On Fri, Jul 19, 2024 at 09:20:27PM +0200, Stefano Brivio wrote: > On Thu, 18 Jul 2024 15:26:26 +1000 > David Gibson wrote: > > > This is the seventh draft of an implementation of more general > > "connection" tracking, as described at: > > https://pad.passt.top/p/NewForwardingModel > > > > This series changes the TCP connection table and hash table into a > > more general flow table that can track other protocols as well. Each > > flow uniformly keeps track of all the relevant addresses and ports, > > which will allow for more robust control of NAT and port forwarding. > > > > ICMP and UDP are converted to use the new flow table. > > > > This is based on the recent series of UDP flow table preliminaries. > > > > Caveats: > > * We roughly double the size of a connection/flow entry > > * We don't yet record the local address of flows initiated from a > > socket, even in cases where it's bound to a specific address. > > > > Changes since v7: > > * Rebase > > * Fix unintended regression in forwarding logic (we weren't applying > > map_gw logic to DNS packets, if they didn't hit explicit DNS > > forwarding rules). > > * Remove return value from pif_sockaddr(), in turned out not to be > > very useful. > > * More robust discarding of datagrams received between bind() and > > connect() on UDP reply sockets. > > * Avoid the name 'fside' for variables which was confusing in some > > contexts > > * Assorted minor changes based on feedback. > > Applied (!) 🎉 -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson