summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/kernel/ipc_namespace.go
diff options
context:
space:
mode:
authorChris Kuiper <ckuiper@google.com>2019-08-26 12:28:26 -0700
committergVisor bot <gvisor-bot@google.com>2019-08-26 12:29:47 -0700
commitac2200b8a9c269926d2eb98a7c23be79b4738fcf (patch)
tree54ecc7a9a36ec1f65d8659de1f3cae1da1e5d64f /pkg/sentry/kernel/ipc_namespace.go
parentc9c52c024cf20c1c66327171af4287129724326e (diff)
Prevent a network endpoint to send/rcv if its address was removed
This addresses the problem where an endpoint has its address removed but still has outstanding references held by routes used in connected TCP/UDP sockets which prevent the removal of the endpoint. The fix adds a new "expired" flag to the referenced network endpoint, which is set when an endpoint has its address removed. Incoming packets are not delivered to an expired endpoint (unless in promiscuous mode), while sending outgoing packets triggers an error to the caller (unless in spoofing mode). In addition, a few helper functions were added to stack_test.go to reduce code duplications. PiperOrigin-RevId: 265514326
Diffstat (limited to 'pkg/sentry/kernel/ipc_namespace.go')
0 files changed, 0 insertions, 0 deletions