Age | Commit message (Collapse) | Author |
|
Some code paths needed these syscalls anyways, so they should be included in
the filters. Given that we depend on these syscalls in some cases, there's no
real reason to avoid them any more.
PiperOrigin-RevId: 310829126
|
|
Enables commands with -o (--out-interface) for iptables rules.
$ iptables -A OUTPUT -o eth0 -j ACCEPT
PiperOrigin-RevId: 310642286
|
|
Fixes #2654
PiperOrigin-RevId: 310642216
|
|
This has two effects: It makes flags passed to open("/proc/[pid]/fd/[hostfd]")
effective, and it prevents imported pipes/sockets/character devices from being
opened with O_NONBLOCK unconditionally (because the underlying host FD was set
to non-blocking in ImportFD()).
PiperOrigin-RevId: 310596062
|
|
This fixed the corresponding packetimpact test.
PiperOrigin-RevId: 310593470
|
|
PiperOrigin-RevId: 310479788
|
|
Without this fix, make exits with zero code when bazel build failed:
$ make run TARGETS="--abra --kadabra"
ERROR: Unrecognized option: --abra
$ echo $?
0
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
This change two does things:
1) Name the container based on the canonical directory path.
2) Allow the container to exit after bazel itself has exited.
The first is necessary to support multiple working directories,
while the second one allows these instances to clean up properly.
PiperOrigin-RevId: 310460748
|
|
The common syscall definitions mean that ARM64-exclusive files need stubs in
the ARM64 build.
PiperOrigin-RevId: 310446698
|
|
Only the last test was running before since the goroutines won't be executed
until after this loop. I added t.Log(test.name) and this is was the result:
TestListenNoAcceptNonUnicastV4/SourceUnspecified: DestOtherMulticast
TestListenNoAcceptNonUnicastV4/DestUnspecified: DestOtherMulticast
TestListenNoAcceptNonUnicastV4/DestOtherMulticast: DestOtherMulticast
TestListenNoAcceptNonUnicastV4/SourceBroadcast: DestOtherMulticast
TestListenNoAcceptNonUnicastV4/DestOurMulticast: DestOtherMulticast
TestListenNoAcceptNonUnicastV4/DestBroadcast: DestOtherMulticast
TestListenNoAcceptNonUnicastV4/SourceOtherMulticast: DestOtherMulticast
TestListenNoAcceptNonUnicastV4/SourceOurMulticast: DestOtherMulticast
https://github.com/golang/go/wiki/TableDrivenTests#parallel-testing
PiperOrigin-RevId: 310440629
|
|
Updates #1197, #1198, #1672
PiperOrigin-RevId: 310432006
|
|
Updates #2569
Updates #2298
PiperOrigin-RevId: 310423629
|
|
PiperOrigin-RevId: 310417191
|
|
They don't depend on anything in VFS2, so they should be their own packages.
PiperOrigin-RevId: 310416807
|
|
PiperOrigin-RevId: 310409922
|
|
PiperOrigin-RevId: 310404113
|
|
Every call to sender.NextSeg does not need to iterate from the
front of the writeList as in a given recovery episode we can cache
the last nextSeg returned. There cannot be a lower sequenced segment
that matches the next call to NextSeg as otherwise we would have
returned that instead in the previous call.
This fixes the issue of excessive CPU usage w/ large send buffers
where we spend a lot of time iterating from the front of the list on
every NextSeg invocation.
Further the following other bugs were also fixed:
* Iteration of segments never sent in NextSeg() when looking for segments for
retransmission that match step1/3/4 of the NextSeg algorithm
* Correctly setting rescueRxt only if the rescue segment was actually sent.
* Correctly initializing rescueRxt/highRxt when entering SACK recovery.
* Correctly re-arming the timer only on retransmissions when SACK is in use
and not for every segment being sent as it was being done before.
* Copy over xmitTime and xmitCount on segment clone.
* Move writeNext along when skipping over SACKED segments. This is required
to prevent spurious retransmissions where we end up retransmitting data
that was never lost.
PiperOrigin-RevId: 310387671
|
|
Synthetic sockets do not have the race condition issue in VFS2, and we will
get rid of privateunixsocket as well.
Fixes #1200.
PiperOrigin-RevId: 310386474
|
|
PiperOrigin-RevId: 310380911
|
|
Fixes #1965.
PiperOrigin-RevId: 310380433
|
|
Based on ipv6's TestReceiveIPv6Fragments.
|
|
PiperOrigin-RevId: 310259686
|
|
Compare:
https://elixir.bootlin.com/linux/v5.6/source/fs/timerfd.c#L431
PiperOrigin-RevId: 310246908
|
|
Do not assume that networks need any DHCPv6 configurations. Instead,
notify the NDP dispatcher in response to the first NDP RA's DHCPv6
flags, even if the flags indicate no DHCPv6 configurations are
available.
PiperOrigin-RevId: 310245068
|
|
We can register any number of tables with any number of architectures, and
need not limit the definitions to the architecture in question. This allows
runsc to generate documentation for all architectures simultaneously.
Similarly, this simplifies the VFSv2 patching process.
PiperOrigin-RevId: 310224827
|
|
We need to check vv.Size() instead of len(tcp), as tcp will always be 20 bytes
long.
PiperOrigin-RevId: 310218351
|
|
PiperOrigin-RevId: 310213705
|
|
PiperOrigin-RevId: 310179277
|
|
PiperOrigin-RevId: 310057834
|
|
connect() returns EINTR after S/R and usually we
use RetryEINTR to workaround this.
PiperOrigin-RevId: 310038525
|
|
As per RFC 1122 4.2.2.17, when the remote advertizes zero receive window,
the sender needs to probe for the window-size to become non-zero starting
from the next retransmission interval. The TCP connection needs to be kept
open as long as the remote is acknowledging the zero window probes.
We reuse the retransmission timers to support this.
Fixes #1644
PiperOrigin-RevId: 310021575
|
|
PiperOrigin-RevId: 310001058
|
|
Three updates:
- Mark all vfs2 socket syscalls as supported.
- Use the same dev number and ino number generator for all types of sockets,
unlike in VFS1.
- Do not use host fd for hostinet metadata.
Fixes #1476, #1478, #1484, 1485, #2017.
PiperOrigin-RevId: 309994579
|
|
PiperOrigin-RevId: 309966538
|
|
Implement PrependPath() in host.filesystem to correctly format
name for host files.
Updates #1672
PiperOrigin-RevId: 309959135
|
|
p9.NoUID/GID (== uint32(-1) == auth.NoID) is not a valid auth.KUID/KGID; in
particular, using it for file ownership causes capabilities to be ineffective
since file capabilities require that the file's KUID and KGID are mapped into
the capability holder's user namespace [1], and auth.NoID is not mapped into
any user namespace. Map p9.NoUID/GID to a different, valid KUID/KGID; in the
unlikely case that an application actually using the overflow KUID/KGID
attempts an operation that is consequently permitted by client permission
checks, the remote operation will still fail with EPERM.
Since this changes the VFS2 gofer client to no longer ignore the invalid IDs
entirely, this CL both permits and requires that we change synthetic mount point
creation to use root credentials.
[1] See fs.Inode.CheckCapability or vfs.GenericCheckPermissions.
PiperOrigin-RevId: 309856455
|
|
And move sys_timerfd.go to just timerfd.go for consistency.
Updates #1475.
PiperOrigin-RevId: 309835029
|
|
PiperOrigin-RevId: 309832671
|
|
This allows for kerfs.Filesystem to be overridden by
different implementations.
Updates #1672
PiperOrigin-RevId: 309809321
|
|
There is the known issue of the linux procfs, that two consequent calls of
readdir can return the same entry twice if between these calls one or more
entries have been removed from this directory.
PiperOrigin-RevId: 309803066
|
|
PiperOrigin-RevId: 309801320
|
|
Also added back the default test dimension back which was
dropped in a previous refactor.
PiperOrigin-RevId: 309797327
|
|
PiperOrigin-RevId: 309787938
|
|
PiperOrigin-RevId: 309783486
|
|
Updates #1623, #1487
PiperOrigin-RevId: 309777922
|
|
This change ensures that even platforms with some TSC issues (e.g. KVM),
can get reliable monotonic time by applied a lower bound on each read.
PiperOrigin-RevId: 309773801
|
|
PiperOrigin-RevId: 309506957
|
|
Otherwise the labeller will generate an error each time.
PiperOrigin-RevId: 309505731
|
|
Connection tracking is used to track packets in prerouting and
output hooks of iptables. The NAT rules modify the tuples in
connections. The connection tracking code modifies the packets by
looking at the modified tuples.
|
|
If the NIC already has a generated SLAAC address, regenerate a new SLAAC
address until one is generated that does not conflict with the NIC's
existing addresses, up to a maximum of 10 attempts.
This applies to both stable and temporary SLAAC addresses.
Test: stack_test.TestMixedSLAACAddrConflictRegen
PiperOrigin-RevId: 309495628
|