extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-07-15 05:45:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Extract static error

Browse Source
This commit is contained in:
Viktor Liu
2025-06-17 21:44:07 +02:00
parent f51ce7cee5
commit 9468e69c8c
2 changed files with 6 additions and 4 deletions
client/firewall/uspfilter
filter.gonat.go

3
client/firewall/uspfilter/filter.go

@ -738,8 +738,7 @@ func (m *Manager) filterInbound(packetData []byte, size int) bool {
return false return false
} }
translated := m.translateInboundReverse(packetData, d) if translated := m.translateInboundReverse(packetData, d); translated {
if translated {
// Re-decode after translation to get original addresses // Re-decode after translation to get original addresses
if err := d.parser.DecodeLayers(packetData, &d.decoded); err != nil { if err := d.parser.DecodeLayers(packetData, &d.decoded); err != nil {
m.logger.Error("Failed to re-decode packet after reverse DNAT: %v", err) m.logger.Error("Failed to re-decode packet after reverse DNAT: %v", err)

7
client/firewall/uspfilter/nat.go

@ -2,6 +2,7 @@ package uspfilter
import ( import (
"encoding/binary" "encoding/binary"
"errors"
"fmt" "fmt"
"net/netip" "net/netip"
@ -10,6 +11,8 @@ import (
firewall "github.com/netbirdio/netbird/client/firewall/manager" firewall "github.com/netbirdio/netbird/client/firewall/manager"
) )
var ErrIPv4Only = errors.New("only IPv4 is supported for DNAT")
func ipv4Checksum(header []byte) uint16 { func ipv4Checksum(header []byte) uint16 {
if len(header) < 20 { if len(header) < 20 {
return 0 return 0
@ -245,7 +248,7 @@ func (m *Manager) translateInboundReverse(packetData []byte, d *decoder) bool {
// rewritePacketDestination replaces destination IP in the packet // rewritePacketDestination replaces destination IP in the packet
func (m *Manager) rewritePacketDestination(packetData []byte, d *decoder, newIP netip.Addr) error { func (m *Manager) rewritePacketDestination(packetData []byte, d *decoder, newIP netip.Addr) error {
if len(packetData) < 20 || d.decoded[0] != layers.LayerTypeIPv4 || !newIP.Is4() { if len(packetData) < 20 || d.decoded[0] != layers.LayerTypeIPv4 || !newIP.Is4() {
return fmt.Errorf("only IPv4 supported") return ErrIPv4Only
} }
var oldDst [4]byte var oldDst [4]byte
@ -280,7 +283,7 @@ func (m *Manager) rewritePacketDestination(packetData []byte, d *decoder, newIP
// rewritePacketSource replaces the source IP address in the packet // rewritePacketSource replaces the source IP address in the packet
func (m *Manager) rewritePacketSource(packetData []byte, d *decoder, newIP netip.Addr) error { func (m *Manager) rewritePacketSource(packetData []byte, d *decoder, newIP netip.Addr) error {
if len(packetData) < 20 || d.decoded[0] != layers.LayerTypeIPv4 || !newIP.Is4() { if len(packetData) < 20 || d.decoded[0] != layers.LayerTypeIPv4 || !newIP.Is4() {
return fmt.Errorf("only IPv4 supported") return ErrIPv4Only
} }
var oldSrc [4]byte var oldSrc [4]byte