Plumbing for iptables sockopts.

PiperOrigin-RevId: 261413396
author: Kevin Krakauer <krakauer@google.com> 2019-08-02 16:25:34 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-08-02 16:26:48 -0700
commit: 810cc07aab2bf1561cc79a07c31708f7632bb746 (patch)
tree: e98d817d7b6e101707b00ad182396a3fe2625bb6 /pkg/sentry/socket/epsocket/stack.go
parent: b6a5b950d28e0b474fdad160b88bc15314cf9259 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/pkg/sentry/socket/epsocket/stack.go b/pkg/sentry/socket/epsocket/stack.go
index 27774be33..0cf235b31 100644
--- a/pkg/sentry/socket/epsocket/stack.go
+++ b/pkg/sentry/socket/epsocket/stack.go
@@ -18,9 +18,11 @@ import (
 	"gvisor.dev/gvisor/pkg/abi/linux"
 	"gvisor.dev/gvisor/pkg/log"
 	"gvisor.dev/gvisor/pkg/sentry/inet"
+	"gvisor.dev/gvisor/pkg/sentry/socket/netfilter"
 	"gvisor.dev/gvisor/pkg/syserr"
 	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/header"
+	"gvisor.dev/gvisor/pkg/tcpip/iptables"
 	"gvisor.dev/gvisor/pkg/tcpip/network/ipv4"
 	"gvisor.dev/gvisor/pkg/tcpip/network/ipv6"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
@@ -188,3 +190,14 @@ func (s *Stack) RouteTable() []inet.Route {
 
 	return routeTable
 }
+
+// IPTables returns the stack's iptables.
+func (s *Stack) IPTables() (iptables.IPTables, error) {
+	return s.Stack.IPTables(), nil
+}
+
+// FillDefaultIPTables sets the stack's iptables to the default tables, which
+// allow and do not modify all traffic.
+func (s *Stack) FillDefaultIPTables() error {
+	return netfilter.FillDefaultIPTables(s.Stack)
+}
author	Kevin Krakauer <krakauer@google.com>	2019-08-02 16:25:34 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-08-02 16:26:48 -0700
commit	810cc07aab2bf1561cc79a07c31708f7632bb746 (patch)
tree	e98d817d7b6e101707b00ad182396a3fe2625bb6 /pkg/sentry/socket/epsocket/stack.go
parent	b6a5b950d28e0b474fdad160b88bc15314cf9259 (diff)