passt/pesto.c, branch 2026_05_07.1afd4ed Plug A Simple Socket Transport pesto, conf, fwd_rule: Add options and modes to add, delete, clear rules 2026-05-07T06:06:30+00:00 Stefano Brivio sbrivio@redhat.com 2026-05-05T22:39:09+00:00 2692ef3fa67d89076e1ad035434db9312a0b3813 Instead of just being able to add to the existing tables, implement an explicit --clear option to replace them, which now becomes the default behaviour, and implement explicit --add and --delete options to maintain the table and add or delete specific ports. The option --clear PIF forces the clearing of a table, instead. These options can be combined arbitrarily and are handled as sequential commands, as now described in pesto(1). If no option is given before forwarding specifiers for a matching table, the command line is interpreted as a replacement of the existing rules. To this end: - there's no protocol change, as pesto is anyway sending updated copies of the table - the forwarding table functions now include a new fwd_rule_del(), which deletes existing rule only if a matching one is found - a trivial fwd_rule_clear() is factored out from the existing conf_handler() implementation, so that it can be directly used in pesto The entry points for parsing of port specifiers now take an additional 'del' parameter which is passed down all the way before reaching the fwd_rule_add() implementation. If a rule should be deleted, at that point, fwd_rule_del() is called instead. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> 
Instead of just being able to add to the existing tables, implement
an explicit --clear option to replace them, which now becomes the
default behaviour, and implement explicit --add and --delete options
to maintain the table and add or delete specific ports.

The option --clear PIF forces the clearing of a table, instead.

These options can be combined arbitrarily and are handled as
sequential commands, as now described in pesto(1).

If no option is given before forwarding specifiers for a matching
table, the command line is interpreted as a replacement of the
existing rules.

To this end:

- there's no protocol change, as pesto is anyway sending updated
  copies of the table

- the forwarding table functions now include a new fwd_rule_del(),
  which deletes existing rule only if a matching one is found

- a trivial fwd_rule_clear() is factored out from the existing
  conf_handler() implementation, so that it can be directly used
  in pesto

The entry points for parsing of port specifiers now take an additional
'del' parameter which is passed down all the way before reaching the
fwd_rule_add() implementation. If a rule should be deleted, at that
point, fwd_rule_del() is called instead.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
pesto, conf: Send updated rules from pesto back to passt/pasta 2026-05-07T06:06:30+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-03T21:55:59+00:00 7c5b1d72ffa4225929e99ac32604df4648d20eed Extend pesto to send the updated rule configuration back to passt/pasta. Extend passt/pasta to read the new configuration and store the new rules in a "pending" table. We don't yet attempt to activate them. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> [dwg: Based on an early draft from Stefano] [sbrivio: Add redundant check on interface names being terminated in conf_recv_rules(), to make static checkers happy] [sbrivio: Make conf_recv_rules() return -1 if fwd_rule_read() fails, as suggested by Jon Maloy] [sbrivio: Fix conflicts in Makefile] Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> 
Extend pesto to send the updated rule configuration back to passt/pasta.
Extend passt/pasta to read the new configuration and store the new rules in
a "pending" table.   We don't yet attempt to activate them.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
[dwg: Based on an early draft from Stefano]
[sbrivio: Add redundant check on interface names being terminated in
 conf_recv_rules(), to make static checkers happy]
[sbrivio: Make conf_recv_rules() return -1 if fwd_rule_read() fails,
 as suggested by Jon Maloy]
[sbrivio: Fix conflicts in Makefile]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
pesto: Parse and add new rules from command line 2026-05-07T06:06:30+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-03T21:55:58+00:00 cbd58d631db9875967aedc8157ee3b23b93eb299 This adds parsing of options using fwd_rule_parse(), validates them and adds them to the existing rules. It doesn't yet send those rules back to passt or pasta. Message-ID: <20260322141843.4095972-3-sbrivio@redhat.com> [dwg: Based on an early draft by Stefano] Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Recycled usage messages for -T and -U from conf.c as suggested by Laurent, dropped unrelated whitespace change] [sbrivio: Add description of -t, -u, -T, -U to pesto.1] [sbrivio: Fix conflicts in Makefile] [sbrivio: Add description of -s to pesto.1 as well] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> 
This adds parsing of options using fwd_rule_parse(), validates them and
adds them to the existing rules. It doesn't yet send those rules back to
passt or pasta.

Message-ID: <20260322141843.4095972-3-sbrivio@redhat.com>
[dwg: Based on an early draft by Stefano]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Recycled usage messages for -T and -U from conf.c as
 suggested by Laurent, dropped unrelated whitespace change]
[sbrivio: Add description of -t, -u, -T, -U to pesto.1]
[sbrivio: Fix conflicts in Makefile]
[sbrivio: Add description of -s to pesto.1 as well]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
pesto: Read current ruleset from passt/pasta and optionally display it 2026-05-07T06:06:30+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-03T21:55:57+00:00 fa0676869ff02e98facdf52e31dcba01f35983ad Implement serialisation of our current forwarding rules in conf.c, deserialising it to display in the pesto client. Doing this requires adding ip.c, inany.c, bitmap.c, lineread.c and fwd_rule.c to the pesto build. With previous preparations that now requires only a trivial change to lineread.c. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> [sbrivio: Use ntohs() for rule->to instead of htons() in fwd_rule_read(), reported by Jon Maloy] [sbrivio: Add upper bound check on pc->fwd.count for count of rules received by pesto, reported missing by Laurent, plus nits also reported by Laurent] [sbrivio: Fix conflicts in Makefile] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Implement serialisation of our current forwarding rules in conf.c,
deserialising it to display in the pesto client.  Doing this requires
adding ip.c, inany.c, bitmap.c, lineread.c and fwd_rule.c to the pesto
build.  With previous preparations that now requires only a trivial change
to lineread.c.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
[sbrivio: Use ntohs() for rule->to instead of htons() in
 fwd_rule_read(), reported by Jon Maloy]
[sbrivio: Add upper bound check on pc->fwd.count for count of rules
 received by pesto, reported missing by Laurent, plus nits also
 reported by Laurent]
[sbrivio: Fix conflicts in Makefile]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
pesto: Expose list of pifs to pesto and display them 2026-05-07T06:06:30+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-03T21:55:54+00:00 ba3047a959a18aca86d641de3625f2f1e9bcb4d2 Extend the dynamic update protocol to expose the pif indices and names from a running passt/pasta to the pesto tool. pesto records that data and prints it out. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Laurent Vivier <lvivier@redhat.com> [sbrivio: In read_pif_conf(), force a redundant termination of the interface name, the existing check isn't obvious enough for static checkers] [sbrivio: Drop @resv_ left-over in description of struct pesto_pif_info, reported by Jon Maloy] [sbrivio: Fix minor nits reported by Laurent] [sbrivio: Initialise struct pesto_pif_info in conf_send_rules() with zeroes, otherwise the pif name might be seen as not terminated, and we'll expose memory from the back-end] [sbrivio: Fix conflicts in Makefile] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Extend the dynamic update protocol to expose the pif indices and names
from a running passt/pasta to the pesto tool.  pesto records that data
and prints it out.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
[sbrivio: In read_pif_conf(), force a redundant termination of the
 interface name, the existing check isn't obvious enough for static
 checkers]
[sbrivio: Drop @resv_ left-over in description of struct
 pesto_pif_info, reported by Jon Maloy]
[sbrivio: Fix minor nits reported by Laurent]
[sbrivio: Initialise struct pesto_pif_info in conf_send_rules() with
 zeroes, otherwise the pif name might be seen as not terminated, and
 we'll expose memory from the back-end]
[sbrivio: Fix conflicts in Makefile]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
pesto, conf: Have pesto connect to passt and check versions 2026-05-07T06:06:30+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-03T21:55:53+00:00 f1d893ca1926e58ae5a2bf5602b515a883f3f994 Start implementing pesto in earnest. Create a control/configuration socket in passt. Have pesto connect to it and retrieve a server greeting Perform some basic version checking. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Avoid potential recursive calling between conf_accept() and conf_close(), reported by clang-tidy] [sbrivio: In conf(), check we're not exceeding sizeof(c->control_path) instead of sizeof(c->socket_path), and, in pesto's main(), print argv[optind] instead of argv[1] to indicate an invalid socket path, both reported by Jon Maloy] [sbrivio: In pesto's main(), drop unnecessary newline from error message, reported by Laurent] [sbrivio: Don't use SOCK_NONBLOCK on accept4(), as that only applies to the *new* file descriptor, which we don't want -- set O_NONBLOCK on the listening file descriptor using fcntl()] [sbrivio: Switch to protocol version 1, and reflect the true magic behind pesto, i.e. basil, into the magic string] [sbrivio: Fix conflicts in the Makefile caused by the fact that I'm not merging a previous series reworking it] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> 
Start implementing pesto in earnest.  Create a control/configuration
socket in passt.  Have pesto connect to it and retrieve a server greeting
Perform some basic version checking.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Avoid potential recursive calling between conf_accept() and
 conf_close(), reported by clang-tidy]
[sbrivio: In conf(), check we're not exceeding sizeof(c->control_path)
 instead of sizeof(c->socket_path), and, in pesto's main(), print
 argv[optind] instead of argv[1] to indicate an invalid socket path,
 both reported by Jon Maloy]
[sbrivio: In pesto's main(), drop unnecessary newline from error
 message, reported by Laurent]
[sbrivio: Don't use SOCK_NONBLOCK on accept4(), as that only applies
 to the *new* file descriptor, which we don't want -- set O_NONBLOCK
 on the listening file descriptor using fcntl()]
[sbrivio: Switch to protocol version 1, and reflect the true magic
 behind pesto, i.e. basil, into the magic string]
[sbrivio: Fix conflicts in the Makefile caused by the fact that I'm
 not merging a previous series reworking it]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
pesto, log: Share log.h (but not log.c) with pesto tool 2026-05-07T06:06:30+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-03T21:55:52+00:00 8ad7dd45281935e8fd471fb3d3d33875ce4192b3 In pesto we're going to want several levels of error/warning messages, much like passt itself. Particularly as we start to share mode code between passt and pesto, we want to use a similar interface to emit those. However we don't want to use the same implementation - logging to a file or syslog doesn't make sense for the command line tool. To accomplish this loosely share log.h, but not log.c between pesto and passt. In fact, an #ifdef means even most of log.h isn't actually shared, but we do provide similar warn(), die() etc. macros. This includes the *_perror() variants, which need strerror(). However, we want to avoid allocations for pesto as we do for passt, and strerror() allocates in some libc versions. Therefore, also move our workaround for this to be shared with pesto. Reviewed-by: Laurent Vivier <lvivier@redhat.com> [dwg: Based on changes part of a larger patch by Stefano] Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Dropped debug_perror_() as it's not used anyway, Laurent was asking about its name] [sbrivio: Fix conflicts in the Makefile caused by the fact that I'm not merging a previous series reworking it] [sbrivio: For some reason, this triggers some unrelated, but valid, cppcheck warnings in tap.c and conf.c: fix / suppress them] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> 
In pesto we're going to want several levels of error/warning messages, much
like passt itself.  Particularly as we start to share mode code between
passt and pesto, we want to use a similar interface to emit those.  However
we don't want to use the same implementation - logging to a file or syslog
doesn't make sense for the command line tool.

To accomplish this loosely share log.h, but not log.c between pesto and
passt.  In fact, an #ifdef means even most of log.h isn't actually shared,
but we do provide similar warn(), die() etc. macros.

This includes the *_perror() variants, which need strerror().  However,
we want to avoid allocations for pesto as we do for passt, and strerror()
allocates in some libc versions.  Therefore, also move our workaround for
this to be shared with pesto.

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
[dwg: Based on changes part of a larger patch by Stefano]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Dropped debug_perror_() as it's not used anyway, Laurent was
 asking about its name]
[sbrivio: Fix conflicts in the Makefile caused by the fact that I'm
 not merging a previous series reworking it]
[sbrivio: For some reason, this triggers some unrelated, but valid,
 cppcheck warnings in tap.c and conf.c: fix / suppress them]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
pesto: Introduce stub configuration tool 2026-05-07T06:06:30+00:00 David Gibson david@gibson.dropbear.id.au 2026-05-03T21:55:51+00:00 02236db326252491d485cf7a0edd359aa6248aa2 Build a new "pesto" binary, which will become the tool to update a running passt/pasta's configuration. For now, we just build a stub binary which sets up a basic environment, parses trivial command line options but does nothing else. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Dropped leading _ from comment to include guard endif, reported by Laurent] [sbrivio: Formatting changes in pesto.1: use 80 columns instead of wrapping at about 75. Add description for -d, -h, --version.] [sbrivio: Drop note from man page about pesto being experimental, we're shipping it so that people can actually use it] [sbrivio: Fix conflicts in the Makefile as I'm not applying the previous series reworking it] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> 
Build a new "pesto" binary, which will become the tool to update a running
passt/pasta's configuration.  For now, we just build a stub binary which
sets up a basic environment, parses trivial command line options but does
nothing else.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: Dropped leading _ from comment to include guard endif,
 reported by Laurent]
[sbrivio: Formatting changes in pesto.1: use 80 columns instead of
 wrapping at about 75. Add description for -d, -h, --version.]
[sbrivio: Drop note from man page about pesto being experimental,
 we're shipping it so that people can actually use it]
[sbrivio: Fix conflicts in the Makefile as I'm not applying the
 previous series reworking it]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>