From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=DSnSmaOL;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTPS id 576475A004E
	for <passt-dev@passt.top>; Fri, 27 Feb 2026 14:37:04 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1772199423;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=lUhOqbVM2TuVzc+xDh5pEx80iiJz3belWMY0U6D8jNk=;
	b=DSnSmaOLD1txjdhFaW1MG7qWL2iENFKIthnn3RjHVaHz9Vkt5quENGBHdfUPP2hpL4WCVK
	g5DPTW9pwRw6jVntJOJ3yuIvXYwFp0O39PZb2QyeLhawJ/TUgWCxkeOWoUzk/SG/nDOtbm
	0KjOvaqF+GaFkBQCpO4tpRuxeClbHd0=
Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com
 [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-556-FRwWWoPgPpKjp-ux6heTYg-1; Fri, 27 Feb 2026 08:37:01 -0500
X-MC-Unique: FRwWWoPgPpKjp-ux6heTYg-1
X-Mimecast-MFC-AGG-ID: FRwWWoPgPpKjp-ux6heTYg_1772199420
Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-4836cf00787so30055775e9.1
        for <passt-dev@passt.top>; Fri, 27 Feb 2026 05:37:01 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772199420; x=1772804220;
        h=date:content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=SrHjLDfuHR8I1Q0y/1A7tiHSylxVYMAw36Io9/jn6n8=;
        b=F8v6hD6bDGmFQohOLXOTc3bawiBR3o4tnLUhvqXNq00phtvfZTGFmqrGRM4fzOADgn
         +Odx0p/0lTUQ2FEzIj4y3ddPj1mQNmSVv2HrgSX1EzzJ6GaIUZwvxwnD7TOGhjj6NVWT
         9QwXzdaVjky1bXksZCrvGiLMfjcF2DG6HuLdZj+X4YMVDhWfCeXZU2oqhqd+Ao1dGU4B
         ExcKjXpTwfD+XlvI99nCPMnZ1FS22N6+1fgdZ6l7ANNrJbk276lbZuNZO3oyG2o49pHP
         mbhUog8ziGKsbtk3SZ66Q3TwjBS/oeOYwMLjQ4nDk77EALj51lMyboLgltbFPRfCCh0e
         e35A==
X-Gm-Message-State: AOJu0Yzi1NsfZsNPsJ1stzQhjLTt2UyfxK8+5Tu4F2fwKNmf/XBIxCMI
	Icd8nk5OkHjHHTsWid0ZHzSjCTCbk0sksoQAtENnqumpFIFV5M/tlJurBqVn/DsDhb9UrxneFZt
	mKlAJlN/pwwrqnS+NbrEN1ExK4J3Ui+DcHY0ezVPZYn6tFKRYBAG2Tw==
X-Gm-Gg: ATEYQzyRzJMPtGqWcNZZDs90IqZcp9aDB6QBD0FIYGDzmeyCBN9wqjw3eWdSjykmDDO
	4GTFnFHmiD6Z7eLX6cdlcD2c2dtLfC24s9SoMGrgA8MZYcZc1EkuWhXpw3Uvz/EFS4NOtd5ny2Q
	yvoTP/qfKipkXizkgv9/ObRQdTF52ZOLmYDGhW9dKA6jX0jc6rUu1zKUuADomg3hLfZuBHxeRnB
	NMNBdwCXM9glWIuwQdPNnWPnzazziHBDV86vx63A5g3FEfFmv16jhrQEutjNLRG9mL+/t5lnXV9
	5Zm+Gso4lUnCajp9ndI9GvN+Jm7vZbRSBZMUIon0Idie2csIoS2XfH5RfJIfMw/Anh6aq7tdeui
	k6RpqfqE6WYywfr+9+yiQWTwlnKXg0aJC
X-Received: by 2002:a05:600c:4256:b0:483:6fe3:bb49 with SMTP id 5b1f17b1804b1-483c3192683mr70870875e9.0.1772199420324;
        Fri, 27 Feb 2026 05:37:00 -0800 (PST)
X-Received: by 2002:a05:600c:4256:b0:483:6fe3:bb49 with SMTP id 5b1f17b1804b1-483c3192683mr70870405e9.0.1772199419688;
        Fri, 27 Feb 2026 05:36:59 -0800 (PST)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-483c3b770e7sm116270595e9.9.2026.02.27.05.36.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 27 Feb 2026 05:36:59 -0800 (PST)
From: Stefano Brivio <sbrivio@redhat.com>
To: Peter Foley <pefoley@google.com>
Subject: Re: Support for equivalent to slirp guestfwd
Message-ID: <20260227143657.75194550@elisabeth>
In-Reply-To: <CAAAKUPOKFbB2yJr2oyJg2hm2a86wA_NKCHh2yhRL-i1wB=khkg@mail.gmail.com>
References: <CAAAKUPPEG3EpR5Kow8kb3Gmvjx=TcL+Jwh7vP+OXa5sMpRCdNA@mail.gmail.com>
	<20260226134736.7d5782bc@elisabeth>
	<CAAAKUPOKFbB2yJr2oyJg2hm2a86wA_NKCHh2yhRL-i1wB=khkg@mail.gmail.com>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Date: Fri, 27 Feb 2026 14:36:58 +0100 (CET)
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: BYn5hx9PfjWEEzRZY7x-hnBEuxm2HyIZQOt5L6Jx-ds_1772199420
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: SCX2XQPIY6XNVQ7BIIFTCQRIBN2B4HDN
X-Message-ID-Hash: SCX2XQPIY6XNVQ7BIIFTCQRIBN2B4HDN
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Felix Wu <flwu@google.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260227143657.75194550@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/SCX2XQPIY6XNVQ7BIIFTCQRIBN2B4HDN/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Thu, 26 Feb 2026 11:31:15 -0500
Peter Foley <pefoley@google.com> wrote:

> On Thu, Feb 26, 2026 at 7:47=E2=80=AFAM Stefano Brivio <sbrivio@redhat.co=
m> wrote:
>=20
> > ...there's ongoing effort to make this more flexible, by adding support
> > for generic NAT rules (https://bugs.passt.top/show_bug.cgi?id=3D140) so
> > that you can specifically map different ports and addresses to
> > specific ports and addresses. And do so dynamically, at runtime, too.
> >
> > We now have a rather generic "forwarding rules" table implementation,
> > even if not entirely complete:
> >
> > https://archives.passt.top/passt-dev/20260116005926.616085-1-david@gibs=
on.dropbear.id.au/
> >
> > and a very rudimentary draft of pesto(1), the client that would enable
> > configuring all that at runtime (I'm working on it these days):
> >
> > https://archives.passt.top/passt-dev/20260204234209.455262-1-sbrivio@re=
dhat.com/
> >
> > ...there's quite a bit left to do, and patches are warmly welcome.
>=20
> Alright, that's about what I expected.
>=20
> We currently heavily rely on stuff
> like guestfwd=3Dudp:[::]:1000-udp:[::1]:14418,
> where we want to redirect all outbound traffic from the guest to port 100=
0
> to a different dynamically allocated port where a server binary is
> listening on the host.

Hah, I see.

Somewhat curiously, that's the first time I see this kind of usage being
reported. I knew libslirp could do it but I wasn't aware of any
concrete usage.

> We don't need runtime configuration, just the ability to specify everythi=
ng
> statically when starting qemu.

That will come pretty much for free once we have generic code for the
runtime updates, I think.

> I can't promise anything, but I'll see if this is something other people =
on
> my team would have cycles to help out with.

Thanks!

--=20
Stefano