The mode of UDP NAT represented by PORT_ADDR_SEEN isn't actually useful.
In most cases addr_seen and addr will be the same, in which case it's just
redundant with PORT_ADDR. If they are different, that means the guest is
using an address different from the one it's been assigned. The natural
consequence of doing that is that you can't communicate with some other
host which is using the address you squatted. We don't need to shield
the guest from the consequences of shooting itself in the foot this way.
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
udp.c | 22 ++++------------------
1 file changed, 4 insertions(+), 18 deletions(-)
diff --git a/udp.c b/udp.c
index 3c78fca..2d05584 100644
--- a/udp.c
+++ b/udp.c
@@ -123,13 +123,11 @@
/**
* enum udp_port_remote - Original remote address of UDP "connection" to a
port
* @PORT_LOOPBACK - Original remote address was (host side) loopback
- * @PORT_ADDR_SEEN - Original remote address was the same as the guest is using
- * @PORT_ADDR - Original remote address was guest assigned address
+ * @PORT_ADDR - Original remote address was host address shared with guest
*/
enum udp_port_remote {
PORT_LOOPBACK = 0,
- PORT_ADDR_SEEN = 1,
- PORT_ADDR = 2,
+ PORT_ADDR = 1,
};
/**
@@ -605,17 +603,14 @@ static size_t udp_update_hdr4(const struct ctx *c, int n, in_port_t
dstport,
IN4_ARE_ADDR_EQUAL(src, &c->ip4.dns_host) && src_port == 53) {
b->iph.saddr = c->ip4.dns_match.s_addr;
} else if (IN4_IS_ADDR_LOOPBACK(src) ||
- IN4_ARE_ADDR_EQUAL(src, &c->ip4.addr_seen) ||
IN4_ARE_ADDR_EQUAL(src, &c->ip4.addr)) {
b->iph.saddr = c->ip4.gw.s_addr;
udp_tap_map[V4][src_port].ts = now->tv_sec;
if (IN4_IS_ADDR_LOOPBACK(src))
udp_tap_map[V4][src_port].remote = PORT_LOOPBACK;
- else if (IN4_ARE_ADDR_EQUAL(src, &c->ip4.addr))
- udp_tap_map[V4][src_port].remote = PORT_ADDR;
else
- udp_tap_map[V4][src_port].remote = PORT_ADDR_SEEN;
+ udp_tap_map[V4][src_port].remote = PORT_ADDR;
bitmap_set(udp_act[V4][UDP_ACT_TAP], src_port);
} else {
@@ -663,7 +658,6 @@ static size_t udp_update_hdr6(const struct ctx *c, int n, in_port_t
dstport,
b->ip6h.daddr = c->ip6.addr_seen;
b->ip6h.saddr = c->ip6.dns_match;
} else if (IN6_IS_ADDR_LOOPBACK(src) ||
- IN6_ARE_ADDR_EQUAL(src, &c->ip6.addr_seen) ||
IN6_ARE_ADDR_EQUAL(src, &c->ip6.addr)) {
b->ip6h.daddr = c->ip6.addr_ll_seen;
@@ -676,10 +670,8 @@ static size_t udp_update_hdr6(const struct ctx *c, int n, in_port_t
dstport,
if (IN6_IS_ADDR_LOOPBACK(src))
udp_tap_map[V6][src_port].remote = PORT_LOOPBACK;
- else if (IN6_ARE_ADDR_EQUAL(src, &c->ip6.addr))
- udp_tap_map[V6][src_port].remote = PORT_ADDR;
else
- udp_tap_map[V6][src_port].remote = PORT_ADDR_SEEN;
+ udp_tap_map[V6][src_port].remote = PORT_ADDR;
bitmap_set(udp_act[V6][UDP_ACT_TAP], src_port);
} else {
@@ -863,9 +855,6 @@ int udp_tap_handler(struct ctx *c, int af, const void *addr,
case PORT_ADDR:
s_in.sin_addr = c->ip4.addr;
break;
- case PORT_ADDR_SEEN:
- s_in.sin_addr = c->ip4.addr_seen;
- break;
}
}
@@ -915,9 +904,6 @@ int udp_tap_handler(struct ctx *c, int af, const void *addr,
case PORT_ADDR:
s_in6.sin6_addr = c->ip6.addr;
break;
- case PORT_ADDR_SEEN:
- s_in6.sin6_addr = c->ip6.addr_seen;
- break;
}
} else if (IN6_IS_ADDR_LINKLOCAL(&s_in6.sin6_addr)) {
bind_addr = &c->ip6.addr_ll;
--
2.40.1