Age | Commit message (Collapse) | Author |
|
The current version of FAQ.md contains an incorrect example of how to instruct kubelet to prefer containerd over docker. More specifically, it refers to a non-existent `--cni-socket` flag whereas it should have been `--cri-socket`.
The suggested PR fixes that.
|
|
EXPECT*/ASSERT* functions are not async-signal-safe and should not
be called from the function passed to InForkedProcess. However,
these happen accidentally sometimes but do no cause InForkedProcess
to fail.
Detect and notify in such cases.
PiperOrigin-RevId: 353354540
|
|
PiperOrigin-RevId: 353340554
|
|
It previously returned an error but it could only be UnknownNICID. It now
returns a boolean to indicate whether the nic exists or not.
PiperOrigin-RevId: 353337489
|
|
PiperOrigin-RevId: 353336894
|
|
The route resolution callback will be called with a
stack.ResolvedFieldsResult which will hold the route info so callers
can avoid attempting resolution again to check if a previous resolution
attempt succeeded or not.
Test: integration_test.TestRouteResolvedFields
PiperOrigin-RevId: 353319019
|
|
Fixes #5113.
PiperOrigin-RevId: 353313374
|
|
Fixes #1509.
PiperOrigin-RevId: 353295589
|
|
- Added packetimpact tests for RACK.
PiperOrigin-RevId: 353282342
|
|
Atomic operations here significantly slow down gVisor builds with
kcov/coverage enabled. Also mark these functions go:norace to avoid
complaints from the race detector.
PiperOrigin-RevId: 353281865
|
|
PiperOrigin-RevId: 353274135
|
|
abi package is to be used by the Sentry to implement the Linux ABI.
Code dealing with the host should use x/sys/unix.
PiperOrigin-RevId: 353272679
|
|
Updates #5226
PiperOrigin-RevId: 353262133
|
|
The GH Build action has been failing with the error message:
```
--- BUILD -c opt //runsc
tee: /proc/self/fd/2: No such device or address
```
tee /dev/fd/2 seems to be the canonical way of copying stdin to stderr.
So use that instead.
PiperOrigin-RevId: 353259087
|
|
If a network address has a static mapping to a link address, calculate
it in GetLinkAddress.
Test: stack_test.TestStaticGetLinkAddress
PiperOrigin-RevId: 353179616
|
|
We have support for the output interface name, but not for the input
interface name.
This change adds the support for the input interface name, and adds the
test cases for it.
Fixes #5300
PiperOrigin-RevId: 353179389
|
|
- Moves the id to the <tr> tag so that the page aligns properly when using an
anchor.
- Makes the syscall number a link to the anchor.
- Fixes some broken links to syscalls without man pages.
PiperOrigin-RevId: 353159903
|
|
GetLinkAddress's callback will be called immediately with a
stack.LinkResolutionResult which will hold the link address
so no need to also return the link address from the function.
Fixes #5151.
PiperOrigin-RevId: 353157857
|
|
...unless explicitly requested via ResolveWith.
Remove cancelled channels from pending packets as we can use the link
resolution channel in a FIFO to limit the number of maximum pending
resolutions we should queue packets for.
This change also defers starting the goroutine that handles link
resolution completion to when link resolution succeeds, fails or
gets cancelled due to the max number of pending resolutions being
reached.
Fixes #751.
PiperOrigin-RevId: 353130577
|
|
PiperOrigin-RevId: 353118942
|
|
Previously fsgofer was skipping chown call if the uid and gid
were the same as the current user/group. However, when setgid
is set, the group may not be the same as the caller. Instead,
compare the actual uid/gid of the file after it has been
created and change ownership only if needed.
Updates #180
PiperOrigin-RevId: 353118733
|
|
Test: integration_test.TestWritePacketsLinkResolution
Fixes #4458.
PiperOrigin-RevId: 353108826
|
|
fdbased and qdisc layers expect these fields to already be
populated before being reached.
PiperOrigin-RevId: 353099492
|
|
Updates #5273
PiperOrigin-RevId: 353087710
|
|
For an active OPEN call with unspecified foreign socket, TCP MUST
return error: foreign socket unspecified
PiperOrigin-RevId: 352961691
|
|
PiperOrigin-RevId: 352954044
|
|
Syscall docs were excluded from the navigation menu. This change adds them
back.
PiperOrigin-RevId: 352942238
|
|
- Removes the unimplemented message for SO_LINGER
- Fix the length for IP_PKTINFO option
PiperOrigin-RevId: 352917611
|
|
PiperOrigin-RevId: 352908368
|
|
PiperOrigin-RevId: 352905565
|
|
PiperOrigin-RevId: 352904728
|
|
Fixes #5263
PiperOrigin-RevId: 352903844
|
|
PiperOrigin-RevId: 352894106
|
|
The error messages are not needed or used as these are not processing errors
so much as errors to be reported back to the packet sender. Implicitly
describe whether each error should generate ICMP packets or not. Most do
but there are a couple that do not.
Slightly alter some test expectations for Linux compatibility and add a
couple more. Improve Linux compatibility on error packet returns. Some
cosmetic changes to tests to match the upcoming packet impact version
of the same tests.
PiperOrigin-RevId: 352889785
|
|
Link addresses are cached on a per NIC basis so instead of having a
single cache that includes the NIC ID for neighbor entry lookups,
use a single cache per NIC.
PiperOrigin-RevId: 352684111
|
|
On ARM64, when ptrace stops on a system call, it uses the x7 register to
indicate whether the stop has been signalled from syscall entry or syscall
exit. This means that we can't get a value of this register and we can't change
it. More details are in the comment for tracehook_report_syscall in
arch/arm64/kernel/ptrace.c.
This happens only if we stop on a system call, so let's queue a signal, resume
a stub thread and catch it on a signal handling.
Fixes: #5238
PiperOrigin-RevId: 352668695
|
|
To facilitate the debugging of multi-homed setup, track Network
protocols statistics for each endpoint. Note that the original
stack-wide stats still exist.
A new type of statistic counter is introduced, which track two
versions of a stat at the same time. This lets a network endpoint
increment both the local stat and the stack-wide stat at the same
time.
Fixes #4605
PiperOrigin-RevId: 352663276
|
|
PiperOrigin-RevId: 352624174
|
|
PiperOrigin-RevId: 352623277
|
|
#5274 broke `make load-basic_fsstress` target. It works locally but for some
inconceivable reason it fails to build on Kokoro.
Error message:
```
Step 1/12 : FROM alpine
---> 1fca6fe4a1ec
Step 2/12 : RUN apk add git
---> Running in 109a5326259a
standard_init_linux.go:207: exec user process caused "no such file or directory"
The command '/bin/sh -c apk add git' returned a non-zero code: 1
make: *** [load-basic_fsstress] Error 1
tools/images.mk:149: recipe for target 'load-basic_fsstress' failed
```
Copied the approach from the following issue to achieve the same goal:
https://github.com/nodejs/docker-node/issues/586#issue-273737852.
PiperOrigin-RevId: 352602945
|
|
Packets may be pending on link resolution to complete before being sent.
Link resolution is performed for neighbors which are unique to a NIC so
hold link resolution related state under the NIC, not the stack.
Note, this change may result in more queued packets but that is okay as
RFC 4861 section 7.2.2 recommends that the stack maintain a queue of
packets for each neighbor that is waiting for link resolution to
complete, not a fixed limit per stack.
PiperOrigin-RevId: 352322155
|
|
If a Route is being created through a link that requires link address
resolution and a remote address that has a known mapping to a link
address, populate the link address when the route is created.
This removes the need for neighbor/link address caches to perform this
check.
Fixes #5149
PiperOrigin-RevId: 352122401
|
|
Test: integration_test.TestGetLinkAddress
PiperOrigin-RevId: 352119404
|
|
stack.Route is used to send network packets and resolve link addresses.
A LinkEndpoint does not need to do either of these and only needs the
route's fields at the time of the packet write request.
Since LinkEndpoints only need the route's fields when writing packets,
pass a stack.RouteInfo instead.
PiperOrigin-RevId: 352108405
|
|
The same intent can be specified via the io.Writer.
PiperOrigin-RevId: 352098747
|
|
This change implements TLP details enumerated in
https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.5.2.
Fixes #5084
PiperOrigin-RevId: 352093473
|
|
IPv4 previously accepts the packet, while IPv6 panics. Neither is the behavior
in Linux.
splice() in Linux has different behavior than in gVisor. This change documents
it in the SpliceTooLong test.
Reported-by: syzbot+b550e78e5c24d1d521f2@syzkaller.appspotmail.com
PiperOrigin-RevId: 352091286
|
|
We loop over the list of packets anyways so setting these aren't
expensive.
Now that they are populated only by the link endpoint that uses them,
TCP does not need to.
PiperOrigin-RevId: 352090853
|
|
Updates #5273
PiperOrigin-RevId: 352088736
|
|
Otherwise, races can occur between concurrent logs.
PiperOrigin-RevId: 352086914
|