| Age | Commit message (Collapse) | Author |
|---|
|
|
|
We should avoid taking the write lock to avoid contention when looking
for a packet's tracked connection.
No need to reap timed out connections when looking for connections
as the reaper (which runs periodically) will handle that.
PiperOrigin-RevId: 400322514
|
|
|
|
Move the hook specific logic to the IPTables hook functions.
This lets us avoid having to perform checks on the hook to determine
what action to take.
Later changes will drop the need for handlePacket's return value,
reducing the value of this function that all hooks call into.
PiperOrigin-RevId: 400298023
|
|
|
|
...as the packet's direction gives us the information that tcbHook is
used to derive.
PiperOrigin-RevId: 400280102
|
|
|
|
...to catch lock-related bugs in nogo tests.
Updates #6566.
PiperOrigin-RevId: 400265818
|
|
|
|
...and have `CheckOutputPackets`, `CheckPostroutingPackets` call their
equivalent methods that operate on a single packet buffer directly.
This is so that the `Check{Output, Postrouting}Packets` methods may
leverage any hook-specific work that `Check{Output, Postrouting}`
may perform.
Note: Later changes will add hook-specific logic to the
`Check{Output, Postrouting}` methods.
PiperOrigin-RevId: 400255651
|
|
|
|
...to save a call to `ConnTrack.connFor` when callers already have a
reference to the ConnTrack entry.
PiperOrigin-RevId: 400244955
|
|
|
|
* Does not accept a port range (Issue #5772).
* Does not support checking for tuple conflits (Issue #5773).
PiperOrigin-RevId: 399524088
|
|
|
|
PacketData should not be modified and should be treated readonly because it
represents packet payload. The old DeleteFront method allowed callers to modify
the underlying buffer which should not be allowed.
Added a way to consume from the PacketData instead of deleting from it.
Updated call points to use that instead.
Reported-by: syzbot+faee5cb350f769a52d1b@syzkaller.appspotmail.com
PiperOrigin-RevId: 399268473
|
|
|
|
...instead of an address.
This allows a later change to more precisely select an address
based on the NAT type (source vs. destination NAT).
PiperOrigin-RevId: 398559901
|
|
|
|
...to make it clear what arguments are needed per hook.
PiperOrigin-RevId: 398538776
|
|
|
|
This will enable NAT to be performed on UDP packets that are sent
in response to packets sent by the stack.
This will also enable ICMP errors to be properly NAT-ed in response
to UDP packets (#5916).
Updates #5915.
PiperOrigin-RevId: 398373251
|
|
|
|
Turns out certain features of iptables (e.g. NAT) will not perform
any checks/work unless both the Network and Transport headers are
populated.
With this change, provide the packet directly to the outgoing
network endpoint's `writePacket` method instead of going
through `WriteHeaderIncludedPacket` which expected the headers
to not be set.
PiperOrigin-RevId: 398304004
|
|
|
|
PiperOrigin-RevId: 397496920
|
|
|
|
...even protocols the stack is unaware of.
While I am here, annotate checklocks on stack.packetEndpointList.
PiperOrigin-RevId: 397226754
|
|
|
|
...to catch lock-related bugs in nogo tests.
Checklocks also pointed out a locking violation which is fixed
in this change.
Updates #6566.
PiperOrigin-RevId: 397225322
|
|
|
|
Replaced the current AddAddressWithOptions method with
AddAddressWithProperties which passes all address properties in
a single AddressProperties type. More properties that need to be
configured in the future are expected, so adding a type makes adding
them easier.
PiperOrigin-RevId: 396930729
|
|
|
|
Fixes #6558
PiperOrigin-RevId: 396393293
|
|
|
|
This change removes NetworkDispatcher.DeliverOutboundPacket.
Since all packet writes go through the NIC (the only NetworkDispatcher),
we can deliver outgoing packets to interested packet endpoints before
writing the packet to the link endpoint as the stack expects that all
packets that get delivered to a link endpoint are transmitted on the
wire. That is, link endpoints no longer need to let the stack know when
it writes a packet as the stack already knows about the packet it writes
through a link endpoint.
PiperOrigin-RevId: 395761629
|
|
|
|
...through the loopback interface, only.
This change only supports sending on packet sockets through the loopback
interface as the loopback interface is the only interface used in packet
socket syscall tests - the other link endpoints are not excercised with
the existing test infrastructure.
Support for sending on packet sockets through the other interfaces will
be added as needed.
BUG: https://fxbug.dev/81592
PiperOrigin-RevId: 394368899
|
|
|
|
PiperOrigin-RevId: 393808461
|
|
|
|
...returning unsupported errors.
PiperOrigin-RevId: 393388991
|
|
|
|
... because it is still used by fuchsia.
PiperOrigin-RevId: 393246904
|
|
|
|
Also fix an option parsing error in checker.TCPTimestampChecker while I am here.
PiperOrigin-RevId: 391828329
|
|
|
|
Use different secrets for different purposes (port picking,
ISN generation, tsOffset generation) and moved the secrets
from stack.Stack to tcp.protocol.
PiperOrigin-RevId: 391641238
|
|
|
|
|
