From 993fff4e1c6d44dfbbc71c4eb83e9ae35b291549 Mon Sep 17 00:00:00 2001
From: Ghanan Gowripalan <ghanan@google.com>
Date: Sat, 5 Jun 2021 15:03:48 -0700
Subject: Use the NIC packets arrived at when filtering

As per https://linux.die.net/man/8/iptables,
```
Parameters

-i, --in-interface [!] name
    Name of an interface via which a packet was received (only for
    packets entering the INPUT, FORWARD and PREROUTING chains).
```

Before this change, iptables would use the NIC that a packet was
delivered to after forwarding a packet locally (when forwarding is
enabled) instead of the NIC the packet arrived at.

Updates #170, #3549.

Test: iptables_test.TestInputHookWithLocalForwarding
PiperOrigin-RevId: 377714971
---
 pkg/tcpip/stack/packet_buffer.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'pkg/tcpip/stack/packet_buffer.go')

diff --git a/pkg/tcpip/stack/packet_buffer.go b/pkg/tcpip/stack/packet_buffer.go
index 4ca702121..9192d8433 100644
--- a/pkg/tcpip/stack/packet_buffer.go
+++ b/pkg/tcpip/stack/packet_buffer.go
@@ -134,7 +134,7 @@ type PacketBuffer struct {
 	// https://www.man7.org/linux/man-pages/man7/packet.7.html.
 	PktType tcpip.PacketType
 
-	// NICID is the ID of the interface the network packet was received at.
+	// NICID is the ID of the last interface the network packet was handled at.
 	NICID tcpip.NICID
 
 	// RXTransportChecksumValidated indicates that transport checksum verification
-- 
cgit v1.2.3