| Age | Commit message (Collapse) | Author |
|---|
|
|
|
- Adds a function to enable RACK in tests.
- RACK update functions are guarded behind the flag tcpRecovery.
PiperOrigin-RevId: 355435973
|
|
|
|
PiperOrigin-RevId: 355434313
|
|
|
|
PiperOrigin-RevId: 355324521
|
|
|
|
PiperOrigin-RevId: 355315140
|
|
|
|
...and a bunch of other things as I worked through the rot. Notably:
- Upgrade to bazel 4.0.0
- Upgrade to Go 1.15.7
Remove go_branch stderr suppression; this made it quite difficult to see
what was failing while developing this patch.
PiperOrigin-RevId: 355257833
|
|
|
|
This was missed in cl/351911375; pipe.VFSPipeFD.SpliceFromNonPipe already calls
Notify.
PiperOrigin-RevId: 355246655
|
|
|
|
PiperOrigin-RevId: 355242055
|
|
|
|
Rename HandleNDupAcks() to HandleLossDetected() as it will enter this when
is detected after:
- reorder window expires and TLP (in case of RACK)
- dupAckCount >= 3
PiperOrigin-RevId: 355237858
|
|
|
|
Because we lack gVisor-internal cgroups, we take the CPU usage of the entire pod
and divide it proportionally according to sentry-internal usage stats.
This fixes `kubectl top pods`, which gets a pod's CPU usage by summing the usage
of its containers.
Addresses #172.
PiperOrigin-RevId: 355229833
|
|
|
|
This allows the package to serve as a general purpose ring0 support package, as
opposed to being bound to specific sentry platforms.
Updates #5039
PiperOrigin-RevId: 355220044
|
|
|
|
|
|
Reported-by: syzbot+db8d83f93b84fcb84374@syzkaller.appspotmail.com
PiperOrigin-RevId: 355213994
|
|
This is replaced with a straight call to bazel. Unfortunately,
the built gazelle target requires a bazel installation to run
anyways.
PiperOrigin-RevId: 355211990
|
|
|
|
Netstack today will send dupACK's with no rate limit for incoming out of
window segments. This can result in ACK loops for example if a TCP socket
connects to itself (actually permitted by TCP). Where the ACK sent in
response to packets being out of order itself gets considered as an out
of window segment resulting in another ACK being generated.
PiperOrigin-RevId: 355206877
|
|
|
|
This is required only for the built-in bazel nogo functionality.
Since we roll these targets manually via the wrappers, we don't need
to use go_tool_library. The inconsistent use of these targets leads
to conflicting instantiations of go_default_library and go_tool_library,
which both contain the same output files.
PiperOrigin-RevId: 355184975
|
|
|
|
Also sync syscall test expectations on Fuchisa.
PiperOrigin-RevId: 355163492
|
|
|
|
* Make split safe.
* Enable looking up next valid address.
* Support mappings with !accessType.Any(), distinct from unmap.
These changes allow for the use of pagetables in low-level OS packages, such
as ring0, and allow for the use of pagetables for more generic address space
reservation (by writing entries with no access specified).
Updates #5039
PiperOrigin-RevId: 355109016
|
|
|
|
This change also adds an extra sanity check to the make_apt.sh script,
in order to ensure that this simple mistake does not occur again.
PiperOrigin-RevId: 355101754
|
|
|
|
Updates #1663
PiperOrigin-RevId: 355077816
|
|
|
|
PiperOrigin-RevId: 355067082
|
|
|
|
It's unclear why permissions wind up corrupted, but these can be cleared
on any failure, similar to the bazel cache itself:
https://buildkite.com/gvisor/pipeline/builds/2304#_
PiperOrigin-RevId: 355057421
|
|
|
|
PiperOrigin-RevId: 355047815
|
|
|
|
This makes it easier to add more tests that run on Ubuntu. We can now just
add a bash script and call that from integration_test without having to set up
another image.
PiperOrigin-RevId: 355000410
|
|
|
|
|
|
Provide appropriate capabilities and adjust Docker socket.
|
|
|
|
|
|
...to remove the need for the transport layer to deduce the type of
error it received.
Rename HandleControlPacket to HandleError as HandleControlPacket only
handles errors.
tcpip.SockError now holds a tcpip.SockErrorCause interface that
different errors can implement.
PiperOrigin-RevId: 354994306
|
