Merge pull request #2872 from kevinGC:ipt-skip-prerouting

PiperOrigin-RevId: 315041419
author: gVisor bot <gvisor-bot@google.com> 2020-06-05 20:44:01 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-06-05 20:44:01 -0700
commit: 427d2082165e0949a00631a50cf5f6834d3d626d (patch)
tree: 5a5cb8daff299acbbc547b40d20c68771280b47a /pkg/tcpip/stack
parent: 21b6bc7280f68f43360a008ffd02a4f461ec9fc8 (diff)
parent: 74a7d76c9777820fcd7bd6002481eb959f58e247 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/pkg/tcpip/stack/nic.go b/pkg/tcpip/stack/nic.go
index ec8e3cb85..6664aea06 100644
--- a/pkg/tcpip/stack/nic.go
+++ b/pkg/tcpip/stack/nic.go
@@ -1229,7 +1229,8 @@ func (n *NIC) DeliverNetworkPacket(remote, local tcpip.LinkAddress, protocol tcp
 	}
 
 	// TODO(gvisor.dev/issue/170): Not supporting iptables for IPv6 yet.
-	if protocol == header.IPv4ProtocolNumber {
+	// Loopback traffic skips the prerouting chain.
+	if protocol == header.IPv4ProtocolNumber && !n.isLoopback() {
 		// iptables filtering.
 		ipt := n.stack.IPTables()
 		address := n.primaryAddress(protocol)
author	gVisor bot <gvisor-bot@google.com>	2020-06-05 20:44:01 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-06-05 20:44:01 -0700
commit	427d2082165e0949a00631a50cf5f6834d3d626d (patch)
tree	5a5cb8daff299acbbc547b40d20c68771280b47a /pkg/tcpip/stack
parent	21b6bc7280f68f43360a008ffd02a4f461ec9fc8 (diff)
parent	74a7d76c9777820fcd7bd6002481eb959f58e247 (diff)