Age | Commit message (Collapse) | Author |
|
Our "Preconditions:" blocks are very useful to determine the input invariants,
but they are bit inconsistent throughout the codebase, which makes them harder
to read (particularly cases with 5+ conditions in a single paragraph).
I've reformatted all of the cases to fit in simple rules:
1. Cases with a single condition are placed on a single line.
2. Cases with multiple conditions are placed in a bulleted list.
This format has been added to the style guide.
I've also mentioned "Postconditions:", though those are much less frequently
used, and all uses already match this style.
PiperOrigin-RevId: 327687465
|
|
PiperOrigin-RevId: 327686558
|
|
As per RFC 8200 Section 4.5:
The Next Header field of the last header of the Per-Fragment
headers is obtained from the Next Header field of the first
fragment's Fragment header.
Test:
- pkg/tcpip/network/ipv6:ipv6_test
- pkg/tcpip/network/ipv4:ipv4_test
- pkg/tcpip/network/fragmentation:fragmentation_test
Updates #2197
PiperOrigin-RevId: 327671635
|
|
PiperOrigin-RevId: 327659759
|
|
PiperOrigin-RevId: 327654207
|
|
Updates #3494
PiperOrigin-RevId: 327548511
|
|
Replace mknod call with mknodat equivalent to protect
against symlink attacks. Also added Mknod tests.
Remove goferfs reliance on gofer to check for file
existence before creating a synthetic entry.
Updates #2923
PiperOrigin-RevId: 327544516
|
|
bazel creates sysmlink to the cache on the first invokation.
On a new clone, there are no symlink, thus `rm -rf bazel-bin/gopath`
has no effect. Call `bazel build something` first, then delete
cached gopath.
PiperOrigin-RevId: 327536044
|
|
Accept 128 + SIGNAL as well as SIGNAL as valid
returns for fork/exec tests.
Also, make changes so that test compiles in opensource. Test
had compile errors on latest Ubuntu 16.04 image with updated bazel to
3.4.0 (as well as base 2.0) used for Kokoro tests.
PiperOrigin-RevId: 327510310
|
|
A later change will introduce the equivalent IPv6 logic.
#3549
PiperOrigin-RevId: 327499064
|
|
Tests that we have the correct initial (empty) state for ip6tables.
#3549
PiperOrigin-RevId: 327477657
|
|
- Remove sendDone, which currently does nothing whatsoever (errors sent to the
channel are completely unused). Instead, have request handlers log errors
they get from p9.send() inline.
- Replace recvOkay and recvDone with recvMu/recvIdle/recvShutdown. In addition
to being slightly clearer (IMO), this eliminates the p9.connState.service()
goroutine, significantly reducing the overhead involved in passing connection
receive access between goroutines (from buffered chan send/recv + unbuffered
chan send/recv to just a mutex unlock/lock).
PiperOrigin-RevId: 327476755
|
|
Stolen from cl/327337408 (ascannell is OOO)
PiperOrigin-RevId: 327475423
|
|
Skip check for ECN bits in native/linux tests. General advice
for the ECN field is to leave the setting to the kernel, so
behavior of the test is undefined for different kernels.
http://www.masterraghu.com/subjects/np/introduction/unix_network_programming_v1.3/ch07lev1sec6.html
PiperOrigin-RevId: 327451414
|
|
test_eintr now passes in the Python runtime tests.
Updates #3515.
PiperOrigin-RevId: 327441081
|
|
Some character and block devices can be seekable. So allow their FD to maintain
file offset.
PiperOrigin-RevId: 327370684
|
|
This interface method is unneeded.
PiperOrigin-RevId: 327370325
|
|
This is needed to avoid circular dependencies between the vfs and kernel
packages.
PiperOrigin-RevId: 327355524
|
|
Updates #1035
PiperOrigin-RevId: 327351475
|
|
PiperOrigin-RevId: 327351357
|
|
Some machines return 128 + signal for failures. Accept that
as a valid result.
PiperOrigin-RevId: 327326113
|
|
RACK requires the segments to be in the order of their transmission
or retransmission times. This cl creates a new list and moves the
retransmitted segments to the end of the list.
PiperOrigin-RevId: 327325153
|
|
Fixes #3243, #3521
PiperOrigin-RevId: 327308890
|
|
PiperOrigin-RevId: 327300635
|
|
tv_usec field should be a multiple of 4K to pass
in open source on linux/native, so make it one.
PiperOrigin-RevId: 327288405
|
|
... including those invoked via flipcall.
PiperOrigin-RevId: 327283194
|
|
Updates #1035
PiperOrigin-RevId: 327253907
|
|
Skip InvalidOffset and InvalidLength for Linux as the test is invalid for
later Kernel versions.
Add UnsupportedFile test as this check is in all kernel versions.
PiperOrigin-RevId: 327248035
|
|
Some systems return 128 + errno instead of just errno, which is the case
here.
PiperOrigin-RevId: 327247836
|
|
PiperOrigin-RevId: 327123477
|
|
PiperOrigin-RevId: 327123331
|
|
Verify checks input data against the merkle tree, and compares the root
hash with expectation.
PiperOrigin-RevId: 327116711
|
|
Setting timeouts for sockets on GCP images (debian) for usecs only
respects multiples of 4K. Set the test with a multiple of 4K with a comment.
PiperOrigin-RevId: 327093848
|
|
Fixes python runtime test test_glob.
Updates #3515
We were checking is the to-be-opened dentry is a dir or not before resolving
symlinks. We should check that after resolving symlinks.
This was preventing us from opening a symlink which pointed to a directory
with O_DIRECTORY.
Also added this check in tmpfs and removed a duplicate check.
PiperOrigin-RevId: 327085895
|
|
Should have been removed in cl/326791119
https://github.com/google/gvisor/commit/9a7b5830aa063895f67ca0fdf653a46906374613
PiperOrigin-RevId: 327074156
|
|
The abstract socket namespace no longer holds any references on sockets.
Instead, TryIncRef() is used when a socket is being retrieved in
BoundEndpoint(). Abstract sockets are now responsible for removing themselves
from the namespace they are in, when they are destroyed.
Updates #1486.
PiperOrigin-RevId: 327064173
|
|
PiperOrigin-RevId: 327042869
|
|
This is in compliance with VFS1. See pkg/sentry/fs/dev/tty.go in the struct
ttyInodeOperations.
Fixes the failure of python runtime test_ioctl.
Updates #3515
PiperOrigin-RevId: 327042758
|
|
Previously the netstack supported assignment of a range of addresses.
This feature is not used so remove it.
PiperOrigin-RevId: 326791119
|
|
The NetworkEndpoint does not need to be created for each address.
Most of the work the NetworkEndpoint does is address agnostic.
PiperOrigin-RevId: 326759605
|
|
- Handle urls ending in /
- Add some url parsing tests
PiperOrigin-RevId: 326750183
|
|
PiperOrigin-RevId: 326733912
|
|
PiperOrigin-RevId: 326693922
|
|
PiperOrigin-RevId: 326686761
|
|
This is a preparatory commit for a larger commit working on
ICMP generation in error cases.
This is removal of technical debt and cleanup in the gvisor code
as part of gvisor issue 2211.
Updates #2211.
PiperOrigin-RevId: 326615389
|
|
Fixes php runtime test ext/standard/tests/file/readfile_basic.phpt
Fixes #3516
fsgofers only want the access mode in the OpenFlags passed to Create(). If more
flags are supplied (like O_APPEND in this case), read/write from that fd will
fail with EBADF. See runsc/fsgofer/fsgofer.go:WriteAt()
VFS2 was providing more than just access modes. So filtering the flags using
p9.OpenFlagsModeMask == linux.O_ACCMODE fixes the issue.
Gofer in VFS1 also only extracts the access mode flags while making the create
RPC. See pkg/sentry/fs/gofer/path.go:Create()
Even in VFS2, when we open a handle, we extract out only the access mode flags
+ O_TRUNC.
See third_party/gvisor/pkg/sentry/fsimpl/gofer/handle.go:openHandle()
Added a test for this.
PiperOrigin-RevId: 326574829
|
|
This change supports using the user supplied MSS (TCP_MAXSEG socket
option) for new socket connections created from a listening TCP socket.
Note that the user supplied MSS will only be used if it is not greater
than the maximum possible MSS for a TCP connection's route. If it is
greater than the maximum possible MSS, the MSS will be capped at that
maximum value.
Test: tcp_test.TestUserSuppliedMSSOnListenAccept
PiperOrigin-RevId: 326567442
|
|
PiperOrigin-RevId: 326563255
|
|
PiperOrigin-RevId: 326553620
|
|
Formerly, when a packet is constructed or parsed, all headers are set by the
client code. This almost always involved prepending to pk.Header buffer or
trimming pk.Data portion. This is known to prone to bugs, due to the complexity
and number of the invariants assumed across netstack to maintain.
In the new PacketHeader API, client will call Push()/Consume() method to
construct/parse an outgoing/incoming packet. All invariants, such as slicing
and trimming, are maintained by the API itself.
NewPacketBuffer() is introduced to create new PacketBuffer. Zero value is no
longer valid.
PacketBuffer now assumes the packet is a concatenation of following portions:
* LinkHeader
* NetworkHeader
* TransportHeader
* Data
Any of them could be empty, or zero-length.
PiperOrigin-RevId: 326507688
|