From 0aae51c6e09046e56f2d4b6064124da059731286 Mon Sep 17 00:00:00 2001
From: Kevin Krakauer <krakauer@google.com>
Date: Tue, 29 Sep 2020 22:39:37 -0700
Subject: iptables: remove unused min/max NAT range fields

PiperOrigin-RevId: 334531794
---
 pkg/sentry/socket/netfilter/targets.go | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

(limited to 'pkg/sentry/socket')

diff --git a/pkg/sentry/socket/netfilter/targets.go b/pkg/sentry/socket/netfilter/targets.go
index e3b108e93..19b18b2d6 100644
--- a/pkg/sentry/socket/netfilter/targets.go
+++ b/pkg/sentry/socket/netfilter/targets.go
@@ -194,11 +194,9 @@ func (*redirectTargetMaker) marshal(target stack.Target) []byte {
 
 	ret := make([]byte, 0, linux.SizeOfXTRedirectTarget)
 	xt.NfRange.RangeSize = 1
-	if rt.RangeProtoSpecified {
-		xt.NfRange.RangeIPV4.Flags |= linux.NF_NAT_RANGE_PROTO_SPECIFIED
-	}
-	xt.NfRange.RangeIPV4.MinPort = htons(rt.MinPort)
-	xt.NfRange.RangeIPV4.MaxPort = htons(rt.MaxPort)
+	xt.NfRange.RangeIPV4.Flags |= linux.NF_NAT_RANGE_PROTO_SPECIFIED
+	xt.NfRange.RangeIPV4.MinPort = htons(rt.Port)
+	xt.NfRange.RangeIPV4.MaxPort = xt.NfRange.RangeIPV4.MinPort
 	return binary.Marshal(ret, usermem.ByteOrder, xt)
 }
 
@@ -231,23 +229,23 @@ func (*redirectTargetMaker) unmarshal(buf []byte, filter stack.IPHeaderFilter) (
 	// Also check if we need to map ports or IP.
 	// For now, redirect target only supports destination port change.
 	// Port range and IP range are not supported yet.
-	if nfRange.RangeIPV4.Flags&linux.NF_NAT_RANGE_PROTO_SPECIFIED == 0 {
+	if nfRange.RangeIPV4.Flags != linux.NF_NAT_RANGE_PROTO_SPECIFIED {
 		nflog("redirectTargetMaker: invalid range flags %d", nfRange.RangeIPV4.Flags)
 		return nil, syserr.ErrInvalidArgument
 	}
-	target.RangeProtoSpecified = true
-
-	target.MinIP = tcpip.Address(nfRange.RangeIPV4.MinIP[:])
-	target.MaxIP = tcpip.Address(nfRange.RangeIPV4.MaxIP[:])
 
 	// TODO(gvisor.dev/issue/170): Port range is not supported yet.
 	if nfRange.RangeIPV4.MinPort != nfRange.RangeIPV4.MaxPort {
 		nflog("redirectTargetMaker: MinPort != MaxPort (%d, %d)", nfRange.RangeIPV4.MinPort, nfRange.RangeIPV4.MaxPort)
 		return nil, syserr.ErrInvalidArgument
 	}
+	if nfRange.RangeIPV4.MinIP != nfRange.RangeIPV4.MaxIP {
+		nflog("redirectTargetMaker: MinIP != MaxIP (%d, %d)", nfRange.RangeIPV4.MinPort, nfRange.RangeIPV4.MaxPort)
+		return nil, syserr.ErrInvalidArgument
+	}
 
-	target.MinPort = ntohs(nfRange.RangeIPV4.MinPort)
-	target.MaxPort = ntohs(nfRange.RangeIPV4.MaxPort)
+	target.Addr = tcpip.Address(nfRange.RangeIPV4.MinIP[:])
+	target.Port = ntohs(nfRange.RangeIPV4.MinPort)
 
 	return &target, nil
 }
-- 
cgit v1.2.3