From 86b273150a47c6f5783db865d1385675f5c4e5a6 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Mon, 26 Jul 2021 14:10:29 +0200
Subject: tcp, udp: Allow binding ports in init namespace to both tap and
 loopback

Traffic with loopback source address will be forwarded to the direct
loopback connection in the namespace, and the tap interface is used
for the rest.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 tcp.c | 55 +++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 37 insertions(+), 18 deletions(-)

(limited to 'tcp.c')

diff --git a/tcp.c b/tcp.c
index f783704..6ef573c 100644
--- a/tcp.c
+++ b/tcp.c
@@ -2095,7 +2095,8 @@ static int tcp_sock_init_ns(void *arg)
 				continue;
 
 			tref.index = port;
-			sock_l4(c, AF_INET, IPPROTO_TCP, port, 1, tref.u32);
+			sock_l4(c, AF_INET, IPPROTO_TCP, port, BIND_LOOPBACK,
+				tref.u32);
 		}
 	}
 
@@ -2106,7 +2107,8 @@ static int tcp_sock_init_ns(void *arg)
 				continue;
 
 			tref.index = port;
-			sock_l4(c, AF_INET6, IPPROTO_TCP, port, 1, tref.u32);
+			sock_l4(c, AF_INET6, IPPROTO_TCP, port, BIND_LOOPBACK,
+				tref.u32);
 		}
 	}
 
@@ -2123,6 +2125,7 @@ int tcp_sock_init(struct ctx *c)
 {
 	union tcp_epoll_ref tref = { .listen = 1 };
 	char ns_fn_stack[NS_FN_STACK_SIZE];
+	enum bind_type tap_bind;
 	in_port_t port;
 
 	getrandom(&c->tcp.hash_secret, sizeof(c->tcp.hash_secret), GRND_RANDOM);
@@ -2130,33 +2133,49 @@ int tcp_sock_init(struct ctx *c)
 	if (c->v4) {
 		tref.v6 = 0;
 		for (port = 0; port < USHRT_MAX; port++) {
-			if (bitmap_isset(c->tcp.port4_to_ns, port))
+			tref.index = port;
+
+			if (bitmap_isset(c->tcp.port4_to_ns, port)) {
 				tref.splice = 1;
-			else if (bitmap_isset(c->tcp.port4_to_tap, port))
-				tref.splice = 0;
-			else
-				continue;
+				sock_l4(c, AF_INET, IPPROTO_TCP, port,
+					BIND_LOOPBACK, tref.u32);
+				tap_bind = BIND_EXT;
+			} else {
+				tap_bind = BIND_ANY;
+			}
 
-			tref.index = port;
-			sock_l4(c, AF_INET, IPPROTO_TCP, port, tref.splice,
-				tref.u32);
+			if (bitmap_isset(c->tcp.port4_to_tap, port)) {
+				tref.splice = 0;
+				sock_l4(c, AF_INET, IPPROTO_TCP, port,
+					tap_bind, tref.u32);
+			}
 		}
+
+		tcp_sock4_iov_init();
 	}
 
 	if (c->v6) {
 		tref.v6 = 1;
 		for (port = 0; port < USHRT_MAX; port++) {
-			if (bitmap_isset(c->tcp.port6_to_ns, port))
+			tref.index = port;
+
+			if (bitmap_isset(c->tcp.port6_to_ns, port)) {
 				tref.splice = 1;
-			else if (bitmap_isset(c->tcp.port6_to_tap, port))
-				tref.splice = 0;
-			else
-				continue;
+				sock_l4(c, AF_INET6, IPPROTO_TCP, port,
+					BIND_LOOPBACK, tref.u32);
+				tap_bind = BIND_EXT;
+			} else {
+				tap_bind = BIND_ANY;
+			}
 
-			tref.index = port;
-			sock_l4(c, AF_INET6, IPPROTO_TCP, port, tref.splice,
-				tref.u32);
+			if (bitmap_isset(c->tcp.port6_to_tap, port)) {
+				tref.splice = 0;
+				sock_l4(c, AF_INET6, IPPROTO_TCP, port,
+					tap_bind, tref.u32);
+			}
 		}
+
+		tcp_sock6_iov_init();
 	}
 
 	if (c->mode == MODE_PASTA) {
-- 
cgit v1.2.3