sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-16 07:16:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
567f36b07eb18ee31053b12b6c9aec6b3f019b7b
netbird/client/firewall/manager/routerpair.go
Viktor Liu 567f36b07e Fix legacy dynamic route NAT missing v6 duplicate 
The legacy DNS resolver path creates NAT pairs with destination
0.0.0.0/0 (a prefix, not a DomainSet). The v6 NAT duplication only
triggered for DomainSets, so legacy dynamic routes never got a v6
NAT rule.

Extract NeedsV6NATDuplicate and ToV6NatPair helpers that detect both
DomainSets and the v4 default wildcard 0.0.0.0/0. Both nftables and
iptables managers now use these for Add/RemoveNatRule, ensuring v6
NAT duplication works for both modern and legacy DNS resolver paths.
2026-04-10 12:59:35 +02:00

51 lines
1.3 KiB
Go
Raw Blame History

package manager
import (
"net/netip"
"github.com/netbirdio/netbird/route"
)
type RouterPair struct {
ID route.ID
Source Network
Destination Network
Masquerade bool
Inverse bool
}
func GetInversePair(pair RouterPair) RouterPair {
return RouterPair{
ID: pair.ID,
// invert Source/Destination
Source: pair.Destination,
Destination: pair.Source,
Masquerade: pair.Masquerade,
Inverse: true,
}
}
// NeedsV6NATDuplicate reports whether a v4 NAT pair should be duplicated to
// the v6 table. This is true for DomainSets (resolved IPs can be either
// family) and for the v4 default wildcard 0.0.0.0/0 used by the legacy DNS
// resolver path for dynamic routes.
func NeedsV6NATDuplicate(pair RouterPair) bool {
if pair.Destination.IsSet() {
return true
}
return pair.Destination.IsPrefix() &&
pair.Destination.Prefix.Bits() == 0 &&
pair.Destination.Prefix.Addr().Is4()
}
// ToV6NatPair creates a v6 counterpart of a v4 NAT pair with `::/0` source
// and, for prefix destinations, `::/0` destination.
func ToV6NatPair(pair RouterPair) RouterPair {
v6 := pair
v6.Source = Network{Prefix: netip.PrefixFrom(netip.IPv6Unspecified(), 0)}
if v6.Destination.IsPrefix() {
v6.Destination = Network{Prefix: netip.PrefixFrom(netip.IPv6Unspecified(), 0)}
}
return v6
}
Reference in New Issue View Git Blame Copy Permalink