diff options
| author | Ghanan Gowripalan <ghanan@google.com> | 2021-05-13 18:52:06 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-05-13 18:54:09 -0700 |
| commit | 2b457d9ee9ba50da4a9208d957053fac2c77932d (patch) | |
| tree | 8c711a691ef53a677083af1f884d664284f30f9c /pkg/tcpip/network/internal/ip | |
| parent | 7ea2dcbaece00b5c7310c74fcf99c1fb32e9ec28 (diff) | |
Check filter table when forwarding IP packets
This change updates the forwarding path to perform the forwarding hook
with iptables so that the filter table is consulted before a packet is
forwarded
Updates #170.
Test: iptables_test.TestForwardingHook
PiperOrigin-RevId: 373702359
Diffstat (limited to 'pkg/tcpip/network/internal/ip')
| -rw-r--r-- | pkg/tcpip/network/internal/ip/stats.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/pkg/tcpip/network/internal/ip/stats.go b/pkg/tcpip/network/internal/ip/stats.go index 444515d40..0c2b62127 100644 --- a/pkg/tcpip/network/internal/ip/stats.go +++ b/pkg/tcpip/network/internal/ip/stats.go @@ -74,6 +74,10 @@ type MultiCounterIPStats struct { // layer. PacketsReceived tcpip.MultiCounterStat + // ValidPacketsReceived is the number of valid IP packets that reached the IP + // layer. + ValidPacketsReceived tcpip.MultiCounterStat + // DisabledPacketsReceived is the number of IP packets received from // the link layer when the IP layer is disabled. DisabledPacketsReceived tcpip.MultiCounterStat @@ -114,6 +118,10 @@ type MultiCounterIPStats struct { // Input chain. IPTablesInputDropped tcpip.MultiCounterStat + // IPTablesForwardDropped is the number of IP packets dropped in the + // Forward chain. + IPTablesForwardDropped tcpip.MultiCounterStat + // IPTablesOutputDropped is the number of IP packets dropped in the // Output chain. IPTablesOutputDropped tcpip.MultiCounterStat @@ -146,6 +154,7 @@ type MultiCounterIPStats struct { // Init sets internal counters to track a and b counters. func (m *MultiCounterIPStats) Init(a, b *tcpip.IPStats) { m.PacketsReceived.Init(a.PacketsReceived, b.PacketsReceived) + m.ValidPacketsReceived.Init(a.ValidPacketsReceived, b.ValidPacketsReceived) m.DisabledPacketsReceived.Init(a.DisabledPacketsReceived, b.DisabledPacketsReceived) m.InvalidDestinationAddressesReceived.Init(a.InvalidDestinationAddressesReceived, b.InvalidDestinationAddressesReceived) m.InvalidSourceAddressesReceived.Init(a.InvalidSourceAddressesReceived, b.InvalidSourceAddressesReceived) @@ -156,6 +165,7 @@ func (m *MultiCounterIPStats) Init(a, b *tcpip.IPStats) { m.MalformedFragmentsReceived.Init(a.MalformedFragmentsReceived, b.MalformedFragmentsReceived) m.IPTablesPreroutingDropped.Init(a.IPTablesPreroutingDropped, b.IPTablesPreroutingDropped) m.IPTablesInputDropped.Init(a.IPTablesInputDropped, b.IPTablesInputDropped) + m.IPTablesForwardDropped.Init(a.IPTablesForwardDropped, b.IPTablesForwardDropped) m.IPTablesOutputDropped.Init(a.IPTablesOutputDropped, b.IPTablesOutputDropped) m.IPTablesPostroutingDropped.Init(a.IPTablesPostroutingDropped, b.IPTablesPostroutingDropped) m.OptionTimestampReceived.Init(a.OptionTimestampReceived, b.OptionTimestampReceived) |