| Age | Commit message (Collapse) | Author |
|---|
|
Capture a timer's locker for each instance of a CancellableTimer so that
reassigning a tcpip.CancellableTimer does not cause a data race.
Reassigning a tcpip.CancellableTimer updates its underlying locker. When
a timer fires, it does a read of the timer's locker variable to lock it.
This read of the locker was not synchronized so a race existed where one
goroutine may reassign the timer (updating the locker) and another
handles the timer firing (attempts to lock the timer's locker).
Test: tcpip_test.TestCancellableTimerReassignment
PiperOrigin-RevId: 307499822
|
|
This change renames the tools/images directory to tools/vm for clarity, and
adds a functional vm_test. Sharding is also added to the same test, and some
documentation added around key flags & variables to describe how they work.
Subsequent changes will add vm_tests for other cases, such as the runtime tests.
PiperOrigin-RevId: 307492245
|
|
PiperOrigin-RevId: 307477185
|
|
PiperOrigin-RevId: 307458938
|
|
PiperOrigin-RevId: 307453436
|
|
PiperOrigin-RevId: 307435879
|
|
PiperOrigin-RevId: 307422746
|
|
Instead of plumbing error through kernfs.Inode.Mode, panic if err != nil.
The errors that can result from an fstat syscall all indicate that something
is fundamentally wrong, and panicking should be acceptable.
PiperOrigin-RevId: 307406847
|
|
Fixed to match RFC 793 page 69.
Fixes #1607
PiperOrigin-RevId: 307334892
|
|
PiperOrigin-RevId: 307328289
|
|
PiperOrigin-RevId: 307166482
|
|
PiperOrigin-RevId: 307166317
|
|
prlimit was erroneously comparing UIDs and GIDs when getting/setting a process'
own limits. From the manpage:
To set or get the resources of a process other than itself, the caller must have
the CAP_SYS_RESOURCE capability, or the real, effective, and saved set user IDs
of the target process must match the real user ID of the caller and the real,
effective, and saved set group IDs of the target process must match the real
group ID of the caller.
PiperOrigin-RevId: 307127266
|
|
Inform the netstack integrator when the netstack receives an NDP Router
Advertisement message with the NDP DNS Search List option with at least
one domain name. The stack will not maintain any state related to the
search list - the integrator is expected to maintain any required state
and invalidate domain names after their lifetime expires, or refresh the
lifetime when a new one is received for a known domain name.
Test:
- header_test.TestNDPDNSSearchListOption
- header_test.TestNDPDNSSearchListOptionSerialize
- header_test.TestNDPSearchListOptionDomainNameLabelInvalidSymbols
- header_test.TestNDPOptionsIterCheck
- stack_test.TestNDPDNSSearchListDispatch
PiperOrigin-RevId: 307109375
|
|
This is to make easier to find corresponding logs in
case test fails.
PiperOrigin-RevId: 307104283
|
|
These methods let users eaily break the VectorisedView abstraction, and
allowed netstack to slip into pseudo-enforcement of the "all headers are
in the first View" invariant. Removing them and replacing with PullUp(n)
breaks this reliance and will make it easier to add iptables support and
rework network buffer management.
The new View.PullUp(n) method is low cost in the common case, when when
all the headers fit in the first View.
|
|
PiperOrigin-RevId: 307078788
|
|
Included:
- loader_test.go RunTest and TestStartSignal VFS2
- container_test.go TestAppExitStatus on VFS2
- experimental flag added to runsc to turn on VFS2
Note: shared mounts are not yet supported.
PiperOrigin-RevId: 307070753
|
|
PiperOrigin-RevId: 307069884
|
|
PiperOrigin-RevId: 307053624
|
|
This previously changed in 305699233, but this behaviour turned out to
be load bearing.
PiperOrigin-RevId: 307033802
|
|
Updates #1035
PiperOrigin-RevId: 306968644
|
|
Better validate NDP NAs options before updating the link address cache.
Test: stack_test.TestNeighorAdvertisementWithTargetLinkLayerOption
PiperOrigin-RevId: 306962924
|
|
PiperOrigin-RevId: 306959393
|
|
When the listening socket is read shutdown, we need to reset all pending
and incoming connections. Ensure that the endpoint is not cleaned up
from the demuxer and subsequent bind to same port does not go through.
PiperOrigin-RevId: 306958038
|
|
Test: header_test.TestNDPOptionsIterCheck
PiperOrigin-RevId: 306953867
|
|
This change makes SynRcvdCountThreshold and the global synRcvdCount into a stack
configurable value. This is required because in cases like mod_proxy which
create multiple Stack instances the count will be a global value that impacts
all Stack instances.
Further the tests relied on modifying the global threshold to simulate tests
where we want to verify SYN cookie based behaviour. This lead to data races due
to the global being modified/read without locks or atomics.
PiperOrigin-RevId: 306947723
|
|
PiperOrigin-RevId: 306930652
|
|
PiperOrigin-RevId: 306908296
|
|
TCP, in CLOSE-WAIT state, MUST return ACK with proper SEQ and ACK numbers after
recv a seg with OTW SEQ or unacc ACK number, and remain in same state. If the
connection is in a synchronized state, any unacceptable segment (out of window
sequence number or unacceptable acknowledgment number) must elicit only an empty
acknowledgment segment containing the current send-sequence number and an
acknowledgment indicating the next sequence number expected to be received, and
the connection remains in the same state.
PiperOrigin-RevId: 306897984
|
|
PiperOrigin-RevId: 306891171
|
|
The tests are based on RFC 793 page 69.
Updates #1607
PiperOrigin-RevId: 306768847
|
|
PiperOrigin-RevId: 306726587
|
|
Removed the TODO to use netlink.
PiperOrigin-RevId: 306721468
|
|
Rather than have a struct for the state of each type of connection, such as
TCP/IPv4, UDP/IPv4, TCP/IPv6, etc, have a state for each layer, such as UDP,
TCP, IPv4, IPv6. Those states can be composed into connections.
Tested:
Existing unit tests still pass/fail as expected.
PiperOrigin-RevId: 306703180
|
|
PiperOrigin-RevId: 306677789
|
|
Remove useless casts and duplicate return statements.
PiperOrigin-RevId: 306627916
|
|
Attempt to redeliver TCP segments that are enqueued into a closing
TCP endpoint. This was being done for Established endpoints but not
for those that are listening or performing connection handshake.
Fixes #2417
PiperOrigin-RevId: 306598155
|
|
Tests now use a MinRTO of 3s instead of default 200ms. This reduced flakiness in
a lot of the congestion control/recovery tests which were flaky due to
retransmit timer firing too early in case the test executors were overloaded.
This change also bumps some of the timeouts in tests which were too sensitive to
timer variations and reduces the number of slow start iterations which can
make the tests run for too long and also trigger retansmit timeouts etc if
the executor is overloaded.
PiperOrigin-RevId: 306562645
|
|
As per RFC 7217 section 6, attempt to regenerate IPv6 SLAAC address in response
to a DAD conflict if the address was generated with an opaque IID as outlined in
RFC 7217 section 5.
Test:
- stack_test.TestAutoGenAddrWithOpaqueIIDDADRetries
- stack_test.TestAutoGenAddrWithEUI64IIDNoDADRetries
- stack_test.TestAutoGenAddrContinuesLifetimesAfterRetry
PiperOrigin-RevId: 306555645
|
|
- Use the fs.File, rather than the vfs.FileDescription, in the VFS1 version.
- Check for a nil fs.File/vfs.FileDescription before calling DecRef, which is
possible if a racing dup2() or dup3() replaces the file descriptor between
when it is installed and when it is returned. (This is not possible in Linux
because Linux separates allocation of a file descriptor from binding an
allocated file descriptor to a struct file, and dup2/dup3 return EBUSY if
asked to replace an allocated but unbound file descriptor.)
PiperOrigin-RevId: 306517101
|
|
Needed for PipeTest_Flags: files opened by open() and openat() get O_LARGEFILE
(on architectures with 64-bit off_t), but not FDs created by other syscalls
such as pipe().
Updates #1035
PiperOrigin-RevId: 306504788
|
|
PiperOrigin-RevId: 306477639
|
|
TCP, in ESTABLISHED state, SHOULD piggyback acknowledgement with a segment being
transmitted (whenever possible) without incurring undue delay
PiperOrigin-RevId: 306474550
|
|
PiperOrigin-RevId: 306432289
|
|
Add Sniffer.Drain() which drains the socket's receive buffer by temporarily
setting the socket to non-blocking, and receiving in a loop until EINTR,
EWOULDBLOCK or EAGAIN. This method should be used when long periods of time
elapses without receiving on the socket, because uninteresting packets may have
piled up in the receive buffer, filling it up and causing packets critical to
test operation to be dropped.
PiperOrigin-RevId: 306380480
|
|
PiperOrigin-RevId: 306348346
|
|
The work being done in these threads is not asynchronous with respect to
the test; that is, it is equivalent to issue non-blocking `connect`
calls serially, since the work is done asynchronously with respect to
the caller. Futhermore, this test was added to test closing a listener
with completed but not delivered connections, which never required
threading in the first place.
PiperOrigin-RevId: 306339486
|
|
PiperOrigin-RevId: 306306809
|
|
PiperOrigin-RevId: 306306494
|
