From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 058055A0050 for ; Wed, 19 Jun 2024 03:50:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1718761854; bh=EnW6h1eIXUvZ1iaOaGjE9A7DEJByERES3MoEzHB6/UQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=cQr54zbS+N96kPzBJgB/Lq2As1tymBrClpcq3MCxqpveoDbhXtaiNYoaYYNy6RNNa T4hhDSNqz6KmtT0wm6mu7NOrEDCG19mfjJubmNtXO2fQk2m1bXegBfkEy5ueUIYAGX VNdv+A9t7uBlbEJsOzyt+hNfZAGbOZHfXOAE9nZEyjoj9t7ici5AOn8xtUJgzOJwux 9lddeVmcWlBboPv7QgL6BXyJqHXgSkZ5DJ0u03lccHPdDjH+/p4UvXhuxy0tNJV69E nYu3bB/aPiPq2AZmVNuUiW33HBn78cZ7Kkx8YfQe5T7UAr7+V1HHDYp8SLZkgI2v9m ofCJHZJ0P+2/w== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4W3mmZ3FtXz4wcv; Wed, 19 Jun 2024 11:50:54 +1000 (AEST) Date: Wed, 19 Jun 2024 11:50:44 +1000 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH] conf: Accept duplicate and conflicting options, the last one wins Message-ID: References: <20240618161723.1896519-1-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="j3AV8RdBWvUYeZA6" Content-Disposition: inline In-Reply-To: <20240618161723.1896519-1-sbrivio@redhat.com> Message-ID-Hash: M25LW3W6HJHEHNEZIP5SIPX2EO6XFAKC X-Message-ID-Hash: M25LW3W6HJHEHNEZIP5SIPX2EO6XFAKC X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Paul Holzinger X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --j3AV8RdBWvUYeZA6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 18, 2024 at 06:17:23PM +0200, Stefano Brivio wrote: > In multiple occasions, especially when passt(1) and pasta(1) are used > in integrations such as the one with Podman, the ability to override > earlier options on the command line with later one would have been > convenient. >=20 > Recently, to debug a number of issues happening with Podman, I would > have liked to ask users to share a debug log by passing --debug as > additional option, but pasta refuses --quiet (always passed by Podman) > and --debug at the same time. >=20 > Finally, somebody took care of this on Podman side at: > https://github.com/containers/common/pull/2052 >=20 > but still, we'll probably have similar cases, or older versions of > Podman around, etc. >=20 > I think there's some value in telling users about duplicated or > conflicting options, because that might reveal issues in integrations > or accidental misconfigurations, but by now I'm fairly convinced that > the downsides outweigh this. I tend to agree. > Drop checks about duplicate options and mutually exclusive ones. In > some cases, we need to also undo a couple of initialisations caused > by earlier options, but this looks like a simplification, overall. >=20 > Suggested-by: Paul Holzinger > Suggested-by: David Gibson > Signed-off-by: Stefano Brivio [snip] > + case 'd': > c->debug =3D 1; > + c->quiet =3D 0; > break; > case 'e': > - if (logfile) > - die("Can't log to both file and stderr"); > - > - if (c->force_stderr) > - die("Multiple --stderr options given"); > - > c->force_stderr =3D 1; > + logfile =3D NULL; > break; I would suggest leaving this one as is for now. I think the least surprising behaviour for -e and -l together would be to log to both stderr and the file. They're not inherently contradictory, it's just because of an implementation limitation. Theferore, in this case, I think it's best to give an error rather than behaving in a surprising way. Later on we can implement being able to log to both at once. > case 'l': > - if (c->force_stderr) > - die("Can't log to both stderr and file"); > - > - if (logfile) > - die("Multiple --log-file options given"); > - > logfile =3D optarg; > + c->force_stderr =3D 0; Same here, of course. > break; > case 'q': > - if (c->quiet) > - die("Multiple --quiet options given"); > - > - if (c->debug) > - die("Either --debug or --quiet"); > - > c->quiet =3D 1; > + c->debug =3D c->trace =3D 0; > break; > case 'f': > - if (c->foreground) > - die("Multiple --foreground options given"); > - > c->foreground =3D 1; > break; > case 's': > - if (*c->sock_path) > - die("Multiple --socket options given"); > - > ret =3D snprintf(c->sock_path, UNIX_SOCK_MAX - 1, "%s", > optarg); > if (ret <=3D 0 || ret >=3D (int)sizeof(c->sock_path)) > die("Invalid socket path: %s", optarg); > =20 > + c->fd_tap =3D -1; > break; > case 'F': > - if (c->fd_tap >=3D 0) > - die("Multiple --fd options given"); > - > errno =3D 0; > c->fd_tap =3D strtol(optarg, NULL, 0); I'm a little bit dubious about this one too. In terms of pure semantics, then yes, overriding makes sense. But -F specifically requires the caller to have set up fds in specific slots, so it's pretty hard to see a real situation where overriding this would make sense. > @@ -1460,12 +1421,9 @@ void conf(struct ctx *c, int argc, char **argv) > die("Invalid --fd: %s", optarg); > =20 > c->one_off =3D true; > - > + *c->sock_path =3D 0; This makes sense, although we weren't actually giving an error for that case previously. > break; > case 'I': > - if (*c->pasta_ifn) > - die("Multiple --ns-ifname options given"); > - > ret =3D snprintf(c->pasta_ifn, IFNAMSIZ, "%s", > optarg); > if (ret <=3D 0 || ret >=3D IFNAMSIZ) > @@ -1473,18 +1431,12 @@ void conf(struct ctx *c, int argc, char **argv) > =20 > break; > case 'p': > - if (*c->pcap) > - die("Multiple --pcap options given"); > - Again, I'm unsure about this one, since I think the least surprising behaviour would be to write to _all_ the listed pcap files. > ret =3D snprintf(c->pcap, sizeof(c->pcap), "%s", optarg); > if (ret <=3D 0 || ret >=3D (int)sizeof(c->pcap)) > die("Invalid pcap path: %s", optarg); > =20 > break; > case 'P': > - if (*c->pidfile) > - die("Multiple --pid options given"); > - > ret =3D snprintf(c->pidfile, sizeof(c->pidfile), "%s", > optarg); > if (ret <=3D 0 || ret >=3D (int)sizeof(c->pidfile)) > @@ -1492,9 +1444,6 @@ void conf(struct ctx *c, int argc, char **argv) > =20 > break; > case 'm': > - if (c->mtu) > - die("Multiple --mtu options given"); > - > errno =3D 0; > c->mtu =3D strtol(optarg, NULL, 0); > =20 > @@ -1544,14 +1493,12 @@ void conf(struct ctx *c, int argc, char **argv) > if (c->mode =3D=3D MODE_PASTA) > c->no_copy_routes =3D 1; > =20 > - if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.gw) && > - inet_pton(AF_INET6, optarg, &c->ip6.gw) && > + if (inet_pton(AF_INET6, optarg, &c->ip6.gw) && > !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.gw) && > !IN6_IS_ADDR_LOOPBACK(&c->ip6.gw)) > break; > =20 > - if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.gw) && > - inet_pton(AF_INET, optarg, &c->ip4.gw) && > + if (inet_pton(AF_INET, optarg, &c->ip4.gw) && > !IN4_IS_ADDR_UNSPECIFIED(&c->ip4.gw) && > !IN4_IS_ADDR_BROADCAST(&c->ip4.gw) && > !IN4_IS_ADDR_LOOPBACK(&c->ip4.gw)) > @@ -1560,15 +1507,11 @@ void conf(struct ctx *c, int argc, char **argv) > die("Invalid gateway address: %s", optarg); > break; > case 'i': > - if (ifi4 || ifi6) > - die("Redundant interface: %s", optarg); > - > if (!(ifi4 =3D ifi6 =3D if_nametoindex(optarg))) > die_perror("Invalid interface name %s", optarg); > break; > case 'o': > - if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.addr_out) && > - inet_pton(AF_INET6, optarg, &c->ip6.addr_out) && > + if (inet_pton(AF_INET6, optarg, &c->ip6.addr_out) && > !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.addr_out) && > !IN6_IS_ADDR_LOOPBACK(&c->ip6.addr_out) && > !IN6_IS_ADDR_V4MAPPED(&c->ip6.addr_out) && > @@ -1576,8 +1519,7 @@ void conf(struct ctx *c, int argc, char **argv) > !IN6_IS_ADDR_MULTICAST(&c->ip6.addr_out)) > break; > =20 > - if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.addr_out) && > - inet_pton(AF_INET, optarg, &c->ip4.addr_out) && > + if (inet_pton(AF_INET, optarg, &c->ip4.addr_out) && > !IN4_IS_ADDR_UNSPECIFIED(&c->ip4.addr_out) && > !IN4_IS_ADDR_BROADCAST(&c->ip4.addr_out) && > !IN4_IS_ADDR_MULTICAST(&c->ip4.addr_out)) > @@ -1588,18 +1530,23 @@ void conf(struct ctx *c, int argc, char **argv) > break; > case 'D': > if (!strcmp(optarg, "none")) { > - if (c->no_dns) > - die("Redundant DNS options"); > + c->no_dns =3D 1; > =20 > - if (dns4 - c->ip4.dns || dns6 - c->ip6.dns) > - die("Conflicting DNS options"); > + dns4 =3D &c->ip4.dns[0]; > + memset(c->ip4.dns, 0, sizeof(c->ip4.dns)); > + c->ip4.dns[0] =3D (struct in_addr){ 0 }; > + c->ip4.dns_match =3D (struct in_addr){ 0 }; > + c->ip4.dns_host =3D (struct in_addr){ 0 }; > + > + dns6 =3D &c->ip6.dns[0]; > + memset(c->ip6.dns, 0, sizeof(c->ip6.dns)); > + c->ip6.dns_match =3D (struct in6_addr){ 0 }; > + c->ip6.dns_host =3D (struct in6_addr){ 0 }; > =20 > - c->no_dns =3D 1; > break; > } > =20 > - if (c->no_dns) > - die("Conflicting DNS options"); > + c->no_dns =3D 0; > =20 > if (dns4 - &c->ip4.dns[0] < ARRAY_SIZE(c->ip4.dns) && > inet_pton(AF_INET, optarg, &dns4_tmp)) { > @@ -1617,18 +1564,14 @@ void conf(struct ctx *c, int argc, char **argv) > break; > case 'S': > if (!strcmp(optarg, "none")) { > - if (c->no_dns_search) > - die("Redundant DNS search options"); > + c->no_dns_search =3D 1; > =20 > - if (dnss !=3D c->dns_search) > - die("Conflicting DNS search options"); > + memset(c->dns_search, 0, sizeof(c->dns_search)); > =20 > - c->no_dns_search =3D 1; > break; > } > =20 > - if (c->no_dns_search) > - die("Conflicting DNS search options"); > + c->no_dns_search =3D 0; > =20 > if (dnss - c->dns_search < ARRAY_SIZE(c->dns_search)) { > ret =3D snprintf(dnss->n, sizeof(*c->dns_search), > @@ -1644,17 +1587,16 @@ void conf(struct ctx *c, int argc, char **argv) > break; > case '4': > v4_only =3D true; > + v6_only =3D false; > break; > case '6': > v6_only =3D true; > + v4_only =3D false; > break; > case '1': > if (c->mode =3D=3D MODE_PASTA) > die("--one-off is for passt mode only"); > =20 > - if (c->one_off) > - die("Redundant --one-off option"); > - > c->one_off =3D true; > break; > case 't': > @@ -1673,12 +1615,6 @@ void conf(struct ctx *c, int argc, char **argv) > } > } while (name !=3D -1); > =20 > - if (v4_only && v6_only) > - die("Options ipv4-only and ipv6-only are mutually exclusive"); This could now be an ASSERT() instead of an error message. > - if (*c->sock_path && c->fd_tap >=3D 0) > - die("Options --socket and --fd are mutually exclusive"); > - > if (c->mode =3D=3D MODE_PASTA && !c->pasta_conf_ns) { > if (copy_routes_opt) > die("--no-copy-routes needs --config-net"); > diff --git a/passt.1 b/passt.1 > index 31e528e..6dfa670 100644 > --- a/passt.1 > +++ b/passt.1 > @@ -73,6 +73,8 @@ for performance reasons. > =20 > .SH OPTIONS > =20 > +\fBIf conflicting or multiple options are given, the last one takes effe= ct.\fR > + > .TP > .BR \-d ", " \-\-debug > Be verbose, don't log to the system logger. --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --j3AV8RdBWvUYeZA6 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmZyOXMACgkQzQJF27ox 2GcYpw//YRLu4N1A2xybn5JH4qv4TgsPsRLw61md2pKqArgTfYI07XPOlNgyOtbD 5RmtDtioLNKRSDyivNndVF1Kbi4ss9dsWwa6aLlUwTNHjsl0NfNNxOCZdyc1jgnI qBQSNs/5sQxBfcpIsbbmBINzaEJpbXZO0NpSVENqktpy2Li6I0Y67jBFnx224H/9 7dymjMf2+nuAVgY+lf4gIWtT1Ifosbe3nZ4gQbHbC77t2RyH4hwdAQAta5ZkoAA+ FeoOrX3MfOnb1QCSxlURd3c0qoffYSvq1TotAUXIjCKT529vafraY5dVFUlDBxIR FyFIkSjeuHMTDrBfa788wPpUHByk3pZ3BfEL0JovCHkJBP6QjeCfdS/OtFFoWVWh LCx+ibb1t5YP0d2LhZUTxN1FP0GewRyvRg5hMrhz6Opq7lOdfVa3HJCYWMwXRNnA vgxZGbs13q8auMkVjyhKOj/ems1bfzqqFjhmy89gzwJje7mf2n9wuhD4X7at/5y9 QYAhDVuybRrkCofxBWnT3om8PlYDbJ3TGmm/rkdeGCNSE4HWy/RVae804CPcVglk jF62a2jCezYvqKWgKaqBICpGN/Cm4wqDIyYjlyp66ekGAoIJB9+QZIslfG0JI034 JQMf5vVZ4Es81nKyG/Gx1vttQ4WZXKeu+zdTXsZKsMMJ0IA4NkE= =3weD -----END PGP SIGNATURE----- --j3AV8RdBWvUYeZA6--