From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=fail reason="key not found in DNS" header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202312 header.b=Armdnkvk;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 034CC5A004E
	for <passt-dev@passt.top>; Wed, 21 Aug 2024 04:51:14 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202312; t=1724208670;
	bh=hxCZM62gRH9dffiDiUbgfMd7gp/sCnYHQN7elFJYHMQ=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=ArmdnkvkGtjm2uHCp3wsvMyZcRSMOFh3w5ZDwi0hhbc1lkdV6bAL/RHGuhz/diJE4
	 MkE/3z21QsLKEhHGANkql2tN0mcJwrBUbTvRYBF52te2N0qRiNZlf1r/8tP/4BGIBS
	 XpMxXSHMNvBv+DiXWZ0YV6rxp2lmKZatQV9OgAsWJRUR0lcgYs9Ya6z5MtF+TU7TVb
	 Sf5puL6ggDKSHjBjzNiHRaGUAFfw9mLwbIcWEQc1aqE58Jd0NDtud1OJUr55SCGEaL
	 farMvGsmGOulcUvLEHErwZSeXWikSU44EXiWXya2Phc//aU/jV/4eWWYFOiItyOoo5
	 9j7V66NrBh4iA==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4WpW720v1Nz4x8B; Wed, 21 Aug 2024 12:51:10 +1000 (AEST)
Date: Wed, 21 Aug 2024 11:40:53 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH 16/22] fwd: Helpers to clarify what host addresses aren't
 guest accessible
Message-ID: <ZsVFpR8D3Xian0JA@zatzit.fritz.box>
References: <20240816054004.1335006-1-david@gibson.dropbear.id.au>
 <20240816054004.1335006-17-david@gibson.dropbear.id.au>
 <20240820215618.50ef1754@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="iy4J/EEeRb//BdHj"
Content-Disposition: inline
In-Reply-To: <20240820215618.50ef1754@elisabeth>
Message-ID-Hash: MJBRTJ6YMM7375RFHJSN57TXX73EZQ32
X-Message-ID-Hash: MJBRTJ6YMM7375RFHJSN57TXX73EZQ32
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, Paul Holzinger <pholzing@redhat.com>
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ZsVFpR8D3Xian0JA@zatzit.fritz.box/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/MJBRTJ6YMM7375RFHJSN57TXX73EZQ32/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--iy4J/EEeRb//BdHj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 20, 2024 at 09:56:18PM +0200, Stefano Brivio wrote:
> On Fri, 16 Aug 2024 15:39:57 +1000
> David Gibson <david@gibson.dropbear.id.au> wrote:
>=20
> > We usually avoid NAT, but in a few cases we need to apply address
> > translations.  For inbound connections that happens for addresses which
> > make sense to the host but are either inaccessible, or mean a different
> > location from the guest's point of view.
> >=20
> > Add some helper functions to determine such addresses, and use them in
> > fwd_nat_from_host().  In doing so clarify some of the reasons for the
> > logic.  We'll also have further use for these helpers in future.
> >=20
> > While we're there fix one unneccessary inconsistency between IPv4 and I=
Pv6.
> > We always translated the guest's observed address, but for IPv4 we didn=
't
> > translate the guest's assigned address, whereas for IPv6 we did.  Change
> > this to translate both in all cases for consistency.
> >=20
> > Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> > ---
> >  fwd.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------
> >  1 file changed, 87 insertions(+), 11 deletions(-)
> >=20
> > diff --git a/fwd.c b/fwd.c
> > index 75dc0151..1baae338 100644
> > --- a/fwd.c
> > +++ b/fwd.c
> > @@ -170,6 +170,85 @@ static bool is_dns_flow(uint8_t proto, const struc=
t flowside *ini)
> >  		((ini->oport =3D=3D 53) || (ini->oport =3D=3D 853));
> >  }
> > =20
> > +/**
> > + * fwd_guest_accessible4() - Is IPv4 address guest accessible
>=20
> Nit: I wonder if we should say "guest-accessible" in all these cases,
> it's a bit easier for me to decode, but not necessarily more correct.
> It's fine by me either way.

Just adding the hyphen?  Sure, done.

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--iy4J/EEeRb//BdHj
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmbFRaUACgkQzQJF27ox
2Gd5bQ/+Lc7Oqpf72Kovi2bioeRYKRUTLiekIMbtBJR35H9re3ZoaWUtsZDBhY9E
MmctIZIZ49qRP52fRP5SmcKaPaQPoPyvWEbXdShp3T4pjG1FOqT1EWjuadu9w82j
sandBSIMfgUYYqcvlIF/XinINvUl+dWbeK6K/8RAYvETx5iGRxBmPs9TUYwqQ30B
zKGPNY0CxxIuXocaVrp9Ykg4wKzvXMZzn69+bA3By7iS1HRDZMPmlbqOXEfNtghB
6xv5tIXARK0M8A2gdL1VeghROgBkqugkqskx+VZ5mEqKf5HWF+gUelU2vW4kSDb4
YkUoOP1wjC57BKNJI9L/lfmDm4+TlYMjE9XWLVzp/qNAHT4pzw+7YnaZYfv3ahU7
Dtv9J70j8h2p4SRDk+ZRih8F+yQCjYn3abUSsR4B47MPcYchXODWtVz0OdZQcLdW
R5x3/ayTKSuiFBnA0YxMlhxDNQLjWSxQWcYLB6hj7ErGTgsNI2i92aX9IZGyZUwg
hqL2b4veReixDX+0zKhUViUv7l7c20gHKk21o23PD1znwCqKchvnKwB+Y0/xGl5D
oYecCI08ti5UhpfFYlRIf1g7GGugFto+ocgeBGk5zmhRgQH2WR8YunFGL43rAAeK
pf3tn/xJK/71OgkOaQJE+7BwgI44u9Zvx2N2mGuzuR3ynaU9Q9k=
=mlsB
-----END PGP SIGNATURE-----

--iy4J/EEeRb//BdHj--