summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2019-11-14Merge release-20191104.0-41-g9ca15db (automated)gVisor bot
2019-11-14Avoid unnecessary slice allocation in usermem.BytesIO.blocksFromAddrRanges().Jamie Liu
PiperOrigin-RevId: 280507239
2019-11-14Merge release-20191104.0-40-g3f7d937 (automated)gVisor bot
2019-11-14Use PacketBuffers for outgoing packets.Kevin Krakauer
PiperOrigin-RevId: 280455453
2019-11-13Merge release-20191104.0-39-g1e55eb3 (automated)gVisor bot
2019-11-13test/syscalls/proc: check an return code of waitidAndrei Vagin
PiperOrigin-RevId: 280295208
2019-11-13Merge release-20191104.0-38-g6dd4c9e (automated)gVisor bot
2019-11-13Fix flaky behaviour during S/R.Bhasker Hariharan
PiperOrigin-RevId: 280280156
2019-11-13Merge release-20191104.0-37-g683e879 (automated)gVisor bot
2019-11-13Extract linux-specific test setup to separate fileJay Zhuang
PiperOrigin-RevId: 280264564
2019-11-13Merge release-20191104.0-36-gc2d3dc0 (automated)gVisor bot
2019-11-12Use overlay MountSource when binding socket in overlay.Nicolas Lacasse
PiperOrigin-RevId: 280131840
2019-11-13Merge release-20191104.0-35-g2c6c9af (automated)gVisor bot
2019-11-12Add UDP SO_REUSEADDR/SO_REUSEPORT conversion tests.Ian Gudger
Add additional tests for UDP SO_REUSEADDR and SO_REUSEPORT interaction. If all existing all currently bound sockets as well as the current binding socket have SO_REUSEADDR, or if all existing all currently bound sockets as well as the current binding socket have SO_REUSEPORT, binding a currently bound address is allowed. This seems odd since it means that the SO_REUSEADDR/SO_REUSEPORT behavior can change with the binding of additional sockets. PiperOrigin-RevId: 280116163
2019-11-13Merge release-20191104.0-34-gca9cba6 (automated)gVisor bot
2019-11-12seccomp: introduce the GreaterThan rule typeAndrei Vagin
PiperOrigin-RevId: 280075805
2019-11-12Merge release-20191104.0-33-g3f51bef (automated)gVisor bot
2019-11-12Do not handle TCP packets that include a non-unicast IP addressGhanan Gowripalan
This change drops TCP packets with a non-unicast IP address as the source or destination address as TCP is meant for communication between two endpoints. Test: Make sure that if the source or destination address contains a non-unicast address, no TCP packet is sent in response and the packet is dropped. PiperOrigin-RevId: 280073731
2019-11-12Merge release-20190806.1-397-g5398530 (automated)gVisor bot
2019-11-12Discover on-link prefixes from Router Advertisements' Prefix Information optionsGhanan Gowripalan
This change allows the netstack to do NDP's Prefix Discovery as outlined by RFC 4861 section 6.3.4. If configured to do so, when a new on-link prefix is discovered, the routing table will be updated with a device route through the nic the RA arrived at. Likewise, when such a prefix gets invalidated, the device route will be removed. Note, this change will not break existing uses of netstack as the default configuration for the stack options is set in such a way that Prefix Discovery will not be performed. See `stack.Options` and `stack.NDPConfigurations` for more details. This change reuses 1 option and introduces a new one that is required to take advantage of Prefix Discovery, all available under NDPConfigurations: - HandleRAs: Whether or not NDP RAs are processes - DiscoverOnLinkPrefixes: Whether or not Prefix Discovery is performed (new) Another note: for a NIC to process Prefix Information options (in Router Advertisements), it must not be a router itself. Currently the netstack does not have per-interface routing configuration; the routing/forwarding configuration is controlled stack-wide. Therefore, if the stack is configured to enable forwarding/routing, no router Advertisements (and by extension the Prefix Information options) will be processed. Tests: Unittest to make sure that Prefix Discovery and updates to the routing table only occur if explicitly configured to do so. Unittest to make sure at max stack.MaxDiscoveredOnLinkPrefixes discovered on-link prefixes are remembered. PiperOrigin-RevId: 280049278
2019-11-12Merge release-20190806.1-396-g57a2a5e (automated)gVisor bot
2019-11-12Add tests for SO_REUSEADDR and SO_REUSEPORT.Ian Gudger
* Basic tests for the SO_REUSEADDR and SO_REUSEPORT options. * SO_REUSEADDR functional tests for TCP and UDP. * SO_REUSEADDR and SO_REUSEPORT interaction tests for UDP. * Stubbed support for UDP getsockopt(SO_REUSEADDR). PiperOrigin-RevId: 280049265
2019-11-12Merge release-20190806.1-395-g548d65b (automated)gVisor bot
2019-11-12kokoro: correct a path to outputs.zipAndrei Vagin
PiperOrigin-RevId: 280021914
2019-11-12Merge release-20190806.1-394-gb82bd24 (automated)gVisor bot
2019-11-11Update ephemeral port reservation tests.Ian Gudger
The existing tests which are disabled on gVisor are failing because we default to SO_REUSEADDR being enabled for TCP sockets. Update the test comments. Also add new tests for enabled SO_REUSEADDR. PiperOrigin-RevId: 279862275
2019-11-12Merge release-20190806.1-393-g07f9041 (automated)gVisor bot
2019-11-11Merge pull request #918 from lubinszARM:pr_ring0gVisor bot
PiperOrigin-RevId: 279840214
2019-11-11Merge release-20190806.1-391-g2b0e4dc (automated)gVisor bot
2019-11-11Remove obsolete TODO. This is now fixed.Bhasker Hariharan
PiperOrigin-RevId: 279835100
2019-11-11Merge release-20190806.1-390-ge09e7bf (automated)gVisor bot
2019-11-11Add more extended features.Brad Burlage
PiperOrigin-RevId: 279820435
2019-11-11Merge release-20190806.1-389-g7730716 (automated)gVisor bot
2019-11-11Make `connect` on socket returned by `accept` correctly error out with EISCONNgVisor bot
PiperOrigin-RevId: 279814493
2019-11-09Merge release-20190806.1-388-g833dbba (automated)gVisor bot
2019-11-08Merge pull request #1158 from andrew-d:andrew/rules-gogVisor bot
PiperOrigin-RevId: 279425005
2019-11-09Merge release-20190806.1-386-gb91ad8f (automated)gVisor bot
2019-11-08test: merge log files of all shards for each test suiteAndrei Vagin
This significantly speeds up a process of uploading this files to sponge and resultstore by kokoro. PiperOrigin-RevId: 279416349
2019-11-08Merge release-20190806.1-385-g14f4461 (automated)gVisor bot
2019-11-08kokoro: update images to install zipAndrei Vagin
PiperOrigin-RevId: 279406266
2019-11-08Merge release-20190806.1-384-g50d6236 (automated)gVisor bot
2019-11-08Update kokoro images to install junitparserAndrei Vagin
junitparser will be used to merge junit xml files. PiperOrigin-RevId: 279387305
2019-11-08Merge release-20190806.1-383-gaf58a4e (automated)gVisor bot
2019-11-08Automated rollback of changelist 278417533Kevin Krakauer
PiperOrigin-RevId: 279365629
2019-11-07Bump gazelle to v0.19.1Andrew Dunham
2019-11-07Merge release-20190806.1-382-g66ebb65 (automated)gVisor bot
2019-11-07Add support for TIME_WAIT timeout.Bhasker Hariharan
This change adds explicit support for honoring the 2MSL timeout for sockets in TIME_WAIT state. It also adds support for the TCP_LINGER2 option that allows modification of the FIN_WAIT2 state timeout duration for a given socket. It also adds an option to modify the Stack wide TIME_WAIT timeout but this is only for testing. On Linux this is fixed at 60s. Further, we also now correctly process RST's in CLOSE_WAIT and close the socket similar to linux without moving it to error state. We also now handle SYN in ESTABLISHED state as per RFC5961#section-4.1. Earlier we would just drop these SYNs. Which can result in some tests that pass on linux to fail on gVisor. Netstack now honors TIME_WAIT correctly as well as handles the following cases correctly. - TCP RSTs in TIME_WAIT are ignored. - A duplicate TCP FIN during TIME_WAIT extends the TIME_WAIT and a dup ACK is sent in response to the FIN as the dup FIN indicates potential loss of the original final ACK. - An out of order segment during TIME_WAIT generates a dup ACK. - A new SYN w/ a sequence number > the highest sequence number in the previous connection closes the TIME_WAIT early and opens a new connection. Further to make the SYN case work correctly the ISN (Initial Sequence Number) generation for Netstack has been updated to be as per RFC. Its not a pure random number anymore and follows the recommendation in https://tools.ietf.org/html/rfc6528#page-3. The current hash used is not a cryptographically secure hash function. A separate change will update the hash function used to Siphash similar to what is used in Linux. PiperOrigin-RevId: 279106406
2019-11-07Merge release-20190806.1-381-g2326224 (automated)gVisor bot
2019-11-06Fix yet another data race.Bhasker Hariharan
Fixes #1140 PiperOrigin-RevId: 279020846
2019-11-07Merge release-20190806.1-380-g3552691 (automated)gVisor bot