On Thu, 12 Jan 2023 09:45:39 -0500 Laine Stump <laine(a)redhat.com> wrote:On 1/11/23 1:33 PM, Daniel P. Berrangé wrote:Yes, it's pretty much that... recycling from the man page: -i, --interface name Use host interface name to derive addresses and routes. Default is to use the interfaces with the first default routes for each IP version. It's not actually a routing restriction -- passt can't do that. The only interface binding that passt implements (with Linux kernel versions >= 5.7) is an optional bound interface specification for port forwarding.On Sun, Jan 08, 2023 at 11:11:07PM -0500, Laine Stump wrote:[...]Initial support for network devices using passt (https://passt.top) for the backend connection will require: * new attributes of the <backend> subelement: * "type" that can have the value "passt" (to differentiate from slirp, because both slirp and passt will use <interface type='user'>) * "logFile" (a path to a file that passt should use for its logging) * "upstream" (a netdev name, e.g. "eth0").IMHO this attribute is inappropriate for <backend>....I'm still not sure *exactly* what it does; it apparently grabs the routes that are fed to the guest from the given host interface; I should probably ask Stefano to explain it to me again (he described it once, but that was along with explanations of several other things).+ <interface type='user'> + <mac address='00:11:22:33:44:55'/> + <ip address='172.17.2.0' family='ipv4' prefix='24'/> + <ip address='2001:db8:ac10:fd01::feed' family='ipv6'/> + <portForward proto='tcp' address='2001:db8:ac10:fd01::1:10'> + <range start='22' to='2022'/> + <range start='1000' end='1050'/> + <range start='1020' exclude='yes'/> + <range start='1030' end='1040' exclude='yes'/> + </portForward> + <portForward proto='udp' address='1.2.3.4' dev='eth0'> + <range start='5000' end='5020' to='6000'/> + <range start='5010' end='5015' exclude='yes'/> + </portForward> + <portForward proto='tcp'> + <range start='80'/> + </portForward> + <portForward proto='tcp'> + <range start='443' to='344'/> + </portForward> + <model type='rtl8139'/> + <backend type='passt' logFile='/var/log/loglaw.blog' upstream='eth42'/>I don't think that 'upstream' is really describing a property of the backend. This is expressing a traffic routing restriction for the 'user' networking type. IMHO it should probably be using the existing <source dev="xxxx"/> element, that is currently used by the 'direct' networking type.So it's not *exactly* the same as <source dev='xxx'/> for type='direct' (which determines the link-level connection rather than IP routing), but definitely very similar.Right, I think so too, and "source" is probably a good name for that in any case. -- Stefano