From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=g8qAbZJU; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id EFB245A0262 for ; Sat, 25 Apr 2026 00:38:02 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1777070281; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uFWxQtx2MJN/i92KsUa2YEGvreMXr9TbGqOvCAyM9QM=; b=g8qAbZJUq9a4IAqvVlLh0cL/RIZsRP7VC8Jq/WSVYfi/dQTogdiwoaZcSWWo3ptoZ4LROH 0TdkI1qa2r47A2s2irXXyo/SHRaVC1XxQhIJ5a/zIvR9J7dsvqCyn1pdAt+Duckt/PrI0B OSFv4xKZkSVq0PrYMBxm3hpjRGBEmbk= Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-677-ceGIachyOZm5D1HBshDEJw-1; Fri, 24 Apr 2026 18:38:00 -0400 X-MC-Unique: ceGIachyOZm5D1HBshDEJw-1 X-Mimecast-MFC-AGG-ID: ceGIachyOZm5D1HBshDEJw_1777070280 Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-8eb9f8bbbb3so1081326585a.0 for ; Fri, 24 Apr 2026 15:38:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777070280; x=1777675080; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uFWxQtx2MJN/i92KsUa2YEGvreMXr9TbGqOvCAyM9QM=; b=RNAuKc2N1Dbom6mwVMeurZ+mVEa5Fz36pceEQaMGfgoT6h0cIkCWCewaYg0kT4dqmL 1+20FabrG8x1sCQm+FDFMLtblCq7yHwFfxnpeLQHtzdygDjoTAde4A/qDIMGCChgcOqL rjSSsgTsVguVEx8fTpnstGmzWndIyLFAcF/6IAh6R2/gpb3tH1jZrYx9T08oH2hst6c6 cN91MJXaJYbyf4G0cTAWmPfgFT2w+vNohCA73hmCLsyrAZsnqjpTblDR2+t2tj1uIZWb yOOKbC+z6X2I2xzUU7qi083ZE99jLId0IbGZc0JGShcy7HJVxy8rA6s0rLmpZIpl90iC 3+dw== X-Forwarded-Encrypted: i=1; AFNElJ9nUL7FYh2jHslvzgwx0hr/+ikqC0DcLW1BjZp2Wis9r2NRhZnVeiBF4lbcvZeCuOplwxdqhGR548M=@passt.top X-Gm-Message-State: AOJu0YzHo+gAmEHP1vqZJJltUEVx1sKaTsozQf2DAZAk+kh3deXQOnLM 9v2YKm47xSokjLi1NKsjnLNVOYZB3vnFVq3fCuazuzfmvSqbdfak6/pscTWJ6A5Wei96HC8IOa8 1xi7nEnAjUsud8cjoKFrBwRWLQSEcQYC1fGkXgifp6untegIi/9gcPA== X-Gm-Gg: AeBDiev8AQuT7cOmHjTmN+8J0+IciO4uu+BQp5CvWGzaDRQTI1MHp9upHRRb3LrPS37 ZPeKVXCRSFmAdwF0OztOGonNW3lMB4ZUeAAVM8yVqu3Ngzy4K8XzrgysjUQ1zDlwfUU/cgDoqKN wppwso82T5qxYtEmV7UrjjMFag56FqBKtFBH0FzzcnXqLrtxMLmOVcVvbghFJHRqkmVbtLVpBcW U6s+vyxtVbaXd1pQMW/3jTKVNMD5z0xAIVV6/K/DRbpzFzWX+pyxeYFhQHdm1snAe9oQGJ2jypx rWuR+bCYDQCTsZ0o8I+/lV2pE98vY19pje2Kw8mM8RxXtjjoW8ZJDrEId9puf2UVzgJ/Eb+DSFn ZckahZVAx0E4MyzkdeZRzT4nSpNeHgQXmA5U3vCRcKJD8+k2rJNO7UR76oAaqpmHd5IdnqCZ0rj 9KgUhgBpKHioSdysGjnLQt3H0= X-Received: by 2002:a05:620a:4116:b0:8cf:cfbd:d1d5 with SMTP id af79cd13be357-8e78c8b8416mr4055502785a.23.1777070279873; Fri, 24 Apr 2026 15:37:59 -0700 (PDT) X-Received: by 2002:a05:620a:4116:b0:8cf:cfbd:d1d5 with SMTP id af79cd13be357-8e78c8b8416mr4055499885a.23.1777070279367; Fri, 24 Apr 2026 15:37:59 -0700 (PDT) Received: from [192.168.2.15] (lnsm4-toronto63-142-116-28-118.internet.virginmobile.ca. [142.116.28.118]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8e7d3204cc6sm2017044185a.0.2026.04.24.15.37.58 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 24 Apr 2026 15:37:58 -0700 (PDT) Message-ID: Date: Fri, 24 Apr 2026 18:37:58 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v5 15/18] pesto: Read current ruleset from passt/pasta and optionally display it To: David Gibson , Stefano Brivio , passt-dev@passt.top References: <20260421062516.2601204-1-david@gibson.dropbear.id.au> <20260421062516.2601204-16-david@gibson.dropbear.id.au> From: Jon Maloy In-Reply-To: <20260421062516.2601204-16-david@gibson.dropbear.id.au> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: p672MbZ-EQQc_gQMBL5tnMRTURupeh9ucloDqXfC4Dk_1777070280 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: WNVUBBSPLF7RSHTC7HGZV43YK4ATOIEG X-Message-ID-Hash: WNVUBBSPLF7RSHTC7HGZV43YK4ATOIEG X-MailFrom: jmaloy@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 2026-04-21 02:25, David Gibson wrote: > Implement serialisation of our current forwarding rules in conf.c, > deserialising it to display in the pesto client. Doing this requires > adding ip.c, inany.c, bitmap.c, lineread.c and fwd_rule.c to the pesto > build. With previous preparations that now requires only a trivial change [...] > + > + > +/** > + * fwd_rule_read() - Read serialised rule from an fd > + * @fd: fd to serialise to > + * @rule: Buffer to store rule into > + * > + * Return: 0 on success, -1 on error (with errno set) > + */ > +int fwd_rule_read(int fd, struct fwd_rule *rule) > +{ > + if (read_all_buf(fd, rule, sizeof(*rule))) > + return -1; > + > + /* Byteswap for host */ > + rule->first = ntohs(rule->first); > + rule->last = ntohs(rule->last); > + rule->to = htons(rule->to); Or ntohs() ? /jon > + > + return 0; > +} > + > +/** > + * fwd_rule_write() - Serialise rule to an fd > + * @fd: fd to serialise to > + * @rule: Rule to send > + * > + * Return: 0 on success, -1 on error (with errno set) > + */ > +int fwd_rule_write(int fd, const struct fwd_rule *rule) > +{ > + struct fwd_rule tmp = *rule; > + > + /* Byteswap for transport */ > + tmp.first = htons(tmp.first); > + tmp.last = htons(tmp.last); > + tmp.to = htons(tmp.to); > + > + return write_all_buf(fd, &tmp, sizeof(tmp)); > +} > diff --git a/fwd_rule.h b/fwd_rule.h > index f51f1b4b..330d49eb 100644 > --- a/fwd_rule.h > +++ b/fwd_rule.h > @@ -29,6 +29,8 @@ > #define FWD_CAP_UDP BIT(3) > #define FWD_CAP_SCAN BIT(4) > #define FWD_CAP_IFNAME BIT(5) > +#define FWD_CAP_ALL (FWD_CAP_IPV4 | FWD_CAP_IPV6 | FWD_CAP_TCP | \ > + FWD_CAP_UDP | FWD_CAP_SCAN | FWD_CAP_IFNAME) > > /** > * struct fwd_rule - Forwarding rule governing a range of ports > @@ -99,6 +101,8 @@ void fwd_probe_ephemeral(void); > const union inany_addr *fwd_rule_addr(const struct fwd_rule *rule); > const char *fwd_rule_fmt(const struct fwd_rule *rule, char *dst, size_t size); > void fwd_rule_parse(char optname, const char *optarg, struct fwd_table *fwd); > +int fwd_rule_read(int fd, struct fwd_rule *rule); > +int fwd_rule_write(int fd, const struct fwd_rule *rule); > > /** > * fwd_rules_dump() - Dump forwarding rules > diff --git a/lineread.c b/lineread.c > index b9ceae10..a4269a66 100644 > --- a/lineread.c > +++ b/lineread.c > @@ -19,8 +19,8 @@ > #include > #include > > +#include "common.h" > #include "lineread.h" > -#include "util.h" > > /** > * lineread_init() - Prepare for line by line file reading without allocation > diff --git a/pesto.c b/pesto.c > index 3e34bbac..35a4d559 100644 > --- a/pesto.c > +++ b/pesto.c > @@ -34,6 +34,7 @@ > #include "common.h" > #include "seccomp_pesto.h" > #include "serialise.h" > +#include "fwd_rule.h" > #include "pesto.h" > #include "log.h" > > @@ -66,6 +67,7 @@ static void usage(const char *name, FILE *f, int status) > struct pif_configuration { > uint8_t pif; > char name[PIF_NAME_SIZE]; > + struct fwd_table fwd; > }; > > struct configuration { > @@ -123,6 +125,7 @@ static bool read_pif_conf(int fd, struct configuration *conf) > struct pif_configuration *pc; > struct pesto_pif_info info; > uint8_t pif; > + unsigned i; > > if (read_u8(fd, &pif) < 0) > die("Error reading from control socket"); > @@ -149,8 +152,17 @@ static bool read_pif_conf(int fd, struct configuration *conf) > static_assert(sizeof(info.name) == sizeof(pc->name), > "Mismatching pif name lengths"); > memcpy(pc->name, info.name, sizeof(pc->name)); > - > - debug("PIF %"PRIu8": %s", pc->pif, pc->name); > + pc->fwd.caps = ntohl(info.caps); > + pc->fwd.count = ntohl(info.count); > + > + debug("PIF %"PRIu8": %s, %"PRIu32" rules, capabilities 0x%"PRIx32 > + ":%s%s%s%s%s%s", pc->pif, pc->name, pc->fwd.count, pc->fwd.caps, > + pc->fwd.caps & FWD_CAP_IPV4 ? " IPv4" : "", > + pc->fwd.caps & FWD_CAP_IPV6 ? " IPv6" : "", > + pc->fwd.caps & FWD_CAP_TCP ? " TCP" : "", > + pc->fwd.caps & FWD_CAP_UDP ? " UDP" : "", > + pc->fwd.caps & FWD_CAP_SCAN ? " scan" : "", > + pc->fwd.caps & FWD_CAP_IFNAME ? " ifname" : ""); > > /* O(n^2), but n is bounded by MAX_PIFS */ > if (pif_conf_by_num(conf, pc->pif)) > @@ -160,6 +172,18 @@ static bool read_pif_conf(int fd, struct configuration *conf) > if (pif_conf_by_name(conf, pc->name)) > die("Received duplicate interface name"); > > + /* NOTE: We read the fwd rules directly into fwd.rules, rather than > + * using fwd_rule_add(). This means we can read and display rules even > + * if something has gone wrong (in pesto or passt) and we get rules that > + * fwd_rule_add() would reject. It does have the side effect that we > + * never assign socket space for the fwd rules, but we don't need that > + * within pesto. > + */ > + for (i = 0; i < pc->fwd.count; i++) { > + if (fwd_rule_read(fd, &pc->fwd.rules[i]) < 0) > + die("Error reading from control socket"); > + } > + > conf->npifs++; > return true; > } > @@ -175,7 +199,8 @@ static void show_conf(const struct configuration *conf) > for (i = 0; i < conf->npifs; i++) { > const struct pif_configuration *pc = &conf->pif[i]; > printf(" %s\n", pc->name); > - printf(" TBD\n"); > + fwd_rules_dump(printf, pc->fwd.rules, pc->fwd.count, > + " ", "\n"); > } > } > > @@ -288,6 +313,12 @@ int main(int argc, char **argv) > ntohl(hello.pif_name_size), PIF_NAME_SIZE); > } > > + if (ntohl(hello.ifnamsiz) != IFNAMSIZ) { > + die("Server has unexpected IFNAMSIZ (%" > + PRIu32" not %"PRIu32"\n", > + ntohl(hello.ifnamsiz), IFNAMSIZ); > + } > + > while (read_pif_conf(s, &conf)) > ; > > diff --git a/pesto.h b/pesto.h > index ac4c2b58..8f6bbf65 100644 > --- a/pesto.h > +++ b/pesto.h > @@ -26,11 +26,13 @@ > * @magic: PESTO_SERVER_MAGIC > * @version: Version number > * @pif_name_size: Server's value for PIF_NAME_SIZE > + * @ifnamsiz: Server's value for IFNAMSIZ > */ > struct pesto_hello { > char magic[8]; > uint32_t version; > uint32_t pif_name_size; > + uint32_t ifnamsiz; > } __attribute__ ((__packed__)); > > static_assert(sizeof(PESTO_SERVER_MAGIC) > @@ -41,9 +43,13 @@ static_assert(sizeof(PESTO_SERVER_MAGIC) > * struct pesto_pif_info - Message with basic metadata about a pif > * @resv_: Alignment gap (must be 0) > * @name: Name (\0 terminated) > + * @caps: Forwarding capabilities for this pif > + * @count: Number of forwarding rules for this pif > */ > struct pesto_pif_info { > char name[PIF_NAME_SIZE]; > + uint32_t caps; > + uint32_t count; > } __attribute__ ((__packed__)); > > #endif /* PESTO_H */