Support Twice NAT

This CL allows both SNAT and DNAT targets to be performed on the same packet. Fixes #5696. PiperOrigin-RevId: 402714738
author: Ghanan Gowripalan <ghanan@google.com> 2021-10-12 19:36:55 -0700
committer: gVisor bot <gvisor-bot@google.com> 2021-10-12 19:39:10 -0700
commit: 747cb92460bc30983263fcd85562a8586842d824 (patch)
tree: 5087778a134e917381947dbc6ac4c441a543ece1 /pkg/tcpip/stack/iptables_targets.go
parent: 049fa8ea9999799cc304fe811ca8028a195be493 (diff)
1 files changed, 0 insertions, 5 deletions
diff --git a/pkg/tcpip/stack/iptables_targets.go b/pkg/tcpip/stack/iptables_targets.go
index 85490e2d4..ef515bdd2 100644
--- a/pkg/tcpip/stack/iptables_targets.go
+++ b/pkg/tcpip/stack/iptables_targets.go
@@ -175,11 +175,6 @@ type SNATTarget struct {
 }
 
 func natAction(pkt *PacketBuffer, hook Hook, r *Route, port uint16, address tcpip.Address, dnat bool) (RuleVerdict, int) {
-	// Packet is already manipulated.
-	if pkt.NatDone {
-		return RuleAccept, 0
-	}
-
 	// Drop the packet if network and transport header are not set.
 	if pkt.NetworkHeader().View().IsEmpty() || pkt.TransportHeader().View().IsEmpty() {
 		return RuleDrop, 0
author	Ghanan Gowripalan <ghanan@google.com>	2021-10-12 19:36:55 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-10-12 19:39:10 -0700
commit	747cb92460bc30983263fcd85562a8586842d824 (patch)
tree	5087778a134e917381947dbc6ac4c441a543ece1 /pkg/tcpip/stack/iptables_targets.go
parent	049fa8ea9999799cc304fe811ca8028a195be493 (diff)