From fdbb4efd38f7211881e05f7284c364df5d4856be Mon Sep 17 00:00:00 2001
From: David Gibson <david@gibson.dropbear.id.au>
Date: Tue, 2 Dec 2025 15:02:15 +1100
Subject: fwd: Preserve non-standard loopback address when splice forwarding

When forwarding "spliced" connections outwards (-T or -U) we listen on the
guest's loopback and always forward to 127.0.0.1 (or ::1) on the host.
However, it's also possible for clients on the guest to attempt connecting
to other addresses in 127.0.0.0/8 (systemd-resolved uses 127.0.0.53 in
practice).  If the host side server is only listening on that specific
non-standard loopback address, the forward won't work.  Fix this by
preserving the specific (loopback) address when forwarding such
connections.

Link: https://bugs.passt.top/show_bug.cgi?id=113
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 fwd.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fwd.c b/fwd.c
index c417e0f..44a0e10 100644
--- a/fwd.c
+++ b/fwd.c
@@ -660,7 +660,9 @@ uint8_t fwd_nat_from_splice(const struct ctx *c, uint8_t proto,
 		return PIF_NONE;
 	}
 
-	if (inany_v4(&ini->eaddr))
+	if (!inany_is_unspecified(&ini->oaddr))
+		tgt->eaddr = ini->oaddr;
+	else if (inany_v4(&ini->oaddr))
 		tgt->eaddr = inany_loopback4;
 	else
 		tgt->eaddr = inany_loopback6;
-- 
cgit v1.2.3