Extract static error

client/firewall/uspfilter/filter.go

@@ -738,8 +738,7 @@ func (m *Manager) filterInbound(packetData []byte, size int) bool {
 		return false
 	}
 
-	translated := m.translateInboundReverse(packetData, d)
-	if translated {
+	if translated := m.translateInboundReverse(packetData, d); translated {
 		// Re-decode after translation to get original addresses
 		if err := d.parser.DecodeLayers(packetData, &d.decoded); err != nil {
 			m.logger.Error("Failed to re-decode packet after reverse DNAT: %v", err)

client/firewall/uspfilter/nat.go

@@ -2,6 +2,7 @@ package uspfilter
 
 import (
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"net/netip"
 
@@ -10,6 +11,8 @@ import (
 	firewall "github.com/netbirdio/netbird/client/firewall/manager"
 )
 
+var ErrIPv4Only = errors.New("only IPv4 is supported for DNAT")
+
 func ipv4Checksum(header []byte) uint16 {
 	if len(header) < 20 {
 		return 0
@@ -245,7 +248,7 @@ func (m *Manager) translateInboundReverse(packetData []byte, d *decoder) bool {
 // rewritePacketDestination replaces destination IP in the packet
 func (m *Manager) rewritePacketDestination(packetData []byte, d *decoder, newIP netip.Addr) error {
 	if len(packetData) < 20 || d.decoded[0] != layers.LayerTypeIPv4 || !newIP.Is4() {
-		return fmt.Errorf("only IPv4 supported")
+		return ErrIPv4Only
 	}
 
 	var oldDst [4]byte
@@ -280,7 +283,7 @@ func (m *Manager) rewritePacketDestination(packetData []byte, d *decoder, newIP
 // rewritePacketSource replaces the source IP address in the packet
 func (m *Manager) rewritePacketSource(packetData []byte, d *decoder, newIP netip.Addr) error {
 	if len(packetData) < 20 || d.decoded[0] != layers.LayerTypeIPv4 || !newIP.Is4() {
-		return fmt.Errorf("only IPv4 supported")
+		return ErrIPv4Only
 	}
 
 	var oldSrc [4]byte