Kevin Krakauer
Kevin Krakauer
No findings, and no features have targeted this specifically. Wish we had more bandwidth to investigate.
Yes, there is a confusing coupling between ICMP _sockets_ (enabled via `stack.Options.TransportProtocols`) and ICMP handling. They should share code, but the latter shouldn't depend on enabling the former. For context:...
A couple things: 1. While we don't have tags in the go branch, you can use [pseudo versions] to [pin to a particular commit]. 2. The Go branch is great...
This is something that would have to be added. We have some connection tracking support implemented to support NAT, but we don't have the `-m state` matcher implemented. It's not...
I'm having trouble seeing how a negative value gets passed in. That value could be negative due to casting in snd.go: ```go if !seg.sequenceNumber.LessThan(end) { return false } available :=...
It should work on 32 bit Windows, but clearly there's a bug here (likely an overflow). Netstack will be slower than native. And since it is rarely used on Windows,...
Unfortunately I don't think we have cycles to debug and optimize netstack on Windows, but we'd welcome the help if you're up to try.
Hey, could you try something for me? I have a suspicion about the slowdown from SACK. Can you apply this patch and give me the log output? ``` diff --git...
gVisor doesn't support the masquerade target yet, which is what causes this error. Notably, the logic is mostly implemented in //pkg/tcpip/stack/iptables_targets.go:MasqueradeTarget, but support would need to be added to //pkg/sentry/socket/netfilter...
Hey Bhasker, @nybidari leads netstack now. Doing what Linux does -- which is apparently just not caring whether a timestamp is returned -- seems like a reasonable way to support...