summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket
diff options
context:
space:
mode:
authorGhanan Gowripalan <ghanan@google.com>2020-09-29 16:52:14 -0700
committergVisor bot <gvisor-bot@google.com>2020-09-29 16:54:23 -0700
commit6ae83404afcfdcc02966487973eef354969984f5 (patch)
tree1f9ad531163862b21eb6b05805e0a61db47362d5 /pkg/sentry/socket
parent4a428b13b20baf055e7e70ecb51a87299f0c6d8e (diff)
Don't allow broadcast/multicast source address
As per relevant IP RFCS (see code comments), broadcast (for IPv4) and multicast addresses are not allowed. Currently checks for these are done at the transport layer, but since it is explicitly forbidden at the IP layers, check for them there. This change also removes the UDP.InvalidSourceAddress stat since there is no longer a need for it. Test: ip_test.TestSourceAddressValidation PiperOrigin-RevId: 334490971
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r--pkg/sentry/socket/netstack/netstack.go1
1 files changed, 0 insertions, 1 deletions
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index 20f66fbf1..335822c0e 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -198,7 +198,6 @@ var Metrics = tcpip.Stats{
PacketsSent: mustCreateMetric("/netstack/udp/packets_sent", "Number of UDP datagrams sent."),
PacketSendErrors: mustCreateMetric("/netstack/udp/packet_send_errors", "Number of UDP datagrams failed to be sent."),
ChecksumErrors: mustCreateMetric("/netstack/udp/checksum_errors", "Number of UDP datagrams dropped due to bad checksums."),
- InvalidSourceAddress: mustCreateMetric("/netstack/udp/invalid_source", "Number of UDP datagrams dropped due to invalid source address."),
},
}