Re: [PATCH v11 19/23] pesto, conf, fwd_rule: Add options and modes to add, delete, clear rules

On Thu, 7 May 2026 09:51:10 +1000 David Gibson wrote:

On Wed, May 06, 2026 at 11:31:51PM +0200, Stefano Brivio wrote:

...

Instead of just being able to add to the existing tables, implement an explicit --clear option to replace them, which now becomes the default behaviour, and implement explicit --add and --delete options to maintain the table and add or delete specific ports.

The option --clear PIF forces the clearing of a table, instead.

These options can be combined arbitrarily and are handled as sequential commands, as now described in pesto(1).

If no option is given before forwarding specifiers for a matching table, the command line is interpreted as a replacement of the existing rules.

To this end:

- there's no protocol change, as pesto is anyway sending updated copies of the table

- the forwarding table functions now include a new fwd_rule_del(), which deletes existing rule only if a matching one is found

- a trivial fwd_rule_clear() is factored out from the existing conf_handler() implementation, so that it can be directly used in pesto

The entry points for parsing of port specifiers now take an additional 'del' parameter which is passed down all the way before reaching the fwd_rule_add() implementation. If a rule should be deleted, at that point, fwd_rule_del() is called instead.

Signed-off-by: Stefano Brivio Reviewed-by: Laurent Vivier

Reviewed-by: David Gibson

Several concerns below, but they can all be addressed as follow ups.

Just to set expectations: I won't take care of those, mostly because there are actual blocking issues (not with this series, they would also be follow up) that I'm trying to take care of instead, see e.g.: https://github.com/containers/container-libs/pull/755#issuecomment-439242731... so you'll need to follow up with patches, in case (and expect delays in reviews). -- Stefano