On Thu, Oct 30, 2025 at 09:24:07PM +0100, Stefano Brivio wrote: > On Sat, 11 Oct 2025 15:48:26 +1100 > David Gibson wrote: > > > In fwd_scan_ports() we go through each of the automatic forwarding cases > > (tcp, udp, inbound and outbound) in turn, scanning and calculating the > > new forwarding map. However, to avoid avoid circular forwarding, some of > > these maps affect each other. This has the odd effect that the ones > > handled earlier are based on the previous scan of other maps, whereas > > the later ones are based on the latest scan. > > > > That's not generally harmful, but it is counter-intuitive and results in a > > few odd edge cases. Avoid this by performing all the scans first, without > > regard to other maps, then applying the exclusions afterwards. > > > > One case has an extra wrinkle: for UDP we forwarded not just ports that > > were listening on UDP but ones listening on TCP as well, for the benefit of > > protocols like iperf3. We therefore also excluded listening ports from > > both UDP and TCP from the other direction to avoid circular forwarding. > > > > This doesn't really make sense, though. To avoid circular forwarding, we > > don't care *why* the other side is listening on UDP, just that it *is* > > listening. I believe the explicit handling of the reverse TCP map was only > > needed because the reverse map might have been one cycle out of date and > > therefore not included a port opened because of the corresponding TCP port. > > Right, yes, that was the reason. I guess it makes sense to make this > less hypothetical in the commit message if you re-spin. Same in 8/8. There are some (trivial) conflicts with other things you've merged, so I will respin. I've fixed this up. -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson