summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2021-02-18 02:29:27 +0000
committergVisor bot <gvisor-bot@google.com>2021-02-18 02:29:27 +0000
commit7b56be1ab4974cfbfd411df5edcadfd053208150 (patch)
tree4dfcba7cb509b380334b88f07ccf847fe05123c5
parent2d9dc3c1b7be34442f224a10013dd5f3823c962a (diff)
parent1fc2c5f750bc90d75a3ac19fc95145a748a3811f (diff)
Merge release-20210208.0-65-g1fc2c5f75 (automated)
-rw-r--r--pkg/sentry/socket/netfilter/extensions.go11
-rw-r--r--pkg/sentry/socket/netfilter/owner_matcher.go6
-rw-r--r--pkg/sentry/socket/netfilter/tcp_matcher.go6
-rw-r--r--pkg/sentry/socket/netfilter/udp_matcher.go6
-rw-r--r--pkg/tcpip/stack/iptables_types.go3
5 files changed, 17 insertions, 15 deletions
diff --git a/pkg/sentry/socket/netfilter/extensions.go b/pkg/sentry/socket/netfilter/extensions.go
index e0976fed0..e339f9bea 100644
--- a/pkg/sentry/socket/netfilter/extensions.go
+++ b/pkg/sentry/socket/netfilter/extensions.go
@@ -40,13 +40,17 @@ type matchMaker interface {
name() string
// marshal converts from a stack.Matcher to an ABI struct.
- marshal(matcher stack.Matcher) []byte
+ marshal(matcher matcher) []byte
// unmarshal converts from the ABI matcher struct to an
// stack.Matcher.
unmarshal(buf []byte, filter stack.IPHeaderFilter) (stack.Matcher, error)
}
+type matcher interface {
+ name() string
+}
+
// matchMakers maps the name of supported matchers to the matchMaker that
// marshals and unmarshals it. It is immutable after package initialization.
var matchMakers = map[string]matchMaker{}
@@ -60,8 +64,9 @@ func registerMatchMaker(mm matchMaker) {
matchMakers[mm.name()] = mm
}
-func marshalMatcher(matcher stack.Matcher) []byte {
- matchMaker, ok := matchMakers[matcher.Name()]
+func marshalMatcher(mr stack.Matcher) []byte {
+ matcher := mr.(matcher)
+ matchMaker, ok := matchMakers[matcher.name()]
if !ok {
panic(fmt.Sprintf("Unknown matcher of type %T.", matcher))
}
diff --git a/pkg/sentry/socket/netfilter/owner_matcher.go b/pkg/sentry/socket/netfilter/owner_matcher.go
index 176fa6116..5f80d82ea 100644
--- a/pkg/sentry/socket/netfilter/owner_matcher.go
+++ b/pkg/sentry/socket/netfilter/owner_matcher.go
@@ -38,7 +38,7 @@ func (ownerMarshaler) name() string {
}
// marshal implements matchMaker.marshal.
-func (ownerMarshaler) marshal(mr stack.Matcher) []byte {
+func (ownerMarshaler) marshal(mr matcher) []byte {
matcher := mr.(*OwnerMatcher)
iptOwnerInfo := linux.IPTOwnerInfo{
UID: matcher.uid,
@@ -106,8 +106,8 @@ type OwnerMatcher struct {
invertGID bool
}
-// Name implements Matcher.Name.
-func (*OwnerMatcher) Name() string {
+// name implements matcher.name.
+func (*OwnerMatcher) name() string {
return matcherNameOwner
}
diff --git a/pkg/sentry/socket/netfilter/tcp_matcher.go b/pkg/sentry/socket/netfilter/tcp_matcher.go
index 2740697b3..678d6b578 100644
--- a/pkg/sentry/socket/netfilter/tcp_matcher.go
+++ b/pkg/sentry/socket/netfilter/tcp_matcher.go
@@ -39,7 +39,7 @@ func (tcpMarshaler) name() string {
}
// marshal implements matchMaker.marshal.
-func (tcpMarshaler) marshal(mr stack.Matcher) []byte {
+func (tcpMarshaler) marshal(mr matcher) []byte {
matcher := mr.(*TCPMatcher)
xttcp := linux.XTTCP{
SourcePortStart: matcher.sourcePortStart,
@@ -90,8 +90,8 @@ type TCPMatcher struct {
destinationPortEnd uint16
}
-// Name implements Matcher.Name.
-func (*TCPMatcher) Name() string {
+// name implements matcher.name.
+func (*TCPMatcher) name() string {
return matcherNameTCP
}
diff --git a/pkg/sentry/socket/netfilter/udp_matcher.go b/pkg/sentry/socket/netfilter/udp_matcher.go
index 466d5395d..f8568873f 100644
--- a/pkg/sentry/socket/netfilter/udp_matcher.go
+++ b/pkg/sentry/socket/netfilter/udp_matcher.go
@@ -39,7 +39,7 @@ func (udpMarshaler) name() string {
}
// marshal implements matchMaker.marshal.
-func (udpMarshaler) marshal(mr stack.Matcher) []byte {
+func (udpMarshaler) marshal(mr matcher) []byte {
matcher := mr.(*UDPMatcher)
xtudp := linux.XTUDP{
SourcePortStart: matcher.sourcePortStart,
@@ -87,8 +87,8 @@ type UDPMatcher struct {
destinationPortEnd uint16
}
-// Name implements Matcher.Name.
-func (*UDPMatcher) Name() string {
+// name implements Matcher.name.
+func (*UDPMatcher) name() string {
return matcherNameUDP
}
diff --git a/pkg/tcpip/stack/iptables_types.go b/pkg/tcpip/stack/iptables_types.go
index fd9d61e39..b0d84befb 100644
--- a/pkg/tcpip/stack/iptables_types.go
+++ b/pkg/tcpip/stack/iptables_types.go
@@ -332,9 +332,6 @@ func filterAddress(addr, mask, filterAddr tcpip.Address, invert bool) bool {
// A Matcher is the interface for matching packets.
type Matcher interface {
- // Name returns the name of the Matcher.
- Name() string
-
// Match returns whether the packet matches and whether the packet
// should be "hotdropped", i.e. dropped immediately. This is usually
// used for suspicious packets.