From: Jon Maloy <jmaloy@redhat.com>
To: David Gibson <david@gibson.dropbear.id.au>,
Stefano Brivio <sbrivio@redhat.com>,
passt-dev@passt.top
Subject: Re: [PATCH v5 15/18] pesto: Read current ruleset from passt/pasta and optionally display it
Date: Fri, 24 Apr 2026 18:37:58 -0400 [thread overview]
Message-ID: <ca2dc7e8-5df7-4db7-9f75-2b3119c027ca@redhat.com> (raw)
In-Reply-To: <20260421062516.2601204-16-david@gibson.dropbear.id.au>
On 2026-04-21 02:25, David Gibson wrote:
> Implement serialisation of our current forwarding rules in conf.c,
> deserialising it to display in the pesto client. Doing this requires
> adding ip.c, inany.c, bitmap.c, lineread.c and fwd_rule.c to the pesto
> build. With previous preparations that now requires only a trivial change
[...]
> +
> +
> +/**
> + * fwd_rule_read() - Read serialised rule from an fd
> + * @fd: fd to serialise to
> + * @rule: Buffer to store rule into
> + *
> + * Return: 0 on success, -1 on error (with errno set)
> + */
> +int fwd_rule_read(int fd, struct fwd_rule *rule)
> +{
> + if (read_all_buf(fd, rule, sizeof(*rule)))
> + return -1;
> +
> + /* Byteswap for host */
> + rule->first = ntohs(rule->first);
> + rule->last = ntohs(rule->last);
> + rule->to = htons(rule->to);
Or ntohs() ?
/jon
> +
> + return 0;
> +}
> +
> +/**
> + * fwd_rule_write() - Serialise rule to an fd
> + * @fd: fd to serialise to
> + * @rule: Rule to send
> + *
> + * Return: 0 on success, -1 on error (with errno set)
> + */
> +int fwd_rule_write(int fd, const struct fwd_rule *rule)
> +{
> + struct fwd_rule tmp = *rule;
> +
> + /* Byteswap for transport */
> + tmp.first = htons(tmp.first);
> + tmp.last = htons(tmp.last);
> + tmp.to = htons(tmp.to);
> +
> + return write_all_buf(fd, &tmp, sizeof(tmp));
> +}
> diff --git a/fwd_rule.h b/fwd_rule.h
> index f51f1b4b..330d49eb 100644
> --- a/fwd_rule.h
> +++ b/fwd_rule.h
> @@ -29,6 +29,8 @@
> #define FWD_CAP_UDP BIT(3)
> #define FWD_CAP_SCAN BIT(4)
> #define FWD_CAP_IFNAME BIT(5)
> +#define FWD_CAP_ALL (FWD_CAP_IPV4 | FWD_CAP_IPV6 | FWD_CAP_TCP | \
> + FWD_CAP_UDP | FWD_CAP_SCAN | FWD_CAP_IFNAME)
>
> /**
> * struct fwd_rule - Forwarding rule governing a range of ports
> @@ -99,6 +101,8 @@ void fwd_probe_ephemeral(void);
> const union inany_addr *fwd_rule_addr(const struct fwd_rule *rule);
> const char *fwd_rule_fmt(const struct fwd_rule *rule, char *dst, size_t size);
> void fwd_rule_parse(char optname, const char *optarg, struct fwd_table *fwd);
> +int fwd_rule_read(int fd, struct fwd_rule *rule);
> +int fwd_rule_write(int fd, const struct fwd_rule *rule);
>
> /**
> * fwd_rules_dump() - Dump forwarding rules
> diff --git a/lineread.c b/lineread.c
> index b9ceae10..a4269a66 100644
> --- a/lineread.c
> +++ b/lineread.c
> @@ -19,8 +19,8 @@
> #include <stdbool.h>
> #include <unistd.h>
>
> +#include "common.h"
> #include "lineread.h"
> -#include "util.h"
>
> /**
> * lineread_init() - Prepare for line by line file reading without allocation
> diff --git a/pesto.c b/pesto.c
> index 3e34bbac..35a4d559 100644
> --- a/pesto.c
> +++ b/pesto.c
> @@ -34,6 +34,7 @@
> #include "common.h"
> #include "seccomp_pesto.h"
> #include "serialise.h"
> +#include "fwd_rule.h"
> #include "pesto.h"
> #include "log.h"
>
> @@ -66,6 +67,7 @@ static void usage(const char *name, FILE *f, int status)
> struct pif_configuration {
> uint8_t pif;
> char name[PIF_NAME_SIZE];
> + struct fwd_table fwd;
> };
>
> struct configuration {
> @@ -123,6 +125,7 @@ static bool read_pif_conf(int fd, struct configuration *conf)
> struct pif_configuration *pc;
> struct pesto_pif_info info;
> uint8_t pif;
> + unsigned i;
>
> if (read_u8(fd, &pif) < 0)
> die("Error reading from control socket");
> @@ -149,8 +152,17 @@ static bool read_pif_conf(int fd, struct configuration *conf)
> static_assert(sizeof(info.name) == sizeof(pc->name),
> "Mismatching pif name lengths");
> memcpy(pc->name, info.name, sizeof(pc->name));
> -
> - debug("PIF %"PRIu8": %s", pc->pif, pc->name);
> + pc->fwd.caps = ntohl(info.caps);
> + pc->fwd.count = ntohl(info.count);
> +
> + debug("PIF %"PRIu8": %s, %"PRIu32" rules, capabilities 0x%"PRIx32
> + ":%s%s%s%s%s%s", pc->pif, pc->name, pc->fwd.count, pc->fwd.caps,
> + pc->fwd.caps & FWD_CAP_IPV4 ? " IPv4" : "",
> + pc->fwd.caps & FWD_CAP_IPV6 ? " IPv6" : "",
> + pc->fwd.caps & FWD_CAP_TCP ? " TCP" : "",
> + pc->fwd.caps & FWD_CAP_UDP ? " UDP" : "",
> + pc->fwd.caps & FWD_CAP_SCAN ? " scan" : "",
> + pc->fwd.caps & FWD_CAP_IFNAME ? " ifname" : "");
>
> /* O(n^2), but n is bounded by MAX_PIFS */
> if (pif_conf_by_num(conf, pc->pif))
> @@ -160,6 +172,18 @@ static bool read_pif_conf(int fd, struct configuration *conf)
> if (pif_conf_by_name(conf, pc->name))
> die("Received duplicate interface name");
>
> + /* NOTE: We read the fwd rules directly into fwd.rules, rather than
> + * using fwd_rule_add(). This means we can read and display rules even
> + * if something has gone wrong (in pesto or passt) and we get rules that
> + * fwd_rule_add() would reject. It does have the side effect that we
> + * never assign socket space for the fwd rules, but we don't need that
> + * within pesto.
> + */
> + for (i = 0; i < pc->fwd.count; i++) {
> + if (fwd_rule_read(fd, &pc->fwd.rules[i]) < 0)
> + die("Error reading from control socket");
> + }
> +
> conf->npifs++;
> return true;
> }
> @@ -175,7 +199,8 @@ static void show_conf(const struct configuration *conf)
> for (i = 0; i < conf->npifs; i++) {
> const struct pif_configuration *pc = &conf->pif[i];
> printf(" %s\n", pc->name);
> - printf(" TBD\n");
> + fwd_rules_dump(printf, pc->fwd.rules, pc->fwd.count,
> + " ", "\n");
> }
> }
>
> @@ -288,6 +313,12 @@ int main(int argc, char **argv)
> ntohl(hello.pif_name_size), PIF_NAME_SIZE);
> }
>
> + if (ntohl(hello.ifnamsiz) != IFNAMSIZ) {
> + die("Server has unexpected IFNAMSIZ (%"
> + PRIu32" not %"PRIu32"\n",
> + ntohl(hello.ifnamsiz), IFNAMSIZ);
> + }
> +
> while (read_pif_conf(s, &conf))
> ;
>
> diff --git a/pesto.h b/pesto.h
> index ac4c2b58..8f6bbf65 100644
> --- a/pesto.h
> +++ b/pesto.h
> @@ -26,11 +26,13 @@
> * @magic: PESTO_SERVER_MAGIC
> * @version: Version number
> * @pif_name_size: Server's value for PIF_NAME_SIZE
> + * @ifnamsiz: Server's value for IFNAMSIZ
> */
> struct pesto_hello {
> char magic[8];
> uint32_t version;
> uint32_t pif_name_size;
> + uint32_t ifnamsiz;
> } __attribute__ ((__packed__));
>
> static_assert(sizeof(PESTO_SERVER_MAGIC)
> @@ -41,9 +43,13 @@ static_assert(sizeof(PESTO_SERVER_MAGIC)
> * struct pesto_pif_info - Message with basic metadata about a pif
> * @resv_: Alignment gap (must be 0)
> * @name: Name (\0 terminated)
> + * @caps: Forwarding capabilities for this pif
> + * @count: Number of forwarding rules for this pif
> */
> struct pesto_pif_info {
> char name[PIF_NAME_SIZE];
> + uint32_t caps;
> + uint32_t count;
> } __attribute__ ((__packed__));
>
> #endif /* PESTO_H */
next prev parent reply other threads:[~2026-04-24 22:38 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-21 6:24 [PATCH v5 00/18] RFC: Dynamic configuration update implementation David Gibson
2026-04-21 6:24 ` [PATCH v5 01/18] conf, fwd: Stricter rule checking in fwd_rule_add() David Gibson
2026-04-25 13:31 ` Jon Maloy
2026-04-27 3:20 ` David Gibson
2026-04-21 6:25 ` [PATCH v5 02/18] fwd_rule: Move ephemeral port probing to fwd_rule.c David Gibson
2026-04-21 6:25 ` [PATCH v5 03/18] fwd, conf: Move rule parsing code to fwd_rule.[ch] David Gibson
2026-04-24 21:59 ` Jon Maloy
2026-04-24 22:36 ` Jon Maloy
2026-04-21 6:25 ` [PATCH v5 04/18] fwd_rule: Move conflict checking back within fwd_rule_add() David Gibson
2026-04-21 6:25 ` [PATCH v5 05/18] fwd: Generalise fwd_rules_info() David Gibson
2026-04-21 6:25 ` [PATCH v5 06/18] pif: Limit pif names to 128 bytes David Gibson
2026-04-21 6:25 ` [PATCH v5 07/18] fwd_rule: Fix some format specifiers David Gibson
2026-04-21 6:25 ` [PATCH v5 08/18] tap, repair: Use SOCK_NONBLOCK and SOCK_CLOEXEC on Unix sockets David Gibson
2026-04-21 6:25 ` [PATCH v5 09/18] pesto: Introduce stub configuration tool David Gibson
2026-04-21 6:25 ` [PATCH v5 10/18] pesto, log: Share log.h (but not log.c) with pesto tool David Gibson
2026-04-21 6:25 ` [PATCH v5 11/18] pesto, conf: Have pesto connect to passt and check versions David Gibson
2026-04-26 13:45 ` Jon Maloy
2026-04-29 5:18 ` David Gibson
2026-04-21 6:25 ` [PATCH v5 12/18] pesto: Expose list of pifs to pesto and optionally display David Gibson
2026-04-26 13:45 ` Jon Maloy
2026-04-29 5:17 ` David Gibson
2026-04-21 6:25 ` [PATCH v5 13/18] ip: Prepare ip.[ch] for sharing with pesto tool David Gibson
2026-04-21 6:25 ` [PATCH v5 14/18] inany: Prepare inany.[ch] " David Gibson
2026-04-21 6:25 ` [PATCH v5 15/18] pesto: Read current ruleset from passt/pasta and optionally display it David Gibson
2026-04-24 22:37 ` Jon Maloy [this message]
2026-04-25 7:36 ` Stefano Brivio
2026-04-29 5:19 ` David Gibson
2026-04-21 6:25 ` [PATCH v5 16/18] pesto: Parse and add new rules from command line David Gibson
2026-04-21 6:25 ` [PATCH v5 17/18] pesto, conf: Send updated rules from pesto back to passt/pasta David Gibson
2026-04-24 22:38 ` Jon Maloy
2026-04-25 7:36 ` Stefano Brivio
2026-04-29 5:21 ` David Gibson
2026-04-21 6:25 ` [PATCH v5 18/18] conf, fwd: Allow switching to new rules received from pesto David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ca2dc7e8-5df7-4db7-9f75-2b3119c027ca@redhat.com \
--to=jmaloy@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).