Add helpers to serialise/deserialise unsigned integers, handling endian conversion so that the stream format is consistent regardless of host endiannness. Currently we only use this on one place: sending the number of flows during migration. We're going to have more use for this as we add dynamic configuration updates, so these will become more useful. For now we only need a 32-bit version, however define the functions with a macro so we can easily add other integer widths when we need them. Signed-off-by: David Gibson --- flow.c | 10 ++++------ serialise.c | 35 +++++++++++++++++++++++++++++++++++ serialise.h | 7 +++++++ 3 files changed, 46 insertions(+), 6 deletions(-) diff --git a/flow.c b/flow.c index 25a6f1a3..c84857b2 100644 --- a/flow.c +++ b/flow.c @@ -1135,10 +1135,9 @@ int flow_migrate_source(struct ctx *c, const struct migrate_stage *stage, count++; } - count = htonl(count); - if (write_all_buf(fd, &count, sizeof(count))) { + if (write_u32(fd, count)) { rc = errno; - err_perror("Can't send flow count (%u)", ntohl(count)); + err_perror("Can't send flow count (%u)", count); return flow_migrate_source_rollback(c, FLOW_MAX, rc); } @@ -1151,7 +1150,7 @@ int flow_migrate_source(struct ctx *c, const struct migrate_stage *stage, debug("Stop listen()s"); fwd_listen_close(&c->fwd_in); - debug("Sending %u flows", ntohl(count)); + debug("Sending %u flows", count); if (!count) return 0; @@ -1221,10 +1220,9 @@ int flow_migrate_target(struct ctx *c, const struct migrate_stage *stage, (void)stage; - if (read_all_buf(fd, &count, sizeof(count))) + if (read_u32(fd, &count)) return errno; - count = ntohl(count); debug("Receiving %u flows", count); if (!count) diff --git a/serialise.c b/serialise.c index f162eeb6..d6c3396a 100644 --- a/serialise.c +++ b/serialise.c @@ -13,7 +13,9 @@ */ #include +#include #include +#include #include #include "serialise.h" @@ -86,3 +88,36 @@ int write_all_buf(int fd, const void *buf, size_t len) } return 0; } + +/** + * read_uXXX() - Receive a uXXX value from an fd + * @fd: File descriptor to read from + * @valp: Pointer to variable to update with read value + * + * Return: 0 on success, -1 on error + */ +/** + * write_uXXX() - Send a uXXX value to an fd + * @fd: File descriptor to write to + * @val: Value to send + * + * Return: 0 on success, -1 on error + */ +#define SERIALISE_UINT(bits) \ + int read_u##bits(int fd, uint##bits##_t *val) \ + { \ + uint##bits##_t beval; \ + if (read_all_buf(fd, &beval, sizeof(beval)) < 0) \ + return -1; \ + *val = be##bits##toh(beval); \ + return 0; \ + } \ + int write_u##bits(int fd, uint##bits##_t val) \ + { \ + uint##bits##_t beval = htobe##bits(val); \ + return write_all_buf(fd, &beval, sizeof(beval)); \ + } + +SERIALISE_UINT(32) + +#undef SERIALISE_UNIT diff --git a/serialise.h b/serialise.h index 92a63e6b..0a4ed086 100644 --- a/serialise.h +++ b/serialise.h @@ -7,8 +7,15 @@ #define SERIALISE_H #include +#include int read_all_buf(int fd, void *buf, size_t len); int write_all_buf(int fd, const void *buf, size_t len); +#define SERIALISE_UINT_DECL(bits) \ + int read_u##bits(int fd, uint##bits##_t *val); \ + int write_u##bits(int fd, uint##bits##_t val); + +SERIALISE_UINT_DECL(32) + #endif /* _SERIALISE_H */ -- 2.53.0

Currently fwd_listen_sync_() determines which of the two port scanned bitmaps is the correct one for a rule before passing it into fwd_sync_one(). However, fwd_sync_one() is already looking at the rule internals so is better placed to do this. Signed-off-by: David Gibson --- fwd.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/fwd.c b/fwd.c index f3b4bf2a..a306b409 100644 --- a/fwd.c +++ b/fwd.c @@ -508,16 +508,18 @@ void fwd_rules_print(const struct fwd_table *fwd) * @fwd: Forwarding table * @rule: Forwarding rule * @pif: Interface to create listening sockets for - * @scanmap: Bitmap of ports to listen for on FWD_SCAN entries + * @tcp: Bitmap of TCP ports to listen for on FWD_SCAN entries + * @udp: Bitmap of UDP ports to listen for on FWD_SCAN entries * * Return: 0 on success, -1 on failure */ static int fwd_sync_one(const struct ctx *c, const struct fwd_table *fwd, const struct fwd_rule *rule, uint8_t pif, - const uint8_t *scanmap) + const uint8_t *tcp, const uint8_t *udp) { const union inany_addr *addr = fwd_rule_addr(rule); const char *ifname = rule->ifname; + const uint8_t *map = NULL; bool bound_one = false; unsigned port, idx; @@ -528,12 +530,19 @@ static int fwd_sync_one(const struct ctx *c, const struct fwd_table *fwd, idx = rule - fwd->rules; assert(idx < MAX_FWD_RULES); - assert(!(rule->flags & FWD_SCAN && !scanmap)); - + + if (rule->flags & FWD_SCAN) { + if (rule->proto == IPPROTO_TCP) + map = tcp; + else if (rule->proto == IPPROTO_UDP) + map = udp; + assert(map); + } + for (port = rule->first; port <= rule->last; port++) { int fd = rule->socks[port - rule->first]; - if ((rule->flags & FWD_SCAN) && !bitmap_isset(scanmap, port)) { + if (map && !bitmap_isset(map, port)) { /* We don't want to listen on this port */ if (fd >= 0) { /* We already are, so stop */ @@ -619,15 +628,8 @@ static int fwd_listen_sync_(void *arg) ns_enter(a->c); for (i = 0; i < a->fwd->count; i++) { - const uint8_t *scanmap = NULL; - - if (a->fwd->rules[i].proto == IPPROTO_TCP) - scanmap = a->tcpmap; - else if (a->fwd->rules[i].proto == IPPROTO_UDP) - scanmap = a->udpmap; - a->ret = fwd_sync_one(a->c, a->fwd, &a->fwd->rules[i], - a->pif, scanmap); + a->pif, a->tcpmap, a->udpmap); if (a->ret < 0) break; } -- 2.53.0

fwd_rule_add() takes a flags parameter, but it only allows the FWD_WEAK and FWD_SCAN flags to be specified there. It doesn't allow the FWD_DUAL_STACK_ANY flag to be set, instead expecting a [*] address to be indicated by passing NULL as @addr. However, for upcoming dynamic rule updates, it's more convenient to be able to explicitly pass FWD_DUAL_STACK_ANY along with an address of ::. Allow that mode of calling. Signed-off-by: David Gibson --- fwd.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fwd.c b/fwd.c index 3395a28e..d73b7ca7 100644 --- a/fwd.c +++ b/fwd.c @@ -362,18 +362,21 @@ void fwd_rule_add(struct fwd_table *fwd, uint8_t proto, uint8_t flags, in_port_t first, in_port_t last, in_port_t to) { /* Flags which can be set from the caller */ - const uint8_t allowed_flags = FWD_WEAK | FWD_SCAN; + const uint8_t allowed_flags = FWD_WEAK | FWD_SCAN | FWD_DUAL_STACK_ANY; unsigned num = (unsigned)last - first + 1; struct fwd_rule *new; unsigned i, port; assert(!(flags & ~allowed_flags)); - if (fwd->count >= ARRAY_SIZE(fwd->rules)) die("Too many port forwarding ranges"); if ((fwd->sock_count + num) > ARRAY_SIZE(fwd->socks)) die("Too many listening sockets"); + /* Passing a non-wildcard address with DUAL_STACK_ANY is a bug */ + assert(!(flags & FWD_DUAL_STACK_ANY) || !addr || + inany_equals(addr, &inany_any6)); + /* Check for any conflicting entries */ for (i = 0; i < fwd->count; i++) { char newstr[INANY_ADDRSTRLEN], rulestr[INANY_ADDRSTRLEN]; -- 2.53.0

Currently we store the inbound (PIF_HOST) and outbound (PIF_SPLICE) forwarding tables in separate fields of struct ctx. In a number of places this requires somewhat awkward if or switch constructs to select the right table for updates. Conceptually simplify that by using an index of forwarding tables by pif, which as a bonus keeps track generically which pifs have implemented forwarding tables so far. For now this doesn't simplify a lot textually, because many places that need this also have other special cases to apply by pif. It does simplify a few crucial places though, and we expect it will become more useful as the flexibility of the forwarding table is improved. Signed-off-by: David Gibson --- conf.c | 58 +++++++++++++++++++++++++++++++------------------- flow.c | 22 +++++++------------ fwd.c | 65 ++++++++++++++++++++++++++++++--------------------------- fwd.h | 4 ++-- passt.h | 6 ++---- 5 files changed, 83 insertions(+), 72 deletions(-) diff --git a/conf.c b/conf.c index b1ebb4a4..6ca61b74 100644 --- a/conf.c +++ b/conf.c @@ -1252,11 +1252,17 @@ dns6: } } - info("Inbound forwarding:"); - fwd_rules_print(&c->fwd_in); - if (c->mode == MODE_PASTA) { - info("Outbound forwarding:"); - fwd_rules_print(&c->fwd_out); + for (i = 0; i < PIF_NUM_TYPES; i++) { + const char *dir = "Outbound"; + + if (!c->fwd[i]) + continue; + + if (i == PIF_HOST) + dir = "Inbound"; + + info("%s forwarding rules (%s):", dir, pif_name(i)); + fwd_rules_print(c->fwd[i]); } } @@ -2154,18 +2160,24 @@ void conf(struct ctx *c, int argc, char **argv) /* Forwarding options can be parsed now, after IPv4/IPv6 settings */ fwd_probe_ephemeral(); + fwd_rule_init(c); optind = 0; do { name = getopt_long(argc, argv, optstring, options, NULL); - if (name == 't') - conf_ports(c, name, optarg, &c->fwd_in, &tcp_in_mode); - else if (name == 'u') - conf_ports(c, name, optarg, &c->fwd_in, &udp_in_mode); - else if (name == 'T') - conf_ports(c, name, optarg, &c->fwd_out, &tcp_out_mode); - else if (name == 'U') - conf_ports(c, name, optarg, &c->fwd_out, &udp_out_mode); + if (name == 't') { + conf_ports(c, name, optarg, c->fwd[PIF_HOST], + &tcp_in_mode); + } else if (name == 'u') { + conf_ports(c, name, optarg, c->fwd[PIF_HOST], + &udp_in_mode); + } else if (name == 'T') { + conf_ports(c, name, optarg, c->fwd[PIF_SPLICE], + &tcp_out_mode); + } else if (name == 'U') { + conf_ports(c, name, optarg, c->fwd[PIF_SPLICE], + &udp_out_mode); + } } while (name != -1); if (c->mode == MODE_PASTA) @@ -2224,20 +2236,24 @@ void conf(struct ctx *c, int argc, char **argv) udp_out_mode = fwd_default; if (tcp_in_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 't', "auto", &c->fwd_in, NULL, NULL, - 1, NUM_PORTS - 1, NULL, 1, FWD_SCAN); + conf_ports_range_except(c, 't', "auto", c->fwd[PIF_HOST], + NULL, NULL, 1, NUM_PORTS - 1, NULL, 1, + FWD_SCAN); } if (tcp_out_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 'T', "auto", &c->fwd_out, NULL, "lo", - 1, NUM_PORTS - 1, NULL, 1, FWD_SCAN); + conf_ports_range_except(c, 'T', "auto", c->fwd[PIF_SPLICE], + NULL, "lo", 1, NUM_PORTS - 1, NULL, 1, + FWD_SCAN); } if (udp_in_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 'u', "auto", &c->fwd_in, NULL, NULL, - 1, NUM_PORTS - 1, NULL, 1, FWD_SCAN); + conf_ports_range_except(c, 'u', "auto", c->fwd[PIF_HOST], + NULL, NULL, 1, NUM_PORTS - 1, NULL, 1, + FWD_SCAN); } if (udp_out_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 'U', "auto", &c->fwd_out, NULL, "lo", - 1, NUM_PORTS - 1, NULL, 1, FWD_SCAN); + conf_ports_range_except(c, 'U', "auto", c->fwd[PIF_SPLICE], + NULL, "lo", 1, NUM_PORTS - 1, NULL, 1, + FWD_SCAN); } if (!c->quiet) diff --git a/flow.c b/flow.c index c84857b2..2972ab87 100644 --- a/flow.c +++ b/flow.c @@ -503,10 +503,10 @@ struct flowside *flow_target(const struct ctx *c, union flow *flow, { char estr[INANY_ADDRSTRLEN], ostr[INANY_ADDRSTRLEN]; struct flow_common *f = &flow->f; + const struct fwd_table *fwd = c->fwd[f->pif[INISIDE]]; const struct flowside *ini = &f->side[INISIDE]; struct flowside *tgt = &f->side[TGTSIDE]; const struct fwd_rule *rule = NULL; - const struct fwd_table *fwd; uint8_t tgtpif = PIF_NONE; assert(flow_new_entry == flow && f->state == FLOW_STATE_INI); @@ -514,6 +514,11 @@ struct flowside *flow_target(const struct ctx *c, union flow *flow, assert(f->pif[INISIDE] != PIF_NONE && f->pif[TGTSIDE] == PIF_NONE); assert(flow->f.state == FLOW_STATE_INI); + if (fwd) { + if (!(rule = fwd_rule_search(fwd, ini, proto, rule_hint))) + goto norule; + } + switch (f->pif[INISIDE]) { case PIF_TAP: memcpy(f->tap_omac, MAC_UNDEF, ETH_ALEN); @@ -521,20 +526,10 @@ struct flowside *flow_target(const struct ctx *c, union flow *flow, break; case PIF_SPLICE: - fwd = &c->fwd_out; - - if (!(rule = fwd_rule_search(fwd, ini, proto, rule_hint))) - goto norule; - tgtpif = fwd_nat_from_splice(rule, proto, ini, tgt); break; case PIF_HOST: - fwd = &c->fwd_in; - - if (!(rule = fwd_rule_search(fwd, ini, proto, rule_hint))) - goto norule; - tgtpif = fwd_nat_from_host(c, rule, proto, ini, tgt); fwd_neigh_mac_get(c, &tgt->oaddr, f->tap_omac); break; @@ -1014,8 +1009,7 @@ static int flow_migrate_source_rollback(struct ctx *c, unsigned bound, int ret) debug("...roll back migration"); - if (fwd_listen_sync(c, &c->fwd_in, PIF_HOST, - &c->tcp.scan_in, &c->udp.scan_in) < 0) + if (fwd_listen_sync(c, PIF_HOST, &c->tcp.scan_in, &c->udp.scan_in) < 0) die("Failed to re-establish listening sockets"); foreach_established_tcp_flow(flow) { @@ -1148,7 +1142,7 @@ int flow_migrate_source(struct ctx *c, const struct migrate_stage *stage, * fix that is to not allow local to local migration, which arguably we * should (use namespaces for testing instead). */ debug("Stop listen()s"); - fwd_listen_close(&c->fwd_in); + fwd_listen_close(c->fwd[PIF_HOST]); debug("Sending %u flows", count); diff --git a/fwd.c b/fwd.c index 7844a674..3395a28e 100644 --- a/fwd.c +++ b/fwd.c @@ -331,6 +331,21 @@ bool fwd_port_is_ephemeral(in_port_t port) return (port >= fwd_ephemeral_min) && (port <= fwd_ephemeral_max); } +/* Forwarding table storage, generally accessed via pointers in struct ctx */ +static struct fwd_table fwd_in; +static struct fwd_table fwd_out; + +/** + * fwd_rule_init() - Initialise forwarding tables + * @c: Execution context + */ +void fwd_rule_init(struct ctx *c) +{ + c->fwd[PIF_HOST] = &fwd_in; + if (c->mode == MODE_PASTA) + c->fwd[PIF_SPLICE] = &fwd_out; +} + /** * fwd_rule_add() - Add a rule to a forwarding table * @fwd: Table to add to @@ -505,19 +520,17 @@ void fwd_rules_print(const struct fwd_table *fwd) /** fwd_sync_one() - Create or remove listening sockets for a forward entry * @c: Execution context - * @fwd: Forwarding table - * @idx: Rule index * @pif: Interface to create listening sockets for + * @idx: Rule index * @tcp: Bitmap of TCP ports to listen for on FWD_SCAN entries * @udp: Bitmap of UDP ports to listen for on FWD_SCAN entries * * Return: 0 on success, -1 on failure */ -static int fwd_sync_one(const struct ctx *c, const struct fwd_table *fwd, - unsigned idx, uint8_t pif, +static int fwd_sync_one(const struct ctx *c, uint8_t pif, unsigned idx, const uint8_t *tcp, const uint8_t *udp) { - const struct fwd_rule *rule = &fwd->rules[idx]; + const struct fwd_rule *rule = &c->fwd[pif]->rules[idx]; const union inany_addr *addr = fwd_rule_addr(rule); const char *ifname = rule->ifname; const uint8_t *map = NULL; @@ -598,7 +611,6 @@ static int fwd_sync_one(const struct ctx *c, const struct fwd_table *fwd, /** struct fwd_listen_args - arguments for fwd_listen_init_() * @c: Execution context - * @fwd: Forwarding table * @tcpmap: Bitmap of TCP ports to auto-forward * @udpmap: Bitmap of TCP ports to auto-forward * @pif: Interface to create listening sockets for @@ -606,7 +618,6 @@ static int fwd_sync_one(const struct ctx *c, const struct fwd_table *fwd, */ struct fwd_listen_args { const struct ctx *c; - const struct fwd_table *fwd; const uint8_t *tcpmap, *udpmap; uint8_t pif; int ret; @@ -625,9 +636,8 @@ static int fwd_listen_sync_(void *arg) if (a->pif == PIF_SPLICE) ns_enter(a->c); - for (i = 0; i < a->fwd->count; i++) { - a->ret = fwd_sync_one(a->c, a->fwd, i, a->pif, - a->tcpmap, a->udpmap); + for (i = 0; i < a->c->fwd[a->pif]->count; i++) { + a->ret = fwd_sync_one(a->c, a->pif, i, a->tcpmap, a->udpmap); if (a->ret < 0) break; } @@ -637,21 +647,17 @@ static int fwd_listen_sync_(void *arg) /** fwd_listen_sync() - Call fwd_listen_sync_() in correct namespace * @c: Execution context - * @fwd: Forwarding information * @pif: Interface to create listening sockets for * @tcp: Scanning state for TCP * @udp: Scanning state for UDP * * Return: 0 on success, -1 on failure */ -int fwd_listen_sync(const struct ctx *c, const struct fwd_table *fwd, - uint8_t pif, +int fwd_listen_sync(const struct ctx *c, uint8_t pif, const struct fwd_scan *tcp, const struct fwd_scan *udp) { struct fwd_listen_args a = { - .c = c, .fwd = fwd, - .tcpmap = tcp->map, .udpmap = udp->map, - .pif = pif, + .c = c, .tcpmap = tcp->map, .udpmap = udp->map, .pif = pif, }; if (pif == PIF_SPLICE) @@ -695,12 +701,11 @@ void fwd_listen_close(const struct fwd_table *fwd) */ int fwd_listen_init(const struct ctx *c) { - if (fwd_listen_sync(c, &c->fwd_in, PIF_HOST, - &c->tcp.scan_in, &c->udp.scan_in) < 0) + if (fwd_listen_sync(c, PIF_HOST, &c->tcp.scan_in, &c->udp.scan_in) < 0) return -1; if (c->mode == MODE_PASTA) { - if (fwd_listen_sync(c, &c->fwd_out, PIF_SPLICE, + if (fwd_listen_sync(c, PIF_SPLICE, &c->tcp.scan_out, &c->udp.scan_out) < 0) return -1; } @@ -851,16 +856,16 @@ static void fwd_scan_ports(struct ctx *c) uint8_t excl_tcp_out[PORT_BITMAP_SIZE], excl_udp_out[PORT_BITMAP_SIZE]; uint8_t excl_tcp_in[PORT_BITMAP_SIZE], excl_udp_in[PORT_BITMAP_SIZE]; - current_listen_map(excl_tcp_out, &c->fwd_in, IPPROTO_TCP); - current_listen_map(excl_tcp_in, &c->fwd_out, IPPROTO_TCP); - current_listen_map(excl_udp_out, &c->fwd_in, IPPROTO_UDP); - current_listen_map(excl_udp_in, &c->fwd_out, IPPROTO_UDP); + current_listen_map(excl_tcp_out, c->fwd[PIF_HOST], IPPROTO_TCP); + current_listen_map(excl_tcp_in, c->fwd[PIF_SPLICE], IPPROTO_TCP); + current_listen_map(excl_udp_out, c->fwd[PIF_HOST], IPPROTO_UDP); + current_listen_map(excl_udp_in, c->fwd[PIF_SPLICE], IPPROTO_UDP); - fwd_scan_ports_tcp(&c->fwd_out, &c->tcp.scan_out, excl_tcp_out); - fwd_scan_ports_tcp(&c->fwd_in, &c->tcp.scan_in, excl_tcp_in); - fwd_scan_ports_udp(&c->fwd_out, &c->udp.scan_out, + fwd_scan_ports_tcp(c->fwd[PIF_SPLICE], &c->tcp.scan_out, excl_tcp_out); + fwd_scan_ports_tcp(c->fwd[PIF_HOST], &c->tcp.scan_in, excl_tcp_in); + fwd_scan_ports_udp(c->fwd[PIF_SPLICE], &c->udp.scan_out, &c->tcp.scan_out, excl_udp_out); - fwd_scan_ports_udp(&c->fwd_in, &c->udp.scan_in, + fwd_scan_ports_udp(c->fwd[PIF_HOST], &c->udp.scan_in, &c->tcp.scan_in, excl_udp_in); } @@ -912,10 +917,8 @@ void fwd_scan_ports_timer(struct ctx *c, const struct timespec *now) fwd_scan_ports(c); - fwd_listen_sync(c, &c->fwd_in, PIF_HOST, - &c->tcp.scan_in, &c->udp.scan_in); - fwd_listen_sync(c, &c->fwd_out, PIF_SPLICE, - &c->tcp.scan_out, &c->udp.scan_out); + fwd_listen_sync(c, PIF_HOST, &c->tcp.scan_in, &c->udp.scan_in); + fwd_listen_sync(c, PIF_SPLICE, &c->tcp.scan_out, &c->udp.scan_out); } /** diff --git a/fwd.h b/fwd.h index 958eee25..b387d926 100644 --- a/fwd.h +++ b/fwd.h @@ -108,6 +108,7 @@ struct fwd_scan { #define FWD_PORT_SCAN_INTERVAL 1000 /* ms */ +void fwd_rule_init(struct ctx *c); void fwd_rule_add(struct fwd_table *fwd, uint8_t proto, uint8_t flags, const union inany_addr *addr, const char *ifname, in_port_t first, in_port_t last, in_port_t to); @@ -119,8 +120,7 @@ void fwd_rules_print(const struct fwd_table *fwd); void fwd_scan_ports_init(struct ctx *c); void fwd_scan_ports_timer(struct ctx * c, const struct timespec *now); -int fwd_listen_sync(const struct ctx *c, const struct fwd_table *fwd, - uint8_t pif, +int fwd_listen_sync(const struct ctx *c, uint8_t pif, const struct fwd_scan *tcp, const struct fwd_scan *udp); void fwd_listen_close(const struct fwd_table *fwd); int fwd_listen_init(const struct ctx *c); diff --git a/passt.h b/passt.h index b614bdf0..62b8dcdf 100644 --- a/passt.h +++ b/passt.h @@ -184,8 +184,7 @@ struct ip6_ctx { * @pasta_ifn: Name of namespace interface for pasta * @pasta_ifi: Index of namespace interface for pasta * @pasta_conf_ns: Configure namespace after creating it - * @fwd_in: Forwarding table for inbound flows - * @fwd_out: Forwarding table for outbound flows + * @fwd: Forwarding tables * @no_tcp: Disable TCP operation * @tcp: Context for TCP protocol handler * @no_udp: Disable UDP operation @@ -264,8 +263,7 @@ struct ctx { unsigned int pasta_ifi; int pasta_conf_ns; - struct fwd_table fwd_in; - struct fwd_table fwd_out; + struct fwd_table *fwd[PIF_NUM_TYPES]; int no_tcp; struct tcp_ctx tcp; -- 2.53.0

Add a control socket to passt/pasta for updating configuration at runtime. Add a tool (pesto) for communicating with the control socket. For now this is a stub implementation that forms the connection and sends some version information, but nothing more. Example: ./pasta --debug --config-net -c /tmp/pasta.conf -t none ./pesto /tmp/pasta.conf Signed-off-by: Stefano Brivio [dwg: Based on an early draft from Stefano] Signed-off-by: David Gibson --- .gitignore | 2 + Makefile | 30 +++++++---- common.h | 14 +++++ conf.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++++++- conf.h | 2 + epoll_type.h | 4 ++ log.c | 1 + passt.1 | 5 ++ passt.c | 9 ++++ passt.h | 6 +++ pesto.1 | 46 ++++++++++++++++ pesto.c | 113 ++++++++++++++++++++++++++++++++++++++ pesto.h | 34 ++++++++++++ serialise.c | 3 ++ util.h | 3 -- 15 files changed, 407 insertions(+), 15 deletions(-) create mode 100644 common.h create mode 100644 pesto.1 create mode 100644 pesto.c create mode 100644 pesto.h diff --git a/.gitignore b/.gitignore index 3c16adc7..3e40d9f7 100644 --- a/.gitignore +++ b/.gitignore @@ -4,9 +4,11 @@ /pasta /pasta.avx2 /passt-repair +/pesto /qrap /pasta.1 /seccomp.h +/seccomp_pesto.h /seccomp_repair.h /c*.json README.plain.md diff --git a/Makefile b/Makefile index 5b6891d7..d085c9c1 100644 --- a/Makefile +++ b/Makefile @@ -44,17 +44,19 @@ PASST_SRCS = arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c epoll_ctl.c \ udp.c udp_flow.c udp_vu.c util.c vhost_user.c virtio.c vu_common.c QRAP_SRCS = qrap.c PASST_REPAIR_SRCS = passt-repair.c -SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS) +PESTO_SRCS = pesto.c serialise.c +SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS) $(PESTO_SRCS) -MANPAGES = passt.1 pasta.1 qrap.1 passt-repair.1 +MANPAGES = passt.1 pasta.1 pesto.1 qrap.1 passt-repair.1 +PESTO_HEADERS = common.h pesto.h serialise.h PASST_HEADERS = arch.h arp.h checksum.h conf.h dhcp.h dhcpv6.h epoll_ctl.h \ flow.h fwd.h flow_table.h icmp.h icmp_flow.h inany.h iov.h ip.h \ isolation.h lineread.h log.h migrate.h ndp.h netlink.h packet.h \ - passt.h pasta.h pcap.h pif.h repair.h serialise.h siphash.h tap.h tcp.h \ - tcp_buf.h tcp_conn.h tcp_internal.h tcp_splice.h tcp_vu.h udp.h \ - udp_flow.h udp_internal.h udp_vu.h util.h vhost_user.h virtio.h \ - vu_common.h + passt.h pasta.h pcap.h pif.h repair.h siphash.h tap.h tcp.h tcp_buf.h \ + tcp_conn.h tcp_internal.h tcp_splice.h tcp_vu.h udp.h udp_flow.h \ + udp_internal.h udp_vu.h util.h vhost_user.h virtio.h vu_common.h \ + $(PESTO_HEADERS) HEADERS = $(PASST_HEADERS) seccomp.h C := \#include \nint main(){int a=getrandom(0, 0, 0);} @@ -75,9 +77,9 @@ mandir ?= $(datarootdir)/man man1dir ?= $(mandir)/man1 ifeq ($(TARGET_ARCH),x86_64) -BIN := passt passt.avx2 pasta pasta.avx2 qrap passt-repair +BIN := passt passt.avx2 pasta pasta.avx2 qrap passt-repair pesto else -BIN := passt pasta qrap passt-repair +BIN := passt pasta qrap passt-repair pesto endif all: $(BIN) $(MANPAGES) docs @@ -91,6 +93,9 @@ seccomp.h: seccomp.sh $(PASST_SRCS) $(PASST_HEADERS) seccomp_repair.h: seccomp.sh $(PASST_REPAIR_SRCS) @ ARCH="$(TARGET_ARCH)" CC="$(CC)" ./seccomp.sh seccomp_repair.h $(PASST_REPAIR_SRCS) +seccomp_pesto.h: seccomp.sh $(PESTO_SRCS) + @ ARCH="$(TARGET_ARCH)" CC="$(CC)" ./seccomp.sh seccomp_pesto.h $(PESTO_SRCS) + passt: $(PASST_SRCS) $(HEADERS) $(CC) $(FLAGS) $(CFLAGS) $(CPPFLAGS) $(PASST_SRCS) -o passt $(LDFLAGS) @@ -110,6 +115,9 @@ qrap: $(QRAP_SRCS) passt.h passt-repair: $(PASST_REPAIR_SRCS) seccomp_repair.h $(CC) $(FLAGS) $(CFLAGS) $(CPPFLAGS) $(PASST_REPAIR_SRCS) -o passt-repair $(LDFLAGS) +pesto: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h + $(CC) $(FLAGS) $(CFLAGS) $(CPPFLAGS) $(PESTO_SRCS) -o pesto $(LDFLAGS) + valgrind: EXTRA_SYSCALLS += rt_sigprocmask rt_sigtimedwait rt_sigaction \ rt_sigreturn getpid gettid kill clock_gettime \ mmap|mmap2 munmap open unlink gettimeofday futex \ @@ -119,7 +127,7 @@ valgrind: all .PHONY: clean clean: - $(RM) $(BIN) *~ *.o seccomp.h seccomp_repair.h pasta.1 \ + $(RM) $(BIN) *~ *.o seccomp.h seccomp_repair.h seccomp_pesto.h pasta.1 \ passt.tar passt.tar.gz *.deb *.rpm \ passt.pid README.plain.md @@ -173,11 +181,11 @@ docs: README.md done < README.md; \ ) > README.plain.md -clang-tidy: $(PASST_SRCS) +clang-tidy: $(PASST_SRCS) $(PESTO_SRCS) clang-tidy $^ -- $(filter-out -pie,$(FLAGS) $(CFLAGS) $(CPPFLAGS)) \ -DCLANG_TIDY_58992 -cppcheck: $(PASST_SRCS) $(HEADERS) +cppcheck: $(PASST_SRCS) $(PESTO_SRCS) $(HEADERS) if cppcheck --check-level=exhaustive /dev/null > /dev/null 2>&1; then \ CPPCHECK_EXHAUSTIVE="--check-level=exhaustive"; \ else \ diff --git a/common.h b/common.h new file mode 100644 index 00000000..76a95609 --- /dev/null +++ b/common.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later + * Copyright Red Hat + * Author: David Gibson + * + * Definitions used by both passt/pasta and other tools + */ + +#ifndef COMMON_H +#define COMMON_H + +/* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */ +#define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__) + +#endif /* _COMMON_H */ diff --git a/conf.c b/conf.c index d4c2a013..5e8bc665 100644 --- a/conf.c +++ b/conf.c @@ -35,6 +35,7 @@ #include #include +#include "common.h" #include "util.h" #include "ip.h" #include "passt.h" @@ -47,6 +48,10 @@ #include "isolation.h" #include "log.h" #include "vhost_user.h" +#include "epoll_ctl.h" +#include "conf.h" +#include "pesto.h" +#include "serialise.h" #define NETNS_RUN_DIR "/run/netns" @@ -888,6 +893,7 @@ static void usage(const char *name, FILE *f, int status) " --runas UID|UID:GID Run as given UID, GID, which can be\n" " numeric, or login and group names\n" " default: drop to user \"nobody\"\n" + " -c, --conf-path PATH Configuration socket path\n" " -h, --help Display this help message and exit\n" " --version Show version and exit\n"); @@ -1425,6 +1431,17 @@ static void conf_open_files(struct ctx *c) if (c->pidfile_fd < 0) die_perror("Couldn't open PID file %s", c->pidfile); } + + c->fd_conf = -1; + if (*c->conf_path) { + c->fd_conf_listen = sock_unix(c->conf_path); + if (c->fd_conf_listen < 0) { + die_perror("Couldn't open control socket %s", + c->conf_path); + } + } else { + c->fd_conf_listen = -1; + } } /** @@ -1460,6 +1477,25 @@ fail: die("Invalid MAC address: %s", str); } +/** + * conf_sock_listen() - Start listening for connections on configuration socket + * @c: Execution context + */ +static void conf_sock_listen(const struct ctx *c) +{ + union epoll_ref ref = { .type = EPOLL_TYPE_CONF_LISTEN }; + + if (c->fd_conf_listen < 0) + return; + + if (listen(c->fd_conf_listen, 0)) + die_perror("Couldn't listen on configuration socket"); + + ref.fd = c->fd_conf_listen; + if (epoll_add(c->epollfd, EPOLLIN | EPOLLET, ref)) + die_perror("Couldn't add configuration socket to epoll"); +} + /** * conf() - Process command-line arguments and set configuration * @c: Execution context @@ -1542,9 +1578,10 @@ void conf(struct ctx *c, int argc, char **argv) {"migrate-exit", no_argument, NULL, 29 }, {"migrate-no-linger", no_argument, NULL, 30 }, {"stats", required_argument, NULL, 31 }, + {"conf-path", required_argument, NULL, 'c' }, { 0 }, }; - const char *optstring = "+dqfel:hs:F:I:p:P:m:a:n:M:g:i:o:D:S:H:461t:u:T:U:"; + const char *optstring = "+dqfel:hs:c:F:I:p:P:m:a:n:M:g:i:o:D:S:H:461t:u:T:U:"; const char *logname = (c->mode == MODE_PASTA) ? "pasta" : "passt"; char userns[PATH_MAX] = { 0 }, netns[PATH_MAX] = { 0 }; bool copy_addrs_opt = false, copy_routes_opt = false; @@ -1808,6 +1845,13 @@ void conf(struct ctx *c, int argc, char **argv) c->fd_tap = -1; break; + case 'c': + ret = snprintf(c->conf_path, sizeof(c->conf_path), "%s", + optarg); + if (ret <= 0 || ret >= (int)sizeof(c->sock_path)) + die("Invalid configuration path: %s", optarg); + c->fd_conf_listen = c->fd_conf = -1; + break; case 'F': errno = 0; fd_tap_opt = strtol(optarg, NULL, 0); @@ -2252,4 +2296,108 @@ void conf(struct ctx *c, int argc, char **argv) if (!c->quiet) conf_print(c); + + conf_sock_listen(c); +} + +/** + * conf_listen_handler() - Handle events on configuration listening socket + * @c: Execution context + * @events: epoll events + */ +void conf_listen_handler(struct ctx *c, uint32_t events) +{ + struct pesto_hello hello = { + .magic = PESTO_SERVER_MAGIC, + .version = htonl(PESTO_PROTOCOL_VERSION), + }; + union epoll_ref ref = { .type = EPOLL_TYPE_CONF }; + struct ucred uc = { 0 }; + socklen_t len = sizeof(uc); + int fd, rc; + + if (events != EPOLLIN) { + err("Unexpected event 0x%04x on configuration socket", events); + return; + } + + fd = accept4(c->fd_conf_listen, NULL, NULL, SOCK_NONBLOCK); + if (fd < 0) { + warn_perror("accept4() on configuration listening socket"); + return; + } + + if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &uc, &len) < 0) + warn_perror("Can't get configuration client credentials"); + + /* Another client is already connected: accept and close right away. */ + if (c->fd_conf != -1) { + info("Discarding configuration client, PID %i", uc.pid); + goto fail; + } + + ref.fd = fd; + rc = epoll_add(c->epollfd, EPOLLIN | EPOLLET, ref); + if (rc < 0) { + warn_perror("epoll_ctl() on configuration socket"); + goto fail; + } + + rc = write_all_buf(fd, &hello, sizeof(hello)); + if (rc < 0) { + warn_perror("Error writing configuration protocol hello"); + goto fail; + } + + c->fd_conf = fd; + info("Accepted configuration client, PID %i", uc.pid); + if (!PESTO_PROTOCOL_VERSION) { + warn( +"Warning: Using experimental unsupported configuration protocol"); + } + + return; + +fail: + close(fd); +} + +/** + * conf_handler() - Handle events on configuration socket + * @c: Execution context + * @events: epoll events + */ +void conf_handler(struct ctx *c, uint32_t events) +{ + if (events & EPOLLIN) { + char discard[BUFSIZ]; + ssize_t n; + + do { + n = read(c->fd_conf, discard, sizeof(discard)); + if (n > 0) + debug("Discarded %zd bytes of config data", n); + } while (n > 0); + if (n == 0) { + debug("Configuration client EOF"); + goto close; + } + if (errno != EAGAIN && errno != EWOULDBLOCK) { + err_perror("Error reading config data"); + goto close; + } + } + + if (events & EPOLLHUP) { + debug("Configuration client hangup"); + goto close; + } + + return; + +close: + debug("Closing configuration socket"); + epoll_ctl(c->epollfd, EPOLL_CTL_DEL, c->fd_conf, NULL); + close(c->fd_conf); + c->fd_conf = -1; } diff --git a/conf.h b/conf.h index b45ad746..16f97189 100644 --- a/conf.h +++ b/conf.h @@ -8,5 +8,7 @@ enum passt_modes conf_mode(int argc, char *argv[]); void conf(struct ctx *c, int argc, char **argv); +void conf_listen_handler(struct ctx *c, uint32_t events); +void conf_handler(struct ctx *c, uint32_t events); #endif /* CONF_H */ diff --git a/epoll_type.h b/epoll_type.h index a90ffb67..061325aa 100644 --- a/epoll_type.h +++ b/epoll_type.h @@ -46,6 +46,10 @@ enum epoll_type { EPOLL_TYPE_REPAIR, /* Netlink neighbour subscription socket */ EPOLL_TYPE_NL_NEIGH, + /* Configuration listening socket */ + EPOLL_TYPE_CONF_LISTEN, + /* Configuration socket */ + EPOLL_TYPE_CONF, EPOLL_NUM_TYPES, }; diff --git a/log.c b/log.c index 21e3673e..99404e25 100644 --- a/log.c +++ b/log.c @@ -26,6 +26,7 @@ #include #include +#include "common.h" #include "linux_dep.h" #include "log.h" #include "util.h" diff --git a/passt.1 b/passt.1 index 13e8df9d..32d70c8d 100644 --- a/passt.1 +++ b/passt.1 @@ -127,6 +127,11 @@ login name and group name can be passed. This requires privileges (either initial effective UID 0 or CAP_SETUID capability) to work. Default is to change to user \fInobody\fR if started as root. +.TP +.BR \-c ", " \-\-conf-path " " \fIpath " " (EXPERIMENTAL) +Path for configuration and control socket used by \fBpesto\fR(1) to +dynamically update passt or pasta's configuration. + .TP .BR \-h ", " \-\-help Display a help message and exit. diff --git a/passt.c b/passt.c index f84419c7..d37beef3 100644 --- a/passt.c +++ b/passt.c @@ -36,6 +36,7 @@ #include #include +#include "common.h" #include "util.h" #include "passt.h" #include "dhcp.h" @@ -80,6 +81,8 @@ char *epoll_type_str[] = { [EPOLL_TYPE_REPAIR_LISTEN] = "TCP_REPAIR helper listening socket", [EPOLL_TYPE_REPAIR] = "TCP_REPAIR helper socket", [EPOLL_TYPE_NL_NEIGH] = "netlink neighbour notifier socket", + [EPOLL_TYPE_CONF_LISTEN] = "configuration listening socket", + [EPOLL_TYPE_CONF] = "configuration socket", }; static_assert(ARRAY_SIZE(epoll_type_str) == EPOLL_NUM_TYPES, "epoll_type_str[] doesn't match enum epoll_type"); @@ -303,6 +306,12 @@ static void passt_worker(void *opaque, int nfds, struct epoll_event *events) case EPOLL_TYPE_NL_NEIGH: nl_neigh_notify_handler(c); break; + case EPOLL_TYPE_CONF_LISTEN: + conf_listen_handler(c, eventmask); + break; + case EPOLL_TYPE_CONF: + conf_handler(c, eventmask); + break; default: /* Can't happen */ assert(0); diff --git a/passt.h b/passt.h index 62b8dcdf..c38bb5ae 100644 --- a/passt.h +++ b/passt.h @@ -158,6 +158,7 @@ struct ip6_ctx { * @foreground: Run in foreground, don't log to stderr by default * @nofile: Maximum number of open files (ulimit -n) * @sock_path: Path for UNIX domain socket + * @conf_path: Path for configuration UNIX domain socket * @repair_path: TCP_REPAIR helper path, can be "none", empty for default * @pcap: Path for packet capture file * @pidfile: Path to PID file, empty string if not configured @@ -169,6 +170,8 @@ struct ip6_ctx { * @epollfd: File descriptor for epoll instance * @fd_tap_listen: File descriptor for listening AF_UNIX socket, if any * @fd_tap: AF_UNIX socket, tuntap device, or pre-opened socket + * @fd_conf_listen: Listening configuration socket, if any + * @fd_conf: Configuration socket, if any * @fd_repair_listen: File descriptor for listening TCP_REPAIR socket, if any * @fd_repair: Connected AF_UNIX socket for TCP_REPAIR helper * @our_tap_mac: Pasta/passt's MAC on the tap link @@ -223,6 +226,7 @@ struct ctx { int foreground; int nofile; char sock_path[UNIX_PATH_MAX]; + char conf_path[UNIX_PATH_MAX]; char repair_path[UNIX_PATH_MAX]; char pcap[PATH_MAX]; @@ -240,6 +244,8 @@ struct ctx { int epollfd; int fd_tap_listen; int fd_tap; + int fd_conf_listen; + int fd_conf; int fd_repair_listen; int fd_repair; unsigned char our_tap_mac[ETH_ALEN]; diff --git a/pesto.1 b/pesto.1 new file mode 100644 index 00000000..338fb8a6 --- /dev/null +++ b/pesto.1 @@ -0,0 +1,46 @@ +.\" SPDX-License-Identifier: GPL-2.0-or-later +.\" Copyright Red Hat +.\" Author: David Gibson +.TH pesto 1 + +.SH NAME +.B pesto +\- Configure a running \fBpasst\fR(1) or \fBpasta\fR(1) instance. + +.SH SYNOPSIS +.B pesto +\fIPATH\fR + +.SH DESCRIPTION + +.B pesto +is an experimental client to view and update the port forwarding +configuration of a running \fBpasst\fR(1) or \fBpasta\fR(1) instance. + +\fIPATH\fR gives the path to the UNIX domain socket created by +\fBpasst\fR or \fBpasta\fR. It should match the \fB-c\fR command line +option given to that instance. + +.SH AUTHORS + +Stefano Brivio , +David Gibson . + +.SH REPORTING BUGS + +Please report issues on the bug tracker at https://bugs.passt.top/, or +send a message to the passt-user@passt.top mailing list, see +https://lists.passt.top/. + +.SH COPYRIGHT + +Copyright Red Hat + +\fBpesto\fR is free software: you can redistribute them and/or modify +them under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 2 of the License, or (at +your option) any later version. + +.SH SEE ALSO + +\fBpasst\fR(1), \fBpasta\fR(1), \fBunix\fR(7). diff --git a/pesto.c b/pesto.c new file mode 100644 index 00000000..6d066084 --- /dev/null +++ b/pesto.c @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + +/* PESTO - Programmable Extensible Socket Translation Orchestrator + * front-end for passt(1) and pasta(1) forwarding configuration + * + * pesto.c - Main program (it's not actually extensible) + * + * Copyright (c) 2026 Red Hat GmbH + * Author: Stefano Brivio + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "common.h" +#include "seccomp_pesto.h" +#include "serialise.h" +#include "pesto.h" + +#define die(...) \ + do { \ + FPRINTF(stderr, __VA_ARGS__); \ + FPRINTF(stderr, "\n"); \ + exit(EXIT_FAILURE); \ + } while (0) + +/** + * main() - Entry point and whole program with loop + * @argc: Argument count + * @argv: Arguments: socket path, operation, port specifiers + * + * Return: 0 on success, won't return on failure + * + * #syscalls:pesto connect write close exit_group fstat brk + * #syscalls:pesto socket s390x:socketcall i686:socketcall + * #syscalls:pesto recvfrom recvmsg arm:recv ppc64le:recv + * #syscalls:pesto sendto sendmsg arm:send ppc64le:send + */ +int main(int argc, char **argv) +{ + struct sockaddr_un a = { AF_UNIX, "" }; + struct pesto_hello hello; + struct sock_fprog prog; + uint32_t s_version; + int ret, s; + + prctl(PR_SET_DUMPABLE, 0); + + prog.len = (unsigned short)sizeof(filter_pesto) / + sizeof(filter_pesto[0]); + prog.filter = filter_pesto; + if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) || + prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) + die("Failed to apply seccomp filter"); + + if (argc < 2) + die("Usage: %s CONTROLPATH", argv[0]); + + if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) + die("Failed to create AF_UNIX socket: %s", strerror(errno)); + + ret = snprintf(a.sun_path, sizeof(a.sun_path), "%s", argv[1]); + if (ret <= 0 || ret >= (int)sizeof(a.sun_path)) + die("Invalid socket path \"%s\"", argv[1]); + + ret = connect(s, (struct sockaddr *)&a, sizeof(a)); + if (ret < 0) { + die("Failed to connect to %s: %s", + a.sun_path, strerror(errno)); + } + + ret = read_all_buf(s, &hello, sizeof(hello)); + if (ret < 0) + die("Couldn't read server greeting: %s", strerror(errno)); + + if (memcmp(hello.magic, PESTO_SERVER_MAGIC, sizeof(hello.magic))) + die("Bad magic number from server"); + + s_version = ntohl(hello.version); + + if (s_version > PESTO_PROTOCOL_VERSION) { + die("Unknown server protocol version %"PRIu32" > %"PRIu32"\n", + s_version, PESTO_PROTOCOL_VERSION); + } + + /* cppcheck-suppress knownConditionTrueFalse */ + if (!s_version) { + if (PESTO_PROTOCOL_VERSION) + die("Unsupported experimental server protocol"); + FPRINTF(stderr, +"Warning: Using experimental protocol version, client and server must match\n"); + } + + exit(0); +} diff --git a/pesto.h b/pesto.h new file mode 100644 index 00000000..92d4df3a --- /dev/null +++ b/pesto.h @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later + * Copyright Red Hat + * Author: David Gibson + * + * Definitions and functions used by both client and server of the configuration + * update protocol (pesto). + */ + +#ifndef PESTO_H +#define PESTO_H + +#include +#include + +#define PESTO_SERVER_MAGIC "pesto:s" + +/* Version 0 is reserved for unreleased / unsupported experimental versions */ +#define PESTO_PROTOCOL_VERSION 0 + +/** + * struct pesto_hello - Server introduction message + * @magic: PESTO_SERVER_MAGIC + * @version: Version number + */ +struct pesto_hello { + char magic[8]; + uint32_t version; +} __attribute__ ((__packed__)); + +static_assert(sizeof(PESTO_SERVER_MAGIC) + == sizeof(((struct pesto_hello *)0)->magic), + "PESTO_SERVER_MAGIC has wrong size"); + +#endif /* PESTO_H */ diff --git a/serialise.c b/serialise.c index d6c3396a..e3ea86e3 100644 --- a/serialise.c +++ b/serialise.c @@ -6,6 +6,9 @@ * PASTA - Pack A Subtle Tap Abstraction * for network namespace/tap device mode * + * PESTO - Programmable Extensible Socket Translation Orchestrator + * front-end for passt(1) and pasta(1) forwarding configuration + * * serialise.c - Serialisation of data structures over bytestreams * * Copyright Red Hat diff --git a/util.h b/util.h index cb669105..e7993f4d 100644 --- a/util.h +++ b/util.h @@ -317,9 +317,6 @@ static inline bool mod_between(unsigned x, unsigned i, unsigned j, unsigned m) return mod_sub(x, i, m) < mod_sub(j, i, m); } -/* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */ -#define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__) - void raw_random(void *buf, size_t buflen); /* -- 2.53.0

Add basic command line option parsing using getopt_long() to pesto. Implement --help, --version, --quiet and --verbose options, along with a debug() macro to print debugging messages when given the verbose option. Signed-off-by: David Gibson --- common.h | 8 ++++++ conf.c | 45 +++++++++++++++++---------------- passt.h | 12 ++++----- pesto.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++------ util.h | 8 ------ 5 files changed, 108 insertions(+), 42 deletions(-) diff --git a/common.h b/common.h index 76a95609..927d20a4 100644 --- a/common.h +++ b/common.h @@ -8,6 +8,14 @@ #ifndef COMMON_H #define COMMON_H +#define VERSION_BLOB \ + VERSION "\n" \ + "Copyright Red Hat\n" \ + "GNU General Public License, version 2 or later\n" \ + " https://www.gnu.org/licenses/old-licenses/gpl-2.0.html\n" \ + "This is free software: you are free to change and redistribute it.\n" \ + "There is NO WARRANTY, to the extent permitted by law.\n\n" + /* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */ #define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__) diff --git a/conf.c b/conf.c index 5e8bc665..7b960fe9 100644 --- a/conf.c +++ b/conf.c @@ -1140,6 +1140,9 @@ static void conf_print(const struct ctx *c) char bufmac[ETH_ADDRSTRLEN], ifn[IFNAMSIZ]; int i; + if (c->fd_control_listen >= 0) + info("Configuration socket: %s", c->control_path); + if (c->ifi4 > 0 || c->ifi6 > 0) { info("Template interface: %s%s%s%s%s", c->ifi4 > 0 ? if_indextoname(c->ifi4, ifn) : "", @@ -1432,15 +1435,15 @@ static void conf_open_files(struct ctx *c) die_perror("Couldn't open PID file %s", c->pidfile); } - c->fd_conf = -1; - if (*c->conf_path) { - c->fd_conf_listen = sock_unix(c->conf_path); - if (c->fd_conf_listen < 0) { + c->fd_control = -1; + if (*c->control_path) { + c->fd_control_listen = sock_unix(c->control_path); + if (c->fd_control_listen < 0) { die_perror("Couldn't open control socket %s", - c->conf_path); + c->control_path); } } else { - c->fd_conf_listen = -1; + c->fd_control_listen = -1; } } @@ -1485,13 +1488,13 @@ static void conf_sock_listen(const struct ctx *c) { union epoll_ref ref = { .type = EPOLL_TYPE_CONF_LISTEN }; - if (c->fd_conf_listen < 0) + if (c->fd_control_listen < 0) return; - if (listen(c->fd_conf_listen, 0)) + if (listen(c->fd_control_listen, 0)) die_perror("Couldn't listen on configuration socket"); - ref.fd = c->fd_conf_listen; + ref.fd = c->fd_control_listen; if (epoll_add(c->epollfd, EPOLLIN | EPOLLET, ref)) die_perror("Couldn't add configuration socket to epoll"); } @@ -1846,11 +1849,11 @@ void conf(struct ctx *c, int argc, char **argv) c->fd_tap = -1; break; case 'c': - ret = snprintf(c->conf_path, sizeof(c->conf_path), "%s", - optarg); + ret = snprintf(c->control_path, sizeof(c->control_path), + "%s", optarg); if (ret <= 0 || ret >= (int)sizeof(c->sock_path)) die("Invalid configuration path: %s", optarg); - c->fd_conf_listen = c->fd_conf = -1; + c->fd_control_listen = c->fd_control = -1; break; case 'F': errno = 0; @@ -2294,10 +2297,10 @@ void conf(struct ctx *c, int argc, char **argv) FWD_SCAN); } + conf_sock_listen(c); + if (!c->quiet) conf_print(c); - - conf_sock_listen(c); } /** @@ -2321,7 +2324,7 @@ void conf_listen_handler(struct ctx *c, uint32_t events) return; } - fd = accept4(c->fd_conf_listen, NULL, NULL, SOCK_NONBLOCK); + fd = accept4(c->fd_control_listen, NULL, NULL, SOCK_NONBLOCK); if (fd < 0) { warn_perror("accept4() on configuration listening socket"); return; @@ -2331,7 +2334,7 @@ void conf_listen_handler(struct ctx *c, uint32_t events) warn_perror("Can't get configuration client credentials"); /* Another client is already connected: accept and close right away. */ - if (c->fd_conf != -1) { + if (c->fd_control != -1) { info("Discarding configuration client, PID %i", uc.pid); goto fail; } @@ -2349,7 +2352,7 @@ void conf_listen_handler(struct ctx *c, uint32_t events) goto fail; } - c->fd_conf = fd; + c->fd_control = fd; info("Accepted configuration client, PID %i", uc.pid); if (!PESTO_PROTOCOL_VERSION) { warn( @@ -2374,7 +2377,7 @@ void conf_handler(struct ctx *c, uint32_t events) ssize_t n; do { - n = read(c->fd_conf, discard, sizeof(discard)); + n = read(c->fd_control, discard, sizeof(discard)); if (n > 0) debug("Discarded %zd bytes of config data", n); } while (n > 0); @@ -2397,7 +2400,7 @@ void conf_handler(struct ctx *c, uint32_t events) close: debug("Closing configuration socket"); - epoll_ctl(c->epollfd, EPOLL_CTL_DEL, c->fd_conf, NULL); - close(c->fd_conf); - c->fd_conf = -1; + epoll_ctl(c->epollfd, EPOLL_CTL_DEL, c->fd_control, NULL); + close(c->fd_control); + c->fd_control = -1; } diff --git a/passt.h b/passt.h index c38bb5ae..b3f049de 100644 --- a/passt.h +++ b/passt.h @@ -158,7 +158,7 @@ struct ip6_ctx { * @foreground: Run in foreground, don't log to stderr by default * @nofile: Maximum number of open files (ulimit -n) * @sock_path: Path for UNIX domain socket - * @conf_path: Path for configuration UNIX domain socket + * @control_path: Path for control/configuration UNIX domain socket * @repair_path: TCP_REPAIR helper path, can be "none", empty for default * @pcap: Path for packet capture file * @pidfile: Path to PID file, empty string if not configured @@ -170,8 +170,8 @@ struct ip6_ctx { * @epollfd: File descriptor for epoll instance * @fd_tap_listen: File descriptor for listening AF_UNIX socket, if any * @fd_tap: AF_UNIX socket, tuntap device, or pre-opened socket - * @fd_conf_listen: Listening configuration socket, if any - * @fd_conf: Configuration socket, if any + * @fd_control_listen: Listening control/configuration socket, if any + * @fd_control: Control/configuration socket, if any * @fd_repair_listen: File descriptor for listening TCP_REPAIR socket, if any * @fd_repair: Connected AF_UNIX socket for TCP_REPAIR helper * @our_tap_mac: Pasta/passt's MAC on the tap link @@ -226,7 +226,7 @@ struct ctx { int foreground; int nofile; char sock_path[UNIX_PATH_MAX]; - char conf_path[UNIX_PATH_MAX]; + char control_path[UNIX_PATH_MAX]; char repair_path[UNIX_PATH_MAX]; char pcap[PATH_MAX]; @@ -244,8 +244,8 @@ struct ctx { int epollfd; int fd_tap_listen; int fd_tap; - int fd_conf_listen; - int fd_conf; + int fd_control_listen; + int fd_control; int fd_repair_listen; int fd_repair; unsigned char our_tap_mac[ETH_ALEN]; diff --git a/pesto.c b/pesto.c index 6d066084..f8c9e01d 100644 --- a/pesto.c +++ b/pesto.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -42,6 +43,32 @@ exit(EXIT_FAILURE); \ } while (0) +#define debug(...) \ + do { \ + if (verbosity > 1) { \ + FPRINTF(stderr, __VA_ARGS__); \ + FPRINTF(stderr, "\n"); \ + } \ + } while (0) + +/** + * usage() - Print usage, exit with given status code + * @name: Executable name + * @f: Stream to print usage info to + * @status: Status code for exit(2) + */ +static void usage(const char *name, FILE *f, int status) +{ + FPRINTF(f, "Usage: %s [OPTION]... PATH\n", name); + FPRINTF(f, + "\n" + " -v, --verbose Be more verbose\n" + " -q, --quiet Be less verbose\n" + " -h, --help Display this help message and exit\n" + " --version Show version and exit\n"); + exit(status); +} + /** * main() - Entry point and whole program with loop * @argc: Argument count @@ -56,13 +83,20 @@ */ int main(int argc, char **argv) { + const struct option options[] = { + {"quiet", no_argument, NULL, 'q' }, + {"verbose", no_argument, NULL, 'v' }, + {"help", no_argument, NULL, 'h' }, + {"version", no_argument, NULL, 1 }, + { 0 }, + }; struct sockaddr_un a = { AF_UNIX, "" }; + const char *optstring = "vh"; struct pesto_hello hello; struct sock_fprog prog; + int optname, ret, s; uint32_t s_version; - int ret, s; - - prctl(PR_SET_DUMPABLE, 0); + int verbosity = 1; prog.len = (unsigned short)sizeof(filter_pesto) / sizeof(filter_pesto[0]); @@ -71,15 +105,40 @@ int main(int argc, char **argv) prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) die("Failed to apply seccomp filter"); - if (argc < 2) - die("Usage: %s CONTROLPATH", argv[0]); + do { + optname = getopt_long(argc, argv, optstring, options, NULL); + + switch (optname) { + case -1: + case 0: + break; + case 'h': + usage(argv[0], stdout, EXIT_SUCCESS); + break; + case 'q': + verbosity--; + break; + case 'v': + verbosity++; + break; + case 1: + FPRINTF(stdout, "pesto "); + FPRINTF(stdout, VERSION_BLOB); + exit(EXIT_SUCCESS); + default: + usage(argv[0], stderr, EXIT_FAILURE); + } + } while (optname != -1); + + if (argc - optind != 1) + usage(argv[0], stderr, EXIT_FAILURE); if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) die("Failed to create AF_UNIX socket: %s", strerror(errno)); - ret = snprintf(a.sun_path, sizeof(a.sun_path), "%s", argv[1]); + ret = snprintf(a.sun_path, sizeof(a.sun_path), "%s", argv[optind]); if (ret <= 0 || ret >= (int)sizeof(a.sun_path)) - die("Invalid socket path \"%s\"", argv[1]); + die("Invalid socket path \"%s\"", argv[optind]); ret = connect(s, (struct sockaddr *)&a, sizeof(a)); if (ret < 0) { @@ -87,6 +146,8 @@ int main(int argc, char **argv) a.sun_path, strerror(errno)); } + debug("Connected to passt/pasta control socket"); + ret = read_all_buf(s, &hello, sizeof(hello)); if (ret < 0) die("Couldn't read server greeting: %s", strerror(errno)); @@ -96,6 +157,8 @@ int main(int argc, char **argv) s_version = ntohl(hello.version); + debug("Server protocol version: %"PRIu32, s_version); + if (s_version > PESTO_PROTOCOL_VERSION) { die("Unknown server protocol version %"PRIu32" > %"PRIu32"\n", s_version, PESTO_PROTOCOL_VERSION); diff --git a/util.h b/util.h index e7993f4d..d7c397f6 100644 --- a/util.h +++ b/util.h @@ -21,14 +21,6 @@ #include "log.h" -#define VERSION_BLOB \ - VERSION "\n" \ - "Copyright Red Hat\n" \ - "GNU General Public License, version 2 or later\n" \ - " https://www.gnu.org/licenses/old-licenses/gpl-2.0.html\n" \ - "This is free software: you are free to change and redistribute it.\n" \ - "There is NO WARRANTY, to the extent permitted by law.\n\n" - #ifndef SECCOMP_RET_KILL_PROCESS #define SECCOMP_RET_KILL_PROCESS SECCOMP_RET_KILL #endif -- 2.53.0

conf_ports_range_except() checks that it hasn't been asked to map port 0, which generally won't work. However, there's only one callsite that doesn't statically pass a non-zero value here. Change the check to an assert() and move the actual error message to that callsite. This will allow further cleanups later. Signed-off-by: David Gibson --- conf.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/conf.c b/conf.c index e5baf8ee..dc9468c2 100644 --- a/conf.c +++ b/conf.c @@ -151,10 +151,7 @@ static void conf_ports_range_except(const struct ctx *c, char optname, unsigned base, i; uint8_t proto; - if (first == 0) { - die("Can't forward port 0 for option '-%c %s'", - optname, optarg); - } + assert(first != 0); if (optname == 't' || optname == 'T') proto = IPPROTO_TCP; @@ -404,6 +401,11 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg, if ((*p != '\0') && (*p != ',')) /* Garbage after the ranges */ goto bad; + if (orig_range.first == 0) { + die("Can't forward port 0 for option '-%c %s'", + optname, optarg); + } + conf_ports_range_except(c, optname, optarg, fwd, addr, ifname, orig_range.first, orig_range.last, -- 2.53.0

ipproto_name() returns a static string of theoretically unbounded length. That's going to be inconvenient in future, so introduce IPPROTO_STRLEN giving an explicit bound on the length. Use static_assert() and some macros to ensure nothing we return can exceed this. Signed-off-by: David Gibson --- ip.c | 18 ++++++++++++------ ip.h | 1 + 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/ip.c b/ip.c index 4e4e0bf5..f2506bb1 100644 --- a/ip.c +++ b/ip.c @@ -15,6 +15,7 @@ * Author: Stefano Brivio */ +#include #include #include @@ -24,7 +25,7 @@ * ipproto_name() - Get IP protocol name from number * @proto: IP protocol number * - * Return: pointer to name of protocol @proto + * Return: pointer to name of protocol @proto (<= IPPROTO_STRLEN bytes) * * Usually this would be done with getprotobynumber(3) but that reads * /etc/protocols and might allocate, which isn't possible for us once @@ -33,16 +34,21 @@ const char *ipproto_name(uint8_t proto) { switch (proto) { +#define CASE(s) \ + static_assert(sizeof(s) <= IPPROTO_STRLEN, \ + "Increase IPPROTO_STRLEN to contain " #s); \ + return s; case IPPROTO_ICMP: - return "ICMP"; + CASE("ICMP"); case IPPROTO_TCP: - return "TCP"; + CASE("TCP"); case IPPROTO_UDP: - return "UDP"; + CASE("UDP"); case IPPROTO_ICMPV6: - return "ICMPv6"; + CASE("ICMPv6"); default: - return "<unknown protocol>"; + CASE("<unknown protocol>"); +#undef CASE } } diff --git a/ip.h b/ip.h index f6c29e00..aab9b86a 100644 --- a/ip.h +++ b/ip.h @@ -117,6 +117,7 @@ static inline uint32_t ip6_get_flow_lbl(const struct ipv6hdr *ip6h) ip6h->flow_lbl[2]; } +#define IPPROTO_STRLEN (sizeof("<unknown protocol>")) const char *ipproto_name(uint8_t proto); /* IPv6 link-local all-nodes multicast address, ff02::1 */ -- 2.53.0

inany contains a number of helpful functions for dealing with addresses which might be IPv4 or IPv6. We're going to want to use that in pesto. For the most part inany doesn't depend on other passt/pasta internals, however it does depend on siphash.h, which pesto doesn't need. Move the single dependent function, inany_siphash_feed() to siphash.h, renaming to match. Use that include inany.[ch] into pesto as well as passt/pasta. While we're there reformat pesto.c's header comment to match the convention used in most other files. Signed-off-by: David Gibson --- Makefile | 6 +++--- common.h | 7 +++++++ flow.c | 4 ++-- fwd.c | 2 +- inany.c | 16 +++++++++++++--- inany.h | 16 ++-------------- iov.c | 1 + siphash.h | 13 +++++++++++++ util.h | 7 ------- virtio.c | 1 + 10 files changed, 43 insertions(+), 30 deletions(-) diff --git a/Makefile b/Makefile index b9f20bb5..92809813 100644 --- a/Makefile +++ b/Makefile @@ -44,14 +44,14 @@ PASST_SRCS = arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c epoll_ctl.c \ udp.c udp_flow.c udp_vu.c util.c vhost_user.c virtio.c vu_common.c QRAP_SRCS = qrap.c PASST_REPAIR_SRCS = passt-repair.c -PESTO_SRCS = pesto.c ip.c serialise.c +PESTO_SRCS = pesto.c inany.c ip.c serialise.c SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS) $(PESTO_SRCS) MANPAGES = passt.1 pasta.1 pesto.1 qrap.1 passt-repair.1 -PESTO_HEADERS = common.h ip.h pesto.h serialise.h +PESTO_HEADERS = common.h inany.h ip.h pesto.h serialise.h PASST_HEADERS = arch.h arp.h checksum.h conf.h dhcp.h dhcpv6.h epoll_ctl.h \ - flow.h fwd.h flow_table.h icmp.h icmp_flow.h inany.h iov.h isolation.h \ + flow.h fwd.h flow_table.h icmp.h icmp_flow.h iov.h isolation.h \ lineread.h log.h migrate.h ndp.h netlink.h packet.h passt.h pasta.h \ pcap.h pif.h repair.h siphash.h tap.h tcp.h tcp_buf.h tcp_conn.h \ tcp_internal.h tcp_splice.h tcp_vu.h udp.h udp_flow.h udp_internal.h \ diff --git a/common.h b/common.h index 7d6ba5c1..7d37b926 100644 --- a/common.h +++ b/common.h @@ -19,6 +19,13 @@ /* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */ #define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__) +#ifndef MIN +#define MIN(x, y) (((x) < (y)) ? (x) : (y)) +#endif +#ifndef MAX +#define MAX(x, y) (((x) > (y)) ? (x) : (y)) +#endif + #define BIT(n) (1UL << (n)) #ifndef __bswap_constant_16 diff --git a/flow.c b/flow.c index 2972ab87..c2d36882 100644 --- a/flow.c +++ b/flow.c @@ -678,8 +678,8 @@ static uint64_t flow_hash(const struct ctx *c, uint8_t proto, uint8_t pif, { struct siphash_state state = SIPHASH_INIT(c->hash_secret); - inany_siphash_feed(&state, &side->oaddr); - inany_siphash_feed(&state, &side->eaddr); + siphash_feed_inany(&state, &side->oaddr); + siphash_feed_inany(&state, &side->eaddr); return siphash_final(&state, 38, (uint64_t)proto << 40 | (uint64_t)pif << 32 | diff --git a/fwd.c b/fwd.c index cfe89362..05c8e378 100644 --- a/fwd.c +++ b/fwd.c @@ -86,7 +86,7 @@ static size_t neigh_table_slot(const struct ctx *c, struct siphash_state st = SIPHASH_INIT(c->hash_secret); uint32_t i; - inany_siphash_feed(&st, key); + siphash_feed_inany(&st, key); i = siphash_final(&st, sizeof(*key), 0); return ((size_t)i) & (NEIGH_TABLE_SIZE - 1); diff --git a/inany.c b/inany.c index 2a586ed1..426d2a64 100644 --- a/inany.c +++ b/inany.c @@ -1,9 +1,19 @@ -/* SPDX-License-Identifier: GPL-2.0-or-later - * Copyright Red Hat - * Author: David Gibson +// SPDX-License-Identifier: GPL-2.0-or-later + +/* PASST - Plug A Simple Socket Transport + * for qemu/UNIX domain socket mode + * + * PASTA - Pack A Subtle Tap Abstraction + * for network namespace/tap device mode + * + * PESTO - Programmable Extensible Socket Translation Orchestrator + * front-end for passt(1) and pasta(1) forwarding configuration * * inany.c - Types and helpers for handling addresses which could be * IPv6 or IPv4 (encoded as IPv4-mapped IPv6 addresses) + * + * Copyright Red Hat + * Author: David Gibson */ #include diff --git a/inany.h b/inany.h index 30e24164..6a1ff3c0 100644 --- a/inany.h +++ b/inany.h @@ -10,12 +10,11 @@ #define INANY_H #include +#include +#include #include #include "ip.h" -#include "siphash.h" - -struct siphash_state; /** union inany_addr - Represents either an IPv4 or IPv6 address * @a6: Address as an IPv6 address, may be IPv4-mapped @@ -299,17 +298,6 @@ static inline int inany_from_sockaddr(union inany_addr *dst, in_port_t *port, return -1; } -/** inany_siphash_feed- Fold IPv[46] address into an in-progress siphash - * @state: siphash state - * @aa: inany to hash - */ -static inline void inany_siphash_feed(struct siphash_state *state, - const union inany_addr *aa) -{ - siphash_feed(state, (uint64_t)aa->u32[0] << 32 | aa->u32[1]); - siphash_feed(state, (uint64_t)aa->u32[2] << 32 | aa->u32[3]); -} - #define INANY_ADDRSTRLEN MAX(INET_ADDRSTRLEN, INET6_ADDRSTRLEN) bool inany_matches(const union inany_addr *a, const union inany_addr *b); diff --git a/iov.c b/iov.c index ae074393..d291ee51 100644 --- a/iov.c +++ b/iov.c @@ -24,6 +24,7 @@ #include #include +#include "common.h" #include "util.h" #include "iov.h" diff --git a/siphash.h b/siphash.h index bbddcac0..313b8947 100644 --- a/siphash.h +++ b/siphash.h @@ -47,6 +47,8 @@ #include #include +#include "inany.h" + /** * struct siphash_state - Internal state of siphash calculation */ @@ -101,6 +103,17 @@ static inline void siphash_feed(struct siphash_state *state, uint64_t in) state->v[0] ^= in; } +/** siphash_feed_inany() - Fold IPv[46] address into an in-progress siphash + * @state: siphash state + * @aa: inany to hash + */ +static inline void siphash_feed_inany(struct siphash_state *state, + const union inany_addr *aa) +{ + siphash_feed(state, (uint64_t)aa->u32[0] << 32 | aa->u32[1]); + siphash_feed(state, (uint64_t)aa->u32[2] << 32 | aa->u32[3]); +} + /** * siphash_final() - Finalize SipHash calculations * @v: siphash state (4 x 64-bit integers) diff --git a/util.h b/util.h index 5357814c..45792f46 100644 --- a/util.h +++ b/util.h @@ -28,13 +28,6 @@ #define IP_MAX_MTU USHRT_MAX #endif -#ifndef MIN -#define MIN(x, y) (((x) < (y)) ? (x) : (y)) -#endif -#ifndef MAX -#define MAX(x, y) (((x) > (y)) ? (x) : (y)) -#endif - #define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) #define DIV_ROUND_CLOSEST(n, d) (((n) + (d) / 2) / (d)) #define ROUND_DOWN(x, y) ((x) & ~((y) - 1)) diff --git a/virtio.c b/virtio.c index b283de66..bc0bb2fc 100644 --- a/virtio.c +++ b/virtio.c @@ -80,6 +80,7 @@ #include #include +#include "common.h" #include "util.h" #include "virtio.h" #include "vhost_user.h" -- 2.53.0

Implement serialisation of our current forwarding rules in conf.c, deserialising it to display in the pesto client. Signed-off-by: David Gibson --- conf.c | 44 +++++++++++++++++++++++++++++++ fwd_rule.c | 40 ++++++++++++++++++++++++++++ fwd_rule.h | 3 +++ pesto.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 4 files changed, 160 insertions(+), 4 deletions(-) diff --git a/conf.c b/conf.c index b878db94..7f311914 100644 --- a/conf.c +++ b/conf.c @@ -2338,6 +2338,47 @@ static int conf_send_pifs(const struct ctx *c, int fd) return 0; } +/** + * conf_send_rules() - Send current forwarding rules to dynamic update client (pesto) + * @c: Execution context + * @fd: Socket to the client + * + * Return: 0 on success, -1 on failure + */ +static int conf_send_rules(const struct ctx *c, int fd) +{ + unsigned pif; + + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { + const struct fwd_table *fwd = c->fwd[pif]; + unsigned i; + + if (!fwd) + continue; + + assert(pif); + + /* PIF id */ + if (write_u8(fd, pif)) + return -1; + + /* Number of rules */ + if (write_u32(fd, fwd->count)) + return -1; + + for (i = 0; i < fwd->count; i++) { + if (fwd_rule_write(fd, &fwd->rules[i].rule)) + return -1; + } + } + + /* Write 0 PIF id to finish */ + if (write_u8(fd, 0)) + return -1; + + return 0; +} + /** * conf_listen_handler() - Handle events on configuration listening socket * @c: Execution context @@ -2397,6 +2438,9 @@ void conf_listen_handler(struct ctx *c, uint32_t events) if (conf_send_pifs(c, fd) < 0) goto fail; + if (conf_send_rules(c, fd) < 0) + goto fail; + return; fail: diff --git a/fwd_rule.c b/fwd_rule.c index dfbdf683..b2ed9b3b 100644 --- a/fwd_rule.c +++ b/fwd_rule.c @@ -17,6 +17,8 @@ #include +#include "serialise.h" + #include "fwd_rule.h" /** @@ -71,3 +73,41 @@ const char *fwd_rule_ntop(const struct fwd_rule *rule, char *dst, size_t size) return dst; } + +/** + * fwd_rule_read() - Read serialised rule from an fd + * @fd: fd to serialise to + * @rule: Buffer to store rule into + * + * Return: 0 on success, -1 on error (with errno set) + */ +int fwd_rule_read(int fd, struct fwd_rule *rule) +{ + if (read_all_buf(fd, rule, sizeof(*rule))) + return -1; + + /* Byteswap for host */ + rule->first = ntohs(rule->first); + rule->last = ntohs(rule->last); + rule->to = htons(rule->to); + return 0; +} + +/** + * fwd_rule_write() - Serialise rule to an fd + * @fd: fd to serialise to + * @rule: Rule to send + * + * Return: 0 on success, -1 on error (with errno set) + */ +int fwd_rule_write(int fd, const struct fwd_rule *rule) +{ + struct fwd_rule tmp = *rule; + + /* Byteswap for transport */ + tmp.first = htons(tmp.first); + tmp.last = htons(tmp.last); + tmp.to = htons(tmp.to); + + return write_all_buf(fd, &tmp, sizeof(tmp)); +} diff --git a/fwd_rule.h b/fwd_rule.h index 59db0e95..a4d54da0 100644 --- a/fwd_rule.h +++ b/fwd_rule.h @@ -53,4 +53,7 @@ const union inany_addr *fwd_rule_addr(const struct fwd_rule *rule); + 15) const char *fwd_rule_ntop(const struct fwd_rule *rule, char *dst, size_t size); +int fwd_rule_read(int fd, struct fwd_rule *rule); +int fwd_rule_write(int fd, const struct fwd_rule *rule); + #endif /* FWD_RULE_H */ diff --git a/pesto.c b/pesto.c index ed4f2aab..11447575 100644 --- a/pesto.c +++ b/pesto.c @@ -34,6 +34,7 @@ #include "common.h" #include "seccomp_pesto.h" #include "serialise.h" +#include "fwd_rule.h" #include "pesto.h" static int verbosity = 1; @@ -108,6 +109,8 @@ static const char *pesto_recv_str(int fd) struct pif_state { uint8_t pif; const char *name; + uint32_t count; + struct fwd_rule *rule; }; struct conf_state { @@ -119,7 +122,7 @@ struct conf_state { * pesto_read_pifs() - Read pif names and IDs from passt/pasta * @fd: Control socket */ -static const struct conf_state *pesto_read_pifs(int fd) +static struct conf_state *pesto_read_pifs(int fd) { uint32_t num; struct conf_state *state; @@ -146,18 +149,81 @@ static const struct conf_state *pesto_read_pifs(int fd) return state; } +/** + * find_pif_state() - Find the pif state structure for a given pif id + * @state: Rule state information + * @pif: pif id + * + * Return: pointer to the pif_state for @pif, or NULL if not found + */ +static struct pif_state *find_pif_state(struct conf_state *state, uint8_t pif) +{ + unsigned i; + + for (i = 0; i < state->npifs; i++) { + if (state->pif[i].pif == pif) + return &state->pif[i]; + } + + return NULL; +} + +/** + * pesto_read_rules() - Read a set of rules for one pif + * @fd: Control socket + * @state: Rule state information to update + * + * Return: true if there may be more rules to read, false if finished + */ +static bool pesto_read_rules(int fd, struct conf_state *state) +{ + struct pif_state *ps; + uint8_t pif; + unsigned i; + + if (read_u8(fd, &pif) < 0) + die("Error reading from control socket"); + + if (!pif) + return false; + + ps = find_pif_state(state, pif); + if (!ps) + die("Received rules for an unknown pif"); + + if (read_u32(fd, &ps->count) < 0) + die("Error reading from control socket"); + + debug("Receiving rules %"PRIu32" rules for %s", ps->count, ps->name); + + ps->rule = xmalloc(sizeof(*ps->rule) * ps->count); + + for (i = 0; i < ps->count; i++) { + if (fwd_rule_read(fd, &ps->rule[i]) < 0) + die("Error reading from control socket"); + } + + return true; +} + /** * show_state() - Show current rule state obtained from passt/pasta * @pifs: PIF name information */ static void show_state(const struct conf_state *state) { - unsigned i; + unsigned i, j; for (i = 0; i < state->npifs; i++) { const struct pif_state *ps = &state->pif[i]; printf("Forwarding rules for %s interface\n", ps->name); - printf("\tTBD\n"); + for (j = 0; j < ps->count; j++) { + const struct fwd_rule *rule = &ps->rule[j]; + char rulestr[FWD_RULE_STRLEN]; + + printf(" %s\n", fwd_rule_ntop(rule, rulestr, + sizeof(rulestr))); + } } } @@ -183,9 +249,9 @@ int main(int argc, char **argv) { 0 }, }; struct sockaddr_un a = { AF_UNIX, "" }; - const struct conf_state *state; const char *optstring = "vh"; struct pesto_hello hello; + struct conf_state *state; struct sock_fprog prog; int optname, ret, s; uint32_t s_version; @@ -266,6 +332,9 @@ int main(int argc, char **argv) state = pesto_read_pifs(s); + while (pesto_read_rules(s, state)) + ; + show_state(state); exit(0); -- 2.53.0

From: Stefano Brivio ...so that pesto can reuse functions parsing port forwarding specifications from ports.c: - checks on validity of some forwarding options (auto with pasta only all with passt only) move to the caller, conf() - some other checks (availability of IPv4, IPv6, SO_BINDTODEVICE) are now based on specific parameters passed to conf_ports() and conf_ports_range_except(), so that we don't need struct ctx there - bitmap operations and some convenience macros move to common.h - fwd_probe_ephemeral(), fwd_port_is_ephemeral(), and fwd_rule_add() move to ports.c and fwd_rule.c, without any renaming for the moment - forwarding table definitions move to fwd_rule.h - selection of the definition of some logging functions now depends on a gross but unintrusive hack, a PESTO define (this will needs a cleaner solution later) Signed-off-by: Stefano Brivio Message-ID: <20260322141843.4095972-2-sbrivio@redhat.com> Signed-off-by: David Gibson --- Makefile | 8 ++- common.h | 99 ++++++++++++++++++++++++++++ conf.c | 54 +++++++++++----- fwd.c | 162 ---------------------------------------------- fwd.h | 54 +--------------- fwd_rule.c | 95 ++++++++++++++++++++++++++- fwd_rule.h | 53 +++++++++++++++ lineread.c | 1 - log.h | 33 ++++++++++ pesto.c | 21 ++---- ports.c | 185 ++++++++++++++++++++++++++++++++++++----------------- ports.h | 29 ++++++--- util.c | 84 ------------------------ util.h | 18 ------ 14 files changed, 474 insertions(+), 422 deletions(-) diff --git a/Makefile b/Makefile index 47d4c950..b6b6a823 100644 --- a/Makefile +++ b/Makefile @@ -45,12 +45,13 @@ PASST_SRCS = arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c epoll_ctl.c \ vhost_user.c virtio.c vu_common.c QRAP_SRCS = qrap.c PASST_REPAIR_SRCS = passt-repair.c -PESTO_SRCS = pesto.c fwd_rule.c inany.c ip.c serialise.c +PESTO_SRCS = pesto.c fwd_rule.c inany.c ip.c serialise.c ports.c lineread.c SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS) $(PESTO_SRCS) MANPAGES = passt.1 pasta.1 pesto.1 qrap.1 passt-repair.1 -PESTO_HEADERS = common.h fwd_rule.h inany.h ip.h pesto.h serialise.h +PESTO_HEADERS = common.h fwd_rule.h inany.h ip.h pesto.h serialise.h ports.h \ + lineread.h PASST_HEADERS = arch.h arp.h checksum.h conf.h dhcp.h dhcpv6.h epoll_ctl.h \ flow.h fwd.h flow_table.h icmp.h icmp_flow.h iov.h isolation.h \ lineread.h log.h migrate.h ndp.h netlink.h packet.h passt.h pasta.h \ @@ -117,7 +118,8 @@ passt-repair: $(PASST_REPAIR_SRCS) seccomp_repair.h $(CC) $(FLAGS) $(CFLAGS) $(CPPFLAGS) $(PASST_REPAIR_SRCS) -o passt-repair $(LDFLAGS) pesto: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h - $(CC) $(FLAGS) $(CFLAGS) $(CPPFLAGS) $(PESTO_SRCS) -o pesto $(LDFLAGS) + $(CC) $(FLAGS) $(CFLAGS) $(CPPFLAGS) $(PESTO_SRCS) -DPESTO -o pesto \ + $(LDFLAGS) valgrind: EXTRA_SYSCALLS += rt_sigprocmask rt_sigtimedwait rt_sigaction \ rt_sigreturn getpid gettid kill clock_gettime \ diff --git a/common.h b/common.h index 7d37b926..43b14558 100644 --- a/common.h +++ b/common.h @@ -8,6 +8,9 @@ #ifndef COMMON_H #define COMMON_H +#include +#include + #define VERSION_BLOB \ VERSION "\n" \ "Copyright Red Hat\n" \ @@ -19,6 +22,8 @@ /* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */ #define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__) +#define ARRAY_SIZE(a) ((int)(sizeof(a) / sizeof((a)[0]))) + #ifndef MIN #define MIN(x, y) (((x) < (y)) ? (x) : (y)) #endif @@ -26,7 +31,13 @@ #define MAX(x, y) (((x) > (y)) ? (x) : (y)) #endif +#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) +#define DIV_ROUND_CLOSEST(n, d) (((n) + (d) / 2) / (d)) +#define ROUND_DOWN(x, y) ((x) & ~((y) - 1)) +#define ROUND_UP(x, y) (((x) + (y) - 1) & ~((y) - 1)) + #define BIT(n) (1UL << (n)) +#define MAX_FROM_BITS(n) (((1U << (n)) - 1)) #ifndef __bswap_constant_16 #define __bswap_constant_16(x) \ @@ -76,4 +87,92 @@ #define ntohll(x) (be64toh((x))) #define htonll(x) (htobe64((x))) +#define BITMAP_BIT(n) (BIT((n) % (sizeof(long) * 8))) +#define BITMAP_WORD(n) (n / (sizeof(long) * 8)) + +/** + * bitmap_set() - Set single bit in bitmap + * @map: Pointer to bitmap + * @bit: Bit number to set + */ +static inline void bitmap_set(uint8_t *map, unsigned bit) +{ + unsigned long *word = (unsigned long *)map + BITMAP_WORD(bit); + + *word |= BITMAP_BIT(bit); +} + +/** + * bitmap_clear() - Clear single bit in bitmap + * @map: Pointer to bitmap + * @bit: Bit number to clear + */ +/* cppcheck-suppress unusedFunction */ +static inline void bitmap_clear(uint8_t *map, unsigned bit) +{ + unsigned long *word = (unsigned long *)map + BITMAP_WORD(bit); + + *word &= ~BITMAP_BIT(bit); +} + +/** + * bitmap_isset() - Check for set bit in bitmap + * @map: Pointer to bitmap + * @bit: Bit number to check + * + * Return: true if given bit is set, false if it's not + */ +static inline bool bitmap_isset(const uint8_t *map, unsigned bit) +{ + const unsigned long *word + = (const unsigned long *)map + BITMAP_WORD(bit); + + return !!(*word & BITMAP_BIT(bit)); +} + +/** + * bitmap_or() - Logical disjunction (OR) of two bitmaps + * @dst: Pointer to result bitmap + * @size: Size of bitmaps, in bytes + * @a: First operand + * @b: Second operand + */ +/* cppcheck-suppress unusedFunction */ +static inline void bitmap_or(uint8_t *dst, size_t size, + const uint8_t *a, const uint8_t *b) +{ + unsigned long *dw = (unsigned long *)dst; + unsigned long *aw = (unsigned long *)a; + unsigned long *bw = (unsigned long *)b; + size_t i; + + for (i = 0; i < size / sizeof(long); i++, dw++, aw++, bw++) + *dw = *aw | *bw; + + for (i = size / sizeof(long) * sizeof(long); i < size; i++) + dst[i] = a[i] | b[i]; +} + +/** + * bitmap_and_not() - Logical conjunction with complement (AND NOT) of bitmap + * @dst: Pointer to result bitmap + * @size: Size of bitmaps, in bytes + * @a: First operand + * @b: Second operand + */ +static inline void bitmap_and_not(uint8_t *dst, size_t size, + const uint8_t *a, const uint8_t *b) +{ + unsigned long *dw = (unsigned long *)dst; + unsigned long *aw = (unsigned long *)a; + unsigned long *bw = (unsigned long *)b; + size_t i; + + for (i = 0; i < size / sizeof(long); i++, dw++, aw++, bw++) + *dw = *aw & ~*bw; + + for (i = size / sizeof(long) * sizeof(long); i < size; i++) + dst[i] = a[i] & ~b[i]; +} + #endif /* _COMMON_H */ diff --git a/conf.c b/conf.c index 1ed1ee54..7f624db6 100644 --- a/conf.c +++ b/conf.c @@ -1851,18 +1851,36 @@ void conf(struct ctx *c, int argc, char **argv) do { name = getopt_long(argc, argv, optstring, options, NULL); + if (name != 't' && name != 'T' && name != 'u' && name != 'U') + continue; + + if ((name == 't' || name == 'T') && c->no_tcp) + die("TCP forwarding requested but TCP is disabled"); + if ((name == 'u' || name == 'U') && c->no_udp) + die("UDP forwarding requested but UDP is disabled"); + + if (!strcmp(optarg, "auto") && c->mode != MODE_PASTA) + die("'auto' port forwarding is only allowed for pasta"); + + if (!strcmp(optarg, "all") && c->mode == MODE_PASTA) + die("'all' port forwarding is only allowed for passt"); + if (name == 't') { - conf_ports(c, name, optarg, c->fwd[PIF_HOST], - &tcp_in_mode); + conf_ports(name, optarg, c->fwd[PIF_HOST], + &tcp_in_mode, !c->no_bindtodevice, + !!c->ifi4, !!c->ifi6); } else if (name == 'u') { - conf_ports(c, name, optarg, c->fwd[PIF_HOST], - &udp_in_mode); + conf_ports(name, optarg, c->fwd[PIF_HOST], + &udp_in_mode, !c->no_bindtodevice, + !!c->ifi4, !!c->ifi6); } else if (name == 'T') { - conf_ports(c, name, optarg, c->fwd[PIF_SPLICE], - &tcp_out_mode); + conf_ports(name, optarg, c->fwd[PIF_SPLICE], + &tcp_out_mode, !c->no_bindtodevice, + !!c->ifi4, !!c->ifi6); } else if (name == 'U') { - conf_ports(c, name, optarg, c->fwd[PIF_SPLICE], - &udp_out_mode); + conf_ports(name, optarg, c->fwd[PIF_SPLICE], + &udp_out_mode, !c->no_bindtodevice, + !!c->ifi4, !!c->ifi6); } } while (name != -1); @@ -1922,24 +1940,28 @@ void conf(struct ctx *c, int argc, char **argv) udp_out_mode = fwd_default; if (tcp_in_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 't', "auto", c->fwd[PIF_HOST], + conf_ports_range_except('t', "auto", c->fwd[PIF_HOST], NULL, NULL, 1, NUM_PORTS - 1, NULL, 1, - FWD_SCAN); + FWD_SCAN, !c->no_bindtodevice, + !!c->ifi4, !!c->ifi6); } if (tcp_out_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 'T', "auto", c->fwd[PIF_SPLICE], + conf_ports_range_except('T', "auto", c->fwd[PIF_SPLICE], NULL, "lo", 1, NUM_PORTS - 1, NULL, 1, - FWD_SCAN); + FWD_SCAN, !c->no_bindtodevice, + !!c->ifi4, !!c->ifi6); } if (udp_in_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 'u', "auto", c->fwd[PIF_HOST], + conf_ports_range_except('u', "auto", c->fwd[PIF_HOST], NULL, NULL, 1, NUM_PORTS - 1, NULL, 1, - FWD_SCAN); + FWD_SCAN, !c->no_bindtodevice, + !!c->ifi4, !!c->ifi6); } if (udp_out_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 'U', "auto", c->fwd[PIF_SPLICE], + conf_ports_range_except('U', "auto", c->fwd[PIF_SPLICE], NULL, "lo", 1, NUM_PORTS - 1, NULL, 1, - FWD_SCAN); + FWD_SCAN, !c->no_bindtodevice, + !!c->ifi4, !!c->ifi6); } conf_sock_listen(c); diff --git a/fwd.c b/fwd.c index 20409c62..4592af25 100644 --- a/fwd.c +++ b/fwd.c @@ -34,12 +34,6 @@ #include "arp.h" #include "ndp.h" -/* Ephemeral port range: values from RFC 6335 */ -static in_port_t fwd_ephemeral_min = (1 << 15) + (1 << 14); -static in_port_t fwd_ephemeral_max = NUM_PORTS - 1; - -#define PORT_RANGE_SYSCTL "/proc/sys/net/ipv4/ip_local_port_range" - #define NEIGH_TABLE_SLOTS 1024 #define NEIGH_TABLE_SIZE (NEIGH_TABLE_SLOTS / 2) static_assert((NEIGH_TABLE_SLOTS & (NEIGH_TABLE_SLOTS - 1)) == 0, @@ -249,73 +243,6 @@ void fwd_neigh_table_init(const struct ctx *c) fwd_neigh_table_update(c, &mga, c->our_tap_mac, true); } -/** fwd_probe_ephemeral() - Determine what ports this host considers ephemeral - * - * Work out what ports the host thinks are emphemeral and record it for later - * use by fwd_port_is_ephemeral(). If we're unable to probe, assume the range - * recommended by RFC 6335. - */ -void fwd_probe_ephemeral(void) -{ - char *line, *tab, *end; - struct lineread lr; - long min, max; - ssize_t len; - int fd; - - fd = open(PORT_RANGE_SYSCTL, O_RDONLY | O_CLOEXEC); - if (fd < 0) { - warn_perror("Unable to open %s", PORT_RANGE_SYSCTL); - return; - } - - lineread_init(&lr, fd); - len = lineread_get(&lr, &line); - close(fd); - - if (len < 0) - goto parse_err; - - tab = strchr(line, '\t'); - if (!tab) - goto parse_err; - *tab = '\0'; - - errno = 0; - min = strtol(line, &end, 10); - if (*end || errno) - goto parse_err; - - errno = 0; - max = strtol(tab + 1, &end, 10); - if (*end || errno) - goto parse_err; - - if (min < 0 || min >= (long)NUM_PORTS || - max < 0 || max >= (long)NUM_PORTS) - goto parse_err; - - fwd_ephemeral_min = min; - fwd_ephemeral_max = max; - - return; - -parse_err: - warn("Unable to parse %s", PORT_RANGE_SYSCTL); -} - -/** - * fwd_port_map_ephemeral() - Mark ephemeral ports in a bitmap - * @map: Bitmap to update - */ -void fwd_port_map_ephemeral(uint8_t *map) -{ - unsigned port; - - for (port = fwd_ephemeral_min; port <= fwd_ephemeral_max; port++) - bitmap_set(map, port); -} - /* Forwarding table storage, generally accessed via pointers in struct ctx */ static struct fwd_table fwd_in; static struct fwd_table fwd_out; @@ -331,95 +258,6 @@ void fwd_rule_init(struct ctx *c) c->fwd[PIF_SPLICE] = &fwd_out; } -/** - * fwd_rule_add() - Add a rule to a forwarding table - * @fwd: Table to add to - * @proto: Protocol to forward - * @flags: Flags for this entry - * @addr: Our address to forward (NULL for both 0.0.0.0 and ::) - * @ifname: Only forward from this interface name, if non-empty - * @first: First port number to forward - * @last: Last port number to forward - * @to: First port of target port range to map to - */ -void fwd_rule_add(struct fwd_table *fwd, uint8_t proto, uint8_t flags, - const union inany_addr *addr, const char *ifname, - in_port_t first, in_port_t last, in_port_t to) -{ - /* Flags which can be set from the caller */ - const uint8_t allowed_flags = FWD_WEAK | FWD_SCAN | FWD_DUAL_STACK_ANY; - unsigned num = (unsigned)last - first + 1; - struct fwd_rule_state *new; - unsigned i, port; - - assert(!(flags & ~allowed_flags)); - if (fwd->count >= ARRAY_SIZE(fwd->rules)) - die("Too many port forwarding ranges"); - if ((fwd->sock_count + num) > ARRAY_SIZE(fwd->socks)) - die("Too many listening sockets"); - - /* Passing a non-wildcard address with DUAL_STACK_ANY is a bug */ - assert(!(flags & FWD_DUAL_STACK_ANY) || !addr || - inany_equals(addr, &inany_any6)); - - /* Check for any conflicting entries */ - for (i = 0; i < fwd->count; i++) { - char newstr[INANY_ADDRSTRLEN], rulestr[INANY_ADDRSTRLEN]; - struct fwd_rule_state *rule = &fwd->rules[i]; - - if (proto != rule->rule.proto) - /* Non-conflicting protocols */ - continue; - - if (!inany_matches(addr, fwd_rule_addr(&rule->rule))) - /* Non-conflicting addresses */ - continue; - - if (last < rule->rule.first || rule->rule.last < first) - /* Port ranges don't overlap */ - continue; - - die("Forwarding configuration conflict: %s/%u-%u versus %s/%u-%u", - inany_ntop(addr, newstr, sizeof(newstr)), first, last, - inany_ntop(fwd_rule_addr(&rule->rule), - rulestr, sizeof(rulestr)), - rule->rule.first, rule->rule.last); - } - - new = &fwd->rules[fwd->count++]; - new->rule.proto = proto; - new->rule.flags = flags; - - if (addr) { - new->rule.addr = *addr; - } else { - new->rule.addr = inany_any6; - new->rule.flags |= FWD_DUAL_STACK_ANY; - } - - memset(new->rule.ifname, 0, sizeof(new->rule.ifname)); - if (ifname) { - int ret; - - ret = snprintf(new->rule.ifname, sizeof(new->rule.ifname), - "%s", ifname); - if (ret <= 0 || (size_t)ret >= sizeof(new->rule.ifname)) - die("Invalid interface name: %s", ifname); - } - - assert(first <= last); - new->rule.first = first; - new->rule.last = last; - - new->rule.to = to; - - new->socks = &fwd->socks[fwd->sock_count]; - fwd->sock_count += num; - - for (port = new->rule.first; port <= new->rule.last; port++) - new->socks[port - new->rule.first] = -1; -} - /** * fwd_rule_match() - Does a prospective flow match a given forwarding rule? * @rule: Forwarding rule diff --git a/fwd.h b/fwd.h index d37f2cdc..a00fe52d 100644 --- a/fwd.h +++ b/fwd.h @@ -15,66 +15,14 @@ #include #include "inany.h" +#include "ports.h" #include "fwd_rule.h" struct flowside; -/* Number of ports for both TCP and UDP */ -#define NUM_PORTS (1U << 16) - void fwd_probe_ephemeral(void); void fwd_port_map_ephemeral(uint8_t *map); -/** - * struct fwd_rule_state - Forwarding rule and associated state - * @rule: Rule specification - * @socks: Array of listening sockets for this entry - */ -struct fwd_rule_state { - struct fwd_rule rule; - int *socks; -}; - -#define FWD_RULE_BITS 8 -#define MAX_FWD_RULES MAX_FROM_BITS(FWD_RULE_BITS) -#define FWD_NO_HINT (-1) - -/** - * struct fwd_listen_ref - information about a single listening socket - * @port: Bound port number of the socket - * @pif: pif in which the socket is listening - * @rule: Index of forwarding rule - */ -struct fwd_listen_ref { - in_port_t port; - uint8_t pif; - unsigned rule :FWD_RULE_BITS; -}; - -/* Maximum number of listening sockets (per pif) - * - * Rationale: This lets us listen on every port for two addresses and two - * protocols (which we need for -T auto -U auto without SO_BINDTODEVICE), plus a - * comfortable number of extras. - */ -#define MAX_LISTEN_SOCKS (NUM_PORTS * 5) - -/** - * struct fwd_table - Table of forwarding rules (per initiating pif) - * @count: Number of forwarding rules - * @rules: Array of forwarding rules - * @sock_count: Number of entries used in @socks - * @socks: Listening sockets for forwarding - */ -struct fwd_table { - unsigned count; - struct fwd_rule_state rules[MAX_FWD_RULES]; - unsigned sock_count; - int socks[MAX_LISTEN_SOCKS]; -}; - -#define PORT_BITMAP_SIZE DIV_ROUND_UP(NUM_PORTS, 8) - /** * struct fwd_scan - Port scanning state for a protocol+direction * @scan4: /proc/net fd to scan for IPv4 ports when in AUTO mode diff --git a/fwd_rule.c b/fwd_rule.c index b2ed9b3b..5eabd0ad 100644 --- a/fwd_rule.c +++ b/fwd_rule.c @@ -18,8 +18,9 @@ #include #include "serialise.h" - +#include "ports.h" #include "fwd_rule.h" +#include "log.h" /** * fwd_rule_addr() - Return match address for a rule @@ -75,7 +76,97 @@ const char *fwd_rule_ntop(const struct fwd_rule *rule, char *dst, size_t size) } /** - * fwd_rule_read() - Read serialised rule from an fd + * fwd_rule_add() - Add a rule to a forwarding table + * @fwd: Table to add to + * @proto: Protocol to forward + * @flags: Flags for this entry + * @addr: Our address to forward (NULL for both 0.0.0.0 and ::) + * @ifname: Only forward from this interface name, if non-empty + * @first: First port number to forward + * @last: Last port number to forward + * @to: First port of target port range to map to + */ +void fwd_rule_add(struct fwd_table *fwd, uint8_t proto, uint8_t flags, + const union inany_addr *addr, const char *ifname, + in_port_t first, in_port_t last, in_port_t to) +{ + /* Flags which can be set from the caller */ + const uint8_t allowed_flags = FWD_WEAK | FWD_SCAN | FWD_DUAL_STACK_ANY; + unsigned num = (unsigned)last - first + 1; + struct fwd_rule_state *new; + unsigned i, port; + + assert(!(flags & ~allowed_flags)); + + if (fwd->count >= ARRAY_SIZE(fwd->rules)) + die("Too many port forwarding ranges"); + if ((fwd->sock_count + num) > ARRAY_SIZE(fwd->socks)) + die("Too many listening sockets"); + + /* Passing a non-wildcard address with DUAL_STACK_ANY is a bug */ + assert(!(flags & FWD_DUAL_STACK_ANY) || !addr || + inany_equals(addr, &inany_any6)); + + /* Check for any conflicting entries */ + for (i = 0; i < fwd->count; i++) { + char newstr[INANY_ADDRSTRLEN], rulestr[INANY_ADDRSTRLEN]; + struct fwd_rule_state *rule = &fwd->rules[i]; + + if (proto != rule->rule.proto) + /* Non-conflicting protocols */ + continue; + + if (!inany_matches(addr, fwd_rule_addr(&rule->rule))) + /* Non-conflicting addresses */ + continue; + + if (last < rule->rule.first || rule->rule.last < first) + /* Port ranges don't overlap */ + continue; + + die("Forwarding configuration conflict: %s/%u-%u versus %s/%u-%u", + inany_ntop(addr, newstr, sizeof(newstr)), first, last, + inany_ntop(fwd_rule_addr(&rule->rule), + rulestr, sizeof(rulestr)), + rule->rule.first, rule->rule.last); + } + + new = &fwd->rules[fwd->count++]; + new->rule.proto = proto; + new->rule.flags = flags; + + if (addr) { + new->rule.addr = *addr; + } else { + new->rule.addr = inany_any6; + new->rule.flags |= FWD_DUAL_STACK_ANY; + } + + memset(new->rule.ifname, 0, sizeof(new->rule.ifname)); + if (ifname) { + int ret; + + ret = snprintf(new->rule.ifname, sizeof(new->rule.ifname), + "%s", ifname); + if (ret <= 0 || (size_t)ret >= sizeof(new->rule.ifname)) + die("Invalid interface name: %s", ifname); + } + + assert(first <= last); + new->rule.first = first; + new->rule.last = last; + + new->rule.to = to; + + new->socks = &fwd->socks[fwd->sock_count]; + fwd->sock_count += num; + + for (port = new->rule.first; port <= new->rule.last; port++) + new->socks[port - new->rule.first] = -1; +} + +/** + * fwd_rule_read() - Read erialised rule from an fd * @fd: fd to serialise to * @rule: Buffer to store rule into * diff --git a/fwd_rule.h b/fwd_rule.h index a4d54da0..879ff19b 100644 --- a/fwd_rule.h +++ b/fwd_rule.h @@ -42,7 +42,60 @@ struct fwd_rule { uint8_t flags; }; +/** + * struct fwd_rule_state - Forwarding rule and associated state + * @rule: Rule specification + * @socks: Array of listening sockets for this entry + */ +struct fwd_rule_state { + struct fwd_rule rule; + int *socks; +}; + +#define FWD_RULE_BITS 8 +#define MAX_FWD_RULES MAX_FROM_BITS(FWD_RULE_BITS) +#define FWD_NO_HINT (-1) + +/** + * struct fwd_listen_ref - information about a single listening socket + * @port: Bound port number of the socket + * @pif: pif in which the socket is listening + * @rule: Index of forwarding rule + */ +struct fwd_listen_ref { + in_port_t port; + uint8_t pif; + unsigned rule :FWD_RULE_BITS; +}; + +/* Maximum number of listening sockets (per pif) + * + * Rationale: This lets us listen on every port for two addresses and two + * protocols (which we need for -T auto -U auto without SO_BINDTODEVICE), plus a + * comfortable number of extras. + */ +#define MAX_LISTEN_SOCKS (NUM_PORTS * 5) + +/** + * struct fwd_table - Table of forwarding rules (per initiating pif) + * @count: Number of forwarding rules + * @rules: Array of forwarding rules + * @sock_count: Number of entries used in @socks + * @socks: Listening sockets for forwarding + */ +struct fwd_table { + unsigned count; + struct fwd_rule_state rules[MAX_FWD_RULES]; + unsigned sock_count; + int socks[MAX_LISTEN_SOCKS]; +}; + +#define PORT_BITMAP_SIZE DIV_ROUND_UP(NUM_PORTS, 8) + const union inany_addr *fwd_rule_addr(const struct fwd_rule *rule); +void fwd_rule_add(struct fwd_table *fwd, uint8_t proto, uint8_t flags, + const union inany_addr *addr, const char *ifname, + in_port_t first, in_port_t last, in_port_t to); #define FWD_RULE_STRLEN \ (IPPROTO_STRLEN - 1 \ diff --git a/lineread.c b/lineread.c index b9ceae10..ae495a4f 100644 --- a/lineread.c +++ b/lineread.c @@ -20,7 +20,6 @@ #include #include "lineread.h" -#include "util.h" /** * lineread_init() - Prepare for line by line file reading without allocation diff --git a/log.h b/log.h index 6ceb6862..e2657ef7 100644 --- a/log.h +++ b/log.h @@ -7,10 +7,42 @@ #define LOG_H #include +#include #include #include #include +#ifdef PESTO +extern int verbosity; + +#define die(...) \ + do { \ + FPRINTF(stderr, __VA_ARGS__); \ + FPRINTF(stderr, "\n"); \ + exit(EXIT_FAILURE); \ + } while (0) + +#define warn(...) \ + do { \ + FPRINTF(stderr, __VA_ARGS__); \ + FPRINTF(stderr, "\n"); \ + } while (0) + +#define warn_perror(...) \ + do { \ + FPRINTF(stderr, __VA_ARGS__); \ + FPRINTF(stderr, ": %i", errno); \ + } while (0) + +#define debug(...) \ + do { \ + if (verbosity > 1) { \ + FPRINTF(stderr, __VA_ARGS__); \ + FPRINTF(stderr, "\n"); \ + } \ + } while (0) +#else + /* This would make more sense in util.h, but because we use it in die(), that * would cause awkward circular reference problems. */ @@ -65,4 +97,5 @@ void __openlog(const char *ident, int option, int facility); void logfile_init(const char *name, const char *path, size_t size); void __setlogmask(int mask); +#endif /* !PESTO */ #endif /* LOG_H */ diff --git a/pesto.c b/pesto.c index 11447575..aa1d584c 100644 --- a/pesto.c +++ b/pesto.c @@ -34,25 +34,12 @@ #include "common.h" #include "seccomp_pesto.h" #include "serialise.h" +#include "ports.h" #include "fwd_rule.h" #include "pesto.h" +#include "log.h" -static int verbosity = 1; - -#define die(...) \ - do { \ - FPRINTF(stderr, __VA_ARGS__); \ - FPRINTF(stderr, "\n"); \ - exit(EXIT_FAILURE); \ - } while (0) - -#define debug(...) \ - do { \ - if (verbosity > 1) { \ - FPRINTF(stderr, __VA_ARGS__); \ - FPRINTF(stderr, "\n"); \ - } \ - } while (0) +int verbosity = 1; /** * xmalloc() - Allocate memory, with fatal error on failure @@ -234,7 +221,7 @@ static void show_state(const struct conf_state *state) * * Return: 0 on success, won't return on failure * - * #syscalls:pesto connect write close exit_group fstat brk + * #syscalls:pesto connect write close exit_group fstat brk getrandom * #syscalls:pesto socket s390x:socketcall i686:socketcall * #syscalls:pesto recvfrom recvmsg arm:recv ppc64le:recv * #syscalls:pesto sendto sendmsg arm:send ppc64le:send diff --git a/ports.c b/ports.c index 79abafc9..6e33f3f8 100644 --- a/ports.c +++ b/ports.c @@ -26,19 +26,92 @@ #include #include #include +#include #include #include #include #include #include +#include "lineread.h" #include "common.h" -#include "util.h" -#include "ip.h" -#include "passt.h" -#include "common.h" -#include "pesto.h" #include "ports.h" +#include "fwd_rule.h" +#include "log.h" +#include "pesto.h" + +/* Ephemeral port range: values from RFC 6335 */ +static in_port_t fwd_ephemeral_min = (1 << 15) + (1 << 14); +static in_port_t fwd_ephemeral_max = NUM_PORTS - 1; + +#define PORT_RANGE_SYSCTL "/proc/sys/net/ipv4/ip_local_port_range" + +/** fwd_probe_ephemeral() - Determine what ports this host considers ephemeral + * + * Work out what ports the host thinks are emphemeral and record it for later + * use by fwd_port_is_ephemeral(). If we're unable to probe, assume the range + * recommended by RFC 6335. + */ +void fwd_probe_ephemeral(void) +{ + char *line, *tab, *end; + struct lineread lr; + long min, max; + ssize_t len; + int fd; + + fd = open(PORT_RANGE_SYSCTL, O_RDONLY | O_CLOEXEC); + if (fd < 0) { + warn_perror("Unable to open %s", PORT_RANGE_SYSCTL); + return; + } + + lineread_init(&lr, fd); + len = lineread_get(&lr, &line); + close(fd); + + if (len < 0) + goto parse_err; + + tab = strchr(line, '\t'); + if (!tab) + goto parse_err; + *tab = '\0'; + + errno = 0; + min = strtol(line, &end, 10); + if (*end || errno) + goto parse_err; + + errno = 0; + max = strtol(tab + 1, &end, 10); + if (*end || errno) + goto parse_err; + + if (min < 0 || min >= (long)NUM_PORTS || + max < 0 || max >= (long)NUM_PORTS) + goto parse_err; + + fwd_ephemeral_min = min; + fwd_ephemeral_max = max; + + return; + +parse_err: + warn("Unable to parse %s", PORT_RANGE_SYSCTL); +} + +/** + * fwd_port_map_ephemeral() - Mark ephemeral ports in a bitmap + * @map: Bitmap to update + */ +static void fwd_port_map_ephemeral(uint8_t *map) +{ + unsigned port; + + for (port = fwd_ephemeral_min; port <= fwd_ephemeral_max; port++) + bitmap_set(map, port); +} /** * next_chunk() - Return the next piece of a string delimited by a character @@ -103,23 +176,27 @@ static int parse_port_range(const char *s, char **endptr, /** * conf_ports_range_except() - Set up forwarding for a range of ports minus a * bitmap of exclusions - * @c: Execution context - * @optname: Short option name, t, T, u, or U - * @optarg: Option argument (port specification) - * @fwd: Forwarding table to be updated - * @addr: Listening address - * @ifname: Listening interface - * @first: First port to forward - * @last: Last port to forward - * @exclude: Bitmap of ports to exclude (may be NULL) - * @to: Port to translate @first to when forwarding - * @flags: Flags for forwarding entries + * @optname: Short option name, t, T, u, or U + * @optarg: Option argument (port specification) + * @fwd: Forwarding table to be updated + * @addr: Listening address + * @ifname: Listening interface + * @first: First port to forward + * @last: Last port to forward + * @exclude: Bitmap of ports to exclude (may be NULL) + * @to: Port to translate @first to when forwarding + * @flags: Flags for forwarding entries + * @can_bindtodevice SO_BINDTODEVICE is available + * @v4_enabled IPv4 is enabled + * @v6_enabled IPv6 is enabled */ -void conf_ports_range_except(const struct ctx *c, char optname, - const char *optarg, struct fwd_table *fwd, - const union inany_addr *addr, - const char *ifname, uint16_t first, uint16_t last, - const uint8_t *exclude, uint16_t to, uint8_t flags) +void conf_ports_range_except(char optname, const char *optarg, + struct fwd_table *fwd, + const union inany_addr *addr, const char *ifname, + uint16_t first, uint16_t last, + const uint8_t *exclude, uint16_t to, uint8_t flags, + bool can_bindtodevice, + bool v4_enabled, bool v6_enabled) { unsigned delta = to - first; unsigned base, i; @@ -143,7 +220,7 @@ void conf_ports_range_except(const struct ctx *c, char optname, break; } - if ((optname == 'T' || optname == 'U') && c->no_bindtodevice) { + if ((optname == 'T' || optname == 'U') && !can_bindtodevice) { /* FIXME: Once the fwd bitmaps are removed, move this * workaround to the caller */ @@ -152,12 +229,12 @@ void conf_ports_range_except(const struct ctx *c, char optname, "SO_BINDTODEVICE unavailable, forwarding only 127.0.0.1 and ::1 for '-%c %s'", optname, optarg); - if (c->ifi4) { + if (v4_enabled) { fwd_rule_add(fwd, proto, flags, &inany_loopback4, NULL, base, i - 1, base + delta); } - if (c->ifi6) { + if (v6_enabled) { fwd_rule_add(fwd, proto, flags, &inany_loopback6, NULL, base, i - 1, base + delta); @@ -172,14 +249,17 @@ void conf_ports_range_except(const struct ctx *c, char optname, /** * conf_ports() - Parse port configuration options, initialise UDP/TCP sockets - * @c: Execution context - * @optname: Short option name, t, T, u, or U - * @optarg: Option argument (port specification) - * @fwd: Forwarding table to be updated - * @mode: Overall port forwarding mode (updated) + * @optname: Short option name, t, T, u, or U + * @optarg: Option argument (port specification) + * @fwd: Forwarding table to be updated + * @mode: Overall port forwarding mode (updated) + * @can_bindtodevice Whether SO_BINDTODEVICE is available + * @v4_enabled IPv4 is enabled + * @v6_enabled IPv6 is enabled */ -void conf_ports(const struct ctx *c, char optname, const char *optarg, - struct fwd_table *fwd, enum fwd_mode *mode) +void conf_ports(char optname, const char *optarg, struct fwd_table *fwd, + enum fwd_mode *mode, bool can_bindtodevice, + bool v4_enabled, bool v6_enabled) { union inany_addr addr_buf = inany_any6, *addr = &addr_buf; char buf[BUFSIZ], *spec, *ifname = NULL, *p; @@ -194,19 +274,11 @@ void conf_ports(const struct ctx *c, char optname, const char *optarg, return; } - if ((optname == 't' || optname == 'T') && c->no_tcp) - die("TCP port forwarding requested but TCP is disabled"); - if ((optname == 'u' || optname == 'U') && c->no_udp) - die("UDP port forwarding requested but UDP is disabled"); - if (!strcmp(optarg, "auto")) { if (*mode) goto mode_conflict; - if (c->mode != MODE_PASTA) - die("'auto' port forwarding is only allowed for pasta"); - - if ((optname == 'T' || optname == 'U') && c->no_bindtodevice) { + if ((optname == 'T' || optname == 'U') && can_bindtodevice) { warn( "'-%c auto' enabled without unprivileged SO_BINDTODEVICE", optname); warn( @@ -220,18 +292,15 @@ void conf_ports(const struct ctx *c, char optname, const char *optarg, if (*mode) goto mode_conflict; - if (c->mode == MODE_PASTA) - die("'all' port forwarding is only allowed for passt"); - *mode = FWD_MODE_ALL; /* Exclude ephemeral ports */ fwd_port_map_ephemeral(exclude); - conf_ports_range_except(c, optname, optarg, fwd, - NULL, NULL, - 1, NUM_PORTS - 1, exclude, - 1, FWD_WEAK); + conf_ports_range_except(optname, optarg, fwd, NULL, NULL, + 1, NUM_PORTS - 1, exclude, 1, FWD_WEAK, + can_bindtodevice, + v4_enabled, v6_enabled); return; } @@ -283,10 +352,10 @@ void conf_ports(const struct ctx *c, char optname, const char *optarg, } if (addr) { - if (!c->ifi4 && inany_v4(addr)) { + if (!v4_enabled && inany_v4(addr)) { die("IPv4 is disabled, can't use -%c %s", optname, optarg); - } else if (!c->ifi6 && !inany_v4(addr)) { + } else if (!v6_enabled && !inany_v4(addr)) { die("IPv6 is disabled, can't use -%c %s", optname, optarg); } @@ -310,7 +379,7 @@ void conf_ports(const struct ctx *c, char optname, const char *optarg, goto bad; } while ((p = next_chunk(p, ','))); - if (ifname && c->no_bindtodevice) { + if (ifname && !can_bindtodevice) { die( "Device binding for '-%c %s' unsupported (requires kernel 5.7+)", optname, optarg); @@ -323,10 +392,10 @@ void conf_ports(const struct ctx *c, char optname, const char *optarg, /* Exclude ephemeral ports */ fwd_port_map_ephemeral(exclude); - conf_ports_range_except(c, optname, optarg, fwd, - addr, ifname, - 1, NUM_PORTS - 1, exclude, - 1, FWD_WEAK); + conf_ports_range_except(optname, optarg, fwd, addr, ifname, + 1, NUM_PORTS - 1, exclude, 1, FWD_WEAK, + can_bindtodevice, + v4_enabled, v6_enabled); return; } @@ -360,11 +429,11 @@ void conf_ports(const struct ctx *c, char optname, const char *optarg, optname, optarg); } - conf_ports_range_except(c, optname, optarg, fwd, - addr, ifname, + conf_ports_range_except(optname, optarg, fwd, addr, ifname, orig_range.first, orig_range.last, - exclude, - mapped_range.first, 0); + exclude, mapped_range.first, 0, + can_bindtodevice, + v4_enabled, v6_enabled); } while ((p = next_chunk(p, ','))); return; diff --git a/ports.h b/ports.h index 3ef50e69..ffe440ac 100644 --- a/ports.h +++ b/ports.h @@ -6,6 +6,13 @@ #ifndef PORTS_H #define PORTS_H +#include + +#include "inany.h" + +/* Number of ports for both TCP and UDP */ +#define NUM_PORTS (1U << 16) + /** * enum fwd_mode - Overall forwarding mode for a direction and protocol * @FWD_MODE_UNSET Initial value, not parsed/configured yet @@ -22,14 +29,20 @@ enum fwd_mode { FWD_MODE_ALL, }; -void conf_ports_range_except(const struct ctx *c, char optname, - const char *optarg, struct fwd_table *fwd, - const union inany_addr *addr, - const char *ifname, uint16_t first, uint16_t last, - const uint8_t *exclude, uint16_t to, - uint8_t flags); -void conf_ports(const struct ctx *c, char optname, const char *optarg, - struct fwd_table *fwd, enum fwd_mode *mode); +struct fwd_table; + +void fwd_probe_ephemeral(void); +bool fwd_port_is_ephemeral(in_port_t port); +void conf_ports_range_except(char optname, const char *optarg, + struct fwd_table *fwd, + const union inany_addr *addr, const char *ifname, + uint16_t first, uint16_t last, + const uint8_t *exclude, uint16_t to, uint8_t flags, + bool can_bindtodevice, + bool v4_enabled, bool v6_enabled); +void conf_ports(char optname, const char *optarg, struct fwd_table *fwd, + enum fwd_mode *mode, bool can_bindtodevice, + bool v4_enabled, bool v6_enabled); #endif /* PORTS_H */ diff --git a/util.c b/util.c index faa2c6a4..73c9d51d 100644 --- a/util.c +++ b/util.c @@ -367,90 +367,6 @@ long timespec_diff_ms(const struct timespec *a, const struct timespec *b) return timespec_diff_us(a, b) / 1000; } -/** - * bitmap_set() - Set single bit in bitmap - * @map: Pointer to bitmap - * @bit: Bit number to set - */ -void bitmap_set(uint8_t *map, unsigned bit) -{ - unsigned long *word = (unsigned long *)map + BITMAP_WORD(bit); - - *word |= BITMAP_BIT(bit); -} - -/** - * bitmap_clear() - Clear single bit in bitmap - * @map: Pointer to bitmap - * @bit: Bit number to clear - */ -/* cppcheck-suppress unusedFunction */ -void bitmap_clear(uint8_t *map, unsigned bit) -{ - unsigned long *word = (unsigned long *)map + BITMAP_WORD(bit); - - *word &= ~BITMAP_BIT(bit); -} - -/** - * bitmap_isset() - Check for set bit in bitmap - * @map: Pointer to bitmap - * @bit: Bit number to check - * - * Return: true if given bit is set, false if it's not - */ -bool bitmap_isset(const uint8_t *map, unsigned bit) -{ - const unsigned long *word - = (const unsigned long *)map + BITMAP_WORD(bit); - - return !!(*word & BITMAP_BIT(bit)); -} - -/** - * bitmap_or() - Logical disjunction (OR) of two bitmaps - * @dst: Pointer to result bitmap - * @size: Size of bitmaps, in bytes - * @a: First operand - * @b: Second operand - */ -/* cppcheck-suppress unusedFunction */ -void bitmap_or(uint8_t *dst, size_t size, const uint8_t *a, const uint8_t *b) -{ - unsigned long *dw = (unsigned long *)dst; - unsigned long *aw = (unsigned long *)a; - unsigned long *bw = (unsigned long *)b; - size_t i; - - for (i = 0; i < size / sizeof(long); i++, dw++, aw++, bw++) - *dw = *aw | *bw; - - for (i = size / sizeof(long) * sizeof(long); i < size; i++) - dst[i] = a[i] | b[i]; -} - -/** - * bitmap_and_not() - Logical conjunction with complement (AND NOT) of bitmap - * @dst: Pointer to result bitmap - * @size: Size of bitmaps, in bytes - * @a: First operand - * @b: Second operand - */ -void bitmap_and_not(uint8_t *dst, size_t size, - const uint8_t *a, const uint8_t *b) -{ - unsigned long *dw = (unsigned long *)dst; - unsigned long *aw = (unsigned long *)a; - unsigned long *bw = (unsigned long *)b; - size_t i; - - for (i = 0; i < size / sizeof(long); i++, dw++, aw++, bw++) - *dw = *aw & ~*bw; - - for (i = size / sizeof(long) * sizeof(long); i < size; i++) - dst[i] = a[i] & ~b[i]; -} - /** * ns_enter() - Enter configured user (unless already joined) and network ns * @c: Execution context diff --git a/util.h b/util.h index 8495ed9e..8e81a804 100644 --- a/util.h +++ b/util.h @@ -28,16 +28,6 @@ #define IP_MAX_MTU USHRT_MAX #endif -#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) -#define DIV_ROUND_CLOSEST(n, d) (((n) + (d) / 2) / (d)) -#define ROUND_DOWN(x, y) ((x) & ~((y) - 1)) -#define ROUND_UP(x, y) (((x) + (y) - 1) & ~((y) - 1)) - -#define MAX_FROM_BITS(n) (((1U << (n)) - 1)) - -#define BITMAP_BIT(n) (BIT((n) % (sizeof(long) * 8))) -#define BITMAP_WORD(n) (n / (sizeof(long) * 8)) - #define SWAP(a, b) \ do { \ __typeof__(a) __x = (a); (a) = (b); (b) = __x; \ @@ -82,8 +72,6 @@ void abort_with_msg(const char *fmt, ...) #define V6 1 #define IP_VERSIONS 2 -#define ARRAY_SIZE(a) ((int)(sizeof(a) / sizeof((a)[0]))) - #define foreach(item, array) \ for ((item) = (array); (item) - (array) < ARRAY_SIZE(array); (item)++) @@ -164,12 +152,6 @@ int sock_unix(char *sock_path); void sock_probe_features(struct ctx *c); long timespec_diff_ms(const struct timespec *a, const struct timespec *b); int64_t timespec_diff_us(const struct timespec *a, const struct timespec *b); -void bitmap_set(uint8_t *map, unsigned bit); -void bitmap_clear(uint8_t *map, unsigned bit); -bool bitmap_isset(const uint8_t *map, unsigned bit); -void bitmap_or(uint8_t *dst, size_t size, const uint8_t *a, const uint8_t *b); -void bitmap_and_not(uint8_t *dst, size_t size, - const uint8_t *a, const uint8_t *b); char *line_read(char *buf, size_t len, int fd); void ns_enter(const struct ctx *c); bool ns_is_init(void); -- 2.53.0

We can now receive updates to the forwarding rules from the pesto client and store them in a "pending" copy of the forwarding tables. Implement switching to using the new rules. The logic is in a new fwd_listen_switch(). For now this closes all listening sockets related to the old tables, swaps the active and pending tables, then listens based on the new tables. In future we look to improve this so that we don't temporarily stop listening on ports that both the old and new tables specify. Signed-off-by: David Gibson --- conf.c | 2 ++ fwd.c | 34 ++++++++++++++++++++++++++++++++++ fwd.h | 1 + 3 files changed, 37 insertions(+) diff --git a/conf.c b/conf.c index b4c2074e..b2c99a74 100644 --- a/conf.c +++ b/conf.c @@ -2164,6 +2164,8 @@ void conf_listen_handler(struct ctx *c, uint32_t events) fwd_rules_print(c->fwd_pending[i]); } + fwd_listen_switch(c); + return; fail: diff --git a/fwd.c b/fwd.c index d54a1f15..2f1479de 100644 --- a/fwd.c +++ b/fwd.c @@ -531,6 +531,40 @@ int fwd_listen_init(const struct ctx *c) return 0; } +/** + * fwd_listen_switch() - Switch from current to pending rules table + * @c: Execution context + */ +void fwd_listen_switch(struct ctx *c) +{ + struct fwd_table *tmp[PIF_NUM_TYPES]; + unsigned i; + + /* Stop listening on the old tables */ + for (i = 0; i < PIF_NUM_TYPES; i++) { + struct fwd_table *fwd = c->fwd[i]; + + if (!fwd) + continue; + + debug("Flushing %u old %s rules", fwd->count, pif_name(i)); + fwd_listen_close(fwd); + memset(fwd, 0, sizeof(*fwd)); + } + + /* Swap active and pending tables */ + static_assert(sizeof(tmp) == sizeof(c->fwd) && + sizeof(tmp) == sizeof(c->fwd_pending), + "Temporary has wrong size"); + memcpy(&tmp, (void *)c->fwd, sizeof(tmp)); + memcpy((void *)c->fwd, (void *)c->fwd_pending, sizeof(tmp)); + memcpy((void *)c->fwd_pending, &tmp, sizeof(tmp)); + + /* Start listening on the new tables */ + if (fwd_listen_init(c) < 0) + err("Error switching to new forwarding rules"); +} + /* See enum in kernel's include/net/tcp_states.h */ #define UDP_LISTEN 0x07 #define TCP_LISTEN 0x0a diff --git a/fwd.h b/fwd.h index a00fe52d..2e068f23 100644 --- a/fwd.h +++ b/fwd.h @@ -53,6 +53,7 @@ int fwd_listen_sync(const struct ctx *c, uint8_t pif, const struct fwd_scan *tcp, const struct fwd_scan *udp); void fwd_listen_close(const struct fwd_table *fwd); int fwd_listen_init(const struct ctx *c); +void fwd_listen_switch(struct ctx *c); bool nat_inbound(const struct ctx *c, const union inany_addr *addr, union inany_addr *translated); -- 2.53.0

On Mon, 23 Mar 2026 18:37:14 +1100 David Gibson wrote:

Currently we store the inbound (PIF_HOST) and outbound (PIF_SPLICE) forwarding tables in separate fields of struct ctx. In a number of places this requires somewhat awkward if or switch constructs to select the right table for updates. Conceptually simplify that by using an index of forwarding tables by pif, which as a bonus keeps track generically which pifs have implemented forwarding tables so far.

For now this doesn't simplify a lot textually, because many places that need this also have other special cases to apply by pif. It does simplify a few crucial places though, and we expect it will become more useful as the flexibility of the forwarding table is improved.

Signed-off-by: David Gibson --- conf.c | 58 +++++++++++++++++++++++++++++++------------------- flow.c | 22 +++++++------------ fwd.c | 65 ++++++++++++++++++++++++++++++--------------------------- fwd.h | 4 ++-- passt.h | 6 ++---- 5 files changed, 83 insertions(+), 72 deletions(-)

diff --git a/conf.c b/conf.c index b1ebb4a4..6ca61b74 100644 --- a/conf.c +++ b/conf.c @@ -1252,11 +1252,17 @@ dns6: } }

- info("Inbound forwarding:"); - fwd_rules_print(&c->fwd_in); - if (c->mode == MODE_PASTA) { - info("Outbound forwarding:"); - fwd_rules_print(&c->fwd_out); + for (i = 0; i < PIF_NUM_TYPES; i++) { + const char *dir = "Outbound"; + + if (!c->fwd[i]) + continue; + + if (i == PIF_HOST) + dir = "Inbound"; + + info("%s forwarding rules (%s):", dir, pif_name(i)); + fwd_rules_print(c->fwd[i]); } }

@@ -2154,18 +2160,24 @@ void conf(struct ctx *c, int argc, char **argv)

/* Forwarding options can be parsed now, after IPv4/IPv6 settings */ fwd_probe_ephemeral(); + fwd_rule_init(c); optind = 0; do { name = getopt_long(argc, argv, optstring, options, NULL);

- if (name == 't') - conf_ports(c, name, optarg, &c->fwd_in, &tcp_in_mode); - else if (name == 'u') - conf_ports(c, name, optarg, &c->fwd_in, &udp_in_mode); - else if (name == 'T') - conf_ports(c, name, optarg, &c->fwd_out, &tcp_out_mode); - else if (name == 'U') - conf_ports(c, name, optarg, &c->fwd_out, &udp_out_mode); + if (name == 't') { + conf_ports(c, name, optarg, c->fwd[PIF_HOST], + &tcp_in_mode); + } else if (name == 'u') { + conf_ports(c, name, optarg, c->fwd[PIF_HOST], + &udp_in_mode); + } else if (name == 'T') { + conf_ports(c, name, optarg, c->fwd[PIF_SPLICE], + &tcp_out_mode); + } else if (name == 'U') { + conf_ports(c, name, optarg, c->fwd[PIF_SPLICE], + &udp_out_mode); + } } while (name != -1);

if (c->mode == MODE_PASTA) @@ -2224,20 +2236,24 @@ void conf(struct ctx *c, int argc, char **argv) udp_out_mode = fwd_default;

if (tcp_in_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 't', "auto", &c->fwd_in, NULL, NULL, - 1, NUM_PORTS - 1, NULL, 1, FWD_SCAN); + conf_ports_range_except(c, 't', "auto", c->fwd[PIF_HOST], + NULL, NULL, 1, NUM_PORTS - 1, NULL, 1, + FWD_SCAN); } if (tcp_out_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 'T', "auto", &c->fwd_out, NULL, "lo", - 1, NUM_PORTS - 1, NULL, 1, FWD_SCAN); + conf_ports_range_except(c, 'T', "auto", c->fwd[PIF_SPLICE], + NULL, "lo", 1, NUM_PORTS - 1, NULL, 1, + FWD_SCAN); } if (udp_in_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 'u', "auto", &c->fwd_in, NULL, NULL, - 1, NUM_PORTS - 1, NULL, 1, FWD_SCAN); + conf_ports_range_except(c, 'u', "auto", c->fwd[PIF_HOST], + NULL, NULL, 1, NUM_PORTS - 1, NULL, 1, + FWD_SCAN); } if (udp_out_mode == FWD_MODE_AUTO) { - conf_ports_range_except(c, 'U', "auto", &c->fwd_out, NULL, "lo", - 1, NUM_PORTS - 1, NULL, 1, FWD_SCAN); + conf_ports_range_except(c, 'U', "auto", c->fwd[PIF_SPLICE], + NULL, "lo", 1, NUM_PORTS - 1, NULL, 1, + FWD_SCAN); }

if (!c->quiet) diff --git a/flow.c b/flow.c index c84857b2..2972ab87 100644 --- a/flow.c +++ b/flow.c @@ -503,10 +503,10 @@ struct flowside *flow_target(const struct ctx *c, union flow *flow, { char estr[INANY_ADDRSTRLEN], ostr[INANY_ADDRSTRLEN]; struct flow_common *f = &flow->f; + const struct fwd_table *fwd = c->fwd[f->pif[INISIDE]]; const struct flowside *ini = &f->side[INISIDE]; struct flowside *tgt = &f->side[TGTSIDE]; const struct fwd_rule *rule = NULL; - const struct fwd_table *fwd; uint8_t tgtpif = PIF_NONE;

assert(flow_new_entry == flow && f->state == FLOW_STATE_INI); @@ -514,6 +514,11 @@ struct flowside *flow_target(const struct ctx *c, union flow *flow, assert(f->pif[INISIDE] != PIF_NONE && f->pif[TGTSIDE] == PIF_NONE); assert(flow->f.state == FLOW_STATE_INI);

+ if (fwd) { + if (!(rule = fwd_rule_search(fwd, ini, proto, rule_hint))) + goto norule; + } + switch (f->pif[INISIDE]) { case PIF_TAP: memcpy(f->tap_omac, MAC_UNDEF, ETH_ALEN); @@ -521,20 +526,10 @@ struct flowside *flow_target(const struct ctx *c, union flow *flow, break;

case PIF_SPLICE: - fwd = &c->fwd_out; - - if (!(rule = fwd_rule_search(fwd, ini, proto, rule_hint))) - goto norule; -

Coverity Scan doesn't like this: /home/sbrivio/passt/flow.c:528:3: Type: Explicit null dereferenced (FORWARD_NULL) /home/sbrivio/passt/flow.c:508:2: 1. assign_zero: Assigning: "rule" = "NULL". /home/sbrivio/passt/flow.c:511:2: 2. path: Condition "flow_new_entry == flow", taking true branch. /home/sbrivio/passt/flow.c:511:2: 3. path: Condition "f->state == FLOW_STATE_INI", taking true branch. /home/sbrivio/passt/flow.c:512:2: 4. path: Condition "f->type == FLOW_TYPE_NONE", taking true branch. /home/sbrivio/passt/flow.c:513:2: 5. path: Condition "f->pif[0] != PIF_NONE", taking true branch. /home/sbrivio/passt/flow.c:513:2: 6. path: Condition "f->pif[1] == PIF_NONE", taking true branch. /home/sbrivio/passt/flow.c:514:2: 7. path: Condition "flow->f.state == FLOW_STATE_INI", taking true branch. /home/sbrivio/passt/flow.c:516:2: 8. path: Condition "fwd", taking false branch. /home/sbrivio/passt/flow.c:521:2: 9. path: Switch case value "PIF_SPLICE". /home/sbrivio/passt/flow.c:528:3: 10. var_deref_model: Passing null pointer "rule" to "fwd_nat_from_splice", which dereferences it. /home/sbrivio/passt/fwd.c:1095:2: 10.1. path: Condition "!inany_is_loopback(&ini->eaddr)", taking false branch. /home/sbrivio/passt/fwd.c:1095:2: 10.2. path: Condition "!inany_is_loopback(&ini->oaddr)", taking false branch. /home/sbrivio/passt/fwd.c:1112:2: 10.3. path: Condition "proto == IPPROTO_UDP", taking true branch. /home/sbrivio/passt/fwd.c:1116:2: 10.4. dereference: Dereferencing pointer "rule".

tgtpif = fwd_nat_from_splice(rule, proto, ini, tgt); break;

case PIF_HOST: - fwd = &c->fwd_in; - - if (!(rule = fwd_rule_search(fwd, ini, proto, rule_hint))) - goto norule; -

...and not this either: /home/sbrivio/passt/flow.c:532:3: Type: Explicit null dereferenced (FORWARD_NULL) /home/sbrivio/passt/flow.c:508:2: 1. assign_zero: Assigning: "rule" = "NULL". /home/sbrivio/passt/flow.c:511:2: 2. path: Condition "flow_new_entry == flow", taking true branch. /home/sbrivio/passt/flow.c:511:2: 3. path: Condition "f->state == FLOW_STATE_INI", taking true branch. /home/sbrivio/passt/flow.c:512:2: 4. path: Condition "f->type == FLOW_TYPE_NONE", taking true branch. /home/sbrivio/passt/flow.c:513:2: 5. path: Condition "f->pif[0] != PIF_NONE", taking true branch. /home/sbrivio/passt/flow.c:513:2: 6. path: Condition "f->pif[1] == PIF_NONE", taking true branch. /home/sbrivio/passt/flow.c:514:2: 7. path: Condition "flow->f.state == FLOW_STATE_INI", taking true branch. /home/sbrivio/passt/flow.c:516:2: 8. path: Condition "fwd", taking false branch. /home/sbrivio/passt/flow.c:521:2: 9. path: Switch case value "PIF_HOST". /home/sbrivio/passt/flow.c:532:3: 10. var_deref_model: Passing null pointer "rule" to "fwd_nat_from_host", which dereferences it. /home/sbrivio/passt/fwd.c:1173:2: 10.1. dereference: Dereferencing pointer "rule". I haven't checked why.

tgtpif = fwd_nat_from_host(c, rule, proto, ini, tgt); fwd_neigh_mac_get(c, &tgt->oaddr, f->tap_omac); break;

[...]

-- Stefano

On Mon, 23 Mar 2026 18:37:20 +1100 David Gibson wrote:

Add a control socket to passt/pasta for updating configuration at runtime. Add a tool (pesto) for communicating with the control socket.

For now this is a stub implementation that forms the connection and sends some version information, but nothing more. Example: ./pasta --debug --config-net -c /tmp/pasta.conf -t none ./pesto /tmp/pasta.conf

Signed-off-by: Stefano Brivio [dwg: Based on an early draft from Stefano] Signed-off-by: David Gibson --- .gitignore | 2 + Makefile | 30 +++++++---- common.h | 14 +++++ conf.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++++++- conf.h | 2 + epoll_type.h | 4 ++ log.c | 1 + passt.1 | 5 ++ passt.c | 9 ++++ passt.h | 6 +++ pesto.1 | 46 ++++++++++++++++ pesto.c | 113 ++++++++++++++++++++++++++++++++++++++ pesto.h | 34 ++++++++++++ serialise.c | 3 ++ util.h | 3 -- 15 files changed, 407 insertions(+), 15 deletions(-) create mode 100644 common.h create mode 100644 pesto.1 create mode 100644 pesto.c create mode 100644 pesto.h

diff --git a/.gitignore b/.gitignore index 3c16adc7..3e40d9f7 100644 --- a/.gitignore +++ b/.gitignore @@ -4,9 +4,11 @@ /pasta /pasta.avx2 /passt-repair +/pesto /qrap /pasta.1 /seccomp.h +/seccomp_pesto.h /seccomp_repair.h /c*.json README.plain.md diff --git a/Makefile b/Makefile index 5b6891d7..d085c9c1 100644 --- a/Makefile +++ b/Makefile @@ -44,17 +44,19 @@ PASST_SRCS = arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c epoll_ctl.c \ udp.c udp_flow.c udp_vu.c util.c vhost_user.c virtio.c vu_common.c QRAP_SRCS = qrap.c PASST_REPAIR_SRCS = passt-repair.c -SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS) +PESTO_SRCS = pesto.c serialise.c +SRCS = $(PASST_SRCS) $(QRAP_SRCS) $(PASST_REPAIR_SRCS) $(PESTO_SRCS)

-MANPAGES = passt.1 pasta.1 qrap.1 passt-repair.1 +MANPAGES = passt.1 pasta.1 pesto.1 qrap.1 passt-repair.1

+PESTO_HEADERS = common.h pesto.h serialise.h PASST_HEADERS = arch.h arp.h checksum.h conf.h dhcp.h dhcpv6.h epoll_ctl.h \ flow.h fwd.h flow_table.h icmp.h icmp_flow.h inany.h iov.h ip.h \ isolation.h lineread.h log.h migrate.h ndp.h netlink.h packet.h \ - passt.h pasta.h pcap.h pif.h repair.h serialise.h siphash.h tap.h tcp.h \ - tcp_buf.h tcp_conn.h tcp_internal.h tcp_splice.h tcp_vu.h udp.h \ - udp_flow.h udp_internal.h udp_vu.h util.h vhost_user.h virtio.h \ - vu_common.h + passt.h pasta.h pcap.h pif.h repair.h siphash.h tap.h tcp.h tcp_buf.h \ + tcp_conn.h tcp_internal.h tcp_splice.h tcp_vu.h udp.h udp_flow.h \ + udp_internal.h udp_vu.h util.h vhost_user.h virtio.h vu_common.h \ + $(PESTO_HEADERS) HEADERS = $(PASST_HEADERS) seccomp.h

C := \#include \nint main(){int a=getrandom(0, 0, 0);} @@ -75,9 +77,9 @@ mandir ?= $(datarootdir)/man man1dir ?= $(mandir)/man1

ifeq ($(TARGET_ARCH),x86_64) -BIN := passt passt.avx2 pasta pasta.avx2 qrap passt-repair +BIN := passt passt.avx2 pasta pasta.avx2 qrap passt-repair pesto else -BIN := passt pasta qrap passt-repair +BIN := passt pasta qrap passt-repair pesto endif

all: $(BIN) $(MANPAGES) docs @@ -91,6 +93,9 @@ seccomp.h: seccomp.sh $(PASST_SRCS) $(PASST_HEADERS) seccomp_repair.h: seccomp.sh $(PASST_REPAIR_SRCS) @ ARCH="$(TARGET_ARCH)" CC="$(CC)" ./seccomp.sh seccomp_repair.h $(PASST_REPAIR_SRCS)

+seccomp_pesto.h: seccomp.sh $(PESTO_SRCS) + @ ARCH="$(TARGET_ARCH)" CC="$(CC)" ./seccomp.sh seccomp_pesto.h $(PESTO_SRCS) + passt: $(PASST_SRCS) $(HEADERS) $(CC) $(FLAGS) $(CFLAGS) $(CPPFLAGS) $(PASST_SRCS) -o passt $(LDFLAGS)

@@ -110,6 +115,9 @@ qrap: $(QRAP_SRCS) passt.h passt-repair: $(PASST_REPAIR_SRCS) seccomp_repair.h $(CC) $(FLAGS) $(CFLAGS) $(CPPFLAGS) $(PASST_REPAIR_SRCS) -o passt-repair $(LDFLAGS)

+pesto: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h + $(CC) $(FLAGS) $(CFLAGS) $(CPPFLAGS) $(PESTO_SRCS) -o pesto $(LDFLAGS) + valgrind: EXTRA_SYSCALLS += rt_sigprocmask rt_sigtimedwait rt_sigaction \ rt_sigreturn getpid gettid kill clock_gettime \ mmap|mmap2 munmap open unlink gettimeofday futex \ @@ -119,7 +127,7 @@ valgrind: all

.PHONY: clean clean: - $(RM) $(BIN) *~ *.o seccomp.h seccomp_repair.h pasta.1 \ + $(RM) $(BIN) *~ *.o seccomp.h seccomp_repair.h seccomp_pesto.h pasta.1 \ passt.tar passt.tar.gz *.deb *.rpm \ passt.pid README.plain.md

@@ -173,11 +181,11 @@ docs: README.md done < README.md; \ ) > README.plain.md

-clang-tidy: $(PASST_SRCS) +clang-tidy: $(PASST_SRCS) $(PESTO_SRCS) clang-tidy $^ -- $(filter-out -pie,$(FLAGS) $(CFLAGS) $(CPPFLAGS)) \ -DCLANG_TIDY_58992

-cppcheck: $(PASST_SRCS) $(HEADERS) +cppcheck: $(PASST_SRCS) $(PESTO_SRCS) $(HEADERS) if cppcheck --check-level=exhaustive /dev/null > /dev/null 2>&1; then \ CPPCHECK_EXHAUSTIVE="--check-level=exhaustive"; \ else \ diff --git a/common.h b/common.h new file mode 100644 index 00000000..76a95609 --- /dev/null +++ b/common.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later + * Copyright Red Hat + * Author: David Gibson + * + * Definitions used by both passt/pasta and other tools + */ + +#ifndef COMMON_H +#define COMMON_H + +/* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */ +#define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__) + +#endif /* _COMMON_H */ diff --git a/conf.c b/conf.c index d4c2a013..5e8bc665 100644 --- a/conf.c +++ b/conf.c @@ -35,6 +35,7 @@ #include #include

+#include "common.h" #include "util.h" #include "ip.h" #include "passt.h" @@ -47,6 +48,10 @@ #include "isolation.h" #include "log.h" #include "vhost_user.h" +#include "epoll_ctl.h" +#include "conf.h" +#include "pesto.h" +#include "serialise.h"

#define NETNS_RUN_DIR "/run/netns"

@@ -888,6 +893,7 @@ static void usage(const char *name, FILE *f, int status) " --runas UID|UID:GID Run as given UID, GID, which can be\n" " numeric, or login and group names\n" " default: drop to user \"nobody\"\n" + " -c, --conf-path PATH Configuration socket path\n" " -h, --help Display this help message and exit\n" " --version Show version and exit\n");

@@ -1425,6 +1431,17 @@ static void conf_open_files(struct ctx *c) if (c->pidfile_fd < 0) die_perror("Couldn't open PID file %s", c->pidfile); } + + c->fd_conf = -1; + if (*c->conf_path) { + c->fd_conf_listen = sock_unix(c->conf_path); + if (c->fd_conf_listen < 0) { + die_perror("Couldn't open control socket %s", + c->conf_path); + } + } else { + c->fd_conf_listen = -1; + } }

/** @@ -1460,6 +1477,25 @@ fail: die("Invalid MAC address: %s", str); }

+/** + * conf_sock_listen() - Start listening for connections on configuration socket + * @c: Execution context + */ +static void conf_sock_listen(const struct ctx *c) +{ + union epoll_ref ref = { .type = EPOLL_TYPE_CONF_LISTEN }; + + if (c->fd_conf_listen < 0) + return; + + if (listen(c->fd_conf_listen, 0)) + die_perror("Couldn't listen on configuration socket"); + + ref.fd = c->fd_conf_listen; + if (epoll_add(c->epollfd, EPOLLIN | EPOLLET, ref)) + die_perror("Couldn't add configuration socket to epoll"); +} + /** * conf() - Process command-line arguments and set configuration * @c: Execution context @@ -1542,9 +1578,10 @@ void conf(struct ctx *c, int argc, char **argv) {"migrate-exit", no_argument, NULL, 29 }, {"migrate-no-linger", no_argument, NULL, 30 }, {"stats", required_argument, NULL, 31 }, + {"conf-path", required_argument, NULL, 'c' }, { 0 }, }; - const char *optstring = "+dqfel:hs:F:I:p:P:m:a:n:M:g:i:o:D:S:H:461t:u:T:U:"; + const char *optstring = "+dqfel:hs:c:F:I:p:P:m:a:n:M:g:i:o:D:S:H:461t:u:T:U:"; const char *logname = (c->mode == MODE_PASTA) ? "pasta" : "passt"; char userns[PATH_MAX] = { 0 }, netns[PATH_MAX] = { 0 }; bool copy_addrs_opt = false, copy_routes_opt = false; @@ -1808,6 +1845,13 @@ void conf(struct ctx *c, int argc, char **argv)

c->fd_tap = -1; break; + case 'c': + ret = snprintf(c->conf_path, sizeof(c->conf_path), "%s", + optarg); + if (ret <= 0 || ret >= (int)sizeof(c->sock_path)) + die("Invalid configuration path: %s", optarg); + c->fd_conf_listen = c->fd_conf = -1; + break; case 'F': errno = 0; fd_tap_opt = strtol(optarg, NULL, 0); @@ -2252,4 +2296,108 @@ void conf(struct ctx *c, int argc, char **argv)

if (!c->quiet) conf_print(c); + + conf_sock_listen(c); +} + +/** + * conf_listen_handler() - Handle events on configuration listening socket + * @c: Execution context + * @events: epoll events + */ +void conf_listen_handler(struct ctx *c, uint32_t events) +{ + struct pesto_hello hello = { + .magic = PESTO_SERVER_MAGIC, + .version = htonl(PESTO_PROTOCOL_VERSION), + }; + union epoll_ref ref = { .type = EPOLL_TYPE_CONF }; + struct ucred uc = { 0 }; + socklen_t len = sizeof(uc); + int fd, rc; + + if (events != EPOLLIN) { + err("Unexpected event 0x%04x on configuration socket", events); + return; + } + + fd = accept4(c->fd_conf_listen, NULL, NULL, SOCK_NONBLOCK); + if (fd < 0) { + warn_perror("accept4() on configuration listening socket"); + return; + } + + if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &uc, &len) < 0) + warn_perror("Can't get configuration client credentials"); + + /* Another client is already connected: accept and close right away. */ + if (c->fd_conf != -1) { + info("Discarding configuration client, PID %i", uc.pid); + goto fail; + } + + ref.fd = fd; + rc = epoll_add(c->epollfd, EPOLLIN | EPOLLET, ref); + if (rc < 0) { + warn_perror("epoll_ctl() on configuration socket"); + goto fail; + } + + rc = write_all_buf(fd, &hello, sizeof(hello)); + if (rc < 0) { + warn_perror("Error writing configuration protocol hello"); + goto fail; + } + + c->fd_conf = fd; + info("Accepted configuration client, PID %i", uc.pid); + if (!PESTO_PROTOCOL_VERSION) { + warn( +"Warning: Using experimental unsupported configuration protocol"); + } + + return; + +fail: + close(fd); +} + +/** + * conf_handler() - Handle events on configuration socket + * @c: Execution context + * @events: epoll events + */ +void conf_handler(struct ctx *c, uint32_t events) +{ + if (events & EPOLLIN) { + char discard[BUFSIZ]; + ssize_t n; + + do { + n = read(c->fd_conf, discard, sizeof(discard)); + if (n > 0) + debug("Discarded %zd bytes of config data", n); + } while (n > 0); + if (n == 0) { + debug("Configuration client EOF"); + goto close; + } + if (errno != EAGAIN && errno != EWOULDBLOCK) { + err_perror("Error reading config data"); + goto close; + } + } + + if (events & EPOLLHUP) { + debug("Configuration client hangup"); + goto close; + } + + return; + +close: + debug("Closing configuration socket"); + epoll_ctl(c->epollfd, EPOLL_CTL_DEL, c->fd_conf, NULL); + close(c->fd_conf); + c->fd_conf = -1; } diff --git a/conf.h b/conf.h index b45ad746..16f97189 100644 --- a/conf.h +++ b/conf.h @@ -8,5 +8,7 @@

enum passt_modes conf_mode(int argc, char *argv[]); void conf(struct ctx *c, int argc, char **argv); +void conf_listen_handler(struct ctx *c, uint32_t events); +void conf_handler(struct ctx *c, uint32_t events);

#endif /* CONF_H */ diff --git a/epoll_type.h b/epoll_type.h index a90ffb67..061325aa 100644 --- a/epoll_type.h +++ b/epoll_type.h @@ -46,6 +46,10 @@ enum epoll_type { EPOLL_TYPE_REPAIR, /* Netlink neighbour subscription socket */ EPOLL_TYPE_NL_NEIGH, + /* Configuration listening socket */ + EPOLL_TYPE_CONF_LISTEN, + /* Configuration socket */ + EPOLL_TYPE_CONF,

EPOLL_NUM_TYPES, }; diff --git a/log.c b/log.c index 21e3673e..99404e25 100644 --- a/log.c +++ b/log.c @@ -26,6 +26,7 @@ #include #include

+#include "common.h" #include "linux_dep.h" #include "log.h" #include "util.h" diff --git a/passt.1 b/passt.1 index 13e8df9d..32d70c8d 100644 --- a/passt.1 +++ b/passt.1 @@ -127,6 +127,11 @@ login name and group name can be passed. This requires privileges (either initial effective UID 0 or CAP_SETUID capability) to work. Default is to change to user \fInobody\fR if started as root.

+.TP +.BR \-c ", " \-\-conf-path " " \fIpath " " (EXPERIMENTAL) +Path for configuration and control socket used by \fBpesto\fR(1) to +dynamically update passt or pasta's configuration. + .TP .BR \-h ", " \-\-help Display a help message and exit. diff --git a/passt.c b/passt.c index f84419c7..d37beef3 100644 --- a/passt.c +++ b/passt.c @@ -36,6 +36,7 @@ #include #include

+#include "common.h" #include "util.h" #include "passt.h" #include "dhcp.h" @@ -80,6 +81,8 @@ char *epoll_type_str[] = { [EPOLL_TYPE_REPAIR_LISTEN] = "TCP_REPAIR helper listening socket", [EPOLL_TYPE_REPAIR] = "TCP_REPAIR helper socket", [EPOLL_TYPE_NL_NEIGH] = "netlink neighbour notifier socket", + [EPOLL_TYPE_CONF_LISTEN] = "configuration listening socket", + [EPOLL_TYPE_CONF] = "configuration socket", }; static_assert(ARRAY_SIZE(epoll_type_str) == EPOLL_NUM_TYPES, "epoll_type_str[] doesn't match enum epoll_type"); @@ -303,6 +306,12 @@ static void passt_worker(void *opaque, int nfds, struct epoll_event *events) case EPOLL_TYPE_NL_NEIGH: nl_neigh_notify_handler(c); break; + case EPOLL_TYPE_CONF_LISTEN: + conf_listen_handler(c, eventmask); + break; + case EPOLL_TYPE_CONF: + conf_handler(c, eventmask); + break; default: /* Can't happen */ assert(0); diff --git a/passt.h b/passt.h index 62b8dcdf..c38bb5ae 100644 --- a/passt.h +++ b/passt.h @@ -158,6 +158,7 @@ struct ip6_ctx { * @foreground: Run in foreground, don't log to stderr by default * @nofile: Maximum number of open files (ulimit -n) * @sock_path: Path for UNIX domain socket + * @conf_path: Path for configuration UNIX domain socket * @repair_path: TCP_REPAIR helper path, can be "none", empty for default * @pcap: Path for packet capture file * @pidfile: Path to PID file, empty string if not configured @@ -169,6 +170,8 @@ struct ip6_ctx { * @epollfd: File descriptor for epoll instance * @fd_tap_listen: File descriptor for listening AF_UNIX socket, if any * @fd_tap: AF_UNIX socket, tuntap device, or pre-opened socket + * @fd_conf_listen: Listening configuration socket, if any + * @fd_conf: Configuration socket, if any * @fd_repair_listen: File descriptor for listening TCP_REPAIR socket, if any * @fd_repair: Connected AF_UNIX socket for TCP_REPAIR helper * @our_tap_mac: Pasta/passt's MAC on the tap link @@ -223,6 +226,7 @@ struct ctx { int foreground; int nofile; char sock_path[UNIX_PATH_MAX]; + char conf_path[UNIX_PATH_MAX]; char repair_path[UNIX_PATH_MAX]; char pcap[PATH_MAX];

@@ -240,6 +244,8 @@ struct ctx { int epollfd; int fd_tap_listen; int fd_tap; + int fd_conf_listen; + int fd_conf; int fd_repair_listen; int fd_repair; unsigned char our_tap_mac[ETH_ALEN]; diff --git a/pesto.1 b/pesto.1 new file mode 100644 index 00000000..338fb8a6 --- /dev/null +++ b/pesto.1 @@ -0,0 +1,46 @@ +.\" SPDX-License-Identifier: GPL-2.0-or-later +.\" Copyright Red Hat +.\" Author: David Gibson +.TH pesto 1 + +.SH NAME +.B pesto +\- Configure a running \fBpasst\fR(1) or \fBpasta\fR(1) instance. + +.SH SYNOPSIS +.B pesto +\fIPATH\fR + +.SH DESCRIPTION + +.B pesto +is an experimental client to view and update the port forwarding +configuration of a running \fBpasst\fR(1) or \fBpasta\fR(1) instance. + +\fIPATH\fR gives the path to the UNIX domain socket created by +\fBpasst\fR or \fBpasta\fR. It should match the \fB-c\fR command line +option given to that instance. + +.SH AUTHORS + +Stefano Brivio , +David Gibson . + +.SH REPORTING BUGS + +Please report issues on the bug tracker at https://bugs.passt.top/, or +send a message to the passt-user@passt.top mailing list, see +https://lists.passt.top/. + +.SH COPYRIGHT + +Copyright Red Hat + +\fBpesto\fR is free software: you can redistribute them and/or modify +them under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 2 of the License, or (at +your option) any later version. + +.SH SEE ALSO + +\fBpasst\fR(1), \fBpasta\fR(1), \fBunix\fR(7). diff --git a/pesto.c b/pesto.c new file mode 100644 index 00000000..6d066084 --- /dev/null +++ b/pesto.c @@ -0,0 +1,113 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + +/* PESTO - Programmable Extensible Socket Translation Orchestrator + * front-end for passt(1) and pasta(1) forwarding configuration + * + * pesto.c - Main program (it's not actually extensible) + * + * Copyright (c) 2026 Red Hat GmbH + * Author: Stefano Brivio + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "common.h" +#include "seccomp_pesto.h" +#include "serialise.h" +#include "pesto.h" + +#define die(...) \ + do { \ + FPRINTF(stderr, __VA_ARGS__); \ + FPRINTF(stderr, "\n"); \ + exit(EXIT_FAILURE); \ + } while (0) + +/** + * main() - Entry point and whole program with loop + * @argc: Argument count + * @argv: Arguments: socket path, operation, port specifiers + * + * Return: 0 on success, won't return on failure + * + * #syscalls:pesto connect write close exit_group fstat brk

In case we end up dropping the malloc() in the next patches, as a reminder, we should drop brk here as well.

+ * #syscalls:pesto socket s390x:socketcall i686:socketcall + * #syscalls:pesto recvfrom recvmsg arm:recv ppc64le:recv + * #syscalls:pesto sendto sendmsg arm:send ppc64le:send + */ +int main(int argc, char **argv) +{ + struct sockaddr_un a = { AF_UNIX, "" }; + struct pesto_hello hello; + struct sock_fprog prog; + uint32_t s_version; + int ret, s; + + prctl(PR_SET_DUMPABLE, 0); + + prog.len = (unsigned short)sizeof(filter_pesto) / + sizeof(filter_pesto[0]); + prog.filter = filter_pesto; + if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) || + prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) + die("Failed to apply seccomp filter"); + + if (argc < 2) + die("Usage: %s CONTROLPATH", argv[0]); + + if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) + die("Failed to create AF_UNIX socket: %s", strerror(errno)); + + ret = snprintf(a.sun_path, sizeof(a.sun_path), "%s", argv[1]); + if (ret <= 0 || ret >= (int)sizeof(a.sun_path)) + die("Invalid socket path \"%s\"", argv[1]); + + ret = connect(s, (struct sockaddr *)&a, sizeof(a)); + if (ret < 0) { + die("Failed to connect to %s: %s", + a.sun_path, strerror(errno)); + } + + ret = read_all_buf(s, &hello, sizeof(hello)); + if (ret < 0) + die("Couldn't read server greeting: %s", strerror(errno)); + + if (memcmp(hello.magic, PESTO_SERVER_MAGIC, sizeof(hello.magic))) + die("Bad magic number from server"); + + s_version = ntohl(hello.version); + + if (s_version > PESTO_PROTOCOL_VERSION) { + die("Unknown server protocol version %"PRIu32" > %"PRIu32"\n", + s_version, PESTO_PROTOCOL_VERSION); + } + + /* cppcheck-suppress knownConditionTrueFalse */ + if (!s_version) { + if (PESTO_PROTOCOL_VERSION) + die("Unsupported experimental server protocol"); + FPRINTF(stderr, +"Warning: Using experimental protocol version, client and server must match\n"); + } + + exit(0); +} diff --git a/pesto.h b/pesto.h new file mode 100644 index 00000000..92d4df3a --- /dev/null +++ b/pesto.h @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later + * Copyright Red Hat + * Author: David Gibson + * + * Definitions and functions used by both client and server of the configuration + * update protocol (pesto). + */ + +#ifndef PESTO_H +#define PESTO_H + +#include +#include + +#define PESTO_SERVER_MAGIC "pesto:s"

Note to self: sneakily change this to basil:s on merge.

+ +/* Version 0 is reserved for unreleased / unsupported experimental versions */ +#define PESTO_PROTOCOL_VERSION 0 + +/** + * struct pesto_hello - Server introduction message + * @magic: PESTO_SERVER_MAGIC + * @version: Version number + */ +struct pesto_hello { + char magic[8]; + uint32_t version; +} __attribute__ ((__packed__)); + +static_assert(sizeof(PESTO_SERVER_MAGIC) + == sizeof(((struct pesto_hello *)0)->magic), + "PESTO_SERVER_MAGIC has wrong size"); + +#endif /* PESTO_H */ diff --git a/serialise.c b/serialise.c index d6c3396a..e3ea86e3 100644 --- a/serialise.c +++ b/serialise.c @@ -6,6 +6,9 @@ * PASTA - Pack A Subtle Tap Abstraction * for network namespace/tap device mode * + * PESTO - Programmable Extensible Socket Translation Orchestrator + * front-end for passt(1) and pasta(1) forwarding configuration + * * serialise.c - Serialisation of data structures over bytestreams * * Copyright Red Hat diff --git a/util.h b/util.h index cb669105..e7993f4d 100644 --- a/util.h +++ b/util.h @@ -317,9 +317,6 @@ static inline bool mod_between(unsigned x, unsigned i, unsigned j, unsigned m) return mod_sub(x, i, m) < mod_sub(j, i, m); }

-/* FPRINTF() intentionally silences cert-err33-c clang-tidy warnings */ -#define FPRINTF(f, ...) (void)fprintf(f, __VA_ARGS__) - void raw_random(void *buf, size_t buflen);

/*

-- Stefano

On Mon, 23 Mar 2026 18:37:22 +1100 David Gibson wrote:

Extend the dynamic update protocol to expose the pif indices and names from a running passt/pasta to the pesto tool. pesto records that data and (for now) prints it out.

Signed-off-by: David Gibson --- conf.c | 38 +++++++++++++++++++++ pesto.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++- serialise.c | 21 ++++++++++++ serialise.h | 3 ++ 4 files changed, 159 insertions(+), 1 deletion(-)

diff --git a/conf.c b/conf.c index 7b960fe9..b878db94 100644 --- a/conf.c +++ b/conf.c @@ -2303,6 +2303,41 @@ void conf(struct ctx *c, int argc, char **argv) conf_print(c); }

+/** + * conf_send_pifs() - Send list of pifs to dynamic update client (pesto) + * @c: Execution context + * @fd: Socket to the client + * + * Return: 0 on success, -1 on failure + */ +static int conf_send_pifs(const struct ctx *c, int fd) +{ + uint32_t num = 0; + unsigned pif; + + /* First count the number of pifs with tables */ + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { + if (c->fwd[pif]) + num++; + } + + if (write_u32(fd, num)) + return -1; + + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { + if (!c->fwd[pif]) + continue; + + if (write_u8(fd, pif)) + return -1; + + if (write_str(fd, pif_name(pif)) < 0) + return -1; + } + + return 0; +} + /** * conf_listen_handler() - Handle events on configuration listening socket * @c: Execution context @@ -2359,6 +2394,9 @@ void conf_listen_handler(struct ctx *c, uint32_t events) "Warning: Using experimental unsupported configuration protocol"); }

+ if (conf_send_pifs(c, fd) < 0) + goto fail; + return;

fail: diff --git a/pesto.c b/pesto.c index f8c9e01d..ed4f2aab 100644 --- a/pesto.c +++ b/pesto.c @@ -36,6 +36,8 @@ #include "serialise.h" #include "pesto.h"

+static int verbosity = 1; + #define die(...) \ do { \ FPRINTF(stderr, __VA_ARGS__); \ @@ -51,6 +53,19 @@ } \ } while (0)

+/** + * xmalloc() - Allocate memory, with fatal error on failure + * @size: Number of bytes to allocate + */ +static void *xmalloc(size_t size) +{ + void *p = malloc(size);

I would really really prefer to skip this unless it's absolutely necessary, for a number of reasons: 1. this thing is talking to passt which talks to untrusted workloads, and there's a risk of arbitrary code execution, which implies the possibility of specially crafted messages that might make us allocate: a. in specific regions and build a heap spraying attack based on that b. a lot, and cause a denial of service ...and, while this process should be short lived, we can't assume that, if somebody achieves arbitrary code execution in passt and malicious messages, because we risk looping on rules, or having passt send us information very slowly (minutes / hours), etc. 2. besides, we might want to add a "daemon" mode one day, and then it's not short lived anymore, which opens the door to leaks and double-frees (adding to a. and b. above) 3. we might need to reuse functions from passt and not notice right away that they call this xmalloc(), or have to eventually adapt them anyway 4. consistency, in messaging ("passt doesn't allocate dynamic memory", without caveats) and for auditing reasons Strings can be 32 bytes, or 1024 if we want to splurge. Unless we need to pile a lot of them on the stack (but it's not the case in pesto) a malloc() doesn't really bring any advantage compared to static buffers here and there. It's not megabytes.

+ + if (!p) + die("Memory allocation failure"); + return p; +} + /** * usage() - Print usage, exit with given status code * @name: Executable name @@ -69,6 +84,83 @@ static void usage(const char *name, FILE *f, int status) exit(status); }

+/** + * pesto_recv_str() - Receive a string from passt/pasta + * @fd: Control socket + * + * Return: pointer to malloc()ed string + */ +static const char *pesto_recv_str(int fd) +{ + uint32_t len; + char *buf; + + if (read_u32(fd, &len) < 0) + die("Error reading from control socket"); + + buf = xmalloc(len); + if (read_all_buf(fd, buf, len) < 0) + die("Error reading from control socket"); + + return buf; +} + +struct pif_state { + uint8_t pif; + const char *name; +}; + +struct conf_state {

More as a to-do list item rather than as a review comment: we need documentation for those structs.

+ uint32_t npifs; + struct pif_state pif[]; +}; + +/** + * pesto_read_pifs() - Read pif names and IDs from passt/pasta + * @fd: Control socket + */ +static const struct conf_state *pesto_read_pifs(int fd) +{ + uint32_t num; + struct conf_state *state; + unsigned i; + + if (read_u32(fd, &num) < 0) + die("Error reading from control socket"); + + debug("Receiving %"PRIu32" interface names", num); + + state = xmalloc(sizeof(*state) + num * sizeof(struct pif_state)); + state->npifs = num; + + for (i = 0; i < num; i++) { + struct pif_state *ps = &state->pif[i]; + + if (read_u8(fd, &ps->pif) < 0) + die("Error reading from control socket"); + ps->name = pesto_recv_str(fd); + + debug("%u: %s", ps->pif, ps->name); + } + + return state; +} + +/** + * show_state() - Show current rule state obtained from passt/pasta + * @pifs: PIF name information + */ +static void show_state(const struct conf_state *state) +{ + unsigned i; + + for (i = 0; i < state->npifs; i++) { + const struct pif_state *ps = &state->pif[i]; + printf("Forwarding rules for %s interface\n", ps->name); + printf("\tTBD\n"); + } +} + /** * main() - Entry point and whole program with loop * @argc: Argument count @@ -91,12 +183,12 @@ int main(int argc, char **argv) { 0 }, }; struct sockaddr_un a = { AF_UNIX, "" }; + const struct conf_state *state; const char *optstring = "vh"; struct pesto_hello hello; struct sock_fprog prog; int optname, ret, s; uint32_t s_version; - int verbosity = 1;

prog.len = (unsigned short)sizeof(filter_pesto) / sizeof(filter_pesto[0]); @@ -172,5 +264,9 @@ int main(int argc, char **argv) "Warning: Using experimental protocol version, client and server must match\n"); }

+ state = pesto_read_pifs(s); + + show_state(state); + exit(0); } diff --git a/serialise.c b/serialise.c index e3ea86e3..94c34d3c 100644 --- a/serialise.c +++ b/serialise.c @@ -19,6 +19,7 @@ #include #include #include +#include #include

#include "serialise.h" @@ -121,6 +122,26 @@ int write_all_buf(int fd, const void *buf, size_t len) return write_all_buf(fd, &beval, sizeof(beval)); \ }

+#define be8toh(x) (x) +#define htobe8(x) (x) + +SERIALISE_UINT(8) SERIALISE_UINT(32)

#undef SERIALISE_UNIT + +/** + * write_str() - Write a string to an fd in length/value format + * @fd: Socket to the client + * @s: String to send + * + * Return: 0 on success, -1 on error + */ +int write_str(int fd, const char *s) +{ + uint32_t len = strlen(s) + 1; /* Include \0 */ + + if (write_u32(fd, len) < 0) + return -1;

Even if we don't need to allocate here, I would feel more comfortable if we passed fixed-size strings only to passt to have a slightly lower risk of buffer overflows, in general.

+ return write_all_buf(fd, s, len); +} diff --git a/serialise.h b/serialise.h index 0a4ed086..7ef35786 100644 --- a/serialise.h +++ b/serialise.h @@ -16,6 +16,9 @@ int write_all_buf(int fd, const void *buf, size_t len); int read_u##bits(int fd, uint##bits##_t *val); \ int write_u##bits(int fd, uint##bits##_t val);

+SERIALISE_UINT_DECL(8) SERIALISE_UINT_DECL(32)

+int write_str(int fd, const char *s); + #endif /* _SERIALISE_H */

-- Stefano

On Mon, 23 Mar 2026 18:37:28 +1100 David Gibson wrote:

Implement serialisation of our current forwarding rules in conf.c, deserialising it to display in the pesto client.

Signed-off-by: David Gibson --- conf.c | 44 +++++++++++++++++++++++++++++++ fwd_rule.c | 40 ++++++++++++++++++++++++++++ fwd_rule.h | 3 +++ pesto.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 4 files changed, 160 insertions(+), 4 deletions(-)

diff --git a/conf.c b/conf.c index b878db94..7f311914 100644 --- a/conf.c +++ b/conf.c @@ -2338,6 +2338,47 @@ static int conf_send_pifs(const struct ctx *c, int fd) return 0; }

+/** + * conf_send_rules() - Send current forwarding rules to dynamic update client (pesto)

What about: * conf_send_rules() - Send forwarding rules to configuration client (pesto) ?

+ * @c: Execution context + * @fd: Socket to the client + * + * Return: 0 on success, -1 on failure + */ +static int conf_send_rules(const struct ctx *c, int fd) +{ + unsigned pif; + + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { + const struct fwd_table *fwd = c->fwd[pif]; + unsigned i; + + if (!fwd) + continue; + + assert(pif); + + /* PIF id */ + if (write_u8(fd, pif)) + return -1; + + /* Number of rules */ + if (write_u32(fd, fwd->count)) + return -1; + + for (i = 0; i < fwd->count; i++) { + if (fwd_rule_write(fd, &fwd->rules[i].rule)) + return -1; + } + } + + /* Write 0 PIF id to finish */ + if (write_u8(fd, 0))

We have PIF_NONE, shouldn't we use that to make it obvious that it's an invalid value?

+ return -1; + + return 0; +}

[...]

I stopped reviewing here, the next patches in my series are anyway mine and after those I guess it doesn't make sense, yet, that I review in fine detail, as we'll probably need to change a bunch of things. -- Stefano

On Wed, Mar 25, 2026 at 01:56:22AM +0100, Stefano Brivio wrote:

On Mon, 23 Mar 2026 18:37:22 +1100 David Gibson wrote:

...

Extend the dynamic update protocol to expose the pif indices and names from a running passt/pasta to the pesto tool. pesto records that data and (for now) prints it out.

Signed-off-by: David Gibson --- conf.c | 38 +++++++++++++++++++++ pesto.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++- serialise.c | 21 ++++++++++++ serialise.h | 3 ++ 4 files changed, 159 insertions(+), 1 deletion(-)

diff --git a/conf.c b/conf.c index 7b960fe9..b878db94 100644 --- a/conf.c +++ b/conf.c @@ -2303,6 +2303,41 @@ void conf(struct ctx *c, int argc, char **argv) conf_print(c); }

+/** + * conf_send_pifs() - Send list of pifs to dynamic update client (pesto) + * @c: Execution context + * @fd: Socket to the client + * + * Return: 0 on success, -1 on failure + */ +static int conf_send_pifs(const struct ctx *c, int fd) +{ + uint32_t num = 0; + unsigned pif; + + /* First count the number of pifs with tables */ + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { + if (c->fwd[pif]) + num++; + } + + if (write_u32(fd, num)) + return -1; + + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { + if (!c->fwd[pif]) + continue; + + if (write_u8(fd, pif)) + return -1; + + if (write_str(fd, pif_name(pif)) < 0) + return -1; + } + + return 0; +} + /** * conf_listen_handler() - Handle events on configuration listening socket * @c: Execution context @@ -2359,6 +2394,9 @@ void conf_listen_handler(struct ctx *c, uint32_t events) "Warning: Using experimental unsupported configuration protocol"); }

+ if (conf_send_pifs(c, fd) < 0) + goto fail; + return;

fail: diff --git a/pesto.c b/pesto.c index f8c9e01d..ed4f2aab 100644 --- a/pesto.c +++ b/pesto.c @@ -36,6 +36,8 @@ #include "serialise.h" #include "pesto.h"

+static int verbosity = 1; + #define die(...) \ do { \ FPRINTF(stderr, __VA_ARGS__); \ @@ -51,6 +53,19 @@ } \ } while (0)

+/** + * xmalloc() - Allocate memory, with fatal error on failure + * @size: Number of bytes to allocate + */ +static void *xmalloc(size_t size) +{ + void *p = malloc(size);

I would really really prefer to skip this unless it's absolutely necessary, for a number of reasons:

1. this thing is talking to passt which talks to untrusted workloads, and there's a risk of arbitrary code execution, which implies the possibility of specially crafted messages that might make us allocate:

a. in specific regions and build a heap spraying attack based on that

b. a lot, and cause a denial of service

Eh, I suppose.

...and, while this process should be short lived, we can't assume that, if somebody achieves arbitrary code execution in passt and malicious messages, because we risk looping on rules, or having passt send us information very slowly (minutes / hours), etc.

...ah, those are good points.

2. besides, we might want to add a "daemon" mode one day, and then it's not short lived anymore, which opens the door to leaks and double-frees (adding to a. and b. above)

I really don't see any reason we'd want that, but I guess that's irrelevant given that previous paragraph.

3. we might need to reuse functions from passt and not notice right away that they call this xmalloc(), or have to eventually adapt them anyway

I mean.. when we test the path in question, we should hit the seccomp filter, which should make it pretty obvious.

4. consistency, in messaging ("passt doesn't allocate dynamic memory", without caveats) and for auditing reasons

Yeah, fair.

Strings can be 32 bytes, or 1024 if we want to splurge. Unless we need to pile a lot of them on the stack (but it's not the case in pesto) a malloc() doesn't really bring any advantage compared to static buffers here and there. It's not megabytes.

So, you've convinced me in principle, but I'm not putting this at the top of my priorities. Using malloc() makes things a bit easier while we're playing around with the protocol a bunch. Once we look reasonably close to a v1 protocol, I'll do the malloc() removal.

...

+ + if (!p) + die("Memory allocation failure"); + return p; +} + /** * usage() - Print usage, exit with given status code * @name: Executable name @@ -69,6 +84,83 @@ static void usage(const char *name, FILE *f, int status) exit(status); }

+/** + * pesto_recv_str() - Receive a string from passt/pasta + * @fd: Control socket + * + * Return: pointer to malloc()ed string + */ +static const char *pesto_recv_str(int fd) +{ + uint32_t len; + char *buf; + + if (read_u32(fd, &len) < 0) + die("Error reading from control socket"); + + buf = xmalloc(len); + if (read_all_buf(fd, buf, len) < 0) + die("Error reading from control socket"); + + return buf; +} + +struct pif_state { + uint8_t pif; + const char *name; +}; + +struct conf_state {

More as a to-do list item rather than as a review comment: we need documentation for those structs.

Ah, yes.

...

+ uint32_t npifs; + struct pif_state pif[]; +}; + +/** + * pesto_read_pifs() - Read pif names and IDs from passt/pasta + * @fd: Control socket + */ +static const struct conf_state *pesto_read_pifs(int fd) +{ + uint32_t num; + struct conf_state *state; + unsigned i; + + if (read_u32(fd, &num) < 0) + die("Error reading from control socket"); + + debug("Receiving %"PRIu32" interface names", num); + + state = xmalloc(sizeof(*state) + num * sizeof(struct pif_state)); + state->npifs = num; + + for (i = 0; i < num; i++) { + struct pif_state *ps = &state->pif[i]; + + if (read_u8(fd, &ps->pif) < 0) + die("Error reading from control socket"); + ps->name = pesto_recv_str(fd); + + debug("%u: %s", ps->pif, ps->name); + } + + return state; +} + +/** + * show_state() - Show current rule state obtained from passt/pasta + * @pifs: PIF name information + */ +static void show_state(const struct conf_state *state) +{ + unsigned i; + + for (i = 0; i < state->npifs; i++) { + const struct pif_state *ps = &state->pif[i]; + printf("Forwarding rules for %s interface\n", ps->name); + printf("\tTBD\n"); + } +} + /** * main() - Entry point and whole program with loop * @argc: Argument count @@ -91,12 +183,12 @@ int main(int argc, char **argv) { 0 }, }; struct sockaddr_un a = { AF_UNIX, "" }; + const struct conf_state *state; const char *optstring = "vh"; struct pesto_hello hello; struct sock_fprog prog; int optname, ret, s; uint32_t s_version; - int verbosity = 1;

prog.len = (unsigned short)sizeof(filter_pesto) / sizeof(filter_pesto[0]); @@ -172,5 +264,9 @@ int main(int argc, char **argv) "Warning: Using experimental protocol version, client and server must match\n"); }

+ state = pesto_read_pifs(s); + + show_state(state); + exit(0); } diff --git a/serialise.c b/serialise.c index e3ea86e3..94c34d3c 100644 --- a/serialise.c +++ b/serialise.c @@ -19,6 +19,7 @@ #include #include #include +#include #include

#include "serialise.h" @@ -121,6 +122,26 @@ int write_all_buf(int fd, const void *buf, size_t len) return write_all_buf(fd, &beval, sizeof(beval)); \ }

+#define be8toh(x) (x) +#define htobe8(x) (x) + +SERIALISE_UINT(8) SERIALISE_UINT(32)

#undef SERIALISE_UNIT + +/** + * write_str() - Write a string to an fd in length/value format + * @fd: Socket to the client + * @s: String to send + * + * Return: 0 on success, -1 on error + */ +int write_str(int fd, const char *s) +{ + uint32_t len = strlen(s) + 1; /* Include \0 */ + + if (write_u32(fd, len) < 0) + return -1;

Even if we don't need to allocate here, I would feel more comfortable if we passed fixed-size strings only to passt to have a slightly lower risk of buffer overflows, in general.

That's fair. I'd basically already decided to move to fixed length pif names, just haven't implemented it yet.

...

+ return write_all_buf(fd, s, len); +} diff --git a/serialise.h b/serialise.h index 0a4ed086..7ef35786 100644 --- a/serialise.h +++ b/serialise.h @@ -16,6 +16,9 @@ int write_all_buf(int fd, const void *buf, size_t len); int read_u##bits(int fd, uint##bits##_t *val); \ int write_u##bits(int fd, uint##bits##_t val);

+SERIALISE_UINT_DECL(8) SERIALISE_UINT_DECL(32)

+int write_str(int fd, const char *s); + #endif /* _SERIALISE_H */

-- Stefano

-- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson

On Wed, Mar 25, 2026 at 01:56:39AM +0100, Stefano Brivio wrote:

On Mon, 23 Mar 2026 18:37:28 +1100 David Gibson wrote:

...

Implement serialisation of our current forwarding rules in conf.c, deserialising it to display in the pesto client.

Signed-off-by: David Gibson --- conf.c | 44 +++++++++++++++++++++++++++++++ fwd_rule.c | 40 ++++++++++++++++++++++++++++ fwd_rule.h | 3 +++ pesto.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 4 files changed, 160 insertions(+), 4 deletions(-)

diff --git a/conf.c b/conf.c index b878db94..7f311914 100644 --- a/conf.c +++ b/conf.c @@ -2338,6 +2338,47 @@ static int conf_send_pifs(const struct ctx *c, int fd) return 0; }

+/** + * conf_send_rules() - Send current forwarding rules to dynamic update client (pesto)

What about:

* conf_send_rules() - Send forwarding rules to configuration client (pesto)

Done.

...

+ * @c: Execution context + * @fd: Socket to the client + * + * Return: 0 on success, -1 on failure + */ +static int conf_send_rules(const struct ctx *c, int fd) +{ + unsigned pif; + + for (pif = 0; pif < PIF_NUM_TYPES; pif++) { + const struct fwd_table *fwd = c->fwd[pif]; + unsigned i; + + if (!fwd) + continue; + + assert(pif); + + /* PIF id */ + if (write_u8(fd, pif)) + return -1; + + /* Number of rules */ + if (write_u32(fd, fwd->count)) + return -1; + + for (i = 0; i < fwd->count; i++) { + if (fwd_rule_write(fd, &fwd->rules[i].rule)) + return -1; + } + } + + /* Write 0 PIF id to finish */ + if (write_u8(fd, 0))

We have PIF_NONE, shouldn't we use that to make it obvious that it's an invalid value?

Done.

...

+ return -1; + + return 0; +}

[...]

I stopped reviewing here, the next patches in my series are anyway mine and after those I guess it doesn't make sense, yet, that I review in fine detail, as we'll probably need to change a bunch of things.

Understood. -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson