Merge release-20200422.0-18-g711439b (automated)

author: gVisor bot <gvisor-bot@google.com> 2020-05-04 18:27:04 +0000
committer: gVisor bot <gvisor-bot@google.com> 2020-05-04 18:27:04 +0000
commit: 72392231ba7daaa5ce21e78cc251e707cd88437c (patch)
tree: 781983bafcda0c54f27355757c87480d435618c3 /pkg/tcpip/stack/nic.go
parent: 23c3b58f2d7ade5f9aa1e8c545223941ded690e4 (diff)
parent: 711439b1c3560b916dd5ffcbf906452d1ac960b0 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go
index 7b54919bb..8f4c1fe42 100644
--- a/pkg/tcpip/stack/nic.go
+++ b/pkg/tcpip/stack/nic.go
@@ -1230,8 +1230,10 @@ func (n *NIC) DeliverNetworkPacket(linkEP LinkEndpoint, remote, local tcpip.Link
 
 	// TODO(gvisor.dev/issue/170): Not supporting iptables for IPv6 yet.
 	if protocol == header.IPv4ProtocolNumber {
+		// iptables filtering.
 		ipt := n.stack.IPTables()
-		if ok := ipt.Check(Prerouting, pkt); !ok {
+		address := n.primaryAddress(protocol)
+		if ok := ipt.Check(Prerouting, &pkt, nil, nil, address.Address); !ok {
 			// iptables is telling us to drop the packet.
 			return
 		}
author	gVisor bot <gvisor-bot@google.com>	2020-05-04 18:27:04 +0000
committer	gVisor bot <gvisor-bot@google.com>	2020-05-04 18:27:04 +0000
commit	72392231ba7daaa5ce21e78cc251e707cd88437c (patch)
tree	781983bafcda0c54f27355757c87480d435618c3 /pkg/tcpip/stack/nic.go
parent	23c3b58f2d7ade5f9aa1e8c545223941ded690e4 (diff)
parent	711439b1c3560b916dd5ffcbf906452d1ac960b0 (diff)