summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-07-01Merge release-20200622.1-50-g068716ddf (automated)gVisor bot
2020-07-01Fix FAQ URLMichael Pratt
The existing gvisor.dev/faq link returns 404 because the full URL has mistakenly been capitalized. PiperOrigin-RevId: 319233173
2020-07-01Merge release-20200622.1-49-gcda2979b6 (automated)gVisor bot
2020-07-01Complete async signal delivery support in vfs2.Dean Deng
- Support FIOASYNC, FIO{SET,GET}OWN, SIOC{G,S}PGRP (refactor getting/setting owner in the process). - Unset signal recipient when setting owner with pid == 0 and valid owner type. Updates #2923. PiperOrigin-RevId: 319231420
2020-07-01Merge release-20200622.1-48-gb8f165ab1 (automated)gVisor bot
2020-07-01Fix HTTPD benchmarks to correctly serve files from /tmp.Bhasker Hariharan
Fixes #3113 PiperOrigin-RevId: 319216671
2020-07-01Merge release-20200622.1-47-gc9446f053 (automated)gVisor bot
2020-06-30Fix two bugs in TCP sender.Bhasker Hariharan
a) When GSO is in use we should not cap the segment to maxPayloadSize in sender.maybeSendSegment as the GSO logic will cap the segment to the correct size. Without this the host GSO is not used as we end up breaking up large segments into small MSS sized segments before writing the packets to the host. b) The check to not split a segment due to it not fitting in the receiver window when there are pending segments is incorrect as segments in writeList can be really large as we just take the write call's buffer size and create a single large segment. So a write of say 128KB will just be 1 segment in the writeList. The linux code checks if 1 MSS sized segments fits in the receiver's window and if not then does not split the current segment. gVisor's check was incorrect that it was checking if the whole segment which could be >>> 1 MSS would fit in the receiver's window. This was causing us to prematurely stop sending and falling back to retransmit timer/probe from the other end to send data. This was seen when running HTTPD benchmarks where @ HEAD when sending large files the benchmark was taking forever to run. The tcp_splitseg_mss_test.go is being deleted as the test as written doesn't test what is intended correctly. This is because GSO is enabled by default and the reason the MSS+1 sized segment is sent is because GSO is in use. A proper test will require disabling GSO on linux and netstack which is going to take a bit of work in packetimpact to do it correctly. Separately a new test probably should be written that verifies that a segment > availableWindow is not split if the availableWindow is < 1 MSS. Fixes #3107 PiperOrigin-RevId: 319172089
2020-07-01Merge release-20200622.1-46-g43f5dd95a (automated)gVisor bot
2020-06-30Fix index calculation for /proc/[pid]/cmdline.Dean Deng
We were truncating buf using a index relative to the middle of the slice (i.e. where envv begins), but we need to calculate the index relative to the entire slice. Updates #2923. PiperOrigin-RevId: 319154950
2020-07-01Merge release-20200622.1-45-g20d571b0c (automated)gVisor bot
2020-06-30Allow O_DIRECT on vfs2 tmpfs files.Dean Deng
Updates #2923. PiperOrigin-RevId: 319153792
2020-07-01Merge release-20200622.1-44-gc4bdd0118 (automated)gVisor bot
2020-06-30Add missing newline in /sys/devices/systen/cpu/onineBhasker Hariharan
PiperOrigin-RevId: 319143410
2020-06-30Merge release-20200622.1-43-g44071cc7f (automated)gVisor bot
2020-06-30Remove struct packing to fix compiler warning.Dean Deng
-Waddress-of-packed-member warns on inet_aton() being used with a packed struct member. This was added in cl/291990716. PiperOrigin-RevId: 319111253
2020-06-30Merge release-20200622.1-42-g4784ed46e (automated)gVisor bot
2020-06-30Avoid multiple atomic loadsTamir Duberstein
...by calling (*tcp.endpoint).EndpointState only once when possible. Avoid wrapping (*sleep.Waker).Assert in a useless func while I'm here. PiperOrigin-RevId: 319074149
2020-06-30Merge release-20200622.1-41-gdce2dfae0 (automated)gVisor bot
2020-06-30Add build target for the provisional style guide.Dean Deng
This includes the provisional style guide in the website and fixes the broken link from CONTRIBUTING.md. The style guide will be located under the "Community" category as it's related to contributing to the project. Also, add missing includes that were causing some presubmits to fail. PiperOrigin-RevId: 319061410
2020-06-29Merge release-20200622.1-40-g5b0d8ff69 (automated)gVisor bot
2020-06-29Refactor udp_socket_testZach Koopmans
Bring udp_socket_test into complianc by: - Eliminating IsRunningOnGvisor() invocations. - Wrapping sockets in RAII FileDescriptor objects. - Creating a Bind() method so that the first bind happens on port 0. PiperOrigin-RevId: 318909396
2020-06-28Merge release-20200622.1-39-ge8f1a5c1f (automated)gVisor bot
2020-06-27Port GETOWN, SETOWN fcntls to vfs2.Dean Deng
Also make some fixes to vfs1's F_SETOWN. The fcntl test now entirely passes on vfs2. Fixes #2920. PiperOrigin-RevId: 318669529
2020-06-27Merge release-20200622.1-38-g02d552d07 (automated)gVisor bot
2020-06-27Support sticky bit in vfs2.Dean Deng
Updates #2923. PiperOrigin-RevId: 318648128
2020-06-27Merge release-20200622.1-37-g691c04278 (automated)gVisor bot
2020-06-27Add documentation for vfs2 inotify.Dean Deng
Updates #1479. PiperOrigin-RevId: 318631247
2020-06-27Merge release-20200622.1-36-gbab3c36ef (automated)gVisor bot
2020-06-26Add style guide.Ian Gudger
PiperOrigin-RevId: 318591900
2020-06-27Merge release-20200622.1-35-g85be13d9a (automated)gVisor bot
2020-06-26Add tests for eventfd/timerfd/inotify operations that should return ESPIPE.Dean Deng
PiperOrigin-RevId: 318585377
2020-06-27Merge release-20200622.1-34-g66d166544 (automated)gVisor bot
2020-06-26IPv6 raw sockets. Needed for ip6tables.Kevin Krakauer
IPv6 raw sockets never include the IPv6 header. PiperOrigin-RevId: 318582989
2020-06-27Merge release-20200622.1-33-g8dbeac53c (automated)gVisor bot
2020-06-26Implement SO_NO_CHECK socket option.gVisor bot
SO_NO_CHECK is used to skip the UDP checksum generation on a TX socket (UDP checksum is optional on IPv4). Test: - TestNoChecksum - SoNoCheckOffByDefault (UdpSocketTest) - SoNoCheck (UdpSocketTest) Fixes #3055 PiperOrigin-RevId: 318575215
2020-06-26Merge release-20200622.1-32-gaed718397 (automated)gVisor bot
2020-06-26Packetimpact test for IPv6 unknown options actionZeling Feng
The Option Type identifiers are internally encoded such that their highest-order two bits specify the action that must be taken if the processing IPv6 node does not recognize the Option Type: 00 - skip over this option and continue processing the header. 01 - discard the packet. 10 - discard the packet and, regardless of whether or not the packet's Destination Address was a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet's Source Address, pointing to the unrecognized Option Type. 11 - discard the packet and, only if the packet's Destination Address was not a multicast address, send an ICMP Parameter Problem, Code 2, message to the packet's Source Address, pointing to the unrecognized Option Type. PiperOrigin-RevId: 318566613
2020-06-26Merge release-20200622.1-31-g9cfc15497 (automated)gVisor bot
2020-06-26Require CAP_SYS_ADMIN in the root user namespace for TTY theftKevin Krakauer
PiperOrigin-RevId: 318563543
2020-06-26Merge release-20200622.1-30-ge6a90baef (automated)gVisor bot
2020-06-26Support IPv6 extension headers in packetimpact tests.Zeling Feng
- IPv6 HopByHop Options Extension Header - IPv6 Destination Options Extension Header PiperOrigin-RevId: 318551425
2020-06-26Merge release-20200622.1-29-g54a31e219 (automated)gVisor bot
2020-06-26Support inotify IN_ONESHOT.Dean Deng
Also, while we're here, make sure that gofer inotify events are generated when files are created in remote revalidating mode. Updates #1479. PiperOrigin-RevId: 318536354
2020-06-26Merge release-20200622.1-28-gcfd049da8 (automated)gVisor bot
2020-06-26Merge pull request #2931 from ridwanmsharif:ridwanmsharif/fuse-char-devicegVisor bot
PiperOrigin-RevId: 318511615
2020-06-26Merge release-20200622.1-24-g47ac142dc (automated)gVisor bot
2020-06-26Enable docker IPv6 in kokoroKevin Krakauer
We need docker IPv6 for ip6tables tests. Docker has spotty IPv6 support, so just enabling IPv6 in daemon.json breaks the Ruby image test (AFAICT it breaks anything that tries to use IPv6 to reach the internet). An ip6tables NAT rule is added to handle this. We could make these changes as part of scripts/, but these would overwrite global values and possibly break users' systems. PiperOrigin-RevId: 318508209
2020-06-26Merge release-20200622.1-23-g7fb6cc286 (automated)gVisor bot
2020-06-25conntrack refactor, no behavior changesKevin Krakauer
- Split connTrackForPacket into 2 functions instead of switching on flag - Replace hash with struct keys. - Remove prefixes where possible - Remove unused connStatus, timeout - Flatten ConnTrack struct a bit - some intermediate structs had no meaning outside of the context of their parent. - Protect conn.tcb with a mutex - Remove redundant error checking (e.g. when is pkt.NetworkHeader valid) - Clarify that HandlePacket and CreateConnFor are the expected entrypoints for ConnTrack PiperOrigin-RevId: 318407168