Built dead-simple traversal, but now getting depedency cycle error :'(

author: Kevin Krakauer <krakauer@google.com> 2020-01-08 14:48:47 -0800
committer: Kevin Krakauer <krakauer@google.com> 2020-01-08 14:48:47 -0800
commit: b2a881784c8e525c1fea71c6f23663413d107f05 (patch)
tree: 6529dc74dcf1fc21d0b3199f149356cb877f5ddc /pkg/sentry
parent: 447f64c561e6b5893c1bbae7d641187b7aca64ac (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go
index e4c493141..57785220e 100644
--- a/pkg/sentry/socket/netfilter/netfilter.go
+++ b/pkg/sentry/socket/netfilter/netfilter.go
@@ -368,6 +368,10 @@ func SetEntries(stack *stack.Stack, optVal []byte) *syserr.Error {
 		}
 	}
 
+	// TODO(gvisor.dev/issue/170): Check the following conditions:
+	// - There are no loops.
+	// - There are no chains without an unconditional final rule.
+
 	ipt := stack.IPTables()
 	table.SetMetadata(metadata{
 		HookEntry:  replace.HookEntry,
author	Kevin Krakauer <krakauer@google.com>	2020-01-08 14:48:47 -0800
committer	Kevin Krakauer <krakauer@google.com>	2020-01-08 14:48:47 -0800
commit	b2a881784c8e525c1fea71c6f23663413d107f05 (patch)
tree	6529dc74dcf1fc21d0b3199f149356cb877f5ddc /pkg/sentry
parent	447f64c561e6b5893c1bbae7d641187b7aca64ac (diff)