From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=C+tz167r; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTP id E65615A004E for ; Tue, 20 Aug 2024 21:56:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1724183787; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XwtKnvJcMNwc1NJ0Gfnr0zuAavdJE9LeXDF3ljI7v2o=; b=C+tz167rMqTKYwxuXEzDVm8Ip1jSsH6cUHiYKs7xE+uH+kOnzAQ5cFUvc6QWIDtJMIlXIb Ue0p5ieEbKo5xjr1i/ETtUR5hH6L76S7YqHaMhuRUxnoNv5z7Vi6MPcAw5Ra7ILlWiOfpb 0yjyE29JkuUz6W1TUZ6T/bMvoZmGqE8= Received: from mail-pl1-f197.google.com (mail-pl1-f197.google.com [209.85.214.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-689-oHQK_ms2M-WWGORHXrG_bQ-1; Tue, 20 Aug 2024 15:56:24 -0400 X-MC-Unique: oHQK_ms2M-WWGORHXrG_bQ-1 Received: by mail-pl1-f197.google.com with SMTP id d9443c01a7336-201ee593114so416835ad.1 for ; Tue, 20 Aug 2024 12:56:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724183783; x=1724788583; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=XwtKnvJcMNwc1NJ0Gfnr0zuAavdJE9LeXDF3ljI7v2o=; b=PdTROTQQgN2sSTfaJLIHi/wzdlfats+CukmaxwpbJgaGPdKZgMmIvB0xRGYIhQcf9E nU53OlM0bN9qGH1SPuP9Ql0zd+MaWt7QfRD84c5gsjWDBfkfLZqIBcqLsei4eNQCthQq JEmmZQ+gedgQHeDEHc8eGfcVAlW/pgNNkk6ShnJLn6KTT+a2jGq2B6uwbhDP4qSg+O4S RVlOjrC4Y9B5Oe70rVJwaNLhcVrRHCXaZdlhOkue6zfspaT6s21fbcfJ9SCRkVVq0v1r rhEsivlhDKUV5MG55MBojf9ZU+YMf01a0rKZkZWioN1URaEZ1xibSibJU4sYoiA15Web 57WA== X-Gm-Message-State: AOJu0YzxbMaYONtd4ercM82NhgIlAVc0QeHVMAHzd20GZry6U97jnJry cBhvqBsPUlctgyl6C3GFRltrCtPGlpH7ODs25YmYLI/sHJYSpLpYYpMl6rjIu1YMoP6dlPVgXh9 VjgtxezQHuW0p2wYwRGxKAaD5HB7C8jqr0SrlWkrPG4UpDiNsmQ== X-Received: by 2002:a17:902:db03:b0:202:4480:1d58 with SMTP id d9443c01a7336-20367afb322mr580595ad.12.1724183783429; Tue, 20 Aug 2024 12:56:23 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE1meQv/TFWTgg0jHmELcNV8Yp0yx0dlAzR8OL0N83BO6KXRNB0kJnuNriP4Q1xHr0KBqL0GQ== X-Received: by 2002:a17:902:db03:b0:202:4480:1d58 with SMTP id d9443c01a7336-20367afb322mr580335ad.12.1724183782920; Tue, 20 Aug 2024 12:56:22 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201f038df95sm80983765ad.227.2024.08.20.12.56.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Aug 2024 12:56:22 -0700 (PDT) Date: Tue, 20 Aug 2024 21:56:18 +0200 From: Stefano Brivio To: David Gibson Subject: Re: [PATCH 16/22] fwd: Helpers to clarify what host addresses aren't guest accessible Message-ID: <20240820215618.50ef1754@elisabeth> In-Reply-To: <20240816054004.1335006-17-david@gibson.dropbear.id.au> References: <20240816054004.1335006-1-david@gibson.dropbear.id.au> <20240816054004.1335006-17-david@gibson.dropbear.id.au> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.41; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: UTIN52YCYPLHFV7L7CV2XGMIWQ34ARGR X-Message-ID-Hash: UTIN52YCYPLHFV7L7CV2XGMIWQ34ARGR X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Paul Holzinger X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Fri, 16 Aug 2024 15:39:57 +1000 David Gibson wrote: > We usually avoid NAT, but in a few cases we need to apply address > translations. For inbound connections that happens for addresses which > make sense to the host but are either inaccessible, or mean a different > location from the guest's point of view. > > Add some helper functions to determine such addresses, and use them in > fwd_nat_from_host(). In doing so clarify some of the reasons for the > logic. We'll also have further use for these helpers in future. > > While we're there fix one unneccessary inconsistency between IPv4 and IPv6. > We always translated the guest's observed address, but for IPv4 we didn't > translate the guest's assigned address, whereas for IPv6 we did. Change > this to translate both in all cases for consistency. > > Signed-off-by: David Gibson > --- > fwd.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++------- > 1 file changed, 87 insertions(+), 11 deletions(-) > > diff --git a/fwd.c b/fwd.c > index 75dc0151..1baae338 100644 > --- a/fwd.c > +++ b/fwd.c > @@ -170,6 +170,85 @@ static bool is_dns_flow(uint8_t proto, const struct flowside *ini) > ((ini->oport == 53) || (ini->oport == 853)); > } > > +/** > + * fwd_guest_accessible4() - Is IPv4 address guest accessible Nit: I wonder if we should say "guest-accessible" in all these cases, it's a bit easier for me to decode, but not necessarily more correct. It's fine by me either way. -- Stefano