diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2024-07-18 15:26:42 +1000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-07-19 18:33:25 +0200 |
commit | 4cd753e65c591732b84c455b8eb9af44d09155cd (patch) | |
tree | 1c7caa94d8c0aa2094168641d9d732ab3cf71ca6 /contrib/selinux/pasta.te | |
parent | 781164e25bdf3e99233ab585f02c72525cfb79c5 (diff) | |
download | passt-4cd753e65c591732b84c455b8eb9af44d09155cd.tar passt-4cd753e65c591732b84c455b8eb9af44d09155cd.tar.gz passt-4cd753e65c591732b84c455b8eb9af44d09155cd.tar.bz2 passt-4cd753e65c591732b84c455b8eb9af44d09155cd.tar.lz passt-4cd753e65c591732b84c455b8eb9af44d09155cd.tar.xz passt-4cd753e65c591732b84c455b8eb9af44d09155cd.tar.zst passt-4cd753e65c591732b84c455b8eb9af44d09155cd.zip |
icmp: Manage outbound socket address via flow table
For now when we forward a ping to the host we leave the host side
forwarding address and port blank since we don't necessarily know what
source address and id will be used by the kernel. When the outbound
address option is active, though, we do know the address at least, so we
can record it in the flowside.
Having done that, use it as the primary source of truth, binding the
outgoing socket based on the information in there. This allows the
possibility of more complex rules for what outbound address and/or id
we use in future.
To implement this we create a new helper which sets up a new socket based
on information in a flowside, which will also have future uses. It
behaves slightly differently from the existing ICMP code, in that it
doesn't bind to a specific interface if given a loopback address. This is
logically correct - the loopback address means we need to operate through
the host's loopback interface, not ifname_out. We didn't need it in ICMP
because ICMP will never generate a loopback address at this point, however
we intend to change that in future.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'contrib/selinux/pasta.te')
0 files changed, 0 insertions, 0 deletions