On Tue, Aug 20, 2024 at 09:56:18PM +0200, Stefano Brivio wrote: > On Fri, 16 Aug 2024 15:39:57 +1000 > David Gibson wrote: > > > We usually avoid NAT, but in a few cases we need to apply address > > translations. For inbound connections that happens for addresses which > > make sense to the host but are either inaccessible, or mean a different > > location from the guest's point of view. > > > > Add some helper functions to determine such addresses, and use them in > > fwd_nat_from_host(). In doing so clarify some of the reasons for the > > logic. We'll also have further use for these helpers in future. > > > > While we're there fix one unneccessary inconsistency between IPv4 and IPv6. > > We always translated the guest's observed address, but for IPv4 we didn't > > translate the guest's assigned address, whereas for IPv6 we did. Change > > this to translate both in all cases for consistency. > > > > Signed-off-by: David Gibson > > --- > > fwd.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++------- > > 1 file changed, 87 insertions(+), 11 deletions(-) > > > > diff --git a/fwd.c b/fwd.c > > index 75dc0151..1baae338 100644 > > --- a/fwd.c > > +++ b/fwd.c > > @@ -170,6 +170,85 @@ static bool is_dns_flow(uint8_t proto, const struct flowside *ini) > > ((ini->oport == 53) || (ini->oport == 853)); > > } > > > > +/** > > + * fwd_guest_accessible4() - Is IPv4 address guest accessible > > Nit: I wonder if we should say "guest-accessible" in all these cases, > it's a bit easier for me to decode, but not necessarily more correct. > It's fine by me either way. Just adding the hyphen? Sure, done. -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson