From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202606 header.b=bjMH8/UN; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 24F485A0275 for ; Wed, 01 Jul 2026 09:08:23 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202606; t=1782889694; bh=I0JJETmXGCu8gOmkxQVJSwk8DQsDV2UNwAudKAjpoyM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bjMH8/UNR5REHFZCCjHi0dYLSgPWbzytLmcPslnvRTHsbUD7L6pdhrIXWWfywZip+ 057q1E6zOYvH85iVuOnE/EvlXPf6X9d3KKlwcnPdKHsc81tEdCCGcGF2VMLATm9QoG SptgkmE87R7HEqoJCYVTD7ILOZJPtfhlwZ0sc+bBpix4giaBgk6ysErLWZUpm4Nbr8 8yy2red+eq8MB5pws878J0cVDZA72jngnkG0v9zIjm12V5qXedbaJhY7IFZ1dTNoLU qv61TzqgyAVT9mMDqw3iXiQ9KfMMxnGT/5+Fs0kZuy0Z3zCzMzTGIhd5o7TTwuXY/L s07skIIHk9ztQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4gqrhG4z5nz58dl; Wed, 01 Jul 2026 17:08:14 +1000 (AEST) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH 3/3] fwd, fwd_rule: Implement configurable target address mapping Date: Wed, 1 Jul 2026 17:08:11 +1000 Message-ID: <20260701070811.1944139-4-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260701070811.1944139-1-david@gibson.dropbear.id.au> References: <20260701070811.1944139-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: OMC6IWZZNK5VS7YBLRUQAF5NK6RZPOVD X-Message-ID-Hash: OMC6IWZZNK5VS7YBLRUQAF5NK6RZPOVD X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Stefano Brivio Add a 'taddr' field to forwarding rules, which controls the destination address on the target side. Since changing the structure alters the pesto update protocol, bump the protocol version number Signed-off-by: Stefano Brivio [dwg: Split from option parsing code, added protocol version bump, explicitly exclude splicing with target address for now] Signed-off-by: David Gibson --- fwd.c | 8 ++++++-- fwd_rule.c | 9 +-------- fwd_rule.h | 2 ++ pesto.h | 6 +++++- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/fwd.c b/fwd.c index 659f8d9f..84400948 100644 --- a/fwd.c +++ b/fwd.c @@ -1023,7 +1023,9 @@ uint8_t fwd_nat_from_host(const struct ctx *c, /* Common for spliced and non-spliced cases */ tgt->eport = rule->to + (ini->oport - rule->first); - if (!c->no_splice && inany_is_loopback(&ini->eaddr) && + /* TODO: Allow splicing with specified target address */ + if (!c->no_splice && inany_is_unspecified(&rule->taddr) && + inany_is_loopback(&ini->eaddr) && (proto == IPPROTO_TCP || proto == IPPROTO_UDP)) { /* spliceable */ @@ -1072,7 +1074,9 @@ uint8_t fwd_nat_from_host(const struct ctx *c, } tgt->oport = ini->eport; - if (inany_v4(&tgt->oaddr)) { + if (!inany_is_unspecified(&rule->taddr)) { + tgt->eaddr = rule->taddr; + } else if (inany_v4(&tgt->oaddr)) { tgt->eaddr = inany_from_v4(c->ip4.addr_seen); } else { if (inany_is_linklocal6(&tgt->oaddr)) diff --git a/fwd_rule.c b/fwd_rule.c index e8abc884..494d3fc3 100644 --- a/fwd_rule.c +++ b/fwd_rule.c @@ -393,6 +393,7 @@ static void fwd_rule_range_except(struct fwd_table *fwd, bool del, { struct fwd_rule rule = { .addr = addr ? *addr : inany_any6, + .taddr = tgt_addr ? *tgt_addr : inany_any6, .ifname = { 0 }, .proto = proto, .flags = flags, @@ -401,14 +402,6 @@ static void fwd_rule_range_except(struct fwd_table *fwd, bool del, unsigned delta = tgt_first - first; unsigned base, i; - if (tgt_addr && !inany_is_unspecified(tgt_addr)) { - char astr[INANY_ADDRSTRLEN]; - - info("Target address: %s", - inany_ntop(tgt_addr, astr, sizeof(astr))); - die("Target address remapping not yet implemented"); - } - if (!addr) rule.flags |= FWD_DUAL_STACK_ANY; if (ifname) { diff --git a/fwd_rule.h b/fwd_rule.h index 435be5bd..c782f9d4 100644 --- a/fwd_rule.h +++ b/fwd_rule.h @@ -33,6 +33,7 @@ /** * struct fwd_rule - Forwarding rule governing a range of ports * @addr: Address to forward from + * @taddr: Target side destination address * @ifname: Interface to forward from * @first: First port number to forward * @last: Last port number to forward @@ -45,6 +46,7 @@ */ struct fwd_rule { union inany_addr addr; + union inany_addr taddr; char ifname[IFNAMSIZ]; in_port_t first; in_port_t last; diff --git a/pesto.h b/pesto.h index 980cc17d..8db701b4 100644 --- a/pesto.h +++ b/pesto.h @@ -15,7 +15,11 @@ #define PESTO_SERVER_MAGIC "basil:s" /* Version 0 is reserved for unreleased / unsupported experimental versions */ -#define PESTO_PROTOCOL_VERSION 1 +/* Version 1 had no target address field in struct fwd_rule. It was released, + * but was little enough used that we decided not to implement backwards + * compatiblity code (i.e. a v2 pesto will not work with a v1 pasta) + */ +#define PESTO_PROTOCOL_VERSION 2 /* Maximum size of a pif name, including \0 */ #define PIF_NAME_SIZE (128) -- 2.54.0