diff options
| author | Kevin Krakauer <krakauer@google.com> | 2020-01-13 12:22:15 -0800 |
|---|---|---|
| committer | Kevin Krakauer <krakauer@google.com> | 2020-01-13 12:22:15 -0800 |
| commit | 31e49f4b19309259baeeb63e7b6ef41f8edd6d35 (patch) | |
| tree | ad6cae1ad4f173946eb68156653bea84d7254f81 /pkg/tcpip/iptables/iptables.go | |
| parent | d147e6d1b29d25607bcdcdb0beddb5122fea085e (diff) | |
| parent | b30cfb1df72e201c6caf576bbef8fcc968df2d41 (diff) | |
Merge branch 'master' into iptables-write-input-drop
Diffstat (limited to 'pkg/tcpip/iptables/iptables.go')
| -rw-r--r-- | pkg/tcpip/iptables/iptables.go | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/pkg/tcpip/iptables/iptables.go b/pkg/tcpip/iptables/iptables.go index 8a72feb77..83d807a4d 100644 --- a/pkg/tcpip/iptables/iptables.go +++ b/pkg/tcpip/iptables/iptables.go @@ -22,13 +22,13 @@ import ( "gvisor.dev/gvisor/pkg/tcpip" ) +// Table names. const ( TablenameNat = "nat" TablenameMangle = "mangle" TablenameFilter = "filter" ) -// TODO: Make this an iota? Faster! Do it. // Chain names as defined by net/ipv4/netfilter/ip_tables.c. const ( ChainNamePrerouting = "PREROUTING" @@ -38,11 +38,15 @@ const ( ChainNamePostrouting = "POSTROUTING" ) +// HookUnset indicates that there is no hook set for an entrypoint or +// underflow. const HookUnset = -1 // DefaultTables returns a default set of tables. Each chain is set to accept // all packets. func DefaultTables() IPTables { + // TODO(gvisor.dev/issue/170): We may be able to swap out some strings for + // iotas. return IPTables{ Tables: map[string]Table{ TablenameNat: Table{ @@ -111,6 +115,8 @@ func DefaultTables() IPTables { } } +// EmptyFilterTable returns a Table with no rules and the filter table chains +// mapped to HookUnset. func EmptyFilterTable() Table { return Table{ Rules: []Rule{}, |