Add nat table support for iptables.

Add nat table support for Prerouting hook with Redirect option. Add tests to check redirect of ports.
author: Nayana Bidari <nybidari@google.com> 2020-02-18 11:30:42 -0800
committer: Nayana Bidari <nybidari@google.com> 2020-02-18 11:30:42 -0800
commit: b30b7f3422202232ad1c385a7ac0d775151fee2f (patch)
tree: 3b8de1ccfc8e6abbe7ccb5e35b3fc5832acad0ca /pkg/tcpip/iptables/targets.go
parent: fae3de21af7f50266565643c6283912b087b0f5a (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/pkg/tcpip/iptables/targets.go b/pkg/tcpip/iptables/targets.go
index 9fc60cfad..06e65bece 100644
--- a/pkg/tcpip/iptables/targets.go
+++ b/pkg/tcpip/iptables/targets.go
@@ -19,6 +19,7 @@ package iptables
 import (
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/tcpip"
+	"gvisor.dev/gvisor/pkg/tcpip/header"
 )
 
 // AcceptTarget accepts packets.
@@ -65,3 +66,26 @@ type ReturnTarget struct{}
 func (ReturnTarget) Action(tcpip.PacketBuffer) (RuleVerdict, string) {
 	return RuleReturn, ""
 }
+
+// RedirectTarget redirects the packet by modifying the destination port/IP.
+type RedirectTarget struct {
+	RangeSize uint32
+	Flags     uint32
+	MinIP     tcpip.Address
+	MaxIP     tcpip.Address
+	MinPort   uint16
+	MaxPort   uint16
+}
+
+// Action implements Target.Action.
+func (rt RedirectTarget) Action(packet tcpip.PacketBuffer) (RuleVerdict, string) {
+	log.Infof("RedirectTarget triggered.")
+
+	// TODO(gvisor.dev/issue/170): Checking only for UDP protocol.
+	// We're yet to support for TCP protocol.
+	headerView := packet.Data.First()
+	h := header.UDP(headerView)
+	h.SetDestinationPort(rt.MinPort)
+
+	return RuleAccept, ""
+}
author	Nayana Bidari <nybidari@google.com>	2020-02-18 11:30:42 -0800
committer	Nayana Bidari <nybidari@google.com>	2020-02-18 11:30:42 -0800
commit	b30b7f3422202232ad1c385a7ac0d775151fee2f (patch)
tree	3b8de1ccfc8e6abbe7ccb5e35b3fc5832acad0ca /pkg/tcpip/iptables/targets.go
parent	fae3de21af7f50266565643c6283912b087b0f5a (diff)