diff options
author | Kevin Krakauer <krakauer@google.com> | 2020-01-08 12:43:46 -0800 |
---|---|---|
committer | Kevin Krakauer <krakauer@google.com> | 2020-01-08 12:43:46 -0800 |
commit | 7cebd77806d164a3baec52eaeb05662e8c404967 (patch) | |
tree | b6b0bc786c1521b4c7c4652d7a2fac4a97485459 /pkg/sentry | |
parent | 366e050ad516d6085bcae1215e8e122c6077e9ff (diff) |
First commit -- re-adding DROP
Diffstat (limited to 'pkg/sentry')
-rw-r--r-- | pkg/sentry/socket/netfilter/netfilter.go | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go index 347342f98..e4c493141 100644 --- a/pkg/sentry/socket/netfilter/netfilter.go +++ b/pkg/sentry/socket/netfilter/netfilter.go @@ -410,10 +410,7 @@ func parseTarget(optVal []byte) (iptables.Target, uint32, *syserr.Error) { case iptables.Accept: return iptables.UnconditionalAcceptTarget{}, linux.SizeOfXTStandardTarget, nil case iptables.Drop: - // TODO(gvisor.dev/issue/170): Return an - // iptables.UnconditionalDropTarget to support DROP. - log.Infof("netfilter DROP is not supported yet.") - return nil, 0, syserr.ErrInvalidArgument + return iptables.UnconditionalDropTarget{}, linux.SizeOfXTStandardTarget, nil default: panic(fmt.Sprintf("Unknown verdict: %v", verdict)) } |