Re: [PATCH 3/3] fwd: Rework inconsistencies in translation of inbound flows

On Mon, Aug 12, 2024 at 11:51:17PM +0200, Stefano Brivio wrote:

I applied up to 2/3, I just have one doubt here, and a nit:

On Mon, 12 Aug 2024 19:53:55 +1000 David Gibson wrote:

...

We usually avoid NAT, but in a few cases we need to apply address translations. The current logic for this on inbound flows has some inconsistencies:

* For IPv4 (but not IPv6) we translated unspecified source addresses

...I know we already talked about this, but 0.0.0.0/8 is not just unspecified, it also means "this host on this network" (RFC 6890, 2.2.2), and that's the reason for this apparent inconsistency (:: doesn't). By the way, somebody was reminded of this just recently:

Good point. I've changed that behaviour for the next spin. And added comments about this for the next sucker who notices the apparent inconsistency :). -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson