Re: [PATCH 7/8] fwd: Update all port maps before applying exclusions

On Thu, Oct 30, 2025 at 09:24:07PM +0100, Stefano Brivio wrote:

On Sat, 11 Oct 2025 15:48:26 +1100 David Gibson wrote:

...

In fwd_scan_ports() we go through each of the automatic forwarding cases (tcp, udp, inbound and outbound) in turn, scanning and calculating the new forwarding map. However, to avoid avoid circular forwarding, some of these maps affect each other. This has the odd effect that the ones handled earlier are based on the previous scan of other maps, whereas the later ones are based on the latest scan.

That's not generally harmful, but it is counter-intuitive and results in a few odd edge cases. Avoid this by performing all the scans first, without regard to other maps, then applying the exclusions afterwards.

One case has an extra wrinkle: for UDP we forwarded not just ports that were listening on UDP but ones listening on TCP as well, for the benefit of protocols like iperf3. We therefore also excluded listening ports from both UDP and TCP from the other direction to avoid circular forwarding.

This doesn't really make sense, though. To avoid circular forwarding, we don't care *why* the other side is listening on UDP, just that it *is* listening. I believe the explicit handling of the reverse TCP map was only needed because the reverse map might have been one cycle out of date and therefore not included a port opened because of the corresponding TCP port.

Right, yes, that was the reason. I guess it makes sense to make this less hypothetical in the commit message if you re-spin. Same in 8/8.

There are some (trivial) conflicts with other things you've merged, so I will respin. I've fixed this up. -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson