summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket
AgeCommit message (Collapse)Author
2020-01-30Merge release-20200127.0-31-g51b7835 (automated)gVisor bot
2020-01-29Add support for TCP_DEFER_ACCEPT.Bhasker Hariharan
PiperOrigin-RevId: 292233574
2020-01-29Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-29Merge release-20200127.0-27-g4cb55a7 (automated)gVisor bot
2020-01-28Prevent arbitrary size allocation when sending UDS messages.Dean Deng
Currently, Send() will copy data into a new byte slice without regard to the original size. Size checks should be performed before the allocation takes place. Note that for the sake of performance, we avoid putting the buffer allocation into the critical section. As a result, the size checks need to be performed again within Enqueue() in case the limit has changed. PiperOrigin-RevId: 292058147
2020-01-28Merge release-20200115.0-120-gd99329e (automated)gVisor bot
2020-01-28netlink: add support for RTM_F_LOOKUP_TABLEJianfeng Tan
Test command: $ ip route get 1.1.1.1 Fixes: #1099 Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/1121 from tanjianfeng:fix-1099 e6919f3d4ede5aa51a48b3d2be0d7a4b482dd53d PiperOrigin-RevId: 291990716
2020-01-27Address GH comments.Kevin Krakauer
2020-01-27Merge release-20200115.0-110-g0e2f1b7 (automated)gVisor bot
2020-01-27Update package locations.Adin Scannell
Because the abi will depend on the core types for marshalling (usermem, context, safemem, safecopy), these need to be flattened from the sentry directory. These packages contain no sentry-specific details. PiperOrigin-RevId: 291811289
2020-01-27Cleanup for GH review.Kevin Krakauer
2020-01-27Standardize on tools directory.Adin Scannell
PiperOrigin-RevId: 291745021
2020-01-24We can now actually write out the udp matcher.Kevin Krakauer
2020-01-24Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-23Merge release-20200115.0-93-g3d10edc (automated)gVisor bot
2020-01-23Merge pull request #1617 from kevinGC:iptables-write-filter-protogVisor bot
PiperOrigin-RevId: 291249314
2020-01-22Error marshalling the matcher.Kevin Krakauer
The iptables binary is looking for libxt_.so when it should be looking for libxt_udp.so, so it's having an issue reading the data in xt_match_entry. I think it may be an alignment issue. Trying to fix this is leading to me fighting with the metadata struct, so I'm gonna go kill that.
2020-01-21Adding serialization.Kevin Krakauer
2020-01-21Merge release-20200115.0-56-g7e6fbc6 (automated)gVisor bot
2020-01-21Add a new TCP stat for current open connections.Mithun Iyer
Such a stat accounts for all connections that are currently established and not yet transitioned to close state. Also fix bug in double increment of CurrentEstablished stat. Fixes #1579 PiperOrigin-RevId: 290827365
2020-01-21Removed TCP work (saved in ipt-tcp-match).Kevin Krakauer
2020-01-21Add UDP matchers.Kevin Krakauer
2020-01-21More little fixes.Kevin Krakauer
2020-01-21Fixing stuffKevin Krakauer
2020-01-21Merge branch 'master' into iptables-write-filter-protoKevin Krakauer
2020-01-21Merge release-20200115.0-48-g5f82f09 (automated)gVisor bot
2020-01-21Merge pull request #1558 from kevinGC:iptables-write-input-dropgVisor bot
PiperOrigin-RevId: 290793754
2020-01-18Merge release-20200115.0-33-g47d8525 (automated)gVisor bot
2020-01-17Filter out received packets with a local source IP address.Eyal Soha
CERT Advisory CA-96.21 III. Solution advises that devices drop packets which could not have correctly arrived on the wire, such as receiving a packet where the source IP address is owned by the device that sent it. Fixes #1507 PiperOrigin-RevId: 290378240
2020-01-17Merge release-20200115.0-17-g19b4653 (automated)gVisor bot
2020-01-16Remove unused rpcinet.Adin Scannell
PiperOrigin-RevId: 290198756
2020-01-14Merge release-20191213.0-115-g50625ce (automated)gVisor bot
2020-01-14Implement {g,s}etsockopt(IP_RECVTOS) for UDP socketsTamir Duberstein
PiperOrigin-RevId: 289718534
2020-01-13Merge branch 'iptables-write-input-drop' into iptables-write-filter-protoKevin Krakauer
2020-01-13Merge release-20191213.0-113-gdebd213 (automated)gVisor bot
2020-01-13Allow dual stack sockets to operate on AF_INETTamir Duberstein
Fixes #1490 Fixes #1495 PiperOrigin-RevId: 289523250
2020-01-13Only allow INPUT modifications.Kevin Krakauer
2020-01-13Merge branch 'master' into iptables-write-input-dropKevin Krakauer
2020-01-13Merge release-20191213.0-111-gb30cfb1 (automated)gVisor bot
2020-01-13Merge pull request #1528 from kevinGC:iptables-writegVisor bot
PiperOrigin-RevId: 289479774
2020-01-10I think INPUT works with protocolKevin Krakauer
2020-01-10Merge release-20191213.0-96-g27500d5 (automated)gVisor bot
2020-01-09New sync package.Ian Gudger
* Rename syncutil to sync. * Add aliases to sync types. * Replace existing usage of standard library sync package. This will make it easier to swap out synchronization primitives. For example, this will allow us to use primitives from github.com/sasha-s/go-deadlock to check for lock ordering violations. Updates #1472 PiperOrigin-RevId: 289033387
2020-01-09Added a test that we don't pass yetKevin Krakauer
2020-01-09Merge release-20191213.0-86-g8643933 (automated)gVisor bot
2020-01-09Change BindToDeviceOption to store NICIDEyal Soha
This makes it possible to call the sockopt from go even when the NIC has no name. PiperOrigin-RevId: 288955236
2020-01-08It works! It drops some packets.Kevin Krakauer
2020-01-08Merge branch 'iptables-write' into iptables-write-input-dropKevin Krakauer
2020-01-09Merge release-20191213.0-82-gfbb2c00 (automated)gVisor bot
2020-01-08More GH comments.Kevin Krakauer
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 15:34:43 +0000