Merge branch 'master' into ipt-udp-matchers

author: Kevin Krakauer <krakauer@google.com> 2020-01-24 10:42:43 -0800
committer: Kevin Krakauer <krakauer@google.com> 2020-01-24 10:42:43 -0800
commit: 7636478a316692328097c9e70d38ff878539afb3 (patch)
tree: 637787744e7f6a10bb4a5acb926447d451cb500f /pkg/sentry/socket
parent: b7853f688b4bcd3465c0c3087fcbd8d53bdf26ae (diff)
parent: 3db317390b5cc491d680fc4a5fc7b8372890b4da (diff)
2 files changed, 4 insertions, 2 deletions
diff --git a/pkg/sentry/socket/netfilter/netfilter.go b/pkg/sentry/socket/netfilter/netfilter.go
index b49fe5b3e..3ca22932d 100644
--- a/pkg/sentry/socket/netfilter/netfilter.go
+++ b/pkg/sentry/socket/netfilter/netfilter.go
@@ -596,7 +596,7 @@ func parseTarget(optVal []byte) (iptables.Target, *syserr.Error) {
 
 func filterFromIPTIP(iptip linux.IPTIP) (iptables.IPHeaderFilter, *syserr.Error) {
 	if containsUnsupportedFields(iptip) {
-		log.Warningf("netfilter: unsupported fields in struct iptip: %+v")
+		log.Warningf("netfilter: unsupported fields in struct iptip: %+v", iptip)
 		return iptables.IPHeaderFilter{}, syserr.ErrInvalidArgument
 	}
 	return iptables.IPHeaderFilter{
@@ -609,6 +609,7 @@ func containsUnsupportedFields(iptip linux.IPTIP) bool {
 	var emptyInetAddr = linux.InetAddr{}
 	var emptyInterface = [linux.IFNAMSIZ]byte{}
 	return iptip.Dst != emptyInetAddr ||
+		iptip.Src != emptyInetAddr ||
 		iptip.SrcMask != emptyInetAddr ||
 		iptip.DstMask != emptyInetAddr ||
 		iptip.InputInterface != emptyInterface ||
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index 2662fbc0f..318acbeff 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -150,7 +150,8 @@ var Metrics = tcpip.Stats{
 	TCP: tcpip.TCPStats{
 		ActiveConnectionOpenings:           mustCreateMetric("/netstack/tcp/active_connection_openings", "Number of connections opened successfully via Connect."),
 		PassiveConnectionOpenings:          mustCreateMetric("/netstack/tcp/passive_connection_openings", "Number of connections opened successfully via Listen."),
-		CurrentEstablished:                 mustCreateMetric("/netstack/tcp/current_established", "Number of connections in either ESTABLISHED or CLOSE-WAIT state now."),
+		CurrentEstablished:                 mustCreateMetric("/netstack/tcp/current_established", "Number of connections in ESTABLISHED state now."),
+		CurrentConnected:                   mustCreateMetric("/netstack/tcp/current_open", "Number of connections that are in connected state."),
 		EstablishedResets:                  mustCreateMetric("/netstack/tcp/established_resets", "Number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state"),
 		EstablishedClosed:                  mustCreateMetric("/netstack/tcp/established_closed", "number of times established TCP connections made a transition to CLOSED state."),
 		EstablishedTimedout:                mustCreateMetric("/netstack/tcp/established_timedout", "Number of times  an established connection was reset because of keep-alive time out."),
author	Kevin Krakauer <krakauer@google.com>	2020-01-24 10:42:43 -0800
committer	Kevin Krakauer <krakauer@google.com>	2020-01-24 10:42:43 -0800
commit	7636478a316692328097c9e70d38ff878539afb3 (patch)
tree	637787744e7f6a10bb4a5acb926447d451cb500f /pkg/sentry/socket
parent	b7853f688b4bcd3465c0c3087fcbd8d53bdf26ae (diff)
parent	3db317390b5cc491d680fc4a5fc7b8372890b4da (diff)