From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202512 header.b=tCeGvGhV; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id C21B55A0624 for ; Fri, 16 Jan 2026 01:20:51 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202512; t=1768522847; bh=FuiwfLf0QRJUM0r0ANqYxJmTppAUaEJUKb/q2CvGGvw=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=tCeGvGhVN+8daoppIin7vIxtXy8fOYZbHH8KcMirAszsSGlOQVFmbFVUSVQ7MBUf0 8ye68WZomq81JRJcAngzWv4GNtRfw8oIG+8oAuxSheN87srdsfbxATutMe4+8Gaoyx Lsw4Y4Pfefm4GcXGUACGdtI7LN376Z82Ru1L97lbcW9XO1XGzr4sPRGn7kNAoCHfJO O3sndTWWQclwIcWjLhaQYx3oxHMn4Wzm/kbSHr0BnM4ZdOfCyutIToliFxhG1rx6mQ u0SYi/CZu1JmO7820QEpE9q09D8o8TbYon+DJwcQXH1umsZNlOrFS2OV7mCaN6GQ7c J3kzf28Hadb8w== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4dsgVl3T5Pz4wCQ; Fri, 16 Jan 2026 11:20:47 +1100 (AEDT) Date: Fri, 16 Jan 2026 11:20:43 +1100 From: David Gibson To: Stefano Brivio Subject: Re: [PATCH v4 02/14] conf, fwd: Keep a table of our port forwarding configuration Message-ID: References: <20260115085045.3309818-1-david@gibson.dropbear.id.au> <20260115085045.3309818-3-david@gibson.dropbear.id.au> <20260116000127.6f195de5@elisabeth> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="gP9x0UubsKZGZEhY" Content-Disposition: inline In-Reply-To: <20260116000127.6f195de5@elisabeth> Message-ID-Hash: UDUBKX2RATWM7RATK7WLVR27SJQXH2AB X-Message-ID-Hash: UDUBKX2RATWM7RATK7WLVR27SJQXH2AB X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --gP9x0UubsKZGZEhY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 16, 2026 at 12:01:27AM +0100, Stefano Brivio wrote: > On Thu, 15 Jan 2026 19:50:33 +1100 > David Gibson wrote: >=20 > > @@ -313,6 +330,90 @@ bool fwd_port_is_ephemeral(in_port_t port) > > return (port >=3D fwd_ephemeral_min) && (port <=3D fwd_ephemeral_max); > > } > > =20 > > +/** > > + * fwd_rule_add() - Add a rule to a forwarding table > > + * @fwd: Table to add to > > + * @flags: Flags for this entry > > + * @addr: Our address to forward (NULL for both 0.0.0.0 and ::) > > + * @ifname: Only forward from this interface name, if non-empty > > + * @first: First port number to forward > > + * @last: Last port number to forward > > + * @to: First port of target port range to map to > > + */ > > +void fwd_rule_add(struct fwd_ports *fwd, uint8_t flags, > > + const union inany_addr *addr, const char *ifname, > > + in_port_t first, in_port_t last, in_port_t to) > > +{ > > + /* Flags which can be set from the caller */ > > + const uint8_t allowed_flags =3D FWD_WEAK; > > + struct fwd_rule *new; > > + unsigned port; > > + > > + ASSERT(!(flags & ~allowed_flags)); > > + > > + if (fwd->count >=3D ARRAY_SIZE(fwd->rules)) > > + die("Too many port forwarding ranges"); > > + > > + new =3D &fwd->rules[fwd->count++]; > > + new->flags =3D flags; > > + > > + if (addr) { > > + new->addr =3D *addr; > > + } else { > > + new->addr =3D inany_any6; > > + new->flags |=3D FWD_DUAL_STACK_ANY; > > + } > > + > > + memset(new->ifname, 0, sizeof(new->ifname)); > > + if (ifname) { > > + if (strlen(ifname) + 1 > sizeof(new->ifname)) > > + die("Interface name %s is too long", ifname); > > + strncpy(new->ifname, ifname, sizeof(new->ifname)); > > + } >=20 > This looks safe to me now, but: >=20 > /home/sbrivio/passt/fwd.c:394:3: > Type: Buffer not null terminated (BUFFER_SIZE) [snip] > ...perhaps worth switching to the usual snprintf() approach with return > check (see handling of c->ip4.ifname_out in conf()) and be done with it? Good idea, not sure why it didn't occur to me earlier. I've done that, and verified it fixes the coverity error (thanks for resending the instructions for that). > I'd be slightly more confident if Coverity Scan didn't complain at all > (and happier without the noise, too). >=20 > Other than that, this version looks good to me. I would make a new > release just before merging it (with this "fixed") so that we can debug > things a bit more conveniently should something go wrong with it. That sounds wise. Do you want a new spin with the coverity fix? Just this patch? Something else? --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --gP9x0UubsKZGZEhY Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmlphFoACgkQzQJF27ox 2GefBw//QoLtUaicAl+OIeL5J2LXING5WNTr5LN2fd5SgCLAPK+O12nuEfJOB7x1 J4JP/sB+57HXPp5xjojvZ48RkGisaau6nKujidJz7ri8gJeZoLqsKdZd9njGS+1y KtL1Ko0AY52dJ0epnciEvrEdT77PeUDni18Ak4HzMhxVbCsWM7mXpScnevaYx4bz /zO9ZFA6ZygETssj2MNv5eUmIS0gIUDONEcqoFtlFtyVCVMmJQt1ij4vcPZvchwb aW0uUwNCzUK7nVxaleKwdGCelzWeE1wZBDFoWgmuUWvcDBh6kgIe/dV0btu4FSax RDHCmpB4RDTfRdkC3W1LdEsOvzUM94U1+VCP7C7SX7+FO4M+3d4sHm6l7OXH5j0L jOdFazIlJwe8FN7KX+iHbJ3bXY9QCpV6X40L12UgGY9DpqwCa9KLpTTwk+Y44Auc GP80yAgjWO452XSnimkBc7+kPr0zyMVuI9P53m4PGRIjAID1/NkdBTv/tznaomzL us7Jxc4FooIoU1RnwjDoEVkHggLQd9ZCDl4yLYWl85tLYr61ZmLq3FOu1TVh31Tv OgOa9LzXUX7vwsHYsVkECTw3Tm/j7iWCEJzyvFS29HIK+nMf2D4F4epzHc/Krpza toCL2N9zEtOAESXf9hXRnRitrJXmGd+w2DwwYDaBbBTPuzPA5Qo= =h9vt -----END PGP SIGNATURE----- --gP9x0UubsKZGZEhY--