From 5768a147b124efbeff2800794da7ba961146af19 Mon Sep 17 00:00:00 2001 From: Ghanan Gowripalan Date: Wed, 22 Sep 2021 12:36:38 -0700 Subject: Populate forwarded packet buffer's TransportHeader Turns out certain features of iptables (e.g. NAT) will not perform any checks/work unless both the Network and Transport headers are populated. With this change, provide the packet directly to the outgoing network endpoint's `writePacket` method instead of going through `WriteHeaderIncludedPacket` which expected the headers to not be set. PiperOrigin-RevId: 398304004 --- pkg/tcpip/stack/packet_buffer.go | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'pkg/tcpip/stack') diff --git a/pkg/tcpip/stack/packet_buffer.go b/pkg/tcpip/stack/packet_buffer.go index 29c22bfd4..b9280c2de 100644 --- a/pkg/tcpip/stack/packet_buffer.go +++ b/pkg/tcpip/stack/packet_buffer.go @@ -341,6 +341,37 @@ func (pk *PacketBuffer) CloneToInbound() *PacketBuffer { return newPk } +// DeepCopyForForwarding creates a deep copy of the packet buffer for +// forwarding. +// +// The returned packet buffer will have the network and transport headers +// set if the original packet buffer did. +func (pk *PacketBuffer) DeepCopyForForwarding(reservedHeaderBytes int) *PacketBuffer { + newPkt := NewPacketBuffer(PacketBufferOptions{ + ReserveHeaderBytes: reservedHeaderBytes, + Data: PayloadSince(pk.NetworkHeader()).ToVectorisedView(), + IsForwardedPacket: true, + }) + + { + consumeBytes := pk.NetworkHeader().View().Size() + if _, consumed := newPkt.NetworkHeader().Consume(consumeBytes); !consumed { + panic(fmt.Sprintf("expected to consume network header %d bytes from new packet", consumeBytes)) + } + newPkt.NetworkProtocolNumber = pk.NetworkProtocolNumber + } + + { + consumeBytes := pk.TransportHeader().View().Size() + if _, consumed := newPkt.TransportHeader().Consume(consumeBytes); !consumed { + panic(fmt.Sprintf("expected to consume transport header %d bytes from new packet", consumeBytes)) + } + newPkt.TransportProtocolNumber = pk.TransportProtocolNumber + } + + return newPkt +} + // headerInfo stores metadata about a header in a packet. type headerInfo struct { // offset is the offset of the header in pk.buf relative to -- cgit v1.2.3