diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2026-05-03 23:56:00 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2026-05-07 08:06:30 +0200 |
| commit | 4ff9887bfe630aa27178ec38c69e69f7960e1d50 (patch) | |
| tree | f118f96f921275effe92a15fc74af4e3a27f3717 | |
| parent | 7c5b1d72ffa4225929e99ac32604df4648d20eed (diff) | |
| download | passt-4ff9887bfe630aa27178ec38c69e69f7960e1d50.tar passt-4ff9887bfe630aa27178ec38c69e69f7960e1d50.tar.gz passt-4ff9887bfe630aa27178ec38c69e69f7960e1d50.tar.bz2 passt-4ff9887bfe630aa27178ec38c69e69f7960e1d50.tar.lz passt-4ff9887bfe630aa27178ec38c69e69f7960e1d50.tar.xz passt-4ff9887bfe630aa27178ec38c69e69f7960e1d50.tar.zst passt-4ff9887bfe630aa27178ec38c69e69f7960e1d50.zip | |
conf, fwd: Allow switching to new rules received from pesto
We can now receive updates to the forwarding rules from the pesto client
and store them in a "pending" copy of the forwarding tables. Implement
switching to using the new rules.
The logic is in a new fwd_listen_switch(). For now this closes all
listening sockets related to the old tables, swaps the active and pending
tables, then listens based on the new tables. In future we look to improve
this so that we don't temporarily stop listening on ports that both the
old and new tables specify.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[sbrivio: In fwd_listen_switch(), use the destination size as argument
to memcpy(), instead of sizeof(tmp), as suggested by Laurent]
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
| -rw-r--r-- | conf.c | 5 | ||||
| -rw-r--r-- | fwd.c | 34 | ||||
| -rw-r--r-- | fwd.h | 1 |
3 files changed, 37 insertions, 3 deletions
@@ -2158,15 +2158,14 @@ void conf_handler(struct ctx *c, uint32_t events) fwd_rules_dump(info, fwd->rules, fwd->count, " ", ""); } + + fwd_listen_switch(c); } if (events & EPOLLHUP) { debug("Configuration client hangup"); - goto close; } - return; - close: conf_close(c); @@ -534,6 +534,40 @@ int fwd_listen_init(const struct ctx *c) return 0; } +/** + * fwd_listen_switch() - Switch from current to pending rules table + * @c: Execution context + */ +void fwd_listen_switch(struct ctx *c) +{ + struct fwd_table *tmp[PIF_NUM_TYPES]; + unsigned i; + + /* Stop listening on the old tables */ + for (i = 0; i < PIF_NUM_TYPES; i++) { + struct fwd_table *fwd = c->fwd[i]; + + if (!fwd) + continue; + + debug("Flushing %u old %s rules", fwd->count, pif_name(i)); + fwd_listen_close(fwd); + fwd->count = fwd->sock_count = 0; + } + + /* Swap active and pending tables */ + static_assert(sizeof(tmp) == sizeof(c->fwd) && + sizeof(tmp) == sizeof(c->fwd_pending), + "Temporary has wrong size"); + memcpy(&tmp, (void *)c->fwd, sizeof(tmp)); + memcpy((void *)c->fwd, (void *)c->fwd_pending, sizeof(c->fwd)); + memcpy((void *)c->fwd_pending, &tmp, sizeof(c->fwd_pending)); + + /* Start listening on the new tables */ + if (fwd_listen_init(c) < 0) + err("Error switching to new forwarding rules"); +} + /* See enum in kernel's include/net/tcp_states.h */ #define UDP_LISTEN 0x07 #define TCP_LISTEN 0x0a @@ -61,6 +61,7 @@ int fwd_listen_sync(const struct ctx *c, uint8_t pif, const struct fwd_scan *tcp, const struct fwd_scan *udp); void fwd_listen_close(const struct fwd_table *fwd); int fwd_listen_init(const struct ctx *c); +void fwd_listen_switch(struct ctx *c); bool nat_inbound(const struct ctx *c, const union inany_addr *addr, union inany_addr *translated); |