diff options
author | Ian Gudger <igudger@google.com> | 2020-04-06 16:27:38 -0700 |
---|---|---|
committer | Ian Gudger <igudger@google.com> | 2020-04-07 12:48:13 -0700 |
commit | dc2f198866c5fd8162a79978eb3633975d3ba11f (patch) | |
tree | d2458dfe8dcc0e4aef6cc21d139b83624a8e9a59 | |
parent | 9cb1a44c89837ce90a0be400c98c912cf0731253 (diff) |
Update networking security blog post
-rw-r--r-- | content/blog/2_networking_security/index.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/content/blog/2_networking_security/index.md b/content/blog/2_networking_security/index.md index 6558c8384..1bab822f1 100644 --- a/content/blog/2_networking_security/index.md +++ b/content/blog/2_networking_security/index.md @@ -37,7 +37,7 @@ Figure 1: Netstack and gVisor ## Writing a network stack -Netstack was written from scratch specifically for gVisor. There are now other users (e.g. [Fuchsia](https://fuchsia.googlesource.com/fuchsia/+/refs/heads/master/src/connectivity/network/netstack/)), but they came later. As we discussed, a custom network stack has enabled a variety of security-related goals which would not have been possible any other way. This came at a cost though. Network stacks are complex and writing a new one comes with many challenges, mostly related to application compatibility and performance. +Netstack was written from scratch specifically for gVisor. Because Netstack was designed and implemented to be modular, flexible and self-contained, there are now several more projects using Netstack in creative and exciting ways. As we discussed, a custom network stack has enabled a variety of security-related goals which would not have been possible any other way. This came at a cost though. Network stacks are complex and writing a new one comes with many challenges, mostly related to application compatibility and performance. Compatibility issues typically come in two forms: missing features, and features with behavior that differs from Linux (usually due to bugs). Both of these are inevitable in an implementation of a complex system spanning many quickly evolving and ambiguous standards. However, we have invested heavily in this area, and the vast majority of applications have no issues using Netstack. For example, [we now support setting 34 different socket options](https://github.com/google/gvisor/blob/815df2959a76e4a19f5882e40402b9bbca9e70be/pkg/sentry/socket/netstack/netstack.go#L830-L1764) versus [only 7 in our initial git commit](https://github.com/google/gvisor/blob/d02b74a5dcfed4bfc8f2f8e545bca4d2afabb296/pkg/sentry/socket/epsocket/epsocket.go#L445-L702). We are continuing to make good progress in this area. |