conf, tcp, udp: Add --no-map-gw to disable mapping gateway address to host

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2021-10-14 05:26:37 +02:00
parent 3bb859c505
commit f45891cf26
5 changed files with 15 additions and 5 deletions

2
conf.c
View file

@ -600,6 +600,7 @@ static void usage(const char *name)
info( " --no-ndp Disable NDP responses"); info( " --no-ndp Disable NDP responses");
info( " --no-dhcpv6 Disable DHCPv6 server"); info( " --no-dhcpv6 Disable DHCPv6 server");
info( " --no-ra Disable router advertisements"); info( " --no-ra Disable router advertisements");
info( " --no-map-gw Don't map gateway address to host");
info( " -4, --ipv4-only Enable IPv4 operation only"); info( " -4, --ipv4-only Enable IPv4 operation only");
info( " -6, --ipv6-only Enable IPv6 operation only"); info( " -6, --ipv6-only Enable IPv6 operation only");
@ -776,6 +777,7 @@ void conf(struct ctx *c, int argc, char **argv)
{"no-dhcpv6", no_argument, &c->no_dhcpv6, 1 }, {"no-dhcpv6", no_argument, &c->no_dhcpv6, 1 },
{"no-ndp", no_argument, &c->no_ndp, 1 }, {"no-ndp", no_argument, &c->no_ndp, 1 },
{"no-ra", no_argument, &c->no_ra, 1 }, {"no-ra", no_argument, &c->no_ra, 1 },
{"no-map-gw", no_argument, &c->no_map_gw, 1 },
{"ipv4-only", no_argument, &c->v4, '4' }, {"ipv4-only", no_argument, &c->v4, '4' },
{"ipv6-only", no_argument, &c->v6, '6' }, {"ipv6-only", no_argument, &c->v6, '6' },
{"tcp-ports", required_argument, NULL, 't' }, {"tcp-ports", required_argument, NULL, 't' },

View file

@ -207,6 +207,11 @@ namespace will be silently dropped.
Disable Router Advertisements. Router Solicitations coming from guest or target Disable Router Advertisements. Router Solicitations coming from guest or target
namespace will be ignored. namespace will be ignored.
.TP
.BR \-\-no-map-gw
Don't remap TCP connections and untracked UDP traffic, with the gateway address
as destination, to the host.
.TP .TP
.BR \-4 ", " \-\-ipv4-only .BR \-4 ", " \-\-ipv4-only
Enable IPv4-only operation. IPv6 traffic will be ignored. Enable IPv4-only operation. IPv6 traffic will be ignored.
@ -635,7 +640,7 @@ address corresponding to the default gateway will have their destination address
translated to a loopback address, if and only if a packet, in the opposite translated to a loopback address, if and only if a packet, in the opposite
direction, with a loopback destination or source address, port-wise matching for direction, with a loopback destination or source address, port-wise matching for
UDP, or connection-wise for TCP, has been recently forwarded to guest or UDP, or connection-wise for TCP, has been recently forwarded to guest or
namespace. namespace. This behaviour can be disabled with \-\-no\-map\-gw.
.SS Handling of local traffic in pasta .SS Handling of local traffic in pasta

View file

@ -130,6 +130,7 @@ enum passt_modes {
* @no_dhcpv6: Disable DHCPv6 server * @no_dhcpv6: Disable DHCPv6 server
* @no_ndp: Disable NDP handler altogether * @no_ndp: Disable NDP handler altogether
* @no_ra: Disable router advertisements * @no_ra: Disable router advertisements
* @no_map_gw: Don't map connections, untracked UDP to gateway to host
* @low_wmem: Low probed net.core.wmem_max * @low_wmem: Low probed net.core.wmem_max
* @low_rmem: Low probed net.core.rmem_max * @low_rmem: Low probed net.core.rmem_max
*/ */
@ -188,6 +189,7 @@ struct ctx {
int no_dhcpv6; int no_dhcpv6;
int no_ndp; int no_ndp;
int no_ra; int no_ra;
int no_map_gw;
int low_wmem; int low_wmem;
int low_rmem; int low_rmem;

5
tcp.c
View file

@ -1845,9 +1845,10 @@ static void tcp_conn_from_tap(struct ctx *c, int af, void *addr,
tcp_sock_set_bufsize(c, s); tcp_sock_set_bufsize(c, s);
if (af == AF_INET && addr4.sin_addr.s_addr == c->gw4) if (af == AF_INET && addr4.sin_addr.s_addr == c->gw4 && !c->no_map_gw)
addr4.sin_addr.s_addr = htonl(INADDR_LOOPBACK); addr4.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
else if (af == AF_INET6 && !memcmp(addr, &c->gw6, sizeof(c->gw6))) else if (af == AF_INET6 && !memcmp(addr, &c->gw6, sizeof(c->gw6)) &&
!c->no_map_gw)
addr6.sin6_addr = in6addr_loopback; addr6.sin6_addr = in6addr_loopback;
if (af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL(&addr6.sin6_addr)) { if (af == AF_INET6 && IN6_IS_ADDR_LINKLOCAL(&addr6.sin6_addr)) {

4
udp.c
View file

@ -933,7 +933,7 @@ int udp_tap_handler(struct ctx *c, int af, void *addr,
udp_tap_map[V4][src].ts = now->tv_sec; udp_tap_map[V4][src].ts = now->tv_sec;
if (s_in.sin_addr.s_addr == c->gw4) { if (s_in.sin_addr.s_addr == c->gw4 && !c->no_map_gw) {
if (!udp_tap_map[V4][dst].ts_local || if (!udp_tap_map[V4][dst].ts_local ||
udp_tap_map[V4][dst].loopback) udp_tap_map[V4][dst].loopback)
s_in.sin_addr.s_addr = htonl(INADDR_LOOPBACK); s_in.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
@ -951,7 +951,7 @@ int udp_tap_handler(struct ctx *c, int af, void *addr,
sa = (struct sockaddr *)&s_in6; sa = (struct sockaddr *)&s_in6;
sl = sizeof(s_in6); sl = sizeof(s_in6);
if (!memcmp(addr, &c->gw6, sizeof(c->gw6))) { if (!memcmp(addr, &c->gw6, sizeof(c->gw6)) && !c->no_map_gw) {
if (!udp_tap_map[V6][dst].ts_local || if (!udp_tap_map[V6][dst].ts_local ||
udp_tap_map[V6][dst].loopback) udp_tap_map[V6][dst].loopback)
s_in6.sin6_addr = in6addr_loopback; s_in6.sin6_addr = in6addr_loopback;