From 182f66ee5e6dc0206531a31f4d0d66cbb58e8a76 Mon Sep 17 00:00:00 2001 From: Kevin Krakauer Date: Wed, 19 Aug 2020 13:45:20 -0700 Subject: ip6tables: move ipv4-specific logic into its own file A later change will introduce the equivalent IPv6 logic. #3549 PiperOrigin-RevId: 327499064 --- pkg/sentry/socket/netstack/netstack.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'pkg/sentry/socket/netstack/netstack.go') diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go index e4846bc0b..0e5913b60 100644 --- a/pkg/sentry/socket/netstack/netstack.go +++ b/pkg/sentry/socket/netstack/netstack.go @@ -949,6 +949,9 @@ func (s *SocketOperations) GetSockOpt(t *kernel.Task, level, name int, outPtr us if outLen < linux.SizeOfIPTGetinfo { return nil, syserr.ErrInvalidArgument } + if s.family != linux.AF_INET { + return nil, syserr.ErrInvalidArgument + } stack := inet.StackFromContext(t) if stack == nil { @@ -964,12 +967,15 @@ func (s *SocketOperations) GetSockOpt(t *kernel.Task, level, name int, outPtr us if outLen < linux.SizeOfIPTGetEntries { return nil, syserr.ErrInvalidArgument } + if s.family != linux.AF_INET { + return nil, syserr.ErrInvalidArgument + } stack := inet.StackFromContext(t) if stack == nil { return nil, syserr.ErrNoDevice } - entries, err := netfilter.GetEntries(t, stack.(*Stack).Stack, outPtr, outLen) + entries, err := netfilter.GetEntries4(t, stack.(*Stack).Stack, outPtr, outLen) if err != nil { return nil, err } @@ -1650,12 +1656,15 @@ func (s *SocketOperations) SetSockOpt(t *kernel.Task, level int, name int, optVa return nil } - if s.skType == linux.SOCK_RAW && level == linux.IPPROTO_IP { + if s.skType == linux.SOCK_RAW && level == linux.SOL_IP { switch name { case linux.IPT_SO_SET_REPLACE: if len(optVal) < linux.SizeOfIPTReplace { return syserr.ErrInvalidArgument } + if s.family != linux.AF_INET { + return syserr.ErrInvalidArgument + } stack := inet.StackFromContext(t) if stack == nil { -- cgit v1.2.3