From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202510 header.b=AlsGHQHJ;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id ED1125A0619
	for <passt-dev@passt.top>; Fri, 31 Oct 2025 03:55:21 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202510; t=1761879318;
	bh=J+6Z8BCUhWA/x50zh517G1cIk3j5cvhLrKIPNkCey9A=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=AlsGHQHJVV1wyCCSOszYbgJmFBTiG1o9T0Wks42wHNRX7knGYcy3wzUXQzJaeAag7
	 JdIxH8q9/hWt2hAc3sn2pa+ty7k5RULlyURKlt3c0/WHV8L2pSREY96RzE1TvFSItq
	 46LwYP5MDVjGvEf3GZpyaE4yosjlxazU6jfrd10LqOIShiXRZ0lQCkktklUydgsp9l
	 3iCLmCIw7r8sVWUUAWJX2krU22Pbx2ngUwak6T8QVNzjIGx3LIyvHWmiMrOy7OUpIk
	 H4RQpfkqfP4wO2b3go4/eaX3hMSogYkkwvMDcqZ+FVnyUuQB/YFjH0MTKGwPlNoQc+
	 LqlRULTMDIe6A==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4cyQZZ5JJ9z4wc4; Fri, 31 Oct 2025 13:55:18 +1100 (AEDT)
Date: Fri, 31 Oct 2025 13:51:39 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH 7/8] fwd: Update all port maps before applying exclusions
Message-ID: <aQQkOwgXuBIbgR0j@zatzit>
References: <20251011044827.862757-1-david@gibson.dropbear.id.au>
 <20251011044827.862757-8-david@gibson.dropbear.id.au>
 <20251030212407.66e07446@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="x7qioP3WhVv+2x8X"
Content-Disposition: inline
In-Reply-To: <20251030212407.66e07446@elisabeth>
Message-ID-Hash: AUF4IPL4ABCU3T2M6LRPCGF4JBUF5IG3
X-Message-ID-Hash: AUF4IPL4ABCU3T2M6LRPCGF4JBUF5IG3
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aQQkOwgXuBIbgR0j@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/AUF4IPL4ABCU3T2M6LRPCGF4JBUF5IG3/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--x7qioP3WhVv+2x8X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 30, 2025 at 09:24:07PM +0100, Stefano Brivio wrote:
> On Sat, 11 Oct 2025 15:48:26 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > In fwd_scan_ports() we go through each of the automatic forwarding cases
> > (tcp, udp, inbound and outbound) in turn, scanning and calculating the
> > new forwarding map.  However, to avoid avoid circular forwarding, some =
of
> > these maps affect each other.  This has the odd effect that the ones
> > handled earlier are based on the previous scan of other maps, whereas
> > the later ones are based on the latest scan.
> >=20
> > That's not generally harmful, but it is counter-intuitive and results i=
n a
> > few odd edge cases.  Avoid this by performing all the scans first, with=
out
> > regard to other maps, then applying the exclusions afterwards.
> >=20
> > One case has an extra wrinkle: for UDP we forwarded not just ports that
> > were listening on UDP but ones listening on TCP as well, for the benefi=
t of
> > protocols like iperf3.  We therefore also excluded listening ports from
> > both UDP and TCP from the other direction to avoid circular forwarding.
> >=20
> > This doesn't really make sense, though.  To avoid circular forwarding, =
we
> > don't care *why* the other side is listening on UDP, just that it *is*
> > listening.  I believe the explicit handling of the reverse TCP map was =
only
> > needed because the reverse map might have been one cycle out of date and
> > therefore not included a port opened because of the corresponding TCP p=
ort.
>=20
> Right, yes, that was the reason. I guess it makes sense to make this
> less hypothetical in the commit message if you re-spin. Same in 8/8.

There are some (trivial) conflicts with other things you've merged, so
I will respin.  I've fixed this up.

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--x7qioP3WhVv+2x8X
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmkEJDoACgkQzQJF27ox
2Ge9NBAAlI0AVDC/a9D72VgerEeExTYX71tCWE5QNZcUFxSP2j6G00jPG0cAJOZd
+NWp+3eVpkf7kven4gKw0kuKKO9Fnd9y+6gxt2CM1nLzHcgHBU1kt8hx3/uuNhRz
iydMBznsTUalWqtOt59YD0GEINizQGlKl12/rjDZ0y7FmhxWTQ85QOSCHNhU6GZr
viddaFsXm1Yd8m1swtBt8KpaJqyf1yGx98+CpNTZwPC8tnkuata909FxCmqTf8ao
jnd31/TO4eCSB7B/Xv+ypS31RHPtoeY6pVXjIiict0Y9ev6o9C0+AUaGrMvMu8BD
gJtmnR8mqxQzBTRJEYj6R13hP0Wu3fiWPdOTytlRSovEV4SX0hd+444c5nGLa1a8
wcu1fxjIkxOUNl0pKYi5B3eHtwqsTVNffpajC6q0a4VYGWfh4zi74xn+0wOP8p88
GIopoP8FEH3O1UqCmTnKnWWybzhCUvDPq0bxTnw+zFlKvOeWzuV3PrKt5cBg6lCE
8d+jXZqUVxEpyjDQKJXhiiHBkHUNFFJeiXoAZudwhX4aP9PV9u+snG/G/pPHxUUB
QwVdcHdHIXCABsQT7P2WdOv+zT3TJq/NTVIOF5dERMd1xqems+QLVWCVy3VL/aYi
ywakBXbjN9WGRXF0L4RvAPvKqO33Orp3J7pdrXLQ9sXJvUdnya4=
=IKQM
-----END PGP SIGNATURE-----

--x7qioP3WhVv+2x8X--