diff options
| author | gVisor bot <gvisor-bot@google.com> | 2020-01-21 12:08:52 -0800 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2020-01-21 12:08:52 -0800 |
| commit | 5f82f092e7c5df8be8f9f8bacfbc135792ff2f5e (patch) | |
| tree | 7fba07b20cb84ab828c62ec690a1be6abb2c17cd /pkg/tcpip/stack/stack.go | |
| parent | 7e155a133bac499d7b1e4490ae6f0c08b28a4006 (diff) | |
| parent | 95e9de31d20ee1c7262fe5870e10485a369e6497 (diff) | |
Merge pull request #1558 from kevinGC:iptables-write-input-drop
PiperOrigin-RevId: 290793754
Diffstat (limited to 'pkg/tcpip/stack/stack.go')
| -rw-r--r-- | pkg/tcpip/stack/stack.go | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/pkg/tcpip/stack/stack.go b/pkg/tcpip/stack/stack.go index fc56a6d79..7057b110e 100644 --- a/pkg/tcpip/stack/stack.go +++ b/pkg/tcpip/stack/stack.go @@ -423,7 +423,11 @@ type Stack struct { // handleLocal allows non-loopback interfaces to loop packets. handleLocal bool - // tables are the iptables packet filtering and manipulation rules. + // tablesMu protects iptables. + tablesMu sync.RWMutex + + // tables are the iptables packet filtering and manipulation rules. The are + // protected by tablesMu.` tables iptables.IPTables // resumableEndpoints is a list of endpoints that need to be resumed if the @@ -1594,12 +1598,17 @@ func (s *Stack) LeaveGroup(protocol tcpip.NetworkProtocolNumber, nicID tcpip.NIC // IPTables returns the stack's iptables. func (s *Stack) IPTables() iptables.IPTables { - return s.tables + s.tablesMu.RLock() + t := s.tables + s.tablesMu.RUnlock() + return t } // SetIPTables sets the stack's iptables. func (s *Stack) SetIPTables(ipt iptables.IPTables) { + s.tablesMu.Lock() s.tables = ipt + s.tablesMu.Unlock() } // ICMPLimit returns the maximum number of ICMP messages that can be sent |