summaryrefslogtreecommitdiffhomepage
path: root/WORKSPACE
AgeCommit message (Collapse)Author
2020-10-19Remove legacy bazel configurations.Adin Scannell
Using the newer bazel rules necessitates a transition from proto1 to proto2. In order to resolve the incompatibility between proto2 and gogoproto, the cri runtimeoptions proto must be vendored. Further, some of the semantics of bazel caching changed during the transition. It is now necessary to: - Ensure that :gopath depends only on pure library targets, as the propagation of go_binary build attributes (pure, static) will affected the generated files (though content remains the same, there are conflicts with respect to the gopath). - Update bazel.mk to include the possibility of binaries in the bazel-out directory, as it will now put runsc and others there. This required some refinements to the mechanism of extracting paths, since some the existing regex resulted in false positives. - Change nogo rules to prevent escape generation on binary targets. For some reason, the newer version of bazel attempted to run the nogo analysis on the binary targets, which fails due to the fact that objdump does not work on the final binary. This must be due to a change in the semantics of aspects in bazel3. PiperOrigin-RevId: 337958324
2020-10-07Add staticcheck and staticstyle analyzers.Adin Scannell
This change also adds support to go_stateify for detecting an appropriate receiver name, avoiding a large number of false positives. PiperOrigin-RevId: 335994587
2020-08-07Remove old benchmark tools.Zach Koopmans
Remove the old benchmark-tools directory, including imports in the WORKSPACE file and associated bazel rules. The new Golang benchmark-tools can be found at //test/benchmarks and it is functionally equivalent, excepting syscall_test which can be found in //test/perf/linux. PiperOrigin-RevId: 325529075
2020-07-30Implement neighbor unreachability detection for ARP and NDP.Sam Balana
This change implements the Neighbor Unreachability Detection (NUD) state machine, as per RFC 4861 [1]. The state machine operates on a single neighbor in the local network. This requires the state machine to be implemented on each entry of the neighbor table. This change also adds, but does not expose, several APIs. The first API is for performing basic operations on the neighbor table: - Create a static entry - List all entries - Delete all entries - Remove an entry by address The second API is used for changing the NUD protocol constants on a per-NIC basis to allow Neighbor Discovery to operate over links with widely varying performance characteristics. See [RFC 4861 Section 10][2] for the list of constants. Finally, the last API is for allowing users to subscribe to NUD state changes. See [RFC 4861 Appendix C][3] for the list of edges. [1]: https://tools.ietf.org/html/rfc4861 [2]: https://tools.ietf.org/html/rfc4861#section-10 [3]: https://tools.ietf.org/html/rfc4861#appendix-C Tests: pkg/tcpip/stack:stack_test - TestNeighborCacheAddStaticEntryThenOverflow - TestNeighborCacheClear - TestNeighborCacheClearThenOverflow - TestNeighborCacheConcurrent - TestNeighborCacheDuplicateStaticEntryWithDifferentLinkAddress - TestNeighborCacheDuplicateStaticEntryWithSameLinkAddress - TestNeighborCacheEntry - TestNeighborCacheEntryNoLinkAddress - TestNeighborCacheGetConfig - TestNeighborCacheKeepFrequentlyUsed - TestNeighborCacheNotifiesWaker - TestNeighborCacheOverflow - TestNeighborCacheOverwriteWithStaticEntryThenOverflow - TestNeighborCacheRemoveEntry - TestNeighborCacheRemoveEntryThenOverflow - TestNeighborCacheRemoveStaticEntry - TestNeighborCacheRemoveStaticEntryThenOverflow - TestNeighborCacheRemoveWaker - TestNeighborCacheReplace - TestNeighborCacheResolutionFailed - TestNeighborCacheResolutionTimeout - TestNeighborCacheSetConfig - TestNeighborCacheStaticResolution - TestEntryAddsAndClearsWakers - TestEntryDelayToProbe - TestEntryDelayToReachableWhenSolicitedOverrideConfirmation - TestEntryDelayToReachableWhenUpperLevelConfirmation - TestEntryDelayToStaleWhenConfirmationWithDifferentAddress - TestEntryDelayToStaleWhenProbeWithDifferentAddress - TestEntryFailedGetsDeleted - TestEntryIncompleteToFailed - TestEntryIncompleteToIncompleteDoesNotChangeUpdatedAt - TestEntryIncompleteToReachable - TestEntryIncompleteToReachableWithRouterFlag - TestEntryIncompleteToStale - TestEntryInitiallyUnknown - TestEntryProbeToFailed - TestEntryProbeToReachableWhenSolicitedConfirmationWithSameAddress - TestEntryProbeToReachableWhenSolicitedOverrideConfirmation - TestEntryProbeToStaleWhenConfirmationWithDifferentAddress - TestEntryProbeToStaleWhenProbeWithDifferentAddress - TestEntryReachableToStaleWhenConfirmationWithDifferentAddress - TestEntryReachableToStaleWhenConfirmationWithDifferentAddressAndOverride - TestEntryReachableToStaleWhenProbeWithDifferentAddress - TestEntryReachableToStaleWhenTimeout - TestEntryStaleToDelay - TestEntryStaleToReachableWhenSolicitedOverrideConfirmation - TestEntryStaleToStaleWhenOverrideConfirmation - TestEntryStaleToStaleWhenProbeUpdateAddress - TestEntryStaysDelayWhenOverrideConfirmationWithSameAddress - TestEntryStaysProbeWhenOverrideConfirmationWithSameAddress - TestEntryStaysReachableWhenConfirmationWithRouterFlag - TestEntryStaysReachableWhenProbeWithSameAddress - TestEntryStaysStaleWhenProbeWithSameAddress - TestEntryUnknownToIncomplete - TestEntryUnknownToStale - TestEntryUnknownToUnknownWhenConfirmationWithUnknownAddress pkg/tcpip/stack:stack_x_test - TestDefaultNUDConfigurations - TestNUDConfigurationFailsForNotSupported - TestNUDConfigurationsBaseReachableTime - TestNUDConfigurationsDelayFirstProbeTime - TestNUDConfigurationsMaxMulticastProbes - TestNUDConfigurationsMaxRandomFactor - TestNUDConfigurationsMaxUnicastProbes - TestNUDConfigurationsMinRandomFactor - TestNUDConfigurationsRetransmitTimer - TestNUDConfigurationsUnreachableTime - TestNUDStateReachableTime - TestNUDStateRecomputeReachableTime - TestSetNUDConfigurationFailsForBadNICID - TestSetNUDConfigurationFailsForNotSupported [1]: https://tools.ietf.org/html/rfc4861 [2]: https://tools.ietf.org/html/rfc4861#section-10 [3]: https://tools.ietf.org/html/rfc4861#appendix-C Updates #1889 Updates #1894 Updates #1895 Updates #1947 Updates #1948 Updates #1949 Updates #1950 PiperOrigin-RevId: 324070795
2020-07-27Enable RBE for standard-tests.Adin Scannell
PiperOrigin-RevId: 323454998
2020-07-13Merge pull request #2672 from amscanne:shim-integratedgVisor bot
PiperOrigin-RevId: 321053634
2020-07-09Update shim to build using bazel.Adin Scannell
The go.mod dependency tree for the shim was somehow contradictory. After resolving these issues (e.g. explicitly imported k8s 1.14, pulling a specific dbus version), and adding all dependencies, the shim can now be build as part of the regular bazel tree. As part of this process, minor cleanup was done in all the source files: headers were standardized (and include "The gVisor Authors" in addition to the "The containerd Authors" if originally derived from containerd sources), and comments were cleaned up to meet coding standards. This change makes the containerd installation dynamic, so that multiple versions can be tested, and drops the static installer for the VM image itself. This change also updates test/root/crictl_test.go and related utilities, so that the containerd tests can be run on any version (and in cases where it applies, they can be run on both v1 and v2 as parameterized tests).
2020-07-08Move all tests to new docker API.Zach Koopmans
Moves following to new dockerutil API: - //test/e2e:integration_test - //test/image:image_test - //test/iptables:iptables_test - //test/root:root_test - //test/packetimpact:packetimpact_test PiperOrigin-RevId: 320253118
2020-05-20Automated rollback of changelist 312522097Nicolas Lacasse
PiperOrigin-RevId: 312529859
2020-05-20Upgrade to Bazel 3.1.0.Nicolas Lacasse
This upgrades the Kokoro images, bazel toolchains used by RBE runners, and rules_go, gazelle, and go toolchain versions. PiperOrigin-RevId: 312522097
2020-05-06Update minor formatting issues.Adin Scannell
2020-04-28Use existing bazeldefs with top-level BUILD file.Adin Scannell
PiperOrigin-RevId: 308901116
2020-04-23Fix Layer merge and add unit testsEyal Soha
mergo was improperly merging nil and empty strings PiperOrigin-RevId: 308170862
2020-04-23Simplify Docker test infrastructure.Adin Scannell
This change adds a layer of abstraction around the internal Docker APIs, and eliminates all direct dependencies on Dockerfiles in the infrastructure. A subsequent change will automated the generation of local images (with efficient caching). Note that this change drops the use of bazel container rules, as that experiment does not seem to be viable. PiperOrigin-RevId: 308095430
2020-04-20Add internal nogo analysis & checkescape tool.Adin Scannell
See tools/nogo/README.md. The checkescape tool is able to perform recursive escape analysis, using the actual generated binary to confirm the results produced by the compiler itself. As an initial use case, this replaces the manual escape analysis tests used for go_marshal, and validates that the CopyIn and CopyOut paths will not require any allocation or stack splits. Updates #2243 PiperOrigin-RevId: 307532986
2020-04-16Use multierr in packetimpact Connection.Close()Eyal Soha
PiperOrigin-RevId: 306930652
2020-04-09Bump rule_go, bazel toolchain, and go toolchain versions.Nicolas Lacasse
PiperOrigin-RevId: 305751225
2020-03-30BigQuery schema for benchmark-tools dashboard.Zach Koopmans
PiperOrigin-RevId: 303805784
2020-03-17Packetimpact in Go with c++ stubEyal Soha
PiperOrigin-RevId: 301382690
2020-03-04WORKSPACE: bump rules_python to include reproducibility fixAndrew Dunham
2020-03-02Update golang.org/x/sysAndrei Vagin
It was downgraded by mistake in e5d9a4010bdb ("Add ability to execute go.mod in gopath context.") Signed-off-by: Andrei Vagin <avagin@gmail.com>
2020-02-28Bump rules_go to 0.22.0 and go toolchain to 1.14.Nicolas Lacasse
PiperOrigin-RevId: 297915917
2020-02-28Add ability to execute go.mod in gopath context.Adin Scannell
2020-02-21Force downloading new version of org_golang_x_sys.Haibo Xu
ARM64 PTRACE_SYSEMU support was added to Linux kernal from v5.3 and the corresponding support in golang is also enabled in the latest org.golang/x/sys repository. Updates #1876 Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I10750c4c8b68f6f68d0a4d828e266966434c92fe
2020-02-19Add basic microbenchmarks.Adin Scannell
PiperOrigin-RevId: 296104390
2020-02-10Bump rules_go, gazelle, and go toolchain.Nicolas Lacasse
PiperOrigin-RevId: 294253155
2020-01-22Toolchain version bumps.Nicolas Lacasse
- bazel_toolchain to 2.0.2 - rules_go to 0.21.0 - Go toolchain to 1.13.6 - Use new proto lib archive. PiperOrigin-RevId: 290999410
2020-01-08Github bug reviverFabricio Voznika
For everyone's joy, this is a tool that reopens issues that have been closed, but are still referenced by TODOs in the code. The idea is to run it in Kokoro nightly. Kokoro changes are coming up next. PiperOrigin-RevId: 288789560
2019-12-12Add iptables testing framework.Kevin Krakauer
It would be preferrable to test iptables via syscall tests, but there are some problems with that approach: * We're limited to loopback-only, as syscall tests involve only a single container. Other link interfaces (e.g. fdbased) should be tested. * We'd have to shell out to call iptables anyways, as the iptables syscall interface itself is too large and complex to work with alone. * Running the Linux/native version of the syscall test will require root, which is a pain to configure, is inherently unsafe, and could leave host iptables misconfigured. Using the go_test target allows there to be no new test runner. PiperOrigin-RevId: 285274275
2019-12-02Import benchmark-tools to main repository.Zach Koopmans
This has adapted for use with bazel from the original commit a26e93769ebefd82593a43e22fb13a09717cfa6d. In particular, the style has been made consistent with internal python style guidelines, and the packages (including the main entrypoint) have been refactored in order to allow bazel testing targets. PiperOrigin-RevId: 283484433
2019-11-07Bump gazelle to v0.19.1Andrew Dunham
2019-11-04Bump rules_go to v0.20.2 and go toolchain to v1.13.4.Nicolas Lacasse
PiperOrigin-RevId: 278424814
2019-10-21Bump rules_go to v0.20.1 and go toolchain to v1.13.3.Nicolas Lacasse
PiperOrigin-RevId: 275909782
2019-10-14Bump rules_go to v0.20.0 and gazelle to v0.19.0Nicolas Lacasse
PiperOrigin-RevId: 274673485
2019-09-27Bump rules_go to 0.19.5 and Go to 1.13.1.Nicolas Lacasse
PiperOrigin-RevId: 271664207
2019-09-27bazel: use rules_pkg from https://github.com/bazelbuild/Andrei Vagin
BUILD:85:1: in _pkg_deb rule //runsc:runsc-debian: target '//runsc:runsc-debian' depends on deprecated target '@bazel_tools//tools/build_defs/pkg:make_deb': The internal version of make_deb is deprecated. Please use the replacement for pkg_deb from https://github.com/bazelbuild/rules_pkg/blob/master/pkg. PiperOrigin-RevId: 271590386
2019-09-24Simplify ICMPRateLimiterTamir Duberstein
https://github.com/golang/time/commit/c4c64ca added SetBurst upstream. PiperOrigin-RevId: 270925077
2019-09-16Migrate from gflags to absl flagsMichael Pratt
absl flags are more modern and we can easily depend on them directly. The repo now successfully builds with --incompatible_load_cc_rules_from_bzl. PiperOrigin-RevId: 269387081
2019-09-12Bump bazel toolchain.Nicolas Lacasse
This fixes the RBE warning: DEBUG: rbe_default not using checked in configs; Bazel version 0.29.1 was picked/selected but no checked in config was found in map[...] PiperOrigin-RevId: 268747944
2019-09-11Bump bazel, rules_go, gazelle, and go toolchain to latest versions.Nicolas Lacasse
PiperOrigin-RevId: 268486127
2019-09-06Load C++ rules from @rules_ccMichael Pratt
See https://github.com/bazelbuild/bazel/issues/8743. This will be required in Bazel 1.0. Protobuf was updated in https://github.com/protocolbuffers/protobuf/commit/bf0c69e1302fe9568fbe310cc54b37d20a9d16a3#diff-96239ee297e0a92ac6ff96a6bc434ef0. GoogleTest was updated in https://github.com/google/googletest/commit/6fd262ecf787d0dc2a91696fd4bf1d3ee1ebfa14. gflags has not yet been updated, so the repo still won't build with --incompatible_load_cc_rules_from_bzl. Tested with buildifier -warnings=native-cc -lint=warn **/BUILD. PiperOrigin-RevId: 267638515
2019-08-30Add C++ toolchain and fix compile issues.Adin Scannell
This was accidentally introduced in 31f05d5d4f62c4cd4fe3b95b333d0130aae4b2c1. Fixes #788. PiperOrigin-RevId: 266462843
2019-08-29Internal change.gVisor bot
PiperOrigin-RevId: 266199211
2019-08-16Bump rules_go to v0.19.3 and bazel_gazelle to v0.18.1.Nicolas Lacasse
And bump go toolchain to v1.12.9. Protobuf dependencies must be explicitly included now. PiperOrigin-RevId: 263853370
2019-08-13Bump Bazel to v0.28.0Nicolas Lacasse
The new version has a change in behavior when using a custom platform: * Old behavior: rules that don't require a toolchain used host_platform, no matter what execution platforms are specified. * New behavior: rules that don't require a toolchain use standard platform resolution that starts with execution platforms. As part of this change, we cannot use the "extra_exectution_platforms" flag provided by the default bazelrc. I got rid of the default bazelrc file, and made our custom .bazelrc as minimal as possible. PiperOrigin-RevId: 263176802
2019-07-29Rate limit the unimplemented syscall event handler.Nicolas Lacasse
This introduces two new types of Emitters: 1. MultiEmitter, which will forward events to other registered Emitters, and 2. RateLimitedEmitter, which will forward events to a wrapped Emitter, subject to given rate limits. The methods in the eventchannel package itself act like a multiEmitter, but is not actually an Emitter. Now we have a DefaultEmitter, and the methods in eventchannel simply forward calls to the DefaultEmitter. The unimplemented syscall handler now uses a RateLimetedEmitter that wraps the DefaultEmitter. PiperOrigin-RevId: 260612770
2019-07-11Bump rules_go to v0.18.7 and go toolchain to v1.12.7.Nicolas Lacasse
PiperOrigin-RevId: 257703164
2019-07-09build: add nogo for static validationAdin Scannell
PiperOrigin-RevId: 257297820
2019-06-13Bump rules_go to v0.18.6, and go toolchain to v1.12.6.Nicolas Lacasse
PiperOrigin-RevId: 253061432
2019-06-10Add introspection for Linux/AMD64 syscallsIan Lewis
Adds simple introspection for syscall compatibility information to Linux/AMD64. Syscalls registered in the syscall table now have associated metadata like name, support level, notes, and URLs to relevant issues. Syscall information can be exported as a table, JSON, or CSV using the new 'runsc help syscalls' command. Users can use this info to debug and get info on the compatibility of the version of runsc they are running or to generate documentation. PiperOrigin-RevId: 252558304