Keep magic constants out of netstack

PiperOrigin-RevId: 339721152
author: Kevin Krakauer <krakauer@google.com> 2020-10-29 12:20:02 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-10-29 12:22:21 -0700
commit: 02fe467b476474477d226b949307ec8bf1253108 (patch)
tree: aebf2466d96f369c593fce3035f4fc930385b57e /pkg/tcpip/stack/stack.go
parent: 337c4b9a19ea7b880383eb875c5dffddbc5bebde (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/pkg/tcpip/stack/stack.go b/pkg/tcpip/stack/stack.go
index e8f1c110e..25ea6b459 100644
--- a/pkg/tcpip/stack/stack.go
+++ b/pkg/tcpip/stack/stack.go
@@ -518,6 +518,10 @@ type Options struct {
 	//
 	// RandSource must be thread-safe.
 	RandSource mathrand.Source
+
+	// IPTables are the initial iptables rules. If nil, iptables will allow
+	// all traffic.
+	IPTables *IPTables
 }
 
 // TransportEndpointInfo holds useful information about a transport endpoint
@@ -620,6 +624,10 @@ func New(opts Options) *Stack {
 		randSrc = &lockedRandomSource{src: mathrand.NewSource(generateRandInt64())}
 	}
 
+	if opts.IPTables == nil {
+		opts.IPTables = DefaultTables()
+	}
+
 	opts.NUDConfigs.resetInvalidFields()
 
 	s := &Stack{
@@ -633,7 +641,7 @@ func New(opts Options) *Stack {
 		clock:              clock,
 		stats:              opts.Stats.FillIn(),
 		handleLocal:        opts.HandleLocal,
-		tables:             DefaultTables(),
+		tables:             opts.IPTables,
 		icmpRateLimiter:    NewICMPRateLimiter(),
 		seed:               generateRandUint32(),
 		nudConfigs:         opts.NUDConfigs,
author	Kevin Krakauer <krakauer@google.com>	2020-10-29 12:20:02 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-10-29 12:22:21 -0700
commit	02fe467b476474477d226b949307ec8bf1253108 (patch)
tree	aebf2466d96f369c593fce3035f4fc930385b57e /pkg/tcpip/stack/stack.go
parent	337c4b9a19ea7b880383eb875c5dffddbc5bebde (diff)