summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2020-09-29 22:39:37 -0700
committergVisor bot <gvisor-bot@google.com>2020-09-29 22:41:47 -0700
commit0aae51c6e09046e56f2d4b6064124da059731286 (patch)
treed3b972bcd4c6551827161db204fee01f5e2dc239 /pkg/sentry/socket
parente5ece9aea730c105ab336e6bd2858322686a5708 (diff)
iptables: remove unused min/max NAT range fields
PiperOrigin-RevId: 334531794
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r--pkg/sentry/socket/netfilter/targets.go22
1 files changed, 10 insertions, 12 deletions
diff --git a/pkg/sentry/socket/netfilter/targets.go b/pkg/sentry/socket/netfilter/targets.go
index e3b108e93..19b18b2d6 100644
--- a/pkg/sentry/socket/netfilter/targets.go
+++ b/pkg/sentry/socket/netfilter/targets.go
@@ -194,11 +194,9 @@ func (*redirectTargetMaker) marshal(target stack.Target) []byte {
ret := make([]byte, 0, linux.SizeOfXTRedirectTarget)
xt.NfRange.RangeSize = 1
- if rt.RangeProtoSpecified {
- xt.NfRange.RangeIPV4.Flags |= linux.NF_NAT_RANGE_PROTO_SPECIFIED
- }
- xt.NfRange.RangeIPV4.MinPort = htons(rt.MinPort)
- xt.NfRange.RangeIPV4.MaxPort = htons(rt.MaxPort)
+ xt.NfRange.RangeIPV4.Flags |= linux.NF_NAT_RANGE_PROTO_SPECIFIED
+ xt.NfRange.RangeIPV4.MinPort = htons(rt.Port)
+ xt.NfRange.RangeIPV4.MaxPort = xt.NfRange.RangeIPV4.MinPort
return binary.Marshal(ret, usermem.ByteOrder, xt)
}
@@ -231,23 +229,23 @@ func (*redirectTargetMaker) unmarshal(buf []byte, filter stack.IPHeaderFilter) (
// Also check if we need to map ports or IP.
// For now, redirect target only supports destination port change.
// Port range and IP range are not supported yet.
- if nfRange.RangeIPV4.Flags&linux.NF_NAT_RANGE_PROTO_SPECIFIED == 0 {
+ if nfRange.RangeIPV4.Flags != linux.NF_NAT_RANGE_PROTO_SPECIFIED {
nflog("redirectTargetMaker: invalid range flags %d", nfRange.RangeIPV4.Flags)
return nil, syserr.ErrInvalidArgument
}
- target.RangeProtoSpecified = true
-
- target.MinIP = tcpip.Address(nfRange.RangeIPV4.MinIP[:])
- target.MaxIP = tcpip.Address(nfRange.RangeIPV4.MaxIP[:])
// TODO(gvisor.dev/issue/170): Port range is not supported yet.
if nfRange.RangeIPV4.MinPort != nfRange.RangeIPV4.MaxPort {
nflog("redirectTargetMaker: MinPort != MaxPort (%d, %d)", nfRange.RangeIPV4.MinPort, nfRange.RangeIPV4.MaxPort)
return nil, syserr.ErrInvalidArgument
}
+ if nfRange.RangeIPV4.MinIP != nfRange.RangeIPV4.MaxIP {
+ nflog("redirectTargetMaker: MinIP != MaxIP (%d, %d)", nfRange.RangeIPV4.MinPort, nfRange.RangeIPV4.MaxPort)
+ return nil, syserr.ErrInvalidArgument
+ }
- target.MinPort = ntohs(nfRange.RangeIPV4.MinPort)
- target.MaxPort = ntohs(nfRange.RangeIPV4.MaxPort)
+ target.Addr = tcpip.Address(nfRange.RangeIPV4.MinIP[:])
+ target.Port = ntohs(nfRange.RangeIPV4.MinPort)
return &target, nil
}