patchpanel: Add redirection rules for DNS proxy
This patch adds redirection rules for DNS proxy.
The rules include (go/cros-dns-forwarding):
- DNAT from guests to its corresponding proxy.
- DNAT from user chronos to default nameservers.
- DNAT from other users to default DNS proxy.
BUG=b:171363265
TEST=emerge-rammus-arc-r patchpanel
TEST=units
Change-Id: Iaa62d9ced62670e2984755dc3927a11fc52fde66
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2847523
Tested-by: Jason Jeremy Iman <jasongustaman@chromium.org>
Reviewed-by: Hugo Benichi <hugobenichi@google.com>
Commit-Queue: Jason Jeremy Iman <jasongustaman@chromium.org>
diff --git a/patchpanel/firewall.cc b/patchpanel/firewall.cc
index 3c41741..f5f2ae2 100644
--- a/patchpanel/firewall.cc
+++ b/patchpanel/firewall.cc
@@ -21,6 +21,8 @@
#include <base/strings/stringprintf.h>
#include <brillo/minijail/minijail.h>
+#include "patchpanel/net_util.h"
+
namespace {
// Interface names must be shorter than 'IFNAMSIZ' chars.
@@ -158,8 +160,7 @@
const std::string& dst_ip,
uint16_t dst_port,
const std::string& operation) {
- struct in_addr addr;
- if (!input_ip.empty() && inet_pton(AF_INET, input_ip.c_str(), &addr) != 1) {
+ if (!input_ip.empty() && GetIpFamily(input_ip) != AF_INET) {
LOG(ERROR) << "Invalid input IPv4 address '" << input_ip << "'";
return false;
}
@@ -174,7 +175,7 @@
return false;
}
- if (inet_pton(AF_INET, dst_ip.c_str(), &addr) != 1) {
+ if (GetIpFamily(dst_ip) != AF_INET) {
LOG(ERROR) << "Invalid destination IPv4 address '" << dst_ip << "'";
return false;
}
@@ -226,8 +227,7 @@
return false;
}
- struct in_addr addr;
- if (inet_pton(AF_INET, dst_ip.c_str(), &addr) != 1) {
+ if (GetIpFamily(dst_ip) != AF_INET) {
LOG(ERROR) << "Invalid IPv4 destination address '" << dst_ip << "'";
return false;
}