From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=R7ZITnD5;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	by passt.top (Postfix) with ESMTPS id 73A945A0262
	for <passt-dev@passt.top>; Sat, 25 Apr 2026 00:39:02 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1777070341;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=0Git3o/uOa7N+i9xdMTNECUIkm8AyYwwvhWhcqOgEDQ=;
	b=R7ZITnD5SClgIrouS/sRBGqet9ZAZGUqwLK8UqcxNiSbKryMi0JrB9Z8ZKkQhiUqJGrjoe
	4f5U2dvbGbYtMub3g38IlWF6GjWr2QHjfPKT6hoQrmhN/D9pFv/Q2IBlHSzGO4cj5TQc1X
	m21T3h/a3UERX0LTo87n8XG6w/wc8Ow=
Received: from mail-qk1-f197.google.com (mail-qk1-f197.google.com
 [209.85.222.197]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-587-pbkpmUefPJuXpVJn39mFUg-1; Fri, 24 Apr 2026 18:39:00 -0400
X-MC-Unique: pbkpmUefPJuXpVJn39mFUg-1
X-Mimecast-MFC-AGG-ID: pbkpmUefPJuXpVJn39mFUg_1777070339
Received: by mail-qk1-f197.google.com with SMTP id af79cd13be357-8eb52a22eb6so1223342285a.0
        for <passt-dev@passt.top>; Fri, 24 Apr 2026 15:38:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777070339; x=1777675139;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=0Git3o/uOa7N+i9xdMTNECUIkm8AyYwwvhWhcqOgEDQ=;
        b=FNd2YXeWNdo5QVuIoJzHtUPog8ualb4wab84P7EJZDcES8MKEEexL6+5Hv0hfjY1re
         iQ7eGbe0q+zV5KVPSkoTJYBEIAA0nhv0J4SB6eDdr0UuwaVIz9Nqc4Ses0xp8gEblIpL
         k42ND9Vx01DfM0sl+CbQ6FLGOlgHHwiEOpr7zd+tHCOIy2/ntJl+hsPUXWmp6Da7hyWG
         xlqCoX73E0pX6KPipTB4hzO8GP4r/f9WsZJIEJJaRRV1T89/jPOMdpCi4B8ZFlSx2679
         WFsG1sZQ4q8FbbCb31vsfFq+koMGfvcgXbFIPZX4B8hOjE/RG762eoX/bobtfpjr9f3D
         ak0A==
X-Forwarded-Encrypted: i=1; AFNElJ/Blninzj/Jvk+OahrPGAp58wILppffOoPcVEDtK3J0hLyKS9Uzdz9rSuzauK36QFDce8xkYziWZFc=@passt.top
X-Gm-Message-State: AOJu0Yy7SkPL0CRD5w1bEsFgNvouaj5ZGqpNpOnHoZACIbDmbLRGlbK9
	XB30vfMYRhJ9oR/YKeTbnKubBQMqABfGxuFDjGn6c5vl9gLkjus+FfrnQgVagVZxDkujHJrGPfK
	QyOOQ9ktYjGL206zoeBBSvrp2+xg2U/D9f3o+HRntj8L5+Ol61Nc5Glz6vTutZ+cm
X-Gm-Gg: AeBDiesJGq2pGBRqPiB8ryYJeY8X/oAttnoIC/+yqhePz3SoZxY39l+OePehq50qfcI
	cuqkXIB4c9HynYs/U3JO/Yb2GyE4uDZ2lqYyzh1rJKNHg+uE2NsZBiZkfBtUIqwoGw0AZCOje1E
	MDeKrj5D9XF88Eso79VUxQJRyJUIporUXKg0ht0LImtHVRFc4XrPtVyLlgrEytMg66ZZuF9cgFT
	BTierGisPSkVH7zpFtY5s6Xmf6b9R29FUZ7RzoWCJ/CecUBwBLm5zs/19bOem7trkb9/K/1ppQC
	aFcwwfgD13UieYsy/rA1Qf/bjNhC9LXCrhxLeQ3m/Kixyj31w3YW4MVkvP8S17bbzmfpII2lhiT
	BedYLesNUp3/MhZDGbPgSXx8I0+2AHMRUzjgl+AUSyr885Vx/a9mccvxswiNL7NTn99wofif5UL
	vabiGi6UGcIjzNUswz5luutZc=
X-Received: by 2002:a05:620a:1a26:b0:8cf:d565:fcbb with SMTP id af79cd13be357-8e78f44328amr4940499385a.11.1777070339251;
        Fri, 24 Apr 2026 15:38:59 -0700 (PDT)
X-Received: by 2002:a05:620a:1a26:b0:8cf:d565:fcbb with SMTP id af79cd13be357-8e78f44328amr4940496885a.11.1777070338787;
        Fri, 24 Apr 2026 15:38:58 -0700 (PDT)
Received: from [192.168.2.15] (lnsm4-toronto63-142-116-28-118.internet.virginmobile.ca. [142.116.28.118])
        by smtp.gmail.com with ESMTPSA id af79cd13be357-8e7d5fe98dcsm2109357985a.7.2026.04.24.15.38.57
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 24 Apr 2026 15:38:58 -0700 (PDT)
Message-ID: <9c7a09d6-b4f2-429f-b5c9-7aed19a81902@redhat.com>
Date: Fri, 24 Apr 2026 18:38:57 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v5 17/18] pesto, conf: Send updated rules from pesto back
 to passt/pasta
To: David Gibson <david@gibson.dropbear.id.au>,
 Stefano Brivio <sbrivio@redhat.com>, passt-dev@passt.top
References: <20260421062516.2601204-1-david@gibson.dropbear.id.au>
 <20260421062516.2601204-18-david@gibson.dropbear.id.au>
From: Jon Maloy <jmaloy@redhat.com>
In-Reply-To: <20260421062516.2601204-18-david@gibson.dropbear.id.au>
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: Sv0GNbKLj_obtMR5Qs4L69x4HisptXH3eL-zcH7JLVs_1777070339
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID-Hash: RWPX73FCFWL2QYLUXAVOVNBN75RNJ7CI
X-Message-ID-Hash: RWPX73FCFWL2QYLUXAVOVNBN75RNJ7CI
X-MailFrom: jmaloy@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/9c7a09d6-b4f2-429f-b5c9-7aed19a81902@redhat.com/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/RWPX73FCFWL2QYLUXAVOVNBN75RNJ7CI/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>



On 2026-04-21 02:25, David Gibson wrote:
> Extend pesto to send the updated rule configuration back to passt/pasta.
> Extend passt/pasta to read the new configuration and store the new rules in
> a "pending" table.   We don't yet attempt to activate them.
> 
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> Message-ID: <20260322141843.4095972-3-sbrivio@redhat.com>
> [dwg: Based on an early draft from Stefano]\
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

[...]
>   
> +/**
> + * conf_recv_rules() - Receive forwarding rules from configuration client
> + * @c:		Execution context
> + * @fd:		Socket to the client
> + *
> + * Return: 0 on success, -1 on failure
> + */
> +static int conf_recv_rules(const struct ctx *c, int fd)
> +{
> +	while (1) {
> +		struct fwd_table *fwd;
> +		struct fwd_rule r;
> +		uint32_t count;
> +		uint8_t pif;
> +		unsigned i;
> +
> +		if (read_u8(fd, &pif))
> +			return -1;
> +
> +		if (pif == PIF_NONE)
> +			break;
> +
> +		if (pif >= ARRAY_SIZE(c->fwd_pending) ||
> +		    !(fwd = c->fwd_pending[pif])) {
> +			err("Received rules for non-existent table");
> +			return -1;
> +		}
> +
> +		if (read_u32(fd, &count))
> +			return -1;
> +
> +		if (count > MAX_FWD_RULES) {
> +			err("Received %"PRIu32" rules (maximum %u)",
> +			    count, MAX_FWD_RULES);
> +			return -1;
> +		}
> +
> +		for (i = 0; i < count; i++) {
> +			fwd_rule_read(fd, &r);

Since we don't check the return value I think we risk passing an only 
partially initialized fwd_rule to fwd_rule_add() if the read fails.
Maybe:
   if (fwd_rule_read(fd, &r))
       return -1;

/jon
> +			if (fwd_rule_add(fwd, &r) < 0)
> +				return -1;
> +		}
> +	}
> +
> +	return 0;
> +}
> +
>   /**
>    * conf_close() - Close configuration / control socket and clean up
>    * @c:		Execution context
> @@ -2072,21 +2119,33 @@ fail:
>   void conf_handler(struct ctx *c, uint32_t events)
>   {
>   	if (events & EPOLLIN) {
> -		char discard[BUFSIZ];
> -		ssize_t n;
> -
> -		do {
> -			n = read(c->fd_control, discard, sizeof(discard));
> -			if (n > 0)
> -				debug("Discarded %zd bytes of config data", n);
> -		} while (n > 0);
> -		if (n == 0) {
> -			debug("Configuration client EOF");
> -			goto close;
> +		unsigned pif;
> +
> +		/* Clear pending tables */
> +		for (pif = 0; pif < PIF_NUM_TYPES; pif++) {
> +			struct fwd_table *fwd = c->fwd_pending[pif];
> +
> +			if (!fwd)
> +				continue;
> +			fwd->count = 0;
> +			fwd->sock_count = 0;
>   		}
> -		if (errno != EAGAIN && errno != EWOULDBLOCK) {
> -			err_perror("Error reading config data");
> +
> +		/* FIXME: this could block indefinitely if the client doesn't
> +		 * write as much as it should
> +		 */
> +		if (conf_recv_rules(c, c->fd_control) < 0)
>   			goto close;
> +
> +		for (pif = 0; pif < PIF_NUM_TYPES; pif++) {
> +			struct fwd_table *fwd = c->fwd_pending[pif];
> +
> +			if (!fwd)
> +				continue;
> +
> +			info("New forwarding rules for %s:", pif_name(pif));
> +			fwd_rules_dump(info, fwd->rules, fwd->count,
> +				       "    ", "");
>   		}
>   	}
>   
> diff --git a/fwd.c b/fwd.c
> index 8849cfcd..d93d2e5d 100644
> --- a/fwd.c
> +++ b/fwd.c
> @@ -247,6 +247,9 @@ void fwd_neigh_table_init(const struct ctx *c)
>   static struct fwd_table fwd_in;
>   static struct fwd_table fwd_out;
>   
> +static struct fwd_table fwd_in_pending;
> +static struct fwd_table fwd_out_pending;
> +
>   /**
>    * fwd_rule_init() - Initialise forwarding tables
>    * @c:		Execution context
> @@ -269,10 +272,15 @@ void fwd_rule_init(struct ctx *c)
>   		caps |= FWD_CAP_IFNAME;
>   
>   	fwd_in.caps = fwd_out.caps = caps;
> +	fwd_in_pending.caps = fwd_out_pending.caps = caps;
>   
>   	c->fwd[PIF_HOST] = &fwd_in;
> -	if (c->mode == MODE_PASTA)
> +	c->fwd_pending[PIF_HOST] = &fwd_in_pending;
> +
> +	if (c->mode == MODE_PASTA) {
>   		c->fwd[PIF_SPLICE] = &fwd_out;
> +		c->fwd_pending[PIF_SPLICE] = &fwd_out_pending;
> +	}
>   }
>   
>   /**
> diff --git a/passt.h b/passt.h
> index b3f049de..1726965d 100644
> --- a/passt.h
> +++ b/passt.h
> @@ -188,6 +188,7 @@ struct ip6_ctx {
>    * @pasta_ifi:		Index of namespace interface for pasta
>    * @pasta_conf_ns:	Configure namespace after creating it
>    * @fwd:		Forwarding tables
> + * @fwd_pending:	Pending forward tables
>    * @no_tcp:		Disable TCP operation
>    * @tcp:		Context for TCP protocol handler
>    * @no_udp:		Disable UDP operation
> @@ -270,6 +271,7 @@ struct ctx {
>   	int pasta_conf_ns;
>   
>   	struct fwd_table *fwd[PIF_NUM_TYPES];
> +	struct fwd_table *fwd_pending[PIF_NUM_TYPES];
>   
>   	int no_tcp;
>   	struct tcp_ctx tcp;
> diff --git a/pesto.c b/pesto.c
> index ebac6bd6..c6c595a4 100644
> --- a/pesto.c
> +++ b/pesto.c
> @@ -225,6 +225,39 @@ static bool read_pif_conf(int fd, struct configuration *conf)
>   	return true;
>   }
>   
> +/**
> + * send_conf() - Send updated configuration to passt/pasta
> + * @fd:		Control socket
> + * @conf:	Updated configuration
> + */
> +static void send_conf(int fd, const struct configuration *conf)
> +{
> +	unsigned i;
> +
> +	for (i = 0; i < conf->npifs; i++) {
> +		const struct pif_configuration *pc = &conf->pif[i];
> +		unsigned j;
> +
> +		if (write_u8(fd, pc->pif) < 0)
> +			goto fail;
> +
> +		if (write_u32(fd, pc->fwd.count) < 0)
> +			goto fail;
> +
> +		for (j = 0; j < pc->fwd.count; j++) {
> +			if (fwd_rule_write(fd, &pc->fwd.rules[j]) < 0)
> +				goto fail;
> +		}
> +	}
> +
> +	if (write_u8(fd, PIF_NONE) < 0)
> +		goto fail;
> +	return;
> +
> +fail:
> +	die_perror("Error writing to control socket");
> +}
> +
>   /**
>    * show_conf() - Show current configuration obtained from passt/pasta
>    * @conf:	Configuration description
> @@ -427,6 +460,8 @@ int main(int argc, char **argv)
>   		show_conf(&conf);
>   	}
>   
> +	send_conf(s, &conf);
> +
>   noupdate:
>   	if (shutdown(s, SHUT_RDWR) < 0 || close(s) < 0)
>   		die_perror("Error shutting down control socket");