From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=DN3miQtx; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 2B8645A026E for ; Mon, 20 Apr 2026 17:06:34 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1776697593; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=keaHMh97IMNAyb5tRQ6wtByrWql0RIOffFq7zVqI9Ng=; b=DN3miQtx0KRuYMHDDw6AsvkOJdADsFB1KUjGOK3ReDpPBpUpVtkQXFSEfi9jQ0gx3lcIct 7Wmat2LHkxM53UxxaCe4FCs7yN/UM+j2TUyDxiaPzHriYTK85OROizFBToNMfFRV+hKdPJ VLcIkmxw3MJkai5Evffq3stNxKS13v8= Received: from mail-pj1-f69.google.com (mail-pj1-f69.google.com [209.85.216.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-609-7jG5aiKZNAC-zQbH_-hqew-1; Mon, 20 Apr 2026 11:06:31 -0400 X-MC-Unique: 7jG5aiKZNAC-zQbH_-hqew-1 X-Mimecast-MFC-AGG-ID: 7jG5aiKZNAC-zQbH_-hqew_1776697591 Received: by mail-pj1-f69.google.com with SMTP id 98e67ed59e1d1-35e56ed5d5bso4815242a91.0 for ; Mon, 20 Apr 2026 08:06:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776697590; x=1777302390; h=content-transfer-encoding:in-reply-to:autocrypt:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=keaHMh97IMNAyb5tRQ6wtByrWql0RIOffFq7zVqI9Ng=; b=VSHo/uPioyQ7J+/wGWBzj6UCs/LuwzcFDcha0z/AasmERCxcq3hUgpC3zQqjgWcYvE OZuh5wzcbxgUlzR6zoxEGbnKL1UtAFcgl5wqUr92ZFhkmddLcMkVNo5CuhM0VDK0iST0 W2TtKS7d+TtL8Nue+ND7WegoPT9Vo/x8R3daZZQPgDZNsLkU65Gb1fcT9oMHWjIYrwuU y5uhrNP/Ugc1JJS5PY76k4pdLWvkvURaC6NF3eoCObYkdI/wPHihMz9dwEiwYLwoj2HK j9Zji6wpZhv7Gf2ZcrHMZySgG0vm+44yT0AVNW9TDpQbq2pvXSEnMb/YChy+AuQEabe2 Y9Ig== X-Forwarded-Encrypted: i=1; AFNElJ8VJCakyQ7ea0Z/9UzIzOv1t6yRhP+BkHhLKZJOz+lUJyeIT6f+jsRxde0mA5KtQ2cQhNzzYxf9FSg=@passt.top X-Gm-Message-State: AOJu0YyuvufEfjWV74o1aMxzHjP7fDmXgg9nKR9oV8QNzT9borL6Z8rs iNFh5uRRiwMoW4TM1wGFwXixcy/TYRizPK3EpfrXEATs2anu0PUe/PRZi8YvAV4KBvXaxosBmZW JcDmrfOBwi5YBpqI9dZ2oh2PTXIhLrtqsKJ5kYVTbbKNSetYgTqiPCg== X-Gm-Gg: AeBDiesi6RF81M2buoRMCC3btzA+1s5nZEpOWb9kt0liiK37/f0mysL5UPCR2WIS/yw nrNStGc9m0QNz5MdgCUKDeK7BtSkKj0S+ZPL84vgOzIsWTpoLT7l3Je7roeuXp+fDB7OefJeuyY Ib4dV/YaiIbs5UI/oyOG9MQnP2zp4YwIVTmAs4luIZQM9IyOEj6Hdqnk0egtzBvAnT5pcwgiEap BU8qDIy9BEa0k9LdYU1GsPS2UxyQFQNlaG9sZyf1MvckBSxnRRxk4JJVz0HXoCifq5CgbSpe4Bw 8LIdXeLC/IgsxOguXbS1PjpD37d4/ztXH0T63bcSBnoy2EoYQu2ji27nFnEtouGpjwkSVtHgEE+ PfQ1yPt88Nkd662v145NpMMGJWHbovuTYBJPuLlnN/95lrwVxX6nI9aatOOrQb6z6kQ== X-Received: by 2002:a17:90b:2892:b0:35d:93c7:e386 with SMTP id 98e67ed59e1d1-361401bf2b5mr12299173a91.4.1776697590290; Mon, 20 Apr 2026 08:06:30 -0700 (PDT) X-Received: by 2002:a17:90b:2892:b0:35d:93c7:e386 with SMTP id 98e67ed59e1d1-361401bf2b5mr12299122a91.4.1776697589411; Mon, 20 Apr 2026 08:06:29 -0700 (PDT) Received: from [192.168.100.100] (82-64-211-94.subs.proxad.net. [82.64.211.94]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-3613fb4b4b5sm5936037a91.3.2026.04.20.08.06.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 20 Apr 2026 08:06:29 -0700 (PDT) Message-ID: Date: Mon, 20 Apr 2026 17:06:23 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v3 04/11] conf: Move SO_BINDTODEVICE workaround to conf_ports() To: David Gibson , passt-dev@passt.top, Stefano Brivio References: <20260417050520.102247-1-david@gibson.dropbear.id.au> <20260417050520.102247-5-david@gibson.dropbear.id.au> From: Laurent Vivier Autocrypt: addr=lvivier@redhat.com; keydata= xsFNBFYFJhkBEAC2me7w2+RizYOKZM+vZCx69GTewOwqzHrrHSG07MUAxJ6AY29/+HYf6EY2 WoeuLWDmXE7A3oJoIsRecD6BXHTb0OYS20lS608anr3B0xn5g0BX7es9Mw+hV/pL+63EOCVm SUVTEQwbGQN62guOKnJJJfphbbv82glIC/Ei4Ky8BwZkUuXd7d5NFJKC9/GDrbWdj75cDNQx UZ9XXbXEKY9MHX83Uy7JFoiFDMOVHn55HnncflUncO0zDzY7CxFeQFwYRbsCXOUL9yBtqLer Ky8/yjBskIlNrp0uQSt9LMoMsdSjYLYhvk1StsNPg74+s4u0Q6z45+l8RAsgLw5OLtTa+ePM JyS7OIGNYxAX6eZk1+91a6tnqfyPcMbduxyBaYXn94HUG162BeuyBkbNoIDkB7pCByed1A7q q9/FbuTDwgVGVLYthYSfTtN0Y60OgNkWCMtFwKxRaXt1WFA5ceqinN/XkgA+vf2Ch72zBkJL RBIhfOPFv5f2Hkkj0MvsUXpOWaOjatiu0fpPo6Hw14UEpywke1zN4NKubApQOlNKZZC4hu6/ 8pv2t4HRi7s0K88jQYBRPObjrN5+owtI51xMaYzvPitHQ2053LmgsOdN9EKOqZeHAYG2SmRW LOxYWKX14YkZI5j/TXfKlTpwSMvXho+efN4kgFvFmP6WT+tPnwARAQABzSNMYXVyZW50IFZp dmllciA8bHZpdmllckByZWRoYXQuY29tPsLBeAQTAQIAIgUCVgVQgAIbAwYLCQgHAwIGFQgC CQoLBBYCAwECHgECF4AACgkQ8ww4vT8vvjwpgg//fSGy0Rs/t8cPFuzoY1cex4limJQfReLr SJXCANg9NOWy/bFK5wunj+h/RCFxIFhZcyXveurkBwYikDPUrBoBRoOJY/BHK0iZo7/WQkur 6H5losVZtrotmKOGnP/lJYZ3H6OWvXzdz8LL5hb3TvGOP68K8Bn8UsIaZJoeiKhaNR0sOJyI YYbgFQPWMHfVwHD/U+/gqRhD7apVysxv5by/pKDln1I5v0cRRH6hd8M8oXgKhF2+rAOL7gvh jEHSSWKUlMjC7YwwjSZmUkL+TQyE18e2XBk85X8Da3FznrLiHZFHQ/NzETYxRjnOzD7/kOVy gKD/o7asyWQVU65mh/ECrtjfhtCBSYmIIVkopoLaVJ/kEbVJQegT2P6NgERC/31kmTF69vn8 uQyW11Hk8tyubicByL3/XVBrq4jZdJW3cePNJbTNaT0d/bjMg5zCWHbMErUib2Nellnbg6bc 2HLDe0NLVPuRZhHUHM9hO/JNnHfvgiRQDh6loNOUnm9Iw2YiVgZNnT4soUehMZ7au8PwSl4I KYE4ulJ8RRiydN7fES3IZWmOPlyskp1QMQBD/w16o+lEtY6HSFEzsK3o0vuBRBVp2WKnssVH qeeV01ZHw0bvWKjxVNOksP98eJfWLfV9l9e7s6TaAeySKRRubtJ+21PRuYAxKsaueBfUE7ZT 7zfOwU0EVgUmGQEQALxSQRbl/QOnmssVDxWhHM5TGxl7oLNJms2zmBpcmlrIsn8nNz0rRyxT 460k2niaTwowSRK8KWVDeAW6ZAaWiYjLlTunoKwvF8vP3JyWpBz0diTxL5o+xpvy/Q6YU3BN efdq8Vy3rFsxgW7mMSrI/CxJ667y8ot5DVugeS2NyHfmZlPGE0Nsy7hlebS4liisXOrN3jFz asKyUws3VXek4V65lHwB23BVzsnFMn/bw/rPliqXGcwl8CoJu8dSyrCcd1Ibs0/Inq9S9+t0 VmWiQWfQkz4rvEeTQkp/VfgZ6z98JRW7S6l6eophoWs0/ZyRfOm+QVSqRfFZdxdP2PlGeIFM C3fXJgygXJkFPyWkVElr76JTbtSHsGWbt6xUlYHKXWo+xf9WgtLeby3cfSkEchACrxDrQpj+ Jt/JFP+q997dybkyZ5IoHWuPkn7uZGBrKIHmBunTco1+cKSuRiSCYpBIXZMHCzPgVDjk4viP brV9NwRkmaOxVvye0vctJeWvJ6KA7NoAURplIGCqkCRwg0MmLrfoZnK/gRqVJ/f6adhU1oo6 z4p2/z3PemA0C0ANatgHgBb90cd16AUxpdEQmOCmdNnNJF/3Zt3inzF+NFzHoM5Vwq6rc1JP jfC3oqRLJzqAEHBDjQFlqNR3IFCIAo4SYQRBdAHBCzkM4rWyRhuVABEBAAHCwV8EGAECAAkF AlYFJhkCGwwACgkQ8ww4vT8vvjwg9w//VQrcnVg3TsjEybxDEUBm8dBmnKqcnTBFmxN5FFtI WlEuY8+YMiWRykd8Ln9RJ/98/ghABHz9TN8TRo2b6WimV64FmlVn17Ri6FgFU3xNt9TTEChq AcNg88eYryKsYpFwegGpwUlaUaaGh1m9OrTzcQy+klVfZWaVJ9Nw0keoGRGb8j4XjVpL8+2x OhXKrM1fzzb8JtAuSbuzZSQPDwQEI5CKKxp7zf76J21YeRrEW4WDznPyVcDTa+tz++q2S/Bp P4W98bXCBIuQgs2m+OflERv5c3Ojldp04/S4NEjXEYRWdiCxN7ca5iPml5gLtuvhJMSy36gl U6IW9kn30IWuSoBpTkgV7rLUEhh9Ms82VWW/h2TxL8enfx40PrfbDtWwqRID3WY8jLrjKfTd R3LW8BnUDNkG+c4FzvvGUs8AvuqxxyHbXAfDx9o/jXfPHVRmJVhSmd+hC3mcQ+4iX5bBPBPM oDqSoLt5w9GoQQ6gDVP2ZjTWqwSRMLzNr37rJjZ1pt0DCMMTbiYIUcrhX8eveCJtY7NGWNyx FCRkhxRuGcpwPmRVDwOl39MB3iTsRighiMnijkbLXiKoJ5CDVvX5yicNqYJPKh5MFXN1bvsB kmYiStMRbrD0HoY1kx5/VozBtc70OU0EB8Wrv9hZD+Ofp0T3KOr1RUHvCZoLURfFhSQ= In-Reply-To: <20260417050520.102247-5-david@gibson.dropbear.id.au> X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: IlhKFrjoDx-n5E3hKD27dq6qodHhUv7XIW_GvnTE9o8_1776697591 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: Y2ONGSJIAQPY3AA3TMET7CMYYTOAWLQU X-Message-ID-Hash: Y2ONGSJIAQPY3AA3TMET7CMYYTOAWLQU X-MailFrom: lvivier@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 4/17/26 07:05, David Gibson wrote: > For historical reasons we apply our workaround for -[TU] handling when > SO_BINDTODEVICE is unavailable inside conf_ports_range_except(). We've > now removed the reasons it had to be there, so it can move to conf_ports(), > the caller's caller. > > Signed-off-by: David Gibson Reviewed-by: Laurent Vivier > --- > conf.c | 77 ++++++++++++++++++++++------------------------------------ > 1 file changed, 29 insertions(+), 48 deletions(-) > > diff --git a/conf.c b/conf.c > index 33b96eac..5ff62873 100644 > --- a/conf.c > +++ b/conf.c > @@ -138,9 +138,6 @@ static int parse_keyword(const char *s, const char **endptr, const char *kw) > /** > * conf_ports_range_except() - Set up forwarding for a range of ports minus a > * bitmap of exclusions > - * @c: Execution context > - * @optname: Short option name, t, T, u, or U > - * @optarg: Option argument (port specification) > * @fwd: Forwarding table to be updated > * @proto: Protocol to forward > * @addr: Listening address > @@ -151,9 +148,8 @@ static int parse_keyword(const char *s, const char **endptr, const char *kw) > * @to: Port to translate @first to when forwarding > * @flags: Flags for forwarding entries > */ > -static void conf_ports_range_except(const struct ctx *c, char optname, > - const char *optarg, struct fwd_table *fwd, > - uint8_t proto, const union inany_addr *addr, > +static void conf_ports_range_except(struct fwd_table *fwd, uint8_t proto, > + const union inany_addr *addr, > const char *ifname, > uint16_t first, uint16_t last, > const uint8_t *exclude, uint16_t to, > @@ -195,42 +191,10 @@ static void conf_ports_range_except(const struct ctx *c, char optname, > rule.last = i - 1; > rule.to = base + delta; > > - if ((optname == 'T' || optname == 'U') && c->no_bindtodevice) { > - /* FIXME: Once the fwd bitmaps are removed, move this > - * workaround to the caller > - */ > - struct fwd_rule rulev = { > - .ifname = { 0 }, > - .flags = flags, > - .first = base, > - .last = i - 1, > - .to = base + delta, > - }; > - > - assert(!addr && ifname && !strcmp(ifname, "lo")); > - warn( > -"SO_BINDTODEVICE unavailable, forwarding only 127.0.0.1 and ::1 for '-%c %s'", > - optname, optarg); > + fwd_rule_conflict_check(&rule, fwd->rules, fwd->count); > + if (fwd_rule_add(fwd, &rule) < 0) > + goto fail; > > - if (c->ifi4) { > - rulev.addr = inany_loopback4; > - fwd_rule_conflict_check(&rulev, > - fwd->rules, fwd->count); > - if (fwd_rule_add(fwd, &rulev) < 0) > - goto fail; > - } > - if (c->ifi6) { > - rulev.addr = inany_loopback6; > - fwd_rule_conflict_check(&rulev, > - fwd->rules, fwd->count); > - if (fwd_rule_add(fwd, &rulev) < 0) > - goto fail; > - } > - } else { > - fwd_rule_conflict_check(&rule, fwd->rules, fwd->count); > - if (fwd_rule_add(fwd, &rule) < 0) > - goto fail; > - } > base = i - 1; > } > return; > @@ -321,8 +285,7 @@ static void conf_ports_spec(const struct ctx *c, > /* Exclude ephemeral ports */ > fwd_port_map_ephemeral(exclude); > > - conf_ports_range_except(c, optname, optarg, fwd, > - proto, addr, ifname, > + conf_ports_range_except(fwd, proto, addr, ifname, > 1, NUM_PORTS - 1, exclude, > 1, flags | FWD_WEAK); > return; > @@ -357,8 +320,7 @@ static void conf_ports_spec(const struct ctx *c, > optname, optarg); > } > > - conf_ports_range_except(c, optname, optarg, fwd, > - proto, addr, ifname, > + conf_ports_range_except(fwd, proto, addr, ifname, > orig_range.first, orig_range.last, > exclude, > mapped_range.first, flags); > @@ -461,14 +423,33 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, > } > } > > + if (optname == 'T' || optname == 'U') { > + assert(!addr && !ifname); > + > + if (c->no_bindtodevice) { > + warn( > +"SO_BINDTODEVICE unavailable, forwarding only 127.0.0.1 and ::1 for '-%c %s'", > + optname, optarg); > + > + if (c->ifi4) { > + conf_ports_spec(c, optname, optarg, fwd, proto, > + &inany_loopback4, NULL, spec); > + } > + if (c->ifi6) { > + conf_ports_spec(c, optname, optarg, fwd, proto, > + &inany_loopback6, NULL, spec); > + } > + return; > + } > + > + ifname = "lo"; > + } > + > if (ifname && c->no_bindtodevice) { > die( > "Device binding for '-%c %s' unsupported (requires kernel 5.7+)", > optname, optarg); > } > - /* Outbound forwards come from guest loopback */ > - if ((optname == 'T' || optname == 'U') && !ifname) > - ifname = "lo"; > > conf_ports_spec(c, optname, optarg, fwd, proto, addr, ifname, spec); > }