diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2025-12-02 15:02:15 +1100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2025-12-02 23:07:42 +0100 |
| commit | fdbb4efd38f7211881e05f7284c364df5d4856be (patch) | |
| tree | 5c613a1db4bf05e31077ca8eae6674c669986344 | |
| parent | e3c4c4175ce61280efd0f5effb233b0f2f37fab1 (diff) | |
| download | passt-fdbb4efd38f7211881e05f7284c364df5d4856be.tar passt-fdbb4efd38f7211881e05f7284c364df5d4856be.tar.gz passt-fdbb4efd38f7211881e05f7284c364df5d4856be.tar.bz2 passt-fdbb4efd38f7211881e05f7284c364df5d4856be.tar.lz passt-fdbb4efd38f7211881e05f7284c364df5d4856be.tar.xz passt-fdbb4efd38f7211881e05f7284c364df5d4856be.tar.zst passt-fdbb4efd38f7211881e05f7284c364df5d4856be.zip | |
When forwarding "spliced" connections outwards (-T or -U) we listen on the
guest's loopback and always forward to 127.0.0.1 (or ::1) on the host.
However, it's also possible for clients on the guest to attempt connecting
to other addresses in 127.0.0.0/8 (systemd-resolved uses 127.0.0.53 in
practice). If the host side server is only listening on that specific
non-standard loopback address, the forward won't work. Fix this by
preserving the specific (loopback) address when forwarding such
connections.
Link: https://bugs.passt.top/show_bug.cgi?id=113
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | fwd.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -660,7 +660,9 @@ uint8_t fwd_nat_from_splice(const struct ctx *c, uint8_t proto, return PIF_NONE; } - if (inany_v4(&ini->eaddr)) + if (!inany_is_unspecified(&ini->oaddr)) + tgt->eaddr = ini->oaddr; + else if (inany_v4(&ini->oaddr)) tgt->eaddr = inany_loopback4; else tgt->eaddr = inany_loopback6; |