From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 9E50B5A0271 for ; Mon, 1 May 2023 13:08:13 +0200 (CEST) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4Q90n05lH1z4x4B; Mon, 1 May 2023 21:08:04 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1682939284; bh=GhVkzeM9o6dm6CR/SK6C/oxYc+j2vf8migCPGuQOjk4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=G1p78wlGEwksRAmpaQle2l5ph4rqgeBQLQzcZHukv/6cerIGJ+ae50kqh1GEjxtBd Z3BMxu5Vs0paPJWye6JSqaUn7SZSEhSF2ADpRJslmj5M17B3NTRTZYhGpuvXw4X0y3 Lhn+xnQGDcHFB10zUXBzXJrd0FlMh1OwWOqiE7Tc= From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH 5/7] nat: Centralise handling of gateway versus link-local address for host NAT Date: Mon, 1 May 2023 21:07:00 +1000 Message-Id: <20230501110702.3915529-6-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230501110702.3915529-1-david@gibson.dropbear.id.au> References: <20230501110702.3915529-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: RFLZLCKZME25J25GAYUQGKJQ5B5ABYKF X-Message-ID-Hash: RFLZLCKZME25J25GAYUQGKJQ5B5ABYKF X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: For inbound packets address to host's ::1 we rewrite the source address to be the @nattohost address. Unless the @nattohost address is not link local, in which case we use the host's link-local address instead. Confusingly we don't mirror this logic for outbound packets. We rewrite the destination for packets bound to @nattohost into ::1, but we don't alter packets bound for the host's link-local address. This will probably still work in most cases, since the host's link-local address will still go to the host, but it's a weird assymetry. Remove the assymetry and simplify the code, by always using the @nattohost address alone, but instead setting the @nattohost address to the host link-local address rather than the gateway if the gateway isn't a link-local address. Signed-off-by: David Gibson --- conf.c | 8 ++++++-- tcp.c | 5 +---- udp.c | 5 +---- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/conf.c b/conf.c index dd8a835..45f49eb 100644 --- a/conf.c +++ b/conf.c @@ -737,8 +737,12 @@ static unsigned int conf_ip6(unsigned int ifi, struct ip6_ctx *ip6, if (MAC_IS_ZERO(mac)) nl_link(0, ifi, mac, 0, 0); - if (gwnat && IN6_IS_ADDR_UNSPECIFIED(&ip6->nattohost)) - ip6->nattohost = ip6->router; + if (gwnat && IN6_IS_ADDR_UNSPECIFIED(&ip6->nattohost)) { + if (IN6_IS_ADDR_LINKLOCAL(&ip6->router)) + ip6->nattohost = ip6->router; + else + ip6->nattohost = ip6->addr_ll; + } if (IN6_IS_ADDR_UNSPECIFIED(&ip6->router) || IN6_IS_ADDR_UNSPECIFIED(&ip6->addr) || diff --git a/tcp.c b/tcp.c index aa65d6e..d91e786 100644 --- a/tcp.c +++ b/tcp.c @@ -2718,10 +2718,7 @@ static void tcp_snat_inbound(const struct ctx *c, union inany_addr *addr) if (IN6_IS_ADDR_LOOPBACK(addr6) || IN6_ARE_ADDR_EQUAL(addr6, &c->ip6.addr_seen) || IN6_ARE_ADDR_EQUAL(addr6, &c->ip6.addr)) { - if (IN6_IS_ADDR_LINKLOCAL(&c->ip6.nattohost)) - *addr6 = c->ip6.nattohost; - else - *addr6 = c->ip6.addr_ll; + *addr6 = c->ip6.nattohost; } } } diff --git a/udp.c b/udp.c index 6234a8d..6cd2813 100644 --- a/udp.c +++ b/udp.c @@ -662,10 +662,7 @@ static size_t udp_update_hdr6(const struct ctx *c, int n, in_port_t dstport, bitmap_set(udp_act[V6][UDP_ACT_TAP], src_port); - if (IN6_IS_ADDR_LINKLOCAL(&c->ip6.nattohost)) - src = &c->ip6.nattohost; - else - src = &c->ip6.addr_ll; + src = &c->ip6.nattohost; } b->ip6h.saddr = *src; -- 2.40.1