Merged
Conversation
Base automatically changed from
pr/fredi/move_flowkey_and_info_and_embed_keys
to
main
March 5, 2026 10:50
qmonnet
requested changes
Mar 5, 2026
Member
qmonnet
left a comment
qmonnet
left a comment
There was a problem hiding this comment.
I'm mostly concerned with the non-debug assert; it looks good otherwise, I just have a few nits.
It also needs a rebase of course.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adapts the port-forwarding code to work with FlowInfo objects that embed FlowKeys, and consolidates the flow-info crate into the net crate alongside the flow_key module (which was moved from flow-entry). This is a preparatory refactoring that does not yet make functional use of embedded keys but sets the groundwork for subsequent PRs.
Changes:
- Consolidates the
flow-infocrate andflow_keymodule intonet/src/flows/, removing the standaloneflow-infocrate and updating all imports across the codebase. - Extends
FlowInfoto embed anOption<FlowKey>, updatesFlowInfo::related_pair()to require two distinct keys, and adds validation inFlowTable::insert/insert_from_arcto ensure key consistency. - Refactors port-forwarding flow creation to pre-compute both forward and reverse flow keys before packet mutation, extracting key-building logic into a new
build_portfw_flow_keysfunction.
Reviewed changes
Copilot reviewed 28 out of 31 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
Cargo.toml |
Removes flow-info from workspace members and dependencies |
Cargo.lock |
Updated lock file reflecting flow-info removal and net gaining its dependencies |
net/Cargo.toml |
Adds atomic-instant-full, downcast-rs, ahash (dev) dependencies previously in flow-info |
net/src/lib.rs |
Adds flows module and re-exports FlowKey, FlowKeyData, and related types |
net/src/flows/mod.rs |
New module aggregating flow keys, flow info, flow info items, and atomic instant |
net/src/flows/flow_key.rs |
Moved from flow-entry, adds new accessors (src_port, dst_port, ports, proto), setters, and From impls |
net/src/flows/flow_key_display.rs |
Moved Display impls for FlowKeyData and FlowKey |
net/src/flows/flow_info.rs |
Moved from flow-info crate; adds flowkey field to FlowInfo, updates related_pair to require keys |
net/src/flows/flow_info_item.rs |
Moved from flow-info crate (trait and helpers for downcasting flow info items) |
net/src/flows/atomic_instant.rs |
Moved from flow-info crate |
net/src/packet/meta.rs |
Updates FlowInfo import path |
flow-info/Cargo.toml |
Deleted |
flow-entry/Cargo.toml |
Removes flow-info dependency |
flow-entry/src/flow_table/mod.rs |
Removes flow_key submodule, updates re-exports to use net::flows |
flow-entry/src/flow_table/table.rs |
Adds key validation assertions in insert and insert_from_arc; embeds key in insert if absent |
flow-entry/src/flow_table/display.rs |
Removes moved Display impls, updates imports |
flow-entry/src/flow_table/nf_lookup.rs |
Updates imports and test call sites for related_pair |
flow-entry/src/flow_table/nf_expirations.rs |
Updates imports |
flow-filter/Cargo.toml |
Removes flow-info dependency |
flow-filter/src/lib.rs |
Updates imports to net::flows |
nat/Cargo.toml |
Removes flow-info dependency |
nat/src/portfw/nf.rs |
Refactors do_port_forwarding to pre-build keys, passes keys to related_pair |
nat/src/portfw/flow_state.rs |
Adds build_portfw_flow_keys; refactors setup_forward_flow/setup_reverse_flow to accept pre-built keys |
nat/src/portfw/test.rs |
Updates imports |
nat/src/portfw/portfwtable/objects.rs |
Adds comment to dst_vpcd, reformats alignment |
nat/src/stateful/mod.rs |
Updates imports |
nat/src/stateful/allocator.rs |
Updates imports |
nat/src/stateful/apalloc/mod.rs |
Updates imports |
nat/src/stateful/apalloc/natip_with_bitmap.rs |
Updates imports |
nat/src/stateful/apalloc/test_alloc.rs |
Updates imports |
nat/src/stateful/test.rs |
Updates imports |
Comments suppressed due to low confidence (3)
net/src/flows/flow_key.rs:369
confidence: 8
tags: [logic, style]
Using `unreachable!()` inside a `From` trait implementation is problematic. The `From` trait is expected to be a total (infallible) conversion in Rust. Passing any `NextHeader` variant other than TCP or UDP (e.g., ICMP, ICMP6, or any other protocol) will panic at runtime. Consider using `TryFrom` instead, which returns a `Result` and properly signals to callers that the conversion may not succeed. This would also force callers to handle the error case explicitly rather than relying on a runtime panic.
**net/src/flows/flow_key.rs:521**
* ```yaml
confidence: 8
tags: [logic]
The proto() method returns NextHeader::ICMP for all IcmpProtoKey variants, but IcmpProtoKey is used for both ICMPv4 and ICMPv6 flows (via new_icmp_v4 and new_icmp_v6 constructors). For ICMPv6 flows, this would incorrectly return NextHeader::ICMP (protocol 1) instead of NextHeader::ICMP6 (protocol 58). While the TODO acknowledges this, any caller using proto() on an ICMPv6 flow key will get the wrong protocol number. Consider at minimum documenting that this only works correctly for ICMPv4, or storing the IP version in the IcmpProtoKey so the correct protocol can be returned.
net/src/flows/mod.rs:4
confidence: 7
tags: [docs]
The module-level doc comment says "Definitions for flow keys" but this module also contains flow info (`flow_info.rs`), flow info items (`flow_info_item.rs`), and `AtomicInstant`. Consider updating the doc comment to reflect the broader scope, e.g., "Definitions for flow keys, flow information, and related types".
</details>
Fredi-raspall
force-pushed
the
pr/fredi/adapt-port-fw-flows-with-keys
branch
from
b5b1250 to
0dedd26
Compare
These are needed later on. Signed-off-by: Fredi Raspall <fredi@githedgehog.com>
Reorganize the code so that the keys for the pair of related flows can be computed before creating those, so that these are built with the keys set. Signed-off-by: Fredi Raspall <fredi@githedgehog.com>
Signed-off-by: Fredi Raspall <fredi@githedgehog.com>
Fredi-raspall
force-pushed
the
pr/fredi/adapt-port-fw-flows-with-keys
branch
from
0dedd26 to
c978b73
Compare
Contributor
Author
|
@qmonnet I think I addressed all comments and rebased on latest main. |
qmonnet
approved these changes
Mar 5, 2026
Comment on lines
+201
to
+202
| debug_assert!( | ||
| key1 != key2, |
Member
There was a problem hiding this comment.
Suggested change
| debug_assert!( | |
| key1 != key2, | |
| debug_assert_ne!( | |
| key1, | |
| key2, |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This goes on top of #1315, which should be merged first.