summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket
AgeCommit message (Collapse)Author
2020-09-30Merge release-20200921.0-80-gb49a17fc3 (automated)gVisor bot
2020-09-30Make all Target.Action implementation pointer receiversKevin Krakauer
PiperOrigin-RevId: 334652998
2020-09-30Merge release-20200921.0-77-g0aae51c6e (automated)gVisor bot
2020-09-29iptables: remove unused min/max NAT range fieldsKevin Krakauer
PiperOrigin-RevId: 334531794
2020-09-29Merge release-20200921.0-72-g6ae83404a (automated)gVisor bot
2020-09-29Don't allow broadcast/multicast source addressGhanan Gowripalan
As per relevant IP RFCS (see code comments), broadcast (for IPv4) and multicast addresses are not allowed. Currently checks for these are done at the transport layer, but since it is explicitly forbidden at the IP layers, check for them there. This change also removes the UDP.InvalidSourceAddress stat since there is no longer a need for it. Test: ip_test.TestSourceAddressValidation PiperOrigin-RevId: 334490971
2020-09-29Merge release-20200921.0-70-g7fbb45e8e (automated)gVisor bot
2020-09-29iptables: refactor to make targets extendableKevin Krakauer
Like matchers, targets should use a module-like register/lookup system. This replaces the brittle switch statements we had before. The only behavior change is supporing IPT_GET_REVISION_TARGET. This makes it much easier to add IPv6 redirect in the next change. Updates #3549. PiperOrigin-RevId: 334469418
2020-09-29Merge release-20200921.0-66-g7d64bc1fd (automated)gVisor bot
2020-09-29Merge pull request #3875 from btw616:fix/issue-3874gVisor bot
PiperOrigin-RevId: 334428344
2020-09-29Merge release-20200921.0-59-g028e045da (automated)gVisor bot
2020-09-28Merge release-20200921.0-57-g237b761f9 (automated)gVisor bot
2020-09-28Merge release-20200921.0-58-gba44298a3 (automated)gVisor bot
2020-09-28Don't leak dentries returned by sockfs.NewDentry().Jamie Liu
PiperOrigin-RevId: 334263322
2020-09-24Merge release-20200914.0-152-g0a7075f38 (automated)gVisor bot
2020-09-24Add basic stateify annotations.Adin Scannell
Updates #1663 PiperOrigin-RevId: 333539293
2020-09-24Fix socket record leak in VFS2Tiwei Bie
VFS2 socket record is not removed from the system-wide socket table when the socket is released, which will lead to a memory leak. This patch fixes this issue. Fixes: #3874 Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
2020-09-23Merge release-20200914.0-137-g99decaadd (automated)gVisor bot
2020-09-23Merge release-20200914.0-136-gb54dbdfdc (automated)gVisor bot
2020-09-23Merge release-20200914.0-135-gc0f21bb19 (automated)gVisor bot
2020-09-22Merge release-20200914.0-134-gcf3cef117 (automated)gVisor bot
2020-09-22Merge release-20200914.0-133-g20dc83c9e (automated)gVisor bot
2020-09-22Merge release-20200914.0-132-g778c36717 (automated)gVisor bot
2020-09-22Merge release-20200914.0-130-g13a9a622e (automated)gVisor bot
2020-09-22Merge release-20200914.0-129-gf134f873f (automated)gVisor bot
2020-09-21Merge release-20200914.0-127-g059d90b9f (automated)gVisor bot
2020-09-21Merge release-20200914.0-125-g06dbd5b7b (automated)gVisor bot
2020-09-21Merge release-20200914.0-124-g10dcefbc7 (automated)gVisor bot
2020-09-21Merge release-20200914.0-123-ga129204cf (automated)gVisor bot
2020-09-21Merge release-20200914.0-122-gd72022373 (automated)gVisor bot
2020-09-21Merge release-20200907.0-157-gca3087472 (automated)gVisor bot
2020-09-20Merge pull request #3651 from ianlewis:ip-forwardinggVisor bot
PiperOrigin-RevId: 332760843
2020-09-18Merge release-20200907.0-153-g4ba86e625 (automated)gVisor bot
2020-09-18Merge release-20200907.0-151-g6c9989cb8 (automated)gVisor bot
2020-09-18Merge release-20200907.0-150-gc23e39f41 (automated)gVisor bot
2020-09-18Merge release-20200907.0-149-gb8ba0893e (automated)gVisor bot
2020-09-18Merge release-20200907.0-148-gca4ecf481 (automated)gVisor bot
2020-09-18Merge release-20200907.0-147-gf911b43f0 (automated)gVisor bot
2020-09-18Merge release-20200907.0-146-gddf37cb19 (automated)gVisor bot
2020-09-18Merge release-20200907.0-145-gbd69afdcd (automated)gVisor bot
2020-09-18Count packets dropped by iptables in IPStatsKevin Krakauer
PiperOrigin-RevId: 332486383
2020-09-18Merge release-20200907.0-144-gdedef4392 (automated)gVisor bot
2020-09-18Merge release-20200907.0-142-gfcf8d7c6d (automated)gVisor bot
2020-09-18Merge release-20200907.0-140-gef7d9a6fc (automated)gVisor bot
2020-09-18Merge release-20200907.0-139-g313e1988c (automated)gVisor bot
2020-09-18Merge release-20200907.0-138-g360006d89 (automated)gVisor bot
2020-09-18Merge release-20200907.0-137-g07d832dbb (automated)gVisor bot
2020-09-18Merge release-20200907.0-136-g2fbd31e72 (automated)gVisor bot
2020-09-18Merge release-20200907.0-135-g0b8d306e6 (automated)gVisor bot
2020-09-17ip6tables: filter table supportKevin Krakauer
`ip6tables -t filter` is now usable. NAT support will come in a future CL. #3549 PiperOrigin-RevId: 332381801