gvisor gvisor is too strict when checking the values of ip

gvisor is too strict when checking the values of ip_mreqn

Open akonradi opened this issue 3 years ago • 0 comments

Description

When handling a call to setsockopt for IP_ADD_MEMBERSHIP with an ip_mreqn struct with a non-zero interface IP address and interface index, Linux checks the interface index first and, if it matches a device, ignores the address.

Linux impl: https://github.com/torvalds/linux/blob/15205c2829ca2cbb5ece5ceaafe1171a8470e62b/net/ipv4/igmp.c#L1829-L1837

gVisor fails the call to setsockopt in this case (see failed checks for https://github.com/google/gvisor/pull/7873)

Steps to reproduce

See https://github.com/google/gvisor/commit/8779a7667c6f06103d4dae3aa1b50b66a74e5e47 for a failing test case that reproduces the issue.

runsc version

No response

docker version (if using docker)

No response

uname

No response

kubectl (if using Kubernetes)

No response

repo state (if built from source)

No response

runsc debug logs (if available)

No response

Aug 09 '22 18:08 akonradi

gvisor gvisor copied to clipboard

gvisor is too strict when checking the values of ip_mreqn

Description

Steps to reproduce

runsc version

docker version (if using docker)

uname

kubectl (if using Kubernetes)

repo state (if built from source)

runsc debug logs (if available)

gvisor
gvisor copied to clipboard