diff options
| author | Ghanan Gowripalan <ghanan@google.com> | 2021-09-22 12:36:38 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-09-22 12:39:31 -0700 |
| commit | 5768a147b124efbeff2800794da7ba961146af19 (patch) | |
| tree | abc2d2c567359c864792c027c0b1a84df3655d08 /pkg/tcpip/stack | |
| parent | cc095a6e4c26c6a818e92a7d1f5d2b59c2a2e163 (diff) | |
Populate forwarded packet buffer's TransportHeader
Turns out certain features of iptables (e.g. NAT) will not perform
any checks/work unless both the Network and Transport headers are
populated.
With this change, provide the packet directly to the outgoing
network endpoint's `writePacket` method instead of going
through `WriteHeaderIncludedPacket` which expected the headers
to not be set.
PiperOrigin-RevId: 398304004
Diffstat (limited to 'pkg/tcpip/stack')
| -rw-r--r-- | pkg/tcpip/stack/packet_buffer.go | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/pkg/tcpip/stack/packet_buffer.go b/pkg/tcpip/stack/packet_buffer.go index 29c22bfd4..b9280c2de 100644 --- a/pkg/tcpip/stack/packet_buffer.go +++ b/pkg/tcpip/stack/packet_buffer.go @@ -341,6 +341,37 @@ func (pk *PacketBuffer) CloneToInbound() *PacketBuffer { return newPk } +// DeepCopyForForwarding creates a deep copy of the packet buffer for +// forwarding. +// +// The returned packet buffer will have the network and transport headers +// set if the original packet buffer did. +func (pk *PacketBuffer) DeepCopyForForwarding(reservedHeaderBytes int) *PacketBuffer { + newPkt := NewPacketBuffer(PacketBufferOptions{ + ReserveHeaderBytes: reservedHeaderBytes, + Data: PayloadSince(pk.NetworkHeader()).ToVectorisedView(), + IsForwardedPacket: true, + }) + + { + consumeBytes := pk.NetworkHeader().View().Size() + if _, consumed := newPkt.NetworkHeader().Consume(consumeBytes); !consumed { + panic(fmt.Sprintf("expected to consume network header %d bytes from new packet", consumeBytes)) + } + newPkt.NetworkProtocolNumber = pk.NetworkProtocolNumber + } + + { + consumeBytes := pk.TransportHeader().View().Size() + if _, consumed := newPkt.TransportHeader().Consume(consumeBytes); !consumed { + panic(fmt.Sprintf("expected to consume transport header %d bytes from new packet", consumeBytes)) + } + newPkt.TransportProtocolNumber = pk.TransportProtocolNumber + } + + return newPkt +} + // headerInfo stores metadata about a header in a packet. type headerInfo struct { // offset is the offset of the header in pk.buf relative to |