On 21/03/2023 09:18, Stefano Brivio wrote:

Thanks for the patch!

On Mon, 20 Mar 2023 19:10:34 +0100 Paul Holzinger wrote:

...

The logic in tcp_timer() was inverted. fwd_out should expose the host ports in the ns. Therfore it must read the ports on the host and then bind them in the netns. The same for fwd_in which checks ports in the ns and then exposes them on the host.

Note that this only fixes tcp ports, udp does not seems to work at all right now with the auto mode. Note that for UDP there's no periodic scan, "auto" just checks bound ports when pasta starts:

-u, --udp-ports spec Configure UDP port forwarding to namespace. spec is as described for TCP above, and the list of ports is derived from listening sockets reported by /proc/net/udp and /proc/net/udp6, see proc(5), when pasta starts (not periodically).

Ok this makes sense then, is there a bug to track this? Because without it auto mode for UDP is useless for my Podman use case.

...

Signed-off-by: Paul Holzinger Fixes: 1128fa03fe73 ("Improve types and names for port forwarding configuration")

(I'll add that tag).

The patch itself looks good to me. I'm now looking at other parts (tcp_sock_init()) where we seem to have the same kind of swap.

Unfortunately this is only covered by the Podman demo as a test, which has been disabled for a while now:

https://bugs.passt.top/show_bug.cgi?id=29

and as David is meanwhile working to improve the test framework, we can probably wait a bit to introduce a new test. Meanwhile I'll check this part manually on related changes.

On Tue, 21 Mar 2023 15:02:30 +0100 Stefano Brivio wrote:

On Tue, 21 Mar 2023 14:55:17 +0100 Paul Holzinger wrote:

...

On 21/03/2023 09:18, Stefano Brivio wrote:

...

Thanks for the patch!

On Mon, 20 Mar 2023 19:10:34 +0100 Paul Holzinger wrote:

...

The logic in tcp_timer() was inverted. fwd_out should expose the host ports in the ns. Therfore it must read the ports on the host and then bind them in the netns. The same for fwd_in which checks ports in the ns and then exposes them on the host.

Note that this only fixes tcp ports, udp does not seems to work at all right now with the auto mode. Note that for UDP there's no periodic scan, "auto" just checks bound ports when pasta starts:

-u, --udp-ports spec Configure UDP port forwarding to namespace. spec is as described for TCP above, and the list of ports is derived from listening sockets reported by /proc/net/udp and /proc/net/udp6, see proc(5), when pasta starts (not periodically).

Ok this makes sense then, is there a bug to track this? Because without it auto mode for UDP is useless for my Podman use case.

No, sorry, not yet, feel free to file one, or I can do that later today.

There you go, https://bugs.passt.top/show_bug.cgi?id=45. -- Stefano