From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=fail reason="key not found in DNS" header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202312 header.b=TCKCKESu; dkim-atps=neutral Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id BAE5F5A028F for ; Fri, 16 Aug 2024 07:40:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1723786807; bh=sXyZzGKomiHi4aVN09nety82G+Ld3Z0nopuDew+eku4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=TCKCKESulWEnm+VecPyRmuJnjvDtb89/FU81JtYogFUV5rqaDne7HjaeFmmOyjF7g +k2Mtxtxm0BY/I8UqtfCIEeD3b9w1clXOPN74ttIox9cN6NVdJB3XPiGay7qL9m3YO qdQ7fghwxFY5lvB7I2Cxuyc9jn6KueASttAwa2hnHJ4f7AYkSnD5TvEov5TWX99Veg e37HDGDxI3NGAFCxE73xiqzgn8hJyHQ/NsAE+En9syHUtu/DFE6oCeJcd/Bmg9bFSa xpDAg+W9sU2mthwV/7qDTcTLaAWVV3j8vCtqArCwbXgpYJnVAyv7jLDkRBs2f6K3Dj NsayY41WXCKfQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4WlW6H1St9z4x86; Fri, 16 Aug 2024 15:40:07 +1000 (AEST) From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH 21/22] fwd: Distinguish translatable from untranslatable addresses on inbound Date: Fri, 16 Aug 2024 15:40:02 +1000 Message-ID: <20240816054004.1335006-22-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240816054004.1335006-1-david@gibson.dropbear.id.au> References: <20240816054004.1335006-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: BXJT3GL2GJUWCN5RANKEXGHZD6WMPXNK X-Message-ID-Hash: BXJT3GL2GJUWCN5RANKEXGHZD6WMPXNK X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Paul Holzinger , David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: fwd_nat_from_host() needs to adjust the source address for new flows coming from an address which is not accessible to the guest. Currently we always use our_tap_addr or our_tap_ll. However in cases where the address is accessible to the guest via translation (i.e. via --nat-host-loopback) then it makes more sense to use that translation, rather than the fallback mapping of our_tap_*. Signed-off-by: David Gibson --- fwd.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fwd.c b/fwd.c index 779278a9..7718f7e2 100644 --- a/fwd.c +++ b/fwd.c @@ -386,7 +386,14 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto, return PIF_SPLICE; } - if (!fwd_guest_accessible(c, &ini->eaddr)) { + if (!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.nat_host_loopback) && + inany_equals4(&ini->eaddr, &in4addr_loopback)) { + /* Specifically 127.0.0.1, not 127.0.0.0/8 */ + tgt->oaddr = inany_from_v4(c->ip4.nat_host_loopback); + } else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.nat_host_loopback) && + inany_equals6(&ini->eaddr, &in6addr_loopback)) { + tgt->oaddr.a6 = c->ip6.nat_host_loopback; + } else if (!fwd_guest_accessible(c, &ini->eaddr)) { if (inany_v4(&ini->eaddr)) { if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.our_tap_addr)) /* No source address we can use */ -- 2.46.0