summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-11-24Report correct pointer value for "bad next header" ICMP errorJulian Elischer
Because the code handles a bad header as "payload" right up to the last moment we need to make sure payload handling does not remove the error information. Fixes #4909 PiperOrigin-RevId: 344141690
2020-11-24Track number of packets queued to Failed neighborsSam Balana
Add a NIC-specific neighbor table statistic so we can determine how many packets have been queued to Failed neighbors, indicating an unhealthy local network. This change assists us to debug in-field issues where subsequent traffic to a neighbor fails. Fixes #4819 PiperOrigin-RevId: 344131119
2020-11-24Fix a potential indefinite blocking in packetimpact testbenchZeling Feng
1. setsockopt(SO_RCVTIMEO, 0) == never timeout 2. float64(time.Microsecond/time.Second) == 0 3. packetimpact tests use a lot of 1s timeouts This becomes a more significant problem because of a recent change that binds the sniffer only on the specific testNet interface so now the traffic on the ctrlNet cannot wake up the blocking call anymore. PiperOrigin-RevId: 344123465
2020-11-24Extract IGMPv2 core state machineGhanan Gowripalan
The IGMPv2 core state machine can be shared with MLDv1 since they are almost identical, ignoring specific addresses, constants and packets. Bug #4682, #4861 PiperOrigin-RevId: 344102615
2020-11-24Remove outdated TODO.Dean Deng
The bug has been fixed. PiperOrigin-RevId: 344088206
2020-11-24Deduplicate code in ipv6.protocolGhanan Gowripalan
PiperOrigin-RevId: 344009602
2020-11-23Use time.Duration for IGMP Max Response Time fieldGhanan Gowripalan
Bug #4682 PiperOrigin-RevId: 343993297
2020-11-23[1/3] Support isolated containers for parallel packetimpact testsZeling Feng
Summary of the approach: the test runner will set up a few DUTs according to a flag and pass all the test networks to the testbench. The testbench will only reside in a single container. The testbench will put all the test networks into a buffered channel which served as a semaphore and now the user can freely use t.Parallel() in (sub)tests and the true parallelism will be determined by how many DUTs are configured. Creating DUTs on demand is not supported yet, the test author should determine the number of DUTs to be used statically. Specifically in this change: - Don't export any global variables about the test network in testbench. - Sniffer only binds on the local interface because it will be possible to have multiple interfaces to multiple DUTs in a single testbench container. - Migrate existing tests to stop using global variables. PiperOrigin-RevId: 343965962
2020-11-23Don't evict gofer.dentries with inotify watches before saving.Jamie Liu
PiperOrigin-RevId: 343959348
2020-11-23Fix bad Makefile variable reference.Adin Scannell
PiperOrigin-RevId: 343946859
2020-11-23Clean up build output.Adin Scannell
This change also simplifies and documents the build_cmd pipeline, and reduces general noise for debugging Makefile issues. It also drops the mapping for /etc/docker/daemon.json, which if it does not exist initially will create this as a directory (causing lots of confusion and breaks). PiperOrigin-RevId: 343932456
2020-11-23Fix link against runtime.goyield.Adin Scannell
This function does not exist in Go 1.13. We need to add an adaptor to build against Go 1.13, which is the default Ubuntu version. PiperOrigin-RevId: 343929132
2020-11-23Fail gracefully if Docker is not configured with ipv6.Adin Scannell
PiperOrigin-RevId: 343927315
2020-11-23Omit sandbox from chown test.Adin Scannell
This test fails because it must include additional UIDs. Omit the bazel sandbox to ensure that it can function correctly. PiperOrigin-RevId: 343927190
2020-11-23Ignore permission failures in CheckDuplicatesRecursively.Adin Scannell
Not all files are always accessible by the process itself. This was specifically seen with map_files, but there's no rule that every entry must be accessible by the process itself. PiperOrigin-RevId: 343919117
2020-11-23Don't rely on HOME for tools/go_branch.shAdin Scannell
PiperOrigin-RevId: 343885770
2020-11-20Refactor verity test for readabilityChong Cai
1. Add getD/getDentry methods to avoid long casting line in each test 2. Factor all calls to vfs.OpenAt/UnlinkAt/RenameAt on lower filesystem to their own method (for both lower file and lower Merkle file) so the tests are more readable 3. Add descriptive test names for delete/remove tests PiperOrigin-RevId: 343540202
2020-11-19Internal change.gVisor bot
PiperOrigin-RevId: 343419851
2020-11-19Perform IGMPv2 when joining IPv4 multicast groupsRyan Heacock
Added headers, stats, checksum parsing capabilities from RFC 2236 describing IGMPv2. IGMPv2 state machine is implemented for each condition, sending and receiving IGMP Membership Reports and Leave Group messages with backwards compatibility with IGMPv1 routers. Test: * Implemented igmp header parser and checksum calculator in header/igmp_test.go * ipv4/igmp_test.go tests incoming and outgoing IGMP messages and pathways. * Added unit test coverage for IGMPv2 RFC behavior + IGMPv1 backwards compatibility in ipv4/igmp_test.go. Fixes #4682 PiperOrigin-RevId: 343408809
2020-11-19Remove racy stringification of socket fds from /proc/net/*.Rahat Mahmood
PiperOrigin-RevId: 343398191
2020-11-19Add a helpful message in stuck task logs.Dean Deng
This also makes the formatting nicer; the caller will add ":\n" to the end of the message. PiperOrigin-RevId: 343397099
2020-11-19Add types to parse MLD messagesGhanan Gowripalan
Preparing for upcoming CLs that add MLD functionality. Bug #4861 Test: header.TestMLD PiperOrigin-RevId: 343391556
2020-11-19Fix possible panic due to bad data.Julian Elischer
Found by a Fuzzer. Reported-by: syzbot+619fa10be366d553ef7f@syzkaller.appspotmail.com PiperOrigin-RevId: 343379575
2020-11-19Propagate IP address prefix from host to netstackFabricio Voznika
Closes #4022 PiperOrigin-RevId: 343378647
2020-11-19Require sync.Mutex to lock and unlock from the same goroutineMichael Pratt
We would like to track locks ordering to detect ordering violations. Detecting violations is much simpler if mutexes must be unlocked by the same goroutine that locked them. Thus, as a first step to tracking lock ordering, add this lock/unlock requirement to gVisor's sync.Mutex. This is more strict than the Go standard library's sync.Mutex, but initial testing indicates only a single lock that is used across goroutines. The new sync.CrossGoroutineMutex relaxes the requirement (but will not provide lock order checking). Due to the additional overhead, enforcement is only enabled with the "checklocks" build tag. Build with this tag using: bazel build --define=gotags=checklocks ... From my spot-checking, this has no changed inlining properties when disabled. Updates #4804 PiperOrigin-RevId: 343370200
2020-11-19Don't hold AddressEndpoints for multicast addressesGhanan Gowripalan
Group addressable endpoints can simply check if it has joined the multicast group without maintaining address endpoints. This also helps remove the dependency on AddressableEndpoint from GroupAddressableEndpoint. Now that group addresses are not tracked with address endpoints, we can avoid accidentally obtaining a route with a multicast local address. PiperOrigin-RevId: 343336912
2020-11-19Remove unused NoChecksumOptionBruno Dal Bo
Migration to unified socket options left this behind. PiperOrigin-RevId: 343305434
2020-11-19Fix some code not using NewPacketBuffer for creating a PacketBuffer.Ting-Yu Wang
PiperOrigin-RevId: 343299993
2020-11-18[vfs] kernfs: Do not panic if destroyed dentry is cached.Ayush Ranjan
If a kernfs user does not cache dentries, then cacheLocked will destroy the dentry. The current DecRef implementation will be racy in this case as the following can happen: - Goroutine 1 calls DecRef and decreases ref count from 1 to 0. - Goroutine 2 acquires d.fs.mu for reading and calls IncRef and increasing the ref count from 0 to 1. - Goroutine 2 releases d.fs.mu and calls DecRef again decreasing ref count from 1 to 0. - Goroutine 1 now acquires d.fs.mu and calls cacheLocked which destroys the dentry. - Goroutine 2 now acquires d.fs.mu and calls cacheLocked to find that the dentry is already destroyed! Earlier we would panic in this case, we could instead just return instead of adding complexity to handle this race. This is similar to what the gofer client does. We do not want to lock d.fs.mu in the case that the filesystem caches dentries (common case as procfs and sysfs do this) to prevent congestion due to lock contention. PiperOrigin-RevId: 343229496
2020-11-18[netstack] Move SO_KEEPALIVE and SO_ACCEPTCONN option to SocketOptions.Ayush Ranjan
PiperOrigin-RevId: 343217712
2020-11-18Remove unused methods from stack.RouteGhanan Gowripalan
PiperOrigin-RevId: 343211553
2020-11-18runsc: check whether cgroup exists or not for each controllerAndrei Vagin
We have seen a case when a memory cgroup exists but a perf_event one doesn't. Reported-by: syzbot+f31468b61d1a27e629dc@syzkaller.appspotmail.com Reported-by: syzbot+1f163ec0321768f1497e@syzkaller.appspotmail.com PiperOrigin-RevId: 343200070
2020-11-18Port filesystem metrics to VFS2.Jamie Liu
PiperOrigin-RevId: 343196927
2020-11-18Fix race condition in multi-container wait testFabricio Voznika
Container is not thread-safe, locking must be done in the caller. The test was calling Container.Wait() from multiple threads with no synchronization. Also removed Container.WaitPID from test because the process might have already existed when wait is called. PiperOrigin-RevId: 343176280
2020-11-18[netstack] Move SO_REUSEPORT and SO_REUSEADDR option to SocketOptions.Ayush Ranjan
This changes also introduces: - `SocketOptionsHandler` interface which can be implemented by endpoints to handle endpoint specific behavior on SetSockOpt. This is analogous to what Linux does. - `DefaultSocketOptionsHandler` which is a default implementation of the above. This is embedded in all endpoints so that we don't have to uselessly implement empty functions. Endpoints with specific behavior can override the embedded method by manually defining its own implementation. PiperOrigin-RevId: 343158301
2020-11-18Automated rollback of changelist 342700744Nayana Bidari
PiperOrigin-RevId: 343152780
2020-11-18[netstack] Move SO_NO_CHECK option to SocketOptions.Ayush Ranjan
PiperOrigin-RevId: 343146856
2020-11-18Remove the redundant containerIP parameterZeling Feng
PiperOrigin-RevId: 343144023
2020-11-18Fix loopback subnet routing errorGhanan Gowripalan
Packets should be properly routed when sending packets to addresses in the loopback subnet which are not explicitly assigned to the loopback interface. Tests: - integration_test.TestLoopbackAcceptAllInSubnetUDP - integration_test.TestLoopbackAcceptAllInSubnetTCP PiperOrigin-RevId: 343135643
2020-11-18Merge pull request #4791 from lubinszARM:pr_pt_uppergVisor bot
PiperOrigin-RevId: 343130667
2020-11-18Add a few syslog messages.Etienne Perot
PiperOrigin-RevId: 343123278
2020-11-18[netstack] Move SO_PASSCRED option to SocketOptions.Ayush Ranjan
This change also makes the following fixes: - Make SocketOptions use atomic operations instead of having to acquire/drop locks upon each get/set option. - Make documentation more consistent. - Remove tcpip.SocketOptions from socketOpsCommon because it already exists in transport.Endpoint. - Refactors get/set socket options tests to be easily extendable. PiperOrigin-RevId: 343103780
2020-11-18Remove outdated nogo exception.Dean Deng
PiperOrigin-RevId: 343096420
2020-11-18Introduce stack.WritePacketToRemote, remove LinkEndpoint.WriteRawPacketBruno Dal Bo
Redefine stack.WritePacket into stack.WritePacketToRemote which lets the NIC decide whether to append link headers. PiperOrigin-RevId: 343071742
2020-11-17Remove sniffer from gonet_test.Bhasker Hariharan
This was added by mistake in cl/342868552. PiperOrigin-RevId: 343021431
2020-11-17Fix endpoint.Read() when endpoint is in StateError.Bhasker Hariharan
If the endpoint is in StateError but e.hardErrorLocked() returns nil then return ErrClosedForRecieve. This can happen if a concurrent write on the same endpoint was in progress when the endpoint transitioned to an error state. PiperOrigin-RevId: 343018257
2020-11-17Merge pull request #4840 from lubinszARM:pr_fpsimd_1gVisor bot
PiperOrigin-RevId: 343000335
2020-11-17fs/fuse: don't dereference fuse.DeviceFD.fs if it is nilAndrei Vagin
PiperOrigin-RevId: 342992936
2020-11-17Allow short writes from gofers.Nicolas Lacasse
They were returning io.ErrShortWrite, but that is not handled at higher levels and resulted in a panic. We can just return the short write directly from the p9 call without ErrShortWrite. PiperOrigin-RevId: 342960441
2020-11-17tmpfs: make sure that a dentry will not be destroyed before the open() callAndrei Vagin
If we don't hold a reference, the dentry can be destroyed by another thread. Reported-by: syzbot+f2132e50060c41f6d41f@syzkaller.appspotmail.com PiperOrigin-RevId: 342951940