Support for connection tracking of TCP packets.

Connection tracking is used to track packets in prerouting and output hooks of iptables. The NAT rules modify the tuples in connections. The connection tracking code modifies the packets by looking at the modified tuples.
author: Nayana Bidari <nybidari@google.com> 2020-03-27 12:18:45 -0700
committer: Nayana Bidari <nybidari@google.com> 2020-05-01 16:59:40 -0700
commit: b660f16d18827f0310594c80d9387de11430f15f (patch)
tree: e645837d657b8e5feefa655840a969f4f3d87314 /pkg/tcpip/stack/nic.go
parent: 40d6aae1220292985a85ee03248ad5781edb4c80 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go
index 7b54919bb..8f4c1fe42 100644
--- a/pkg/tcpip/stack/nic.go
+++ b/pkg/tcpip/stack/nic.go
@@ -1230,8 +1230,10 @@ func (n *NIC) DeliverNetworkPacket(linkEP LinkEndpoint, remote, local tcpip.Link
 
 	// TODO(gvisor.dev/issue/170): Not supporting iptables for IPv6 yet.
 	if protocol == header.IPv4ProtocolNumber {
+		// iptables filtering.
 		ipt := n.stack.IPTables()
-		if ok := ipt.Check(Prerouting, pkt); !ok {
+		address := n.primaryAddress(protocol)
+		if ok := ipt.Check(Prerouting, &pkt, nil, nil, address.Address); !ok {
 			// iptables is telling us to drop the packet.
 			return
 		}
author	Nayana Bidari <nybidari@google.com>	2020-03-27 12:18:45 -0700
committer	Nayana Bidari <nybidari@google.com>	2020-05-01 16:59:40 -0700
commit	b660f16d18827f0310594c80d9387de11430f15f (patch)
tree	e645837d657b8e5feefa655840a969f4f3d87314 /pkg/tcpip/stack/nic.go
parent	40d6aae1220292985a85ee03248ad5781edb4c80 (diff)