mirror of
https://github.com/netbirdio/netbird.git
synced 2026-04-16 15:26:40 +00:00
4b298fb53c
The v6 NAT duplication only triggered for DomainSet destinations (modern DNS path). Legacy dynamic routes use a 0.0.0.0/0 prefix destination, so the v6 NAT rule was never created. Add a Dynamic field to RouterPair so the firewall manager can distinguish dynamic routes from exit nodes (both use /0 prefixes). Set it from route.IsDynamic() in routeToRouterPair and propagate through GetInversePair. Both nftables and iptables managers check pair.Dynamic instead of destination shape. Also accumulate errors in RemoveNatRule so v6 cleanup is attempted even if v4 removal fails.
43 lines
1.0 KiB
Go
43 lines
1.0 KiB
Go
package manager
|
|
|
|
import (
|
|
"net/netip"
|
|
|
|
"github.com/netbirdio/netbird/route"
|
|
)
|
|
|
|
type RouterPair struct {
|
|
ID route.ID
|
|
Source Network
|
|
Destination Network
|
|
Masquerade bool
|
|
Inverse bool
|
|
// Dynamic indicates the route is domain-based. NAT rules for dynamic
|
|
// routes are duplicated to the v6 table so that resolved AAAA records
|
|
// are masqueraded correctly.
|
|
Dynamic bool
|
|
}
|
|
|
|
func GetInversePair(pair RouterPair) RouterPair {
|
|
return RouterPair{
|
|
ID: pair.ID,
|
|
// invert Source/Destination
|
|
Source: pair.Destination,
|
|
Destination: pair.Source,
|
|
Masquerade: pair.Masquerade,
|
|
Inverse: true,
|
|
Dynamic: pair.Dynamic,
|
|
}
|
|
}
|
|
|
|
// ToV6NatPair creates a v6 counterpart of a v4 NAT pair with `::/0` source
|
|
// and, for prefix destinations, `::/0` destination.
|
|
func ToV6NatPair(pair RouterPair) RouterPair {
|
|
v6 := pair
|
|
v6.Source = Network{Prefix: netip.PrefixFrom(netip.IPv6Unspecified(), 0)}
|
|
if v6.Destination.IsPrefix() {
|
|
v6.Destination = Network{Prefix: netip.PrefixFrom(netip.IPv6Unspecified(), 0)}
|
|
}
|
|
return v6
|
|
}
|