From ff719159befaee7d2abcfeb88905a7486cd34845 Mon Sep 17 00:00:00 2001
From: Kevin Krakauer <krakauer@google.com>
Date: Thu, 9 Jan 2020 15:38:21 -0800
Subject: Confirmed that it works if I hardcode 17 in for pkt.Protocol. Need to
 address parsing the packet early :(

---
 pkg/tcpip/iptables/iptables.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'pkg/tcpip/iptables/iptables.go')

diff --git a/pkg/tcpip/iptables/iptables.go b/pkg/tcpip/iptables/iptables.go
index b8d70ec1e..4e1700fdb 100644
--- a/pkg/tcpip/iptables/iptables.go
+++ b/pkg/tcpip/iptables/iptables.go
@@ -188,9 +188,9 @@ func (it *IPTables) checkRule(hook Hook, pkt tcpip.PacketBuffer, table Table, ru
 
 	// First check whether the packet matches the IP header filter.
 	// TODO(gvisor.dev/issue/170): Support other fields of the filter.
-	// if rule.Filter.Protocol != pkt.Protocol {
-	// 	return Continue
-	// }
+	if rule.Filter.Protocol != pkt.Protocol {
+		return Continue
+	}
 
 	// Go through each rule matcher. If they all match, run
 	// the rule target.
-- 
cgit v1.2.3