From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=dwMzot7q;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTPS id F3BB05A026F
	for <passt-user@passt.top>; Fri, 25 Apr 2025 09:26:27 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1745565986;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=8PitWfZ8WPrvisZVs7FOkxP7Fj+ic0KTKtSEPYu3qPA=;
	b=dwMzot7queaXqj29rpBI7CWgGlasGbLaZ053VMXzVNdLr/kf8THdUuL/cyAZjuMitD2snp
	zqNce3NJuelGv0e3CqPrV7h/MAA7oj+82Mvfwu8PBWTfKdrt+yE7G33d178ByOOH6pVxdC
	4uUGPtO6KFIJVZSOI880CZR+an+f9lU=
Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com
 [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-534-Gq1aorwQOFCaExFLuYVZpg-1; Fri, 25 Apr 2025 03:26:23 -0400
X-MC-Unique: Gq1aorwQOFCaExFLuYVZpg-1
X-Mimecast-MFC-AGG-ID: Gq1aorwQOFCaExFLuYVZpg_1745565983
Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-39134c762ebso683563f8f.0
        for <passt-user@passt.top>; Fri, 25 Apr 2025 00:26:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1745565982; x=1746170782;
        h=content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=8PitWfZ8WPrvisZVs7FOkxP7Fj+ic0KTKtSEPYu3qPA=;
        b=YiUxs7wZ/PdXxtekelzNNPUruz16oE3JNBelG3aManRVLFPjKMBddY/1P3/oyIEGzy
         XCmRtMzkSFCSLohCQVO4N7KzhE1vL6zIKwFfPC8Sm50JG2V11P5G0o/GKulaP2ZmQKT/
         agoygEwrnUW/h5OMkvC/ke5wmieJiD3wf6ZhAWde0chgakMoLExjviM1n6m0UBq8sBnD
         D51ZsS7zShsuYAhMf6PAmAnp5i38Ag77MzVVf9p8vJA/RTShvuVtc+fGtPqRJm41Ialn
         48VbPoAmIkCujKLCqcuZIz1ZuKKh4qqDzNdXTvp4myO5C51hyKCLg+BVrIfA4IwdsjGK
         PuCg==
X-Gm-Message-State: AOJu0YyWVoxtFDeNvWIt2+S/DctcNBQ8CCxONWl0KgEBzRksAL6EwCJZ
	hbyoZgEWYLR6Fxu/ZANblvD5dhQKNEHD8NgeD/IkqDtyUkZNQue5R03cTtQQfdIbHZMVSfoRMYv
	eR7lGISAIwfvSzaB2LxU5V8A1Ynb7XI5CZd2cLsJZKt0L1B9DDnxvEsvb6zU=
X-Gm-Gg: ASbGncu8tWc8J4wi2IfDUbaNORi8Em9IsyDNd7QdKMucl1bq71epJQk1eAICUNwcdmI
	BqZsN0SzUQqTuv1gHkv6TeR26fPH2sk73CNVd3/wFoG7lhBIb/K6GOgStLQm4RvI8HqgViDyKrm
	pFA05KYvLEEONLmSNJgHaPSfW2+Ge6JCgun/nTt6bjUTRODfuE2lETSSWWIdRXwX6rKwzUF3DR9
	asaQ+JZUXBg3xjDKmQVZh/8Cyba9B/lnKPAiGzcaHauVFo7qOmymWVuBFY1oBscYeupLxr8WHoL
	2w42QkNy+pX8tqH+KPoVClWRncG/yHv2Rio9GdJZ
X-Received: by 2002:a5d:47c9:0:b0:391:ab2:9e71 with SMTP id ffacd0b85a97d-3a074e1de5dmr932805f8f.20.1745565982332;
        Fri, 25 Apr 2025 00:26:22 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHa+rGo3+aUNjBOTfhPXoFSreqFXeZFPo/KMuoQscdGAgtO27Noz6Y0FJ78qHKtpeyM0z71IA==
X-Received: by 2002:a5d:47c9:0:b0:391:ab2:9e71 with SMTP id ffacd0b85a97d-3a074e1de5dmr932781f8f.20.1745565981923;
        Fri, 25 Apr 2025 00:26:21 -0700 (PDT)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a073ca435dsm1500163f8f.21.2025.04.25.00.26.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 25 Apr 2025 00:26:21 -0700 (PDT)
Date: Fri, 25 Apr 2025 09:26:20 +0200
From: Stefano Brivio <sbrivio@redhat.com>
To: "Ben Woods" <pasta@ben.woods.am>
Subject: Re: pasta behaviour with multiple NICs
Message-ID: <20250425092620.074e2cce@elisabeth>
In-Reply-To: <38893f85-ca3d-4e1e-929d-236df89ab9f6@app.fastmail.com>
References: <38893f85-ca3d-4e1e-929d-236df89ab9f6@app.fastmail.com>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: S8dA2sy5gypSIpznspr101Lsht7Ss5KERvENlASCZy4_1745565983
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: G36ZKERHK3ULWNO2MHHUMSFS4Z33ZDCH
X-Message-ID-Hash: G36ZKERHK3ULWNO2MHHUMSFS4Z33ZDCH
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-user@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: "For passt users: support, questions and answers" <passt-user.passt.top>
Archived-At: <https://archives.passt.top/passt-user/20250425092620.074e2cce@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-user@passt.top/message/G36ZKERHK3ULWNO2MHHUMSFS4Z33ZDCH/>
List-Archive: <https://archives.passt.top/passt-user/>
List-Archive: <https://passt.top/hyperkitty/list/passt-user@passt.top/>
List-Help: <mailto:passt-user-request@passt.top?subject=help>
List-Owner: <mailto:passt-user-owner@passt.top>
List-Post: <mailto:passt-user@passt.top>
List-Subscribe: <mailto:passt-user-join@passt.top>
List-Unsubscribe: <mailto:passt-user-leave@passt.top>

Hi Ben,

On Fri, 25 Apr 2025 14:54:18 +0800
"Ben Woods" <pasta@ben.woods.am> wrote:

> Hi everyone,
> 
> I'm struggling to understand how pasta will behave when the host has
> multiple network interfaces. I can't see this mentioned in the
> website or man page.

Right, yeah, it's not really mentioned anywhere, sorry for that, and
thanks for your question.

> I'm using pasta with podman if that makes a difference.

It shouldn't make a difference.

> Example Scenario - 2 interfaces - eth0 (with default route) and eth1
> in a different subnet.
> 
> When the podman container is created, inside the container there is a
> single interface shown that mimics the eth0 interface name, IP,
> gateway.
> 
> If traffic is initiated from the container to an IP within the eth1
> subnet - how does pasta make it appear to come from the eth1 IP
> address? Does it automatically apply NAT to achieve this?

The operating system (unfortunately it's Linux only, so far) takes care
of all that, pasta has no idea: it just opens a socket and connect()s
it to the destination address (that might be bind() _and_ connect(), for
UDP). The kernel then decides based on routing rules and tables.

But yes, this typically results in NAT, at least with the default
source address selection Linux does.

In other words: it's as if your container and everything inside it
behaved like a local process, network-wise, as seen from outside.

Given that pasta isn't in charge of network (or even transport) headers
"outside", it doesn't really "do NAT", but, with default options and a
matching upstream interface, it avoids that NAT is done in the bigger
picture.

> If the host has a static route for a subnet not directly connected to
> either eth0 or eth1, but the static route uses a next hop IP address
> within the eth1 subnet - will pasta apply NAT to the eth1 IP address,
> and the use the static route to send it via the next-hop router?

This also reduces to a question about Linux, essentially. Yes, as far
as I know, that would be the outcome: source NAT using a matching
address assigned to eth1, if any (preferred source address).

Does that answer your question?

-- 
Stefano