summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/stack/iptables_targets.go
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2020-04-20 21:36:32 +0000
committergVisor bot <gvisor-bot@google.com>2020-04-20 21:36:32 +0000
commitf136200c92da0431128db9f816be2bb0fe7382cc (patch)
tree59b869b51650e7963afc7d031961bbdd4ec36609 /pkg/tcpip/stack/iptables_targets.go
parentb982db8fdc6b69c08d3c5a21ae0b2994240fa947 (diff)
parent07b1b4cc98552a7d45d673ce1e4d1222bbffca7d (diff)
Merge release-20200323.0-195-g07b1b4c (automated)
Diffstat (limited to 'pkg/tcpip/stack/iptables_targets.go')
-rwxr-xr-xpkg/tcpip/stack/iptables_targets.go23
1 files changed, 17 insertions, 6 deletions
diff --git a/pkg/tcpip/stack/iptables_targets.go b/pkg/tcpip/stack/iptables_targets.go
index 7b4543caf..8be61f4b1 100755
--- a/pkg/tcpip/stack/iptables_targets.go
+++ b/pkg/tcpip/stack/iptables_targets.go
@@ -96,9 +96,12 @@ func (rt RedirectTarget) Action(pkt PacketBuffer) (RuleVerdict, int) {
newPkt := pkt.Clone()
// Set network header.
- headerView := newPkt.Data.First()
+ headerView, ok := newPkt.Data.PullUp(header.IPv4MinimumSize)
+ if !ok {
+ return RuleDrop, 0
+ }
netHeader := header.IPv4(headerView)
- newPkt.NetworkHeader = headerView[:header.IPv4MinimumSize]
+ newPkt.NetworkHeader = headerView
hlen := int(netHeader.HeaderLength())
tlen := int(netHeader.TotalLength())
@@ -117,10 +120,14 @@ func (rt RedirectTarget) Action(pkt PacketBuffer) (RuleVerdict, int) {
if newPkt.TransportHeader != nil {
udpHeader = header.UDP(newPkt.TransportHeader)
} else {
- if len(pkt.Data.First()) < header.UDPMinimumSize {
+ if pkt.Data.Size() < header.UDPMinimumSize {
+ return RuleDrop, 0
+ }
+ hdr, ok := newPkt.Data.PullUp(header.UDPMinimumSize)
+ if !ok {
return RuleDrop, 0
}
- udpHeader = header.UDP(newPkt.Data.First())
+ udpHeader = header.UDP(hdr)
}
udpHeader.SetDestinationPort(rt.MinPort)
case header.TCPProtocolNumber:
@@ -128,10 +135,14 @@ func (rt RedirectTarget) Action(pkt PacketBuffer) (RuleVerdict, int) {
if newPkt.TransportHeader != nil {
tcpHeader = header.TCP(newPkt.TransportHeader)
} else {
- if len(pkt.Data.First()) < header.TCPMinimumSize {
+ if pkt.Data.Size() < header.TCPMinimumSize {
return RuleDrop, 0
}
- tcpHeader = header.TCP(newPkt.TransportHeader)
+ hdr, ok := newPkt.Data.PullUp(header.TCPMinimumSize)
+ if !ok {
+ return RuleDrop, 0
+ }
+ tcpHeader = header.TCP(hdr)
}
// TODO(gvisor.dev/issue/170): Need to recompute checksum
// and implement nat connection tracking to support TCP.