Age | Commit message (Collapse) | Author |
|
|
|
This change implements /proc/cmdline with a basic faux command line
"BOOT_IMAGE=/vmlinuz-[version]-gvisor quiet" so apps that may expect
it do not receive errors.
Also tests for the existence of /proc/cmdline as part of the system
call test suite
PiperOrigin-RevId: 372462070
|
|
|
|
...to conform with Linux's `accept_ra` sysctl option.
```
accept_ra - INTEGER
Accept Router Advertisements; autoconfigure using them.
It also determines whether or not to transmit Router
Solicitations. If and only if the functional setting is to
accept Router Advertisements, Router Solicitations will be
transmitted.
Possible values are:
0 Do not accept Router Advertisements.
1 Accept Router Advertisements if forwarding is disabled.
2 Overrule forwarding behaviour. Accept Router Advertisements
even if forwarding is enabled.
Functional default: enabled if local forwarding is disabled.
disabled if local forwarding is enabled.
```
With this change, routers may be solicited even if the stack is has
forwarding enabled, as long as the interface is configured to handle
RAs when forwarding is enabled.
PiperOrigin-RevId: 372406501
|
|
|
|
PiperOrigin-RevId: 372376653
|
|
|
|
When loading cgroups for another process, `/proc/self` was used in
a few places, causing the end state to be a mix of the process
and self. This is now fixes to always use the proper `/proc/[pid]`
path.
Added net_prio and net_cls to the list of optional controllers. This
is to allow runsc to execute then these cgroups are disabled as long
as there are no net_prio and net_cls limits that need to be applied.
Deflake TestMultiContainerEvent.
Closes #5875
Closes #5887
PiperOrigin-RevId: 372242687
|
|
|
|
PiperOrigin-RevId: 372221411
|
|
|
|
...to conform with Linux's `accept_ra` sysctl option.
```
accept_ra - INTEGER
Accept Router Advertisements; autoconfigure using them.
It also determines whether or not to transmit Router
Solicitations. If and only if the functional setting is to
accept Router Advertisements, Router Solicitations will be
transmitted.
Possible values are:
0 Do not accept Router Advertisements.
1 Accept Router Advertisements if forwarding is disabled.
2 Overrule forwarding behaviour. Accept Router Advertisements
even if forwarding is enabled.
Functional default: enabled if local forwarding is disabled.
disabled if local forwarding is enabled.
```
PiperOrigin-RevId: 372214640
|
|
Before this change, we would silently drop packets when unable to determine a
route to the destination host. This change brings us into line with RFC 792
(IPv4) and RFC 4443 (IPv6), both of which specify that gateways should return
an ICMP error to the sender when unable to reach the destination.
Startblock:
has LGTM from asfez
and then
add reviewer ghanan
PiperOrigin-RevId: 372214051
|
|
|
|
PiperOrigin-RevId: 372166050
|
|
|
|
...to match linux behaviour:
```
$ sudo sysctl net.ipv6.conf.eno1.forwarding
net.ipv6.conf.eno1.forwarding = 0
$ ip addr list dev eno1
2: eno1: <...> ...
inet6 PREFIX:TEMP_IID/64 scope global temporary dynamic
valid_lft 209363sec preferred_lft 64024sec
inet6 PREFIX:GLOBAL_STABLE_IID/64 scope global dynamic mngtmpaddr ...
valid_lft 209363sec preferred_lft 209363sec
inet6 fe80::LINKLOCAL_STABLE_IID/64 scope link
valid_lft forever preferred_lft forever
$ sudo sysctl -w "net.ipv6.conf.all.forwarding=1"
net.ipv6.conf.all.forwarding = 1
$ sudo sysctl net.ipv6.conf.eno1.forwarding
net.ipv6.conf.eno1.forwarding = 1
$ ip addr list dev eno1
2: eno1: <...> ...
inet6 PREFIX:TEMP_IID/64 scope global temporary dynamic
valid_lft 209339sec preferred_lft 64000sec
inet6 PREFIX:GLOBAL_STABLE_IID/64 scope global dynamic mngtmpaddr ...
valid_lft 209339sec preferred_lft 209339sec
inet6 fe80::LINKLOCAL_STABLE_IID/64 scope link
valid_lft forever preferred_lft forever
$ ip -6 route list
...
PREFIX::/64 dev eno1 proto ra metric 100 expires 209241sec pref medium
default via fe80::ROUTER_IID dev eno1 proto ra ...
```
PiperOrigin-RevId: 372146689
|
|
|
|
On receiving an ICMP error during handshake, the error is propagated
by reading `endpoint.lastError`. This can race with the socket layer
invoking getsockopt() with SO_ERROR where the same value is read and
cleared, causing the handshake to bail out with a non-error state.
Fix the race by checking for lastError state and failing the
handshake with ErrConnectionAborted if the lastError was read and
cleared by say SO_ERROR.
The race mentioned in the bug, is caught only with the newly added
tcp_test unit test, where we have control over stopping/resuming
protocol loop. Adding a packetimpact test as well for sanity testing
of ICMP error handling during handshake.
Fixes #5922
PiperOrigin-RevId: 372135662
|
|
|
|
Due to https://github.com/moby/moby/issues/42345, the docker daemon is passing
the incorrect `--root` flag to runsc. So our profiler is not able to find the
container stat files where it expects them to be.
PiperOrigin-RevId: 372067954
|
|
|
|
Listen backlog value is 1 more than what is configured by the socket
layer listen call. TestListenBacklogFull expects this behavior which
is incorrect as it directly invokes endpoint Listen and with
cl/369974744, backlog++ logic is moved to the callers of Listen().
This test passes sometimes, because the handshakes could overlap causing
the last SYN to arrive at the listener before the previous handshake is
enqueued to the accept queue. In such a case the accept queue is still
not full and the SYN is replied to. The final ACK of this last handshake
would get dropped eventually.
PiperOrigin-RevId: 372041827
|
|
|
|
With debugging enabled, go-marshal can generate too much output for
bazel under default configurations, which can cause builds to
fail. The limit defaults to 1 MB.
PiperOrigin-RevId: 372030402
|
|
|
|
PiperOrigin-RevId: 372022596
|
|
PiperOrigin-RevId: 372021039
|
|
PiperOrigin-RevId: 372020696
|
|
|
|
PiperOrigin-RevId: 372012795
|
|
|
|
According to the OCI spec Mount.Type is an optional field and it
defaults to "bind" when any of "bind" or "rbind" is included in
Mount.Options.
Also fix the shim to remove bind/rbind from options when mount is
converted from bind to tmpfs inside the Sentry.
Fixes #2330
Fixes #3274
PiperOrigin-RevId: 371996891
|
|
|
|
PiperOrigin-RevId: 371963265
|
|
|
|
PiperOrigin-RevId: 371829568
|
|
|
|
Previously, tcpip.StdClock depended on linking with the unexposed method
time.now to implement tcpip.Clock using the time package. This change
updates the standard clock to not require manually linking to this
unexported method and use publicly documented functions from the time
package.
PiperOrigin-RevId: 371805101
|
|
|
|
...as all GSO capable endpoints must implement GSOEndpoint.
PiperOrigin-RevId: 371804175
|
|
|
|
Not really designed to be used this way, but it works and it's been relied
upon. Add a test.
PiperOrigin-RevId: 371802756
|
|
|
|
PiperOrigin-RevId: 371776583
|
|
|
|
In order to resolve path names, fsSymlink.Readlink() may need to reenter
kernfs. Change the code so that kernfs.Inode.Readlink() is called without
locks and document the new contract.
PiperOrigin-RevId: 371770222
|
|
|
|
When a child is added to a parent (directory) dentry, both child and parent are
queued for checkCachingLocked(). Make sure that the parent is queued first
because the parent gained a ref and so could be removed from the LRU cache hence
making space for the new child. This could prevent an LRU cache eviction.
In practice, this did seem to help. ~800 RPCs were reduced while building
//absl/... (ABSL build benchmark). Evictions hurt in 2 ways - create renameMu
contention and destroy a possibly useful dentry which will have to be re-walked
and re-opened later.
Follow up fix for #5859.
PiperOrigin-RevId: 371509392
|
|
|