diff options
author | Chris Kuiper <ckuiper@google.com> | 2019-08-26 12:28:26 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-08-26 12:29:47 -0700 |
commit | ac2200b8a9c269926d2eb98a7c23be79b4738fcf (patch) | |
tree | 54ecc7a9a36ec1f65d8659de1f3cae1da1e5d64f /pkg/sentry/kernel/auth/auth.go | |
parent | c9c52c024cf20c1c66327171af4287129724326e (diff) |
Prevent a network endpoint to send/rcv if its address was removed
This addresses the problem where an endpoint has its address removed but still
has outstanding references held by routes used in connected TCP/UDP sockets
which prevent the removal of the endpoint.
The fix adds a new "expired" flag to the referenced network endpoint, which is
set when an endpoint has its address removed. Incoming packets are not
delivered to an expired endpoint (unless in promiscuous mode), while sending
outgoing packets triggers an error to the caller (unless in spoofing mode).
In addition, a few helper functions were added to stack_test.go to reduce
code duplications.
PiperOrigin-RevId: 265514326
Diffstat (limited to 'pkg/sentry/kernel/auth/auth.go')
0 files changed, 0 insertions, 0 deletions