From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=M0kOIKVQ; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id DCD995A0265 for ; Wed, 06 May 2026 13:19:45 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1778066384; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=NnzwebRBjto58mUlfTw9Sz4nEPjyiOHTbebQu1tyHYk=; b=M0kOIKVQ3/z8r36kczUtMSA3UYbeU5vntU/tU4lqV+EnShOgiXoAi/MUFpZ4kpA8t1TdwL ymw49hfXDaYQyO7/o4Hz4/biNz3WKSTRsLdG7bCMWMcE5FPkDrwyczTohGWoOhj5iyr/A/ 3EBUE7EQIeO6bXByhXL9v0SCkVt48Pc= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-157-rME6weHvOwaoBAMMOeVuDg-1; Wed, 06 May 2026 07:19:42 -0400 X-MC-Unique: rME6weHvOwaoBAMMOeVuDg-1 X-Mimecast-MFC-AGG-ID: rME6weHvOwaoBAMMOeVuDg_1778066381 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-48d121738feso21691665e9.2 for ; Wed, 06 May 2026 04:19:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778066381; x=1778671181; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=NnzwebRBjto58mUlfTw9Sz4nEPjyiOHTbebQu1tyHYk=; b=aNegZryVu5dkIAAg1sAOvkuCwOb2MUHGRlan6rFPavhtLSlK9CLWFYGjf4vKY3hmmu DM6Zi9JoUSuOvRXqPxZHrz+qLqbKdqonBj86yZFJA7yZhxBEh8It2i8lpl5WlLAWK/hX SEs8d8eVsX489rwoXER+JiUp0ioM1OgRvSegp2zUbRTLsYCc5wZlrb+CYHWgKxzGNIXZ b5bBarylfNZOtVWc6k4PsYYa5OlJNbYuFToACJ4bflTAy0Sklw0qGDwaS+eKx+nGVO1n 7yIA63PlKJftz/loHOIPb37QIvNbfDQNs2zDNzmCEKmGKbW1HQnEdQ1rrSMNUrJ38BZW kuJw== X-Forwarded-Encrypted: i=1; AFNElJ/ZY0urlrRlCUFkDWQMR+SEnLfXebjsqCVJ1OzLkrOFBe8C+6dvNoo33OpjsTNBshyEZlFYq6RY9Ok=@passt.top X-Gm-Message-State: AOJu0YziSItrbcsTfyAsdrwsp13NoX5bgcDsI+pdFao8ZBskRzmK0x5z JMHHNhPv+H/CRIqv+qSdjE2QW66wVcKIYdBlmhFk3eEnLSMSDx3IfGmPC+RHF8cHDKj1qusXigE xgs3GhxMd597+vQrhUWrHbH7E+0f0YlcoFXoEQPikzrVz5xo5jWh2Hw== X-Gm-Gg: AeBDievjxN4YNj0qwahbjVkqFSmA/vllTO4wee0+L4focse6Hq5fsByXH6BCekjyo9m /Wjoonqzv42+Aizdg8s9axRQ9iG7m9MlgmhC/fbHuY0TQu3HV1zYRz1AddUU+v4gVZCoaTIODmZ hq5XXmtNBFDKR+W86CPhF+TojHoAlHyatvM/l1fLIjKkAcCHgMYRgFYXg9gpm8qi7KFAKN0kt9y u0iunf5pZHzOrn1RoZpmwCLkAKJ3WZsqtRlltBeuLonDd56LYkV8mkA9Umx9RApTA07UFu/0z4X BcN2FfhbTHB0t0ymeLi1d2r7FrBqAxd1QQcJZDq9IFtN1vWNM4GDtp4HLTQf7fEuHfs6UzEG70i ZdtEaftZT+UShWdcY0zZvFkqFaWrVJLPOqiaqV580AsdzeGTUVJE99Hbk0Xr6Cs3j2Q== X-Received: by 2002:a05:600c:4592:b0:488:7ff6:1f75 with SMTP id 5b1f17b1804b1-48e51f3c4e5mr52441585e9.21.1778066380825; Wed, 06 May 2026 04:19:40 -0700 (PDT) X-Received: by 2002:a05:600c:4592:b0:488:7ff6:1f75 with SMTP id 5b1f17b1804b1-48e51f3c4e5mr52441025e9.21.1778066380315; Wed, 06 May 2026 04:19:40 -0700 (PDT) Received: from [192.168.100.100] (82-64-211-94.subs.proxad.net. [82.64.211.94]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48e538a8159sm45636235e9.6.2026.05.06.04.19.39 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 06 May 2026 04:19:39 -0700 (PDT) Message-ID: <70cb8127-2013-460f-aa4b-33c9beb8d78e@redhat.com> Date: Wed, 6 May 2026 13:19:39 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v9 16/23] pesto, conf: Send updated rules from pesto back to passt/pasta To: Stefano Brivio , passt-dev@passt.top References: <20260506092241.1607480-1-sbrivio@redhat.com> <20260506092241.1607480-17-sbrivio@redhat.com> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: <20260506092241.1607480-17-sbrivio@redhat.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: h0FidgVSHry2qAfUfw744KRC0DDDOWYc-QQrcBm1fuY_1778066381 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: 63HZUUT2S4FDSCRVUSRBHE6VVVHFFSSY X-Message-ID-Hash: 63HZUUT2S4FDSCRVUSRBHE6VVVHFFSSY X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Jon Maloy , David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 5/6/26 11:22, Stefano Brivio wrote: > From: David Gibson > > Extend pesto to send the updated rule configuration back to passt/pasta. > Extend passt/pasta to read the new configuration and store the new rules in > a "pending" table. We don't yet attempt to activate them. > > Signed-off-by: Stefano Brivio > [dwg: Based on an early draft from Stefano] > [sbrivio: Add redundant check on interface names being terminated in > conf_recv_rules(), to make static checkers happy] > [sbrivio: Make conf_recv_rules() return -1 if fwd_rule_read() fails, > as suggested by Jon Maloy] > [sbrivio: Fix conflicts in Makefile] > Signed-off-by: David Gibson Reviewed-by: Laurent Vivier > --- > conf.c | 94 +++++++++++++++++++++++++++++++++++++++++++++++++-------- > fwd.c | 10 +++++- > passt.h | 2 ++ > pesto.c | 35 +++++++++++++++++++++ > 4 files changed, 127 insertions(+), 14 deletions(-) > > diff --git a/conf.c b/conf.c > index 9de0ed3..60448d7 100644 > --- a/conf.c > +++ b/conf.c > @@ -1973,6 +1973,62 @@ static int conf_send_rules(const struct ctx *c, int fd) > return 0; > } > > +/** > + * conf_recv_rules() - Receive forwarding rules from configuration client > + * @c: Execution context > + * @fd: Socket to the client > + * > + * Return: 0 on success, -1 on failure > + */ > +static int conf_recv_rules(const struct ctx *c, int fd) > +{ > + while (1) { > + struct fwd_table *fwd; > + struct fwd_rule r; > + uint32_t count; > + uint8_t pif; > + unsigned i; > + > + if (read_u8(fd, &pif)) > + return -1; > + > + if (pif == PIF_NONE) > + break; > + > + if (pif >= ARRAY_SIZE(c->fwd_pending) || > + !(fwd = c->fwd_pending[pif])) { > + err("Received rules for non-existent table"); > + return -1; > + } > + > + if (read_u32(fd, &count)) > + return -1; > + > + if (count > MAX_FWD_RULES) { > + err("Received %"PRIu32" rules (maximum %u)", > + count, MAX_FWD_RULES); > + return -1; > + } > + > + for (i = 0; i < count; i++) { > + if (fwd_rule_read(fd, &r)) > + return -1; > + > + if (r.ifname[sizeof(r.ifname) - 1]) { > + err("Interface name was not NULL terminated"); > + return -1; > + } > + /* Redundant, to make static checkers happy */ > + r.ifname[sizeof(r.ifname) - 1] = '\0'; > + > + if (fwd_rule_add(fwd, &r) < 0) > + return -1; > + } > + } > + > + return 0; > +} > + > /** > * conf_close() - Close configuration / control socket and clean up > * @c: Execution context > @@ -2076,21 +2132,33 @@ fail: > void conf_handler(struct ctx *c, uint32_t events) > { > if (events & EPOLLIN) { > - char discard[BUFSIZ]; > - ssize_t n; > - > - do { > - n = read(c->fd_control, discard, sizeof(discard)); > - if (n > 0) > - debug("Discarded %zd bytes of config data", n); > - } while (n > 0); > - if (n == 0) { > - debug("Configuration client EOF"); > - goto close; > + unsigned pif; > + > + /* Clear pending tables */ > + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { > + struct fwd_table *fwd = c->fwd_pending[pif]; > + > + if (!fwd) > + continue; > + fwd->count = 0; > + fwd->sock_count = 0; > } > - if (errno != EAGAIN && errno != EWOULDBLOCK) { > - err_perror("Error reading config data"); > + > + /* FIXME: this could block indefinitely if the client doesn't > + * write as much as it should > + */ > + if (conf_recv_rules(c, c->fd_control) < 0) > goto close; > + > + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { > + struct fwd_table *fwd = c->fwd_pending[pif]; > + > + if (!fwd) > + continue; > + > + info("New forwarding rules for %s:", pif_name(pif)); > + fwd_rules_dump(info, fwd->rules, fwd->count, > + " ", ""); > } > } > > diff --git a/fwd.c b/fwd.c > index 8849cfc..d93d2e5 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -247,6 +247,9 @@ void fwd_neigh_table_init(const struct ctx *c) > static struct fwd_table fwd_in; > static struct fwd_table fwd_out; > > +static struct fwd_table fwd_in_pending; > +static struct fwd_table fwd_out_pending; > + > /** > * fwd_rule_init() - Initialise forwarding tables > * @c: Execution context > @@ -269,10 +272,15 @@ void fwd_rule_init(struct ctx *c) > caps |= FWD_CAP_IFNAME; > > fwd_in.caps = fwd_out.caps = caps; > + fwd_in_pending.caps = fwd_out_pending.caps = caps; > > c->fwd[PIF_HOST] = &fwd_in; > - if (c->mode == MODE_PASTA) > + c->fwd_pending[PIF_HOST] = &fwd_in_pending; > + > + if (c->mode == MODE_PASTA) { > c->fwd[PIF_SPLICE] = &fwd_out; > + c->fwd_pending[PIF_SPLICE] = &fwd_out_pending; > + } > } > > /** > diff --git a/passt.h b/passt.h > index b3f049d..1726965 100644 > --- a/passt.h > +++ b/passt.h > @@ -188,6 +188,7 @@ struct ip6_ctx { > * @pasta_ifi: Index of namespace interface for pasta > * @pasta_conf_ns: Configure namespace after creating it > * @fwd: Forwarding tables > + * @fwd_pending: Pending forward tables > * @no_tcp: Disable TCP operation > * @tcp: Context for TCP protocol handler > * @no_udp: Disable UDP operation > @@ -270,6 +271,7 @@ struct ctx { > int pasta_conf_ns; > > struct fwd_table *fwd[PIF_NUM_TYPES]; > + struct fwd_table *fwd_pending[PIF_NUM_TYPES]; > > int no_tcp; > struct tcp_ctx tcp; > diff --git a/pesto.c b/pesto.c > index 16b3a5a..73fdc39 100644 > --- a/pesto.c > +++ b/pesto.c > @@ -230,6 +230,39 @@ static bool read_pif_conf(int fd, struct configuration *conf) > return true; > } > > +/** > + * send_conf() - Send updated configuration to passt/pasta > + * @fd: Control socket > + * @conf: Updated configuration > + */ > +static void send_conf(int fd, const struct configuration *conf) > +{ > + unsigned i; > + > + for (i = 0; i < conf->npifs; i++) { > + const struct pif_configuration *pc = &conf->pif[i]; > + unsigned j; > + > + if (write_u8(fd, pc->pif) < 0) > + goto fail; > + > + if (write_u32(fd, pc->fwd.count) < 0) > + goto fail; > + > + for (j = 0; j < pc->fwd.count; j++) { > + if (fwd_rule_write(fd, &pc->fwd.rules[j]) < 0) > + goto fail; > + } > + } > + > + if (write_u8(fd, PIF_NONE) < 0) > + goto fail; > + return; > + > +fail: > + die_perror("Error writing to control socket"); > +} > + > /** > * show_conf() - Show current configuration obtained from passt/pasta > * @conf: Configuration description > @@ -432,6 +465,8 @@ int main(int argc, char **argv) > show_conf(&conf); > } > > + send_conf(s, &conf); > + > noupdate: > if (shutdown(s, SHUT_RDWR) < 0 || close(s) < 0) > die_perror("Error shutting down control socket");