On Wed, Apr 08, 2026 at 11:40:16PM +0200, Stefano Brivio wrote:
> On Tue,  7 Apr 2026 13:16:24 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
> 
> > Currently as well as building the forwarding tables, conf() maintains a
> > "forwarding mode" value for each protocol and direction.  This prevents,
> > for example "-t all" and "-t 40000" being given on the same command line.
> > 
> > This restriction predates the forwarding table and is no longer really
> > necessary.  Remove the restriction, instead doing our best to apply all the
> > given options simultaneously.
> > 
> >  * Many combinations previously disallowed will still be disallowed because
> >    of conflicts between the specific generated rules, e.g.
> >         -t all -t 8888
> >    (because -t all already listens on port 8888)
> >  * Some new combinations are now allowed and will work, e.g.
> >         -t all -t 40000
> >    because 'all' excludes ephemeral ports (which includes 40000 on default
> >    Linux configurations).
> 
> This is slightly confusing though:
> 
> $ ./pasta -t auto -t 31337
> Forwarding configuration conflict: TCP [*]:31337  =>  31337  versus TCP [*]:1-32767  =>  1-32767  (best effort) (auto-scan)

You mean because the single port rule is redundant, but doesn't do
something different, so not strictly speaking conflicting?

> but I don't see a practical way to "fix" it for the moment being, and
> overall I'd say the new behaviour is better than the original one, so I
> don't really care.

Ok.

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson