diff options
| author | gVisor bot <gvisor-bot@google.com> | 2021-09-28 21:11:13 +0000 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-09-28 21:11:13 +0000 |
| commit | 03a63df040b402ce62e78a37de75e6d7838dd6c8 (patch) | |
| tree | 9e066f33910fa1a70cb9c05edc3d93b2afa7d6e8 /pkg/tcpip/stack/iptables.go | |
| parent | 0240b0d6205e5e8ca6e7a9f7608493c24a4dbb93 (diff) | |
| parent | ed083bac408cfeb68ae401b8cec7cc1be5722562 (diff) | |
Merge release-20210921.0-37-ged083bac4 (automated)
Diffstat (limited to 'pkg/tcpip/stack/iptables.go')
| -rw-r--r-- | pkg/tcpip/stack/iptables.go | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/pkg/tcpip/stack/iptables.go b/pkg/tcpip/stack/iptables.go index 74c9075b4..c0ed65ece 100644 --- a/pkg/tcpip/stack/iptables.go +++ b/pkg/tcpip/stack/iptables.go @@ -310,8 +310,8 @@ func (it *IPTables) CheckOutput(pkt *PacketBuffer, r *Route, outNicName string) // must be dropped if false is returned. // // Precondition: The packet's network and transport header must be set. -func (it *IPTables) CheckPostrouting(pkt *PacketBuffer, r *Route, outNicName string) bool { - return it.check(Postrouting, pkt, r, nil /* addressEP */, "" /* inNicName */, outNicName) +func (it *IPTables) CheckPostrouting(pkt *PacketBuffer, r *Route, addressEP AddressableEndpoint, outNicName string) bool { + return it.check(Postrouting, pkt, r, addressEP, "" /* inNicName */, outNicName) } // check runs pkt through the rules for hook. It returns true when the packet @@ -431,7 +431,7 @@ func (it *IPTables) startReaper(interval time.Duration) { // // Precondition: The packets' network and transport header must be set. func (it *IPTables) CheckOutputPackets(pkts PacketBufferList, r *Route, outNicName string) (drop map[*PacketBuffer]struct{}, natPkts map[*PacketBuffer]struct{}) { - return it.checkPackets(Output, pkts, r, outNicName) + return it.checkPackets(Output, pkts, r, nil /* addressEP */, outNicName) } // CheckPostroutingPackets performs the postrouting hook on the packets. @@ -439,8 +439,8 @@ func (it *IPTables) CheckOutputPackets(pkts PacketBufferList, r *Route, outNicNa // Returns a map of packets that must be dropped. // // Precondition: The packets' network and transport header must be set. -func (it *IPTables) CheckPostroutingPackets(pkts PacketBufferList, r *Route, outNicName string) (drop map[*PacketBuffer]struct{}, natPkts map[*PacketBuffer]struct{}) { - return it.checkPackets(Postrouting, pkts, r, outNicName) +func (it *IPTables) CheckPostroutingPackets(pkts PacketBufferList, r *Route, addressEP AddressableEndpoint, outNicName string) (drop map[*PacketBuffer]struct{}, natPkts map[*PacketBuffer]struct{}) { + return it.checkPackets(Postrouting, pkts, r, addressEP, outNicName) } // checkPackets runs pkts through the rules for hook and returns a map of @@ -450,10 +450,10 @@ func (it *IPTables) CheckPostroutingPackets(pkts PacketBufferList, r *Route, out // dropped. // // Precondition: The packets' network and transport header must be set. -func (it *IPTables) checkPackets(hook Hook, pkts PacketBufferList, r *Route, outNicName string) (drop map[*PacketBuffer]struct{}, natPkts map[*PacketBuffer]struct{}) { +func (it *IPTables) checkPackets(hook Hook, pkts PacketBufferList, r *Route, addressEP AddressableEndpoint, outNicName string) (drop map[*PacketBuffer]struct{}, natPkts map[*PacketBuffer]struct{}) { for pkt := pkts.Front(); pkt != nil; pkt = pkt.Next() { if !pkt.NatDone { - if ok := it.check(hook, pkt, r, nil /* addressEP */, "" /* inNicName */, outNicName); !ok { + if ok := it.check(hook, pkt, r, addressEP, "" /* inNicName */, outNicName); !ok { if drop == nil { drop = make(map[*PacketBuffer]struct{}) } |