From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 146785A0283 for ; Wed, 17 May 2023 07:05:35 +0200 (CEST) Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4QLgzH2TwYz4x4J; Wed, 17 May 2023 15:05:31 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1684299931; bh=uaesZYHqQQt8EZBD8OZ1vXRszV9aWdUEVhpGTfAFNbg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fB4TzZzpQqLiR6onMxpJBe2yyR3NS1Y9Q0QIXVFOUOZs4foh8fQS1A/mqDNN73B/8 Yguvr/GuugAouU9BT0TsjBjDIBr3zbGhhAirUalubhb/QsNS8sDlTcJOjsajMC89wQ Nmv+xJ/jEirMO4ub89gWSHrsvu3aYgsOUyQdIbD4= From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH 3/5] udp: Implement IPv6 PORT_GUA logic for IPv4 as well Date: Wed, 17 May 2023 15:05:27 +1000 Message-Id: <20230517050529.3505590-4-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230517050529.3505590-1-david@gibson.dropbear.id.au> References: <20230517050529.3505590-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: EPKXAECBCE54BWX3CPXZIIE75M7AOQAA X-Message-ID-Hash: EPKXAECBCE54BWX3CPXZIIE75M7AOQAA X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: For IPv6 UDP, the PORT_GUA flag is set for a port when we get a "connection" from ip6.addr, that is from the host's global address. An exactly analogous situation is possible for IPv4, but we don't handle it the same way. In practice it will only show up if addr_seen is different from addr, which is unusual. Nonetheless we should handle this the same way for IPv4 and IPv6. Signed-off-by: David Gibson --- udp.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/udp.c b/udp.c index d7e1020..950d5a9 100644 --- a/udp.c +++ b/udp.c @@ -596,7 +596,8 @@ static size_t udp_update_hdr4(const struct ctx *c, int n, in_port_t dstport, IN4_ARE_ADDR_EQUAL(src, &c->ip4.dns_host) && src_port == 53) { b->iph.saddr = c->ip4.dns_match.s_addr; } else if (IN4_IS_ADDR_LOOPBACK(src) || - IN4_ARE_ADDR_EQUAL(src, &c->ip4.addr_seen)) { + IN4_ARE_ADDR_EQUAL(src, &c->ip4.addr_seen) || + IN4_ARE_ADDR_EQUAL(src, &c->ip4.addr)) { b->iph.saddr = c->ip4.gw.s_addr; udp_tap_map[V4][src_port].ts = now->tv_sec; udp_tap_map[V4][src_port].flags |= PORT_LOCAL; @@ -606,6 +607,11 @@ static size_t udp_update_hdr4(const struct ctx *c, int n, in_port_t dstport, else udp_tap_map[V4][src_port].flags &= ~PORT_LOOPBACK; + if (IN4_ARE_ADDR_EQUAL(src, &c->ip4.addr)) + udp_tap_map[V4][src_port].flags |= PORT_GUA; + else + udp_tap_map[V4][src_port].flags &= ~PORT_GUA; + bitmap_set(udp_act[V4][UDP_ACT_TAP], src_port); } else { b->iph.saddr = src->s_addr; @@ -852,6 +858,8 @@ int udp_tap_handler(struct ctx *c, int af, const void *addr, if (!(udp_tap_map[V4][dst].flags & PORT_LOCAL) || (udp_tap_map[V4][dst].flags & PORT_LOOPBACK)) s_in.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + else if (udp_tap_map[V4][dst].flags & PORT_GUA) + s_in.sin_addr = c->ip4.addr; else s_in.sin_addr = c->ip4.addr_seen; } -- 2.40.1