Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-01-23 | Merge pull request #1617 from kevinGC:iptables-write-filter-proto | gVisor bot | |
PiperOrigin-RevId: 291249314 | |||
2020-01-22 | Error marshalling the matcher. | Kevin Krakauer | |
The iptables binary is looking for libxt_.so when it should be looking for libxt_udp.so, so it's having an issue reading the data in xt_match_entry. I think it may be an alignment issue. Trying to fix this is leading to me fighting with the metadata struct, so I'm gonna go kill that. | |||
2020-01-21 | Adding serialization. | Kevin Krakauer | |
2020-01-21 | Merge release-20200115.0-56-g7e6fbc6 (automated) | gVisor bot | |
2020-01-21 | Add a new TCP stat for current open connections. | Mithun Iyer | |
Such a stat accounts for all connections that are currently established and not yet transitioned to close state. Also fix bug in double increment of CurrentEstablished stat. Fixes #1579 PiperOrigin-RevId: 290827365 | |||
2020-01-21 | Removed TCP work (saved in ipt-tcp-match). | Kevin Krakauer | |
2020-01-21 | Add UDP matchers. | Kevin Krakauer | |
2020-01-21 | More little fixes. | Kevin Krakauer | |
2020-01-21 | Fixing stuff | Kevin Krakauer | |
2020-01-21 | Merge branch 'master' into iptables-write-filter-proto | Kevin Krakauer | |
2020-01-21 | Merge release-20200115.0-48-g5f82f09 (automated) | gVisor bot | |
2020-01-21 | Merge pull request #1558 from kevinGC:iptables-write-input-drop | gVisor bot | |
PiperOrigin-RevId: 290793754 | |||
2020-01-18 | Merge release-20200115.0-33-g47d8525 (automated) | gVisor bot | |
2020-01-17 | Filter out received packets with a local source IP address. | Eyal Soha | |
CERT Advisory CA-96.21 III. Solution advises that devices drop packets which could not have correctly arrived on the wire, such as receiving a packet where the source IP address is owned by the device that sent it. Fixes #1507 PiperOrigin-RevId: 290378240 | |||
2020-01-17 | Merge release-20200115.0-17-g19b4653 (automated) | gVisor bot | |
2020-01-16 | Remove unused rpcinet. | Adin Scannell | |
PiperOrigin-RevId: 290198756 | |||
2020-01-14 | Merge release-20191213.0-115-g50625ce (automated) | gVisor bot | |
2020-01-14 | Implement {g,s}etsockopt(IP_RECVTOS) for UDP sockets | Tamir Duberstein | |
PiperOrigin-RevId: 289718534 | |||
2020-01-13 | Merge branch 'iptables-write-input-drop' into iptables-write-filter-proto | Kevin Krakauer | |
2020-01-13 | Merge release-20191213.0-113-gdebd213 (automated) | gVisor bot | |
2020-01-13 | Allow dual stack sockets to operate on AF_INET | Tamir Duberstein | |
Fixes #1490 Fixes #1495 PiperOrigin-RevId: 289523250 | |||
2020-01-13 | Only allow INPUT modifications. | Kevin Krakauer | |
2020-01-13 | Merge branch 'master' into iptables-write-input-drop | Kevin Krakauer | |
2020-01-13 | Merge release-20191213.0-111-gb30cfb1 (automated) | gVisor bot | |
2020-01-13 | Merge pull request #1528 from kevinGC:iptables-write | gVisor bot | |
PiperOrigin-RevId: 289479774 | |||
2020-01-10 | I think INPUT works with protocol | Kevin Krakauer | |
2020-01-10 | Merge release-20191213.0-96-g27500d5 (automated) | gVisor bot | |
2020-01-09 | New sync package. | Ian Gudger | |
* Rename syncutil to sync. * Add aliases to sync types. * Replace existing usage of standard library sync package. This will make it easier to swap out synchronization primitives. For example, this will allow us to use primitives from github.com/sasha-s/go-deadlock to check for lock ordering violations. Updates #1472 PiperOrigin-RevId: 289033387 | |||
2020-01-09 | Added a test that we don't pass yet | Kevin Krakauer | |
2020-01-09 | Merge release-20191213.0-86-g8643933 (automated) | gVisor bot | |
2020-01-09 | Change BindToDeviceOption to store NICID | Eyal Soha | |
This makes it possible to call the sockopt from go even when the NIC has no name. PiperOrigin-RevId: 288955236 | |||
2020-01-08 | It works! It drops some packets. | Kevin Krakauer | |
2020-01-08 | Merge branch 'iptables-write' into iptables-write-input-drop | Kevin Krakauer | |
2020-01-09 | Merge release-20191213.0-82-gfbb2c00 (automated) | gVisor bot | |
2020-01-08 | More GH comments. | Kevin Krakauer | |
2020-01-08 | Return correct length with MSG_TRUNC for unix sockets. | Ian Lewis | |
This change calls a new Truncate method on the EndpointReader in RecvMsg for both netlink and unix sockets. This allows readers such as sockets to peek at the length of data without actually reading it to a buffer. Fixes #993 #1240 PiperOrigin-RevId: 288800167 | |||
2020-01-09 | Merge release-20191213.0-80-gb3ae8a6 (automated) | gVisor bot | |
2020-01-08 | Addressed GH comments | Kevin Krakauer | |
2020-01-08 | Fix slice bounds out of range panic in parsing socket control message. | Ting-Yu Wang | |
Panic found by syzakller. PiperOrigin-RevId: 288799046 | |||
2020-01-08 | Getting a panic when running tests. For some reason the filter table is | Kevin Krakauer | |
ending up with the wrong chains and is indexing -1 into rules. | |||
2020-01-08 | Merge release-20191213.0-78-gd530df2 (automated) | gVisor bot | |
2020-01-08 | Introduce tcpip.SockOptBool | Tamir Duberstein | |
...and port V6OnlyOption to it. PiperOrigin-RevId: 288789451 | |||
2020-01-08 | Built dead-simple traversal, but now getting depedency cycle error :'( | Kevin Krakauer | |
2020-01-08 | Merge release-20191213.0-76-ga271bcc (automated) | gVisor bot | |
2020-01-08 | Rename tcpip.SockOpt{,Int} | Tamir Duberstein | |
PiperOrigin-RevId: 288772878 | |||
2020-01-08 | First commit -- re-adding DROP | Kevin Krakauer | |
2020-01-08 | Comment cleanup. | Kevin Krakauer | |
2020-01-08 | Minor fixes to comments and logging | Kevin Krakauer | |
2020-01-08 | Write simple ACCEPT rules to the filter table. | Kevin Krakauer | |
This gets us closer to passing the iptables tests and opens up iptables so it can be worked on by multiple people. A few restrictions are enforced for security (i.e. we don't want to let users write a bunch of iptables rules and then just not enforce them): - Only the filter table is writable. - Only ACCEPT rules with no matching criteria can be added. | |||
2019-12-26 | Merge release-20191213.0-49-g87e4d03 (automated) | gVisor bot | |