Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-01-21 | Merge branch 'master' into iptables-write-filter-proto | Kevin Krakauer | |
2020-01-21 | Merge release-20200115.0-48-g5f82f09 (automated) | gVisor bot | |
2020-01-21 | Merge pull request #1558 from kevinGC:iptables-write-input-drop | gVisor bot | |
PiperOrigin-RevId: 290793754 | |||
2020-01-18 | Merge release-20200115.0-33-g47d8525 (automated) | gVisor bot | |
2020-01-17 | Filter out received packets with a local source IP address. | Eyal Soha | |
CERT Advisory CA-96.21 III. Solution advises that devices drop packets which could not have correctly arrived on the wire, such as receiving a packet where the source IP address is owned by the device that sent it. Fixes #1507 PiperOrigin-RevId: 290378240 | |||
2020-01-17 | Merge release-20200115.0-17-g19b4653 (automated) | gVisor bot | |
2020-01-16 | Remove unused rpcinet. | Adin Scannell | |
PiperOrigin-RevId: 290198756 | |||
2020-01-14 | Merge release-20191213.0-115-g50625ce (automated) | gVisor bot | |
2020-01-14 | Implement {g,s}etsockopt(IP_RECVTOS) for UDP sockets | Tamir Duberstein | |
PiperOrigin-RevId: 289718534 | |||
2020-01-13 | Merge branch 'iptables-write-input-drop' into iptables-write-filter-proto | Kevin Krakauer | |
2020-01-13 | Merge release-20191213.0-113-gdebd213 (automated) | gVisor bot | |
2020-01-13 | Allow dual stack sockets to operate on AF_INET | Tamir Duberstein | |
Fixes #1490 Fixes #1495 PiperOrigin-RevId: 289523250 | |||
2020-01-13 | Only allow INPUT modifications. | Kevin Krakauer | |
2020-01-13 | Merge branch 'master' into iptables-write-input-drop | Kevin Krakauer | |
2020-01-13 | Merge release-20191213.0-111-gb30cfb1 (automated) | gVisor bot | |
2020-01-13 | Merge pull request #1528 from kevinGC:iptables-write | gVisor bot | |
PiperOrigin-RevId: 289479774 | |||
2020-01-10 | I think INPUT works with protocol | Kevin Krakauer | |
2020-01-10 | Merge release-20191213.0-96-g27500d5 (automated) | gVisor bot | |
2020-01-09 | New sync package. | Ian Gudger | |
* Rename syncutil to sync. * Add aliases to sync types. * Replace existing usage of standard library sync package. This will make it easier to swap out synchronization primitives. For example, this will allow us to use primitives from github.com/sasha-s/go-deadlock to check for lock ordering violations. Updates #1472 PiperOrigin-RevId: 289033387 | |||
2020-01-09 | Added a test that we don't pass yet | Kevin Krakauer | |
2020-01-09 | Merge release-20191213.0-86-g8643933 (automated) | gVisor bot | |
2020-01-09 | Change BindToDeviceOption to store NICID | Eyal Soha | |
This makes it possible to call the sockopt from go even when the NIC has no name. PiperOrigin-RevId: 288955236 | |||
2020-01-08 | It works! It drops some packets. | Kevin Krakauer | |
2020-01-08 | Merge branch 'iptables-write' into iptables-write-input-drop | Kevin Krakauer | |
2020-01-09 | Merge release-20191213.0-82-gfbb2c00 (automated) | gVisor bot | |
2020-01-08 | More GH comments. | Kevin Krakauer | |
2020-01-08 | Return correct length with MSG_TRUNC for unix sockets. | Ian Lewis | |
This change calls a new Truncate method on the EndpointReader in RecvMsg for both netlink and unix sockets. This allows readers such as sockets to peek at the length of data without actually reading it to a buffer. Fixes #993 #1240 PiperOrigin-RevId: 288800167 | |||
2020-01-09 | Merge release-20191213.0-80-gb3ae8a6 (automated) | gVisor bot | |
2020-01-08 | Addressed GH comments | Kevin Krakauer | |
2020-01-08 | Fix slice bounds out of range panic in parsing socket control message. | Ting-Yu Wang | |
Panic found by syzakller. PiperOrigin-RevId: 288799046 | |||
2020-01-08 | Getting a panic when running tests. For some reason the filter table is | Kevin Krakauer | |
ending up with the wrong chains and is indexing -1 into rules. | |||
2020-01-08 | Merge release-20191213.0-78-gd530df2 (automated) | gVisor bot | |
2020-01-08 | Introduce tcpip.SockOptBool | Tamir Duberstein | |
...and port V6OnlyOption to it. PiperOrigin-RevId: 288789451 | |||
2020-01-08 | Built dead-simple traversal, but now getting depedency cycle error :'( | Kevin Krakauer | |
2020-01-08 | Merge release-20191213.0-76-ga271bcc (automated) | gVisor bot | |
2020-01-08 | Rename tcpip.SockOpt{,Int} | Tamir Duberstein | |
PiperOrigin-RevId: 288772878 | |||
2020-01-08 | First commit -- re-adding DROP | Kevin Krakauer | |
2020-01-08 | Comment cleanup. | Kevin Krakauer | |
2020-01-08 | Minor fixes to comments and logging | Kevin Krakauer | |
2020-01-08 | Write simple ACCEPT rules to the filter table. | Kevin Krakauer | |
This gets us closer to passing the iptables tests and opens up iptables so it can be worked on by multiple people. A few restrictions are enforced for security (i.e. we don't want to let users write a bunch of iptables rules and then just not enforce them): - Only the filter table is writable. - Only ACCEPT rules with no matching criteria can be added. | |||
2019-12-26 | Merge release-20191213.0-49-g87e4d03 (automated) | gVisor bot | |
2019-12-26 | Automated rollback of changelist 287029703 | gVisor bot | |
PiperOrigin-RevId: 287217899 | |||
2019-12-24 | Merge release-20191213.0-48-ge013c48 (automated) | gVisor bot | |
2019-12-24 | Enable IP_RECVTOS socket option for datagram sockets | Ryan Heacock | |
Added the ability to get/set the IP_RECVTOS socket option on UDP endpoints. If enabled, TOS from the incoming Network Header passed as ancillary data in the ControlMessages. Test: * Added unit test to udp_test.go that tests getting/setting as well as verifying that we receive expected TOS from incoming packet. * Added a syscall test PiperOrigin-RevId: 287029703 | |||
2019-12-12 | Merge release-20191210.0-25-g378d6c1 (automated) | gVisor bot | |
2019-12-12 | unix: allow to bind unix sockets only to AF_UNIX addresses | Andrei Vagin | |
Reported-by: syzbot+2c0bcfd87fb4e8b7b009@syzkaller.appspotmail.com PiperOrigin-RevId: 285228312 | |||
2019-12-12 | Merge release-20191210.0-23-g6fc9f0a (automated) | gVisor bot | |
2019-12-11 | Add support for TCP_USER_TIMEOUT option. | Bhasker Hariharan | |
The implementation follows the linux behavior where specifying a TCP_USER_TIMEOUT will cause the resend timer to honor the user specified timeout rather than the default rto based timeout. Further it alters when connections are timedout due to keepalive failures. It does not alter the behavior of when keepalives are sent. This is as per the linux behavior. PiperOrigin-RevId: 285099795 | |||
2019-12-11 | Merge release-20191129.0-43-g2e3b9b0 (automated) | gVisor bot | |
2019-12-10 | Deduplicate and simplify control message processing for recvmsg and sendmsg. | Dean Deng | |
Also, improve performance by calculating how much space is needed before making an allocation for sendmsg in hostinet. PiperOrigin-RevId: 284898581 |