sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-22 18:26:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Swap tracking and nat order

Browse Source
This commit is contained in:
Viktor Liu
2025-06-17 15:45:22 +02:00
parent 51b9e93eb9
commit 1a3b04d2fe
1 changed files with 11 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
client/firewall/uspfilter/filter.go
View File

@@ -599,14 +599,6 @@ func (m *Manager) processOutgoingHooks(packetData []byte, size int) bool {
return false
}
translated := m.translateOutboundDNAT(packetData, d)
if translated {
if err := d.parser.DecodeLayers(packetData, &d.decoded); err != nil {
m.logger.Error("Failed to re-decode packet after DNAT: %v", err)
return false
}
}
srcIP, dstIP := m.extractIPs(d)
if !srcIP.IsValid() {
m.logger.Error("Unknown network layer: %v", d.decoded[0])
@@ -618,6 +610,7 @@ func (m *Manager) processOutgoingHooks(packetData []byte, size int) bool {
}
m.trackOutbound(d, srcIP, dstIP, size)
m.translateOutboundDNAT(packetData, d)
return false
}
@@ -745,15 +738,17 @@ func (m *Manager) dropFilter(packetData []byte, size int) bool {
return false
}
if m.stateful && m.isValidTrackedConnection(d, srcIP, dstIP, size) {
translated := m.translateInboundReverse(packetData, d)
if translated {
// Re-decode after translation
if err := d.parser.DecodeLayers(packetData, &d.decoded); err != nil {
m.logger.Error("Failed to re-decode packet after reverse DNAT: %v", err)
return true
}
translated := m.translateInboundReverse(packetData, d)
if translated {
// Re-decode after translation to get original addresses
if err := d.parser.DecodeLayers(packetData, &d.decoded); err != nil {
m.logger.Error("Failed to re-decode packet after reverse DNAT: %v", err)
return true
}
srcIP, dstIP = m.extractIPs(d)
}
if m.stateful && m.isValidTrackedConnection(d, srcIP, dstIP, size) {
return false
}