From 747cb92460bc30983263fcd85562a8586842d824 Mon Sep 17 00:00:00 2001
From: Ghanan Gowripalan <ghanan@google.com>
Date: Tue, 12 Oct 2021 19:36:55 -0700
Subject: Support Twice NAT

This CL allows both SNAT and DNAT targets to be performed on the same
packet.

Fixes #5696.

PiperOrigin-RevId: 402714738
---
 pkg/tcpip/stack/iptables_targets.go | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'pkg/tcpip/stack/iptables_targets.go')

diff --git a/pkg/tcpip/stack/iptables_targets.go b/pkg/tcpip/stack/iptables_targets.go
index 85490e2d4..ef515bdd2 100644
--- a/pkg/tcpip/stack/iptables_targets.go
+++ b/pkg/tcpip/stack/iptables_targets.go
@@ -175,11 +175,6 @@ type SNATTarget struct {
 }
 
 func natAction(pkt *PacketBuffer, hook Hook, r *Route, port uint16, address tcpip.Address, dnat bool) (RuleVerdict, int) {
-	// Packet is already manipulated.
-	if pkt.NatDone {
-		return RuleAccept, 0
-	}
-
 	// Drop the packet if network and transport header are not set.
 	if pkt.NetworkHeader().View().IsEmpty() || pkt.TransportHeader().View().IsEmpty() {
 		return RuleDrop, 0
-- 
cgit v1.2.3