summaryrefslogtreecommitdiffhomepage
path: root/content/blog
diff options
context:
space:
mode:
authorIan Gudger <igudger@google.com>2020-04-06 16:27:38 -0700
committerIan Gudger <igudger@google.com>2020-04-07 12:48:13 -0700
commitdc2f198866c5fd8162a79978eb3633975d3ba11f (patch)
treed2458dfe8dcc0e4aef6cc21d139b83624a8e9a59 /content/blog
parent9cb1a44c89837ce90a0be400c98c912cf0731253 (diff)
Update networking security blog post
Diffstat (limited to 'content/blog')
-rw-r--r--content/blog/2_networking_security/index.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/content/blog/2_networking_security/index.md b/content/blog/2_networking_security/index.md
index 6558c8384..1bab822f1 100644
--- a/content/blog/2_networking_security/index.md
+++ b/content/blog/2_networking_security/index.md
@@ -37,7 +37,7 @@ Figure 1: Netstack and gVisor
## Writing a network stack
-Netstack was written from scratch specifically for gVisor. There are now other users (e.g. [Fuchsia](https://fuchsia.googlesource.com/fuchsia/+/refs/heads/master/src/connectivity/network/netstack/)), but they came later. As we discussed, a custom network stack has enabled a variety of security-related goals which would not have been possible any other way. This came at a cost though. Network stacks are complex and writing a new one comes with many challenges, mostly related to application compatibility and performance.
+Netstack was written from scratch specifically for gVisor. Because Netstack was designed and implemented to be modular, flexible and self-contained, there are now several more projects using Netstack in creative and exciting ways. As we discussed, a custom network stack has enabled a variety of security-related goals which would not have been possible any other way. This came at a cost though. Network stacks are complex and writing a new one comes with many challenges, mostly related to application compatibility and performance.
Compatibility issues typically come in two forms: missing features, and features with behavior that differs from Linux (usually due to bugs). Both of these are inevitable in an implementation of a complex system spanning many quickly evolving and ambiguous standards. However, we have invested heavily in this area, and the vast majority of applications have no issues using Netstack. For example, [we now support setting 34 different socket options](https://github.com/google/gvisor/blob/815df2959a76e4a19f5882e40402b9bbca9e70be/pkg/sentry/socket/netstack/netstack.go#L830-L1764) versus [only 7 in our initial git commit](https://github.com/google/gvisor/blob/d02b74a5dcfed4bfc8f2f8e545bca4d2afabb296/pkg/sentry/socket/epsocket/epsocket.go#L445-L702). We are continuing to make good progress in this area.