b29aeebaf6
Merge pull request #1683 from kevinGC:ipt-udp-matchers
...
PiperOrigin-RevId: 293243342
2020-02-04 16:20:16 -08:00
90ec596166
Fix licenses.
...
The preferred Copyright holder is "The gVisor Authors".
PiperOrigin-RevId: 291786657
2020-01-27 13:23:57 -08:00
e889f95671
More cleanup.
2020-01-27 12:30:06 -08:00
29316e66ad
Cleanup for GH review.
2020-01-27 12:27:04 -08:00
d29e59af9f
Standardize on tools directory.
...
PiperOrigin-RevId: 291745021
2020-01-27 12:21:00 -08:00
7636478a31
Merge branch 'master' into ipt-udp-matchers
2020-01-24 10:42:43 -08:00
b7853f688b
Error marshalling the matcher.
...
The iptables binary is looking for libxt_.so when it should be looking
for libxt_udp.so, so it's having an issue reading the data in
xt_match_entry. I think it may be an alignment issue.
Trying to fix this is leading to me fighting with the metadata struct,
so I'm gonna go kill that.
2020-01-22 14:46:15 -08:00
747137c120
Address GitHub comments.
2020-01-22 10:23:44 -08:00
538053538d
Adding serialization.
2020-01-21 16:51:17 -08:00
421b6ff181
Passes all filter table UDP tests.
2020-01-21 14:54:39 -08:00
2661101ad4
Removed TCP work (saved in ipt-tcp-match).
2020-01-21 14:51:28 -08:00
9143fcd7fd
Add UDP matchers.
2020-01-21 14:47:17 -08:00
47bc7550c0
Fixing stuff
2020-01-21 13:37:25 -08:00
62357a0afb
Merge branch 'master' into iptables-write-filter-proto
2020-01-21 13:16:25 -08:00
95e9de31d2
Address Nic's comments.
2020-01-14 17:54:02 -08:00
bd29289409
Protocol filtering works.
2020-01-13 16:10:00 -08:00
d51eaa59c0
Merge branch 'iptables-write-input-drop' into iptables-write-filter-proto
2020-01-13 16:06:29 -08:00
31e49f4b19
Merge branch 'master' into iptables-write-input-drop
2020-01-13 12:22:15 -08:00
b30cfb1df7
Merge pull request #1528 from kevinGC:iptables-write
...
PiperOrigin-RevId: 289479774
2020-01-13 11:26:26 -08:00
d793677cd4
I think INPUT works with protocol
2020-01-10 18:07:15 -08:00
d147e6d1b2
Cleaned up logs.
2020-01-10 13:58:46 -08:00
ff719159be
Confirmed that it works if I hardcode 17 in for pkt.Protocol. Need to address parsing the packet early :(
2020-01-09 15:38:21 -08:00
89d11b4d96
Added a test that we don't pass yet
2020-01-09 13:41:52 -08:00
aeb3a4017b
Working on filtering by protocol.
2020-01-08 22:10:35 -08:00
06e2366e96
Merge branch 'iptables-write' into iptables-write-input-drop
2020-01-08 20:05:02 -08:00
ae060a63d9
More GH comments.
2020-01-08 17:30:08 -08:00
0999ae8b34
Getting a panic when running tests. For some reason the filter table is
...
ending up with the wrong chains and is indexing -1 into rules.
2020-01-08 15:57:25 -08:00
b2a881784c
Built dead-simple traversal, but now getting depedency cycle error :'(
2020-01-08 14:48:47 -08:00
446a250996
Comment cleanup.
2020-01-08 11:20:48 -08:00
1e1921e2ac
Minor fixes to comments and logging
2020-01-08 11:15:46 -08:00
8cc1c35bbd
Write simple ACCEPT rules to the filter table.
...
This gets us closer to passing the iptables tests and opens up iptables
so it can be worked on by multiple people.
A few restrictions are enforced for security (i.e. we don't want to let
users write a bunch of iptables rules and then just not enforce them):
- Only the filter table is writable.
- Only ACCEPT rules with no matching criteria can be added.
2020-01-08 10:08:14 -08:00
2302afb53d
Reorder BUILD license and load functions in netstack.
...
PiperOrigin-RevId: 274672346
2019-10-14 15:21:59 -07:00
810cc07aab
Plumbing for iptables sockopts.
...
PiperOrigin-RevId: 261413396
2019-08-02 16:26:48 -07:00
d60ae0ddee
Merge pull request #279 from kevinGC:iptables-1-pkg
...
PiperOrigin-RevId: 256231055
2019-07-02 13:48:06 -07:00
06a83df533
Address more comments.
...
Change-Id: I83ae1079f3dcba6b018f59ab7898decab5c211d2
2019-06-10 12:43:54 -07:00
8afbd974da
Address Ian's comments.
...
Change-Id: I7445033b1970cbba3f2ed0682fe520dce02d8fad
2019-06-07 12:54:53 -07:00
d58eb9ce82
Add basic iptables structures to netstack.
...
Change-Id: Ib589906175a59dae315405a28f2d7f525ff8877f
2019-05-31 16:14:04 -07:00
gVisor bot
Adin Scannell
Kevin Krakauer