summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/stack/stack.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/tcpip/stack/stack.go')
-rw-r--r--pkg/tcpip/stack/stack.go190
1 files changed, 90 insertions, 100 deletions
diff --git a/pkg/tcpip/stack/stack.go b/pkg/tcpip/stack/stack.go
index 119c4c505..57ad412a1 100644
--- a/pkg/tcpip/stack/stack.go
+++ b/pkg/tcpip/stack/stack.go
@@ -376,7 +376,6 @@ func (u *uniqueIDGenerator) UniqueID() uint64 {
type Stack struct {
transportProtocols map[tcpip.TransportProtocolNumber]*transportProtocolState
networkProtocols map[tcpip.NetworkProtocolNumber]NetworkProtocol
- linkAddrResolvers map[tcpip.NetworkProtocolNumber]LinkAddressResolver
// rawFactory creates raw endpoints. If nil, raw endpoints are
// disabled. It is set during Stack creation and is immutable.
@@ -386,6 +385,15 @@ type Stack struct {
stats tcpip.Stats
+ // LOCK ORDERING: mu > route.mu.
+ route struct {
+ mu struct {
+ sync.RWMutex
+
+ table []tcpip.Route
+ }
+ }
+
mu sync.RWMutex
nics map[tcpip.NICID]*NIC
@@ -393,11 +401,6 @@ type Stack struct {
cleanupEndpointsMu sync.Mutex
cleanupEndpoints map[TransportEndpoint]struct{}
- // route is the route table passed in by the user via SetRouteTable(),
- // it is used by FindRoute() to build a route for a specific
- // destination.
- routeTable []tcpip.Route
-
*ports.PortManager
// If not nil, then any new endpoints will have this probe function
@@ -433,6 +436,8 @@ type Stack struct {
// useNeighborCache indicates whether ARP and NDP packets should be handled
// by the NIC's neighborCache instead of linkAddrCache.
+ //
+ // TODO(gvisor.dev/issue/4658): Remove this field.
useNeighborCache bool
// nudDisp is the NUD event dispatcher that is used to send the netstack
@@ -499,13 +504,17 @@ type Options struct {
// NUDConfigs is the default NUD configurations used by interfaces.
NUDConfigs NUDConfigurations
- // UseNeighborCache indicates whether ARP and NDP packets should be handled
- // by the Neighbor Unreachability Detection (NUD) state machine. This flag
- // also enables the APIs for inspecting and modifying the neighbor table via
- // NUDDispatcher and the following Stack methods: Neighbors, RemoveNeighbor,
- // and ClearNeighbors.
+ // UseNeighborCache is unused.
+ //
+ // TODO(gvisor.dev/issue/4658): Remove this field.
UseNeighborCache bool
+ // UseLinkAddrCache indicates that the legacy link address cache should be
+ // used for link resolution.
+ //
+ // TODO(gvisor.dev/issue/4658): Remove this field.
+ UseLinkAddrCache bool
+
// NUDDisp is the NUD event dispatcher that an integrator can provide to
// receive NUD related events.
NUDDisp NUDDispatcher
@@ -635,7 +644,6 @@ func New(opts Options) *Stack {
s := &Stack{
transportProtocols: make(map[tcpip.TransportProtocolNumber]*transportProtocolState),
networkProtocols: make(map[tcpip.NetworkProtocolNumber]NetworkProtocol),
- linkAddrResolvers: make(map[tcpip.NetworkProtocolNumber]LinkAddressResolver),
nics: make(map[tcpip.NICID]*NIC),
cleanupEndpoints: make(map[TransportEndpoint]struct{}),
PortManager: ports.NewPortManager(),
@@ -646,7 +654,7 @@ func New(opts Options) *Stack {
icmpRateLimiter: NewICMPRateLimiter(),
seed: generateRandUint32(),
nudConfigs: opts.NUDConfigs,
- useNeighborCache: opts.UseNeighborCache,
+ useNeighborCache: !opts.UseLinkAddrCache,
uniqueIDGenerator: opts.UniqueID,
nudDisp: opts.NUDDisp,
randomGenerator: mathrand.New(randSrc),
@@ -666,9 +674,6 @@ func New(opts Options) *Stack {
for _, netProtoFactory := range opts.NetworkProtocols {
netProto := netProtoFactory(s)
s.networkProtocols[netProto.Number()] = netProto
- if r, ok := netProto.(LinkAddressResolver); ok {
- s.linkAddrResolvers[r.LinkAddressProtocol()] = r
- }
}
// Add specified transport protocols.
@@ -818,38 +823,37 @@ func (s *Stack) Forwarding(protocolNum tcpip.NetworkProtocolNumber) bool {
//
// This method takes ownership of the table.
func (s *Stack) SetRouteTable(table []tcpip.Route) {
- s.mu.Lock()
- defer s.mu.Unlock()
-
- s.routeTable = table
+ s.route.mu.Lock()
+ defer s.route.mu.Unlock()
+ s.route.mu.table = table
}
// GetRouteTable returns the route table which is currently in use.
func (s *Stack) GetRouteTable() []tcpip.Route {
- s.mu.Lock()
- defer s.mu.Unlock()
- return append([]tcpip.Route(nil), s.routeTable...)
+ s.route.mu.RLock()
+ defer s.route.mu.RUnlock()
+ return append([]tcpip.Route(nil), s.route.mu.table...)
}
// AddRoute appends a route to the route table.
func (s *Stack) AddRoute(route tcpip.Route) {
- s.mu.Lock()
- defer s.mu.Unlock()
- s.routeTable = append(s.routeTable, route)
+ s.route.mu.Lock()
+ defer s.route.mu.Unlock()
+ s.route.mu.table = append(s.route.mu.table, route)
}
// RemoveRoutes removes matching routes from the route table.
func (s *Stack) RemoveRoutes(match func(tcpip.Route) bool) {
- s.mu.Lock()
- defer s.mu.Unlock()
+ s.route.mu.Lock()
+ defer s.route.mu.Unlock()
var filteredRoutes []tcpip.Route
- for _, route := range s.routeTable {
+ for _, route := range s.route.mu.table {
if !match(route) {
filteredRoutes = append(filteredRoutes, route)
}
}
- s.routeTable = filteredRoutes
+ s.route.mu.table = filteredRoutes
}
// NewEndpoint creates a new transport layer endpoint of the given protocol.
@@ -1022,17 +1026,18 @@ func (s *Stack) removeNICLocked(id tcpip.NICID) tcpip.Error {
delete(s.nics, id)
// Remove routes in-place. n tracks the number of routes written.
+ s.route.mu.Lock()
n := 0
- for i, r := range s.routeTable {
- s.routeTable[i] = tcpip.Route{}
+ for i, r := range s.route.mu.table {
+ s.route.mu.table[i] = tcpip.Route{}
if r.NIC != id {
// Keep this route.
- s.routeTable[n] = r
+ s.route.mu.table[n] = r
n++
}
}
-
- s.routeTable = s.routeTable[:n]
+ s.route.mu.table = s.route.mu.table[:n]
+ s.route.mu.Unlock()
return nic.remove()
}
@@ -1357,39 +1362,49 @@ func (s *Stack) FindRoute(id tcpip.NICID, localAddr, remoteAddr tcpip.Address, n
// Find a route to the remote with the route table.
var chosenRoute tcpip.Route
- for _, route := range s.routeTable {
- if len(remoteAddr) != 0 && !route.Destination.Contains(remoteAddr) {
- continue
- }
+ if r := func() *Route {
+ s.route.mu.RLock()
+ defer s.route.mu.RUnlock()
- nic, ok := s.nics[route.NIC]
- if !ok || !nic.Enabled() {
- continue
- }
+ for _, route := range s.route.mu.table {
+ if len(remoteAddr) != 0 && !route.Destination.Contains(remoteAddr) {
+ continue
+ }
- if id == 0 || id == route.NIC {
- if addressEndpoint := s.getAddressEP(nic, localAddr, remoteAddr, netProto); addressEndpoint != nil {
- var gateway tcpip.Address
- if needRoute {
- gateway = route.Gateway
- }
- r := constructAndValidateRoute(netProto, addressEndpoint, nic /* outgoingNIC */, nic /* outgoingNIC */, gateway, localAddr, remoteAddr, s.handleLocal, multicastLoop)
- if r == nil {
- panic(fmt.Sprintf("non-forwarding route validation failed with route table entry = %#v, id = %d, localAddr = %s, remoteAddr = %s", route, id, localAddr, remoteAddr))
+ nic, ok := s.nics[route.NIC]
+ if !ok || !nic.Enabled() {
+ continue
+ }
+
+ if id == 0 || id == route.NIC {
+ if addressEndpoint := s.getAddressEP(nic, localAddr, remoteAddr, netProto); addressEndpoint != nil {
+ var gateway tcpip.Address
+ if needRoute {
+ gateway = route.Gateway
+ }
+ r := constructAndValidateRoute(netProto, addressEndpoint, nic /* outgoingNIC */, nic /* outgoingNIC */, gateway, localAddr, remoteAddr, s.handleLocal, multicastLoop)
+ if r == nil {
+ panic(fmt.Sprintf("non-forwarding route validation failed with route table entry = %#v, id = %d, localAddr = %s, remoteAddr = %s", route, id, localAddr, remoteAddr))
+ }
+ return r
}
- return r, nil
}
- }
- // If the stack has forwarding enabled and we haven't found a valid route to
- // the remote address yet, keep track of the first valid route. We keep
- // iterating because we prefer routes that let us use a local address that
- // is assigned to the outgoing interface. There is no requirement to do this
- // from any RFC but simply a choice made to better follow a strong host
- // model which the netstack follows at the time of writing.
- if canForward && chosenRoute == (tcpip.Route{}) {
- chosenRoute = route
+ // If the stack has forwarding enabled and we haven't found a valid route
+ // to the remote address yet, keep track of the first valid route. We
+ // keep iterating because we prefer routes that let us use a local
+ // address that is assigned to the outgoing interface. There is no
+ // requirement to do this from any RFC but simply a choice made to better
+ // follow a strong host model which the netstack follows at the time of
+ // writing.
+ if canForward && chosenRoute == (tcpip.Route{}) {
+ chosenRoute = route
+ }
}
+
+ return nil
+ }(); r != nil {
+ return r, nil
}
if chosenRoute != (tcpip.Route{}) {
@@ -1517,20 +1532,6 @@ func (s *Stack) SetSpoofing(nicID tcpip.NICID, enable bool) tcpip.Error {
return nil
}
-// AddLinkAddress adds a link address for the neighbor on the specified NIC.
-func (s *Stack) AddLinkAddress(nicID tcpip.NICID, neighbor tcpip.Address, linkAddr tcpip.LinkAddress) tcpip.Error {
- s.mu.RLock()
- defer s.mu.RUnlock()
-
- nic, ok := s.nics[nicID]
- if !ok {
- return &tcpip.ErrUnknownNICID{}
- }
-
- nic.linkAddrCache.AddLinkAddress(neighbor, linkAddr)
- return nil
-}
-
// LinkResolutionResult is the result of a link address resolution attempt.
type LinkResolutionResult struct {
LinkAddress tcpip.LinkAddress
@@ -1561,22 +1562,11 @@ func (s *Stack) GetLinkAddress(nicID tcpip.NICID, addr, localAddr tcpip.Address,
return &tcpip.ErrUnknownNICID{}
}
- linkRes, ok := s.linkAddrResolvers[protocol]
- if !ok {
- return &tcpip.ErrNotSupported{}
- }
-
- if linkAddr, ok := linkRes.ResolveStaticAddress(addr); ok {
- onResolve(LinkResolutionResult{LinkAddress: linkAddr, Success: true})
- return nil
- }
-
- _, _, err := nic.getNeighborLinkAddress(addr, localAddr, linkRes, onResolve)
- return err
+ return nic.getLinkAddress(addr, localAddr, protocol, onResolve)
}
// Neighbors returns all IP to MAC address associations.
-func (s *Stack) Neighbors(nicID tcpip.NICID) ([]NeighborEntry, tcpip.Error) {
+func (s *Stack) Neighbors(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber) ([]NeighborEntry, tcpip.Error) {
s.mu.RLock()
nic, ok := s.nics[nicID]
s.mu.RUnlock()
@@ -1585,11 +1575,11 @@ func (s *Stack) Neighbors(nicID tcpip.NICID) ([]NeighborEntry, tcpip.Error) {
return nil, &tcpip.ErrUnknownNICID{}
}
- return nic.neighbors()
+ return nic.neighbors(protocol)
}
// AddStaticNeighbor statically associates an IP address to a MAC address.
-func (s *Stack) AddStaticNeighbor(nicID tcpip.NICID, addr tcpip.Address, linkAddr tcpip.LinkAddress) tcpip.Error {
+func (s *Stack) AddStaticNeighbor(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address, linkAddr tcpip.LinkAddress) tcpip.Error {
s.mu.RLock()
nic, ok := s.nics[nicID]
s.mu.RUnlock()
@@ -1598,13 +1588,13 @@ func (s *Stack) AddStaticNeighbor(nicID tcpip.NICID, addr tcpip.Address, linkAdd
return &tcpip.ErrUnknownNICID{}
}
- return nic.addStaticNeighbor(addr, linkAddr)
+ return nic.addStaticNeighbor(addr, protocol, linkAddr)
}
// RemoveNeighbor removes an IP to MAC address association previously created
// either automically or by AddStaticNeighbor. Returns ErrBadAddress if there
// is no association with the provided address.
-func (s *Stack) RemoveNeighbor(nicID tcpip.NICID, addr tcpip.Address) tcpip.Error {
+func (s *Stack) RemoveNeighbor(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address) tcpip.Error {
s.mu.RLock()
nic, ok := s.nics[nicID]
s.mu.RUnlock()
@@ -1613,11 +1603,11 @@ func (s *Stack) RemoveNeighbor(nicID tcpip.NICID, addr tcpip.Address) tcpip.Erro
return &tcpip.ErrUnknownNICID{}
}
- return nic.removeNeighbor(addr)
+ return nic.removeNeighbor(protocol, addr)
}
// ClearNeighbors removes all IP to MAC address associations.
-func (s *Stack) ClearNeighbors(nicID tcpip.NICID) tcpip.Error {
+func (s *Stack) ClearNeighbors(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber) tcpip.Error {
s.mu.RLock()
nic, ok := s.nics[nicID]
s.mu.RUnlock()
@@ -1626,7 +1616,7 @@ func (s *Stack) ClearNeighbors(nicID tcpip.NICID) tcpip.Error {
return &tcpip.ErrUnknownNICID{}
}
- return nic.clearNeighbors()
+ return nic.clearNeighbors(protocol)
}
// RegisterTransportEndpoint registers the given endpoint with the stack
@@ -1996,7 +1986,7 @@ func (s *Stack) GetNetworkEndpoint(nicID tcpip.NICID, proto tcpip.NetworkProtoco
}
// NUDConfigurations gets the per-interface NUD configurations.
-func (s *Stack) NUDConfigurations(id tcpip.NICID) (NUDConfigurations, tcpip.Error) {
+func (s *Stack) NUDConfigurations(id tcpip.NICID, proto tcpip.NetworkProtocolNumber) (NUDConfigurations, tcpip.Error) {
s.mu.RLock()
nic, ok := s.nics[id]
s.mu.RUnlock()
@@ -2005,14 +1995,14 @@ func (s *Stack) NUDConfigurations(id tcpip.NICID) (NUDConfigurations, tcpip.Erro
return NUDConfigurations{}, &tcpip.ErrUnknownNICID{}
}
- return nic.nudConfigs()
+ return nic.nudConfigs(proto)
}
// SetNUDConfigurations sets the per-interface NUD configurations.
//
// Note, if c contains invalid NUD configuration values, it will be fixed to
// use default values for the erroneous values.
-func (s *Stack) SetNUDConfigurations(id tcpip.NICID, c NUDConfigurations) tcpip.Error {
+func (s *Stack) SetNUDConfigurations(id tcpip.NICID, proto tcpip.NetworkProtocolNumber, c NUDConfigurations) tcpip.Error {
s.mu.RLock()
nic, ok := s.nics[id]
s.mu.RUnlock()
@@ -2021,7 +2011,7 @@ func (s *Stack) SetNUDConfigurations(id tcpip.NICID, c NUDConfigurations) tcpip.
return &tcpip.ErrUnknownNICID{}
}
- return nic.setNUDConfigs(c)
+ return nic.setNUDConfigs(proto, c)
}
// Seed returns a 32 bit value that can be used as a seed value for port
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-25 22:58:04 +0000