Merge pull request #1528 from kevinGC:iptables-write

PiperOrigin-RevId: 289479774
author: gVisor bot <gvisor-bot@google.com> 2020-01-13 11:26:26 -0800
committer: gVisor bot <gvisor-bot@google.com> 2020-01-13 11:26:26 -0800
commit: b30cfb1df72e201c6caf576bbef8fcc968df2d41 (patch)
tree: 4e99dc335d774e201b42258eacacb01a40bf8a84 /pkg/tcpip/iptables/targets.go
parent: f54b9c0ee6e02f9c8bf32aa268c9028ff741bf7c (diff)
parent: ae060a63d9ad1bfb65b84a2ccbaf2893c5a50b76 (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/pkg/tcpip/iptables/targets.go b/pkg/tcpip/iptables/targets.go
index 19a7f77e3..b94a4c941 100644
--- a/pkg/tcpip/iptables/targets.go
+++ b/pkg/tcpip/iptables/targets.go
@@ -16,7 +16,10 @@
 
 package iptables
 
-import "gvisor.dev/gvisor/pkg/tcpip/buffer"
+import (
+	"gvisor.dev/gvisor/pkg/log"
+	"gvisor.dev/gvisor/pkg/tcpip/buffer"
+)
 
 // UnconditionalAcceptTarget accepts all packets.
 type UnconditionalAcceptTarget struct{}
@@ -33,3 +36,14 @@ type UnconditionalDropTarget struct{}
 func (UnconditionalDropTarget) Action(packet buffer.VectorisedView) (Verdict, string) {
 	return Drop, ""
 }
+
+// ErrorTarget logs an error and drops the packet. It represents a target that
+// should be unreachable.
+type ErrorTarget struct{}
+
+// Action implements Target.Action.
+func (ErrorTarget) Action(packet buffer.VectorisedView) (Verdict, string) {
+	log.Warningf("ErrorTarget triggered.")
+	return Drop, ""
+
+}
author	gVisor bot <gvisor-bot@google.com>	2020-01-13 11:26:26 -0800
committer	gVisor bot <gvisor-bot@google.com>	2020-01-13 11:26:26 -0800
commit	b30cfb1df72e201c6caf576bbef8fcc968df2d41 (patch)
tree	4e99dc335d774e201b42258eacacb01a40bf8a84 /pkg/tcpip/iptables/targets.go
parent	f54b9c0ee6e02f9c8bf32aa268c9028ff741bf7c (diff)
parent	ae060a63d9ad1bfb65b84a2ccbaf2893c5a50b76 (diff)