summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/tcpip')
-rw-r--r--pkg/tcpip/link/tun/tun_endpoint_refs.go2
-rw-r--r--pkg/tcpip/stack/iptables.go12
-rw-r--r--pkg/tcpip/stack/iptables_types.go5
-rw-r--r--pkg/tcpip/stack/stack_state_autogen.go39
4 files changed, 37 insertions, 21 deletions
diff --git a/pkg/tcpip/link/tun/tun_endpoint_refs.go b/pkg/tcpip/link/tun/tun_endpoint_refs.go
index 895a577ce..e0595429c 100644
--- a/pkg/tcpip/link/tun/tun_endpoint_refs.go
+++ b/pkg/tcpip/link/tun/tun_endpoint_refs.go
@@ -1,10 +1,10 @@
package tun
import (
+ "fmt"
"runtime"
"sync/atomic"
- "fmt"
"gvisor.dev/gvisor/pkg/log"
refs_vfs1 "gvisor.dev/gvisor/pkg/refs"
)
diff --git a/pkg/tcpip/stack/iptables.go b/pkg/tcpip/stack/iptables.go
index 41ef4236b..30aa41db2 100644
--- a/pkg/tcpip/stack/iptables.go
+++ b/pkg/tcpip/stack/iptables.go
@@ -165,7 +165,11 @@ func EmptyNATTable() Table {
}
// GetTable returns a table by name.
-func (it *IPTables) GetTable(name string) (Table, bool) {
+func (it *IPTables) GetTable(name string, ipv6 bool) (Table, bool) {
+ // TODO(gvisor.dev/issue/3549): Enable IPv6.
+ if ipv6 {
+ return Table{}, false
+ }
id, ok := nameToID[name]
if !ok {
return Table{}, false
@@ -176,7 +180,11 @@ func (it *IPTables) GetTable(name string) (Table, bool) {
}
// ReplaceTable replaces or inserts table by name.
-func (it *IPTables) ReplaceTable(name string, table Table) *tcpip.Error {
+func (it *IPTables) ReplaceTable(name string, table Table, ipv6 bool) *tcpip.Error {
+ // TODO(gvisor.dev/issue/3549): Enable IPv6.
+ if ipv6 {
+ return tcpip.ErrInvalidOptionValue
+ }
id, ok := nameToID[name]
if !ok {
return tcpip.ErrInvalidOptionValue
diff --git a/pkg/tcpip/stack/iptables_types.go b/pkg/tcpip/stack/iptables_types.go
index 73274ada9..fbbd2f50f 100644
--- a/pkg/tcpip/stack/iptables_types.go
+++ b/pkg/tcpip/stack/iptables_types.go
@@ -155,6 +155,11 @@ type IPHeaderFilter struct {
// Protocol matches the transport protocol.
Protocol tcpip.TransportProtocolNumber
+ // CheckProtocol determines whether the Protocol field should be
+ // checked during matching.
+ // TODO(gvisor.dev/issue/3549): Check this field during matching.
+ CheckProtocol bool
+
// Dst matches the destination IP address.
Dst tcpip.Address
diff --git a/pkg/tcpip/stack/stack_state_autogen.go b/pkg/tcpip/stack/stack_state_autogen.go
index 44e7c6ff1..eee587e3f 100644
--- a/pkg/tcpip/stack/stack_state_autogen.go
+++ b/pkg/tcpip/stack/stack_state_autogen.go
@@ -288,6 +288,7 @@ func (x *IPHeaderFilter) StateTypeName() string {
func (x *IPHeaderFilter) StateFields() []string {
return []string{
"Protocol",
+ "CheckProtocol",
"Dst",
"DstMask",
"DstInvert",
@@ -305,30 +306,32 @@ func (x *IPHeaderFilter) beforeSave() {}
func (x *IPHeaderFilter) StateSave(m state.Sink) {
x.beforeSave()
m.Save(0, &x.Protocol)
- m.Save(1, &x.Dst)
- m.Save(2, &x.DstMask)
- m.Save(3, &x.DstInvert)
- m.Save(4, &x.Src)
- m.Save(5, &x.SrcMask)
- m.Save(6, &x.SrcInvert)
- m.Save(7, &x.OutputInterface)
- m.Save(8, &x.OutputInterfaceMask)
- m.Save(9, &x.OutputInterfaceInvert)
+ m.Save(1, &x.CheckProtocol)
+ m.Save(2, &x.Dst)
+ m.Save(3, &x.DstMask)
+ m.Save(4, &x.DstInvert)
+ m.Save(5, &x.Src)
+ m.Save(6, &x.SrcMask)
+ m.Save(7, &x.SrcInvert)
+ m.Save(8, &x.OutputInterface)
+ m.Save(9, &x.OutputInterfaceMask)
+ m.Save(10, &x.OutputInterfaceInvert)
}
func (x *IPHeaderFilter) afterLoad() {}
func (x *IPHeaderFilter) StateLoad(m state.Source) {
m.Load(0, &x.Protocol)
- m.Load(1, &x.Dst)
- m.Load(2, &x.DstMask)
- m.Load(3, &x.DstInvert)
- m.Load(4, &x.Src)
- m.Load(5, &x.SrcMask)
- m.Load(6, &x.SrcInvert)
- m.Load(7, &x.OutputInterface)
- m.Load(8, &x.OutputInterfaceMask)
- m.Load(9, &x.OutputInterfaceInvert)
+ m.Load(1, &x.CheckProtocol)
+ m.Load(2, &x.Dst)
+ m.Load(3, &x.DstMask)
+ m.Load(4, &x.DstInvert)
+ m.Load(5, &x.Src)
+ m.Load(6, &x.SrcMask)
+ m.Load(7, &x.SrcInvert)
+ m.Load(8, &x.OutputInterface)
+ m.Load(9, &x.OutputInterfaceMask)
+ m.Load(10, &x.OutputInterfaceInvert)
}
func (x *linkAddrEntryList) StateTypeName() string {