Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-04-12 | Merge release-20210408.0-22-g982fc8b57 (automated) | gVisor bot | |
2021-04-12 | [op] Use faster go_marshal methods in netfilter. | Ayush Ranjan | |
Use MarshalUnsafe for packed types as it is faster than MarshalBytes. PiperOrigin-RevId: 368076368 | |||
2021-04-10 | Merge release-20210408.0-17-gd1edabdca (automated) | gVisor bot | |
2021-04-09 | iptables: support postrouting hook and SNAT target | Toshi Kikuchi | |
The current SNAT implementation has several limitations: - SNAT source port has to be specified. It is not optional. - SNAT source port range is not supported. - SNAT for UDP is a one-way translation. No response packets are handled (because conntrack doesn't support UDP currently). - SNAT and REDIRECT can't work on the same connection. Fixes #5489 PiperOrigin-RevId: 367750325 | |||
2021-04-03 | Merge release-20210322.0-38-g932c8abd0 (automated) | gVisor bot | |
2021-04-02 | Implement cgroupfs. | Rahat Mahmood | |
A skeleton implementation of cgroupfs. It supports trivial cpu and memory controllers with no support for hierarchies. PiperOrigin-RevId: 366561126 | |||
2021-04-01 | Merge release-20210322.0-33-gb2ea37401 (automated) | gVisor bot | |
2021-04-01 | Internal changes | Bhasker Hariharan | |
PiperOrigin-RevId: 366344805 | |||
2021-03-29 | Merge release-20210322.0-29-g8a2f7e716 (automated) | gVisor bot | |
2021-03-23 | Merge release-20210315.0-15-gacb4c6288 (automated) | gVisor bot | |
2021-03-23 | Merge release-20210315.0-9-gc0bd71c5a (automated) | gVisor bot | |
2021-03-22 | Merge release-20210315.0-6-g6bd2c6ce7 (automated) | gVisor bot | |
2021-03-11 | Merge release-20210301.0-35-g1020ac83f (automated) | gVisor bot | |
2021-03-11 | Move Arch specific code to arch specific files. | Bhasker Hariharan | |
PiperOrigin-RevId: 362297474 | |||
2021-02-24 | Merge release-20210208.0-85-gacd516cfe (automated) | gVisor bot | |
2021-02-24 | Add YAMA security module restrictions on ptrace(2). | Dean Deng | |
Restrict ptrace(2) according to the default configurations of the YAMA security module (mode 1), which is a common default among various Linux distributions. The new access checks only permit the tracer to proceed if one of the following conditions is met: a) The tracer is already attached to the tracee. b) The target is a descendant of the tracer. c) The target has explicitly given permission to the tracer through the PR_SET_PTRACER prctl. d) The tracer has CAP_SYS_PTRACE. See security/yama/yama_lsm.c for more details. Note that these checks are added to CanTrace, which is checked for PTRACE_ATTACH as well as some other operations, e.g., checking a process' memory layout through /proc/[pid]/mem. Since this patch adds restrictions to ptrace, it may break compatibility for applications run by non-root users that, for instance, rely on being able to trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER prctl. Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com PiperOrigin-RevId: 359237723 | |||
2021-02-09 | Merge release-20210201.0-57-gcfa4633c3 (automated) | gVisor bot | |
2021-02-08 | [go-marshal] Add dynamic tag in go_marshal. | Ayush Ranjan | |
This makes it easier to implement dynamically sized types in go-marshal. You really only need to implement MarshalBytes, UnmarshalBytes and SizeBytes to implement the entire interface. By using the `dynamic` tag, the autogenerator will generate the rest of the methods for us. This change also simplifies how KernelIPTGetEntries implements Marshallable using the newly added utility. PiperOrigin-RevId: 356397114 | |||
2021-01-29 | Merge release-20210125.0-31-g0a52b6479 (automated) | gVisor bot | |
2021-01-29 | - Add more comments for the TCP_INFO struct fields. | Nayana Bidari | |
PiperOrigin-RevId: 354595623 | |||
2021-01-28 | Merge release-20210112.0-104-g99988e45e (automated) | gVisor bot | |
2021-01-27 | Add support for more fields in netstack for TCP_INFO | Nayana Bidari | |
This CL adds support for the following fields: - RTT, RTTVar, RTO - send congestion window (sndCwnd) and send slow start threshold (sndSsthresh) - congestion control state(CaState) - ReorderSeen PiperOrigin-RevId: 354195361 | |||
2021-01-22 | Merge release-20210112.0-75-gf52f0101b (automated) | gVisor bot | |
2021-01-22 | Implement F_GETLK fcntl. | Dean Deng | |
Fixes #5113. PiperOrigin-RevId: 353313374 | |||
2021-01-12 | Merge release-20201216.0-87-g4e03e8754 (automated) | gVisor bot | |
2021-01-12 | Fix simple mistakes identified by goreportcard. | Adin Scannell | |
These are primarily simplification and lint mistakes. However, minor fixes are also included and tests added where appropriate. PiperOrigin-RevId: 351425971 | |||
2021-01-06 | Merge release-20201208.0-117-gabe9d9f67 (automated) | gVisor bot | |
2021-01-06 | Support add/remove IPv6 multicast group sock opt | Ghanan Gowripalan | |
IPv4 was always supported but UDP never supported joining/leaving IPv6 multicast groups via socket options. Add: IPPROTO_IPV6, IPV6_JOIN_GROUP/IPV6_ADD_MEMBERSHIP Remove: IPPROTO_IPV6, IPV6_LEAVE_GROUP/IPV6_DROP_MEMBERSHIP Test: integration_test.TestUDPAddRemoveMembershipSocketOption PiperOrigin-RevId: 350396072 | |||
2020-12-30 | Merge release-20201208.0-98-g0fb5de115 (automated) | gVisor bot | |
2020-12-30 | Merge release-20201208.0-97-g1b66bad7c (automated) | gVisor bot | |
2020-12-30 | Merge release-20201208.0-96-ged5850e8e (automated) | gVisor bot | |
2020-12-30 | Merge release-20201208.0-95-gfc153750e (automated) | gVisor bot | |
2020-12-30 | Merge release-20201208.0-94-gffa9a715a (automated) | gVisor bot | |
2020-12-30 | Merge release-20201208.0-93-g3c58405a5 (automated) | gVisor bot | |
2020-12-30 | Merge release-20201208.0-92-gd302c0570 (automated) | gVisor bot | |
2020-12-30 | Merge release-20201208.0-91-g85c1c3ed4 (automated) | gVisor bot | |
2020-12-29 | Merge release-20201208.0-90-g91c05c609 (automated) | gVisor bot | |
2020-12-28 | Merge release-20201208.0-89-g3ff7324df (automated) | gVisor bot | |
2020-12-17 | [netstack] Implement MSG_ERRQUEUE flag for recvmsg(2). | Ayush Ranjan | |
Introduces the per-socket error queue and the necessary cmsg mechanisms. PiperOrigin-RevId: 348028508 | |||
2020-12-15 | Implement command SEM_INFO and SEM_STAT for semctl. | Jing Chen | |
PiperOrigin-RevId: 347711998 | |||
2020-12-15 | Merge release-20201208.0-45-gb2a697334 (automated) | gVisor bot | |
2020-12-15 | Merge release-20201208.0-44-ga1c56bc22 (automated) | gVisor bot | |
2020-12-14 | Merge release-20201208.0-43-g2e191cb3f (automated) | gVisor bot | |
2020-12-14 | Merge release-20201208.0-42-g65e4ed8fb (automated) | gVisor bot | |
2020-12-14 | Merge release-20201208.0-41-gab593661e (automated) | gVisor bot | |
2020-12-12 | Merge release-20201208.0-40-g08d36b6c6 (automated) | gVisor bot | |
2020-12-12 | Merge release-20201208.0-39-g4aef908c9 (automated) | gVisor bot | |
2020-12-12 | Merge release-20201208.0-38-g4b697aae5 (automated) | gVisor bot | |
2020-12-12 | Merge release-20201208.0-37-gbe5922fbd (automated) | gVisor bot | |
2020-12-12 | Merge release-20201208.0-36-g1e92732eb (automated) | gVisor bot | |