Set transport and network headers on outbound packets.

These are necessary for iptables to read and parse headers for packet filtering. PiperOrigin-RevId: 282372811
author: Kevin Krakauer <krakauer@google.com> 2019-11-25 09:26:30 -0800
committer: gVisor bot <gvisor-bot@google.com> 2019-11-25 09:37:53 -0800
commit: 1641338b14204ea941c547cf4c1a70665922ca05 (patch)
tree: 0cea43077a6ae371b0915d095169f89ddfb8464f /pkg/tcpip
parent: 2b1b51f1d7dd96f14b0af3b2663c33bc7ab67f63 (diff)
4 files changed, 16 insertions, 8 deletions
diff --git a/pkg/tcpip/network/ipv4/ipv4.go b/pkg/tcpip/network/ipv4/ipv4.go
index 7059600f5..e645cf62c 100644
--- a/pkg/tcpip/network/ipv4/ipv4.go
+++ b/pkg/tcpip/network/ipv4/ipv4.go
@@ -240,16 +240,18 @@ func (e *endpoint) addIPHeader(r *stack.Route, hdr *buffer.Prependable, payloadS
 // WritePacket writes a packet to the given destination address and protocol.
 func (e *endpoint) WritePacket(r *stack.Route, gso *stack.GSO, params stack.NetworkHeaderParams, loop stack.PacketLooping, pkt tcpip.PacketBuffer) *tcpip.Error {
 	ip := e.addIPHeader(r, &pkt.Header, pkt.Data.Size(), params)
+	pkt.NetworkHeader = buffer.View(ip)
 
 	if loop&stack.PacketLoop != 0 {
+		// The inbound path expects the network header to still be in
+		// the PacketBuffer's Data field.
 		views := make([]buffer.View, 1, 1+len(pkt.Data.Views()))
 		views[0] = pkt.Header.View()
 		views = append(views, pkt.Data.Views()...)
 		loopedR := r.MakeLoopedRoute()
 
 		e.HandlePacket(&loopedR, tcpip.PacketBuffer{
-			Data:          buffer.NewVectorisedView(len(views[0])+pkt.Data.Size(), views),
-			NetworkHeader: buffer.View(ip),
+			Data: buffer.NewVectorisedView(len(views[0])+pkt.Data.Size(), views),
 		})
 
 		loopedR.Release()
@@ -277,7 +279,8 @@ func (e *endpoint) WritePackets(r *stack.Route, gso *stack.GSO, pkts []tcpip.Pac
 	}
 
 	for i := range pkts {
-		e.addIPHeader(r, &pkts[i].Header, pkts[i].DataSize, params)
+		ip := e.addIPHeader(r, &pkts[i].Header, pkts[i].DataSize, params)
+		pkts[i].NetworkHeader = buffer.View(ip)
 	}
 	n, err := e.linkEP.WritePackets(r, gso, pkts, ProtocolNumber)
 	r.Stats().IP.PacketsSent.IncrementBy(uint64(n))
diff --git a/pkg/tcpip/network/ipv6/ipv6.go b/pkg/tcpip/network/ipv6/ipv6.go
index c9087ffa7..dd31f0fb7 100644
--- a/pkg/tcpip/network/ipv6/ipv6.go
+++ b/pkg/tcpip/network/ipv6/ipv6.go
@@ -114,16 +114,18 @@ func (e *endpoint) addIPHeader(r *stack.Route, hdr *buffer.Prependable, payloadS
 // WritePacket writes a packet to the given destination address and protocol.
 func (e *endpoint) WritePacket(r *stack.Route, gso *stack.GSO, params stack.NetworkHeaderParams, loop stack.PacketLooping, pkt tcpip.PacketBuffer) *tcpip.Error {
 	ip := e.addIPHeader(r, &pkt.Header, pkt.Data.Size(), params)
+	pkt.NetworkHeader = buffer.View(ip)
 
 	if loop&stack.PacketLoop != 0 {
+		// The inbound path expects the network header to still be in
+		// the PacketBuffer's Data field.
 		views := make([]buffer.View, 1, 1+len(pkt.Data.Views()))
 		views[0] = pkt.Header.View()
 		views = append(views, pkt.Data.Views()...)
 		loopedR := r.MakeLoopedRoute()
 
 		e.HandlePacket(&loopedR, tcpip.PacketBuffer{
-			Data:          buffer.NewVectorisedView(len(views[0])+pkt.Data.Size(), views),
-			NetworkHeader: buffer.View(ip),
+			Data: buffer.NewVectorisedView(len(views[0])+pkt.Data.Size(), views),
 		})
 
 		loopedR.Release()
@@ -148,7 +150,8 @@ func (e *endpoint) WritePackets(r *stack.Route, gso *stack.GSO, pkts []tcpip.Pac
 	for i := range pkts {
 		hdr := &pkts[i].Header
 		size := pkts[i].DataSize
-		e.addIPHeader(r, hdr, size, params)
+		ip := e.addIPHeader(r, hdr, size, params)
+		pkts[i].NetworkHeader = buffer.View(ip)
 	}
 
 	n, err := e.linkEP.WritePackets(r, gso, pkts, ProtocolNumber)
diff --git a/pkg/tcpip/transport/tcp/connect.go b/pkg/tcpip/transport/tcp/connect.go
index f14f0ca65..4206db8b6 100644
--- a/pkg/tcpip/transport/tcp/connect.go
+++ b/pkg/tcpip/transport/tcp/connect.go
@@ -647,6 +647,7 @@ func buildTCPHdr(r *stack.Route, id stack.TransportEndpointID, pkt *tcpip.Packet
 	off := pkt.DataOffset
 	// Initialize the header.
 	tcp := header.TCP(hdr.Prepend(header.TCPMinimumSize + optLen))
+	pkt.TransportHeader = buffer.View(tcp)
 	tcp.Encode(&header.TCPFields{
 		SrcPort:    id.LocalPort,
 		DstPort:    id.RemotePort,
diff --git a/pkg/tcpip/transport/udp/endpoint.go b/pkg/tcpip/transport/udp/endpoint.go
index 23c1da717..24cb88c13 100644
--- a/pkg/tcpip/transport/udp/endpoint.go
+++ b/pkg/tcpip/transport/udp/endpoint.go
@@ -823,8 +823,9 @@ func sendUDP(r *stack.Route, data buffer.VectorisedView, localPort, remotePort u
 		ttl = r.DefaultTTL()
 	}
 	if err := r.WritePacket(nil /* gso */, stack.NetworkHeaderParams{Protocol: ProtocolNumber, TTL: ttl, TOS: tos}, tcpip.PacketBuffer{
-		Header: hdr,
-		Data:   data,
+		Header:          hdr,
+		Data:            data,
+		TransportHeader: buffer.View(udp),
 	}); err != nil {
 		r.Stats().UDP.PacketSendErrors.Increment()
 		return err
author	Kevin Krakauer <krakauer@google.com>	2019-11-25 09:26:30 -0800
committer	gVisor bot <gvisor-bot@google.com>	2019-11-25 09:37:53 -0800
commit	1641338b14204ea941c547cf4c1a70665922ca05 (patch)
tree	0cea43077a6ae371b0915d095169f89ddfb8464f /pkg/tcpip
parent	2b1b51f1d7dd96f14b0af3b2663c33bc7ab67f63 (diff)