From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=OWyvXfTU; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id D12CD5A026E for ; Mon, 20 Apr 2026 18:17:35 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1776701854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=6pMe9hjkt6gFtDSDHMleafVrgm8+y3fCiQHnZPmVdvg=; b=OWyvXfTUgG/HNHYO1Y6yyvVxBWzSpFC9T+GK+OYNGVn5jullQF2/qB0ZK/EjzFAoF/uoSA XUpBqcu6JXxVSFVQm2HUviAbI6pvSjalTO5/KQ53nOVQHhvLc3EP5IooCa3+rhtdQCl8dw eIkywBWFansE3aWeyxhJX/eEIhNbym0= Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-34-q365e8q1PNaz6DABfKmkJw-1; Mon, 20 Apr 2026 12:17:33 -0400 X-MC-Unique: q365e8q1PNaz6DABfKmkJw-1 X-Mimecast-MFC-AGG-ID: q365e8q1PNaz6DABfKmkJw_1776701852 Received: by mail-pf1-f198.google.com with SMTP id d2e1a72fcca58-82f9f49e4beso1273614b3a.0 for ; Mon, 20 Apr 2026 09:17:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776701852; x=1777306652; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=6pMe9hjkt6gFtDSDHMleafVrgm8+y3fCiQHnZPmVdvg=; b=GV3mepZu7nCpWPSUnHcK+BBqvMIIn0v3ewvYqjWVenVEAI2vphnG5ZwZUiNwwsNH93 6kUYo87ACtiVY9eBoUOXmWI2m00TkmyBIF8bsBdyyfiiATQyIqq5+YFU+YJcDItOEo2U DsJY12vVUqVeFIW5ZqRQaiCja8DKikCPUfWIpVJsC6ZhuWhtFlveBZlPtVczQlqlDOpZ ZmiGObQljP61ynloHffajVlv67t74Wgjsqj55nrxRpNyVjdkwa0aCZz74fietR+Ivk0o pss29S+9R6oBqyUm6+x7Ml5l7jc2pfnrZkOuGt7Qzkah+/lYOhcsKS5/Ko4YZWSJ8Cos GYfg== X-Forwarded-Encrypted: i=1; AFNElJ8wOHfVsk7VRDmLwbh5fcg6IfvKFXJ9mLtqZyXcJnuWQYwWYDyiLswSQHek4lv2MmPapxv6C8KU8ig=@passt.top X-Gm-Message-State: AOJu0Yzxmx2PHBunb/P/DSDrVhApt+F/BlORYbRFURp/UhnyWz7TFYSp aOVlJ1VYsijhyu/wNHf9PKA41laV5sCijYVUa6EF2NJ311q8Z/ngNuYQLPHtQLTfhAhsSliMtOj 95C9Eh4k0UcyLYfrCQbzSCG6XZf5r+Wdl96Ws1SxBWHF1dDURV67+OQ== X-Gm-Gg: AeBDietagc3p4o6lRD5Wgu76yi3cqj90fOodok1Zx0q5e4NDsOTNejw9T3jdjVfHv/l qLZpXCtGvLZeb/W6KYI6yrc53pFtvHq13YOVFit+sCKnenT/SuOOa6bAGaBURm26Zz/ZwlLW8// lbg+cV+dxZQBaQWa9gftnoO/x9A5P47Cky20wfNd6QawYhOT9lju14KEWcDlgkqqiM4K1Jskg/r X54juMdi9RHI1WCL3r2lCvCb9Adlc5Nv0AZDmYgsweHOvbJyNRJiRNfXsG8UGbZBKRtpjO3//ks 9H+Q++58TRcgtlo9AXzAbB4bIuQxTQUN1sm8MoP0uqD11rrAGGqZrnhJ+aZJIEt+b3MLVYIlgz0 rtN70L2tE9rO8Ii6/E65t/rw4JzwB/Cs3ulCL+V0WWLfeac2sg8UTl0vwmCXK0VvItQ== X-Received: by 2002:a05:6a00:2d90:b0:82f:5576:2853 with SMTP id d2e1a72fcca58-82f8c91b628mr13923613b3a.30.1776701851929; Mon, 20 Apr 2026 09:17:31 -0700 (PDT) X-Received: by 2002:a05:6a00:2d90:b0:82f:5576:2853 with SMTP id d2e1a72fcca58-82f8c91b628mr13923572b3a.30.1776701851138; Mon, 20 Apr 2026 09:17:31 -0700 (PDT) Received: from [192.168.100.100] (82-64-211-94.subs.proxad.net. [82.64.211.94]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82f8e981d00sm10867420b3a.5.2026.04.20.09.17.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 20 Apr 2026 09:17:30 -0700 (PDT) Message-ID: Date: Mon, 20 Apr 2026 18:17:24 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 06/11] fwd, conf: Add capabilities bits to each forwarding table To: David Gibson , passt-dev@passt.top, Stefano Brivio References: <20260417050520.102247-1-david@gibson.dropbear.id.au> <20260417050520.102247-7-david@gibson.dropbear.id.au> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: <20260417050520.102247-7-david@gibson.dropbear.id.au> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 3aIqH7J-KU2EN5JJeURM_6a0fvmTvEio5VTYusREFMs_1776701852 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: EDGA53LK6EDN7RPE76E53JKRLFRMVM52 X-Message-ID-Hash: EDGA53LK6EDN7RPE76E53JKRLFRMVM52 X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 4/17/26 07:05, David Gibson wrote: > conf_ports_spec() and conf_ports() take the global context structure, but > their only use for it is seeing if various things are possible: which > protocols and address formats are allowed in formatting rules. Localise > that information into the forwarding table, with a capabilities bitmap. > > For now we set that caps map to the same thing for all tables, but keep it > per-table to allow for the possibility of different pif types in future > that might have different capabilities (e.g. if we add a forwarding table > for the tap interface, it won't be able to accept interface names to bind). > > Use this information to remove the global context parameter from > conf_ports() and conf_ports_spec(). > > Signed-off-by: David Gibson Reviewed-by: Laurent Vivier > --- > conf.c | 48 ++++++++++++++++++++++-------------------------- > fwd.c | 17 +++++++++++++++++ > fwd.h | 2 ++ > fwd_rule.h | 8 ++++++++ > 4 files changed, 49 insertions(+), 26 deletions(-) > > diff --git a/conf.c b/conf.c > index 99542075..ecc3a342 100644 > --- a/conf.c > +++ b/conf.c > @@ -218,15 +218,13 @@ fail: > > /** > * conf_ports_spec() - Parse port range(s) specifier > - * @c: Execution context > * @fwd: Forwarding table to be updated > * @proto: Protocol to forward > * @addr: Listening address for forwarding > * @ifname: Interface name for listening > * @spec: Port range(s) specifier > */ > -static void conf_ports_spec(const struct ctx *c, > - struct fwd_table *fwd, uint8_t proto, > +static void conf_ports_spec(struct fwd_table *fwd, uint8_t proto, > const union inany_addr *addr, const char *ifname, > const char *spec) > { > @@ -255,7 +253,7 @@ static void conf_ports_spec(const struct ctx *c, > if (p != ep) /* Garbage after the keyword */ > goto bad; > > - if (c->mode != MODE_PASTA) { > + if (!(fwd->caps & FWD_CAP_SCAN)) { > die( > "'auto' port forwarding is only allowed for pasta"); > } > @@ -329,13 +327,11 @@ bad: > > /** > * conf_ports() - Parse port configuration options, initialise UDP/TCP sockets > - * @c: Execution context > * @optname: Short option name, t, T, u, or U > * @optarg: Option argument (port specification) > * @fwd: Forwarding table to be updated > */ > -static void conf_ports(const struct ctx *c, char optname, const char *optarg, > - struct fwd_table *fwd) > +static void conf_ports(char optname, const char *optarg, struct fwd_table *fwd) > { > union inany_addr addr_buf = inany_any6, *addr = &addr_buf; > char buf[BUFSIZ], *spec, *ifname = NULL; > @@ -360,9 +356,9 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, > return; > } > > - if (proto == IPPROTO_TCP && c->no_tcp) > + if (proto == IPPROTO_TCP && !(fwd->caps & FWD_CAP_TCP)) > die("TCP port forwarding requested but TCP is disabled"); > - if (proto == IPPROTO_UDP && c->no_udp) > + if (proto == IPPROTO_UDP && !(fwd->caps & FWD_CAP_UDP)) > die("UDP port forwarding requested but UDP is disabled"); > > strncpy(buf, optarg, sizeof(buf) - 1); > @@ -410,10 +406,10 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, > } > > if (addr) { > - if (!c->ifi4 && inany_v4(addr)) { > + if (!(fwd->caps & FWD_CAP_IPV4) && inany_v4(addr)) { > die("IPv4 is disabled, can't use -%c %s", > optname, optarg); > - } else if (!c->ifi6 && !inany_v4(addr)) { > + } else if (!(fwd->caps & FWD_CAP_IPV6) && !inany_v4(addr)) { > die("IPv6 is disabled, can't use -%c %s", > optname, optarg); > } > @@ -422,17 +418,17 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, > if (optname == 'T' || optname == 'U') { > assert(!addr && !ifname); > > - if (c->no_bindtodevice) { > + if (!(fwd->caps & FWD_CAP_IFNAME)) { > warn( > "SO_BINDTODEVICE unavailable, forwarding only 127.0.0.1 and ::1 for '-%c %s'", > optname, optarg); > > - if (c->ifi4) { > - conf_ports_spec(c, fwd, proto, > + if (fwd->caps & FWD_CAP_IPV4) { > + conf_ports_spec(fwd, proto, > &inany_loopback4, NULL, spec); > } > - if (c->ifi6) { > - conf_ports_spec(c, fwd, proto, > + if (fwd->caps & FWD_CAP_IPV6) { > + conf_ports_spec(fwd, proto, > &inany_loopback6, NULL, spec); > } > return; > @@ -441,13 +437,13 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, > ifname = "lo"; > } > > - if (ifname && c->no_bindtodevice) { > + if (ifname && !(fwd->caps & FWD_CAP_IFNAME)) { > die( > "Device binding for '-%c %s' unsupported (requires kernel 5.7+)", > optname, optarg); > } > > - conf_ports_spec(c, fwd, proto, addr, ifname, spec); > + conf_ports_spec(fwd, proto, addr, ifname, spec); > } > > /** > @@ -2185,16 +2181,16 @@ void conf(struct ctx *c, int argc, char **argv) > > if (name == 't') { > opt_t = true; > - conf_ports(c, name, optarg, c->fwd[PIF_HOST]); > + conf_ports(name, optarg, c->fwd[PIF_HOST]); > } else if (name == 'u') { > opt_u = true; > - conf_ports(c, name, optarg, c->fwd[PIF_HOST]); > + conf_ports(name, optarg, c->fwd[PIF_HOST]); > } else if (name == 'T') { > opt_T = true; > - conf_ports(c, name, optarg, c->fwd[PIF_SPLICE]); > + conf_ports(name, optarg, c->fwd[PIF_SPLICE]); > } else if (name == 'U') { > opt_U = true; > - conf_ports(c, name, optarg, c->fwd[PIF_SPLICE]); > + conf_ports(name, optarg, c->fwd[PIF_SPLICE]); > } > } while (name != -1); > > @@ -2246,13 +2242,13 @@ void conf(struct ctx *c, int argc, char **argv) > > if (c->mode == MODE_PASTA) { > if (!opt_t) > - conf_ports(c, 't', "auto", c->fwd[PIF_HOST]); > + conf_ports('t', "auto", c->fwd[PIF_HOST]); > if (!opt_T) > - conf_ports(c, 'T', "auto", c->fwd[PIF_SPLICE]); > + conf_ports('T', "auto", c->fwd[PIF_SPLICE]); > if (!opt_u) > - conf_ports(c, 'u', "auto", c->fwd[PIF_HOST]); > + conf_ports('u', "auto", c->fwd[PIF_HOST]); > if (!opt_U) > - conf_ports(c, 'U', "auto", c->fwd[PIF_SPLICE]); > + conf_ports('U', "auto", c->fwd[PIF_SPLICE]); > } > > if (!c->quiet) > diff --git a/fwd.c b/fwd.c > index 3e87169b..c7fd1a9d 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -326,6 +326,23 @@ static struct fwd_table fwd_out; > */ > void fwd_rule_init(struct ctx *c) > { > + uint32_t caps = 0; > + > + if (c->ifi4) > + caps |= FWD_CAP_IPV4; > + if (c->ifi6) > + caps |= FWD_CAP_IPV6; > + if (!c->no_tcp) > + caps |= FWD_CAP_TCP; > + if (!c->no_udp) > + caps |= FWD_CAP_UDP; > + if (c->mode == MODE_PASTA) > + caps |= FWD_CAP_SCAN; > + if (!c->no_bindtodevice) > + caps |= FWD_CAP_IFNAME; > + > + fwd_in.caps = fwd_out.caps = caps; > + > c->fwd[PIF_HOST] = &fwd_in; > if (c->mode == MODE_PASTA) > c->fwd[PIF_SPLICE] = &fwd_out; > diff --git a/fwd.h b/fwd.h > index 43bfeadb..3e365d35 100644 > --- a/fwd.h > +++ b/fwd.h > @@ -52,6 +52,7 @@ struct fwd_listen_ref { > > /** > * struct fwd_table - Forwarding state (per initiating pif) > + * @caps: Forwarding capabilities for this initiating pif > * @count: Number of forwarding rules > * @rules: Array of forwarding rules > * @rulesocks: Parallel array of @rules (@count valid entries) of pointers to > @@ -61,6 +62,7 @@ struct fwd_listen_ref { > * @socks: Listening sockets for forwarding > */ > struct fwd_table { > + uint32_t caps; > unsigned count; > struct fwd_rule rules[MAX_FWD_RULES]; > int *rulesocks[MAX_FWD_RULES]; > diff --git a/fwd_rule.h b/fwd_rule.h > index 8506a0c4..edba6782 100644 > --- a/fwd_rule.h > +++ b/fwd_rule.h > @@ -17,6 +17,14 @@ > #include "inany.h" > #include "bitmap.h" > > +/* Forwarding capability bits */ > +#define FWD_CAP_IPV4 BIT(0) > +#define FWD_CAP_IPV6 BIT(1) > +#define FWD_CAP_TCP BIT(2) > +#define FWD_CAP_UDP BIT(3) > +#define FWD_CAP_SCAN BIT(4) > +#define FWD_CAP_IFNAME BIT(5) > + > /** > * struct fwd_rule - Forwarding rule governing a range of ports > * @addr: Address to forward from