Re: [PATCH v2 16/23] conf: Move "all" handling to port specifier

[David Gibson <david@gibson.dropbear.id.au>]

[-- Attachment #1: Type: text/plain, Size: 6153 bytes --]

On Thu, Apr 16, 2026 at 12:04:43AM +0200, Stefano Brivio wrote:
> On Fri, 10 Apr 2026 11:03:02 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
> 
> > Currently -[tTuU] all is handled separately in conf_ports() before calling
> > conf_ports_spec().  Earlier changes mean we can now move this handling to
> > conf_ports_spec().  This makes the code slightly simpler, but more
> > importantly it allows some useful combinations we couldn't previously do,
> > such as
> > 	-t 127.0.0.1/all
> > or
> > 	-u %eth2/all
> > 
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> >  conf.c  | 25 ++++++++++---------------
> >  passt.1 | 28 ++++++++++++++++++++--------
> >  2 files changed, 30 insertions(+), 23 deletions(-)
> > 
> > diff --git a/conf.c b/conf.c
> > index 5d6517c3..f62109b5 100644
> > --- a/conf.c
> > +++ b/conf.c
> > @@ -251,6 +251,11 @@ static void conf_ports_spec(const struct ctx *c,
> >  	const char *p, *ep;
> >  	unsigned i;
> >  
> > +	if (!strcmp(spec, "all")) {
> > +		/* Treat "all" as equivalent to "": all non-ephemeral ports */
> > +		spec = "";
> > +	}
> > +
> >  	/* Mark all exclusions first, they might be given after base ranges */
> >  	for_each_chunk(p, ep, spec, ",") {
> >  		struct port_range xrange;
> > @@ -372,19 +377,6 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
> >  		return;
> >  	}
> >  
> > -	if (!strcmp(optarg, "all")) {
> > -		uint8_t exclude[PORT_BITMAP_SIZE] = { 0 };
> > -
> > -		/* Exclude ephemeral ports */
> > -		fwd_port_map_ephemeral(exclude);
> > -
> > -		conf_ports_range_except(c, optname, optarg, fwd,
> > -					proto, NULL, NULL,
> > -					1, NUM_PORTS - 1, exclude,
> > -					1, FWD_WEAK);
> > -		return;
> > -	}
> > -
> >  	strncpy(buf, optarg, sizeof(buf) - 1);
> >  
> >  	if ((spec = strchr(buf, '/'))) {
> > @@ -1039,14 +1031,17 @@ static void usage(const char *name, FILE *f, int status)
> >  		"    can be specified multiple times\n"
> >  		"    SPEC can be:\n"
> >  		"      'none': don't forward any ports\n"
> > -		"      'all': forward all unbound, non-ephemeral ports\n"
> >  		"%s"
> >  		"      [ADDR[%%IFACE]/]PORTS: forward specific ports\n"
> > -		"        PORTS is a comma-separated list of ports, optionally\n"
> > +		"        PORTS is either 'all' (forward all unbound, non-ephemeral\n"
> > +		"        ports), or a comma-separated list of ports, optionally\n"
> >  		"        ranged with '-' and optional target ports after ':'.\n"
> >  		"        Ranges can be reduced by excluding ports or ranges\n"
> >  		"        prefixed by '~'\n"
> >  		"        Examples:\n"
> > +		"        -t all         Forward all ports\n"
> 
> Nit: the examples below have a tab as a separator, which makes it
> slightly easier to ensure we indent them properly.

Oops, fixed.

> > +		"        -t 127.0.0.1/all Forward all ports from local address\n"
> > +		"                         127.0.0.1\n"
> 
> This makes things pretty hard on eyes as it's not consistent with the
> rest of the "table". Could we perhaps do:
> 
> 		"        -t ::1/all	Forward all ports from ::1\n"
> 
> ?

Ah, good idea.  Done.

> 
> >  		"        -t 22		Forward local port 22 to 22 on %s\n"
> >  		"        -t 22:23	Forward local port 22 to 23 on %s\n"
> >  		"        -t 22,25	Forward ports 22, 25 to ports 22, 25\n"
> > diff --git a/passt.1 b/passt.1
> > index d329f8f0..3ba447d5 100644
> > --- a/passt.1
> > +++ b/passt.1
> > @@ -434,12 +434,6 @@ Configure TCP port forwarding to guest or namespace. \fIspec\fR can be one of:
> >  .BR none
> >  Don't forward any ports
> >  
> > -.TP
> > -.BR all
> > -Forward all unbound, non-ephemeral ports, as permitted by current capabilities.
> > -For low (< 1024) ports, see \fBNOTES\fR. No failures are reported for
> > -unavailable ports, unless no ports could be forwarded at all.
> > -
> >  .TP
> >  .BR auto " " (\fBpasta\fR " " only)
> >  Dynamically forward ports bound in the namespace. The list of ports is
> > @@ -449,10 +443,20 @@ periodically derived (every second) from listening sockets reported by
> >  .TP
> >  [\fIaddress\fR[\fB%\fR\fIinterface\fR]\fB/\fR]\fIports\fR ...
> >  Specific ports to forward.  Optionally, a specific listening address
> > -and interface name (since Linux 5.7) can be specified.  \fIports\fR is
> > -a comma-separated list of entries which may be any of:
> > +and interface name (since Linux 5.7) can be specified.  \fIports\fR
> > +may be either:
> >  .RS
> >  .TP
> > +\fBall\fR
> > +Forward all unbound, non-ephemeral ports, as permitted by current
> > +capabilities.  For low (< 1024) ports, see \fBNOTES\fR. No failures
> > +are reported for unavailable ports, unless no ports could be forwarded
> > +at all.
> > +.RE
> > +
> > +.RS
> > +or a comma-separated list of entries which may be any of:
> > +.TP
> >  \fIfirst\fR[\fB-\fR\fIlast\fR][\fB:\fR\fItofirst\fR[\fB-\fR\fItolast\fR]]
> >  Include range. Forward port numbers between \fIfirst\fR and \fIlast\fR
> >  (inclusive) to ports between \fItofirst\fR and \fItolast\fR.  If
> > @@ -473,6 +477,14 @@ unavailable ports, unless no ports could be forwarded at all.
> >  Examples:
> >  .RS
> >  .TP
> > +-t all
> > +Forward all unbound, non-ephemeral ports as permitted by current
> > +capabilities to the corresponding port on the guest or namespace
> > +.TP
> > +-t 127.0.0.1/all
> > +For the local address 127.0.0.1, forward all unbound, non-ephemeral
> > +ports as permitted by current capabilities.
> 
> Nit: all the other examples have no dot at the end (I tend to think
> it fits better this type of list, but all I care about is that it's
> consistent).

Fixed.  Also changed to ::1 for consistency with the usage() example.

> 
> > +.TP
> >  -t 22
> >  Forward local port 22 to port 22 on the guest or namespace
> >  .TP
> 
> -- 
> Stefano
> 

-- 
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]