Merge release-20191213.0-111-gb30cfb1 (automated)

author: gVisor bot <gvisor-bot@google.com> 2020-01-13 19:38:46 +0000
committer: gVisor bot <gvisor-bot@google.com> 2020-01-13 19:38:46 +0000
commit: ed9ebe1f47c00f367c29e53401b192bbb301e3c4 (patch)
tree: b4643d96968d24b129fccb14c16d5e4035fa4b00 /pkg/sentry/socket/netstack
parent: 5383351b6adbeffa9eedb33b03a4691a0c173ae9 (diff)
parent: b30cfb1df72e201c6caf576bbef8fcc968df2d41 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index 0affb8071..099319327 100755
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -1377,6 +1377,26 @@ func (s *SocketOperations) SetSockOpt(t *kernel.Task, level int, name int, optVa
 		return nil
 	}
 
+	if s.skType == linux.SOCK_RAW && level == linux.IPPROTO_IP {
+		switch name {
+		case linux.IPT_SO_SET_REPLACE:
+			if len(optVal) < linux.SizeOfIPTReplace {
+				return syserr.ErrInvalidArgument
+			}
+
+			stack := inet.StackFromContext(t)
+			if stack == nil {
+				return syserr.ErrNoDevice
+			}
+			// Stack must be a netstack stack.
+			return netfilter.SetEntries(stack.(*Stack).Stack, optVal)
+
+		case linux.IPT_SO_SET_ADD_COUNTERS:
+			// TODO(gvisor.dev/issue/170): Counter support.
+			return nil
+		}
+	}
+
 	return SetSockOpt(t, s, s.Endpoint, level, name, optVal)
 }
author	gVisor bot <gvisor-bot@google.com>	2020-01-13 19:38:46 +0000
committer	gVisor bot <gvisor-bot@google.com>	2020-01-13 19:38:46 +0000
commit	ed9ebe1f47c00f367c29e53401b192bbb301e3c4 (patch)
tree	b4643d96968d24b129fccb14c16d5e4035fa4b00 /pkg/sentry/socket/netstack
parent	5383351b6adbeffa9eedb33b03a4691a0c173ae9 (diff)
parent	b30cfb1df72e201c6caf576bbef8fcc968df2d41 (diff)