diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2021-07-26 14:10:29 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2021-07-26 14:10:29 +0200 |
| commit | 86b273150a47c6f5783db865d1385675f5c4e5a6 (patch) | |
| tree | bc0011bc64f00a519817eb7b74a7d20664f8e3fb /tcp.c | |
| parent | f4aaa471a1d304b0b6c767ef4b2fb88b45c02ef1 (diff) | |
| download | passt-86b273150a47c6f5783db865d1385675f5c4e5a6.tar passt-86b273150a47c6f5783db865d1385675f5c4e5a6.tar.gz passt-86b273150a47c6f5783db865d1385675f5c4e5a6.tar.bz2 passt-86b273150a47c6f5783db865d1385675f5c4e5a6.tar.lz passt-86b273150a47c6f5783db865d1385675f5c4e5a6.tar.xz passt-86b273150a47c6f5783db865d1385675f5c4e5a6.tar.zst passt-86b273150a47c6f5783db865d1385675f5c4e5a6.zip | |
tcp, udp: Allow binding ports in init namespace to both tap and loopback
Traffic with loopback source address will be forwarded to the direct
loopback connection in the namespace, and the tap interface is used
for the rest.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tcp.c')
| -rw-r--r-- | tcp.c | 55 |
1 files changed, 37 insertions, 18 deletions
@@ -2095,7 +2095,8 @@ static int tcp_sock_init_ns(void *arg) continue; tref.index = port; - sock_l4(c, AF_INET, IPPROTO_TCP, port, 1, tref.u32); + sock_l4(c, AF_INET, IPPROTO_TCP, port, BIND_LOOPBACK, + tref.u32); } } @@ -2106,7 +2107,8 @@ static int tcp_sock_init_ns(void *arg) continue; tref.index = port; - sock_l4(c, AF_INET6, IPPROTO_TCP, port, 1, tref.u32); + sock_l4(c, AF_INET6, IPPROTO_TCP, port, BIND_LOOPBACK, + tref.u32); } } @@ -2123,6 +2125,7 @@ int tcp_sock_init(struct ctx *c) { union tcp_epoll_ref tref = { .listen = 1 }; char ns_fn_stack[NS_FN_STACK_SIZE]; + enum bind_type tap_bind; in_port_t port; getrandom(&c->tcp.hash_secret, sizeof(c->tcp.hash_secret), GRND_RANDOM); @@ -2130,33 +2133,49 @@ int tcp_sock_init(struct ctx *c) if (c->v4) { tref.v6 = 0; for (port = 0; port < USHRT_MAX; port++) { - if (bitmap_isset(c->tcp.port4_to_ns, port)) + tref.index = port; + + if (bitmap_isset(c->tcp.port4_to_ns, port)) { tref.splice = 1; - else if (bitmap_isset(c->tcp.port4_to_tap, port)) - tref.splice = 0; - else - continue; + sock_l4(c, AF_INET, IPPROTO_TCP, port, + BIND_LOOPBACK, tref.u32); + tap_bind = BIND_EXT; + } else { + tap_bind = BIND_ANY; + } - tref.index = port; - sock_l4(c, AF_INET, IPPROTO_TCP, port, tref.splice, - tref.u32); + if (bitmap_isset(c->tcp.port4_to_tap, port)) { + tref.splice = 0; + sock_l4(c, AF_INET, IPPROTO_TCP, port, + tap_bind, tref.u32); + } } + + tcp_sock4_iov_init(); } if (c->v6) { tref.v6 = 1; for (port = 0; port < USHRT_MAX; port++) { - if (bitmap_isset(c->tcp.port6_to_ns, port)) + tref.index = port; + + if (bitmap_isset(c->tcp.port6_to_ns, port)) { tref.splice = 1; - else if (bitmap_isset(c->tcp.port6_to_tap, port)) - tref.splice = 0; - else - continue; + sock_l4(c, AF_INET6, IPPROTO_TCP, port, + BIND_LOOPBACK, tref.u32); + tap_bind = BIND_EXT; + } else { + tap_bind = BIND_ANY; + } - tref.index = port; - sock_l4(c, AF_INET6, IPPROTO_TCP, port, tref.splice, - tref.u32); + if (bitmap_isset(c->tcp.port6_to_tap, port)) { + tref.splice = 0; + sock_l4(c, AF_INET6, IPPROTO_TCP, port, + tap_bind, tref.u32); + } } + + tcp_sock6_iov_init(); } if (c->mode == MODE_PASTA) { |