We can now create and jump in iptables. For example:

$ iptables -N foochain $ iptables -A INPUT -j foochain
author: Kevin Krakauer <krakauer@google.com> 2020-02-12 16:19:06 -0800
committer: Kevin Krakauer <krakauer@google.com> 2020-02-13 17:02:50 -0800
commit: 6ef63cd7da107d487fda7c48af50fa9802913cd9 (patch)
tree: 29549cbf20d7a9daa58bfa218029b5e5918d1ac9 /pkg/abi/linux
parent: 16308b9dc1d3709fadebb9f56a71f2ab81771c8a (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/pkg/abi/linux/netfilter.go b/pkg/abi/linux/netfilter.go
index bbc4df74c..bd2e13ba1 100644
--- a/pkg/abi/linux/netfilter.go
+++ b/pkg/abi/linux/netfilter.go
@@ -225,11 +225,14 @@ type XTEntryTarget struct {
 // SizeOfXTEntryTarget is the size of an XTEntryTarget.
 const SizeOfXTEntryTarget = 32
 
-// XTStandardTarget is a builtin target, one of ACCEPT, DROP, JUMP, QUEUE, or
-// RETURN. It corresponds to struct xt_standard_target in
+// XTStandardTarget is a built-in target, one of ACCEPT, DROP, JUMP, QUEUE,
+// RETURN, or jump. It corresponds to struct xt_standard_target in
 // include/uapi/linux/netfilter/x_tables.h.
 type XTStandardTarget struct {
-	Target  XTEntryTarget
+	Target XTEntryTarget
+	// A positive verdict indicates a jump, and is the offset from the
+	// start of the table to jump to. A negative value means one of the
+	// other built-in targets.
 	Verdict int32
 	_       [4]byte
 }
author	Kevin Krakauer <krakauer@google.com>	2020-02-12 16:19:06 -0800
committer	Kevin Krakauer <krakauer@google.com>	2020-02-13 17:02:50 -0800
commit	6ef63cd7da107d487fda7c48af50fa9802913cd9 (patch)
tree	29549cbf20d7a9daa58bfa218029b5e5918d1ac9 /pkg/abi/linux
parent	16308b9dc1d3709fadebb9f56a71f2ab81771c8a (diff)