diff options
author | Ghanan Gowripalan <ghanan@google.com> | 2021-02-05 18:41:37 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-02-05 18:44:04 -0800 |
commit | 83b764d9d2193e2e01f3a60792f3468c1843c5a8 (patch) | |
tree | 3cb303660a15cfd0b2150ee3d93966636dbb3054 /pkg/sentry/loader | |
parent | 120c8e34687129c919ae45263c14b239a0a5d343 (diff) |
Batch write packets after iptables checks
After IPTables checks a batch of packets, we can write packets that are
not dropped or locally destined as a batch instead of individually.
This previously caused a bug since WritePacket* functions expect to take
ownership of passed PacketBuffer{List}. WritePackets assumed the list of
PacketBuffers will not be invalidated when calling WritePacket for each
PacketBuffer in the list, but this is not true. WritePacket may add the
passed PacketBuffer into a different list which would modify the
PacketBuffer in such a way that it no longer points to the next
PacketBuffer to write.
Example: Given a PB list of
PB_a -> PB_b -> PB_c
WritePackets may be iterating over the list and calling WritePacket for
each PB. When WritePacket takes PB_a, it may add it to a new list which
would update pointers such that PB_a no longer points to PB_b.
Test: integration_test.TestIPTableWritePackets
PiperOrigin-RevId: 355969560
Diffstat (limited to 'pkg/sentry/loader')
0 files changed, 0 insertions, 0 deletions