From a0af19f858d119da4a9deff1ea6d488545e99c5c Mon Sep 17 00:00:00 2001 From: David Gibson Date: Fri, 16 Jan 2026 11:59:22 +1100 Subject: fwd: Generate auto-forward exclusions from socket fd tables When auto-forwarding based on port scans, we must exclude our own listening ports, to avoid circular forwards. Currently we use the (previous value of the) forwarding bitmaps for the reverse direction to determine that. Instead, generate it from the tables of listening sockets that we now maintain. For now this seems like a lot more work to get to the same place. However, it does mean we're basing our exclusions directly on the relevant information: which of the scanned listens belong to us. More importantly, it's a step towards removing the bitmaps entirely. Signed-off-by: David Gibson Signed-off-by: Stefano Brivio --- fwd.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/fwd.c b/fwd.c index bc2698f..266e241 100644 --- a/fwd.c +++ b/fwd.c @@ -685,6 +685,28 @@ static void fwd_scan_ports_udp(struct fwd_ports *fwd, bitmap_and_not(fwd->map, PORT_BITMAP_SIZE, fwd->map, exclude); } +/** + * current_listen_map() - Get bitmap of which ports we're already listening on + * @map: Bitmap to populate + * @fwd: Forwarding table to consider + */ +static void current_listen_map(uint8_t *map, const struct fwd_ports *fwd) +{ + unsigned i; + + memset(map, 0, PORT_BITMAP_SIZE); + + for (i = 0; i < fwd->count; i++) { + const struct fwd_rule *rule = &fwd->rules[i]; + unsigned port; + + for (port = rule->first; port <= rule->last; port++) { + if (rule->socks[port - rule->first] >= 0) + bitmap_set(map, port); + } + } +} + /** * fwd_scan_ports() - Scan automatic port forwarding information * @c: Execution context @@ -694,10 +716,10 @@ static void fwd_scan_ports(struct ctx *c) uint8_t excl_tcp_out[PORT_BITMAP_SIZE], excl_udp_out[PORT_BITMAP_SIZE]; uint8_t excl_tcp_in[PORT_BITMAP_SIZE], excl_udp_in[PORT_BITMAP_SIZE]; - memcpy(excl_tcp_out, c->tcp.fwd_in.map, sizeof(excl_tcp_out)); - memcpy(excl_tcp_in, c->tcp.fwd_out.map, sizeof(excl_tcp_in)); - memcpy(excl_udp_out, c->udp.fwd_in.map, sizeof(excl_udp_out)); - memcpy(excl_udp_in, c->udp.fwd_out.map, sizeof(excl_udp_in)); + current_listen_map(excl_tcp_out, &c->tcp.fwd_in); + current_listen_map(excl_tcp_in, &c->tcp.fwd_out); + current_listen_map(excl_udp_out, &c->udp.fwd_in); + current_listen_map(excl_udp_in, &c->udp.fwd_out); fwd_scan_ports_tcp(&c->tcp.fwd_out, excl_tcp_out); fwd_scan_ports_tcp(&c->tcp.fwd_in, excl_tcp_in); -- cgit v1.2.3