summaryrefslogtreecommitdiffhomepage
path: root/pkg/abi/linux/capability.go
diff options
context:
space:
mode:
authorGhanan Gowripalan <ghanan@google.com>2021-02-05 18:41:37 -0800
committergVisor bot <gvisor-bot@google.com>2021-02-05 18:44:04 -0800
commit83b764d9d2193e2e01f3a60792f3468c1843c5a8 (patch)
tree3cb303660a15cfd0b2150ee3d93966636dbb3054 /pkg/abi/linux/capability.go
parent120c8e34687129c919ae45263c14b239a0a5d343 (diff)
Batch write packets after iptables checks
After IPTables checks a batch of packets, we can write packets that are not dropped or locally destined as a batch instead of individually. This previously caused a bug since WritePacket* functions expect to take ownership of passed PacketBuffer{List}. WritePackets assumed the list of PacketBuffers will not be invalidated when calling WritePacket for each PacketBuffer in the list, but this is not true. WritePacket may add the passed PacketBuffer into a different list which would modify the PacketBuffer in such a way that it no longer points to the next PacketBuffer to write. Example: Given a PB list of PB_a -> PB_b -> PB_c WritePackets may be iterating over the list and calling WritePacket for each PB. When WritePacket takes PB_a, it may add it to a new list which would update pointers such that PB_a no longer points to PB_b. Test: integration_test.TestIPTableWritePackets PiperOrigin-RevId: 355969560
Diffstat (limited to 'pkg/abi/linux/capability.go')
0 files changed, 0 insertions, 0 deletions