summaryrefslogtreecommitdiffhomepage
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/sentry/socket/netfilter/netfilter.go3
-rw-r--r--pkg/tcpip/iptables/types.go21
-rw-r--r--pkg/tcpip/packet_buffer.go25
3 files changed, 10 insertions, 39 deletions
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go
index 09a3276c7..4ef8123ac 100644
--- a/pkg/sentry/socket/netfilter/netfilter.go
+++ b/pkg/sentry/socket/netfilter/netfilter.go
@@ -164,6 +164,9 @@ func convertNetstackToBinary(tablename string, table iptables.Table) (linux.Kern
// Each rule corresponds to an entry.
entry := linux.KernelIPTEntry{
IPTEntry: linux.IPTEntry{
+ IP: linux.IPTIP{
+ Protocol: uint16(rule.Filter.Protocol),
+ },
NextOffset: linux.SizeOfIPTEntry,
TargetOffset: linux.SizeOfIPTEntry,
},
diff --git a/pkg/tcpip/iptables/types.go b/pkg/tcpip/iptables/types.go
index 4f2a4d65e..a0bfc8b41 100644
--- a/pkg/tcpip/iptables/types.go
+++ b/pkg/tcpip/iptables/types.go
@@ -14,7 +14,9 @@
package iptables
-import "gvisor.dev/gvisor/pkg/tcpip"
+import (
+ "gvisor.dev/gvisor/pkg/tcpip"
+)
// A Hook specifies one of the hooks built into the network stack.
//
@@ -161,21 +163,10 @@ type Rule struct {
Target Target
}
-// TODO: This is gross.
-// TODO: Save this in SetEntries.
-// TODO: Utilize this when traversing tables.
+// IPHeaderFilter holds basic IP filtering data common to every rule.
type IPHeaderFilter struct {
- Source [4]byte
- Destination [4]byte
- SourceMask [4]byte
- DestinationMask [4]byte
- OutputInterface string
- InputInterface string
- OutputInterfaceMask string
- InputInterfaceMask string
- Protocol tcpip.TransportProtocolNumber
- Flags uint8
- InverseFlags uint8
+ // Protocol matches the transport protocol.
+ Protocol tcpip.TransportProtocolNumber
}
// A Matcher is the interface for matching packets.
diff --git a/pkg/tcpip/packet_buffer.go b/pkg/tcpip/packet_buffer.go
index 7a036b93c..ab24372e7 100644
--- a/pkg/tcpip/packet_buffer.go
+++ b/pkg/tcpip/packet_buffer.go
@@ -13,9 +13,7 @@
package tcpip
-import (
- "gvisor.dev/gvisor/pkg/tcpip/buffer"
-)
+import "gvisor.dev/gvisor/pkg/tcpip/buffer"
// A PacketBuffer contains all the data of a network packet.
//
@@ -67,24 +65,3 @@ func (pk PacketBuffer) Clone() PacketBuffer {
pk.Data = pk.Data.Clone(nil)
return pk
}
-
-//// TransportProtocol returns the transport protocol of pk.
-////
-//// Precondition: pk.NetworkHeader is set.
-//func (pk PacketBuffer) TransportProtocolIPv4() uint16 {
-// if pk.NetworkHeader == nil {
-// panic("This should only be called when pk.NetworkHeader is set.")
-// }
-// return header.IPv4(pk.NetworkHeader).TransportProtocol()
-//}
-
-// func (pk Packet) findNetHeader() header.IPv4 {
-// // Inbound:
-// // Data holds everything, but may have had some headers shaved off.
-// // Figure out whether it's set or still somewhere in data and return
-// // appropriately.
-
-// // Outbound:
-// // NetworkHeader will be set if we've added one. Otherwise there's no
-// // header.
-// }
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 03:09:21 +0000