summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2021-07-02 12:18:14 -0700
committergVisor bot <gvisor-bot@google.com>2021-07-02 12:18:14 -0700
commitfcf0ff2fc14852614628558626778b60f8de0c26 (patch)
tree0650d551fe71dd35eea981906a81bd8833c1400c
parenta51a4b872ebdc5b9d6a74bb92d932c9197514606 (diff)
parente8bc632d07378f4aa0824b5002a51c55b4796d35 (diff)
Merge pull request #6258 from liornm:fix-iptables-input-interface
PiperOrigin-RevId: 382788878
-rw-r--r--pkg/sentry/socket/netfilter/ipv4.go2
-rw-r--r--pkg/sentry/socket/netfilter/ipv6.go2
2 files changed, 4 insertions, 0 deletions
diff --git a/pkg/sentry/socket/netfilter/ipv4.go b/pkg/sentry/socket/netfilter/ipv4.go
index d8bd86292..af31cbc5b 100644
--- a/pkg/sentry/socket/netfilter/ipv4.go
+++ b/pkg/sentry/socket/netfilter/ipv4.go
@@ -81,6 +81,8 @@ func getEntries4(table stack.Table, tablename linux.TableName) (linux.KernelIPTG
copy(entry.Entry.IP.SrcMask[:], rule.Filter.SrcMask)
copy(entry.Entry.IP.OutputInterface[:], rule.Filter.OutputInterface)
copy(entry.Entry.IP.OutputInterfaceMask[:], rule.Filter.OutputInterfaceMask)
+ copy(entry.Entry.IP.InputInterface[:], rule.Filter.InputInterface)
+ copy(entry.Entry.IP.InputInterfaceMask[:], rule.Filter.InputInterfaceMask)
if rule.Filter.DstInvert {
entry.Entry.IP.InverseFlags |= linux.IPT_INV_DSTIP
}
diff --git a/pkg/sentry/socket/netfilter/ipv6.go b/pkg/sentry/socket/netfilter/ipv6.go
index c68230847..6cefe0b9c 100644
--- a/pkg/sentry/socket/netfilter/ipv6.go
+++ b/pkg/sentry/socket/netfilter/ipv6.go
@@ -81,6 +81,8 @@ func getEntries6(table stack.Table, tablename linux.TableName) (linux.KernelIP6T
copy(entry.Entry.IPv6.SrcMask[:], rule.Filter.SrcMask)
copy(entry.Entry.IPv6.OutputInterface[:], rule.Filter.OutputInterface)
copy(entry.Entry.IPv6.OutputInterfaceMask[:], rule.Filter.OutputInterfaceMask)
+ copy(entry.Entry.IPv6.InputInterface[:], rule.Filter.InputInterface)
+ copy(entry.Entry.IPv6.InputInterfaceMask[:], rule.Filter.InputInterfaceMask)
if rule.Filter.DstInvert {
entry.Entry.IPv6.InverseFlags |= linux.IP6T_INV_DSTIP
}