Validate IGMP packets

This change also adds support for Router Alert option processing on
incoming packets, a new stat for Router Alert option, and exports
all the IP-option related stats.

Fixes #5491

PiperOrigin-RevId: 358238123

1 files changed, 4 insertions, 0 deletions

diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index a632b8bcd..f77a867f1 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -184,6 +184,10 @@ var Metrics = tcpip.Stats{
 		IPTablesPreroutingDropped:           mustCreateMetric("/netstack/ip/iptables/prerouting_dropped", "Total number of IP packets dropped in the Prerouting chain."),
 		IPTablesInputDropped:                mustCreateMetric("/netstack/ip/iptables/input_dropped", "Total number of IP packets dropped in the Input chain."),
 		IPTablesOutputDropped:               mustCreateMetric("/netstack/ip/iptables/output_dropped", "Total number of IP packets dropped in the Output chain."),
+		OptionTimestampReceived:             mustCreateMetric("/netstack/ip/options/timestamp_received", "Total number of timestamp options found in received IP packets."),
+		OptionRecordRouteReceived:           mustCreateMetric("/netstack/ip/options/record_route_received", "Total number of record route options found in received IP packets."),
+		OptionRouterAlertReceived:           mustCreateMetric("/netstack/ip/options/router_alert_received", "Total number of router alert options found in received IP packets."),
+		OptionUnknownReceived:               mustCreateMetric("/netstack/ip/options/unknown_received", "Total number of unknown options found in received IP packets."),
 	},
 	ARP: tcpip.ARPStats{
 		PacketsReceived:                                 mustCreateMetric("/netstack/arp/packets_received", "Number of ARP packets received from the link layer."),