From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202502 header.b=SL6EdQSk; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id F0ED25A065B for ; Mon, 17 Mar 2025 04:05:12 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202502; t=1742180704; bh=xPRkWMOfK9JmJGYJRs3Ok0tqJXJLhRxP4jJ5y9kYovk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=SL6EdQSk0OMOuQ6W6QIrjP0QHKDUouYJ3yNBIbycgz2pqM9/cKMpbsUNl1uM1TQLw wUvH7DGzbdYdlCDj0Kshy6Ym/Zy+Y0srlEgZhPHF31K/N6OyMkKXDQU8JnJJAV8164 l35ApKD81DfU4yMZf1BulPKiwM2sUzVriCs34EYofkdLisCSFi+Jsfsy/jqId2X9mT UxeZL+oBSXYqwdrRGlmhXDkeioIMoosaq2OVJrxrwRZ9/jHKXgZzXspp9h5E+D8P9J RN6PzLYxNN5s+LgsZfD8acNuD1LQSOajPcdykQjLlsIeHkdVJ3kYT0n10w4FQj5fKG O47wzm521RKYw== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4ZGKb404wfz4wcj; Mon, 17 Mar 2025 14:05:04 +1100 (AEDT) Date: Mon, 17 Mar 2025 14:04:54 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH v2] conf: Unify several paths in conf_ports() Message-ID: References: <20250312034359.2776948-1-david@gibson.dropbear.id.au> <20250315005028.294ca8d3@elisabeth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3ulantWWKCY8Idog" Content-Disposition: inline In-Reply-To: <20250315005028.294ca8d3@elisabeth> Message-ID-Hash: JJXYMAAKPV67P62W3VTP3N4RWWI3CCRT X-Message-ID-Hash: JJXYMAAKPV67P62W3VTP3N4RWWI3CCRT X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --3ulantWWKCY8Idog Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 15, 2025 at 12:50:28AM +0100, Stefano Brivio wrote: > On Wed, 12 Mar 2025 14:43:59 +1100 > David Gibson wrote: >=20 > > In conf_ports() we have three different paths which actually do the set= up > > of an individual forwarded port: one for the "all" case, one for the > > exclusions only case and one for the range of ports with possible > > exclusions case. > >=20 > > We can unify those cases using a new helper which handles a single range > > of ports, with a bitmap of exclusions. Although this is slightly longer > > (largely due to the new helpers function comment), it reduces duplicated > > logic. It will also make future improvements to the tracking of port > > forwards easier. > >=20 > > The new conf_ports_range_except() function has a pretty prodigious > > parameter list, but I still think it's an overall improvement in concep= tual > > complexity. > >=20 > > Signed-off-by: David Gibson > > --- > > conf.c | 173 ++++++++++++++++++++++++++++++--------------------------- > > 1 file changed, 90 insertions(+), 83 deletions(-) > >=20 > > v2: > > * Commit message updated slightly, but otherwise unmodified. > >=20 > >=20 > > diff --git a/conf.c b/conf.c > > index 065e7201..4e0099ba 100644 > > --- a/conf.c > > +++ b/conf.c > > @@ -123,6 +123,75 @@ static int parse_port_range(const char *s, char **= endptr, > > return 0; > > } > > =20 > > +/** > > + * conf_ports_range_except() - Set up forwarding for a range of ports = minus a > > + * bitmap of exclusions > > + * @c: Execution context > > + * @optname: Short option name, t, T, u, or U > > + * @optarg: Option argument (port specification) > > + * @fwd: Pointer to @fwd_ports to be updated > > + * @addr: Listening address > > + * @ifname: Listening interface > > + * @first: First port to forward > > + * @last: Last port to forward > > + * @exclude: Bitmap of ports to exclude > > + * @to: Port to translate @first to when forwarding > > + * @weak: Ignore errors, as long as at least one port is mapped > > + */ > > +static void conf_ports_range_except(const struct ctx *c, char optname, > > + const char *optarg, struct fwd_ports *fwd, > > + const union inany_addr *addr, > > + const char *ifname, > > + uint16_t first, uint16_t last, > > + const uint8_t *exclude, uint16_t to, > > + bool weak) > > +{ > > + bool bound_one =3D false; > > + unsigned i; > > + int ret; > > + > > + if (first =3D=3D 0) { > > + die("Can't forward port 0 for option '-%c %s'", > > + optname, optarg); > > + } >=20 > This introduces two subtle functional changes that are a bit unexpected > given the commit message. Before: >=20 > $ ./pasta -t 0 > $ >=20 > $ ./pasta -t 0-1025 > Failed to bind port 1 (Permission denied) for option '-t 0-1025', exiting >=20 > After: >=20 > $ ./pasta -t 0 > Can't forward port 0 for option '-t 0' >=20 > $ ./pasta -t 0-1025 > Can't forward port 0 for option '-t 0-1025' I'd consider both those improvements, since we *aren't* able to forward port 0. >=20 > ...anyway, I doubt anybody would use -t 0 on purpose (to get a port > automatically assigned), and while it probably works for TCP (check > bound ports after starting pasta, use the assigned one), it wouldn't > necessarily work as expected for UDP if the application relies on our > flow tracking. >=20 > For TCP, actually, -t 0 might be useful, see e.g. random_free_port() in > Podman tests (/test/system/helpers.network.bash). We should print the > port number that was bound, though, and document the feature. I agree that could be a useful thing to do, but I don't think -t 0 would be a good syntax for it: if it's useful to get pasta to assign one port it's probably useful to get it to assign multiple ports, and repeating -t 0 doesn't really make sense for that. > More than that: that could actually be the only race-free possibility > of picking and forwarding a port where the number doesn't matter. >=20 > In any case, given that it works by mistake now and it's undocumented, > let me go ahead and apply this for the moment. We can add the > "functionality" back later if it makes sense. --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --3ulantWWKCY8Idog Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmfXkVUACgkQzQJF27ox 2GdN1A/+NquF/9ms1CdjbPsAj9DPRZlm9KGuNxDURTSXy1IbBgljQ63xkix9kTGs rWXhC+i0PYSQhgaqIF/DfBWgMpRfXVBm1HqvRFlObjoyWCiP2l0S4oSnKErEPZAL mU7l2Y+CYyCauiJ3ohstoMKGFfzLZcdEfBwYUGSFIl3tBLv9nJVzKFvYpMJD1iI9 cmVun3sYHOkRcWv+jIpLhdHZe5g67frJ+NnSKRJ9vO+tU4csew5Y1ijETORiaviU hIah4AVhXTS05DaFB2NiS3ew/rta+pKCezaSyUfhMqbDSDlLaoyI6ZZoJguLLKYp 7WEzw6IbseKacMEwCYCo0WaafacI4ijFVV3L6HKPOgYFX8crmVP/IyR1s35r1fGV oTKFnRSJEseH50FXRgzGi4q7WdxC3MhpIQgkjZSAsOAOw5odqorKDqb9Mz2KGd1O BK6GWUSn7OhnjscdW9TMYKwvEFUDMn1M+oLNopW//IA19Xsc+gRwSNu99MVCSN/8 qCIkppL6jR8z/yHKCfrF1fDIllF32/ly6EGQ1+htJleWpKwYwy0OTh+VkJiirpsg x11bme/uH0S3jM9V3tZro/t0h/J4OElJRqTwzlm9GBAAFexQ2I/uqOrTzuHv3Otl tOsKVDYqIXmfviwSEgQiXwlmYfNPBNxAnS2IiwIVUizvc15JM64= =gH0L -----END PGP SIGNATURE----- --3ulantWWKCY8Idog--