Fix copylocks error about copying IPTables.

IPTables.connections contains a sync.RWMutex. Copying it will trigger copylocks analysis. Tested by manually enabling nogo tests. sync.RWMutex is added to IPTables for the additional race condition discovered. PiperOrigin-RevId: 314817019
author: Ting-Yu Wang <anivia@google.com> 2020-06-04 15:38:33 -0700
committer: Nicolas Lacasse <nlacasse@google.com> 2020-06-05 11:29:09 -0700
commit: 41da7a568b1e4f46b3bc09724996556fb18b4d16 (patch)
tree: 45c41391c3a0653a07c8609434b6649c15bcc984 /pkg/sentry/socket/netstack/stack.go
parent: f7663660917a5b2e250513d7c8cc98ff379ca46f (diff)
1 files changed, 4 insertions, 5 deletions
diff --git a/pkg/sentry/socket/netstack/stack.go b/pkg/sentry/socket/netstack/stack.go
index f5fa18136..9b44c2b89 100644
--- a/pkg/sentry/socket/netstack/stack.go
+++ b/pkg/sentry/socket/netstack/stack.go
@@ -362,14 +362,13 @@ func (s *Stack) RouteTable() []inet.Route {
 }
 
 // IPTables returns the stack's iptables.
-func (s *Stack) IPTables() (stack.IPTables, error) {
+func (s *Stack) IPTables() (*stack.IPTables, error) {
 	return s.Stack.IPTables(), nil
 }
 
-// FillDefaultIPTables sets the stack's iptables to the default tables, which
-// allow and do not modify all traffic.
-func (s *Stack) FillDefaultIPTables() {
-	netfilter.FillDefaultIPTables(s.Stack)
+// FillIPTablesMetadata populates stack's IPTables with metadata.
+func (s *Stack) FillIPTablesMetadata() {
+	netfilter.FillIPTablesMetadata(s.Stack)
 }
 
 // Resume implements inet.Stack.Resume.
author	Ting-Yu Wang <anivia@google.com>	2020-06-04 15:38:33 -0700
committer	Nicolas Lacasse <nlacasse@google.com>	2020-06-05 11:29:09 -0700
commit	41da7a568b1e4f46b3bc09724996556fb18b4d16 (patch)
tree	45c41391c3a0653a07c8609434b6649c15bcc984 /pkg/sentry/socket/netstack/stack.go
parent	f7663660917a5b2e250513d7c8cc98ff379ca46f (diff)