summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-10-06Clarify incorrect behavior on gVisorTamir Duberstein
gVisor is a strong host, preventing packets from being sent from a device using the another device's address as the source. Linux is a weak host which allows this. Updates #6686. PiperOrigin-RevId: 401260128
2021-10-06Do not skip IPv6 tests when we don't have IPv4Tamir Duberstein
PiperOrigin-RevId: 401251635
2021-10-05Merge pull request #6687 from zchee:atomicbitops-nosplitgVisor bot
PiperOrigin-RevId: 401152818
2021-10-05Centralize skip logicTamir Duberstein
- Inline `IfAddrHelper` into its sole user - Implement pretty-printing `sockaddr_ll` - Make test class members private, add const accessors - Log all interface addresses on SetUp for b/137899561 Simplify some things while I'm here. PiperOrigin-RevId: 401112402
2021-10-05Add server implementation for sharedmem endpoints.Bhasker Hariharan
PiperOrigin-RevId: 401088040
2021-10-05Merge pull request #6689 from avagin:bazel-updategVisor bot
PiperOrigin-RevId: 401053179
2021-10-05Enable passing syscall testsTamir Duberstein
PiperOrigin-RevId: 400952164
2021-10-04Update bazel packagesAndrei Vagin
2021-10-04Reply to invalid ACKs even when accept queue is fullArthur Sfez
Before checking if there is space in the accept queue, the listener should verify that the cookie is valid. If it is not, instead of silently dropping the packet, reply with an RST. Fixes #6683 PiperOrigin-RevId: 400807346
2021-10-04Test listener receiving an invalid ACK while the accept queue is fullArthur Sfez
Updates #6683 PiperOrigin-RevId: 400745768
2021-10-04No split to assembly and noasm functions on atomicbitops packageKoichi Shiraishi
Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>
2021-10-01Read lock when getting connectionsGhanan Gowripalan
We should avoid taking the write lock to avoid contention when looking for a packet's tracked connection. No need to reap timed out connections when looking for connections as the reaper (which runs periodically) will handle that. PiperOrigin-RevId: 400322514
2021-10-01Drop ConnTrack.handlePacketGhanan Gowripalan
Move the hook specific logic to the IPTables hook functions. This lets us avoid having to perform checks on the hook to determine what action to take. Later changes will drop the need for handlePacket's return value, reducing the value of this function that all hooks call into. PiperOrigin-RevId: 400298023
2021-10-01Drop conn.tcbHookGhanan Gowripalan
...as the packet's direction gives us the information that tcbHook is used to derive. PiperOrigin-RevId: 400280102
2021-10-01Annotate checklocks on mutex protected fieldsGhanan Gowripalan
...to catch lock-related bugs in nogo tests. Updates #6566. PiperOrigin-RevId: 400265818
2021-10-01Merge pull request #6551 from sudo-sturbia:msgqueue/procfsgVisor bot
PiperOrigin-RevId: 400258924
2021-10-01Drop IPTables.checkPacketsGhanan Gowripalan
...and have `CheckOutputPackets`, `CheckPostroutingPackets` call their equivalent methods that operate on a single packet buffer directly. This is so that the `Check{Output, Postrouting}Packets` methods may leverage any hook-specific work that `Check{Output, Postrouting}` may perform. Note: Later changes will add hook-specific logic to the `Check{Output, Postrouting}` methods. PiperOrigin-RevId: 400255651
2021-10-01Let connection handle tracked packetsGhanan Gowripalan
...to save a call to `ConnTrack.connFor` when callers already have a reference to the ConnTrack entry. PiperOrigin-RevId: 400244955
2021-10-01[bm-dashboard] Upgrade vulnerable node packages.Zach Koopmans
Note: this code is auto generated using npm update. PiperOrigin-RevId: 400227038
2021-10-01Use root context to mount volumesFabricio Voznika
Fixes #6643 PiperOrigin-RevId: 400218778
2021-10-01Move pendingEndpoints to acceptQueueTamir Duberstein
This obsoletes the need for the pendingMu and pending, since they are redundant with acceptMu and pendingAccepted. Fixes #6671. PiperOrigin-RevId: 400162391
2021-09-30Test syn and accept queue behavior on shutdownTamir Duberstein
Enhance the backlog test to exercise the syn queue. Updates #6671. PiperOrigin-RevId: 400094530
2021-09-30kernel: print PID in addition to TID in task log messagesAndrei Vagin
For multithreads processes, it is hard to read logs without knowing task pids. And let's print a decimal return codeo for syscalls. A hex return code are usefull for system calls that return addresses. For other syscalls, the decimal form is more readable. PiperOrigin-RevId: 400035449
2021-09-30Skip analysis of standard library packages using genericsMichael Pratt
The upstream analysis packages we depend on do not yet support analysis of code using Go 1.18 type parameter features, making analysis of the Go tip standard library choke and crash. Skip these packages for now. PiperOrigin-RevId: 400030256
2021-09-30Add timer_create and timer_settime to filtersMichael Pratt
Go 1.18 (as of golang.org/cl/324129) uses per-thread timers created and set with timer_create/timer_settime for more accurate CPU pprof profiling. Add these syscalls to the allowed syscall filters. PiperOrigin-RevId: 399941561
2021-09-29Setup sniffer teardown earlierTamir Duberstein
This prevents an iptables failure from deadlocking the test. PiperOrigin-RevId: 399822238
2021-09-29Avoid comparisons to zero value of acceptQueueTamir Duberstein
PiperOrigin-RevId: 399765414
2021-09-29Rename accepted -> acceptQueueTamir Duberstein
Rename cap -> capacity to avoid collision with the builtin. PiperOrigin-RevId: 399753630
2021-09-29Remove syncRcvdCountTamir Duberstein
This is redundant with listenContext.pendingEndpoints PiperOrigin-RevId: 399722472
2021-09-28Move `safecopy.ReplaceSignalHandler` into `sighandling` package.Etienne Perot
PiperOrigin-RevId: 399560357
2021-09-28Inline handleSynSegmentTamir Duberstein
This function has only one caller. Remove segment reference count manipulation since it is only used synchronously. PiperOrigin-RevId: 399525343
2021-09-28Support naive Masquerade NAT targetGhanan Gowripalan
* Does not accept a port range (Issue #5772). * Does not support checking for tuple conflits (Issue #5773). PiperOrigin-RevId: 399524088
2021-09-27Move `sighandling` package out of `sentry`.Etienne Perot
PiperOrigin-RevId: 399295737
2021-09-27Implement S/R for StatsTamir Duberstein
PiperOrigin-RevId: 399276940
2021-09-27Prevent PacketData from being modified.Ayush Ranjan
PacketData should not be modified and should be treated readonly because it represents packet payload. The old DeleteFront method allowed callers to modify the underlying buffer which should not be allowed. Added a way to consume from the PacketData instead of deleting from it. Updated call points to use that instead. Reported-by: syzbot+faee5cb350f769a52d1b@syzkaller.appspotmail.com PiperOrigin-RevId: 399268473
2021-09-27Store pending endpoints in a setTamir Duberstein
There's no need for synthetic keys here. PiperOrigin-RevId: 399263134
2021-09-27Add procfs files for SysV message queues.Zyad A. Ali
2021-09-24Merge pull request #6570 from sudo-sturbia:ipc/procgVisor bot
PiperOrigin-RevId: 398849334
2021-09-24Update the comment for Task.netnsAndrei Vagin
Task.netns can be accessed atomically, so Task.mu isn't needed to access it. PiperOrigin-RevId: 398773947
2021-09-24Merge pull request #6647 from avagin:task-netnsgVisor bot
PiperOrigin-RevId: 398763161
2021-09-24Run proc's static-file tests in a container.Zyad A. Ali
Some /proc files are static in gVisor, but can be updated in native linux. To test the values of these files, move them to a separate test and run it using "container" tag to avoid faulty comparisons in native. Since a separate IPC namespace is used, update shm comparisons to check the actual value, not an interval.
2021-09-23Allow lisafs client to send more data than MaxMessageSize using chunks.Ayush Ranjan
The p9 client does the same. This allows applications to read/write >= 2MB of data. This enables the read write benchmarks to work with lisafs. Updates #5466 PiperOrigin-RevId: 398659947
2021-09-23kernel: allow to access Task.netns without taking Task.muAndrei Vagin
This allows to avoind unnecessary lock-ordering dependencies on task.mu.
2021-09-23Create the cgroupfs mount point in sysfs.Rahat Mahmood
Create the /sys/fs/cgroup directory when cgroups are available. This creates the empty directory to serve as the mountpoint, actually mounting cgroups is left to the launcher/userspace. This is consistent with Linux behaviour. Without this mountpoint, getdents(2) on /sys/fs indicates an empty directory even if the launcher mounts cgroupfs at /sys/fs/cgroup. The launcher can't create the mountpoint directory since sysfs doesn't support mkdir. PiperOrigin-RevId: 398596698
2021-09-23Merge pull request #6573 from avagin:kvm-seccomp-mmapgVisor bot
PiperOrigin-RevId: 398572735
2021-09-23Pass AddressableEndpoint to IPTablesGhanan Gowripalan
...instead of an address. This allows a later change to more precisely select an address based on the NAT type (source vs. destination NAT). PiperOrigin-RevId: 398559901
2021-09-23Implement S/R for TransportEndpointStatsTamir Duberstein
PiperOrigin-RevId: 398559780
2021-09-23Compose ICMP endpoint with datagram-based endpointGhanan Gowripalan
An ICMP endpoint's write path can use the datagram-based endpoint. Updates #6565. Test: Datagram-based generic socket + ICMP/ping syscall tests. PiperOrigin-RevId: 398539844
2021-09-23Introduce method per iptables hookGhanan Gowripalan
...to make it clear what arguments are needed per hook. PiperOrigin-RevId: 398538776
2021-09-23Avoid listenContext.listenEP when it is the receiverTamir Duberstein
This circular reference is misleading at best, and the various code and commentary that claim `listenEP` can be nil are impossible by definition. Add checklocks annotations to enforce preconditions. PiperOrigin-RevId: 398517574
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 04:38:16 +0000