net/nat clean-ups#1550
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes legacy “unidirectional flow key” scaffolding by flattening FlowKey into a single struct and updating NAT/flow-table code to use the simplified API. It also refactors NAT error-to-DoneReason mapping to use From conversions instead of helper functions.
Changes:
- Refactor
net::FlowKeyfrom an enum +FlowKeyData/Uniwrapper into a singleFlowKeystruct with direct accessors andTryFrom<&Packet>. - Update NAT, flow-filter, and flow-entry code/tests to construct and mutate flow keys via
FlowKey::new, setters, andTryFrom<&Packet>. - Replace NAT
translate_error()helpers withFrom<&…Error> for DoneReasonimplementations.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| net/src/packet/mod.rs | Updates packet flow-key refresh to use TryFrom<&Packet> (removes Uni wrapper). |
| net/src/packet/meta.rs | Updates flow-key rewrite when setting src_vpcd to use FlowKey::new and accessors. |
| net/src/lib.rs | Stops re-exporting removed FlowKeyData. |
| net/src/flows/flow_key.rs | Core refactor: removes FlowKeyData + enum variant, introduces single FlowKey struct and TryFrom<&Packet>. |
| net/src/flows/display.rs | Simplifies Display impl by implementing directly on FlowKey. |
| nat/src/stateless/nf.rs | Refactors error-to-DoneReason mapping via From<&StatelessNatError>. |
| nat/src/stateful/test.rs | Updates tests to build flow keys via TryFrom<&Packet> (no Uni). |
| nat/src/stateful/nf.rs | Uses FlowKey::new/accessors and refactors DoneReason mapping via From<&StatefulNatError>. |
| nat/src/stateful/flows.rs | Updates flow-key field access to new accessors. |
| nat/src/stateful/allocation.rs | Adds From<&AllocatorError> for DoneReason to centralize mapping. |
| nat/src/portfw/flow_state.rs | Updates port-forward flow-key construction/mutation to use FlowKey setters/accessors. |
| nat/src/icmp_handler/icmp_error_msg.rs | Adds From<&IcmpErrorMsgError> for DoneReason to share mapping across NAT modes. |
| flow-filter/src/tests.rs | Updates tests to use TryFrom<&Packet> flow-key creation. |
| flow-entry/src/flow_table/table.rs | Updates flow-table tests to construct flow keys via FlowKey::new. |
| flow-entry/src/flow_table/nf_lookup.rs | Updates flow lookup to use TryFrom<&Packet> and removes unused imports. |
qmonnet
force-pushed
the
pr/qmonnet/nat-clean-ups
branch
from
8134920 to
01c0aa5
Compare
qmonnet
force-pushed
the
pr/qmonnet/split-static-nat
branch
from
41463b9 to
1bee3c4
Compare
qmonnet
force-pushed
the
pr/qmonnet/nat-clean-ups
branch
from
01c0aa5 to
3ec9fb9
Compare
qmonnet
force-pushed
the
pr/qmonnet/split-static-nat
branch
from
1bee3c4 to
4bea4c4
Compare
qmonnet
force-pushed
the
pr/qmonnet/nat-clean-ups
branch
from
3ec9fb9 to
ee88caa
Compare
qmonnet
force-pushed
the
pr/qmonnet/split-static-nat
branch
from
4bea4c4 to
1d0ea0e
Compare
qmonnet
force-pushed
the
pr/qmonnet/nat-clean-ups
branch
from
ee88caa to
aa5f5fe
Compare
qmonnet
force-pushed
the
pr/qmonnet/split-static-nat
branch
2 times, most recently
from
55f2af7 to
76c39fc
Compare
qmonnet
force-pushed
the
pr/qmonnet/nat-clean-ups
branch
from
aa5f5fe to
9485bfb
Compare
qmonnet
force-pushed
the
pr/qmonnet/split-static-nat
branch
2 times, most recently
from
bff2fdb to
0bce3d4
Compare
qmonnet
force-pushed
the
pr/qmonnet/nat-clean-ups
branch
from
9485bfb to
f2bb72f
Compare
qmonnet
force-pushed
the
pr/qmonnet/split-static-nat
branch
from
0bce3d4 to
a36a1c4
Compare
qmonnet
force-pushed
the
pr/qmonnet/nat-clean-ups
branch
from
f2bb72f to
3199fcf
Compare
daniel-noland
approved these changes
Jun 1, 2026
daniel-noland
left a comment
daniel-noland
left a comment
Collaborator
There was a problem hiding this comment.
Yup. This is a clear improvement
qmonnet
force-pushed
the
pr/qmonnet/split-static-nat
branch
4 times, most recently
from
a98c8c9 to
4813fb0
Compare
Rather than the large translate_error() functions, implement From for DoneReason. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Quentin Monnet <qmo@qmon.net>
FlowKey is an enum with a single Unidirectional variant wrapping FlowKeyData, the second (bidirectional) variant was removed some time ago. Turn FlowKey into a tuple struct so the wrapping no longer requires pattern-matching, and drop the now-trivial match arms in PartialEq, Hash, and the Display impl. The inner field is left pub for now, a follow-up commit will merge FlowKey and FlowKeyData into a single struct. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Quentin Monnet <qmo@qmon.net>
FlowKey had become a tuple struct wrapping FlowKeyData, with accessors data() and data_mut() used at every call site. The two types described the same flow tuple, so we can fold FlowKeyData's fields, methods, and Hash implementation directly into FlowKey and drop the indirection. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Quentin Monnet <qmo@qmon.net>
FlowKey used to support a bidirectional variant alongside the unidirectional one, and the builder was named uni() to disambiguate. Bidirectional keys were dropped a while ago, and the remaining builder named "uni()" is now confusing. Rename it to "new()" instead. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Quentin Monnet <qmo@qmon.net>
Uni<T> existed to tag a packet for unidirectional FlowKey extraction back when bidirectional keys were also supported. Bidirectional keys are gone, so Uni is not longer necessary, it simply adds dead weight that every call site has to thread through, and makes the code less clear. Convert the TryFrom impl to accept &Packet<Buf> directly, delete the Uni struct, and drop the wrapper at the call sites. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Quentin Monnet <qmo@qmon.net>
qmonnet
force-pushed
the
pr/qmonnet/nat-clean-ups
branch
from
3199fcf to
3319c5e
Compare
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Some Claude-assisted clean-ups for the net and nat (first commit) crates, in particular to get rid of the confusing leftovers for "unidirectional" flow keys, now that bidirectional ones are gone.
Based on top of #1548.