diff options
author | Kevin Krakauer <krakauer@google.com> | 2019-06-07 12:54:53 -0700 |
---|---|---|
committer | Kevin Krakauer <krakauer@google.com> | 2019-06-07 12:54:53 -0700 |
commit | 8afbd974da2483d8f81e3abde5c9d689719263cb (patch) | |
tree | 54e07878e7f2b984312cf26965850b372277c7a6 /pkg/tcpip/iptables | |
parent | d58eb9ce828fd7c831f30e922e01f1d2b84e462c (diff) |
Address Ian's comments.
Change-Id: I7445033b1970cbba3f2ed0682fe520dce02d8fad
Diffstat (limited to 'pkg/tcpip/iptables')
-rw-r--r-- | pkg/tcpip/iptables/iptables.go | 36 | ||||
-rw-r--r-- | pkg/tcpip/iptables/types.go | 12 |
2 files changed, 17 insertions, 31 deletions
diff --git a/pkg/tcpip/iptables/iptables.go b/pkg/tcpip/iptables/iptables.go index ee1ed4666..bd54ef5a6 100644 --- a/pkg/tcpip/iptables/iptables.go +++ b/pkg/tcpip/iptables/iptables.go @@ -34,9 +34,9 @@ const ( // all packets. func DefaultTables() *IPTables { tables := IPTables{ - Tables: map[string]*Table{ - tablenameNat: &Table{ - BuiltinChains: map[Hook]*Chain{ + Tables: map[string]Table{ + tablenameNat: Table{ + BuiltinChains: map[Hook]Chain{ Prerouting: unconditionalAcceptChain(chainNamePrerouting), Input: unconditionalAcceptChain(chainNameInput), Output: unconditionalAcceptChain(chainNameOutput), @@ -48,10 +48,10 @@ func DefaultTables() *IPTables { Output: UnconditionalAcceptTarget{}, Postrouting: UnconditionalAcceptTarget{}, }, - UserChains: map[string]*Chain{}, + UserChains: map[string]Chain{}, }, - tablenameMangle: &Table{ - BuiltinChains: map[Hook]*Chain{ + tablenameMangle: Table{ + BuiltinChains: map[Hook]Chain{ Prerouting: unconditionalAcceptChain(chainNamePrerouting), Output: unconditionalAcceptChain(chainNameOutput), }, @@ -59,7 +59,7 @@ func DefaultTables() *IPTables { Prerouting: UnconditionalAcceptTarget{}, Output: UnconditionalAcceptTarget{}, }, - UserChains: map[string]*Chain{}, + UserChains: map[string]Chain{}, }, }, Priorities: map[Hook][]string{ @@ -68,28 +68,14 @@ func DefaultTables() *IPTables { }, } - // Initialize each table's Chains field. - tables.Tables[tablenameNat].Chains = map[string]*Chain{ - chainNamePrerouting: tables.Tables[tablenameNat].BuiltinChains[Prerouting], - chainNameInput: tables.Tables[tablenameNat].BuiltinChains[Input], - chainNameOutput: tables.Tables[tablenameNat].BuiltinChains[Output], - chainNamePostrouting: tables.Tables[tablenameNat].BuiltinChains[Postrouting], - } - tables.Tables[tablenameMangle].Chains = map[string]*Chain{ - chainNamePrerouting: tables.Tables[tablenameMangle].BuiltinChains[Prerouting], - chainNameInput: tables.Tables[tablenameMangle].BuiltinChains[Input], - chainNameOutput: tables.Tables[tablenameMangle].BuiltinChains[Output], - chainNamePostrouting: tables.Tables[tablenameMangle].BuiltinChains[Postrouting], - } - return &tables } -func unconditionalAcceptChain(name string) *Chain { - return &Chain{ +func unconditionalAcceptChain(name string) Chain { + return Chain{ Name: name, - Rules: []*Rule{ - &Rule{ + Rules: []Rule{ + Rule{ Target: UnconditionalAcceptTarget{}, }, }, diff --git a/pkg/tcpip/iptables/types.go b/pkg/tcpip/iptables/types.go index 65bfc7b1d..cdfb6ba28 100644 --- a/pkg/tcpip/iptables/types.go +++ b/pkg/tcpip/iptables/types.go @@ -98,11 +98,11 @@ const ( // IPTables holds all the tables for a netstack. type IPTables struct { - // mu protects the entire struct. - mu sync.RWMutex + // Mu protects the entire struct. + Mu sync.RWMutex // Tables maps table names to tables. User tables have arbitrary names. - Tables map[string]*Table + Tables map[string]Table // Priorities maps each hook to a list of table names. The order of the // list is the order in which each table should be visited for that @@ -118,7 +118,7 @@ type Table struct { // BuiltinChains holds the un-deletable chains built into netstack. If // a hook isn't present in the map, this table doesn't utilize that // hook. - BuiltinChains map[Hook]*Chain + BuiltinChains map[Hook]Chain // DefaultTargets holds a target for each hook that will be executed if // chain traversal doesn't yield a verdict. @@ -126,7 +126,7 @@ type Table struct { // UserChains holds user-defined chains for the keyed by name. Users // can give their chains arbitrary names. - UserChains map[string]*Chain + UserChains map[string]Chain // Chains maps names to chains for both builtin and user-defined chains. // Its entries point to Chains already either in BuiltinChains and @@ -158,7 +158,7 @@ type Chain struct { Name string // Rules is the list of rules to traverse. - Rules []*Rule + Rules []Rule } // Rule is a packet processing rule. It consists of two pieces. First it |