From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id E7D8B5A0265 for ; Tue, 11 Oct 2022 03:23:54 +0200 (CEST) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4MmdN74gM8z4xGR; Tue, 11 Oct 2022 12:23:51 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1665451431; bh=e/829dV+4AAsGN1uSECUtdi+MUNLUA6QmrsJ8ICbBGg=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=T1o3IuYtrrEmdWlXauyac1lgArXs2fauxTuB8YgKw0i/PjzNuQv9uprNafTHUKKnF Hi2rvrsrSmP3UI2o4DTzpBFKEWtOhrzBsy0qbF/geLW4wvk7OYSt187ER7tRLbcYoE PvE/Snce3+DgFuq/JEKOKgf/5gTjaK9zQ3rr3+WQ= Date: Tue, 11 Oct 2022 11:48:20 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH v3] conf, tcp, udp: Allow specification of interface to bind to Message-ID: References: <20221010233220.1198263-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SfLdx2fMwRjAvFH4" Content-Disposition: inline In-Reply-To: <20221010233220.1198263-1-sbrivio@redhat.com> Message-ID-Hash: BKCNW6GCS2PWMICI6ETDN6YOVE4MLSRS X-Message-ID-Hash: BKCNW6GCS2PWMICI6ETDN6YOVE4MLSRS X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.3 Precedence: list List-Id: Development discussion and patches for passt Archived-At: <> Archived-At: List-Archive: <> List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --SfLdx2fMwRjAvFH4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 11, 2022 at 01:32:20AM +0200, Stefano Brivio wrote: > Since kernel version 5.7, commit c427bfec18f2 ("net: core: enable > SO_BINDTODEVICE for non-root users"), we can bind sockets to > interfaces, if they haven't been bound yet (as in bind()). >=20 > Introduce an optional interface specification for forwarded ports, > prefixed by %, that can be passed together with an address. >=20 > Reported use case: running local services that use ports we want > to have externally forwarded: > https://github.com/containers/podman/issues/14425 >=20 > Signed-off-by: Stefano Brivio > --- > v3: > - escape % characters in usage() formatting > v2: > - fix check on interface name length (spec - ifname, not > ifname - buf) >=20 > conf.c | 31 +++++++++++++++++++++---------- > icmp.c | 4 ++-- > passt.1 | 12 ++++++++++-- > tcp.c | 27 +++++++++++++++------------ > tcp.h | 2 +- > udp.c | 35 ++++++++++++++++++----------------- > udp.h | 2 +- > util.c | 19 ++++++++++++++++++- > util.h | 3 ++- > 9 files changed, 88 insertions(+), 47 deletions(-) >=20 > diff --git a/conf.c b/conf.c > index 779371f..93ca0cd 100644 > --- a/conf.c > +++ b/conf.c > @@ -180,8 +180,8 @@ static int conf_ports(const struct ctx *c, char optna= me, const char *optarg, > struct port_fwd *fwd) > { > char addr_buf[sizeof(struct in6_addr)] =3D { 0 }, *addr =3D addr_buf; > + char buf[BUFSIZ], *spec, *ifname =3D NULL, *p; > uint8_t exclude[PORT_BITMAP_SIZE] =3D { 0 }; > - char buf[BUFSIZ], *spec, *p; > sa_family_t af =3D AF_UNSPEC; > bool exclude_only =3D true; > =20 > @@ -209,9 +209,9 @@ static int conf_ports(const struct ctx *c, char optna= me, const char *optarg, > =20 > for (i =3D 0; i < PORT_EPHEMERAL_MIN; i++) { > if (optname =3D=3D 't') > - tcp_sock_init(c, 0, AF_UNSPEC, NULL, i); > + tcp_sock_init(c, 0, AF_UNSPEC, NULL, NULL, i); > else if (optname =3D=3D 'u') > - udp_sock_init(c, 0, AF_UNSPEC, NULL, i); > + udp_sock_init(c, 0, AF_UNSPEC, NULL, NULL, i); > } > =20 > return 0; > @@ -231,6 +231,14 @@ static int conf_ports(const struct ctx *c, char optn= ame, const char *optarg, > if (optname !=3D 't' && optname !=3D 'u') > goto bad; > =20 > + if ((ifname =3D strchr(buf, '%'))) { > + if (spec - ifname >=3D IFNAMSIZ - 1) > + goto bad; > + > + *ifname =3D 0; > + ifname++; > + } > + > if (inet_pton(AF_INET, buf, addr)) > af =3D AF_INET; > else if (inet_pton(AF_INET6, buf, addr)) > @@ -278,9 +286,9 @@ static int conf_ports(const struct ctx *c, char optna= me, const char *optarg, > bitmap_set(fwd->map, i); > =20 > if (optname =3D=3D 't') > - tcp_sock_init(c, 0, af, addr, i); > + tcp_sock_init(c, 0, af, addr, NULL, i); > else if (optname =3D=3D 'u') > - udp_sock_init(c, 0, af, addr, i); > + udp_sock_init(c, 0, af, addr, NULL, i); AFAICT nothing prevents specifying an interface with the exclude only case, in which case shouldn't you also be passing ifname here? Apart from that, LGTM. --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --SfLdx2fMwRjAvFH4 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoULxWu4/Ws0dB+XtgypY4gEwYSIFAmNEvU0ACgkQgypY4gEw YSKgQhAAvsahjfXKx5ZTtbziSCBlbjANUPn6mRR39qh3bZ3YaHd2dZET3xYRwKsG c19d3oE2sLvDg1IFHdbrPkIxvPCYxntygtiSeyxRQ+tyBw18Qu5ywUvm4vDoIE5c 7/AzLahmiLFaGahvGduVeUt8P+pEOYmen9N3XwYcItEPDFy7iSm9Z1mY/CQLBWSJ CxfDkrgpiyV9y+7eWwKK/o9OlVdH2MCB6Z145NwMOpUW9A93Zb1aPKkpreTgQU6M ufFODMXgDgkIGos/RmZX3z8wC17ix57HN088M/WvVxUxxE9sPp0fQWpgNrbCnvgD +cyFkxZP9C3w6r8vlghHtjTq9m+Oc4uxa0Fi22TyxcScwPhD/4x8JZBM9QuEv78o H4anYS/5kJRHQhh30gukAhoM7wsZ4/MUVvbdVCgzXNG+V4mwegbfs8TSwBm+ilxM hTeG00PgCTWPGwQ5GsGp0lWLNtsfu0WZbJFHVeQCfK4RqPR4h0FjQPy2932Ii1TQ ggBI0TdQepEugODxH2riimyUoyyety3YJ6k1AuFqgiW5H13IHy7zr8LtWIuns6EP /cdlcHYHQktoV5W6Me0mznhbYMfCvjhXu+cQ8Fa9GxrEd+ARe6J+42eLzL7GW+aB kgb86F1cS1dWtR8mgMvm2xdOkSax/S/qQQr8AYLcXDNEI3onekI= =4ovF -----END PGP SIGNATURE----- --SfLdx2fMwRjAvFH4--