summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2019-06-07 12:54:53 -0700
committerKevin Krakauer <krakauer@google.com>2019-06-07 12:54:53 -0700
commit8afbd974da2483d8f81e3abde5c9d689719263cb (patch)
tree54e07878e7f2b984312cf26965850b372277c7a6
parentd58eb9ce828fd7c831f30e922e01f1d2b84e462c (diff)
Address Ian's comments.
Change-Id: I7445033b1970cbba3f2ed0682fe520dce02d8fad
-rw-r--r--pkg/tcpip/iptables/iptables.go36
-rw-r--r--pkg/tcpip/iptables/types.go12
2 files changed, 17 insertions, 31 deletions
diff --git a/pkg/tcpip/iptables/iptables.go b/pkg/tcpip/iptables/iptables.go
index ee1ed4666..bd54ef5a6 100644
--- a/pkg/tcpip/iptables/iptables.go
+++ b/pkg/tcpip/iptables/iptables.go
@@ -34,9 +34,9 @@ const (
// all packets.
func DefaultTables() *IPTables {
tables := IPTables{
- Tables: map[string]*Table{
- tablenameNat: &Table{
- BuiltinChains: map[Hook]*Chain{
+ Tables: map[string]Table{
+ tablenameNat: Table{
+ BuiltinChains: map[Hook]Chain{
Prerouting: unconditionalAcceptChain(chainNamePrerouting),
Input: unconditionalAcceptChain(chainNameInput),
Output: unconditionalAcceptChain(chainNameOutput),
@@ -48,10 +48,10 @@ func DefaultTables() *IPTables {
Output: UnconditionalAcceptTarget{},
Postrouting: UnconditionalAcceptTarget{},
},
- UserChains: map[string]*Chain{},
+ UserChains: map[string]Chain{},
},
- tablenameMangle: &Table{
- BuiltinChains: map[Hook]*Chain{
+ tablenameMangle: Table{
+ BuiltinChains: map[Hook]Chain{
Prerouting: unconditionalAcceptChain(chainNamePrerouting),
Output: unconditionalAcceptChain(chainNameOutput),
},
@@ -59,7 +59,7 @@ func DefaultTables() *IPTables {
Prerouting: UnconditionalAcceptTarget{},
Output: UnconditionalAcceptTarget{},
},
- UserChains: map[string]*Chain{},
+ UserChains: map[string]Chain{},
},
},
Priorities: map[Hook][]string{
@@ -68,28 +68,14 @@ func DefaultTables() *IPTables {
},
}
- // Initialize each table's Chains field.
- tables.Tables[tablenameNat].Chains = map[string]*Chain{
- chainNamePrerouting: tables.Tables[tablenameNat].BuiltinChains[Prerouting],
- chainNameInput: tables.Tables[tablenameNat].BuiltinChains[Input],
- chainNameOutput: tables.Tables[tablenameNat].BuiltinChains[Output],
- chainNamePostrouting: tables.Tables[tablenameNat].BuiltinChains[Postrouting],
- }
- tables.Tables[tablenameMangle].Chains = map[string]*Chain{
- chainNamePrerouting: tables.Tables[tablenameMangle].BuiltinChains[Prerouting],
- chainNameInput: tables.Tables[tablenameMangle].BuiltinChains[Input],
- chainNameOutput: tables.Tables[tablenameMangle].BuiltinChains[Output],
- chainNamePostrouting: tables.Tables[tablenameMangle].BuiltinChains[Postrouting],
- }
-
return &tables
}
-func unconditionalAcceptChain(name string) *Chain {
- return &Chain{
+func unconditionalAcceptChain(name string) Chain {
+ return Chain{
Name: name,
- Rules: []*Rule{
- &Rule{
+ Rules: []Rule{
+ Rule{
Target: UnconditionalAcceptTarget{},
},
},
diff --git a/pkg/tcpip/iptables/types.go b/pkg/tcpip/iptables/types.go
index 65bfc7b1d..cdfb6ba28 100644
--- a/pkg/tcpip/iptables/types.go
+++ b/pkg/tcpip/iptables/types.go
@@ -98,11 +98,11 @@ const (
// IPTables holds all the tables for a netstack.
type IPTables struct {
- // mu protects the entire struct.
- mu sync.RWMutex
+ // Mu protects the entire struct.
+ Mu sync.RWMutex
// Tables maps table names to tables. User tables have arbitrary names.
- Tables map[string]*Table
+ Tables map[string]Table
// Priorities maps each hook to a list of table names. The order of the
// list is the order in which each table should be visited for that
@@ -118,7 +118,7 @@ type Table struct {
// BuiltinChains holds the un-deletable chains built into netstack. If
// a hook isn't present in the map, this table doesn't utilize that
// hook.
- BuiltinChains map[Hook]*Chain
+ BuiltinChains map[Hook]Chain
// DefaultTargets holds a target for each hook that will be executed if
// chain traversal doesn't yield a verdict.
@@ -126,7 +126,7 @@ type Table struct {
// UserChains holds user-defined chains for the keyed by name. Users
// can give their chains arbitrary names.
- UserChains map[string]*Chain
+ UserChains map[string]Chain
// Chains maps names to chains for both builtin and user-defined chains.
// Its entries point to Chains already either in BuiltinChains and
@@ -158,7 +158,7 @@ type Chain struct {
Name string
// Rules is the list of rules to traverse.
- Rules []*Rule
+ Rules []Rule
}
// Rule is a packet processing rule. It consists of two pieces. First it