Age | Commit message (Collapse) | Author |
|
|
|
PiperOrigin-RevId: 396754242
|
|
|
|
A raw IP endpoint's write and socket option get/set path can use the
datagram-based endpoint.
This change extracts tests from UDP that may also run on Raw IP sockets.
Updates #6565.
Test: Raw IP + datagram-based socket syscall tests.
PiperOrigin-RevId: 396729727
|
|
|
|
Code to get the loopback interface's index is scattered throughout the
syscall tests. Implement the code once and use that in tests (where
applicable).
While I am here, trim the dependencies/includes for network namespace
tests.
PiperOrigin-RevId: 396718124
|
|
Previously, we weren't making a copy when a sysv message queue was
receiving a message with the MSG_COPY flag. This flag indicates the
message being received should be left in the queue and a copy of the
message should be returned to userspace. Without the copy, a racing
process can modify the original message while it's being marshalled to
user memory.
Reported-by: syzbot+cb15e644698b20ff4e17@syzkaller.appspotmail.com
PiperOrigin-RevId: 396712856
|
|
|
|
Previously, any time a datagram-based network endpoint (e.g. UDP) was
bound, the bound NIC is always set based on the bound address (if
specified). However, we should only consider the endpoint bound to
an NIC if a NIC was explicitly bound to.
If an endpoint has been bound to an address and attempts to send packets
to an unconnected remote, the endpoint will default to sending packets
through the bound address' NIC if not explicitly bound to a NIC.
Updates #6565.
PiperOrigin-RevId: 396712415
|
|
|
|
|
|
Fixed a bug introduced in the following commit:
https://github.com/google/gvisor/commit/979d6e7d77b17e94defc29515180cc75d3560383
The commit introduced a bug which causes the recvmmsg dispatcher to never exit
as BlockingPoll is now called with two fds and poll will not return an error
anymore if one of the FD is closed. We need to explicitly check the events for
each FD to determine if the sentry FD is closed.
ReadV dispatcher does not have the same issue as Readv does not rely on sk_err
field of the underlying socket to determine if the socket is in an error
state. Recvmmsg OTOH seems to get confused and always returns EAGAIN if poll()
is called which queries the sk_err field and clears it.
PiperOrigin-RevId: 396676135
|
|
|
|
SOL_UDP is used when get/set-ing socket options to specify the socket
level. When creating normal UDP sockets, the protocol need not be
specified. When creating RAW IP sockets for UDP, use IPPROTO_UDP.
PiperOrigin-RevId: 396675986
|
|
PiperOrigin-RevId: 396670516
|
|
|
|
...if bound to an address.
We previously checked the source of a packet instead of the destination
of a packet when bound to an address.
PiperOrigin-RevId: 396497647
|
|
|
|
PiperOrigin-RevId: 396476303
|
|
|
|
Otherwise it can fail:
$ bazel cquery pkg/p9/... --output=starlark --starlark:file=tools/show_paths.bzl
...
ERROR: Starlark evaluation error for //pkg/p9/p9test:mockgen:
Traceback (most recent call last):
File "tools/show_paths.bzl", line 8, column 32, in format
Error: 'NoneType' value has no field or method 'get'
PiperOrigin-RevId: 396457764
|
|
|
|
...as raw endpoints expect the packet's NICID to be set.
PiperOrigin-RevId: 396446552
|
|
|
|
Setting the ToS for IPv4 packets (SOL_IP, IP_TOS) should not affect the
Traffic Class of IPv6 packets (SOL_IPV6, IPV6_TCLASS).
Also only return the ToS value XOR Traffic Class as a packet cannot be
both an IPv4 and an IPv6 packet; It is invalid to return both the IPv4
ToS and IPv6 Traffic Class control messages when reading packets.
Updates #6389.
PiperOrigin-RevId: 396399096
|
|
|
|
Fixes #6558
PiperOrigin-RevId: 396393293
|
|
|
|
PiperOrigin-RevId: 396155387
|
|
|
|
PiperOrigin-RevId: 396042572
|
|
|
|
PiperOrigin-RevId: 395859347
|
|
|
|
Previously, gVisor did not represent loopback devices as an ethernet
device as Linux does. To maintain Linux API compatibility for packet
sockets, a workaround was used to add an ethernet header if a link
header was not already present in the packet buffer delivered to a
packet endpoint.
However, this workaround is a bug for non-ethernet based interfaces; not
all links use an ethernet header (e.g. pure L3/TUN interfaces).
As of 3b4bb947517d0d9010120aaa1c3989fd6abf278e, gVisor represents
loopback devices as an ethernet-based device so this workaround can
now be removed.
BUG: https://fxbug.dev/81592
Updates #6530, #6531.
PiperOrigin-RevId: 395819151
|
|
|
|
PiperOrigin-RevId: 395809193
|
|
This change removes NetworkDispatcher.DeliverOutboundPacket.
Since all packet writes go through the NIC (the only NetworkDispatcher),
we can deliver outgoing packets to interested packet endpoints before
writing the packet to the link endpoint as the stack expects that all
packets that get delivered to a link endpoint are transmitted on the
wire. That is, link endpoints no longer need to let the stack know when
it writes a packet as the stack already knows about the packet it writes
through a link endpoint.
PiperOrigin-RevId: 395761629
|
|
|
|
Fixes #6532
PiperOrigin-RevId: 395741741
|
|
PiperOrigin-RevId: 395338926
|
|
|
|
NewTempAbsPathInDir("/tmp") prevents the generated socket address from
exceeding sizeof(addr.sun_path). However, existing systems that are built with
the ANDROID configuration have their temp directory in a different location.
This change allows those systems to run tests that depend on UniqueUnixAddr.
PiperOrigin-RevId: 395336483
|
|
|
|
PiperOrigin-RevId: 395325998
|
|
|
|
This defines common infrastructure for dynamically-configured security checks,
including an example usage in the clone(2) path.
PiperOrigin-RevId: 394797270
|
|
|
|
PiperOrigin-RevId: 394560866
|
|
|