Add nat table support for iptables.

- commit the changes for the comments.
author: Nayana Bidari <nybidari@google.com> 2020-02-25 15:03:51 -0800
committer: Nayana Bidari <nybidari@google.com> 2020-02-25 15:03:51 -0800
commit: acc405ba60834f5dce9ce04cd762d5cda02224cb (patch)
tree: 6571786bd38f1a5755a09dc717e9b0012d5c7d7a /pkg/tcpip/stack
parent: b30b7f3422202232ad1c385a7ac0d775151fee2f (diff)
1 files changed, 1 insertions, 12 deletions
diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go
index 2028f5201..a75dc0322 100644
--- a/pkg/tcpip/stack/nic.go
+++ b/pkg/tcpip/stack/nic.go
@@ -1087,19 +1087,8 @@ func (n *NIC) DeliverNetworkPacket(linkEP LinkEndpoint, remote, local tcpip.Link
 
 	// TODO(gvisor.dev/issue/170): Not supporting iptables for IPv6 yet.
 	if protocol == header.IPv4ProtocolNumber {
-		newPkt := pkt.Clone()
-
-		headerView := newPkt.Data.First()
-		h := header.IPv4(headerView)
-		newPkt.NetworkHeader = headerView[:h.HeaderLength()]
-
-		hlen := int(h.HeaderLength())
-		tlen := int(h.TotalLength())
-		newPkt.Data.TrimFront(hlen)
-		newPkt.Data.CapLength(tlen - hlen)
-
 		ipt := n.stack.IPTables()
-		if ok := ipt.Check(iptables.Prerouting, newPkt); !ok {
+		if ok := ipt.Check(iptables.Prerouting, pkt); !ok {
 			// iptables is telling us to drop the packet.
 			return
 		}
author	Nayana Bidari <nybidari@google.com>	2020-02-25 15:03:51 -0800
committer	Nayana Bidari <nybidari@google.com>	2020-02-25 15:03:51 -0800
commit	acc405ba60834f5dce9ce04cd762d5cda02224cb (patch)
tree	6571786bd38f1a5755a09dc717e9b0012d5c7d7a /pkg/tcpip/stack
parent	b30b7f3422202232ad1c385a7ac0d775151fee2f (diff)