| Age | Commit message (Collapse) | Author |
|---|
|
Extract parsing utilities so they can be used by the sniffer.
Fixes #3930
PiperOrigin-RevId: 332401880
|
|
This fixes a use-after-free in fuse.DeviceFD.Release.
PiperOrigin-RevId: 332394146
|
|
IPv6 tests will be added in another CL along with ip6tables.
PiperOrigin-RevId: 332389102
|
|
`ip6tables -t filter` is now usable. NAT support will come in a future CL.
#3549
PiperOrigin-RevId: 332381801
|
|
SO_LINGER is a socket level option and should be stored on all endpoints even
though it is used to linger only for TCP endpoints.
PiperOrigin-RevId: 332369252
|
|
PiperOrigin-RevId: 332358833
|
|
Docker does not have IPv6 port forwarding as tracked by the following issue:
https://github.com/moby/moby/issues/11518
So when running bazel itself inside a docker container, we can not use the host
port bindings to communicate with sockets inside the container. This was causing
integration tests and image tests to fail when run through our Makefile targets.
PiperOrigin-RevId: 332355051
|
|
This constant is used to represent int32 stored in file xattrs. The
integers are stored as strings there, so the real size should be the
string size (number of digits) instead of an int size (4 bytes).
PiperOrigin-RevId: 332353217
|
|
PiperOrigin-RevId: 332340342
|
|
This change includes overlay, special regular gofer files, and hostfs.
Fixes #3589.
PiperOrigin-RevId: 332330860
|
|
PiperOrigin-RevId: 332328860
|
|
This is required to make tcpdump work. tcpdump falls back to not using things
like PACKET_RX_RING if setsockopt returns ENOPROTOOPT. This used to be the case
before https://github.com/google/gvisor/commit/6f8fb7e0db2790ff1f5ba835780c03fe245e437f.
Fixes #3981
PiperOrigin-RevId: 332326517
|
|
|
|
This is needed by test/e2e/integration_test:TestCheckpointRestore to check for
filesystem versioning.
PiperOrigin-RevId: 332285566
|
|
Gofer panics are suppressed by p9 server and an error
is returned to the caller, making it effectively the
same as returning EROFS.
PiperOrigin-RevId: 332282959
|
|
PiperOrigin-RevId: 332281930
|
|
PiperOrigin-RevId: 332281912
|
|
All tests under runsc are passing with overlay enabled.
Updates #1487, #1199
PiperOrigin-RevId: 332181267
|
|
PiperOrigin-RevId: 332122081
|
|
OpenAt() for verity fs is implemented by opening both the target file or
directory and the corresponding Merkle tree file in the underlying file
system. Generally they are only open for read. In allowRuntimeEnable
mode, the Merkle tree file is also open for write.
PiperOrigin-RevId: 332116423
|
|
There are two device names on the test net.
- The sniffer/injector device which is always a linux device. Only the
testbench library is interested in this device.
- The device which is on the DUT. It happens to be the same device as
the former if DUT is linux. An individual test might be interested in
this device if the test cares about the device name.
PiperOrigin-RevId: 332112968
|
|
PiperOrigin-RevId: 332097286
|
|
The lifetime of addreses in a loopback interface's associated subnets
should be bound to their respective permanent addresses.
This change also fixes a race when the stack attempts to get an IPv4
rereferencedNetworkEndpoint for an address in an associated subnet on
a loopback interface. Before this change, the stack would only check
if an IPv4 address is contained in an associated subnet while holding
a read lock but wouldn't do this same check after releasing the read
lock for a write lock to create a temporary address. This may cause
the stack to bind the lifetime of the address to a new (temporary)
endpoint instead of the associated subnet's permanent address.
Test: integration_test.TestLoopbackSubnetLifetimeBoundToAddr
PiperOrigin-RevId: 332094719
|
|
PRead is implemented by read from the underlying file in blocks, and
verify each block. The verified contents are saved into the output
buffer.
PiperOrigin-RevId: 332092267
|
|
Neither POSIX.1 nor Linux defines an upperbound for errno.
PiperOrigin-RevId: 332085017
|
|
Added a README describing what these tests are, how they work and how to run
them locally. Also reorganized the exclude files into a directory.
PiperOrigin-RevId: 332079697
|
|
PiperOrigin-RevId: 332069743
|
|
fix #3956
|
|
fix #3963
|
|
|
|
|
|
opendir() is a libc wrapper. Different libc-s can implement it
differently.
|
|
|
|
|
|
copylocks: directory.go:34:7: Allocate passes lock by value:
fuse/fuse.directoryFD contains fuse/fuse.fileDescription contains
pkg/sentry/vfs/vfs.FileDescription contains pkg/sync/sync.Mutex
|
|
readdir_test.cc:134:24: error: variable length arrays are a C99 feature [-Werror,-Wvla-extension]
char readdir_payload[readdir_payload_size];
|
|
test/fuse/benchmark/read_benchmark.cc:34: Failure
Expected: (fuse_prefix) != (nullptr), actual: NULL vs (nullptr)
external/com_google_benchmark/src/benchmark_runner.cc:120: RunInThread:
Check `st.iterations() >= st.max_iterations' failed. Benchmark returned
before State::KeepRunning() returned false!
--- FAIL: Benchmarks_BM_Read/262144/real_time (0.29s)
runner.go:502: test "Benchmarks.BM_Read/262144/real_time" failed
with error exit status 134, want nil
FAIL
|
|
|
|
|
|
When a broadcast packet is received by the stack, the packet should be
delivered to each endpoint that may be interested in the packet. This
includes all any address and specified broadcast address listeners.
Test: integration_test.TestReuseAddrAndBroadcast
PiperOrigin-RevId: 332060652
|
|
|
|
|
|
|
|
Fixes #3696
|
|
|
|
This change implements Release for the FUSE filesystem
and expected behaviors of the FUSE devices.
It includes several checks for aborted connection
in the path for making a request and a function
to abort all the ongoing FUSE requests in order.
|
|
This commit fixes the potential unexpected errors
of original handling of FUSE_RELEASE responses while
keep the same behavior (ignoring any reply).
|
|
This change adds bookkeeping variables for the
FUSE request. With them, old insecure confusing
code we used to process async requests is replaced
by new clear compiling ones. Future code can take
advantage of them to have better control of each
requests.
|
|
This change decouples the code that is weakly
tied to the connection struct from connection.go,
rename variables and files with more meaningful choices,
adds detailed comments, explains lock orders,
and adds other minor improvement to make
the existing FUSE code more readable and
more organized.
Purpose is to avoid too much code in one file
and provide better structure for the
future commits.
|
|
|
