diff options
| author | Kevin Krakauer <krakauer@google.com> | 2020-09-29 22:39:37 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-09-29 22:41:47 -0700 |
| commit | 0aae51c6e09046e56f2d4b6064124da059731286 (patch) | |
| tree | d3b972bcd4c6551827161db204fee01f5e2dc239 /pkg/sentry/socket | |
| parent | e5ece9aea730c105ab336e6bd2858322686a5708 (diff) | |
iptables: remove unused min/max NAT range fields
PiperOrigin-RevId: 334531794
Diffstat (limited to 'pkg/sentry/socket')
| -rw-r--r-- | pkg/sentry/socket/netfilter/targets.go | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/pkg/sentry/socket/netfilter/targets.go b/pkg/sentry/socket/netfilter/targets.go index e3b108e93..19b18b2d6 100644 --- a/pkg/sentry/socket/netfilter/targets.go +++ b/pkg/sentry/socket/netfilter/targets.go @@ -194,11 +194,9 @@ func (*redirectTargetMaker) marshal(target stack.Target) []byte { ret := make([]byte, 0, linux.SizeOfXTRedirectTarget) xt.NfRange.RangeSize = 1 - if rt.RangeProtoSpecified { - xt.NfRange.RangeIPV4.Flags |= linux.NF_NAT_RANGE_PROTO_SPECIFIED - } - xt.NfRange.RangeIPV4.MinPort = htons(rt.MinPort) - xt.NfRange.RangeIPV4.MaxPort = htons(rt.MaxPort) + xt.NfRange.RangeIPV4.Flags |= linux.NF_NAT_RANGE_PROTO_SPECIFIED + xt.NfRange.RangeIPV4.MinPort = htons(rt.Port) + xt.NfRange.RangeIPV4.MaxPort = xt.NfRange.RangeIPV4.MinPort return binary.Marshal(ret, usermem.ByteOrder, xt) } @@ -231,23 +229,23 @@ func (*redirectTargetMaker) unmarshal(buf []byte, filter stack.IPHeaderFilter) ( // Also check if we need to map ports or IP. // For now, redirect target only supports destination port change. // Port range and IP range are not supported yet. - if nfRange.RangeIPV4.Flags&linux.NF_NAT_RANGE_PROTO_SPECIFIED == 0 { + if nfRange.RangeIPV4.Flags != linux.NF_NAT_RANGE_PROTO_SPECIFIED { nflog("redirectTargetMaker: invalid range flags %d", nfRange.RangeIPV4.Flags) return nil, syserr.ErrInvalidArgument } - target.RangeProtoSpecified = true - - target.MinIP = tcpip.Address(nfRange.RangeIPV4.MinIP[:]) - target.MaxIP = tcpip.Address(nfRange.RangeIPV4.MaxIP[:]) // TODO(gvisor.dev/issue/170): Port range is not supported yet. if nfRange.RangeIPV4.MinPort != nfRange.RangeIPV4.MaxPort { nflog("redirectTargetMaker: MinPort != MaxPort (%d, %d)", nfRange.RangeIPV4.MinPort, nfRange.RangeIPV4.MaxPort) return nil, syserr.ErrInvalidArgument } + if nfRange.RangeIPV4.MinIP != nfRange.RangeIPV4.MaxIP { + nflog("redirectTargetMaker: MinIP != MaxIP (%d, %d)", nfRange.RangeIPV4.MinPort, nfRange.RangeIPV4.MaxPort) + return nil, syserr.ErrInvalidArgument + } - target.MinPort = ntohs(nfRange.RangeIPV4.MinPort) - target.MaxPort = ntohs(nfRange.RangeIPV4.MaxPort) + target.Addr = tcpip.Address(nfRange.RangeIPV4.MinIP[:]) + target.Port = ntohs(nfRange.RangeIPV4.MinPort) return &target, nil } |