Merge pull request #2275 from nybidari:iptables

PiperOrigin-RevId: 309783486
author: gVisor bot <gvisor-bot@google.com> 2020-05-04 11:23:55 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-05-04 11:23:55 -0700
commit: 711439b1c3560b916dd5ffcbf906452d1ac960b0 (patch)
tree: f5cbc53b348da6a7c22edc033bad6f54c29d7545 /pkg/tcpip/stack/nic.go
parent: cbc5bef2a66ece1f9e63b213d4dfa616db488df8 (diff)
parent: b660f16d18827f0310594c80d9387de11430f15f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go
index 7b54919bb..8f4c1fe42 100644
--- a/pkg/tcpip/stack/nic.go
+++ b/pkg/tcpip/stack/nic.go
@@ -1230,8 +1230,10 @@ func (n *NIC) DeliverNetworkPacket(linkEP LinkEndpoint, remote, local tcpip.Link
 
 	// TODO(gvisor.dev/issue/170): Not supporting iptables for IPv6 yet.
 	if protocol == header.IPv4ProtocolNumber {
+		// iptables filtering.
 		ipt := n.stack.IPTables()
-		if ok := ipt.Check(Prerouting, pkt); !ok {
+		address := n.primaryAddress(protocol)
+		if ok := ipt.Check(Prerouting, &pkt, nil, nil, address.Address); !ok {
 			// iptables is telling us to drop the packet.
 			return
 		}
author	gVisor bot <gvisor-bot@google.com>	2020-05-04 11:23:55 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-05-04 11:23:55 -0700
commit	711439b1c3560b916dd5ffcbf906452d1ac960b0 (patch)
tree	f5cbc53b348da6a7c22edc033bad6f54c29d7545 /pkg/tcpip/stack/nic.go
parent	cbc5bef2a66ece1f9e63b213d4dfa616db488df8 (diff)
parent	b660f16d18827f0310594c80d9387de11430f15f (diff)