Re: [PATCH 12/18] conf: Don't be strict about exclusivity of forwarding mode

On Thu, 9 Apr 2026 10:12:07 +1000 David Gibson wrote:

On Wed, Apr 08, 2026 at 11:40:16PM +0200, Stefano Brivio wrote:

...

On Tue, 7 Apr 2026 13:16:24 +1000 David Gibson wrote:

...

Currently as well as building the forwarding tables, conf() maintains a "forwarding mode" value for each protocol and direction. This prevents, for example "-t all" and "-t 40000" being given on the same command line.

This restriction predates the forwarding table and is no longer really necessary. Remove the restriction, instead doing our best to apply all the given options simultaneously.

* Many combinations previously disallowed will still be disallowed because of conflicts between the specific generated rules, e.g. -t all -t 8888 (because -t all already listens on port 8888) * Some new combinations are now allowed and will work, e.g. -t all -t 40000 because 'all' excludes ephemeral ports (which includes 40000 on default Linux configurations).

This is slightly confusing though:

$ ./pasta -t auto -t 31337 Forwarding configuration conflict: TCP [*]:31337 => 31337 versus TCP [*]:1-32767 => 1-32767 (best effort) (auto-scan)

You mean because the single port rule is redundant, but doesn't do something different, so not strictly speaking conflicting?

Right, yes. One might want to say something like "map all ports automatically, but 31337 always", and that's not (much?) more conflicting than "-t all -t 8888"... maybe.

...

but I don't see a practical way to "fix" it for the moment being, and overall I'd say the new behaviour is better than the original one, so I don't really care.

Ok.

-- Stefano