4 files changed, 60 insertions, 17 deletions

diff --git a/conf.c b/conf.c
index d605c21..6794508 100644
--- a/conf.c
+++ b/conf.c
@@ -820,6 +820,9 @@ static void usage(const char *name, FILE *f, int status)
 		"  --map-host-loopback ADDR	Translate ADDR to refer to host\n"
 	        "    can be specified zero to two times (for IPv4 and IPv6)\n"
 		"    default: gateway address\n"
+		"  --map-guest-addr ADDR	Translate ADDR to guest's address\n"
+	        "    can be specified zero to two times (for IPv4 and IPv6)\n"
+		"    default: none\n"
 		"  --dns-forward ADDR	Forward DNS queries sent to ADDR\n"
 		"    can be specified zero to two times (for IPv4 and IPv6)\n"
 		"    default: don't forward DNS queries\n"
@@ -1136,29 +1139,32 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid)
 }
 
 /**
- * conf_nat() - Parse --map-host-loopback option
- * @c:		Execution context
- * @arg:	String argument to --map-host-loopback
- * @no_map_gw:	--no-map-gw flag, updated for "none" argument
+ * conf_nat() - Parse --map-host-loopback or --map-guest-addr option
+ * @arg:	String argument to option
+ * @addr4:	IPv4 to update with parsed address
+ * @addr6:	IPv6 to update with parsed address
+ * @no_map_gw:	--no-map-gw flag, or NULL, updated for "none" argument
  */
-static void conf_nat(struct ctx *c, const char *arg, int *no_map_gw)
+static void conf_nat(const char *arg, struct in_addr *addr4,
+		     struct in6_addr *addr6, int *no_map_gw)
 {
 	if (strcmp(arg, "none") == 0) {
-		c->ip4.map_host_loopback = in4addr_any;
-		c->ip6.map_host_loopback = in6addr_any;
-		*no_map_gw = 1;
+		*addr4 = in4addr_any;
+		*addr6 = in6addr_any;
+		if (no_map_gw)
+			*no_map_gw = 1;
 	}
 
-	if (inet_pton(AF_INET6, arg, &c->ip6.map_host_loopback) &&
-	    !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback)	&&
-	    !IN6_IS_ADDR_LOOPBACK(&c->ip6.map_host_loopback)	&&
-	    !IN6_IS_ADDR_MULTICAST(&c->ip6.map_host_loopback))
+	if (inet_pton(AF_INET6, arg, addr6)	&&
+	    !IN6_IS_ADDR_UNSPECIFIED(addr6)	&&
+	    !IN6_IS_ADDR_LOOPBACK(addr6)	&&
+	    !IN6_IS_ADDR_MULTICAST(addr6))
 		return;
 
-	if (inet_pton(AF_INET, arg, &c->ip4.map_host_loopback)	&&
-	    !IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_host_loopback)	&&
-	    !IN4_IS_ADDR_LOOPBACK(&c->ip4.map_host_loopback)	&&
-	    !IN4_IS_ADDR_MULTICAST(&c->ip4.map_host_loopback))
+	if (inet_pton(AF_INET, arg, addr4)	&&
+	    !IN4_IS_ADDR_UNSPECIFIED(addr4)	&&
+	    !IN4_IS_ADDR_LOOPBACK(addr4)	&&
+	    !IN4_IS_ADDR_MULTICAST(addr4))
 		return;
 
 	die("Invalid address to remap to host: %s", optarg);
@@ -1274,6 +1280,7 @@ void conf(struct ctx *c, int argc, char **argv)
 		{"no-copy-addrs", no_argument,		NULL,		19 },
 		{"netns-only",	no_argument,		NULL,		20 },
 		{"map-host-loopback", required_argument, NULL,		21 },
+		{"map-guest-addr", required_argument,	NULL,		22 },
 		{ 0 },
 	};
 	const char *logname = (c->mode == MODE_PASTA) ? "pasta" : "passt";
@@ -1444,7 +1451,12 @@ void conf(struct ctx *c, int argc, char **argv)
 			*userns = 0;
 			break;
 		case 21:
-			conf_nat(c, optarg, &no_map_gw);
+			conf_nat(optarg, &c->ip4.map_host_loopback,
+				 &c->ip6.map_host_loopback, &no_map_gw);
+			break;
+		case 22:
+			conf_nat(optarg, &c->ip4.map_guest_addr,
+				 &c->ip6.map_guest_addr, NULL);
 			break;
 		case 'd':
 			c->debug = 1;
diff --git a/fwd.c b/fwd.c
index c55aea0..2a0452f 100644
--- a/fwd.c
+++ b/fwd.c
@@ -272,6 +272,10 @@ uint8_t fwd_nat_from_tap(const struct ctx *c, uint8_t proto,
 		tgt->eaddr = inany_loopback4;
 	else if (inany_equals6(&ini->oaddr, &c->ip6.map_host_loopback))
 		tgt->eaddr = inany_loopback6;
+	else if (inany_equals4(&ini->oaddr, &c->ip4.map_guest_addr))
+		tgt->eaddr = inany_from_v4(c->ip4.addr);
+	else if (inany_equals6(&ini->oaddr, &c->ip6.map_guest_addr))
+		tgt->eaddr.a6 = c->ip6.addr;
 	else
 		tgt->eaddr = ini->oaddr;
 
@@ -393,6 +397,12 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
 	} else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback) &&
 		   inany_equals6(&ini->eaddr, &in6addr_loopback)) {
 		tgt->oaddr.a6 = c->ip6.map_host_loopback;
+	} else if (!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_guest_addr) &&
+		   inany_equals4(&ini->eaddr, &c->ip4.addr)) {
+		tgt->oaddr = inany_from_v4(c->ip4.map_guest_addr);
+	} else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_guest_addr) &&
+		   inany_equals6(&ini->eaddr, &c->ip6.addr)) {
+		tgt->oaddr.a6 = c->ip6.map_guest_addr;
 	} else if (!fwd_guest_accessible(c, &ini->eaddr)) {
 		if (inany_v4(&ini->eaddr)) {
 			if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.our_tap_addr))
diff --git a/passt.1 b/passt.1
index e85d988..79d134d 100644
--- a/passt.1
+++ b/passt.1
@@ -349,6 +349,21 @@ default route, or if there is no default route, for any of the enabled address
 families.
 
 .TP
+.BR \-\-map-guest-addr " " \fIaddr
+Translate \fIaddr\fR in the guest to be equal to the guest's assigned
+address on the host.  That is, packets from the guest to \fIaddr\fR
+will be redirected to the address assigned to the guest with \fB-a\fR,
+or by default the host's global address.  This allows the guest to
+access services availble on the host's global address, even though its
+own address shadows that of the host.
+
+If \fIaddr\fR is 'none', no address is mapped.  Only one IPv4 and one
+IPv6 address can be translated, and if the option is specified
+multiple times, the last one for each address type takes effect.
+
+Default is no mapping.
+
+.TP
 .BR \-4 ", " \-\-ipv4-only
 Enable IPv4-only operation. IPv6 traffic will be ignored.
 By default, IPv6 operation is enabled as long as at least an IPv6 route and an
diff --git a/passt.h b/passt.h
index 7cdba85..031c9b6 100644
--- a/passt.h
+++ b/passt.h
@@ -104,6 +104,8 @@ enum passt_modes {
  * @guest_gw:		IPv4 gateway as seen by the guest
  * @map_host_loopback:	Outbound connections to this address are NATted to the
  *                      host's 127.0.0.1
+ * @map_guest_addr:	Outbound connections to this address are NATted to the
+ *                      guest's assigned address
  * @dns:		DNS addresses for DHCP, zero-terminated
  * @dns_match:		Forward DNS query if sent to this address
  * @our_tap_addr:	IPv4 address for passt's use on tap
@@ -120,6 +122,7 @@ struct ip4_ctx {
 	int prefix_len;
 	struct in_addr guest_gw;
 	struct in_addr map_host_loopback;
+	struct in_addr map_guest_addr;
 	struct in_addr dns[MAXNS + 1];
 	struct in_addr dns_match;
 	struct in_addr our_tap_addr;
@@ -142,6 +145,8 @@ struct ip4_ctx {
  * @guest_gw:		IPv6 gateway as seen by the guest
  * @map_host_loopback:	Outbound connections to this address are NATted to the
  *                      host's [::1]
+ * @map_guest_addr:	Outbound connections to this address are NATted to the
+ *                      guest's assigned address
  * @dns:		DNS addresses for DHCPv6 and NDP, zero-terminated
  * @dns_match:		Forward DNS query if sent to this address
  * @our_tap_ll:		Link-local IPv6 address for passt's use on tap
@@ -158,6 +163,7 @@ struct ip6_ctx {
 	struct in6_addr addr_ll_seen;
 	struct in6_addr guest_gw;
 	struct in6_addr map_host_loopback;
+	struct in6_addr map_guest_addr;
 	struct in6_addr dns[MAXNS + 1];
 	struct in6_addr dns_match;
 	struct in6_addr our_tap_ll;