summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/iptables/iptables.go
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2020-01-09 15:38:21 -0800
committerKevin Krakauer <krakauer@google.com>2020-01-09 15:38:21 -0800
commitff719159befaee7d2abcfeb88905a7486cd34845 (patch)
treea7208a1ae38449d23eb9146a0ff0e9980cae6ef2 /pkg/tcpip/iptables/iptables.go
parent89d11b4d96b0c40e373f14ba72d570c9b894f976 (diff)
Confirmed that it works if I hardcode 17 in for pkt.Protocol. Need to address parsing the packet early :(
Diffstat (limited to 'pkg/tcpip/iptables/iptables.go')
-rw-r--r--pkg/tcpip/iptables/iptables.go6
1 files changed, 3 insertions, 3 deletions
diff --git a/pkg/tcpip/iptables/iptables.go b/pkg/tcpip/iptables/iptables.go
index b8d70ec1e..4e1700fdb 100644
--- a/pkg/tcpip/iptables/iptables.go
+++ b/pkg/tcpip/iptables/iptables.go
@@ -188,9 +188,9 @@ func (it *IPTables) checkRule(hook Hook, pkt tcpip.PacketBuffer, table Table, ru
// First check whether the packet matches the IP header filter.
// TODO(gvisor.dev/issue/170): Support other fields of the filter.
- // if rule.Filter.Protocol != pkt.Protocol {
- // return Continue
- // }
+ if rule.Filter.Protocol != pkt.Protocol {
+ return Continue
+ }
// Go through each rule matcher. If they all match, run
// the rule target.