summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2021-01-28Make tcp_noaccept_close_rst more robustZeling Feng
There used to be a race condition where we may call Close before the connection is established. Adding poll support so that we can eliminate this kind of race. Startblock: has LGTM from iyerm and then add reviewer tamird PiperOrigin-RevId: 354369130
2021-01-28Add O_PATH support in vfs2gVisor bot
PiperOrigin-RevId: 354367665
2021-01-28Correctly check permissions in ping socket testTamir Duberstein
The previous check was using SOCK_RAW, despite the fact that the test only uses SOCK_DGRAM. Simplify the test machinery while I'm here. PiperOrigin-RevId: 354359842
2021-01-28Internal change.Michael Pratt
PiperOrigin-RevId: 354327882
2021-01-28Respect SO_BINDTODEVICE in unconnected UDP writesMarina Ciocea
Previously, sending on an unconnected UDP socket would ignore the SO_BINDTODEVICE option. Send on the configured interface when an UDP socket is bound to an interface through setsockop SO_BINDTODEVICE. Add packetimpact tests exercising UDP reads and writes with every combination of bound/unbound, broadcast/multicast/unicast destination, and bound/not-bound to device. PiperOrigin-RevId: 354299670
2021-01-27Confirm neighbor reachability with TCP ACKsGhanan Gowripalan
As per RFC 4861 section 7.3.1, A neighbor is considered reachable if the node has recently received a confirmation that packets sent recently to the neighbor were received by its IP layer. Positive confirmation can be gathered in two ways: hints from upper-layer protocols that indicate a connection is making "forward progress", or receipt of a Neighbor Advertisement message that is a response to a Neighbor Solicitation message. This change adds support for TCP to let the IP/link layers know that a neighbor is reachable. Test: integration_test.TestTCPConfirmNeighborReachability PiperOrigin-RevId: 354222833
2021-01-27Rename anonymous struct "mu"Tamir Duberstein
This clarifies that there is a lock involved. PiperOrigin-RevId: 354213848
2021-01-27Add support for more fields in netstack for TCP_INFONayana Bidari
This CL adds support for the following fields: - RTT, RTTVar, RTO - send congestion window (sndCwnd) and send slow start threshold (sndSsthresh) - congestion control state(CaState) - ReorderSeen PiperOrigin-RevId: 354195361
2021-01-27Move protected fields under anonymous mutexTamir Duberstein
Fixes #5150. PiperOrigin-RevId: 354194385
2021-01-27Merge pull request #4705 from mlevesquedion:fix-cmp-diff-reporting-in-nud-testsgVisor bot
PiperOrigin-RevId: 354187603
2021-01-27Internal changeZach Koopmans
PiperOrigin-RevId: 354170726
2021-01-27Deflake tcp_zero_window_probe_retransmit_testMithun Iyer
Fix the test to rely on more deterministic retransmission interval computations by skipping the initial probe transmission time as that can be non-deterministic given arbitrary time taken for the DUT to receive a send command and initiate a send. Fixes #5080 PiperOrigin-RevId: 354146256
2021-01-26Initialize the send buffer handler in endpoint creation.Nayana Bidari
- This CL will initialize the function handler used for getting the send buffer size limits during endpoint creation and does not require the caller of SetSendBufferSize(..) to know the endpoint type(tcp/udp/..) PiperOrigin-RevId: 353992634
2021-01-26Do not use stack.Route to send NDP NSGhanan Gowripalan
When sending packets through a stack.Route, we attempt to perform link resolution. Neighbor Solicitation messages do not need link resolution to be performed so send the packets out the interface directly instead. PiperOrigin-RevId: 353967435
2021-01-26Implement error on pointersTamir Duberstein
This improves type-assertion safety. PiperOrigin-RevId: 353931228
2021-01-26Fix couple of potential route leaks.Bhasker Hariharan
connect() can be invoked multiple times on UDP/RAW sockets and in such a case we should release the cached route from the previous connect. Fixes #5359 PiperOrigin-RevId: 353919891
2021-01-26Initialize timestamps for gofer synthetic children.Dean Deng
Contrary to the comment on the socket test, the failure was due to an issue with goferfs rather than kernfs. PiperOrigin-RevId: 353918021
2021-01-26Move inotify events from syscall to vfs layer.Dean Deng
This also causes inotify events to be generated when reading files for exec. This change also requires us to adjust splice+inotify tests due to discrepancies between gVisor and Linux behavior. Note that these discrepancies existed before; we just did not exercise them previously. See comment for more details. Fixes #5348. PiperOrigin-RevId: 353907187
2021-01-26Drop nicID from transport endpoint reg/cleanup fnsGhanan Gowripalan
...as it is unused. PiperOrigin-RevId: 353896981
2021-01-26Do not send SCM Rights more than once when message is truncated.Dean Deng
If data is sent over a stream socket that will not fit all at once, it will be sent over multiple packets. SCM Rights should only be sent with the first packet (see net/unix/af_unix.c:unix_stream_sendmsg in Linux). Reported-by: syzbot+aa26482e9c4887aff259@syzkaller.appspotmail.com PiperOrigin-RevId: 353886442
2021-01-26Move SO_SNDBUF to socketops.Nayana Bidari
This CL moves {S,G}etsockopt of SO_SNDBUF from all endpoints to socketops. For unix sockets, we do not support setting of this option. PiperOrigin-RevId: 353871484
2021-01-26Do not generate extraneous IN_CLOSE inotify events.Dean Deng
IN_CLOSE should only be generated when a file description loses its last reference; not when a file descriptor is closed. See fs/file_table.c:__fput. Updates #5348. PiperOrigin-RevId: 353810697
2021-01-25Adjust included data size on icmp errorsJulian Elischer
The RFC for icmpv6 specifies that an errant packet should be included in the returned ICMP packet, and that it should include up to the amount needed to fill the minimum MTU (1280 bytes) if possible. The current code included the Link header in that calculation but the RFC is referring to the IP MTU not the link MTU. Some conformance tests check this and report an error agains the stack for this. The full header length shoudl however continue to be used when allocating header space. Make the same change for IPv4 for consistency. Add a test for icmp payload sizing. Test that the included data in an ICMP error packet conforms to the requirements of RFC 972, RFC 4443 section 2.4 and RFC 1812 Section 4.3.2.3. Fixes #5311 PiperOrigin-RevId: 353790203
2021-01-25Add per endpoint ARP statisticsArthur Sfez
The ARP stat NetworkUnreachable was removed, and was replaced by InterfaceHasNoLocalAddress. No stats are recorded when dealing with an missing endpoint (ErrNotConnected) (because if there is no endpoint, there is no valid per-endpoint stats). PiperOrigin-RevId: 353759462
2021-01-25fdbased: Dedup code related to iovec readingTing-Yu Wang
PiperOrigin-RevId: 353755271
2021-01-25Adjust benchtime for failing redis benchmarks.Zach Koopmans
PiperOrigin-RevId: 353702265
2021-01-25Remove synchronous decommit for MADV_DONTNEED on private anonymous vmas.Jamie Liu
PiperOrigin-RevId: 353697719
2021-01-25Remove side effect from shm testsFabricio Voznika
Individual test cases must not rely on being executed in a clean environment. PiperOrigin-RevId: 353684155
2021-01-25Fix Inotify.Exec testFabricio Voznika
The test was execve itself into `/bin/true`, so the test was not actually executing. PiperOrigin-RevId: 353676855
2021-01-25Unlock tcp endpoint on zero-length atomic writesTamir Duberstein
Rewrite tcp.endpoint.Write to avoid manual locking and unlocking. This should prevent similar mistakes in the future. PiperOrigin-RevId: 353675734
2021-01-22Detect failures in forked functionFabricio Voznika
EXPECT*/ASSERT* functions are not async-signal-safe and should not be called from the function passed to InForkedProcess. However, these happen accidentally sometimes but do no cause InForkedProcess to fail. Detect and notify in such cases. PiperOrigin-RevId: 353354540
2021-01-22Update containerd minimal versionFabricio Voznika
PiperOrigin-RevId: 353340554
2021-01-22Refactor GetMainNICAddressArthur Sfez
It previously returned an error but it could only be UnknownNICID. It now returns a boolean to indicate whether the nic exists or not. PiperOrigin-RevId: 353337489
2021-01-22Do not modify IGMP packets when verifying checksumGhanan Gowripalan
PiperOrigin-RevId: 353336894
2021-01-22Pass RouteInfo to the route resolve callbackGhanan Gowripalan
The route resolution callback will be called with a stack.ResolvedFieldsResult which will hold the route info so callers can avoid attempting resolution again to check if a previous resolution attempt succeeded or not. Test: integration_test.TestRouteResolvedFields PiperOrigin-RevId: 353319019
2021-01-22Implement F_GETLK fcntl.Dean Deng
Fixes #5113. PiperOrigin-RevId: 353313374
2021-01-22Define tcpip.Payloader in terms of io.ReaderTamir Duberstein
Fixes #1509. PiperOrigin-RevId: 353295589
2021-01-22Add tests for RACKNayana Bidari
- Added packetimpact tests for RACK. PiperOrigin-RevId: 353282342
2021-01-22Avoid atomic operations in kcov processing.Dean Deng
Atomic operations here significantly slow down gVisor builds with kcov/coverage enabled. Also mark these functions go:norace to avoid complaints from the race detector. PiperOrigin-RevId: 353281865
2021-01-22Add initial mitigate code and cpu parsing.Zach Koopmans
PiperOrigin-RevId: 353274135
2021-01-22Remove dependency to abi/linuxFabricio Voznika
abi package is to be used by the Sentry to implement the Linux ABI. Code dealing with the host should use x/sys/unix. PiperOrigin-RevId: 353272679
2021-01-22Fix TestDuplicateEnvVariable flakynessFabricio Voznika
Updates #5226 PiperOrigin-RevId: 353262133
2021-01-22[infra] Fix Build Github action failure.Ayush Ranjan
The GH Build action has been failing with the error message: ``` --- BUILD -c opt //runsc tee: /proc/self/fd/2: No such device or address ``` tee /dev/fd/2 seems to be the canonical way of copying stdin to stderr. So use that instead. PiperOrigin-RevId: 353259087
2021-01-21Resolve static link addresses in GetLinkAddressGhanan Gowripalan
If a network address has a static mapping to a link address, calculate it in GetLinkAddress. Test: stack_test.TestStaticGetLinkAddress PiperOrigin-RevId: 353179616
2021-01-21iptables: support matching the input interface nameToshi Kikuchi
We have support for the output interface name, but not for the input interface name. This change adds the support for the input interface name, and adds the test cases for it. Fixes #5300 PiperOrigin-RevId: 353179389
2021-01-21Syscall docs updateIan Lewis
- Moves the id to the <tr> tag so that the page aligns properly when using an anchor. - Makes the syscall number a link to the anchor. - Fixes some broken links to syscalls without man pages. PiperOrigin-RevId: 353159903
2021-01-21Only use callback for GetLinkAddressGhanan Gowripalan
GetLinkAddress's callback will be called immediately with a stack.LinkResolutionResult which will hold the link address so no need to also return the link address from the function. Fixes #5151. PiperOrigin-RevId: 353157857
2021-01-21Do not cache remote link address in RouteGhanan Gowripalan
...unless explicitly requested via ResolveWith. Remove cancelled channels from pending packets as we can use the link resolution channel in a FIFO to limit the number of maximum pending resolutions we should queue packets for. This change also defers starting the goroutine that handles link resolution completion to when link resolution succeeds, fails or gets cancelled due to the max number of pending resolutions being reached. Fixes #751. PiperOrigin-RevId: 353130577
2021-01-21Add image presubmit tests and mark fsstress x86_64 only.Adin Scannell
PiperOrigin-RevId: 353118942
2021-01-21Fix ownership change logicFabricio Voznika
Previously fsgofer was skipping chown call if the uid and gid were the same as the current user/group. However, when setgid is set, the group may not be the same as the caller. Instead, compare the actual uid/gid of the file after it has been created and change ownership only if needed. Updates #180 PiperOrigin-RevId: 353118733