Age | Commit message (Collapse) | Author |
|
a) When GSO is in use we should not cap the segment to maxPayloadSize in
sender.maybeSendSegment as the GSO logic will cap the segment to the correct
size. Without this the host GSO is not used as we end up breaking up large
segments into small MSS sized segments before writing the packets to the
host.
b) The check to not split a segment due to it not fitting in the receiver window
when there are pending segments is incorrect as segments in writeList can be
really large as we just take the write call's buffer size and create a single
large segment. So a write of say 128KB will just be 1 segment in the
writeList.
The linux code checks if 1 MSS sized segments fits in the receiver's window
and if not then does not split the current segment. gVisor's check was
incorrect that it was checking if the whole segment which could be >>> 1 MSS
would fit in the receiver's window. This was causing us to prematurely stop
sending and falling back to retransmit timer/probe from the other end to send
data.
This was seen when running HTTPD benchmarks where @ HEAD when sending large
files the benchmark was taking forever to run.
The tcp_splitseg_mss_test.go is being deleted as the test as written doesn't
test what is intended correctly. This is because GSO is enabled by default and
the reason the MSS+1 sized segment is sent is because GSO is in use. A proper
test will require disabling GSO on linux and netstack which is going to take a
bit of work in packetimpact to do it correctly.
Separately a new test probably should be written that verifies that a segment >
availableWindow is not split if the availableWindow is < 1 MSS.
Fixes #3107
PiperOrigin-RevId: 319172089
|
|
We were truncating buf using a index relative to the middle of the slice (i.e.
where envv begins), but we need to calculate the index relative to the entire
slice.
Updates #2923.
PiperOrigin-RevId: 319154950
|
|
Updates #2923.
PiperOrigin-RevId: 319153792
|
|
PiperOrigin-RevId: 319143410
|
|
-Waddress-of-packed-member warns on inet_aton() being used with a packed struct
member. This was added in cl/291990716.
PiperOrigin-RevId: 319111253
|
|
...by calling (*tcp.endpoint).EndpointState only once when possible.
Avoid wrapping (*sleep.Waker).Assert in a useless func while I'm here.
PiperOrigin-RevId: 319074149
|
|
This includes the provisional style guide in the website and fixes the broken
link from CONTRIBUTING.md. The style guide will be located under the "Community"
category as it's related to contributing to the project.
Also, add missing includes that were causing some presubmits to fail.
PiperOrigin-RevId: 319061410
|
|
Bring udp_socket_test into complianc by:
- Eliminating IsRunningOnGvisor() invocations.
- Wrapping sockets in RAII FileDescriptor objects.
- Creating a Bind() method so that the first bind happens on port 0.
PiperOrigin-RevId: 318909396
|
|
Also make some fixes to vfs1's F_SETOWN. The fcntl test now entirely passes
on vfs2.
Fixes #2920.
PiperOrigin-RevId: 318669529
|
|
Updates #2923.
PiperOrigin-RevId: 318648128
|
|
Updates #1479.
PiperOrigin-RevId: 318631247
|
|
PiperOrigin-RevId: 318591900
|
|
PiperOrigin-RevId: 318585377
|
|
IPv6 raw sockets never include the IPv6 header.
PiperOrigin-RevId: 318582989
|
|
SO_NO_CHECK is used to skip the UDP checksum generation on a TX socket
(UDP checksum is optional on IPv4).
Test:
- TestNoChecksum
- SoNoCheckOffByDefault (UdpSocketTest)
- SoNoCheck (UdpSocketTest)
Fixes #3055
PiperOrigin-RevId: 318575215
|
|
The Option Type identifiers are internally encoded such that their
highest-order two bits specify the action that must be taken if the
processing IPv6 node does not recognize the Option Type:
00 - skip over this option and continue processing the header.
01 - discard the packet.
10 - discard the packet and, regardless of whether or not the
packet's Destination Address was a multicast address, send an
ICMP Parameter Problem, Code 2, message to the packet's
Source Address, pointing to the unrecognized Option Type.
11 - discard the packet and, only if the packet's Destination
Address was not a multicast address, send an ICMP Parameter
Problem, Code 2, message to the packet's Source Address,
pointing to the unrecognized Option Type.
PiperOrigin-RevId: 318566613
|
|
PiperOrigin-RevId: 318563543
|
|
- IPv6 HopByHop Options Extension Header
- IPv6 Destination Options Extension Header
PiperOrigin-RevId: 318551425
|
|
Also, while we're here, make sure that gofer inotify events are generated when
files are created in remote revalidating mode.
Updates #1479.
PiperOrigin-RevId: 318536354
|
|
PiperOrigin-RevId: 318511615
|
|
We need docker IPv6 for ip6tables tests. Docker has spotty IPv6 support, so just
enabling IPv6 in daemon.json breaks the Ruby image test (AFAICT it breaks
anything that tries to use IPv6 to reach the internet). An ip6tables NAT rule is
added to handle this.
We could make these changes as part of scripts/, but these would overwrite
global values and possibly break users' systems.
PiperOrigin-RevId: 318508209
|
|
- Split connTrackForPacket into 2 functions instead of switching on flag
- Replace hash with struct keys.
- Remove prefixes where possible
- Remove unused connStatus, timeout
- Flatten ConnTrack struct a bit - some intermediate structs had no meaning
outside of the context of their parent.
- Protect conn.tcb with a mutex
- Remove redundant error checking (e.g. when is pkt.NetworkHeader valid)
- Clarify that HandlePacket and CreateConnFor are the expected entrypoints for
ConnTrack
PiperOrigin-RevId: 318407168
|
|
PiperOrigin-RevId: 318346153
|
|
|
|
|
|
This change adds a FUSE character device backed by devtmpfs. This
device will be used to establish a connection between the FUSE
server daemon and fusefs. The FileDescriptionImpl methods will
be implemented as we flesh out fusefs some more. The tests assert
that the device can be opened and used.
|
|
PiperOrigin-RevId: 318284693
|
|
- Support writing on proc/[pid]/{uid,gid}map
- Return EIO for writing to static files.
Updates #2923.
PiperOrigin-RevId: 318188503
|
|
PiperOrigin-RevId: 318180382
|
|
Updates #2912 #1035
PiperOrigin-RevId: 318162565
|
|
This field is redundant since state can be stored in the callback.
PiperOrigin-RevId: 318134855
|
|
Linux controls socket send/receive buffers using a few sysctl variables
- net.core.rmem_default
- net.core.rmem_max
- net.core.wmem_max
- net.core.wmem_default
- net.ipv4.tcp_rmem
- net.ipv4.tcp_wmem
The first 4 control the default socket buffer sizes for all sockets
raw/packet/tcp/udp and also the maximum permitted socket buffer that can be
specified in setsockopt(SOL_SOCKET, SO_(RCV|SND)BUF,...).
The last two control the TCP auto-tuning limits and override the default
specified in rmem_default/wmem_default as well as the max limits.
Netstack today only implements tcp_rmem/tcp_wmem and incorrectly uses it
to limit the maximum size in setsockopt() as well as uses it for raw/udp
sockets.
This changelist introduces the other 4 and updates the udp/raw sockets to use
the newly introduced variables. The values for min/max match the current
tcp_rmem/wmem values and the default value buffers for UDP/RAW sockets is
updated to match the linux value of 212KiB up from the really low current value
of 32 KiB.
Updates #3043
Fixes #3043
PiperOrigin-RevId: 318089805
|
|
Previously, it was not possible to encode/decode an object graph which
contained a pointer to a field within another type. This was because the
encoder was previously unable to disambiguate a pointer to an object and a
pointer within the object.
This CL remedies this by constructing an address map tracking the full memory
range object occupy. The encoded Refvalue message has been extended to allow
references to children objects within another object. Because the encoding
process may learn about object structure over time, we cannot encode any
objects under the entire graph has been generated.
This CL also updates the state package to use standard interfaces intead of
reflection-based dispatch in order to improve performance overall. This
includes a custom wire protocol to significantly reduce the number of
allocations and take advantage of structure packing.
As part of these changes, there are a small number of minor changes in other
places of the code base:
* The lists used during encoding are changed to use intrusive lists with the
objectEncodeState directly, which required that the ilist Len() method is
updated to work properly with the ElementMapper mechanism.
* A bug is fixed in the list code wherein Remove() called on an element that is
already removed can corrupt the list (removing the element if there's only a
single element). Now the behavior is correct.
* Standard error wrapping is introduced.
* Compressio was updated to implement the new wire.Reader and wire.Writer
inteface methods directly. The lack of a ReadByte and WriteByte caused issues
not due to interface dispatch, but because underlying slices for a Read or
Write call through an interface would always escape to the heap!
* Statify has been updated to support the new APIs.
See README.md for a description of how the new mechanism works.
PiperOrigin-RevId: 318010298
|
|
Also refactor HandleDeletion().
Updates #1479.
PiperOrigin-RevId: 317989000
|
|
This CL does a handful of things:
- Support O_DSYNC, O_SYNC
- Support O_APPEND and document an unavoidable race condition
- Ignore O_DIRECT; we probably don't want to allow applications to set O_DIRECT
on the host fd itself.
- Leave a TODO for supporting O_NONBLOCK, which is a simple fix once RWF_NOWAIT
is supported.
- Get rid of caching TODO; force_page_cache is not configurable for host fs in
vfs1 or vfs2 after whitelist fs was removed.
- For the remaining TODOs, link to more specific bugs.
Fixes #1672.
PiperOrigin-RevId: 317985269
|
|
For TCP sockets, SO_REUSEADDR relaxes the rules for binding addresses.
gVisor/netstack already supported a behavior similar to SO_REUSEADDR, but did
not allow disabling it. This change brings the SO_REUSEADDR behavior closer to
the behavior implemented by Linux and adds a new SO_REUSEADDR disabled
behavior. Like Linux, SO_REUSEADDR is now disabled by default.
PiperOrigin-RevId: 317984380
|
|
Support is limited to the functionality that exists in VFS1.
Updates #2923 #1035
PiperOrigin-RevId: 317981417
|
|
Events were only skipped on parent directories after their children were
unlinked; events on the unlinked file itself need to be skipped as well.
As a result, all Watches.Notify() calls need to know whether the dentry where
the call came from was unlinked.
Updates #1479.
PiperOrigin-RevId: 317979476
|
|
PiperOrigin-RevId: 317973144
|
|
Because there is no inode structure stored in the sandbox, inotify watches
must be held on the dentry. This would be an issue in the presence of hard
links, where multiple dentries would need to share the same set of watches,
but in VFS2, we do not support the internal creation of hard links on gofer
fs. As a result, we make the assumption that every dentry corresponds to a
unique inode.
Furthermore, dentries can be cached and then evicted, even if the underlying
file has not be deleted. We must prevent this from occurring if there are any
watches that would be lost. Note that if the dentry was deleted or invalidated
(d.vfsd.IsDead()), we should still destroy it along with its watches.
Additionally, when a dentry’s last watch is removed, we cache it if it also
has zero references. This way, the dentry can eventually be evicted from
memory if it is no longer needed. This is accomplished with a new dentry
method, OnZeroWatches(), which is called by Inotify.RmWatch and
Inotify.Release. Note that it must be called after all inotify locks are
released to avoid violating lock order. Stress tests are added to make sure
that inotify operations don't deadlock with gofer.OnZeroWatches.
Updates #1479.
PiperOrigin-RevId: 317958034
|
|
Per manual page:
"All applications must properly handle a return of DT_UNKNOWN."
PiperOrigin-RevId: 317957013
|
|
It preserves the same functionality (almost none) as in VFS1.
Updates #2923 #1035
PiperOrigin-RevId: 317943522
|
|
PiperOrigin-RevId: 317941748
|
|
PiperOrigin-RevId: 317933650
|
|
PiperOrigin-RevId: 317796028
|
|
Copybara force-pushes to the PR immediately before merging which triggers a PR
build. Since the PR is merged, the refspec +refs/pull/{pr_num}/merge is not
available and the build fails causing all master commit CI builds to show a
failure.
This change remove the clone step from travis and clone manually in a way
which always would succeed. We fetch +refs/pull/{pr_num}/head and cherry pick
that onto the target branch.
I have tested this in https://github.com/ayushr2/gvisor/pull/1 and
https://github.com/ayushr2/gvisor/pull/2.
PiperOrigin-RevId: 317759891
|
|
Updates #2923.
PiperOrigin-RevId: 317700049
|
|
... and unify logic for detached netsted endpoints.
sniffer.go caused crashes if a packet delivery is attempted when the dispatcher
is nil.
Extracted the endpoint nesting logic into a common composable type so it can be
used by the Fuchsia Netstack (the pattern is widespread there).
PiperOrigin-RevId: 317682842
|
|
Despite what the man page says, linux will return EINVAL when calling
getdents() an a /proc/[tid]/net file corresponding to a zombie task. This
causes readdir() to return a null pointer AND errno=EINVAL.
See fs/proc/proc_net.c:proc_tgid_net_readdir() for where this occurs.
We have tests that recursively read /proc, and are likely to hit this when
running natively, so we must catch and handle this case.
PiperOrigin-RevId: 317674168
|
|
Correct behavior when given zero size arguments and trying to set user.* xattrs
on files other than regular files or directories.
Updates #2923.
PiperOrigin-RevId: 317590409
|