| Age | Commit message (Collapse) | Author |
|---|
|
As per relevant IP RFCS (see code comments), broadcast (for IPv4) and
multicast addresses are not allowed. Currently checks for these are
done at the transport layer, but since it is explicitly forbidden at
the IP layers, check for them there.
This change also removes the UDP.InvalidSourceAddress stat since there
is no longer a need for it.
Test: ip_test.TestSourceAddressValidation
PiperOrigin-RevId: 334490971
|
|
PiperOrigin-RevId: 334478850
|
|
Like matchers, targets should use a module-like register/lookup system. This
replaces the brittle switch statements we had before.
The only behavior change is supporing IPT_GET_REVISION_TARGET. This makes it
much easier to add IPv6 redirect in the next change.
Updates #3549.
PiperOrigin-RevId: 334469418
|
|
Linux doesn't generate a link-local address for the loopback interface.
Test: integration_test.TestInitialLoopbackAddresses
PiperOrigin-RevId: 334453182
|
|
When nogo checks are violated, they will automatically posted
as annotations on the specific GitHub commit. This allows us
to ensure analysis & style rules and have them called out.
PiperOrigin-RevId: 334447285
|
|
PiperOrigin-RevId: 334437990
|
|
PiperOrigin-RevId: 334428344
|
|
Currently expired IP fragments are discarded only if another fragment for the
same IP datagram is received after timeout or the total size of the fragment
queue exceeded a predefined value.
Test: fragmentation.TestReassemblingTimeout
Fixes #3960
PiperOrigin-RevId: 334423710
|
|
PiperOrigin-RevId: 334419854
|
|
* Remove Capabilities and NICID methods from NetworkEndpoint.
* Remove linkEP and stack parameters from NetworkProtocol.NewEndpoint.
The LinkEndpoint can be fetched from the NetworkInterface. The stack
is passed to the NetworkProtocol when it is created so the
NetworkEndpoint can get it from its protocol.
* Remove stack parameter from TransportProtocol.NewEndpoint.
Like the NetworkProtocol/Endpoint, the stack is passed to the
TransportProtocol when it is created.
PiperOrigin-RevId: 334332721
|
|
* Add network address to network endpoints.
Hold network-specific state in the NetworkEndpoint instead of the stack.
This results in the stack no longer needing to "know" about the network
endpoints and special case certain work for various endpoints
(e.g. IPv6 DAD).
* Provide NetworkEndpoints with an NetworkInterface interface.
Instead of just passing the NIC ID of a NIC, pass an interface so the
network endpoint may query other information about the NIC such as
whether or not it is a loopback device.
* Move NDP code and state to the IPv6 package.
NDP is IPv6 specific so there is no need for it to live in the stack.
* Control forwarding through NetworkProtocols instead of Stack
Forwarding should be controlled on a per-network protocol basis so
forwarding configurations are now controlled through network protocols.
* Remove stack.referencedNetworkEndpoint.
Now that addresses are exposed via AddressEndpoint and only one
NetworkEndpoint is created per interface, there is no need for a
referenced NetworkEndpoint.
* Assume network teardown methods are infallible.
Fixes #3871, #3916
PiperOrigin-RevId: 334319433
|
|
In TestReceiveBufferAutoTuning we now send a keep-alive packet to measure the
current window rather than a 1 byte segment as the returned window value in the
latter case is reduced due to the 1 byte segment now being held in the receive
buffer and can cause the test to flake if the segment overheads were to change.
In getSendParams in rcv.go we were advertising a non-zero window even if
available window space was zero after we received the previous segment. In such
a case newWnd and curWnd will be the same and we end up advertising a tiny but
non-zero window and this can cause the next segment to be dropped.
PiperOrigin-RevId: 334314070
|
|
PiperOrigin-RevId: 334263322
|
|
When the socket is set with SO_LINGER and close()'d in the initial state, it
should not linger and return immediately.
PiperOrigin-RevId: 334263149
|
|
Network or transport protocols may want to reach the stack. Support this
by letting the stack create the protocol instances so it can pass a
reference to itself at protocol creation time.
Note, protocols do not yet use the stack in this CL but later CLs will
make use of the stack from protocols.
PiperOrigin-RevId: 334260210
|
|
Fixes #1479, #317.
PiperOrigin-RevId: 334258052
|
|
Do not release dirMu between checking whether to create a child and actually
inserting it.
Also fixes a bug in fusefs which was causing it to deadlock under the new
lock ordering. We do not need to call kernfs.Dentry.InsertChild from newEntry
because it will always be called at the kernfs filesystem layer.
Updates #1193.
PiperOrigin-RevId: 334049264
|
|
Previously, we did not check the kcov mode when performing task work. As a
result, disabling kcov did not do anything.
Also avoid expensive atomic RMW when consuming coverage data. We don't need the
swap if the value is already zero (which is most of the time), and it is ok if
there are slight inconsistencies due to a race between coverage data generation
(incrementing the value) and consumption (reading a nonzero value and writing
zero).
PiperOrigin-RevId: 334049207
|
|
Generic ICMP errors were required because the transport dispatcher was
given the responsibility of sending ICMP errors in response to transport
packet delivery failures. Instead, the transport dispatcher should let
network layer know it failed to deliver a packet (and why) and let the
network layer make the decision as to what error to send (if any).
Fixes #4068
PiperOrigin-RevId: 333962333
|
|
PiperOrigin-RevId: 333853498
|
|
Regarding ThreadCpuTimeArray.java: The test starts 10 threads, each of which
does some computation, then blocks. When all threads are blocked, the test
sleeps for 200ms, then checks that less than 100ns of CPU time in userspace
elapse over the course of the sleep; AFAICT, the 100ns of slop is because a
thread indicates that it's in the WAITING state before it actually blocks, and
because signals can cause threads to be temporarily woken. gVisor's CPU clocks
have a granularity of 10ms (the interval of Kernel.cpuClockTicker is
//pkg/abi/linux.ClockTick), so a single tick pushes the test over the
threshold.
PiperOrigin-RevId: 333830287
|
|
PiperOrigin-RevId: 333805533
|
|
As open syscall is not support on ARM64, change syscall
from 'open' to 'openat' in no_match_name_allow
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
|
|
based on arch, apply different syscall number for
sched_rr_get_interval
Signed-off-by: Howard Zhang <howard.zhang@arm.com>
|
|
PiperOrigin-RevId: 333611788
|
|
PiperOrigin-RevId: 333591566
|
|
The FD should hold a reference on the dentry they were opened on which in turn
holds a reference on the inode it points to.
PiperOrigin-RevId: 333589223
|
|
PiperOrigin-RevId: 333588387
|
|
The previous value was for unix
PiperOrigin-RevId: 333571962
|
|
Update signatures for:
- All methods in inodeDirectory
- deferDecRef() and Filesystem.droppedDentries
- newSyntheticDirectory()
- `slot`s used in OrderedChildren and subsequent methods like
replaceChildLocked() and checkExistingLocked()
- stepExistingLocked(), walkParentDirLocked(), checkCreateLocked()
Updates #1193
PiperOrigin-RevId: 333558866
|
|
Changes in Nginx Benchmarks in network_tests also affect Startup/Size
Nginx Benchmarks. Make sure the commands line up.
PiperOrigin-RevId: 333543697
|
|
Updates #1663
PiperOrigin-RevId: 333539293
|
|
segment_queue today has its own standalone limit of MaxUnprocessedSegments but
this can be a problem in UnlockUser() we do not release the lock till there are
segments to be processed. What can happen is as handleSegments dequeues packets
more keep getting queued and we will never release the lock. This can keep
happening even if the receive buffer is full because nothing can read() till we
release the lock.
Further having a separate limit for pending segments makes it harder to track
memory usage etc. Unifying the limits makes it easier to reason about memory in
use and makes the overall buffer behaviour more consistent.
PiperOrigin-RevId: 333508122
|
|
PiperOrigin-RevId: 333461380
|
|
PiperOrigin-RevId: 333454489
|
|
It is called from the kernfs code (OpenAt and revalidateChildLocked()).
For RemoveChildLocked, it is opposed. We need to call it from fuse.RmDir and
fuse.Unlink.
PiperOrigin-RevId: 333453218
|
|
VFS2 socket record is not removed from the system-wide
socket table when the socket is released, which will lead
to a memory leak. This patch fixes this issue.
Fixes: #3874
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
|
|
SocketEntry can be confusing with the template types as the 'Entry'
is usually used as a suffix for list element types, e.g. socketEntry
in the same package. Suggested by Dean (@dean-deng).
Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
|
|
Mostly simplifies SKIP_IF statements and adds some more documentation.
Also, mknod is now supported by gofer fs, so remove SKIP_IFs related to this.
PiperOrigin-RevId: 333449932
|
|
PiperOrigin-RevId: 333447255
|
|
|
|
There were some instances where we were not enabling leak checking.
PiperOrigin-RevId: 333418571
|
|
PiperOrigin-RevId: 333412836
|
|
PiperOrigin-RevId: 333408633
|
|
PiperOrigin-RevId: 333405169
|
|
PiperOrigin-RevId: 333404727
|
|
PiperOrigin-RevId: 333400865
|
|
PiperOrigin-RevId: 333287864
|
|
Store transport protocol number on packet buffers for use in ICMP error
generation.
Updates #2211.
PiperOrigin-RevId: 333252762
|
|
Use HandleIOErrorVFS2 instead of custom error handling.
PiperOrigin-RevId: 333227581
|
