From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=FDN+Ys8A;
	dkim-atps=neutral
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 3EB3D5A0262
	for <passt-dev@passt.top>; Tue, 05 May 2026 16:41:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202602; t=1777992079;
	bh=QCzP4ZDN2g39P2CRJ1zNAE+dRxWFVfeSa/XmQ0+fym8=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=FDN+Ys8ALYOiz18Ry+AjSaMM9VQ/5MBo/qIfFjUeDygeri3rJ9Qw02Qe1BwsMKmVN
	 LCGyfaHhB57383ryeZ+K9+cu9xve/rkfNUXxwgnCmyLqpDmj8PMJ0r2xo9fqFq7j7H
	 r70zdr4RIJmpvyXZOe+H9KI8Fsfo0yKVhPrsGJIVjdkoAQT7qocHnMHr/qQAfJto24
	 tvk45GsAh0BofhJhLUNCJGg/95qp6OFFDEXUvJd+xa/zsQCVWnOZqbD/PxhfZMCZgZ
	 Y99jenviyxg13MVylVih6dYcfs+yCLR1bOrJuFb/ds/fKHmjTsoA+pqrpcoemGzg8J
	 OXGP7sZvD4o1A==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4g91RM6YfJz4wJc; Wed, 06 May 2026 00:41:19 +1000 (AEST)
Date: Wed, 6 May 2026 00:29:08 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v7 17/18] conf, fwd: Allow switching to new rules
 received from pesto
Message-ID: <afn-tGodcpX3Vfnu@zatzit>
References: <20260504231142.1118652-1-sbrivio@redhat.com>
 <20260504231142.1118652-18-sbrivio@redhat.com>
 <ad2e9153-f024-41a0-999b-32c0e7696fca@redhat.com>
 <afm-JywYVAwzxj5v@zatzit>
 <20260505121513.2ce28bfd@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="u/uG6erQydPaY5S6"
Content-Disposition: inline
In-Reply-To: <20260505121513.2ce28bfd@elisabeth>
Message-ID-Hash: FCR6YOUGXS6YWHJRILIHTQVCP2OH3GWB
X-Message-ID-Hash: FCR6YOUGXS6YWHJRILIHTQVCP2OH3GWB
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Laurent Vivier <lvivier@redhat.com>, passt-dev@passt.top, Jon Maloy <jmaloy@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/afn-tGodcpX3Vfnu@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/FCR6YOUGXS6YWHJRILIHTQVCP2OH3GWB/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--u/uG6erQydPaY5S6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 05, 2026 at 12:15:14PM +0200, Stefano Brivio wrote:
> On Tue, 5 May 2026 19:53:43 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > On Tue, May 05, 2026 at 11:08:27AM +0200, Laurent Vivier wrote:
> > > On 5/5/26 01:11, Stefano Brivio wrote: =20
> > > > From: David Gibson <david@gibson.dropbear.id.au>
> > > >=20
> > > > We can now receive updates to the forwarding rules from the pesto c=
lient
> > > > and store them in a "pending" copy of the forwarding tables.  Imple=
ment
> > > > switching to using the new rules.
> > > >=20
> > > > The logic is in a new fwd_listen_switch().  For now this closes all
> > > > listening sockets related to the old tables, swaps the active and p=
ending
> > > > tables, then listens based on the new tables.  In future we look to=
 improve
> > > > this so that we don't temporarily stop listening on ports that both=
 the
> > > > old and new tables specify.
> > > >=20
> > > > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > > > Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
> > > > ---
> > > >   conf.c |  5 ++---
> > > >   fwd.c  | 34 ++++++++++++++++++++++++++++++++++
> > > >   fwd.h  |  1 +
> > > >   3 files changed, 37 insertions(+), 3 deletions(-)
> > > >=20
> > > > diff --git a/conf.c b/conf.c
> > > > index f035fd3..75b8291 100644
> > > > --- a/conf.c
> > > > +++ b/conf.c
> > > > @@ -2159,15 +2159,14 @@ void conf_handler(struct ctx *c, uint32_t e=
vents)
> > > >   			fwd_rules_dump(info, fwd->rules, fwd->count,
> > > >   				       "    ", "");
> > > >   		}
> > > > +
> > > > +		fwd_listen_switch(c);
> > > >   	}
> > > >   	if (events & EPOLLHUP) {
> > > >   		debug("Configuration client hangup");
> > > > -		goto close;
> > > >   	}
> > > > -	return;
> > > > -
> > > >   close:
> > > >   	conf_close(c);
> > > > diff --git a/fwd.c b/fwd.c
> > > > index d93d2e5..35b9e2b 100644
> > > > --- a/fwd.c
> > > > +++ b/fwd.c
> > > > @@ -534,6 +534,40 @@ int fwd_listen_init(const struct ctx *c)
> > > >   	return 0;
> > > >   }
> > > > +/**
> > > > + * fwd_listen_switch() - Switch from current to pending rules table
> > > > + * @c:		Execution context
> > > > + */
> > > > +void fwd_listen_switch(struct ctx *c)
> > > > +{
> > > > +	struct fwd_table *tmp[PIF_NUM_TYPES];
> > > > +	unsigned i;
> > > > +
> > > > +	/* Stop listening on the old tables */
> > > > +	for (i =3D 0; i < PIF_NUM_TYPES; i++) {
> > > > +		struct fwd_table *fwd =3D c->fwd[i];
> > > > +
> > > > +		if (!fwd)
> > > > +			continue;
> > > > +
> > > > +		debug("Flushing %u old %s rules", fwd->count, pif_name(i));
> > > > +		fwd_listen_close(fwd);
> > > > +		fwd->count =3D fwd->sock_count =3D 0; =20
> > >=20
> > > Perhaps we can reset fwd->count and fwd->sock_count in fwd_listen_clo=
se() as
> > > after fwd_listen_close() these values are wrong? =20
> >=20
> > No, they're not.  fwd_listen_close() closes the listening sockets, but
> > it doesn't remove the rules.  fwd->sock_count isn't the number of
> > *open* listening sockets, it's the maximum potential number of sockets
> > for all the rules.  Having some or all of the sockets close (-1 stored
> > in the array) is an allowed state.  It's rare for most rules, but
> > routine for SCAN ("auto") rules.
>=20
> Ah, oops, I didn't realise that would be the case for "auto" rules.
> I'll leave this part as it is then.

Even for non-auto rules, it's still conceptually correct to leave
sock_count alonw in fwd_listen_close().  sock_count is really tracking
the amount of space in the array allocated to store socket fds not the
socket fds themselves.  I'm open to different names that make that
more obvious.

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--u/uG6erQydPaY5S6
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmn5/q0ACgkQzQJF27ox
2GfR0A//a3mDndzXQNdFwlWK/A7dGA50GqIE5lYJIt4h2W1KkCuC7ravORvvtZQI
e/22l0QgcvAgmywQXxtNges7GnuQ7+ND2uhtDQPQep+nloHaz6bsSLXQBqiorGOb
0gc9AjLB7wHiwkJRGg9SFXwi2kIcyn4QL8L1FTfNQLsVz2Rm1NqkM2Uyajl7O4il
Km/p9ZcMhua4Te6KUUZFrUxa7mTDe6cwbsN2RJPsD7ODR49CcyKNHPgISOo8Ag5/
RygbSbYBAL3rHHLH3eby3r8efUWF4PEMWJu8Uw4/Ic4hIZCclo2xTSNjK/1nAK6h
rT1rxAhg/v05A6FPfbgsp7s6F7AB/UGa63rIXI0qvv+UVjvvQcOjuwqOO5hBAySX
A6VOzs8mAq6I6Fh49d1Ys/tIhfI0NAXxQ65qQLjZVn8i8PT4YlPC0kJfv9Hvvmel
uFwaIQju0mTQSCiPDR2dYOMrIYO/UC4+6YTTJ+l2fgevSdX9v7k7JyR1izHyk9+I
Za7vEO4rJRSBxXnf3KdOuB73DfOaMlNDY/Ih16Y8lMiDi2rmam9ELgpTp7U9Pz7K
1gDt+Bqhoo/qx6MC7ehhQJUUn7alxvU7IKfpqLI9/FBn5ARpX+p1L1iz3SsVEAMC
oBouXKre3QHj9IiiuiwpaH9BNgOVuiTqwMvXb5WH7By9d7lTWoI=
=hD2c
-----END PGP SIGNATURE-----

--u/uG6erQydPaY5S6--