I think INPUT works with protocol

author: Kevin Krakauer <krakauer@google.com> 2020-01-10 18:07:15 -0800
committer: Kevin Krakauer <krakauer@google.com> 2020-01-10 18:07:15 -0800
commit: d793677cd424fef10ac0b080871d181db0bcdec0 (patch)
tree: 697f86dac1fc3ac7015582a9588684a74bb95d1d /pkg/sentry/socket
parent: ff719159befaee7d2abcfeb88905a7486cd34845 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go
index f30461936..175466f19 100644
--- a/pkg/sentry/socket/netfilter/netfilter.go
+++ b/pkg/sentry/socket/netfilter/netfilter.go
@@ -25,6 +25,7 @@ import (
 	"gvisor.dev/gvisor/pkg/sentry/kernel"
 	"gvisor.dev/gvisor/pkg/sentry/usermem"
 	"gvisor.dev/gvisor/pkg/syserr"
+	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/iptables"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
 )
@@ -455,7 +456,7 @@ func filterFromIPTIP(iptip linux.IPTIP) (iptables.IPHeaderFilter, *syserr.Error)
 		return iptables.IPHeaderFilter{}, syserr.ErrInvalidArgument
 	}
 	return iptables.IPHeaderFilter{
-		Protocol: iptip.Protocol,
+		Protocol: tcpip.TransportProtocolNumber(iptip.Protocol),
 	}, nil
 }
author	Kevin Krakauer <krakauer@google.com>	2020-01-10 18:07:15 -0800
committer	Kevin Krakauer <krakauer@google.com>	2020-01-10 18:07:15 -0800
commit	d793677cd424fef10ac0b080871d181db0bcdec0 (patch)
tree	697f86dac1fc3ac7015582a9588684a74bb95d1d /pkg/sentry/socket
parent	ff719159befaee7d2abcfeb88905a7486cd34845 (diff)