aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2024-08-21 14:20:18 +1000
committerStefano Brivio <sbrivio@redhat.com>2024-08-21 12:00:37 +0200
commit8436c0d61b3a0443df12fa7b2c928932ba202ba6 (patch)
tree14ba26d6fd48a3c9eae64d49796e2873c4e01fa9
parente813a4df7da28a69ef32642f42fd625aea798967 (diff)
downloadpasst-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar
passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.gz
passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.bz2
passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.lz
passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.xz
passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.tar.zst
passt-8436c0d61b3a0443df12fa7b2c928932ba202ba6.zip
fwd: Distinguish translatable from untranslatable addresses on inbound
fwd_nat_from_host() needs to adjust the source address for new flows coming from an address which is not accessible to the guest. Currently we always use our_tap_addr or our_tap_ll. However in cases where the address is accessible to the guest via translation (i.e. via --map-host-loopback) then it makes more sense to use that translation, rather than the fallback mapping of our_tap_*. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r--fwd.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/fwd.c b/fwd.c
index f99d204..c55aea0 100644
--- a/fwd.c
+++ b/fwd.c
@@ -386,7 +386,14 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
return PIF_SPLICE;
}
- if (!fwd_guest_accessible(c, &ini->eaddr)) {
+ if (!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_host_loopback) &&
+ inany_equals4(&ini->eaddr, &in4addr_loopback)) {
+ /* Specifically 127.0.0.1, not 127.0.0.0/8 */
+ tgt->oaddr = inany_from_v4(c->ip4.map_host_loopback);
+ } else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback) &&
+ inany_equals6(&ini->eaddr, &in6addr_loopback)) {
+ tgt->oaddr.a6 = c->ip6.map_host_loopback;
+ } else if (!fwd_guest_accessible(c, &ini->eaddr)) {
if (inany_v4(&ini->eaddr)) {
if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.our_tap_addr))
/* No source address we can use */