diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2024-08-21 14:20:13 +1000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2024-08-21 12:00:26 +0200 |
commit | 356de97e432e21e8711b94b06a53b1e16dadd913 (patch) | |
tree | ebdef8275882e31b7c7059f9f24f08d2a9019d58 /test/passt_in_ns | |
parent | 4d8dd1fbe789683aea02569e6a00be47693e8913 (diff) | |
download | passt-356de97e432e21e8711b94b06a53b1e16dadd913.tar passt-356de97e432e21e8711b94b06a53b1e16dadd913.tar.gz passt-356de97e432e21e8711b94b06a53b1e16dadd913.tar.bz2 passt-356de97e432e21e8711b94b06a53b1e16dadd913.tar.lz passt-356de97e432e21e8711b94b06a53b1e16dadd913.tar.xz passt-356de97e432e21e8711b94b06a53b1e16dadd913.tar.zst passt-356de97e432e21e8711b94b06a53b1e16dadd913.zip |
fwd: Split notion of "our tap address" from gateway for IPv4
ip4.gw conflates 3 conceptually different things, which (for now) have the
same value:
1. The router/gateway address as seen by the guest
2. An address to NAT to the host with --no-map-gw isn't specified
3. An address to use as source when nothing else makes sense
Case 3 occurs in two situations:
a) for our DHCP responses - since they come from passt internally there's
no naturally meaningful address for them to come from
b) for forwarded connections coming from an address that isn't guest
accessible (localhost or the guest's own address).
(b) occurs even with --no-map-gw, and the expected behaviour of forwarding
local connections requires it.
For IPv6 role (3) is now taken by ip6.our_tap_ll (which usually has the
same value as ip6.gw). For future flexibility we may want to make this
"address of last resort" different from the gateway address, so split them
logically for IPv4 as well.
Specifically, add a new ip4.our_tap_addr field for the address with this
role, and initialise it to ip4.gw for now. Unlike IPv6 where we can always
get a link-local address, we might not be able to get a (non 0.0.0.0)
address here (e.g. if the host is disconnected or only has a point to point
link with no gateway address). In that case we have to disable forwarding
of inbound connections with guest-inaccessible source addresses.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'test/passt_in_ns')
0 files changed, 0 insertions, 0 deletions