From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202512 header.b=F7UxuAkX;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id B0AB05A0626
	for <passt-dev@passt.top>; Fri, 16 Jan 2026 01:48:14 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202512; t=1768524492;
	bh=J9IWhsTIXQclGwolyY+MY1bun6lIeWffEUVinBNPPTM=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=F7UxuAkX8/xQE7wCIyjzK5ncUX72S3NxS6Qq8CvGUMEcLat39lZHmMoL+eAckwZdw
	 iR0rO1QwtyBOpV4XWZCBxW7UQkSi8RmsbhePkIT4m41WVYGpDuRNMLgw/ZZuIJbjFb
	 WkBOz9xFP2+NlBl3VGSKDvQ1RtVDRSiT5ANXapGUIQmVRWJX2rhYZUNJbR3uGbHK8Y
	 DkBZLTJOcpclCnu2fNTQ9veZ7yBT6gHv61VUQhZRHxbIdpBBmu5UpCLpd2si9yx3Y7
	 sbfN2v2d47mDfW1q8uhxIbPCAVna+LJQrYh4idRTThTuY35WwoTnf03haJrqFpoDPp
	 FuZ51XF+gSU2Q==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4dsh6N3b8rz4wDG; Fri, 16 Jan 2026 11:48:12 +1100 (AEDT)
Date: Fri, 16 Jan 2026 11:48:04 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v4 02/14] conf, fwd: Keep a table of our port forwarding
 configuration
Message-ID: <aWmKxDQm2A7MOa5x@zatzit>
References: <20260115085045.3309818-1-david@gibson.dropbear.id.au>
 <20260115085045.3309818-3-david@gibson.dropbear.id.au>
 <20260116000127.6f195de5@elisabeth>
 <aWmEW9D9KBcVwfNE@zatzit>
 <20260116012554.549c4cd3@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="YRQpdd9bKTyTQ0po"
Content-Disposition: inline
In-Reply-To: <20260116012554.549c4cd3@elisabeth>
Message-ID-Hash: QUKZKRFDDC5KTGBFX3KU5L4N2UILWEEH
X-Message-ID-Hash: QUKZKRFDDC5KTGBFX3KU5L4N2UILWEEH
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/aWmKxDQm2A7MOa5x@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/QUKZKRFDDC5KTGBFX3KU5L4N2UILWEEH/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--YRQpdd9bKTyTQ0po
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 16, 2026 at 01:25:54AM +0100, Stefano Brivio wrote:
> On Fri, 16 Jan 2026 11:20:43 +1100
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > On Fri, Jan 16, 2026 at 12:01:27AM +0100, Stefano Brivio wrote:
> > > On Thu, 15 Jan 2026 19:50:33 +1100
> > > David Gibson <david@gibson.dropbear.id.au> wrote:
> > >  =20
> > > > @@ -313,6 +330,90 @@ bool fwd_port_is_ephemeral(in_port_t port)
> > > >  	return (port >=3D fwd_ephemeral_min) && (port <=3D fwd_ephemeral_=
max);
> > > >  }
> > > > =20
> > > > +/**
> > > > + * fwd_rule_add() - Add a rule to a forwarding table
> > > > + * @fwd:	Table to add to
> > > > + * @flags:	Flags for this entry
> > > > + * @addr:	Our address to forward (NULL for both 0.0.0.0 and ::)
> > > > + * @ifname:	Only forward from this interface name, if non-empty
> > > > + * @first:	First port number to forward
> > > > + * @last:	Last port number to forward
> > > > + * @to:		First port of target port range to map to
> > > > + */
> > > > +void fwd_rule_add(struct fwd_ports *fwd, uint8_t flags,
> > > > +		  const union inany_addr *addr, const char *ifname,
> > > > +		  in_port_t first, in_port_t last, in_port_t to)
> > > > +{
> > > > +	/* Flags which can be set from the caller */
> > > > +	const uint8_t allowed_flags =3D FWD_WEAK;
> > > > +	struct fwd_rule *new;
> > > > +	unsigned port;
> > > > +
> > > > +	ASSERT(!(flags & ~allowed_flags));
> > > > +
> > > > +	if (fwd->count >=3D ARRAY_SIZE(fwd->rules))
> > > > +		die("Too many port forwarding ranges");
> > > > +
> > > > +	new =3D &fwd->rules[fwd->count++];
> > > > +	new->flags =3D flags;
> > > > +
> > > > +	if (addr) {
> > > > +		new->addr =3D *addr;
> > > > +	} else {
> > > > +		new->addr =3D inany_any6;
> > > > +		new->flags |=3D FWD_DUAL_STACK_ANY;
> > > > +	}
> > > > +
> > > > +	memset(new->ifname, 0, sizeof(new->ifname));
> > > > +	if (ifname) {
> > > > +		if (strlen(ifname) + 1 > sizeof(new->ifname))
> > > > +			die("Interface name %s is too long", ifname);
> > > > +		strncpy(new->ifname, ifname, sizeof(new->ifname));
> > > > +	} =20
> > >=20
> > > This looks safe to me now, but:
> > >=20
> > > /home/sbrivio/passt/fwd.c:394:3:
> > >   Type: Buffer not null terminated (BUFFER_SIZE) =20
> > [snip]
> > > ...perhaps worth switching to the usual snprintf() approach with retu=
rn
> > > check (see handling of c->ip4.ifname_out in conf()) and be done with =
it? =20
> >=20
> > Good idea, not sure why it didn't occur to me earlier.
> >=20
> > I've done that, and verified it fixes the coverity error (thanks for
> > resending the instructions for that).
> >=20
> > > I'd be slightly more confident if Coverity Scan didn't complain at all
> > > (and happier without the noise, too).
> > >=20
> > > Other than that, this version looks good to me. I would make a new
> > > release just before merging it (with this "fixed") so that we can deb=
ug
> > > things a bit more conveniently should something go wrong with it. =20
> >=20
> > That sounds wise.  Do you want a new spin with the coverity fix?  Just
> > this patch?  Something else?
>=20
> Yes, thanks, a respin would be nice, so that we have a reasonable
> "permalink" to it, given it's a quite fundamental feature you're adding
> and we might want to refer to the series as posted / applied.

Ok. Will do that as soon as this test run completes.

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--YRQpdd9bKTyTQ0po
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmlpiroACgkQzQJF27ox
2GdAChAAlINlGn9EiXMDwv4gO6E8MySaiZ+Ndzzh4a6GuyLfiHbPMRD8rB+5Jz3y
5HMowXBV6ZvhmmxHmgTcNyrwrL1Yaw63288ule0mdcIhF5HKEBVEubDCXqbL1CWz
f4NVgp39c12hc470MklmeVkGU2NmO5kqsFr91rGquaWF7JV+WdEfUZvlvHG2dDze
PiVo+r5lN/hKgxEv4G8qFfmvNueogl44Kd6geowUHMjiHQRcRD9r+diKRYnCnnzq
qri+b6v3WBfNBILXcaLBGH2MXfQLbefvMRedzAdHFHHbNHMwIbyjLI4amVmfnb7x
uMw9SRcXKotnD+FkYIaPihQox/vmY6zXAako5Pzg5z8fX8bLgfygEAify39F9dP4
FgKJ0urdxDTDj0hEQznReYiVj20HJqAXmXfn/eZWW4ukFYVLu2OguLRkFNS72cvC
5AqN+xThUofGje9EOppr9xK+XJGnp6Fg9RBz4woziMhaYhZMUac5hfDrwdFzhYks
X8pn8851LSAWxhghPMfs/vSMEbb7aRjRE3butvGvy+3V2n1TOJgOHwpowB1qgKZ6
VwDfPPzK/IovZlqJWZfCNVKwnzyeay3NHw7sBj3D9rHV8Wm2e6kx/bxO/dwNn9Cb
NweUDceqKPvXifA8KVf5piu2cVrwOsmE2ZUfH7LIJ0QCD5ex02Q=
=NOIu
-----END PGP SIGNATURE-----

--YRQpdd9bKTyTQ0po--