Create null entry connection on first IPTables hook - gvisor

diff options

author	Ghanan Gowripalan <ghanan@google.com>	2021-10-06 15:55:04 -0700
committer	gVisor bot <gvisor-bot@google.com>	2021-10-06 15:57:46 -0700
commit	dd74503b8eabbd4d8ca024523535b614fee69e03 (patch)
tree	c2a717f9050473bae7b6955637238e41a3e08810 /pkg/shim/service_linux.go
parent	a259115490332409b284868a0d25e39f2d63a3fe (diff)

Create null entry connection on first IPTables hook

...all connections should be tracked by ConnTrack, so create a no-op connection entry on the first hook into IPTables (Prerouting or Output) and let NAT targets modify the connection entry if they need to instead of letting the NAT target create their own connection entry. This also prepares for "twice-NAT" where a packet may have both DNAT and SNAT performed on it (which requires the ability to update ConnTrack entries). Updates #5696. PiperOrigin-RevId: 401360377

Diffstat (limited to 'pkg/shim/service_linux.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: