Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
We can register any number of tables with any number of architectures, and
need not limit the definitions to the architecture in question. This allows
runsc to generate documentation for all architectures simultaneously.
Similarly, this simplifies the VFSv2 patching process.
PiperOrigin-RevId: 310224827
|
|
We need to check vv.Size() instead of len(tcp), as tcp will always be 20 bytes
long.
PiperOrigin-RevId: 310218351
|
|
PiperOrigin-RevId: 310213705
|
|
PiperOrigin-RevId: 310179277
|
|
PiperOrigin-RevId: 310057834
|
|
connect() returns EINTR after S/R and usually we
use RetryEINTR to workaround this.
PiperOrigin-RevId: 310038525
|
|
As per RFC 1122 4.2.2.17, when the remote advertizes zero receive window,
the sender needs to probe for the window-size to become non-zero starting
from the next retransmission interval. The TCP connection needs to be kept
open as long as the remote is acknowledging the zero window probes.
We reuse the retransmission timers to support this.
Fixes #1644
PiperOrigin-RevId: 310021575
|
|
PiperOrigin-RevId: 310001058
|
|
Three updates:
- Mark all vfs2 socket syscalls as supported.
- Use the same dev number and ino number generator for all types of sockets,
unlike in VFS1.
- Do not use host fd for hostinet metadata.
Fixes #1476, #1478, #1484, 1485, #2017.
PiperOrigin-RevId: 309994579
|
|
PiperOrigin-RevId: 309966538
|
|
Implement PrependPath() in host.filesystem to correctly format
name for host files.
Updates #1672
PiperOrigin-RevId: 309959135
|
|
p9.NoUID/GID (== uint32(-1) == auth.NoID) is not a valid auth.KUID/KGID; in
particular, using it for file ownership causes capabilities to be ineffective
since file capabilities require that the file's KUID and KGID are mapped into
the capability holder's user namespace [1], and auth.NoID is not mapped into
any user namespace. Map p9.NoUID/GID to a different, valid KUID/KGID; in the
unlikely case that an application actually using the overflow KUID/KGID
attempts an operation that is consequently permitted by client permission
checks, the remote operation will still fail with EPERM.
Since this changes the VFS2 gofer client to no longer ignore the invalid IDs
entirely, this CL both permits and requires that we change synthetic mount point
creation to use root credentials.
[1] See fs.Inode.CheckCapability or vfs.GenericCheckPermissions.
PiperOrigin-RevId: 309856455
|
|
And move sys_timerfd.go to just timerfd.go for consistency.
Updates #1475.
PiperOrigin-RevId: 309835029
|
|
PiperOrigin-RevId: 309832671
|
|
This allows for kerfs.Filesystem to be overridden by
different implementations.
Updates #1672
PiperOrigin-RevId: 309809321
|
|
There is the known issue of the linux procfs, that two consequent calls of
readdir can return the same entry twice if between these calls one or more
entries have been removed from this directory.
PiperOrigin-RevId: 309803066
|
|
PiperOrigin-RevId: 309801320
|
|
Also added back the default test dimension back which was
dropped in a previous refactor.
PiperOrigin-RevId: 309797327
|
|
PiperOrigin-RevId: 309787938
|
|
PiperOrigin-RevId: 309783486
|
|
Updates #1623, #1487
PiperOrigin-RevId: 309777922
|
|
This change ensures that even platforms with some TSC issues (e.g. KVM),
can get reliable monotonic time by applied a lower bound on each read.
PiperOrigin-RevId: 309773801
|
|
PiperOrigin-RevId: 309506957
|
|
Otherwise the labeller will generate an error each time.
PiperOrigin-RevId: 309505731
|
|
Connection tracking is used to track packets in prerouting and
output hooks of iptables. The NAT rules modify the tuples in
connections. The connection tracking code modifies the packets by
looking at the modified tuples.
|
|
If the NIC already has a generated SLAAC address, regenerate a new SLAAC
address until one is generated that does not conflict with the NIC's
existing addresses, up to a maximum of 10 attempts.
This applies to both stable and temporary SLAAC addresses.
Test: stack_test.TestMixedSLAACAddrConflictRegen
PiperOrigin-RevId: 309495628
|
|
PiperOrigin-RevId: 309491861
|
|
PiperOrigin-RevId: 309467878
|
|
All three follow the same pattern:
1. Refactor VFS1 sockets into socketOpsCommon, so that most of the methods can
be shared with VFS2.
2. Create a FileDescriptionImpl with the corresponding socket operations,
rewriting the few that cannot be shared with VFS1.
3. Set up a VFS2 socket provider that creates a socket by setting up a dentry
in the global Kernel.socketMount and connecting it with a new
FileDescription.
This mostly completes the work for porting sockets to VFS2, and many syscall
tests can be enabled as a result.
There are several networking-related syscall tests that are still not passing:
1. net gofer tests
2. socketpair gofer tests
2. sendfile tests (splice is not implemented in VFS2 yet)
Updates #1478, #1484, #1485
PiperOrigin-RevId: 309457331
|
|
Updates #231
PiperOrigin-RevId: 309339316
|
|
Updates #231
PiperOrigin-RevId: 309323808
|
|
PiperOrigin-RevId: 309317605
|
|
This fixes bash in Ubuntu.
Updates #1672.
PiperOrigin-RevId: 309298252
|
|
PiperOrigin-RevId: 309265978
|
|
Implement rule 7 of Source Address Selection RFC 6724 section 5. This
makes temporary (short-lived) addresses preferred over non-temporary
addresses when earlier rules are equal.
Test: stack_test.TestIPv6SourceAddressSelectionScopeAndSameAddress
PiperOrigin-RevId: 309250975
|
|
The /proc/net/udp header was missing, and /proc/sys/net was set up as
/proc/sys/net/net. Discovered while trying to run networking tests for VFS2.
PiperOrigin-RevId: 309243758
|
|
Previously the test used an out-dated window size which is advertised
during the handshake to generate testing packets, but the window size
has changed since the handshake; currently it is using the most recent
one which is advertised in DUT's ACK to our FIN packet to generate the
testing outside-the-window packets.
PiperOrigin-RevId: 309222921
|
|
PiperOrigin-RevId: 309176385
|
|
Updates #1476
PiperOrigin-RevId: 309098590
|
|
The netfilter package uses logs to make debugging the (de)serialization of
structs easier. This generates a lot of (usually irrelevant) logs. Logging is
now hidden behind a debug flag.
PiperOrigin-RevId: 309087115
|
|
PiperOrigin-RevId: 309082540
|
|
Enforce write permission checks in BoundEndpointAt, which corresponds to the
permission checks in Linux (net/unix/af_unix.c:unix_find_other).
Also, create bound socket files with the correct permissions in VFS2.
Fixes #2324.
PiperOrigin-RevId: 308949084
|
|
PiperOrigin-RevId: 308940886
|
|
PiperOrigin-RevId: 308932254
|
|
Support generating temporary (short-lived) IPv6 SLAAC addresses to
address privacy concerns outlined in RFC 4941.
Tests:
- stack_test.TestAutoGenTempAddr
- stack_test.TestNoAutoGenTempAddrForLinkLocal
- stack_test.TestAutoGenTempAddrRegen
- stack_test.TestAutoGenTempAddrRegenTimerUpdates
- stack_test.TestNoAutoGenTempAddrWithoutStableAddr
- stack_test.TestAutoGenAddrInResponseToDADConflicts
PiperOrigin-RevId: 308915566
|
|
PiperOrigin-RevId: 308901116
|
|
TempPath's destructor runs at the end of the named pipe creation functions,
deleting the named pipe. If the named pipe is backed by a "non-virtual"
filesystem (!fs.Inode.IsVirtual()), this causes the following save attempt to
fail because there are FDs holding the deleted named pipe open.
PiperOrigin-RevId: 308861999
|