diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2024-08-21 14:20:18 +1000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-08-21 12:00:37 +0200 |
commit | 8436c0d61b3a0443df12fa7b2c928932ba202ba6 (patch) | |
tree | 14ba26d6fd48a3c9eae64d49796e2873c4e01fa9 | |
parent | e813a4df7da28a69ef32642f42fd625aea798967 (diff) | |
download | passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.gz passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.bz2 passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.lz passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.xz passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.zst passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.zip |
fwd: Distinguish translatable from untranslatable addresses on inbound
fwd_nat_from_host() needs to adjust the source address for new flows coming
from an address which is not accessible to the guest. Currently we always
use our_tap_addr or our_tap_ll. However in cases where the address is
accessible to the guest via translation (i.e. via --map-host-loopback) then
it makes more sense to use that translation, rather than the fallback
mapping of our_tap_*.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r-- | fwd.c | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -386,7 +386,14 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto, return PIF_SPLICE; } - if (!fwd_guest_accessible(c, &ini->eaddr)) { + if (!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_host_loopback) && + inany_equals4(&ini->eaddr, &in4addr_loopback)) { + /* Specifically 127.0.0.1, not 127.0.0.0/8 */ + tgt->oaddr = inany_from_v4(c->ip4.map_host_loopback); + } else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback) && + inany_equals6(&ini->eaddr, &in6addr_loopback)) { + tgt->oaddr.a6 = c->ip6.map_host_loopback; + } else if (!fwd_guest_accessible(c, &ini->eaddr)) { if (inany_v4(&ini->eaddr)) { if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.our_tap_addr)) /* No source address we can use */ |