Age | Commit message (Collapse) | Author |
|
Rootless mode seems to work fine for simple containers with runsc run,
so allow its use.
Since runsc run is more widely used, require a workable --network option
is passed rather than automatically switching like runsc do does.
Fixes #3036
|
|
...if bound to an address.
We previously checked the source of a packet instead of the destination
of a packet when bound to an address.
PiperOrigin-RevId: 396497647
|
|
PiperOrigin-RevId: 396476303
|
|
Otherwise it can fail:
$ bazel cquery pkg/p9/... --output=starlark --starlark:file=tools/show_paths.bzl
...
ERROR: Starlark evaluation error for //pkg/p9/p9test:mockgen:
Traceback (most recent call last):
File "tools/show_paths.bzl", line 8, column 32, in format
Error: 'NoneType' value has no field or method 'get'
PiperOrigin-RevId: 396457764
|
|
...as raw endpoints expect the packet's NICID to be set.
PiperOrigin-RevId: 396446552
|
|
Setting the ToS for IPv4 packets (SOL_IP, IP_TOS) should not affect the
Traffic Class of IPv6 packets (SOL_IPV6, IPV6_TCLASS).
Also only return the ToS value XOR Traffic Class as a packet cannot be
both an IPv4 and an IPv6 packet; It is invalid to return both the IPv4
ToS and IPv6 Traffic Class control messages when reading packets.
Updates #6389.
PiperOrigin-RevId: 396399096
|
|
Fixes #6558
PiperOrigin-RevId: 396393293
|
|
PiperOrigin-RevId: 396155387
|
|
PiperOrigin-RevId: 396042572
|
|
PiperOrigin-RevId: 395859347
|
|
Previously, gVisor did not represent loopback devices as an ethernet
device as Linux does. To maintain Linux API compatibility for packet
sockets, a workaround was used to add an ethernet header if a link
header was not already present in the packet buffer delivered to a
packet endpoint.
However, this workaround is a bug for non-ethernet based interfaces; not
all links use an ethernet header (e.g. pure L3/TUN interfaces).
As of 3b4bb947517d0d9010120aaa1c3989fd6abf278e, gVisor represents
loopback devices as an ethernet-based device so this workaround can
now be removed.
BUG: https://fxbug.dev/81592
Updates #6530, #6531.
PiperOrigin-RevId: 395819151
|
|
PiperOrigin-RevId: 395809193
|
|
This change removes NetworkDispatcher.DeliverOutboundPacket.
Since all packet writes go through the NIC (the only NetworkDispatcher),
we can deliver outgoing packets to interested packet endpoints before
writing the packet to the link endpoint as the stack expects that all
packets that get delivered to a link endpoint are transmitted on the
wire. That is, link endpoints no longer need to let the stack know when
it writes a packet as the stack already knows about the packet it writes
through a link endpoint.
PiperOrigin-RevId: 395761629
|
|
Fixes #6532
PiperOrigin-RevId: 395741741
|
|
PiperOrigin-RevId: 395338926
|
|
NewTempAbsPathInDir("/tmp") prevents the generated socket address from
exceeding sizeof(addr.sun_path). However, existing systems that are built with
the ANDROID configuration have their temp directory in a different location.
This change allows those systems to run tests that depend on UniqueUnixAddr.
PiperOrigin-RevId: 395336483
|
|
PiperOrigin-RevId: 395325998
|
|
This defines common infrastructure for dynamically-configured security checks,
including an example usage in the clone(2) path.
PiperOrigin-RevId: 394797270
|
|
PiperOrigin-RevId: 394560866
|
|
If we want to take two endpoint locks, we need to be sure that we always
take them in the same order.
Accept() locks the listening endpoint to work with acceptedChan and then
it calls GetLocalAddress that locks an accepted endpoint. Actually, we
can release the listening endpoint lock before calling GetLocalAddress.
Reported-by: syzbot+f52bd603f51a4ae91054@syzkaller.appspotmail.com
PiperOrigin-RevId: 394553823
|
|
PiperOrigin-RevId: 394481127
|
|
...through the loopback interface, only.
This change only supports sending on packet sockets through the loopback
interface as the loopback interface is the only interface used in packet
socket syscall tests - the other link endpoints are not excercised with
the existing test infrastructure.
Support for sending on packet sockets through the other interfaces will
be added as needed.
BUG: https://fxbug.dev/81592
PiperOrigin-RevId: 394368899
|
|
For a small receive buffer the first out-of-order segment will get accepted and
fill up the receive buffer today. This change now includes the size of the
out-of-order segment when checking whether to queue the out of order segment or
not.
PiperOrigin-RevId: 394351309
|
|
...from the UDP endpoint.
Datagram-based transport endpoints (e.g. UDP, RAW IP) can share a lot
of their write path due to the datagram-based nature of these endpoints.
Extract the common facilities from UDP so they can be shared with other
transport endpoints (in a later change).
Test: UDP syscall tests.
PiperOrigin-RevId: 394347774
|
|
PiperOrigin-RevId: 394331928
|
|
reflect.ValueOf takes an interface{}, so when passed a slice the compiler emits
a call to runtime.convTslice to heap-allocate a copy of the slice header.
PiperOrigin-RevId: 394310052
|
|
PiperOrigin-RevId: 394300607
|
|
PiperOrigin-RevId: 394296687
|
|
Reported-by: syzbot+1aab6800bd14829609b8@syzkaller.appspotmail.com
PiperOrigin-RevId: 394279838
|
|
A blog about RACK loss detection algorithm implemented in gVisor.
(https://datatracker.ietf.org/doc/rfc8985/)
PiperOrigin-RevId: 394265634
|
|
PiperOrigin-RevId: 394261815
|
|
These tests are permanently broken on Linux after 36e2c7421f02 "fs: don't allow
splice read/write without explicit ops".
PiperOrigin-RevId: 394161079
|
|
PiperOrigin-RevId: 394004809
|
|
Fix syzcaller panic SIGBUS on error handling. Done by
adding an interface, errors.GuestError, which errors can
implement in order to be compared against each other.
PiperOrigin-RevId: 393867554
|
|
PiperOrigin-RevId: 393841270
|
|
PiperOrigin-RevId: 393831108
|
|
PiperOrigin-RevId: 393808461
|
|
PiperOrigin-RevId: 393783192
|
|
Document this ordering in mm/mm.go.
PiperOrigin-RevId: 393413203
|
|
PiperOrigin-RevId: 393411409
|
|
...returning unsupported errors.
PiperOrigin-RevId: 393388991
|
|
|
|
|
|
... because it is still used by fuchsia.
PiperOrigin-RevId: 393246904
|
|
PiperOrigin-RevId: 393217676
|
|
Remove freestanding functions that convert time values to raw integers;
centralize time->uint32 logic in methods on tcp.endpoint. Importantly,
the knowledge that TSVal is in milliseconds now lives in adjacent
functions rather than being spread around various files.
Incidental cleanup:
- Remove unused constant
- Remove redundant conversion
- Remove redundant parentheses
- Add missing error check
PiperOrigin-RevId: 393184768
|
|
fixed and enabled SetForegroundProcessGroup and SetForegroundProcessGroupEmptyProcessGroup.
|
|
PiperOrigin-RevId: 393104589
|
|
PiperOrigin-RevId: 393100095
|
|
PiperOrigin-RevId: 393095246
|