From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=WKexHVzq; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 8E7E85A0262 for ; Tue, 05 May 2026 09:53:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1777967589; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=VgURaj2zgYd5gowpm9IGMo5BjR5cus7uiH55bLE8hj8=; b=WKexHVzqvB+Tj2GSVYvBQUbOWaPiBrXxc+8b/ebzwyUXHX+9Ty9VUKc2GTvM2lReu5MTO4 QRaJOx/KW89eZiYClh2EAMze1gnyZVJqxeX+5BAT9juzIS0ARzXo0WYodEMf4GNERRBn/L ltGhsdjyqOW0zRn+y+l/u7/hyL7ZIRw= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-435-sx-0sCpzOpWlTKMTimhwEw-1; Tue, 05 May 2026 03:53:07 -0400 X-MC-Unique: sx-0sCpzOpWlTKMTimhwEw-1 X-Mimecast-MFC-AGG-ID: sx-0sCpzOpWlTKMTimhwEw_1777967587 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-48d0889c1ecso12503635e9.0 for ; Tue, 05 May 2026 00:53:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777967586; x=1778572386; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=VgURaj2zgYd5gowpm9IGMo5BjR5cus7uiH55bLE8hj8=; b=LmQ60I9XZPKo5IF+zMGe5LKLTKkpP/txA7jj4TInLQ7dV+LUkDUcoJL+X1Z4xrzHMY vk86454twdbnYLMtHr0t3TiP7WVuBpM1WTlxVl1/z2VUKbmaV0mni25p9YU8Kmq6/yrV h7Gqa8HaJG9qCpKXTU82QdNskCu2C4/ckjMJuHWVOdBsw6SSCm5/BICSU42GkWTkGpDv 7Ab7ysYlHFl42EiK6HUyXlaUiJV+2iIKa8CyuzMI1gohQSpwepg92yWPHd+/bofya+kB c+VMaX8zyq5jqqf66WAMkJdPVDBXyK5pXQttINK3X5iljGX6ItqQJ83imY0zMWEoZq8d nijA== X-Forwarded-Encrypted: i=1; AFNElJ9hlzPQAYzNjp0u77O3dCmXLmg3SCH2p1Yl+ouxqApK/8PI0lSmFfo8/zxk+O3AC6sNyL7EKMjHxbg=@passt.top X-Gm-Message-State: AOJu0YwR+B2nP1TOmSFIL2HoD4BE6lyN6uY0maag0ic+tSg+s40XxZ5v Cbt2J+Ti02Be9RRZ/0qMiv0f7CCppQWAb66YWP22tR6kmvTHAv5sUxsMOcKG+mwG6tR+4ntxrS1 Souts1dfwQUYXnVs8GgNOuI3KMCQJha3LfBvDAVzV01A7cn5TTk4I6Q== X-Gm-Gg: AeBDietcl2HUInX9LGgmTpNxJq2C94eMQZuiOP2GhB3r7taTRmWgZDsdCazBFXd4twa wGLzsNy8swUSKxv0JhMz3+1JqiyET4Ak+t1hhgrG5d+3w0YSlXUqF8ny4WrXuSLdESmITVKcNbC RtdAjxKjXWC5TJ6tprtg7zBZ0fLAndj5a9b0abUUDK8s17KnmmivD+Ax192lC6SnkczT2Kpd9me JHCMoXjREHMb65sTJcS4xs+xovB8pt0s8C0Lgp17/xhTBKZqKSZM+naHEc4mKBa633qEceEp5jV thoirazWdRyfFBpT8kx8jecQEdqMXsX37jS4/OnQsBKN5qIQGRwJ2YoyjK/3PAMdj/os5c2GSNu v0EG2FdQtygp+29pJ+mev+zC0kVChgHjbQPMw0jcraBF9t56muF8gRDAlzwm9k9bg3Q== X-Received: by 2002:a05:600c:4797:b0:48d:361:4df6 with SMTP id 5b1f17b1804b1-48d03614fc6mr94990625e9.9.1777967586504; Tue, 05 May 2026 00:53:06 -0700 (PDT) X-Received: by 2002:a05:600c:4797:b0:48d:361:4df6 with SMTP id 5b1f17b1804b1-48d03614fc6mr94990205e9.9.1777967585954; Tue, 05 May 2026 00:53:05 -0700 (PDT) Received: from [192.168.100.100] (82-64-211-94.subs.proxad.net. [82.64.211.94]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48a8eb69698sm592041355e9.1.2026.05.05.00.53.05 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 05 May 2026 00:53:05 -0700 (PDT) Message-ID: Date: Tue, 5 May 2026 09:53:04 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v7 16/18] pesto, conf: Send updated rules from pesto back to passt/pasta To: Stefano Brivio , passt-dev@passt.top References: <20260504231142.1118652-1-sbrivio@redhat.com> <20260504231142.1118652-17-sbrivio@redhat.com> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: <20260504231142.1118652-17-sbrivio@redhat.com> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: HnlJGmKa6nJfKL26QeRaAw0JZ4ed7MK-TL9VgDrbqtc_1777967587 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: 435T6BU7LIJYXHE5V2GCFTKLPBP2Q4DH X-Message-ID-Hash: 435T6BU7LIJYXHE5V2GCFTKLPBP2Q4DH X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Jon Maloy , David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 5/5/26 01:11, Stefano Brivio wrote: > From: David Gibson > > Extend pesto to send the updated rule configuration back to passt/pasta. > Extend passt/pasta to read the new configuration and store the new rules in > a "pending" table. We don't yet attempt to activate them. > > Signed-off-by: Stefano Brivio > [dwg: Based on an early draft from Stefano] > [sbrivio: Add redundant check on interface names being terminated in > conf_recv_rules(), to make static checkers happy] > [sbrivio: Make conf_recv_rules() return -1 if fwd_rule_read() fails, > as suggested by Jon Maloy] > Signed-off-by: David Gibson Reviewed-by: Laurent Vivier But one comment below > --- > Makefile | 5 --- > conf.c | 94 ++++++++++++++++++++++++++++++++++++++++++++++++-------- > fwd.c | 10 +++++- > passt.h | 2 ++ > pesto.c | 35 +++++++++++++++++++++ > 5 files changed, 127 insertions(+), 19 deletions(-) > > diff --git a/Makefile b/Makefile > index c746b55..ae755a0 100644 > --- a/Makefile > +++ b/Makefile > @@ -224,10 +224,6 @@ cppcheck: passt.cppcheck passt-repair.cppcheck pesto.cppcheck qrap.cppcheck > $(CPPCHECK) $(CPPCHECK_FLAGS) $(BASE_CPPFLAGS) $^ > > passt.cppcheck: BASE_CPPFLAGS += -UPESTO > -passt.cppcheck: CPPCHECK_FLAGS += \ > - --suppress=unusedFunction:fwd_rule.c \ > - --suppress=staticFunction:fwd_rule.c \ > - --suppress=unusedFunction:serialise.c > passt.cppcheck: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h > > passt-repair.cppcheck: $(PASST_REPAIR_SRCS) $(PASST_REPAIR_HEADERS) seccomp_repair.h > @@ -238,7 +234,6 @@ pesto.cppcheck: CPPCHECK_FLAGS += \ > --suppress=unusedFunction:inany.h \ > --suppress=unusedFunction:inany.c \ > --suppress=unusedFunction:ip.h \ > - --suppress=unusedFunction:fwd_rule.c \ > --suppress=staticFunction:fwd_rule.c \ > --suppress=unusedFunction:serialise.c > pesto.cppcheck: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h > diff --git a/conf.c b/conf.c > index 5e4e81e..f035fd3 100644 > --- a/conf.c > +++ b/conf.c > @@ -1971,6 +1971,62 @@ static int conf_send_rules(const struct ctx *c, int fd) > return 0; > } > > +/** > + * conf_recv_rules() - Receive forwarding rules from configuration client > + * @c: Execution context > + * @fd: Socket to the client > + * > + * Return: 0 on success, -1 on failure > + */ > +static int conf_recv_rules(const struct ctx *c, int fd) > +{ > + while (1) { > + struct fwd_table *fwd; > + struct fwd_rule r; > + uint32_t count; > + uint8_t pif; > + unsigned i; > + > + if (read_u8(fd, &pif)) > + return -1; > + > + if (pif == PIF_NONE) > + break; > + > + if (pif >= ARRAY_SIZE(c->fwd_pending) || > + !(fwd = c->fwd_pending[pif])) { > + err("Received rules for non-existent table"); > + return -1; > + } > + > + if (read_u32(fd, &count)) > + return -1; > + > + if (count > MAX_FWD_RULES) { > + err("Received %"PRIu32" rules (maximum %u)", > + count, MAX_FWD_RULES); > + return -1; > + } > + > + for (i = 0; i < count; i++) { > + if (fwd_rule_read(fd, &r)) > + return -1; > + > + if (r.ifname[sizeof(r.ifname) - 1]) { > + err("Interface name was not NULL terminated"); > + return -1; > + } > + /* Redundant, to make static checkers happy */ > + r.ifname[sizeof(r.ifname) - 1] = '\0'; > + > + if (fwd_rule_add(fwd, &r) < 0) > + return -1; > + } > + } > + > + return 0; > +} > + > /** > * conf_close() - Close configuration / control socket and clean up > * @c: Execution context > @@ -2075,21 +2131,33 @@ fail: > void conf_handler(struct ctx *c, uint32_t events) > { > if (events & EPOLLIN) { > - char discard[BUFSIZ]; > - ssize_t n; > - > - do { > - n = read(c->fd_control, discard, sizeof(discard)); > - if (n > 0) > - debug("Discarded %zd bytes of config data", n); > - } while (n > 0); > - if (n == 0) { > - debug("Configuration client EOF"); > - goto close; > + unsigned pif; > + > + /* Clear pending tables */ > + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { > + struct fwd_table *fwd = c->fwd_pending[pif]; > + > + if (!fwd) > + continue; > + fwd->count = 0; > + fwd->sock_count = 0; > } > - if (errno != EAGAIN && errno != EWOULDBLOCK) { > - err_perror("Error reading config data"); > + > + /* FIXME: this could block indefinitely if the client doesn't > + * write as much as it should > + */ > + if (conf_recv_rules(c, c->fd_control) < 0) > goto close; > + > + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { > + struct fwd_table *fwd = c->fwd_pending[pif]; > + > + if (!fwd) > + continue; > + > + info("New forwarding rules for %s:", pif_name(pif)); > + fwd_rules_dump(info, fwd->rules, fwd->count, > + " ", ""); > } > } > > diff --git a/fwd.c b/fwd.c > index 8849cfc..d93d2e5 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -247,6 +247,9 @@ void fwd_neigh_table_init(const struct ctx *c) > static struct fwd_table fwd_in; > static struct fwd_table fwd_out; > > +static struct fwd_table fwd_in_pending; > +static struct fwd_table fwd_out_pending; > + > /** > * fwd_rule_init() - Initialise forwarding tables > * @c: Execution context > @@ -269,10 +272,15 @@ void fwd_rule_init(struct ctx *c) > caps |= FWD_CAP_IFNAME; > > fwd_in.caps = fwd_out.caps = caps; > + fwd_in_pending.caps = fwd_out_pending.caps = caps; > > c->fwd[PIF_HOST] = &fwd_in; > - if (c->mode == MODE_PASTA) > + c->fwd_pending[PIF_HOST] = &fwd_in_pending; > + > + if (c->mode == MODE_PASTA) { > c->fwd[PIF_SPLICE] = &fwd_out; > + c->fwd_pending[PIF_SPLICE] = &fwd_out_pending; > + } > } > > /** > diff --git a/passt.h b/passt.h > index b3f049d..1726965 100644 > --- a/passt.h > +++ b/passt.h > @@ -188,6 +188,7 @@ struct ip6_ctx { > * @pasta_ifi: Index of namespace interface for pasta > * @pasta_conf_ns: Configure namespace after creating it > * @fwd: Forwarding tables > + * @fwd_pending: Pending forward tables > * @no_tcp: Disable TCP operation > * @tcp: Context for TCP protocol handler > * @no_udp: Disable UDP operation > @@ -270,6 +271,7 @@ struct ctx { > int pasta_conf_ns; > > struct fwd_table *fwd[PIF_NUM_TYPES]; > + struct fwd_table *fwd_pending[PIF_NUM_TYPES]; > > int no_tcp; > struct tcp_ctx tcp; > diff --git a/pesto.c b/pesto.c > index 16b3a5a..73fdc39 100644 > --- a/pesto.c > +++ b/pesto.c > @@ -230,6 +230,39 @@ static bool read_pif_conf(int fd, struct configuration *conf) > return true; > } > > +/** > + * send_conf() - Send updated configuration to passt/pasta > + * @fd: Control socket > + * @conf: Updated configuration > + */ > +static void send_conf(int fd, const struct configuration *conf) > +{ > + unsigned i; > + Perhaps it could be interesting to send a magic number (or a type id) if we want to be able to update something else than the rules in the future? We also can send the length of the data if we want to be able to ignore it if the type id is not supported? (Something like the chunks in IFF or PNG file format... but perhaps it's overcomplicated for our purpose...) > + for (i = 0; i < conf->npifs; i++) { > + const struct pif_configuration *pc = &conf->pif[i]; > + unsigned j; > + > + if (write_u8(fd, pc->pif) < 0) > + goto fail; > + > + if (write_u32(fd, pc->fwd.count) < 0) > + goto fail; > + > + for (j = 0; j < pc->fwd.count; j++) { > + if (fwd_rule_write(fd, &pc->fwd.rules[j]) < 0) > + goto fail; > + } > + } > + > + if (write_u8(fd, PIF_NONE) < 0) > + goto fail; > + return; > + > +fail: > + die_perror("Error writing to control socket"); > +} > + > /** > * show_conf() - Show current configuration obtained from passt/pasta > * @conf: Configuration description > @@ -432,6 +465,8 @@ int main(int argc, char **argv) > show_conf(&conf); > } > > + send_conf(s, &conf); > + > noupdate: > if (shutdown(s, SHUT_RDWR) < 0 || close(s) < 0) > die_perror("Error shutting down control socket");