| Age | Commit message (Collapse) | Author |
|---|
|
|
|
PiperOrigin-RevId: 373221316
|
|
|
|
This is a hot path for all incoming packets and we don't
need an exclusive lock here as we are not modifying any
of the fields protected by mu here.
PiperOrigin-RevId: 373181254
|
|
|
|
This is in preparation of having aggregated NIC stats at the stack
level. These validation functions will be needed outside of the
network layer packages to test aggregated NIC stats.
PiperOrigin-RevId: 373180565
|
|
|
|
Currently, we process IPv6 extension headers when receiving packets
but not when forwarding them. This is fine for the most part, with
with one exception: RFC 8200 requires that we process the
Hop-by-Hop headers even while forwarding packets.
This CL adds that support by invoking the Hop-by-hop logic performed
when receiving packets during forwarding as well.
PiperOrigin-RevId: 373145478
|
|
|
|
Fixes invocation of the Github issue reviver by including the required 'path'
command line option. Also updates the issue reviver to add a 'revived' label to
revived issues. Issues with a 'revived' label will no longer be marked as
stale.
PiperOrigin-RevId: 373046772
|
|
|
|
PiperOrigin-RevId: 372993341
|
|
|
|
PiperOrigin-RevId: 372608247
|
|
This patch is to solve problem that vCPU timer mess up when
adding vCPU dynamically on ARM64, for detailed information
please refer to:
https://github.com/google/gvisor/issues/5739
There is no influence on x86 and here are main changes for
ARM64:
1. create maxVCPUs number of vCPU in machine initialization
2. we want to sync gvisor vCPU number with host CPU number,
so use smaller number between runtime.NumCPU and
KVM_CAP_MAX_VCPUS to be maxVCPUS
3. put unused vCPUs into architecture-specific map initialvCPUs
4. When machine need to bind a new vCPU with tid, rather
than creating new one, it would pick a vCPU from map initalvCPUs
5. change the setSystemTime function. When vCPU number increasing,
the time cost for function setTSC(use syscall to set cntvoff) is
liner growth from around 300 ns to 100000 ns, and this leads to
the function setSystemTimeLegacy can not get correct offset
value.
6. initializing StdioFDs and goferFD before a platform to avoid
StdioFDs confects with vCPU fds
Signed-off-by: howard zhang <howard.zhang@arm.com>
|
|
|
|
This change implements /proc/cmdline with a basic faux command line
"BOOT_IMAGE=/vmlinuz-[version]-gvisor quiet" so apps that may expect
it do not receive errors.
Also tests for the existence of /proc/cmdline as part of the system
call test suite
PiperOrigin-RevId: 372462070
|
|
|
|
...to conform with Linux's `accept_ra` sysctl option.
```
accept_ra - INTEGER
Accept Router Advertisements; autoconfigure using them.
It also determines whether or not to transmit Router
Solicitations. If and only if the functional setting is to
accept Router Advertisements, Router Solicitations will be
transmitted.
Possible values are:
0 Do not accept Router Advertisements.
1 Accept Router Advertisements if forwarding is disabled.
2 Overrule forwarding behaviour. Accept Router Advertisements
even if forwarding is enabled.
Functional default: enabled if local forwarding is disabled.
disabled if local forwarding is enabled.
```
With this change, routers may be solicited even if the stack is has
forwarding enabled, as long as the interface is configured to handle
RAs when forwarding is enabled.
PiperOrigin-RevId: 372406501
|
|
|
|
PiperOrigin-RevId: 372376653
|
|
|
|
When loading cgroups for another process, `/proc/self` was used in
a few places, causing the end state to be a mix of the process
and self. This is now fixes to always use the proper `/proc/[pid]`
path.
Added net_prio and net_cls to the list of optional controllers. This
is to allow runsc to execute then these cgroups are disabled as long
as there are no net_prio and net_cls limits that need to be applied.
Deflake TestMultiContainerEvent.
Closes #5875
Closes #5887
PiperOrigin-RevId: 372242687
|
|
|
|
PiperOrigin-RevId: 372221411
|
|
|
|
...to conform with Linux's `accept_ra` sysctl option.
```
accept_ra - INTEGER
Accept Router Advertisements; autoconfigure using them.
It also determines whether or not to transmit Router
Solicitations. If and only if the functional setting is to
accept Router Advertisements, Router Solicitations will be
transmitted.
Possible values are:
0 Do not accept Router Advertisements.
1 Accept Router Advertisements if forwarding is disabled.
2 Overrule forwarding behaviour. Accept Router Advertisements
even if forwarding is enabled.
Functional default: enabled if local forwarding is disabled.
disabled if local forwarding is enabled.
```
PiperOrigin-RevId: 372214640
|
|
Before this change, we would silently drop packets when unable to determine a
route to the destination host. This change brings us into line with RFC 792
(IPv4) and RFC 4443 (IPv6), both of which specify that gateways should return
an ICMP error to the sender when unable to reach the destination.
Startblock:
has LGTM from asfez
and then
add reviewer ghanan
PiperOrigin-RevId: 372214051
|
|
|
|
PiperOrigin-RevId: 372166050
|
|
|
|
...to match linux behaviour:
```
$ sudo sysctl net.ipv6.conf.eno1.forwarding
net.ipv6.conf.eno1.forwarding = 0
$ ip addr list dev eno1
2: eno1: <...> ...
inet6 PREFIX:TEMP_IID/64 scope global temporary dynamic
valid_lft 209363sec preferred_lft 64024sec
inet6 PREFIX:GLOBAL_STABLE_IID/64 scope global dynamic mngtmpaddr ...
valid_lft 209363sec preferred_lft 209363sec
inet6 fe80::LINKLOCAL_STABLE_IID/64 scope link
valid_lft forever preferred_lft forever
$ sudo sysctl -w "net.ipv6.conf.all.forwarding=1"
net.ipv6.conf.all.forwarding = 1
$ sudo sysctl net.ipv6.conf.eno1.forwarding
net.ipv6.conf.eno1.forwarding = 1
$ ip addr list dev eno1
2: eno1: <...> ...
inet6 PREFIX:TEMP_IID/64 scope global temporary dynamic
valid_lft 209339sec preferred_lft 64000sec
inet6 PREFIX:GLOBAL_STABLE_IID/64 scope global dynamic mngtmpaddr ...
valid_lft 209339sec preferred_lft 209339sec
inet6 fe80::LINKLOCAL_STABLE_IID/64 scope link
valid_lft forever preferred_lft forever
$ ip -6 route list
...
PREFIX::/64 dev eno1 proto ra metric 100 expires 209241sec pref medium
default via fe80::ROUTER_IID dev eno1 proto ra ...
```
PiperOrigin-RevId: 372146689
|
|
|
|
On receiving an ICMP error during handshake, the error is propagated
by reading `endpoint.lastError`. This can race with the socket layer
invoking getsockopt() with SO_ERROR where the same value is read and
cleared, causing the handshake to bail out with a non-error state.
Fix the race by checking for lastError state and failing the
handshake with ErrConnectionAborted if the lastError was read and
cleared by say SO_ERROR.
The race mentioned in the bug, is caught only with the newly added
tcp_test unit test, where we have control over stopping/resuming
protocol loop. Adding a packetimpact test as well for sanity testing
of ICMP error handling during handshake.
Fixes #5922
PiperOrigin-RevId: 372135662
|
|
|
|
Due to https://github.com/moby/moby/issues/42345, the docker daemon is passing
the incorrect `--root` flag to runsc. So our profiler is not able to find the
container stat files where it expects them to be.
PiperOrigin-RevId: 372067954
|
|
|
|
Listen backlog value is 1 more than what is configured by the socket
layer listen call. TestListenBacklogFull expects this behavior which
is incorrect as it directly invokes endpoint Listen and with
cl/369974744, backlog++ logic is moved to the callers of Listen().
This test passes sometimes, because the handshakes could overlap causing
the last SYN to arrive at the listener before the previous handshake is
enqueued to the accept queue. In such a case the accept queue is still
not full and the SYN is replied to. The final ACK of this last handshake
would get dropped eventually.
PiperOrigin-RevId: 372041827
|
|
|
|
With debugging enabled, go-marshal can generate too much output for
bazel under default configurations, which can cause builds to
fail. The limit defaults to 1 MB.
PiperOrigin-RevId: 372030402
|
|
|
|
PiperOrigin-RevId: 372022596
|
|
PiperOrigin-RevId: 372021039
|
|
PiperOrigin-RevId: 372020696
|
|
|
|
PiperOrigin-RevId: 372012795
|
|
|
|
According to the OCI spec Mount.Type is an optional field and it
defaults to "bind" when any of "bind" or "rbind" is included in
Mount.Options.
Also fix the shim to remove bind/rbind from options when mount is
converted from bind to tmpfs inside the Sentry.
Fixes #2330
Fixes #3274
PiperOrigin-RevId: 371996891
|
|
|
|
PiperOrigin-RevId: 371963265
|
