This is the seventh draft of an implementation of more
general
"connection" tracking, as described at:
https://pad.passt.top/p/NewForwardingModel
This series changes the TCP connection table and hash table into a
more general flow table that can track other protocols as well. Each
flow uniformly keeps track of all the relevant addresses and ports,
which will allow for more robust control of NAT and port forwarding.
ICMP and UDP are converted to use the new flow table.
This is based on the recent series of UDP flow table preliminaries.
Caveats:
* We roughly double the size of a connection/flow entry
* We don't yet record the local address of flows initiated from a
socket, even in cases where it's bound to a specific address.
Changes since v7:
* Rebase
* Fix unintended regression in forwarding logic (we weren't applying
map_gw logic to DNS packets, if they didn't hit explicit DNS
forwarding rules).
* Remove return value from pif_sockaddr(), in turned out not to be
very useful.
* More robust discarding of datagrams received between bind() and
connect() on UDP reply sockets.
* Avoid the name 'fside' for variables which was confusing in some
contexts
* Assorted minor changes based on feedback.