From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id E29875A004E
	for <passt-dev@passt.top>; Thu, 27 Jun 2024 07:56:02 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1719467753;
	bh=cJLZofJLENMdqShZadIFz1adRWheLwX3AUpKO7y62qg=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=EN1GxGG02cq9hofArBcoAz+e6nDNQRgD6vWK5u/1nLHKUVrBMXNl11/zC1X4EtpcB
	 f2WgUpq2norP/o5ll05SDCgv3vEFRfiviSDaKLNvEjCZN6Dy1LPvauzIuerjRAtC3E
	 Y9jZ2Vxs3gcY4VteMtIJwYaHa9LRlgYcbfqyB0GAmWYmjpcMJCP5+y3YM+gGISeyjJ
	 GWEavJu/MJZJ2hKwXtAeCVTmJl0fsvIKU23GwoyqK97zPJTuWrZDoD0PMZI7ADnQQb
	 T80sGG12rH5xqgzc7P1szUtl7w6F7FZpA799pQ/3cCO5V9oO2qNzoE+/O4nTcF5XGS
	 ke41d4KqjEDog==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4W8nqY1CgNz4wcJ; Thu, 27 Jun 2024 15:55:53 +1000 (AEST)
Date: Thu, 27 Jun 2024 15:55:45 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v6 16/26] flow, tcp: Flow based NAT and port forwarding
 for TCP
Message-ID: <Znz-4bVcR_b8-ViI@zatzit>
References: <20240614061348.3814736-1-david@gibson.dropbear.id.au>
 <20240614061348.3814736-17-david@gibson.dropbear.id.au>
 <20240627004904.6694f634@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="juq9MlVQYFC1iDD6"
Content-Disposition: inline
In-Reply-To: <20240627004904.6694f634@elisabeth>
Message-ID-Hash: DWBDH2JU2EHKOMOV4LOZ33577CUSQQ6E
X-Message-ID-Hash: DWBDH2JU2EHKOMOV4LOZ33577CUSQQ6E
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, jmaloy@redhat.com
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Znz-4bVcR_b8-ViI@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/DWBDH2JU2EHKOMOV4LOZ33577CUSQQ6E/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--juq9MlVQYFC1iDD6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Jun 27, 2024 at 12:49:41AM +0200, Stefano Brivio wrote:
> On Fri, 14 Jun 2024 16:13:38 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > Currently the code to translate host side addresses and ports to guest =
side
> > addresses and ports, and vice versa, is scattered across the TCP code.
> > This includes both port redirection as controlled by the -t and -T opti=
ons,
> > and our special case NAT controlled by the --no-map-gw option.
> >=20
> > Gather this logic into fwd_nat_from_*() functions for each input
> > interface in fwd.c which take protocol and address information for the
> > initiating side and generates the pif and address information for the
> > forwarded side.  This performs any NAT or port forwarding needed.
> >=20
> > We create a flow_target() helper which applies those forwarding functio=
ns
> > as needed to automatically move a flow from INI to TGT state.
>=20
> Given that you already added flow_target() in another series, I didn't
> really review that part of this patch as I guess it will change.

Actually, I think this version is already on top of that, but the
commit message is a bit out of date.  The steps here are:

  1. Add flow_target() which takes an explicit target pif (already
     merged)
  2. Replace flow_target() with variants which also take explicit
     target addresses (patch #2 in this series)
  3. Replace flow_target_*() variants with plain flow_target() which
     automatically determines the target addresses based on the
     forwarding logic (this patch)

> The rest of the patches from 8/26 to 17/26 all look good to me: after
> all, changes from v5 look rather minimal for those.
>=20
> I didn't review patches starting from 18/26, as you mentioned they will
> change substantially.

18/26 itself is probably fine, but the ones after that are being more
or less entirely rewritten, yes.

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--juq9MlVQYFC1iDD6
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmZ8/uAACgkQzQJF27ox
2GcvOg//ROzswVdfXgnhUCIe5VcrQSiHIsNtD7IFQ/aGiyYnKMbgfxS+PJBbLDHK
K2odYyiXp7DybthyNea2c8LeqG+sdrSuHHWG6ql6cJECDAL5egWJKirxd9qDol8p
gUlUFOwg2zSqetrUI9L3vGcqItOuEY6k8FM/eZsCPSTVnxVfzTbz2D46oN435g0L
1cQZhX5GDCwAZzHIxC6zIP+NEIkVl19BG3eW7OX5gG375kcisPRZHolt7hKSn1Q9
ODdMax0yagTfwWys653dPq6CSEeh3NJpXIZe/JvNKKquzSIWwP5LVqn5FGcF14DR
HXnkJ48NJbI5owTpQBVPjr7/SnTEftX0Flt+zOcvFyA9PKIGG6wWiO91YUrHt6s4
k8GTxlXidKPjkz4R47W4TaPAXZRKincM1vt4u4VPPTuJjuotcStZsaMzCjeQCbhv
qJIUCwE1ErsKJV+kFg0zpRQJfU31fPrghzlJqBqGaNGbluVkrMRbed503CLqFXvM
hE+p5WN8A2BJ28lB/V/hWPI/mqL3Wp1Qy2N7pN5NTdFxW8SocPfHDyLB6wn8Eizd
Su94F3VanSgScsBGzzXEqVjlWYsB/6jJ54o1YKtXcrfPx+LICvAcOYmPEwoxXduk
C9ByIS/g7mwvFKKyy5FO28ZKb34SL95ZNMYDfbfYsSCwGKdVfvQ=
=S45k
-----END PGP SIGNATURE-----

--juq9MlVQYFC1iDD6--