Age | Commit message (Collapse) | Author |
|
$ iptables -N foochain
$ iptables -A INPUT -j foochain
|
|
Add new Marshallable interface methods CopyIn/CopyOut, which can be directly
called on the marshalled object, avoiding an interface indirection. Such
indirections are problematic because they always cause the marshalled object to
escape.
PiperOrigin-RevId: 295028010
|
|
PiperOrigin-RevId: 294957297
|
|
PiperOrigin-RevId: 294952610
|
|
PiperOrigin-RevId: 294930818
|
|
* Allow scripts/common.sh to be sourced from outside the scripts/ directory
* Fix passing empty args to Bazel, which causes the tool to exit with a failure
even if the command succeeds.
PiperOrigin-RevId: 294785456
|
|
- Adds creation of user chains via `-N <chainname>`
- Adds `-j RETURN` support for built-in chains, which triggers the
chain's underflow rule (usually the default policy).
- Adds tests for chain creation, default policies, and `-j RETURN' from
built-in chains.
|
|
So that they can be included by Fuchsia's syscall tests
PiperOrigin-RevId: 294654890
|
|
PiperOrigin-RevId: 294582802
|
|
Fixes #1812. (The more direct cause of the deadlock is panic unsafety because
the historically high cost of defer means that we avoid it in hot paths,
including much of MM; defer is much cheaper as of Go 1.14, but still a
measurable overhead.)
PiperOrigin-RevId: 294560316
|
|
In particular, explain how to push updates to the images.
PiperOrigin-RevId: 294508879
|
|
PiperOrigin-RevId: 294500858
|
|
This is to avoid conflicts with types that share the same
[short] package and type names, e.g. proc.smapsData exist
in pkg/sentry/fs/proc and pkg/sentry/fsimpl/proc.
Updates #1663
PiperOrigin-RevId: 294485146
|
|
The slaveInodeOperations is currently copying the object when
truncate is called (which is a no-op). This may result in a
(unconsequential) data race when being modified concurrently.
PiperOrigin-RevId: 294484276
|
|
PiperOrigin-RevId: 294477647
|
|
PiperOrigin-RevId: 294340468
|
|
PiperOrigin-RevId: 294339229
|
|
The name 'bazel' also doesn't work because bazel will treat it specially.
Fixes #1807
PiperOrigin-RevId: 294321221
|
|
Put most of the logic for getxattr in one place for clarity. This simplifies
FGetXattr and getXattrFromPath, which are just wrappers for getXattr.
PiperOrigin-RevId: 294308332
|
|
PiperOrigin-RevId: 294300437
|
|
PiperOrigin-RevId: 294300040
|
|
PiperOrigin-RevId: 294297004
|
|
PiperOrigin-RevId: 294295852
|
|
PiperOrigin-RevId: 294289066
|
|
PiperOrigin-RevId: 294286242
|
|
PiperOrigin-RevId: 294285723
|
|
PiperOrigin-RevId: 294273559
|
|
PiperOrigin-RevId: 294272755
|
|
PiperOrigin-RevId: 294271541
|
|
PiperOrigin-RevId: 294265019
|
|
The readme didn't mention that users need to:
- `bazel build` when working on iptables tests
- enable raw sockets in /etc/docker/daemon.json.
PiperOrigin-RevId: 294260169
|
|
PiperOrigin-RevId: 294257911
|
|
PiperOrigin-RevId: 294253155
|
|
PiperOrigin-RevId: 294250370
|
|
PiperOrigin-RevId: 294224689
|
|
Fixes #1255
Signed-off-by: Haibo Xu <haibo.xu@arm.com>
Change-Id: I8614e6f3ee321c2989567e4e712aa8f28cc9db14
|
|
Note that these are only implemented for tmpfs, and other impls will still
return EOPNOTSUPP.
PiperOrigin-RevId: 293899385
|
|
Log 8, 16, and 32 int optvals and dump the memory of other sizes.
Updates #1782
PiperOrigin-RevId: 293889388
|
|
|
|
- Move shared helpers V4Multicast and V4Broadcast to socket_test_util
- Add unnamed namespace so socket_ipv4_tcp_unbound_external_networking_test.cc
and socket_ipv4_udp_unbound_external_networking_test.cc can be compiled
together
- Add test files to "exports_files" so they can be included by Fuchsia's syscall
test setup
PiperOrigin-RevId: 293880429
|
|
Previously, a DAD event would not be sent if DAD was disabled.
This allows integrators to do some work when an IPv6 address is bound to
a NIC without special logic that checks if DAD is enabled.
Without this change, integrators would need to check if a NIC has DAD
enabled when an address is auto-generated. If DAD is enabled, it would
need to delay the work until the DAD completion event; otherwise, it
would need to do the work in the address auto-generated event handler.
Test: stack_test.TestDADDisabled
PiperOrigin-RevId: 293732914
|
|
Sometimes we get this error under TSAN:
"""
error getting process data from container: connecting to control server at PID
XXXX: connection refused
"""
The theory is that the top "sleep 20" was too short for TSAN, and the container
already exited, so we get connected refused. This commit changes the test to
let container signaling it's running by touching a file repeatedly forever
during the test.
PiperOrigin-RevId: 293710957
|
|
|
|
Auto-generated link-local addresses should have the same lifecycle hooks
as global SLAAC addresses.
The Stack's NDP dispatcher should be notified when link-local addresses
are auto-generated and invalidated. They should also be removed when a
NIC is disabled (which will be supported in a later change).
Tests:
- stack_test.TestNICAutoGenAddrWithOpaque
- stack_test.TestNICAutoGenAddr
PiperOrigin-RevId: 293706760
|
|
Change adds the following:
- logic to run from "baked images". See [GVISOR_DIR]/tools/images
- installers which install modified files from a workspace. This
allows users to run benchmarks while modifying runsc.
- removes the --preemptible tag from built GCE instances. Preemptible
instances are much more likely to be preempted on startup, which
manifests for the user as a failed benchmark. I don't currently have
a way to detect if a VM has been preempted that will work for this
change.
https://cloud.google.com/compute/docs/instances/preemptible#preemption_process
https://cloud.google.com/compute/docs/instances/preemptible#preemption_selection
PiperOrigin-RevId: 293697949
|
|
Addresses may be added before a NIC is enabled. Make sure DAD is
performed on the permanent IPv6 addresses when they get enabled.
Test:
- stack_test.TestDoDADWhenNICEnabled
- stack.TestDisabledRxStatsWhenNICDisabled
PiperOrigin-RevId: 293697429
|
|
PiperOrigin-RevId: 293676954
|
|
The types gonet.Conn and gonet.PacketConn were confusingly named as both
implemented net.Conn. Further, gonet.Conn was perhaps unexpectedly
TCP-specific (net.Conn is not). This change renames them to gonet.TCPConn and
gonet.UDPConn.
Renames gonet.NewListener to gonet.ListenTCP and adds a new gonet.NewTCPListner
function to be consistent with both the gonet.DialXxx and gonet.NewXxxConn
functions as well as net.ListenTCP.
Updates #1632
PiperOrigin-RevId: 293671303
|
|
The host /etc can contain config files which affect tests.
For example, bash reads /etc/passwd and if it is too big
a test can fail by timeout.
PiperOrigin-RevId: 293670637
|
|
Get the link address for the target of an NDP Neighbor Advertisement
from the NDP Target Link Layer Address option.
Tests:
- ipv6.TestNeighorAdvertisementWithTargetLinkLayerOption
- ipv6.TestNeighorAdvertisementWithInvalidTargetLinkLayerOption
PiperOrigin-RevId: 293632609
|