From 3517d070cc3128ad3439e10b8abb42b7df60c2b2 Mon Sep 17 00:00:00 2001
From: Ghanan Gowripalan <ghanan@google.com>
Date: Thu, 7 Oct 2021 15:30:09 -0700
Subject: Track UDP packets performing REDIRECT NAT

PiperOrigin-RevId: 401620449
---
 pkg/tcpip/stack/iptables_targets.go | 32 ++++----------------------------
 1 file changed, 4 insertions(+), 28 deletions(-)

(limited to 'pkg/tcpip')

diff --git a/pkg/tcpip/stack/iptables_targets.go b/pkg/tcpip/stack/iptables_targets.go
index 8b74677d0..7e5a1672a 100644
--- a/pkg/tcpip/stack/iptables_targets.go
+++ b/pkg/tcpip/stack/iptables_targets.go
@@ -132,36 +132,12 @@ func (rt *RedirectTarget) Action(pkt *PacketBuffer, hook Hook, r *Route, address
 		panic("redirect target is supported only on output and prerouting hooks")
 	}
 
-	switch protocol := pkt.TransportProtocolNumber; protocol {
-	case header.UDPProtocolNumber:
-		udpHeader := header.UDP(pkt.TransportHeader().View())
-
-		if hook == Output {
-			// Only calculate the checksum if offloading isn't supported.
-			requiresChecksum := r.RequiresTXTransportChecksum()
-			rewritePacket(
-				pkt.Network(),
-				udpHeader,
-				false, /* updateSRCFields */
-				requiresChecksum,
-				requiresChecksum,
-				rt.Port,
-				address,
-			)
-		} else {
-			udpHeader.SetDestinationPort(rt.Port)
-		}
-
-		pkt.NatDone = true
-	case header.TCPProtocolNumber:
-		if t := pkt.tuple; t != nil {
-			t.conn.performNAT(pkt, hook, r, rt.Port, address, true /* dnat */)
-		}
-	default:
-		return RuleDrop, 0
+	if t := pkt.tuple; t != nil {
+		t.conn.performNAT(pkt, hook, r, rt.Port, address, true /* dnat */)
+		return RuleAccept, 0
 	}
 
-	return RuleAccept, 0
+	return RuleDrop, 0
 }
 
 // SNATTarget modifies the source port/IP in the outgoing packets.
-- 
cgit v1.2.3