On Fri, 16 Aug 2024 15:39:57 +1000
David Gibson <david(a)gibson.dropbear.id.au> wrote:
We usually avoid NAT, but in a few cases we need
to apply address
translations. For inbound connections that happens for addresses which
make sense to the host but are either inaccessible, or mean a different
location from the guest's point of view.
Add some helper functions to determine such addresses, and use them in
fwd_nat_from_host(). In doing so clarify some of the reasons for the
logic. We'll also have further use for these helpers in future.
While we're there fix one unneccessary inconsistency between IPv4 and IPv6.
We always translated the guest's observed address, but for IPv4 we didn't
translate the guest's assigned address, whereas for IPv6 we did. Change
this to translate both in all cases for consistency.
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
fwd.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++-------
1 file changed, 87 insertions(+), 11 deletions(-)
diff --git a/fwd.c b/fwd.c
index 75dc0151..1baae338 100644
--- a/fwd.c
+++ b/fwd.c
@@ -170,6 +170,85 @@ static bool is_dns_flow(uint8_t proto, const struct flowside *ini)
((ini->oport == 53) || (ini->oport == 853));
}
+/**
+ * fwd_guest_accessible4() - Is IPv4 address guest accessible
Nit: I wonder if we should say "guest-accessible" in all these cases,
it's a bit easier for me to decode, but not necessarily more correct.
It's fine by me either way.