On Fri, Jul 19, 2024 at 09:20:27PM +0200, Stefano Brivio wrote:On Thu, 18 Jul 2024 15:26:26 +1000 David Gibson <david(a)gibson.dropbear.id.au> wrote:🎉 -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibsonThis is the seventh draft of an implementation of more general "connection" tracking, as described at: https://pad.passt.top/p/NewForwardingModel This series changes the TCP connection table and hash table into a more general flow table that can track other protocols as well. Each flow uniformly keeps track of all the relevant addresses and ports, which will allow for more robust control of NAT and port forwarding. ICMP and UDP are converted to use the new flow table. This is based on the recent series of UDP flow table preliminaries. Caveats: * We roughly double the size of a connection/flow entry * We don't yet record the local address of flows initiated from a socket, even in cases where it's bound to a specific address. Changes since v7: * Rebase * Fix unintended regression in forwarding logic (we weren't applying map_gw logic to DNS packets, if they didn't hit explicit DNS forwarding rules). * Remove return value from pif_sockaddr(), in turned out not to be very useful. * More robust discarding of datagrams received between bind() and connect() on UDP reply sockets. * Avoid the name 'fside' for variables which was confusing in some contexts * Assorted minor changes based on feedback.Applied (!)