diff options
Diffstat (limited to 'pkg/tcpip')
-rw-r--r-- | pkg/tcpip/link/tun/tun_endpoint_refs.go | 2 | ||||
-rw-r--r-- | pkg/tcpip/stack/iptables.go | 12 | ||||
-rw-r--r-- | pkg/tcpip/stack/iptables_types.go | 5 | ||||
-rw-r--r-- | pkg/tcpip/stack/stack_state_autogen.go | 39 |
4 files changed, 37 insertions, 21 deletions
diff --git a/pkg/tcpip/link/tun/tun_endpoint_refs.go b/pkg/tcpip/link/tun/tun_endpoint_refs.go index 895a577ce..e0595429c 100644 --- a/pkg/tcpip/link/tun/tun_endpoint_refs.go +++ b/pkg/tcpip/link/tun/tun_endpoint_refs.go @@ -1,10 +1,10 @@ package tun import ( + "fmt" "runtime" "sync/atomic" - "fmt" "gvisor.dev/gvisor/pkg/log" refs_vfs1 "gvisor.dev/gvisor/pkg/refs" ) diff --git a/pkg/tcpip/stack/iptables.go b/pkg/tcpip/stack/iptables.go index 41ef4236b..30aa41db2 100644 --- a/pkg/tcpip/stack/iptables.go +++ b/pkg/tcpip/stack/iptables.go @@ -165,7 +165,11 @@ func EmptyNATTable() Table { } // GetTable returns a table by name. -func (it *IPTables) GetTable(name string) (Table, bool) { +func (it *IPTables) GetTable(name string, ipv6 bool) (Table, bool) { + // TODO(gvisor.dev/issue/3549): Enable IPv6. + if ipv6 { + return Table{}, false + } id, ok := nameToID[name] if !ok { return Table{}, false @@ -176,7 +180,11 @@ func (it *IPTables) GetTable(name string) (Table, bool) { } // ReplaceTable replaces or inserts table by name. -func (it *IPTables) ReplaceTable(name string, table Table) *tcpip.Error { +func (it *IPTables) ReplaceTable(name string, table Table, ipv6 bool) *tcpip.Error { + // TODO(gvisor.dev/issue/3549): Enable IPv6. + if ipv6 { + return tcpip.ErrInvalidOptionValue + } id, ok := nameToID[name] if !ok { return tcpip.ErrInvalidOptionValue diff --git a/pkg/tcpip/stack/iptables_types.go b/pkg/tcpip/stack/iptables_types.go index 73274ada9..fbbd2f50f 100644 --- a/pkg/tcpip/stack/iptables_types.go +++ b/pkg/tcpip/stack/iptables_types.go @@ -155,6 +155,11 @@ type IPHeaderFilter struct { // Protocol matches the transport protocol. Protocol tcpip.TransportProtocolNumber + // CheckProtocol determines whether the Protocol field should be + // checked during matching. + // TODO(gvisor.dev/issue/3549): Check this field during matching. + CheckProtocol bool + // Dst matches the destination IP address. Dst tcpip.Address diff --git a/pkg/tcpip/stack/stack_state_autogen.go b/pkg/tcpip/stack/stack_state_autogen.go index 44e7c6ff1..eee587e3f 100644 --- a/pkg/tcpip/stack/stack_state_autogen.go +++ b/pkg/tcpip/stack/stack_state_autogen.go @@ -288,6 +288,7 @@ func (x *IPHeaderFilter) StateTypeName() string { func (x *IPHeaderFilter) StateFields() []string { return []string{ "Protocol", + "CheckProtocol", "Dst", "DstMask", "DstInvert", @@ -305,30 +306,32 @@ func (x *IPHeaderFilter) beforeSave() {} func (x *IPHeaderFilter) StateSave(m state.Sink) { x.beforeSave() m.Save(0, &x.Protocol) - m.Save(1, &x.Dst) - m.Save(2, &x.DstMask) - m.Save(3, &x.DstInvert) - m.Save(4, &x.Src) - m.Save(5, &x.SrcMask) - m.Save(6, &x.SrcInvert) - m.Save(7, &x.OutputInterface) - m.Save(8, &x.OutputInterfaceMask) - m.Save(9, &x.OutputInterfaceInvert) + m.Save(1, &x.CheckProtocol) + m.Save(2, &x.Dst) + m.Save(3, &x.DstMask) + m.Save(4, &x.DstInvert) + m.Save(5, &x.Src) + m.Save(6, &x.SrcMask) + m.Save(7, &x.SrcInvert) + m.Save(8, &x.OutputInterface) + m.Save(9, &x.OutputInterfaceMask) + m.Save(10, &x.OutputInterfaceInvert) } func (x *IPHeaderFilter) afterLoad() {} func (x *IPHeaderFilter) StateLoad(m state.Source) { m.Load(0, &x.Protocol) - m.Load(1, &x.Dst) - m.Load(2, &x.DstMask) - m.Load(3, &x.DstInvert) - m.Load(4, &x.Src) - m.Load(5, &x.SrcMask) - m.Load(6, &x.SrcInvert) - m.Load(7, &x.OutputInterface) - m.Load(8, &x.OutputInterfaceMask) - m.Load(9, &x.OutputInterfaceInvert) + m.Load(1, &x.CheckProtocol) + m.Load(2, &x.Dst) + m.Load(3, &x.DstMask) + m.Load(4, &x.DstInvert) + m.Load(5, &x.Src) + m.Load(6, &x.SrcMask) + m.Load(7, &x.SrcInvert) + m.Load(8, &x.OutputInterface) + m.Load(9, &x.OutputInterfaceMask) + m.Load(10, &x.OutputInterfaceInvert) } func (x *linkAddrEntryList) StateTypeName() string { |