CPPFLAGS += -UPESTO > -passt.cppcheck: CPPCHECK_FLAGS += --suppress=unusedFunction:serialise.c > +passt.cppcheck: CPPCHECK_FLAGS += \ > + --suppress=unusedFunction:fwd_rule.c \ > + --suppress=unusedFunction:serialise.c > passt.cppcheck: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h > > passt-repair.cppcheck: $(PASST_REPAIR_SRCS) $(PASST_REPAIR_HEADERS) seccomp_repair.h > > pesto.cppcheck: BASE_CPPFLAGS += -DPESTO > pesto.cppcheck: CPPCHECK_FLAGS += \ > - --suppress=unusedFunction:serialise.c \ > - --suppress=staticFunction:serialise.c > + --suppress=unusedFunction:bitmap.c \ > + --suppress=unusedFunction:inany.h \ > + --suppress=unusedFunction:inany.c \ > + --suppress=unusedFunction:ip.h \ > + --suppress=unusedFunction:fwd_rule.c \ > + --suppress=staticFunction:fwd_rule.c \ > + --suppress=unusedFunction:serialise.c > pesto.cppcheck: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h > > qrap.cppcheck: BASE_CPPFLAGS += -DARCH=\"$(TARGET_ARCH)\" > diff --git a/conf.c b/conf.c > index 3b2fe42..5e4e81e 100644 > --- a/conf.c > +++ b/conf.c > @@ -1939,21 +1939,30 @@ static int conf_send_rules(const struct ctx *c, int fd) > unsigned pif; > > for (pif = 0; pif < PIF_NUM_TYPES; pif++) { > + struct fwd_table *fwd = c->fwd[pif]; > struct pesto_pif_info info; > + unsigned i; > int rc; > > - if (!c->fwd[pif]) > + if (!fwd) > continue; > > assert(pif != PIF_NONE); > > rc = snprintf(info.name, sizeof(info.name), "%s", pif_name(pif)); > assert(rc >= 0 && (size_t)rc < sizeof(info.name)); > + info.caps = htonl(fwd->caps); > + info.count = htonl(fwd->count); > > if (write_u8(fd, pif) < 0) > return -1; > if (write_all_buf(fd, &info, sizeof(info)) < 0) > return -1; > + > + for (i = 0; i < fwd->count; i++) { > + if (fwd_rule_write(fd, &fwd->rules[i])) > + return -1; > + } > } > > if (write_u8(fd, PIF_NONE) < 0) > @@ -2006,6 +2015,7 @@ static void conf_accept(struct ctx *c) > .magic = PESTO_SERVER_MAGIC, > .version = htonl(PESTO_PROTOCOL_VERSION), > .pif_name_size = htonl(PIF_NAME_SIZE), > + .ifnamsiz = htonl(IFNAMSIZ), > }; > union epoll_ref ref = { .type = EPOLL_TYPE_CONF }; > struct ucred uc = { 0 }; > diff --git a/fwd_rule.c b/fwd_rule.c > index 7fd20dd..da9d893 100644 > --- a/fwd_rule.c > +++ b/fwd_rule.c > @@ -24,6 +24,7 @@ > #include "fwd_rule.h" > #include "lineread.h" > #include "log.h" > +#include "serialise.h" > > /* Ephemeral port range: values from RFC 6335 */ > static in_port_t fwd_ephemeral_min = (1 << 15) + (1 << 14); > @@ -645,3 +646,43 @@ void fwd_rule_parse(char optname, const char *optarg, struct fwd_table *fwd) > > fwd_rule_parse_ports(fwd, proto, addr, ifname, spec); > } > + > + > +/** > + * fwd_rule_read() - Read serialised rule from an fd > + * @fd: fd to serialise to should be "fd to deserialise from" (or something like that) > + * @rule: Buffer to store rule into > + * > + * Return: 0 on success, -1 on error (with errno set) > + */ > +int fwd_rule_read(int fd, struct fwd_rule *rule) > +{ > + if (read_all_buf(fd, rule, sizeof(*rule))) > + return -1; > + > + /* Byteswap for host */ > + rule->first = ntohs(rule->first); > + rule->last = ntohs(rule->last); > + rule->to = ntohs(rule->to); > + > + return 0; > +} > + > +/** > + * fwd_rule_write() - Serialise rule to an fd > + * @fd: fd to serialise to > + * @rule: Rule to send > + * > + * Return: 0 on success, -1 on error (with errno set) > + */ > +int fwd_rule_write(int fd, const struct fwd_rule *rule) > +{ > + struct fwd_rule tmp = *rule; > + > + /* Byteswap for transport */ > + tmp.first = htons(tmp.first); > + tmp.last = htons(tmp.last); > + tmp.to = htons(tmp.to); > + > + return write_all_buf(fd, &tmp, sizeof(tmp)); > +} > diff --git a/fwd_rule.h b/fwd_rule.h > index f51f1b4..330d49e 100644 > --- a/fwd_rule.h > +++ b/fwd_rule.h > @@ -29,6 +29,8 @@ > #define FWD_CAP_UDP BIT(3) > #define FWD_CAP_SCAN BIT(4) > #define FWD_CAP_IFNAME BIT(5) > +#define FWD_CAP_ALL (FWD_CAP_IPV4 | FWD_CAP_IPV6 | FWD_CAP_TCP | \ > + FWD_CAP_UDP | FWD_CAP_SCAN | FWD_CAP_IFNAME) > > /** > * struct fwd_rule - Forwarding rule governing a range of ports > @@ -99,6 +101,8 @@ void fwd_probe_ephemeral(void); > const union inany_addr *fwd_rule_addr(const struct fwd_rule *rule); > const char *fwd_rule_fmt(const struct fwd_rule *rule, char *dst, size_t size); > void fwd_rule_parse(char optname, const char *optarg, struct fwd_table *fwd); > +int fwd_rule_read(int fd, struct fwd_rule *rule); > +int fwd_rule_write(int fd, const struct fwd_rule *rule); > > /** > * fwd_rules_dump() - Dump forwarding rules > diff --git a/lineread.c b/lineread.c > index b9ceae1..a4269a6 100644 > --- a/lineread.c > +++ b/lineread.c > @@ -19,8 +19,8 @@ > #include > #include > > +#include "common.h" > #include "lineread.h" > -#include "util.h" > > /** > * lineread_init() - Prepare for line by line file reading without allocation > diff --git a/pesto.c b/pesto.c > index 77244b3..4bf9bd8 100644 > --- a/pesto.c > +++ b/pesto.c > @@ -34,6 +34,7 @@ > #include "common.h" > #include "seccomp_pesto.h" > #include "serialise.h" > +#include "fwd_rule.h" > #include "pesto.h" > #include "log.h" > > @@ -66,6 +67,7 @@ static void usage(const char *name, FILE *f, int status) > struct pif_configuration { > uint8_t pif; > char name[PIF_NAME_SIZE]; > + struct fwd_table fwd; > }; > > struct configuration { > @@ -123,6 +125,7 @@ static bool read_pif_conf(int fd, struct configuration *conf) > struct pif_configuration *pc; > struct pesto_pif_info info; > uint8_t pif; > + unsigned i; > > if (read_u8(fd, &pif) < 0) > die("Error reading from control socket"); > @@ -151,8 +154,17 @@ static bool read_pif_conf(int fd, struct configuration *conf) > static_assert(sizeof(info.name) == sizeof(pc->name), > "Mismatching pif name lengths"); > memcpy(pc->name, info.name, sizeof(pc->name)); > - > - debug("PIF %"PRIu8": %s", pc->pif, pc->name); > + pc->fwd.caps = ntohl(info.caps); > + pc->fwd.count = ntohl(info.count); We should check that pc->fwd.count <= MAX_FWD_RULES to avoid overflow while scanning the array. > + > + debug("PIF %"PRIu8": %s, %"PRIu32" rules, capabilities 0x%"PRIx32 > + ":%s%s%s%s%s%s", pc->pif, pc->name, pc->fwd.count, pc->fwd.caps, > + pc->fwd.caps & FWD_CAP_IPV4 ? " IPv4" : "", > + pc->fwd.caps & FWD_CAP_IPV6 ? " IPv6" : "", > + pc->fwd.caps & FWD_CAP_TCP ? " TCP" : "", > + pc->fwd.caps & FWD_CAP_UDP ? " UDP" : "", > + pc->fwd.caps & FWD_CAP_SCAN ? " scan" : "", > + pc->fwd.caps & FWD_CAP_IFNAME ? " ifname" : ""); > > /* O(n^2), but n is bounded by MAX_PIFS */ > if (pif_conf_by_num(conf, pc->pif)) > @@ -162,6 +174,18 @@ static bool read_pif_conf(int fd, struct configuration *conf) > if (pif_conf_by_name(conf, pc->name)) > die("Received duplicate interface name"); > > + /* NOTE: We read the fwd rules directly into fwd.rules, rather than > + * using fwd_rule_add(). This means we can read and display rules even > + * if something has gone wrong (in pesto or passt) and we get rules that > + * fwd_rule_add() would reject. It does have the side effect that we > + * never assign socket space for the fwd rules, but we don't need that > + * within pesto. > + */ > + for (i = 0; i < pc->fwd.count; i++) { > + if (fwd_rule_read(fd, &pc->fwd.rules[i]) < 0) > + die("Error reading from control socket"); > + } > + > conf->npifs++; > return true; > } > @@ -177,7 +201,8 @@ static void show_conf(const struct configuration *conf) > for (i = 0; i < conf->npifs; i++) { > const struct pif_configuration *pc = &conf->pif[i]; > printf(" %s\n", pc->name); > - printf(" TBD\n"); > + fwd_rules_dump(printf, pc->fwd.rules, pc->fwd.count, > + " ", "\n"); > } > } > > @@ -290,6 +315,12 @@ int main(int argc, char **argv) > ntohl(hello.pif_name_size), PIF_NAME_SIZE); > } > > + if (ntohl(hello.ifnamsiz) != IFNAMSIZ) { > + die("Server has unexpected IFNAMSIZ (%" > + PRIu32" not %"PRIu32"\n", trailing '\n' > + ntohl(hello.ifnamsiz), IFNAMSIZ); > + } > + Trailing tab :) > while (read_pif_conf(s, &conf)) > ; > > diff --git a/pesto.h b/pesto.h > index 1879759..12b0b65 100644 > --- a/pesto.h > +++ b/pesto.h > @@ -26,11 +26,13 @@ > * @magic: PESTO_SERVER_MAGIC > * @version: Version number > * @pif_name_size: Server's value for PIF_NAME_SIZE > + * @ifnamsiz: Server's value for IFNAMSIZ > */ > struct pesto_hello { > char magic[8]; > uint32_t version; > uint32_t pif_name_size; > + uint32_t ifnamsiz; > } __attribute__ ((__packed__)); > > static_assert(sizeof(PESTO_SERVER_MAGIC) > @@ -40,9 +42,13 @@ static_assert(sizeof(PESTO_SERVER_MAGIC) > /** > * struct pesto_pif_info - Message with basic metadata about a pif > * @name: Name (\0 terminated) > + * @caps: Forwarding capabilities for this pif > + * @count: Number of forwarding rules for this pif > */ > struct pesto_pif_info { > char name[PIF_NAME_SIZE]; > + uint32_t caps; > + uint32_t count; > } __attribute__ ((__packed__)); > > #endif /* PESTO_H */