netstack: parse incoming packet headers up-front

Netstack has traditionally parsed headers on-demand as a packet moves up the stack. This is conceptually simple and convenient, but incompatible with iptables, where headers can be inspected and mangled before even a routing decision is made. This changes header parsing to happen early in the incoming packet path, as soon as the NIC gets the packet from a link endpoint. Even if an invalid packet is found (e.g. a TCP header of insufficient length), the packet is passed up the stack for proper stats bookkeeping. PiperOrigin-RevId: 315179302
author: Kevin Krakauer <krakauer@google.com> 2020-06-07 13:37:25 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-06-07 13:38:43 -0700
commit: 32b823fcdb00a7d6eb5ddcd378f19a659edc3da3 (patch)
tree: bed24f8b692caa0e24cd1351d22bb35522cbfe3e /pkg/tcpip/transport/raw
parent: 62603041792021f654cfb3418e9a728220feaf60 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/pkg/tcpip/transport/raw/endpoint.go b/pkg/tcpip/transport/raw/endpoint.go
index 21c34fac2..a406d815e 100644
--- a/pkg/tcpip/transport/raw/endpoint.go
+++ b/pkg/tcpip/transport/raw/endpoint.go
@@ -627,8 +627,9 @@ func (e *endpoint) HandlePacket(route *stack.Route, pkt *stack.PacketBuffer) {
 		},
 	}
 
-	networkHeader := append(buffer.View(nil), pkt.NetworkHeader...)
-	combinedVV := networkHeader.ToVectorisedView()
+	headers := append(buffer.View(nil), pkt.NetworkHeader...)
+	headers = append(headers, pkt.TransportHeader...)
+	combinedVV := headers.ToVectorisedView()
 	combinedVV.Append(pkt.Data)
 	packet.data = combinedVV
 	packet.timestampNS = e.stack.NowNanoseconds()
author	Kevin Krakauer <krakauer@google.com>	2020-06-07 13:37:25 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-06-07 13:38:43 -0700
commit	32b823fcdb00a7d6eb5ddcd378f19a659edc3da3 (patch)
tree	bed24f8b692caa0e24cd1351d22bb35522cbfe3e /pkg/tcpip/transport/raw
parent	62603041792021f654cfb3418e9a728220feaf60 (diff)