Skip to content

Commit a15d70c

Browse files
kerumetogvisor-bot
kerumeto
authored and
gvisor-bot
committed
Unbreak Linux tests.
This change finishes unbreaking the majority of Linux tests for nftables. A few error case tests are left for future debugging. Updates #11778 PiperOrigin-RevId: 798387063
1 parent b7cd652 commit a15d70c

File tree

2 files changed

+70
-118
lines changed

2 files changed

+70
-118
lines changed

pkg/sentry/socket/netlink/netfilter/protocol.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -211,7 +211,9 @@ func (p *Protocol) getTable(nft *nftables.NFTables, attrs map[uint16]nlmsg.Bytes
211211
return syserr.NewAnnotatedError(syserr.ErrInvalidArgument, fmt.Sprintf("Nftables: Table name attribute is malformed or not found"))
212212
}
213213

214-
tab, err := nft.GetTable(family, tabNameBytes.String(), uint32(ms.PortID))
214+
// Tables can be retrieved by anybody, so we pass in 0 as the port ID.
215+
// From net/netfilter/nf_tables_api.c:nf_tables_gettable
216+
tab, err := nft.GetTable(family, tabNameBytes.String(), 0)
215217
if err != nil {
216218
return err
217219
}
@@ -556,7 +558,10 @@ func (p *Protocol) getChain(nft *nftables.NFTables, attrs map[uint16]nlmsg.Bytes
556558
}
557559

558560
tabName := tabNameBytes.String()
559-
tab, err := nft.GetTable(family, tabName, uint32(ms.PortID))
561+
562+
// Tables can be retrieved by anybody, so we pass in 0 for the port id.
563+
// From net/netfilter/nf_tables_api.c:nf_tables_getchain
564+
tab, err := nft.GetTable(family, tabName, 0)
560565
if err != nil {
561566
return err
562567
}

0 commit comments

Comments
 (0)