fwd: Distinguish translatable from untranslatable addresses on inbound
fwd_nat_from_host() needs to adjust the source address for new flows coming from an address which is not accessible to the guest. Currently we always use our_tap_addr or our_tap_ll. However in cases where the address is accessible to the guest via translation (i.e. via --map-host-loopback) then it makes more sense to use that translation, rather than the fallback mapping of our_tap_*. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
e813a4df7d
commit
8436c0d61b
1 changed files with 8 additions and 1 deletions
9
fwd.c
9
fwd.c
|
@ -386,7 +386,14 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
|
||||||
return PIF_SPLICE;
|
return PIF_SPLICE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!fwd_guest_accessible(c, &ini->eaddr)) {
|
if (!IN4_IS_ADDR_UNSPECIFIED(&c->ip4.map_host_loopback) &&
|
||||||
|
inany_equals4(&ini->eaddr, &in4addr_loopback)) {
|
||||||
|
/* Specifically 127.0.0.1, not 127.0.0.0/8 */
|
||||||
|
tgt->oaddr = inany_from_v4(c->ip4.map_host_loopback);
|
||||||
|
} else if (!IN6_IS_ADDR_UNSPECIFIED(&c->ip6.map_host_loopback) &&
|
||||||
|
inany_equals6(&ini->eaddr, &in6addr_loopback)) {
|
||||||
|
tgt->oaddr.a6 = c->ip6.map_host_loopback;
|
||||||
|
} else if (!fwd_guest_accessible(c, &ini->eaddr)) {
|
||||||
if (inany_v4(&ini->eaddr)) {
|
if (inany_v4(&ini->eaddr)) {
|
||||||
if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.our_tap_addr))
|
if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.our_tap_addr))
|
||||||
/* No source address we can use */
|
/* No source address we can use */
|
||||||
|
|
Loading…
Reference in a new issue