netstack: parse incoming packet headers up-front

Netstack has traditionally parsed headers on-demand as a packet moves up the stack. This is conceptually simple and convenient, but incompatible with iptables, where headers can be inspected and mangled before even a routing decision is made. This changes header parsing to happen early in the incoming packet path, as soon as the NIC gets the packet from a link endpoint. Even if an invalid packet is found (e.g. a TCP header of insufficient length), the packet is passed up the stack for proper stats bookkeeping. PiperOrigin-RevId: 315179302
author: Kevin Krakauer <krakauer@google.com> 2020-06-07 13:37:25 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-06-07 13:38:43 -0700
commit: 32b823fcdb00a7d6eb5ddcd378f19a659edc3da3 (patch)
tree: bed24f8b692caa0e24cd1351d22bb35522cbfe3e /pkg/tcpip/network/ipv4/icmp.go
parent: 62603041792021f654cfb3418e9a728220feaf60 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/pkg/tcpip/network/ipv4/icmp.go b/pkg/tcpip/network/ipv4/icmp.go
index d1c3ae835..1b67aa066 100644
--- a/pkg/tcpip/network/ipv4/icmp.go
+++ b/pkg/tcpip/network/ipv4/icmp.go
@@ -59,6 +59,9 @@ func (e *endpoint) handleControl(typ stack.ControlType, extra uint32, pkt *stack
 func (e *endpoint) handleICMP(r *stack.Route, pkt *stack.PacketBuffer) {
 	stats := r.Stats()
 	received := stats.ICMP.V4PacketsReceived
+	// TODO(gvisor.dev/issue/170): ICMP packets don't have their
+	// TransportHeader fields set. See icmp/protocol.go:protocol.Parse for a
+	// full explanation.
 	v, ok := pkt.Data.PullUp(header.ICMPv4MinimumSize)
 	if !ok {
 		received.Invalid.Increment()
author	Kevin Krakauer <krakauer@google.com>	2020-06-07 13:37:25 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-06-07 13:38:43 -0700
commit	32b823fcdb00a7d6eb5ddcd378f19a659edc3da3 (patch)
tree	bed24f8b692caa0e24cd1351d22bb35522cbfe3e /pkg/tcpip/network/ipv4/icmp.go
parent	62603041792021f654cfb3418e9a728220feaf60 (diff)