diff options
author | Kevin Krakauer <krakauer@google.com> | 2021-02-17 18:22:27 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-02-17 18:24:34 -0800 |
commit | 1fc2c5f750bc90d75a3ac19fc95145a748a3811f (patch) | |
tree | af4b2ba7a72f7bfc5d05acc0868093aea4d2bf81 | |
parent | f051ec64639b83faabcfe766ff078072def3c2aa (diff) |
Move Name() out of netstack Matcher. It can live in the sentry.
PiperOrigin-RevId: 358078157
-rw-r--r-- | pkg/sentry/socket/netfilter/extensions.go | 11 | ||||
-rw-r--r-- | pkg/sentry/socket/netfilter/owner_matcher.go | 6 | ||||
-rw-r--r-- | pkg/sentry/socket/netfilter/tcp_matcher.go | 6 | ||||
-rw-r--r-- | pkg/sentry/socket/netfilter/udp_matcher.go | 6 | ||||
-rw-r--r-- | pkg/tcpip/stack/iptables_types.go | 3 |
5 files changed, 17 insertions, 15 deletions
diff --git a/pkg/sentry/socket/netfilter/extensions.go b/pkg/sentry/socket/netfilter/extensions.go index e0976fed0..e339f9bea 100644 --- a/pkg/sentry/socket/netfilter/extensions.go +++ b/pkg/sentry/socket/netfilter/extensions.go @@ -40,13 +40,17 @@ type matchMaker interface { name() string // marshal converts from a stack.Matcher to an ABI struct. - marshal(matcher stack.Matcher) []byte + marshal(matcher matcher) []byte // unmarshal converts from the ABI matcher struct to an // stack.Matcher. unmarshal(buf []byte, filter stack.IPHeaderFilter) (stack.Matcher, error) } +type matcher interface { + name() string +} + // matchMakers maps the name of supported matchers to the matchMaker that // marshals and unmarshals it. It is immutable after package initialization. var matchMakers = map[string]matchMaker{} @@ -60,8 +64,9 @@ func registerMatchMaker(mm matchMaker) { matchMakers[mm.name()] = mm } -func marshalMatcher(matcher stack.Matcher) []byte { - matchMaker, ok := matchMakers[matcher.Name()] +func marshalMatcher(mr stack.Matcher) []byte { + matcher := mr.(matcher) + matchMaker, ok := matchMakers[matcher.name()] if !ok { panic(fmt.Sprintf("Unknown matcher of type %T.", matcher)) } diff --git a/pkg/sentry/socket/netfilter/owner_matcher.go b/pkg/sentry/socket/netfilter/owner_matcher.go index 176fa6116..5f80d82ea 100644 --- a/pkg/sentry/socket/netfilter/owner_matcher.go +++ b/pkg/sentry/socket/netfilter/owner_matcher.go @@ -38,7 +38,7 @@ func (ownerMarshaler) name() string { } // marshal implements matchMaker.marshal. -func (ownerMarshaler) marshal(mr stack.Matcher) []byte { +func (ownerMarshaler) marshal(mr matcher) []byte { matcher := mr.(*OwnerMatcher) iptOwnerInfo := linux.IPTOwnerInfo{ UID: matcher.uid, @@ -106,8 +106,8 @@ type OwnerMatcher struct { invertGID bool } -// Name implements Matcher.Name. -func (*OwnerMatcher) Name() string { +// name implements matcher.name. +func (*OwnerMatcher) name() string { return matcherNameOwner } diff --git a/pkg/sentry/socket/netfilter/tcp_matcher.go b/pkg/sentry/socket/netfilter/tcp_matcher.go index 2740697b3..678d6b578 100644 --- a/pkg/sentry/socket/netfilter/tcp_matcher.go +++ b/pkg/sentry/socket/netfilter/tcp_matcher.go @@ -39,7 +39,7 @@ func (tcpMarshaler) name() string { } // marshal implements matchMaker.marshal. -func (tcpMarshaler) marshal(mr stack.Matcher) []byte { +func (tcpMarshaler) marshal(mr matcher) []byte { matcher := mr.(*TCPMatcher) xttcp := linux.XTTCP{ SourcePortStart: matcher.sourcePortStart, @@ -90,8 +90,8 @@ type TCPMatcher struct { destinationPortEnd uint16 } -// Name implements Matcher.Name. -func (*TCPMatcher) Name() string { +// name implements matcher.name. +func (*TCPMatcher) name() string { return matcherNameTCP } diff --git a/pkg/sentry/socket/netfilter/udp_matcher.go b/pkg/sentry/socket/netfilter/udp_matcher.go index 466d5395d..f8568873f 100644 --- a/pkg/sentry/socket/netfilter/udp_matcher.go +++ b/pkg/sentry/socket/netfilter/udp_matcher.go @@ -39,7 +39,7 @@ func (udpMarshaler) name() string { } // marshal implements matchMaker.marshal. -func (udpMarshaler) marshal(mr stack.Matcher) []byte { +func (udpMarshaler) marshal(mr matcher) []byte { matcher := mr.(*UDPMatcher) xtudp := linux.XTUDP{ SourcePortStart: matcher.sourcePortStart, @@ -87,8 +87,8 @@ type UDPMatcher struct { destinationPortEnd uint16 } -// Name implements Matcher.Name. -func (*UDPMatcher) Name() string { +// name implements Matcher.name. +func (*UDPMatcher) name() string { return matcherNameUDP } diff --git a/pkg/tcpip/stack/iptables_types.go b/pkg/tcpip/stack/iptables_types.go index fd9d61e39..b0d84befb 100644 --- a/pkg/tcpip/stack/iptables_types.go +++ b/pkg/tcpip/stack/iptables_types.go @@ -332,9 +332,6 @@ func filterAddress(addr, mask, filterAddr tcpip.Address, invert bool) bool { // A Matcher is the interface for matching packets. type Matcher interface { - // Name returns the name of the Matcher. - Name() string - // Match returns whether the packet matches and whether the packet // should be "hotdropped", i.e. dropped immediately. This is usually // used for suspicious packets. |