Re: [PATCH v6 08/18] pesto: Introduce stub configuration tool

[Laurent Vivier <lvivier@redhat.com>]

On 5/3/26 23:55, Stefano Brivio wrote:
> From: David Gibson <david@gibson.dropbear.id.au>
> 
> Build a new "pesto" binary, which will become the tool to update a running
> passt/pasta's configuration.  For now, we just build a stub binary which
> sets up a basic environment, parses trivial command line options but does
> nothing else.
> 
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: Laurent Vivier <lvivier@redhat.com>

One little nit below

> ---
>   .gitignore |   2 +
>   Makefile   |  42 +++++++++++------
>   common.h   |  24 ++++++++++
>   pesto.1    |  46 +++++++++++++++++++
>   pesto.c    | 132 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>   pesto.h    |  12 +++++
>   util.h     |  12 +----
>   7 files changed, 244 insertions(+), 26 deletions(-)
>   create mode 100644 common.h
>   create mode 100644 pesto.1
>   create mode 100644 pesto.c
>   create mode 100644 pesto.h
> 
> diff --git a/.gitignore b/.gitignore
> index 3c16adc..3e40d9f 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -4,9 +4,11 @@
>   /pasta
>   /pasta.avx2
>   /passt-repair
> +/pesto
>   /qrap
>   /pasta.1
>   /seccomp.h
> +/seccomp_pesto.h
>   /seccomp_repair.h
>   /c*.json
>   README.plain.md
> diff --git a/Makefile b/Makefile
> index 7875d23..030681b 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -47,19 +47,21 @@ PASST_SRCS = arch.c arp.c bitmap.c checksum.c conf.c dhcp.c dhcpv6.c \
>   	vhost_user.c virtio.c vu_common.c
>   QRAP_SRCS = qrap.c
>   PASST_REPAIR_SRCS = passt-repair.c
> -SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS)
> -
> -MANPAGES = passt.1 pasta.1 qrap.1 passt-repair.1
> -
> -PASST_HEADERS = arch.h arp.h bitmap.h checksum.h conf.h dhcp.h dhcpv6.h \
> -	epoll_ctl.h flow.h fwd.h fwd_rule.h flow_table.h icmp.h icmp_flow.h \
> -	inany.h iov.h ip.h isolation.h lineread.h log.h migrate.h ndp.h \
> -	netlink.h packet.h passt.h pasta.h pcap.h pif.h repair.h serialise.h \
> -	siphash.h tap.h tcp.h tcp_buf.h tcp_conn.h tcp_internal.h tcp_splice.h \
> -	tcp_vu.h udp.h udp_flow.h udp_internal.h udp_vu.h util.h vhost_user.h \
> -	virtio.h vu_common.h
> +PESTO_SRCS = pesto.c
> +SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS) $(PESTO_SRCS)
> +
> +MANPAGES = passt.1 pasta.1 pesto.1 qrap.1 passt-repair.1
> +
> +PASST_HEADERS = arch.h arp.h bitmap.h checksum.h common.h conf.h dhcp.h \
> +	dhcpv6.h epoll_ctl.h flow.h fwd.h fwd_rule.h flow_table.h icmp.h \
> +	icmp_flow.h inany.h iov.h ip.h isolation.h lineread.h log.h migrate.h \
> +	ndp.h netlink.h packet.h passt.h pasta.h pcap.h pesto.h pif.h repair.h \
> +	serialise.h siphash.h tap.h tcp.h tcp_buf.h tcp_conn.h tcp_internal.h \
> +	tcp_splice.h tcp_vu.h udp.h udp_flow.h udp_internal.h udp_vu.h util.h \
> +	vhost_user.h virtio.h vu_common.h
>   QRAP_HEADERS = arp.h ip.h passt.h util.h
>   PASST_REPAIR_HEADERS = linux_dep.h
> +PESTO_HEADERS = common.h pesto.h
>   
>   C := \#include <sys/random.h>\nint main(){int a=getrandom(0, 0, 0);}
>   ifeq ($(shell printf "$(C)" | $(CC) -S -xc - -o - >/dev/null 2>&1; echo $$?),0)
> @@ -78,7 +80,7 @@ docdir		?= $(datarootdir)/doc/passt
>   mandir		?= $(datarootdir)/man
>   man1dir		?= $(mandir)/man1
>   
> -BASEBIN = passt qrap passt-repair
> +BASEBIN = passt qrap passt-repair pesto
>   ifeq ($(TARGET_ARCH),x86_64)
>   BASEBIN += passt.avx2
>   endif
> @@ -100,6 +102,9 @@ seccomp.h: seccomp.sh $(PASST_SRCS) $(PASST_HEADERS)
>   seccomp_repair.h: seccomp.sh $(PASST_REPAIR_SRCS) $(PASST_REPAIR_HEADERS)
>   	@ ARCH="$(TARGET_ARCH)" CC="$(CC)" ./seccomp.sh seccomp_repair.h $(PASST_REPAIR_SRCS)
>   
> +seccomp_pesto.h: seccomp.sh $(PESTO_SRCS)
> +	@ ARCH="$(TARGET_ARCH)" CC="$(CC)" ./seccomp.sh seccomp_pesto.h $(PESTO_SRCS)
> +
>   $(BASEBIN): %:
>   	$(CC) $(BASE_CPPFLAGS) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(filter %.c,$^) -o $@
>   
> @@ -116,6 +121,8 @@ qrap: $(QRAP_SRCS) $(QRAP_HEADERS)
>   
>   passt-repair: $(PASST_REPAIR_SRCS) $(PASST_REPAIR_HEADERS) seccomp_repair.h
>   
> +pesto: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h
> +
>   valgrind: EXTRA_SYSCALLS += rt_sigprocmask rt_sigtimedwait rt_sigaction	\
>   			    rt_sigreturn getpid gettid kill clock_gettime \
>   			    mmap|mmap2 munmap open unlink gettimeofday futex \
> @@ -126,7 +133,7 @@ valgrind: all
>   
>   .PHONY: clean
>   clean:
> -	$(RM) $(BIN) *~ *.o seccomp.h seccomp_repair.h pasta.1 \
> +	$(RM) $(BIN) *~ *.o seccomp.h seccomp_repair.h seccomp_pesto.h pasta.1 \
>   		passt.tar passt.tar.gz *.deb *.rpm \
>   		passt.pid README.plain.md
>   
> @@ -183,7 +190,8 @@ docs: README.md
>   CLANG_TIDY = clang-tidy
>   CLANG_TIDY_FLAGS = -DCLANG_TIDY_58992
>   
> -clang-tidy: passt.clang-tidy passt-repair.clang-tidy qrap.clang-tidy
> +clang-tidy: passt.clang-tidy passt-repair.clang-tidy pesto.clang-tidy \
> +	qrap.clang-tidy
>   
>   .PHONY: %.clang-tidy
>   %.clang-tidy:
> @@ -191,6 +199,7 @@ clang-tidy: passt.clang-tidy passt-repair.clang-tidy qrap.clang-tidy
>   
>   passt.clang-tidy: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h
>   passt-repair.clang-tidy: $(PASST_REPAIR_SRCS) $(PASST_REPAIR_HEADERS) seccomp_repair.h
> +pesto.clang-tidy: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h
>   qrap.clang-tidy: $(QRAP_SRCS) $(QRAP_HEADERS)
>   
>   CPPCHECK = cppcheck
> @@ -206,7 +215,7 @@ CPPCHECK_FLAGS = --std=c11 --error-exitcode=1 --enable=all --force	\
>   	--suppress=unusedStructMember					\
>   	 -D CPPCHECK_6936
>   
> -cppcheck: passt.cppcheck passt-repair.cppcheck qrap.cppcheck
> +cppcheck: passt.cppcheck passt-repair.cppcheck pesto.cppcheck qrap.cppcheck
>   
>   .PHONY: %.cppcheck
>   %.cppcheck:
> @@ -215,6 +224,9 @@ cppcheck: passt.cppcheck passt-repair.cppcheck qrap.cppcheck
>   passt.cppcheck: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h
>   passt-repair.cppcheck: $(PASST_REPAIR_SRCS) $(PASST_REPAIR_HEADERS) seccomp_repair.h
>   
> +pesto.cppcheck: CPPCHECK_FLAGS += --suppress=unmatchedSuppression
> +pesto.cppcheck: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h
> +
>   qrap.cppcheck: BASE_CPPFLAGS += -DARCH=\"$(TARGET_ARCH)\"
>   qrap.cppcheck: CPPCHECK_FLAGS += --suppress=unusedFunction
>   qrap.cppcheck: $(QRAP_SRCS) $(QRAP_HEADERS)
> diff --git a/common.h b/common.h
> new file mode 100644
> index 0000000..a9c115a
> --- /dev/null
> +++ b/common.h
> @@ -0,0 +1,24 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later
> + * Copyright Red Hat
> + * Author: David Gibson <david@gibson.dropbear.id.au>
> + *
> + * Definitions used by both passt/pasta and other tools
> + */
> +
> +#ifndef COMMON_H
> +#define COMMON_H
> +
> +#include <string.h>
> +
> +#define VERSION_BLOB							       \
> +	VERSION "\n"							       \
> +	"Copyright Red Hat\n"						       \
> +	"GNU General Public License, version 2 or later\n"		       \
> +	"  <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>\n"	       \
> +	"This is free software: you are free to change and redistribute it.\n" \
> +	"There is NO WARRANTY, to the extent permitted by law.\n\n"
> +
> +/* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */
> +#define FPRINTF(f, ...)	(void)fprintf(f, __VA_ARGS__)
> +
> +#endif /* _COMMON_H */

Why "_COMMON_H" and not "COMMON_H"?

> diff --git a/pesto.1 b/pesto.1
> new file mode 100644
> index 0000000..338fb8a
> --- /dev/null
> +++ b/pesto.1
> @@ -0,0 +1,46 @@
> +.\" SPDX-License-Identifier: GPL-2.0-or-later
> +.\" Copyright Red Hat
> +.\" Author: David Gibson <david@gibson.dropbear.id.au>
> +.TH pesto 1
> +
> +.SH NAME
> +.B pesto
> +\- Configure a running \fBpasst\fR(1) or \fBpasta\fR(1) instance.
> +
> +.SH SYNOPSIS
> +.B pesto
> +\fIPATH\fR
> +
> +.SH DESCRIPTION
> +
> +.B pesto
> +is an experimental client to view and update the port forwarding
> +configuration of a running \fBpasst\fR(1) or \fBpasta\fR(1) instance.
> +
> +\fIPATH\fR gives the path to the UNIX domain socket created by
> +\fBpasst\fR or \fBpasta\fR.  It should match the \fB-c\fR command line
> +option given to that instance.
> +
> +.SH AUTHORS
> +
> +Stefano Brivio <sbrivio@redhat.com>,
> +David Gibson <david@gibson.dropbear.id.au>.
> +
> +.SH REPORTING BUGS
> +
> +Please report issues on the bug tracker at https://bugs.passt.top/, or
> +send a message to the passt-user@passt.top mailing list, see
> +https://lists.passt.top/.
> +
> +.SH COPYRIGHT
> +
> +Copyright Red Hat
> +
> +\fBpesto\fR is free software: you can redistribute them and/or modify
> +them under the terms of the GNU General Public License as published by
> +the Free Software Foundation, either version 2 of the License, or (at
> +your option) any later version.
> +
> +.SH SEE ALSO
> +
> +\fBpasst\fR(1), \fBpasta\fR(1), \fBunix\fR(7).
> diff --git a/pesto.c b/pesto.c
> new file mode 100644
> index 0000000..9f2fa5d
> --- /dev/null
> +++ b/pesto.c
> @@ -0,0 +1,132 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +
> +/* PESTO - Programmable Extensible Socket Translation Orchestrator
> + *  front-end for passt(1) and pasta(1) forwarding configuration
> + *
> + * pesto.c - Main program (it's not actually extensible)
> + *
> + * Copyright (c) 2026 Red Hat GmbH
> + * Author: Stefano Brivio <sbrivio@redhat.com>
> + */
> +
> +#include <arpa/inet.h>
> +#include <sys/prctl.h>
> +#include <sys/types.h>
> +#include <sys/socket.h>
> +#include <sys/un.h>
> +#include <errno.h>
> +#include <getopt.h>
> +#include <inttypes.h>
> +#include <stdbool.h>
> +#include <stddef.h>
> +#include <stdint.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +#include <limits.h>
> +#include <unistd.h>
> +
> +#include <linux/audit.h>
> +#include <linux/capability.h>
> +#include <linux/filter.h>
> +#include <linux/seccomp.h>
> +
> +#include "common.h"
> +#include "seccomp_pesto.h"
> +#include "pesto.h"
> +
> +static bool debug_flag = false;
> +
> +static char stdout_buf[BUFSIZ];
> +
> +#define die(...)							\
> +	do {								\
> +		FPRINTF(stderr, __VA_ARGS__);				\
> +		FPRINTF(stderr, "\n");					\
> +		exit(EXIT_FAILURE);					\
> +	} while (0)
> +
> +/**
> + * usage() - Print usage, exit with given status code
> + * @name:	Executable name
> + * @f:		Stream to print usage info to
> + * @status:	Status code for exit(2)
> + *
> + * #syscalls:pesto exit_group fstat write
> + */
> +static void usage(const char *name, FILE *f, int status)
> +{
> +	FPRINTF(f, "Usage: %s [OPTION]... PATH\n", name);
> +	FPRINTF(f,
> +		"\n"
> +		"  -d, --debug		Print debugging messages\n"
> +		"  -h, --help		Display this help message and exit\n"
> +		"  --version		Show version and exit\n");
> +	exit(status);
> +}
> +
> +/**
> + * main() - Dynamic reconfiguration client main program
> + * @argc:	Argument count
> + * @argv:	Arguments: socket path, operation, port specifiers
> + *
> + * Return: 0 on success, won't return on failure
> + *
> + * #syscalls:pesto exit_group fstat read write
> + */
> +int main(int argc, char **argv)
> +{
> +	const struct option options[] = {
> +		{"debug",	no_argument,		NULL,		'd' },
> +		{"help",	no_argument,		NULL,		'h' },
> +		{"version",	no_argument,		NULL,		1 },
> +		{ 0 },
> +	};
> +	const char *optstring = "dh";
> +	struct sock_fprog prog;
> +	int optname;
> +
> +	prctl(PR_SET_DUMPABLE, 0);
> +
> +	prog.len = (unsigned short)sizeof(filter_pesto) /
> +				   sizeof(filter_pesto[0]);
> +	prog.filter = filter_pesto;
> +	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) ||
> +	    prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog))
> +		die("Failed to apply seccomp filter");
> +
> +	/* Explicitly set stdout buffer, otherwise printf() might allocate,
> +	 * breaking our seccomp profile.
> +	 */
> +	if (setvbuf(stdout, stdout_buf, _IOFBF, sizeof(stdout_buf)))
> +		die("Failed to set stdout buffer");
> +
> +	do {
> +		optname = getopt_long(argc, argv, optstring, options, NULL);
> +
> +		switch (optname) {
> +		case -1:
> +		case 0:
> +			break;
> +		case 'h':
> +			usage(argv[0], stdout, EXIT_SUCCESS);
> +			break;
> +		case 'd':
> +			debug_flag = true;
> +			break;
> +		case 1:
> +			FPRINTF(stdout, "pesto ");
> +			FPRINTF(stdout, VERSION_BLOB);
> +			exit(EXIT_SUCCESS);
> +		default:
> +			usage(argv[0], stderr, EXIT_FAILURE);
> +		}
> +	} while (optname != -1);
> +
> +	if (argc - optind != 1)
> +		usage(argv[0], stderr, EXIT_FAILURE);
> +
> +	printf("debug_flag=%d, path=\"%s\"\n", debug_flag, argv[optind]);
> +
> +	die("pesto is not implemented yet");
> +}
> diff --git a/pesto.h b/pesto.h
> new file mode 100644
> index 0000000..e9b329f
> --- /dev/null
> +++ b/pesto.h
> @@ -0,0 +1,12 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later
> + * Copyright Red Hat
> + * Author: David Gibson <david@gibson.dropbear.id.au>
> + *
> + * Definitions and functions used by both client and server of the configuration
> + * update protocol (pesto).
> + */
> +
> +#ifndef PESTO_H
> +#define PESTO_H
> +
> +#endif /* PESTO_H */
> diff --git a/util.h b/util.h
> index 92aeabc..770ff93 100644
> --- a/util.h
> +++ b/util.h
> @@ -19,16 +19,9 @@
>   #include <sys/syscall.h>
>   #include <net/ethernet.h>
>   
> +#include "common.h"
>   #include "log.h"
>   
> -#define VERSION_BLOB							       \
> -	VERSION "\n"							       \
> -	"Copyright Red Hat\n"						       \
> -	"GNU General Public License, version 2 or later\n"		       \
> -	"  <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>\n"	       \
> -	"This is free software: you are free to change and redistribute it.\n" \
> -	"There is NO WARRANTY, to the extent permitted by law.\n\n"
> -
>   #ifndef SECCOMP_RET_KILL_PROCESS
>   #define SECCOMP_RET_KILL_PROCESS	SECCOMP_RET_KILL
>   #endif
> @@ -307,9 +300,6 @@ static inline bool mod_between(unsigned x, unsigned i, unsigned j, unsigned m)
>   	return mod_sub(x, i, m) < mod_sub(j, i, m);
>   }
>   
> -/* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */
> -#define FPRINTF(f, ...)	(void)fprintf(f, __VA_ARGS__)
> -
>   void raw_random(void *buf, size_t buflen);
>   
>   /*