[pull] master from upstream #10
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We no longer have a global ICMP timer (timers for individual flows are handled through the flow timer). We still have an ICMP_TIMER_INTERVAL define, though. Remove it. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
With -t auto and similar options we need to periodically scan /proc for listening ports. Currently we do this separately for TCP and UDP, from tcp_timer() and udp_timer(). For upcoming changes (leading eventually to a more general forwarding table), it's awkward to have these separate. Move them to a single common timer. For now this just calls new tcp_scan_ports() and udp_scan_ports() functions, but we'll consolidate more thoroughly in later patches. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
fwd_scan_ports_timer(), via the things it calls, goes through all the auto forwarding cases (tcp, udp, inbound, outbound) and for each one first scans for listening ports, then rebinds - that is, closes or opens our own listening ports to match. Rearrange to do all the scans first, then all the rebinds after. This lets us consolidate all the scans into fwd.c, and will enable further cleanups. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
To avoid forwarding loops, we need to exclude certain ports from being auto-forwarded. To accomplish this, procfs_scan_listen() takes a bitmap of exclusions. As it detects each port, it checks against that bitmap. This is a complicated way of accomplishing what we need. We can instead mask out the excluded ports in the callers using a new bitmap_and_not() helper. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
When using -t auto and the like, we scan for listening ports once at startup, then repeatedly on a timer. With previous rearrangements the logic for each of these cases is very nearly repeated. Factor it out into a fwd_scan_ports() function. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
fwd_scan_ports() needs to check for FWD_AUTO mode before calling each
scan function - otherwise it would clobber the forwarding bitmap which
should retain the user's fixed configuration.
Make this slightly cleaner and safer by moving the mode check into
fwd_scan_ports_{tcp,udp}().
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
In fwd_scan_ports() we go through each of the automatic forwarding cases (tcp, udp, inbound and outbound) in turn, scanning and calculating the new forwarding map. However, to avoid avoid circular forwarding, some of these maps affect each other. This has the odd effect that the ones handled earlier are based on the previous scan of other maps, whereas the later ones are based on the latest scan. That's not generally harmful, but it is counter-intuitive and results in a few odd edge cases. Avoid this by performing all the scans first, without regard to other maps, then applying the exclusions afterwards. One case has an extra wrinkle: for UDP we forwarded not just ports that were listening on UDP but ones listening on TCP as well, for the benefit of protocols like iperf3. We therefore also excluded listening ports from both UDP and TCP from the other direction to avoid circular forwarding. This doesn't really make sense, though. To avoid circular forwarding, we don't care *why* the other side is listening on UDP, just that it *is* listening. This was only needed because the reverse map might have been one cycle out of date and therefore not included a port opened because of the corresponding TCP port. Now that we avoid that out of date map possibility, it's sufficient to just mask out UDP listening ports in the other direction. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
To avoid circular forwarding, {tcp,udp}_port_rebind() refuse to listen on
ports that we're already listening on in the reverse direction. This is
redundant, because we already remove such ports from the forward map when
we scan. This was needed previously, because our reverse maps might have
been one cycle out of date, so could be missing a newly appeared port.
We've now rearranged the port scanning code to avoid that, so we don't need
the check in tcp_port_rebind() any more.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )