From 8436c0d61b3a0443df12fa7b2c928932ba202ba6 Mon Sep 17 00:00:00 2001 From: David Gibson Date: Wed, 21 Aug 2024 14:20:18 +1000 Subject: fwd: Distinguish translatable from untranslatable addresses on inbound fwd_nat_from_host() needs to adjust the source address for new flows coming from an address which is not accessible to the guest. Currently we always use our_tap_addr or our_tap_ll. However in cases where the address is accessible to the guest via translation (i.e. via --map-host-loopback) then it makes more sense to use that translation, rather than the fallback mapping of our_tap_*. Signed-off-by: David Gibson Signed-off-by: Stefano Brivio --- fwd.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fwd.c b/fwd.c index f99d204..c55aea0 100644 --- a/fwd.c +++ b/fwd.c @@ -386,7 +386,14 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto, return PIF_SPLICE; } - if (!fwd_guest_accessible(c, &ini->eaddr)) { + if (!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_host_loopback) && + inany_equals4(&ini->eaddr, &in4addr_loopback)) { + /* Specifically 127.0.0.1, not 127.0.0.0/8 */ + tgt->oaddr = inany_from_v4(c->ip4.map_host_loopback); + } else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback) && + inany_equals6(&ini->eaddr, &in6addr_loopback)) { + tgt->oaddr.a6 = c->ip6.map_host_loopback; + } else if (!fwd_guest_accessible(c, &ini->eaddr)) { if (inany_v4(&ini->eaddr)) { if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.our_tap_addr)) /* No source address we can use */ -- cgit v1.2.3