diff options
author | gVisor bot <gvisor-bot@google.com> | 2021-02-18 20:34:57 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-02-18 20:34:57 +0000 |
commit | bcca56ffe63447c5ef4076c583dfa617d98e15d4 (patch) | |
tree | f34ef2e866a567753f7b94120dc8f3c8a23beeb5 | |
parent | 0ef9a8fc000f529f909b2a373fa43c78122adb9d (diff) | |
parent | 2a2cb29e1cc5c94299b79a3e561d7a6915158ae6 (diff) |
Merge release-20210208.0-71-g2a2cb29e1 (automated)
-rw-r--r-- | pkg/sentry/socket/netstack/netstack.go | 4 | ||||
-rw-r--r-- | pkg/tcpip/header/ipv4.go | 46 | ||||
-rw-r--r-- | pkg/tcpip/network/internal/ip/stats.go | 21 | ||||
-rw-r--r-- | pkg/tcpip/network/ipv4/icmp.go | 2 | ||||
-rw-r--r-- | pkg/tcpip/network/ipv4/igmp.go | 63 | ||||
-rw-r--r-- | pkg/tcpip/network/ipv4/ipv4.go | 138 | ||||
-rw-r--r-- | pkg/tcpip/tcpip.go | 13 |
7 files changed, 217 insertions, 70 deletions
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go index a632b8bcd..f77a867f1 100644 --- a/pkg/sentry/socket/netstack/netstack.go +++ b/pkg/sentry/socket/netstack/netstack.go @@ -184,6 +184,10 @@ var Metrics = tcpip.Stats{ IPTablesPreroutingDropped: mustCreateMetric("/netstack/ip/iptables/prerouting_dropped", "Total number of IP packets dropped in the Prerouting chain."), IPTablesInputDropped: mustCreateMetric("/netstack/ip/iptables/input_dropped", "Total number of IP packets dropped in the Input chain."), IPTablesOutputDropped: mustCreateMetric("/netstack/ip/iptables/output_dropped", "Total number of IP packets dropped in the Output chain."), + OptionTimestampReceived: mustCreateMetric("/netstack/ip/options/timestamp_received", "Total number of timestamp options found in received IP packets."), + OptionRecordRouteReceived: mustCreateMetric("/netstack/ip/options/record_route_received", "Total number of record route options found in received IP packets."), + OptionRouterAlertReceived: mustCreateMetric("/netstack/ip/options/router_alert_received", "Total number of router alert options found in received IP packets."), + OptionUnknownReceived: mustCreateMetric("/netstack/ip/options/unknown_received", "Total number of unknown options found in received IP packets."), }, ARP: tcpip.ARPStats{ PacketsReceived: mustCreateMetric("/netstack/arp/packets_received", "Number of ARP packets received from the link layer."), diff --git a/pkg/tcpip/header/ipv4.go b/pkg/tcpip/header/ipv4.go index 48ca60319..f588311e0 100644 --- a/pkg/tcpip/header/ipv4.go +++ b/pkg/tcpip/header/ipv4.go @@ -519,6 +519,7 @@ func (o *IPv4OptionGeneric) Contents() []byte { return []byte(*o) } // IPv4OptionIterator is an iterator pointing to a specific IP option // at any point of time. It also holds information as to a new options buffer // that we are building up to hand back to the caller. +// TODO(https://gvisor.dev/issues/5513): Add unit tests for IPv4OptionIterator. type IPv4OptionIterator struct { options IPv4Options // ErrCursor is where we are while parsing options. It is exported as any @@ -539,6 +540,15 @@ func (o IPv4Options) MakeIterator() IPv4OptionIterator { } } +// InitReplacement copies the option into the new option buffer. +func (i *IPv4OptionIterator) InitReplacement(option IPv4Option) IPv4Options { + replacementOption := i.RemainingBuffer()[:option.Size()] + if copied := copy(replacementOption, option.Contents()); copied != len(replacementOption) { + panic(fmt.Sprintf("copied %d bytes in the replacement option buffer, expected %d bytes", copied, len(replacementOption))) + } + return replacementOption +} + // RemainingBuffer returns the remaining (unused) part of the new option buffer, // into which a new option may be written. func (i *IPv4OptionIterator) RemainingBuffer() IPv4Options { @@ -649,6 +659,17 @@ func (i *IPv4OptionIterator) Next() (IPv4Option, bool, *IPv4OptParameterProblem) } retval := IPv4OptionRecordRoute(optionBody) return &retval, false, nil + + case IPv4OptionRouterAlertType: + if optLen != IPv4OptionRouterAlertLength { + i.ErrCursor++ + return nil, false, &IPv4OptParameterProblem{ + Pointer: i.ErrCursor, + NeedICMP: true, + } + } + retval := IPv4OptionRouterAlert(optionBody) + return &retval, false, nil } retval := IPv4OptionGeneric(optionBody) return &retval, false, nil @@ -896,11 +917,30 @@ const ( // payload of the router alert option. IPv4OptionRouterAlertValue = 0 - // iPv4OptionRouterAlertValueOffset is the offset for the value of a + // IPv4OptionRouterAlertValueOffset is the offset for the value of a // RouterAlert option. - iPv4OptionRouterAlertValueOffset = 2 + IPv4OptionRouterAlertValueOffset = 2 ) +var _ IPv4Option = (*IPv4OptionRouterAlert)(nil) + +// IPv4OptionRouterAlert is an IPv4 RouterAlert option defined by RFC 2113. +type IPv4OptionRouterAlert []byte + +// Type implements IPv4Option. +func (*IPv4OptionRouterAlert) Type() IPv4OptionType { return IPv4OptionRouterAlertType } + +// Size implements IPv4Option. +func (ra *IPv4OptionRouterAlert) Size() uint8 { return uint8(len(*ra)) } + +// Contents implements IPv4Option. +func (ra *IPv4OptionRouterAlert) Contents() []byte { return []byte(*ra) } + +// Value returns the value of the IPv4OptionRouterAlert. +func (ra *IPv4OptionRouterAlert) Value() uint16 { + return binary.BigEndian.Uint16(ra.Contents()[IPv4OptionRouterAlertValueOffset:]) +} + // IPv4SerializableOption is an interface to represent serializable IPv4 option // types. type IPv4SerializableOption interface { @@ -999,7 +1039,7 @@ func (*IPv4SerializableRouterAlertOption) optionType() IPv4OptionType { // Length implements IPv4SerializableOption. func (*IPv4SerializableRouterAlertOption) length() uint8 { - return IPv4OptionRouterAlertLength - iPv4OptionRouterAlertValueOffset + return IPv4OptionRouterAlertLength - IPv4OptionRouterAlertValueOffset } // SerializeInto implements IPv4SerializableOption. diff --git a/pkg/tcpip/network/internal/ip/stats.go b/pkg/tcpip/network/internal/ip/stats.go index 898f8b356..5f7e60c5c 100644 --- a/pkg/tcpip/network/internal/ip/stats.go +++ b/pkg/tcpip/network/internal/ip/stats.go @@ -68,11 +68,17 @@ type MultiCounterIPStats struct { // Output chain. IPTablesOutputDropped tcpip.MultiCounterStat - // OptionTSReceived is the number of Timestamp options seen. - OptionTSReceived tcpip.MultiCounterStat + // TODO(https://gvisor.dev/issues/5529): Move the IPv4-only option stats out - // OptionRRReceived is the number of Record Route options seen. - OptionRRReceived tcpip.MultiCounterStat + // of IPStats. + // OptionTimestampReceived is the number of Timestamp options seen. + OptionTimestampReceived tcpip.MultiCounterStat + + // OptionRecordRouteReceived is the number of Record Route options seen. + OptionRecordRouteReceived tcpip.MultiCounterStat + + // OptionRouterAlertReceived is the number of Router Alert options seen. + OptionRouterAlertReceived tcpip.MultiCounterStat // OptionUnknownReceived is the number of unknown IP options seen. OptionUnknownReceived tcpip.MultiCounterStat @@ -92,9 +98,10 @@ func (m *MultiCounterIPStats) Init(a, b *tcpip.IPStats) { m.IPTablesPreroutingDropped.Init(a.IPTablesPreroutingDropped, b.IPTablesPreroutingDropped) m.IPTablesInputDropped.Init(a.IPTablesInputDropped, b.IPTablesInputDropped) m.IPTablesOutputDropped.Init(a.IPTablesOutputDropped, b.IPTablesOutputDropped) - m.OptionTSReceived.Init(a.OptionTSReceived, b.OptionTSReceived) - m.OptionRRReceived.Init(a.OptionRRReceived, b.OptionRRReceived) + m.OptionTimestampReceived.Init(a.OptionTimestampReceived, b.OptionTimestampReceived) + m.OptionRecordRouteReceived.Init(a.OptionRecordRouteReceived, b.OptionRecordRouteReceived) + m.OptionRouterAlertReceived.Init(a.OptionRouterAlertReceived, b.OptionRouterAlertReceived) m.OptionUnknownReceived.Init(a.OptionUnknownReceived, b.OptionUnknownReceived) } -// LINT.ThenChange(:MultiCounterIPStats, ../../tcpip.go:IPStats) +// LINT.ThenChange(:MultiCounterIPStats, ../../../tcpip.go:IPStats) diff --git a/pkg/tcpip/network/ipv4/icmp.go b/pkg/tcpip/network/ipv4/icmp.go index b44304cee..bd0eabad1 100644 --- a/pkg/tcpip/network/ipv4/icmp.go +++ b/pkg/tcpip/network/ipv4/icmp.go @@ -214,7 +214,7 @@ func (e *endpoint) handleICMP(pkt *stack.PacketBuffer) { op = &optionUsageReceive{} } var optProblem *header.IPv4OptParameterProblem - newOptions, optProblem = e.processIPOptions(pkt, opts, op) + newOptions, _, optProblem = e.processIPOptions(pkt, opts, op) if optProblem != nil { if optProblem.NeedICMP { _ = e.protocol.returnError(&icmpReasonParamProblem{ diff --git a/pkg/tcpip/network/ipv4/igmp.go b/pkg/tcpip/network/ipv4/igmp.go index 12632aceb..0a15ae897 100644 --- a/pkg/tcpip/network/ipv4/igmp.go +++ b/pkg/tcpip/network/ipv4/igmp.go @@ -145,10 +145,57 @@ func (igmp *igmpState) init(ep *endpoint) { }) } +// Precondition: igmp.ep.mu must be locked. +func (igmp *igmpState) isSourceIPValidLocked(src tcpip.Address, messageType header.IGMPType) bool { + if messageType == header.IGMPMembershipQuery { + // RFC 2236 does not require the IGMP implementation to check the source IP + // for Membership Query messages. + return true + } + + // As per RFC 2236 section 10, + // + // Ignore the Report if you cannot identify the source address of the + // packet as belonging to a subnet assigned to the interface on which the + // packet was received. + // + // Ignore the Leave message if you cannot identify the source address of + // the packet as belonging to a subnet assigned to the interface on which + // the packet was received. + // + // Note: this rule applies to both V1 and V2 Membership Reports. + var isSourceIPValid bool + igmp.ep.mu.addressableEndpointState.ForEachPrimaryEndpoint(func(addressEndpoint stack.AddressEndpoint) bool { + if subnet := addressEndpoint.Subnet(); subnet.Contains(src) { + isSourceIPValid = true + return false + } + return true + }) + + return isSourceIPValid +} + +// Precondition: igmp.ep.mu must be locked. +func (igmp *igmpState) isPacketValidLocked(pkt *stack.PacketBuffer, messageType header.IGMPType, hasRouterAlertOption bool) bool { + // We can safely assume that the IP header is valid if we got this far. + iph := header.IPv4(pkt.NetworkHeader().View()) + + // As per RFC 2236 section 2, + // + // All IGMP messages described in this document are sent with IP TTL 1, and + // contain the IP Router Alert option [RFC 2113] in their IP header. + if !hasRouterAlertOption || iph.TTL() != header.IGMPTTL { + return false + } + + return igmp.isSourceIPValidLocked(iph.SourceAddress(), messageType) +} + // handleIGMP handles an IGMP packet. // // Precondition: igmp.ep.mu must be locked. -func (igmp *igmpState) handleIGMP(pkt *stack.PacketBuffer) { +func (igmp *igmpState) handleIGMP(pkt *stack.PacketBuffer, hasRouterAlertOption bool) { received := igmp.ep.stats.igmp.packetsReceived headerView, ok := pkt.Data.PullUp(header.IGMPMinimumSize) if !ok { @@ -168,30 +215,38 @@ func (igmp *igmpState) handleIGMP(pkt *stack.PacketBuffer) { return } + isValid := func(minimumSize int) bool { + return len(headerView) >= minimumSize && igmp.isPacketValidLocked(pkt, h.Type(), hasRouterAlertOption) + } + switch h.Type() { case header.IGMPMembershipQuery: received.membershipQuery.Increment() - if len(headerView) < header.IGMPQueryMinimumSize { + if !isValid(header.IGMPQueryMinimumSize) { received.invalid.Increment() return } igmp.handleMembershipQuery(h.GroupAddress(), h.MaxRespTime()) case header.IGMPv1MembershipReport: received.v1MembershipReport.Increment() - if len(headerView) < header.IGMPReportMinimumSize { + if !isValid(header.IGMPReportMinimumSize) { received.invalid.Increment() return } igmp.handleMembershipReport(h.GroupAddress()) case header.IGMPv2MembershipReport: received.v2MembershipReport.Increment() - if len(headerView) < header.IGMPReportMinimumSize { + if !isValid(header.IGMPReportMinimumSize) { received.invalid.Increment() return } igmp.handleMembershipReport(h.GroupAddress()) case header.IGMPLeaveGroup: received.leaveGroup.Increment() + if !isValid(header.IGMPLeaveMessageMinimumSize) { + received.invalid.Increment() + return + } // As per RFC 2236 Section 6, Page 7: "IGMP messages other than Query or // Report, are ignored in all states" diff --git a/pkg/tcpip/network/ipv4/ipv4.go b/pkg/tcpip/network/ipv4/ipv4.go index 250e4846a..4a429ea6c 100644 --- a/pkg/tcpip/network/ipv4/ipv4.go +++ b/pkg/tcpip/network/ipv4/ipv4.go @@ -562,7 +562,7 @@ func (e *endpoint) forwardPacket(pkt *stack.PacketBuffer) tcpip.Error { } if opts := h.Options(); len(opts) != 0 { - newOpts, optProblem := e.processIPOptions(pkt, opts, &optionUsageForward{}) + newOpts, _, optProblem := e.processIPOptions(pkt, opts, &optionUsageForward{}) if optProblem != nil { if optProblem.NeedICMP { _ = e.protocol.returnError(&icmpReasonParamProblem{ @@ -776,7 +776,7 @@ func (e *endpoint) handlePacket(pkt *stack.PacketBuffer) { // If there are options we need to check them before we do assembly // or we could be assembling errant packets. However we do not change the // options as that could lead to double processing later. - if _, optProblem := e.processIPOptions(pkt, opts, &optionUsageVerify{}); optProblem != nil { + if _, _, optProblem := e.processIPOptions(pkt, opts, &optionUsageVerify{}); optProblem != nil { if optProblem.NeedICMP { _ = e.protocol.returnError(&icmpReasonParamProblem{ pointer: optProblem.Pointer, @@ -846,8 +846,9 @@ func (e *endpoint) handlePacket(pkt *stack.PacketBuffer) { return } // ICMP handles options itself but do it here for all remaining destinations. + var hasRouterAlertOption bool if opts := h.Options(); len(opts) != 0 { - newOpts, optProblem := e.processIPOptions(pkt, opts, &optionUsageReceive{}) + newOpts, processedOpts, optProblem := e.processIPOptions(pkt, opts, &optionUsageReceive{}) if optProblem != nil { if optProblem.NeedICMP { _ = e.protocol.returnError(&icmpReasonParamProblem{ @@ -858,6 +859,7 @@ func (e *endpoint) handlePacket(pkt *stack.PacketBuffer) { } return } + hasRouterAlertOption = processedOpts.routerAlert copied := copy(opts, newOpts) if copied != len(newOpts) { panic(fmt.Sprintf("copied %d bytes of new options, expected %d bytes", copied, len(newOpts))) @@ -869,7 +871,7 @@ func (e *endpoint) handlePacket(pkt *stack.PacketBuffer) { } if p == header.IGMPProtocolNumber { e.mu.Lock() - e.mu.igmp.handleIGMP(pkt) + e.mu.igmp.handleIGMP(pkt, hasRouterAlertOption) e.mu.Unlock() return } @@ -1291,9 +1293,12 @@ type optionActions struct { // timestamp controls what to do with a Timestamp option. timestamp optionAction - // recordroute controls what to do with a Record Route option. + // recordRoute controls what to do with a Record Route option. recordRoute optionAction + // routerAlert controls what to do with a Router Alert option. + routerAlert optionAction + // unknown controls what to do with an unknown option. unknown optionAction } @@ -1314,6 +1319,7 @@ func (*optionUsageVerify) actions() optionActions { return optionActions{ timestamp: optionVerify, recordRoute: optionVerify, + routerAlert: optionVerify, unknown: optionRemove, } } @@ -1327,6 +1333,7 @@ func (*optionUsageReceive) actions() optionActions { return optionActions{ timestamp: optionProcess, recordRoute: optionProcess, + routerAlert: optionVerify, unknown: optionPass, } } @@ -1341,6 +1348,7 @@ func (*optionUsageForward) actions() optionActions { return optionActions{ timestamp: optionProcess, recordRoute: optionProcess, + routerAlert: optionVerify, unknown: optionPass, } } @@ -1354,6 +1362,7 @@ func (*optionUsageEcho) actions() optionActions { return optionActions{ timestamp: optionProcess, recordRoute: optionProcess, + routerAlert: optionVerify, unknown: optionRemove, } } @@ -1551,45 +1560,64 @@ func handleRecordRoute(rrOpt header.IPv4OptionRecordRoute, localAddress tcpip.Ad return nil } +// handleRouterAlert performs sanity checks on a Router Alert option. +func handleRouterAlert(raOpt header.IPv4OptionRouterAlert) *header.IPv4OptParameterProblem { + // Only the zero value is acceptable, as per RFC 2113, section 2.1: + // Value: A two octet code with the following values: + // 0 - Router shall examine packet + // 1-65535 - Reserved + if raOpt.Value() != header.IPv4OptionRouterAlertValue { + return &header.IPv4OptParameterProblem{ + Pointer: header.IPv4OptionRouterAlertValueOffset, + NeedICMP: true, + } + } + return nil +} + +type optionTracker struct { + timestamp bool + recordRoute bool + routerAlert bool +} + // processIPOptions parses the IPv4 options and produces a new set of options // suitable for use in the next step of packet processing as informed by usage. // The original will not be touched. // -// Returns -// - The location of an error if there was one (or 0 if no error) -// - If there is an error, information as to what it was was. -// - The replacement option set. -func (e *endpoint) processIPOptions(pkt *stack.PacketBuffer, orig header.IPv4Options, usage optionsUsage) (header.IPv4Options, *header.IPv4OptParameterProblem) { +// If there were no errors during parsing, the new set of options is returned as +// a new buffer. +func (e *endpoint) processIPOptions(pkt *stack.PacketBuffer, orig header.IPv4Options, usage optionsUsage) (header.IPv4Options, optionTracker, *header.IPv4OptParameterProblem) { stats := e.stats.ip opts := header.IPv4Options(orig) optIter := opts.MakeIterator() - // Each option other than NOP must only appear (RFC 791 section 3.1, at the - // definition of every type). Keep track of each of the possible types in - // the 8 bit 'type' field. + // Except NOP, each option must only appear at most once (RFC 791 section 3.1, + // at the definition of every type). + // Keep track of each option we find to enable duplicate option detection. var seenOptions [math.MaxUint8 + 1]bool - // TODO(gvisor.dev/issue/4586): - // This will need tweaking when we start really forwarding packets - // as we may need to get two addresses, for rx and tx interfaces. - // We will also have to take usage into account. + // TODO(https://gvisor.dev/issue/4586): This will need tweaking when we start + // really forwarding packets as we may need to get two addresses, for rx and + // tx interfaces. We will also have to take usage into account. prefixedAddress, ok := e.protocol.stack.GetMainNICAddress(e.nic.ID(), ProtocolNumber) localAddress := prefixedAddress.Address if !ok { h := header.IPv4(pkt.NetworkHeader().View()) dstAddr := h.DestinationAddress() if pkt.NetworkPacketInfo.LocalAddressBroadcast || header.IsV4MulticastAddress(dstAddr) { - return nil, &header.IPv4OptParameterProblem{ + return nil, optionTracker{}, &header.IPv4OptParameterProblem{ NeedICMP: false, } } localAddress = dstAddr } + var optionsProcessed optionTracker for { option, done, optProblem := optIter.Next() if done || optProblem != nil { - return optIter.Finalize(), optProblem + return optIter.Finalize(), optionsProcessed, optProblem } optType := option.Type() if optType == header.IPv4OptionNOPType { @@ -1598,53 +1626,61 @@ func (e *endpoint) processIPOptions(pkt *stack.PacketBuffer, orig header.IPv4Opt } if optType == header.IPv4OptionListEndType { optIter.PushNOPOrEnd(optType) - return optIter.Finalize(), nil + return optIter.Finalize(), optionsProcessed, nil } // check for repeating options (multiple NOPs are OK) if seenOptions[optType] { - return nil, &header.IPv4OptParameterProblem{ + return nil, optionTracker{}, &header.IPv4OptParameterProblem{ Pointer: optIter.ErrCursor, NeedICMP: true, } } seenOptions[optType] = true - optLen := int(option.Size()) - switch option := option.(type) { - case *header.IPv4OptionTimestamp: - stats.OptionTSReceived.Increment() - if usage.actions().timestamp != optionRemove { - clock := e.protocol.stack.Clock() - newBuffer := optIter.RemainingBuffer()[:len(*option)] - _ = copy(newBuffer, option.Contents()) - if optProblem := handleTimestamp(header.IPv4OptionTimestamp(newBuffer), localAddress, clock, usage); optProblem != nil { - optProblem.Pointer += optIter.ErrCursor - return nil, optProblem + optLen, optProblem := func() (int, *header.IPv4OptParameterProblem) { + switch option := option.(type) { + case *header.IPv4OptionTimestamp: + stats.OptionTimestampReceived.Increment() + optionsProcessed.timestamp = true + if usage.actions().timestamp != optionRemove { + clock := e.protocol.stack.Clock() + newBuffer := optIter.InitReplacement(option) + optProblem := handleTimestamp(header.IPv4OptionTimestamp(newBuffer), localAddress, clock, usage) + return len(newBuffer), optProblem } - optIter.ConsumeBuffer(optLen) - } - case *header.IPv4OptionRecordRoute: - stats.OptionRRReceived.Increment() - if usage.actions().recordRoute != optionRemove { - newBuffer := optIter.RemainingBuffer()[:len(*option)] - _ = copy(newBuffer, option.Contents()) - if optProblem := handleRecordRoute(header.IPv4OptionRecordRoute(newBuffer), localAddress, usage); optProblem != nil { - optProblem.Pointer += optIter.ErrCursor - return nil, optProblem + case *header.IPv4OptionRecordRoute: + stats.OptionRecordRouteReceived.Increment() + optionsProcessed.recordRoute = true + if usage.actions().recordRoute != optionRemove { + newBuffer := optIter.InitReplacement(option) + optProblem := handleRecordRoute(header.IPv4OptionRecordRoute(newBuffer), localAddress, usage) + return len(newBuffer), optProblem } - optIter.ConsumeBuffer(optLen) - } - default: - stats.OptionUnknownReceived.Increment() - if usage.actions().unknown == optionPass { - newBuffer := optIter.RemainingBuffer()[:optLen] - // Arguments already heavily checked.. ignore result. - _ = copy(newBuffer, option.Contents()) - optIter.ConsumeBuffer(optLen) + case *header.IPv4OptionRouterAlert: + stats.OptionRouterAlertReceived.Increment() + optionsProcessed.routerAlert = true + if usage.actions().routerAlert != optionRemove { + newBuffer := optIter.InitReplacement(option) + optProblem := handleRouterAlert(header.IPv4OptionRouterAlert(newBuffer)) + return len(newBuffer), optProblem + } + + default: + stats.OptionUnknownReceived.Increment() + if usage.actions().unknown == optionPass { + return len(optIter.InitReplacement(option)), nil + } } + return 0, nil + }() + + if optProblem != nil { + optProblem.Pointer += optIter.ErrCursor + return nil, optionTracker{}, optProblem } + optIter.ConsumeBuffer(optLen) } } diff --git a/pkg/tcpip/tcpip.go b/pkg/tcpip/tcpip.go index ba063dc26..01a4389e3 100644 --- a/pkg/tcpip/tcpip.go +++ b/pkg/tcpip/tcpip.go @@ -1581,11 +1581,16 @@ type IPStats struct { // the Output chain. IPTablesOutputDropped *StatCounter - // OptionTSReceived is the number of Timestamp options seen. - OptionTSReceived *StatCounter + // TODO(https://gvisor.dev/issues/5529): Move the IPv4-only option stats out + // of IPStats. + // OptionTimestampReceived is the number of Timestamp options seen. + OptionTimestampReceived *StatCounter - // OptionRRReceived is the number of Record Route options seen. - OptionRRReceived *StatCounter + // OptionRecordRouteReceived is the number of Record Route options seen. + OptionRecordRouteReceived *StatCounter + + // OptionRouterAlertReceived is the number of Router Alert options seen. + OptionRouterAlertReceived *StatCounter // OptionUnknownReceived is the number of unknown IP options seen. OptionUnknownReceived *StatCounter |