diff options
author | Kevin Krakauer <krakauer@google.com> | 2020-01-09 15:38:21 -0800 |
---|---|---|
committer | Kevin Krakauer <krakauer@google.com> | 2020-01-09 15:38:21 -0800 |
commit | ff719159befaee7d2abcfeb88905a7486cd34845 (patch) | |
tree | a7208a1ae38449d23eb9146a0ff0e9980cae6ef2 /pkg/tcpip/iptables/iptables.go | |
parent | 89d11b4d96b0c40e373f14ba72d570c9b894f976 (diff) |
Confirmed that it works if I hardcode 17 in for pkt.Protocol. Need to address parsing the packet early :(
Diffstat (limited to 'pkg/tcpip/iptables/iptables.go')
-rw-r--r-- | pkg/tcpip/iptables/iptables.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/pkg/tcpip/iptables/iptables.go b/pkg/tcpip/iptables/iptables.go index b8d70ec1e..4e1700fdb 100644 --- a/pkg/tcpip/iptables/iptables.go +++ b/pkg/tcpip/iptables/iptables.go @@ -188,9 +188,9 @@ func (it *IPTables) checkRule(hook Hook, pkt tcpip.PacketBuffer, table Table, ru // First check whether the packet matches the IP header filter. // TODO(gvisor.dev/issue/170): Support other fields of the filter. - // if rule.Filter.Protocol != pkt.Protocol { - // return Continue - // } + if rule.Filter.Protocol != pkt.Protocol { + return Continue + } // Go through each rule matcher. If they all match, run // the rule target. |