From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=fail reason="key not found in DNS" header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202312 header.b=opMKtIG+; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 48A795A0284 for ; Wed, 21 Aug 2024 06:20:37 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1724214023; bh=Rv5YotcN7skfKehM7qkK6pm5D5twAzX/XMBRdCrwqX4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=opMKtIG+0kdyuH7XADmQsrjbL0mZcgvJjqBAFYsGL3hdX/dbC7qE2fxCZ34srnQvx aah8ZvZoJiW4vJR6alri5USN3hsXBsvw79ehno0Qw7aYvlBVInSf39IeIvrUnvsw7E FmWH6+wSF1GGgn0Kz6vKLMx83quxsVnLw6mOou3c5Ok8BjIiC7qKff7nkORwwVXLPJ 63Fio9oVE7PKX/BCObLWqKhibem0KAiYz9GbWJgXA7mJXOccu5ujbUCZiE2I6ernkG rFyWL8JplZGAzKcA2PJNpqvefCfmqUpUCiB2DbYIdumz1u5EUM0kLVQRbcEUlsPi6Q 7cGvuRylnD5eQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4WpY5z33dZz4x8Y; Wed, 21 Aug 2024 14:20:23 +1000 (AEST) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH v2 22/23] fwd: Distinguish translatable from untranslatable addresses on inbound Date: Wed, 21 Aug 2024 14:20:18 +1000 Message-ID: <20240821042020.718422-23-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240821042020.718422-1-david@gibson.dropbear.id.au> References: <20240821042020.718422-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: GHOGOHPBJO46N6A7CWYZGJZ5C7T6QEPT X-Message-ID-Hash: GHOGOHPBJO46N6A7CWYZGJZ5C7T6QEPT X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Paul Holzinger , David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: fwd_nat_from_host() needs to adjust the source address for new flows coming from an address which is not accessible to the guest. Currently we always use our_tap_addr or our_tap_ll. However in cases where the address is accessible to the guest via translation (i.e. via --map-host-loopback) then it makes more sense to use that translation, rather than the fallback mapping of our_tap_*. Signed-off-by: David Gibson --- fwd.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fwd.c b/fwd.c index f99d2040..c55aea0b 100644 --- a/fwd.c +++ b/fwd.c @@ -386,7 +386,14 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto, return PIF_SPLICE; } - if (!fwd_guest_accessible(c, &ini->eaddr)) { + if (!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_host_loopback) && + inany_equals4(&ini->eaddr, &in4addr_loopback)) { + /* Specifically 127.0.0.1, not 127.0.0.0/8 */ + tgt->oaddr = inany_from_v4(c->ip4.map_host_loopback); + } else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback) && + inany_equals6(&ini->eaddr, &in6addr_loopback)) { + tgt->oaddr.a6 = c->ip6.map_host_loopback; + } else if (!fwd_guest_accessible(c, &ini->eaddr)) { if (inany_v4(&ini->eaddr)) { if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.our_tap_addr)) /* No source address we can use */ -- 2.46.0