Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-03-16 | Merge pull request #1943 from kevinGC:ipt-filter-ip | gVisor bot | |
PiperOrigin-RevId: 301197007 | |||
2020-03-06 | Add nat table support for iptables. | Nayana Bidari | |
2020-02-28 | Add nat table support for iptables. | Nayana Bidari | |
- Fix review comments. | |||
2020-02-26 | Fix merge conflicts. | Nayana Bidari | |
2020-02-26 | iptables: filter by IP address (and range) | Kevin Krakauer | |
Enables commands such as: $ iptables -A INPUT -d 127.0.0.1 -j ACCEPT $ iptables -t nat -A PREROUTING ! -d 127.0.0.1 -j REDIRECT Also adds a bunch of REDIRECT+destination tests. | |||
2020-02-25 | Merge branch 'master' into iptables | nybidari | |
2020-02-25 | Add nat table support for iptables. | Nayana Bidari | |
- commit the changes for the comments. | |||
2020-02-18 | Add nat table support for iptables. | Nayana Bidari | |
Add nat table support for Prerouting hook with Redirect option. Add tests to check redirect of ports. | |||
2020-02-13 | We can now create and jump in iptables. For example: | Kevin Krakauer | |
$ iptables -N foochain $ iptables -A INPUT -j foochain | |||
2020-02-12 | iptables: User chains | Kevin Krakauer | |
- Adds creation of user chains via `-N <chainname>` - Adds `-j RETURN` support for built-in chains, which triggers the chain's underflow rule (usually the default policy). - Adds tests for chain creation, default policies, and `-j RETURN' from built-in chains. | |||
2020-02-05 | Merge branch 'master' into tcp-matchers-submit | Kevin Krakauer | |
2020-02-04 | Merge pull request #1683 from kevinGC:ipt-udp-matchers | gVisor bot | |
PiperOrigin-RevId: 293243342 | |||
2020-01-31 | iptables: enable TCP matching with "-m tcp". | Kevin Krakauer | |
A couple other things that changed: - There's a proper extension registration system for matchers. Anyone adding another matcher can use tcp_matcher.go or udp_matcher.go as a template. - All logging and use of syserr.Error in the netfilter package happens at the highest possible level (public functions). Lower-level functions just return normal, descriptive golang errors. | |||
2020-01-29 | Merge branch 'master' into ipt-udp-matchers | Kevin Krakauer | |
2020-01-27 | Fix licenses. | Adin Scannell | |
The preferred Copyright holder is "The gVisor Authors". PiperOrigin-RevId: 291786657 | |||
2020-01-27 | More cleanup. | Kevin Krakauer | |
2020-01-27 | Cleanup for GH review. | Kevin Krakauer | |
2020-01-27 | Standardize on tools directory. | Adin Scannell | |
PiperOrigin-RevId: 291745021 | |||
2020-01-24 | Merge branch 'master' into ipt-udp-matchers | Kevin Krakauer | |
2020-01-22 | Error marshalling the matcher. | Kevin Krakauer | |
The iptables binary is looking for libxt_.so when it should be looking for libxt_udp.so, so it's having an issue reading the data in xt_match_entry. I think it may be an alignment issue. Trying to fix this is leading to me fighting with the metadata struct, so I'm gonna go kill that. | |||
2020-01-22 | Address GitHub comments. | Kevin Krakauer | |
2020-01-21 | Adding serialization. | Kevin Krakauer | |
2020-01-21 | Passes all filter table UDP tests. | Kevin Krakauer | |
2020-01-21 | Removed TCP work (saved in ipt-tcp-match). | Kevin Krakauer | |
2020-01-21 | Add UDP matchers. | Kevin Krakauer | |
2020-01-21 | Fixing stuff | Kevin Krakauer | |
2020-01-21 | Merge branch 'master' into iptables-write-filter-proto | Kevin Krakauer | |
2020-01-14 | Address Nic's comments. | Kevin Krakauer | |
2020-01-13 | Protocol filtering works. | Kevin Krakauer | |
2020-01-13 | Merge branch 'iptables-write-input-drop' into iptables-write-filter-proto | Kevin Krakauer | |
2020-01-13 | Merge branch 'master' into iptables-write-input-drop | Kevin Krakauer | |
2020-01-13 | Merge pull request #1528 from kevinGC:iptables-write | gVisor bot | |
PiperOrigin-RevId: 289479774 | |||
2020-01-10 | I think INPUT works with protocol | Kevin Krakauer | |
2020-01-10 | Cleaned up logs. | Kevin Krakauer | |
2020-01-09 | Confirmed that it works if I hardcode 17 in for pkt.Protocol. Need to ↵ | Kevin Krakauer | |
address parsing the packet early :( | |||
2020-01-09 | Added a test that we don't pass yet | Kevin Krakauer | |
2020-01-08 | Working on filtering by protocol. | Kevin Krakauer | |
2020-01-08 | Merge branch 'iptables-write' into iptables-write-input-drop | Kevin Krakauer | |
2020-01-08 | More GH comments. | Kevin Krakauer | |
2020-01-08 | Getting a panic when running tests. For some reason the filter table is | Kevin Krakauer | |
ending up with the wrong chains and is indexing -1 into rules. | |||
2020-01-08 | Built dead-simple traversal, but now getting depedency cycle error :'( | Kevin Krakauer | |
2020-01-08 | Comment cleanup. | Kevin Krakauer | |
2020-01-08 | Minor fixes to comments and logging | Kevin Krakauer | |
2020-01-08 | Write simple ACCEPT rules to the filter table. | Kevin Krakauer | |
This gets us closer to passing the iptables tests and opens up iptables so it can be worked on by multiple people. A few restrictions are enforced for security (i.e. we don't want to let users write a bunch of iptables rules and then just not enforce them): - Only the filter table is writable. - Only ACCEPT rules with no matching criteria can be added. | |||
2019-10-14 | Reorder BUILD license and load functions in netstack. | Kevin Krakauer | |
PiperOrigin-RevId: 274672346 | |||
2019-08-02 | Plumbing for iptables sockopts. | Kevin Krakauer | |
PiperOrigin-RevId: 261413396 | |||
2019-07-02 | Merge pull request #279 from kevinGC:iptables-1-pkg | gVisor bot | |
PiperOrigin-RevId: 256231055 | |||
2019-06-10 | Address more comments. | Kevin Krakauer | |
Change-Id: I83ae1079f3dcba6b018f59ab7898decab5c211d2 | |||
2019-06-07 | Address Ian's comments. | Kevin Krakauer | |
Change-Id: I7445033b1970cbba3f2ed0682fe520dce02d8fad | |||
2019-05-31 | Add basic iptables structures to netstack. | Kevin Krakauer | |
Change-Id: Ib589906175a59dae315405a28f2d7f525ff8877f |