summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--pkg/tcpip/iptables/iptables.go5
-rw-r--r--pkg/tcpip/iptables/targets.go14
-rw-r--r--pkg/tcpip/iptables/types.go2
3 files changed, 10 insertions, 11 deletions
diff --git a/pkg/tcpip/iptables/iptables.go b/pkg/tcpip/iptables/iptables.go
index 80ddbd442..2ab9e0675 100644
--- a/pkg/tcpip/iptables/iptables.go
+++ b/pkg/tcpip/iptables/iptables.go
@@ -171,7 +171,6 @@ const (
chainReturn
)
-
// Check runs pkt through the rules for hook. It returns true when the packet
// should continue traversing the network stack and false when it should be
// dropped.
@@ -242,7 +241,7 @@ func (it *IPTables) checkChain(hook Hook, pkt tcpip.PacketBuffer, table Table, r
return chainDrop
case chainReturn:
ruleIdx++
- continue
+ continue
default:
panic(fmt.Sprintf("Unknown verdict: %d", verdict))
}
@@ -289,5 +288,5 @@ func (it *IPTables) checkRule(hook Hook, pkt tcpip.PacketBuffer, table Table, ru
}
// All the matchers matched, so run the target.
- return rule.Target.Action(pkt, rule.Filter)
+ return rule.Target.Action(pkt)
}
diff --git a/pkg/tcpip/iptables/targets.go b/pkg/tcpip/iptables/targets.go
index 5dbb28145..96318118c 100644
--- a/pkg/tcpip/iptables/targets.go
+++ b/pkg/tcpip/iptables/targets.go
@@ -24,7 +24,7 @@ import (
type AcceptTarget struct{}
// Action implements Target.Action.
-func (AcceptTarget) Action(packet tcpip.PacketBuffer, filter IPHeaderFilter) (RuleVerdict, int) {
+func (AcceptTarget) Action(packet tcpip.PacketBuffer) (RuleVerdict, int) {
return RuleAccept, 0
}
@@ -32,7 +32,7 @@ func (AcceptTarget) Action(packet tcpip.PacketBuffer, filter IPHeaderFilter) (Ru
type DropTarget struct{}
// Action implements Target.Action.
-func (DropTarget) Action(packet tcpip.PacketBuffer, filter IPHeaderFilter) (RuleVerdict, int) {
+func (DropTarget) Action(packet tcpip.PacketBuffer) (RuleVerdict, int) {
return RuleDrop, 0
}
@@ -41,7 +41,7 @@ func (DropTarget) Action(packet tcpip.PacketBuffer, filter IPHeaderFilter) (Rule
type ErrorTarget struct{}
// Action implements Target.Action.
-func (ErrorTarget) Action(packet tcpip.PacketBuffer, filter IPHeaderFilter) (RuleVerdict, int) {
+func (ErrorTarget) Action(packet tcpip.PacketBuffer) (RuleVerdict, int) {
log.Debugf("ErrorTarget triggered.")
return RuleDrop, 0
}
@@ -52,7 +52,7 @@ type UserChainTarget struct {
}
// Action implements Target.Action.
-func (UserChainTarget) Action(tcpip.PacketBuffer, IPHeaderFilter) (RuleVerdict, int) {
+func (UserChainTarget) Action(tcpip.PacketBuffer) (RuleVerdict, int) {
panic("UserChainTarget should never be called.")
}
@@ -61,7 +61,7 @@ func (UserChainTarget) Action(tcpip.PacketBuffer, IPHeaderFilter) (RuleVerdict,
type ReturnTarget struct{}
// Action implements Target.Action.
-func (ReturnTarget) Action(tcpip.PacketBuffer, IPHeaderFilter) (RuleVerdict, int) {
+func (ReturnTarget) Action(tcpip.PacketBuffer) (RuleVerdict, int) {
return RuleReturn, 0
}
@@ -86,7 +86,7 @@ type RedirectTarget struct {
}
// Action implements Target.Action.
-func (rt RedirectTarget) Action(pkt tcpip.PacketBuffer, filter IPHeaderFilter) (RuleVerdict, int) {
+func (rt RedirectTarget) Action(pkt tcpip.PacketBuffer) (RuleVerdict, int) {
headerView := pkt.Data.First()
// Network header should be set.
@@ -99,7 +99,7 @@ func (rt RedirectTarget) Action(pkt tcpip.PacketBuffer, filter IPHeaderFilter) (
// we need to change dest address (for OUTPUT chain) or ports.
hlen := int(netHeader.HeaderLength())
- switch protocol := filter.Protocol; protocol {
+ switch protocol := netHeader.TransportProtocol(); protocol {
case header.UDPProtocolNumber:
udp := header.UDP(headerView[hlen:])
udp.SetDestinationPort(rt.MinPort)
diff --git a/pkg/tcpip/iptables/types.go b/pkg/tcpip/iptables/types.go
index 8bd3a2c94..9c2ad2d46 100644
--- a/pkg/tcpip/iptables/types.go
+++ b/pkg/tcpip/iptables/types.go
@@ -164,5 +164,5 @@ type Target interface {
// Action takes an action on the packet and returns a verdict on how
// traversal should (or should not) continue. If the return value is
// Jump, it also returns the name of the chain to jump to.
- Action(packet tcpip.PacketBuffer, filter IPHeaderFilter) (RuleVerdict, int)
+ Action(packet tcpip.PacketBuffer) (RuleVerdict, int)
}