5 files changed, 170 insertions, 36 deletions
diff --git a/pkg/tcpip/header/ipv4.go b/pkg/tcpip/header/ipv4.go
index 2be21ec75..e9abbb709 100644
--- a/pkg/tcpip/header/ipv4.go
+++ b/pkg/tcpip/header/ipv4.go
@@ -17,6 +17,7 @@ package header
 import (
 	"encoding/binary"
 	"fmt"
+	"time"
 
 	"gvisor.dev/gvisor/pkg/tcpip"
 )
@@ -181,7 +182,7 @@ const (
 // ipv4LinkLocalUnicastSubnet is the IPv4 link local unicast subnet as defined
 // by RFC 3927 section 1.
 var ipv4LinkLocalUnicastSubnet = func() tcpip.Subnet {
-	subnet, err := tcpip.NewSubnet("\xa9\xfe\x00\x00", tcpip.AddressMask("\xff\xff\x00\x00"))
+	subnet, err := tcpip.NewSubnet("\xa9\xfe\x00\x00", "\xff\xff\x00\x00")
 	if err != nil {
 		panic(err)
 	}
@@ -191,7 +192,7 @@ var ipv4LinkLocalUnicastSubnet = func() tcpip.Subnet {
 // ipv4LinkLocalMulticastSubnet is the IPv4 link local multicast subnet as
 // defined by RFC 5771 section 4.
 var ipv4LinkLocalMulticastSubnet = func() tcpip.Subnet {
-	subnet, err := tcpip.NewSubnet("\xe0\x00\x00\x00", tcpip.AddressMask("\xff\xff\xff\x00"))
+	subnet, err := tcpip.NewSubnet("\xe0\x00\x00\x00", "\xff\xff\xff\x00")
 	if err != nil {
 		panic(err)
 	}
@@ -572,7 +573,7 @@ func (o *IPv4OptionGeneric) Type() IPv4OptionType {
 func (o *IPv4OptionGeneric) Size() uint8 { return uint8(len(*o)) }
 
 // Contents implements IPv4Option.
-func (o *IPv4OptionGeneric) Contents() []byte { return []byte(*o) }
+func (o *IPv4OptionGeneric) Contents() []byte { return *o }
 
 // IPv4OptionIterator is an iterator pointing to a specific IP option
 // at any point of time. It also holds information as to a new options buffer
@@ -610,7 +611,7 @@ func (i *IPv4OptionIterator) InitReplacement(option IPv4Option) IPv4Options {
 // RemainingBuffer returns the remaining (unused) part of the new option buffer,
 // into which a new option may be written.
 func (i *IPv4OptionIterator) RemainingBuffer() IPv4Options {
-	return IPv4Options(i.newOptions[i.writePoint:])
+	return i.newOptions[i.writePoint:]
 }
 
 // ConsumeBuffer marks a portion of the new buffer as used.
@@ -813,9 +814,12 @@ const (
 
 // ipv4TimestampTime provides the current time as specified in RFC 791.
 func ipv4TimestampTime(clock tcpip.Clock) uint32 {
-	const millisecondsPerDay = 24 * 3600 * 1000
-	const nanoPerMilli = 1000000
-	return uint32((clock.NowNanoseconds() / nanoPerMilli) % millisecondsPerDay)
+	// Per RFC 791 page 21:
+	//   The Timestamp is a right-justified, 32-bit timestamp in
+	//   milliseconds since midnight UT.
+	now := clock.Now().UTC()
+	midnight := now.Truncate(24 * time.Hour)
+	return uint32(now.Sub(midnight).Milliseconds())
 }
 
 // IP Timestamp option fields.
@@ -843,7 +847,7 @@ func (ts *IPv4OptionTimestamp) Type() IPv4OptionType { return IPv4OptionTimestam
 func (ts *IPv4OptionTimestamp) Size() uint8 { return uint8(len(*ts)) }
 
 // Contents implements IPv4Option.
-func (ts *IPv4OptionTimestamp) Contents() []byte { return []byte(*ts) }
+func (ts *IPv4OptionTimestamp) Contents() []byte { return *ts }
 
 // Pointer returns the pointer field in the IP Timestamp option.
 func (ts *IPv4OptionTimestamp) Pointer() uint8 {
@@ -947,7 +951,7 @@ func (rr *IPv4OptionRecordRoute) Type() IPv4OptionType { return IPv4OptionRecord
 func (rr *IPv4OptionRecordRoute) Size() uint8 { return uint8(len(*rr)) }
 
 // Contents implements IPv4Option.
-func (rr *IPv4OptionRecordRoute) Contents() []byte { return []byte(*rr) }
+func (rr *IPv4OptionRecordRoute) Contents() []byte { return *rr }
 
 // Router Alert option specific related constants.
 //
@@ -992,7 +996,7 @@ func (*IPv4OptionRouterAlert) Type() IPv4OptionType { return IPv4OptionRouterAle
 func (ra *IPv4OptionRouterAlert) Size() uint8 { return uint8(len(*ra)) }
 
 // Contents implements IPv4Option.
-func (ra *IPv4OptionRouterAlert) Contents() []byte { return []byte(*ra) }
+func (ra *IPv4OptionRouterAlert) Contents() []byte { return *ra }
 
 // Value returns the value of the IPv4OptionRouterAlert.
 func (ra *IPv4OptionRouterAlert) Value() uint16 {
diff --git a/pkg/tcpip/header/ndp_options.go b/pkg/tcpip/header/ndp_options.go
index 3d1bccd15..d6cad3a94 100644
--- a/pkg/tcpip/header/ndp_options.go
+++ b/pkg/tcpip/header/ndp_options.go
@@ -77,12 +77,12 @@ const (
 
 	// ndpPrefixInformationOnLinkFlagMask is the mask of the On-Link Flag
 	// field in the flags byte within an NDPPrefixInformation.
-	ndpPrefixInformationOnLinkFlagMask = (1 << 7)
+	ndpPrefixInformationOnLinkFlagMask = 1 << 7
 
 	// ndpPrefixInformationAutoAddrConfFlagMask is the mask of the
 	// Autonomous Address-Configuration flag field in the flags byte within
 	// an NDPPrefixInformation.
-	ndpPrefixInformationAutoAddrConfFlagMask = (1 << 6)
+	ndpPrefixInformationAutoAddrConfFlagMask = 1 << 6
 
 	// ndpPrefixInformationReserved1FlagsMask is the mask of the Reserved1
 	// field in the flags byte within an NDPPrefixInformation.
@@ -451,7 +451,7 @@ func (o NDPNonceOption) String() string {
 
 // Nonce returns the nonce value this option holds.
 func (o NDPNonceOption) Nonce() []byte {
-	return []byte(o)
+	return o
 }
 
 // NDPSourceLinkLayerAddressOption is the NDP Source Link Layer Option
diff --git a/pkg/tcpip/header/ndp_router_advert.go b/pkg/tcpip/header/ndp_router_advert.go
index bf7610863..7e2f0c797 100644
--- a/pkg/tcpip/header/ndp_router_advert.go
+++ b/pkg/tcpip/header/ndp_router_advert.go
@@ -19,12 +19,72 @@ import (
 	"time"
 )
 
+// NDPRoutePreference is the preference values for default routers or
+// more-specific routes.
+//
+// As per RFC 4191 section 2.1,
+//
+//   Default router preferences and preferences for more-specific routes
+//   are encoded the same way.
+//
+//   Preference values are encoded as a two-bit signed integer, as
+//   follows:
+//
+//      01      High
+//      00      Medium (default)
+//      11      Low
+//      10      Reserved - MUST NOT be sent
+//
+//   Note that implementations can treat the value as a two-bit signed
+//   integer.
+//
+//   Having just three values reinforces that they are not metrics and
+//   more values do not appear to be necessary for reasonable scenarios.
+type NDPRoutePreference uint8
+
+const (
+	// HighRoutePreference indicates a high preference, as per
+	// RFC 4191 section 2.1.
+	HighRoutePreference NDPRoutePreference = 0b01
+
+	// MediumRoutePreference indicates a medium preference, as per
+	// RFC 4191 section 2.1.
+	//
+	// This is the default preference value.
+	MediumRoutePreference = 0b00
+
+	// LowRoutePreference indicates a low preference, as per
+	// RFC 4191 section 2.1.
+	LowRoutePreference = 0b11
+
+	// ReservedRoutePreference is a reserved preference value, as per
+	// RFC 4191 section 2.1.
+	//
+	// It MUST NOT be sent.
+	ReservedRoutePreference = 0b10
+)
+
 // NDPRouterAdvert is an NDP Router Advertisement message. It will only contain
 // the body of an ICMPv6 packet.
 //
-// See RFC 4861 section 4.2 for more details.
+// See RFC 4861 section 4.2 and RFC 4191 section 2.2 for more details.
 type NDPRouterAdvert []byte
 
+// As per RFC 4191 section 2.2,
+//
+//       0                   1                   2                   3
+//       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+//      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//      |     Type      |     Code      |          Checksum             |
+//      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//      | Cur Hop Limit |M|O|H|Prf|Resvd|       Router Lifetime         |
+//      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//      |                         Reachable Time                        |
+//      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//      |                          Retrans Timer                        |
+//      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+//      |   Options ...
+//      +-+-+-+-+-+-+-+-+-+-+-+-
 const (
 	// NDPRAMinimumSize is the minimum size of a valid NDP Router
 	// Advertisement message (body of an ICMPv6 packet).
@@ -47,6 +107,14 @@ const (
 	// within the bit-field/flags byte of an NDPRouterAdvert.
 	ndpRAOtherConfFlagMask = (1 << 6)
 
+	// ndpDefaultRouterPreferenceShift is the shift of the Prf (Default Router
+	// Preference) field within the flags byte of an NDPRouterAdvert.
+	ndpDefaultRouterPreferenceShift = 3
+
+	// ndpDefaultRouterPreferenceMask is the mask of the Prf (Default Router
+	// Preference) field within the flags byte of an NDPRouterAdvert.
+	ndpDefaultRouterPreferenceMask = (0b11 << ndpDefaultRouterPreferenceShift)
+
 	// ndpRARouterLifetimeOffset is the start of the 2-byte Router Lifetime
 	// field within an NDPRouterAdvert.
 	ndpRARouterLifetimeOffset = 2
@@ -80,6 +148,11 @@ func (b NDPRouterAdvert) OtherConfFlag() bool {
 	return b[ndpRAFlagsOffset]&ndpRAOtherConfFlagMask != 0
 }
 
+// DefaultRouterPreference returns the Default Router Preference field.
+func (b NDPRouterAdvert) DefaultRouterPreference() NDPRoutePreference {
+	return NDPRoutePreference((b[ndpRAFlagsOffset] & ndpDefaultRouterPreferenceMask) >> ndpDefaultRouterPreferenceShift)
+}
+
 // RouterLifetime returns the lifetime associated with the default router. A
 // value of 0 means the source of the Router Advertisement is not a default
 // router and SHOULD NOT appear on the default router list. Note, a value of 0
diff --git a/pkg/tcpip/header/ndp_test.go b/pkg/tcpip/header/ndp_test.go
index 1b5093e58..8fd1f7d13 100644
--- a/pkg/tcpip/header/ndp_test.go
+++ b/pkg/tcpip/header/ndp_test.go
@@ -126,36 +126,83 @@ func TestNDPNeighborAdvert(t *testing.T) {
 }
 
 func TestNDPRouterAdvert(t *testing.T) {
-	b := []byte{
-		64, 128, 1, 2,
-		3, 4, 5, 6,
-		7, 8, 9, 10,
+	tests := []struct {
+		hopLimit                        uint8
+		managedFlag, otherConfFlag      bool
+		prf                             NDPRoutePreference
+		routerLifetimeS                 uint16
+		reachableTimeMS, retransTimerMS uint32
+	}{
+		{
+			hopLimit:        1,
+			managedFlag:     false,
+			otherConfFlag:   true,
+			prf:             HighRoutePreference,
+			routerLifetimeS: 2,
+			reachableTimeMS: 3,
+			retransTimerMS:  4,
+		},
+		{
+			hopLimit:        64,
+			managedFlag:     true,
+			otherConfFlag:   false,
+			prf:             LowRoutePreference,
+			routerLifetimeS: 258,
+			reachableTimeMS: 78492,
+			retransTimerMS:  13213,
+		},
 	}
 
-	ra := NDPRouterAdvert(b)
+	for i, test := range tests {
+		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
+			flags := uint8(0)
+			if test.managedFlag {
+				flags |= 1 << 7
+			}
+			if test.otherConfFlag {
+				flags |= 1 << 6
+			}
+			flags |= uint8(test.prf) << 3
 
-	if got := ra.CurrHopLimit(); got != 64 {
-		t.Errorf("got ra.CurrHopLimit = %d, want = 64", got)
-	}
+			b := []byte{
+				test.hopLimit, flags, 1, 2,
+				3, 4, 5, 6,
+				7, 8, 9, 10,
+			}
+			binary.BigEndian.PutUint16(b[2:], test.routerLifetimeS)
+			binary.BigEndian.PutUint32(b[4:], test.reachableTimeMS)
+			binary.BigEndian.PutUint32(b[8:], test.retransTimerMS)
 
-	if got := ra.ManagedAddrConfFlag(); !got {
-		t.Errorf("got ManagedAddrConfFlag = false, want = true")
-	}
+			ra := NDPRouterAdvert(b)
 
-	if got := ra.OtherConfFlag(); got {
-		t.Errorf("got OtherConfFlag = true, want = false")
-	}
+			if got := ra.CurrHopLimit(); got != test.hopLimit {
+				t.Errorf("got ra.CurrHopLimit() = %d, want = %d", got, test.hopLimit)
+			}
 
-	if got, want := ra.RouterLifetime(), time.Second*258; got != want {
-		t.Errorf("got ra.RouterLifetime = %d, want = %d", got, want)
-	}
+			if got := ra.ManagedAddrConfFlag(); got != test.managedFlag {
+				t.Errorf("got ManagedAddrConfFlag() = %t, want = %t", got, test.managedFlag)
+			}
 
-	if got, want := ra.ReachableTime(), time.Millisecond*50595078; got != want {
-		t.Errorf("got ra.ReachableTime = %d, want = %d", got, want)
-	}
+			if got := ra.OtherConfFlag(); got != test.otherConfFlag {
+				t.Errorf("got OtherConfFlag() = %t, want = %t", got, test.otherConfFlag)
+			}
+
+			if got := ra.DefaultRouterPreference(); got != test.prf {
+				t.Errorf("got DefaultRouterPreference() = %d, want = %d", got, test.prf)
+			}
 
-	if got, want := ra.RetransTimer(), time.Millisecond*117967114; got != want {
-		t.Errorf("got ra.RetransTimer = %d, want = %d", got, want)
+			if got, want := ra.RouterLifetime(), time.Second*time.Duration(test.routerLifetimeS); got != want {
+				t.Errorf("got ra.RouterLifetime() = %d, want = %d", got, want)
+			}
+
+			if got, want := ra.ReachableTime(), time.Millisecond*time.Duration(test.reachableTimeMS); got != want {
+				t.Errorf("got ra.ReachableTime() = %d, want = %d", got, want)
+			}
+
+			if got, want := ra.RetransTimer(), time.Millisecond*time.Duration(test.retransTimerMS); got != want {
+				t.Errorf("got ra.RetransTimer() = %d, want = %d", got, want)
+			}
+		})
 	}
 }
 
diff --git a/pkg/tcpip/header/tcp.go b/pkg/tcpip/header/tcp.go
index 0df517000..8dabe3354 100644
--- a/pkg/tcpip/header/tcp.go
+++ b/pkg/tcpip/header/tcp.go
@@ -48,6 +48,16 @@ const (
 // TCPFlags is the dedicated type for TCP flags.
 type TCPFlags uint8
 
+// Intersects returns true iff there are flags common to both f and o.
+func (f TCPFlags) Intersects(o TCPFlags) bool {
+	return f&o != 0
+}
+
+// Contains returns true iff all the flags in o are contained within f.
+func (f TCPFlags) Contains(o TCPFlags) bool {
+	return f&o == o
+}
+
 // String implements Stringer.String.
 func (f TCPFlags) String() string {
 	flagsStr := []byte("FSRPAU")