summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/header
AgeCommit message (Collapse)Author
2020-11-14Merge release-20201030.0-95-g0fee59c8c (automated)gVisor bot
2020-11-13Requested Comment/Message wording changesJulian Elischer
PiperOrigin-RevId: 342366891
2020-11-13Merge release-20201030.0-91-g6c0f53002 (automated)gVisor bot
2020-11-13Decrement TTL/Hop Limit when forwarding IP packetsGhanan Gowripalan
If the packet must no longer be forwarded because its TTL/Hop Limit reaches 0, send an ICMP Time Exceeded error to the source. Required as per relevant RFCs. See comments in code for RFC references. Fixes #1085 Tests: - ipv4_test.TestForwarding - ipv6.TestForwarding PiperOrigin-RevId: 342323610
2020-11-13Merge release-20201030.0-80-g638d64c63 (automated)gVisor bot
2020-11-12Change AllocationSize to SizeWithPadding as requestedJulian Elischer
RELNOTES: n/a PiperOrigin-RevId: 342176296
2020-11-13Merge release-20201030.0-77-gd700ba22a (automated)gVisor bot
2020-11-12Pad with a loop rather than a copy from an allocation.Julian Elischer
Add a unit test for ipv4.Encode and a round trip test. PiperOrigin-RevId: 342169517
2020-11-11Merge release-20201030.0-68-g9c4102896 (automated)gVisor bot
2020-11-11Teach netstack how to add options to IPv4 packetsJulian Elischer
Most packets don't have options but they are an integral part of the standard. Teaching the ipv4 code how to handle them will simplify future testing and use. Because Options are so rare it is worth making sure that the extra work is kept out of the fast path as much as possible. Prior to this change, all usages of the IHL field of the IPv4Fields/Encode system set it to the same constant value except in a couple of tests for bad values. From this change IHL will not be a constant as it will depend on the size of any Options. Since ipv4.Encode() now handles the options it becomes a possible source of errors to let the callers set this value, so remove it entirely and calculate the value from the size of the Options if present (or not) therefore guaranteeing a correct value. Fixes #4709 RELNOTES: n/a PiperOrigin-RevId: 341864765
2020-10-31Merge release-20201019.0-115-gdf88f223b (automated)gVisor bot
2020-10-31net/tcpip: connect to unset loopback address has to return EADDRNOTAVAILAndrei Vagin
In the docker container, the ipv6 loopback address is not set, and connect("::1") has to return ENEADDRNOTAVAIL in this case. Without this fix, it returns EHOSTUNREACH. PiperOrigin-RevId: 340002915
2020-10-28Merge release-20201019.0-76-g035b1c827 (automated)gVisor bot
2020-10-27Add support for Timestamp and RecordRoute IP optionsJulian Elischer
IPv4 options extend the size of the IP header and have a basic known format. The framework can process that format without needing to know about every possible option. We can add more code to handle additional option types as we need them. Bad options or mangled option entries can result in ICMP Parameter Problem packets. The first types we support are the Timestamp option and the Record Route option, included in this change. The options are processed at several points in the packet flow within the Network stack, with slightly different requirements. The framework includes a mechanism to control this at each point. Support has been added for such points which are only present in upcoming CLs such as during packet forwarding and fragmentation. With this change, 'ping -R' and 'ping -T' work against gVisor and Fuchsia. $ ping -R 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(124) bytes of data. 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.990 ms NOP RR: 192.168.1.1 192.168.1.2 192.168.1.1 $ ping -T tsprespec 192.168.1.2 192.168.1.1 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(124) bytes of data. 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=1.20 ms TS: 192.168.1.2 71486821 absolute 192.168.1.1 746 Unit tests included for generic options, Timestamp options and Record Route options. PiperOrigin-RevId: 339379076
2020-10-24Merge release-20201019.0-56-g0a035a101 (automated)gVisor bot
2020-10-24Send ICMP error message if IP fragment reassembly failsToshi Kikuchi
Fixes #4427, #4428 PiperOrigin-RevId: 338805047
2020-10-22Merge release-20201019.0-29-g58a3c2d44 (automated)gVisor bot
2020-10-21Add underflow check when calculating the MTUArthur Sfez
Also enforce the minimum MTU for IPv4 and IPv6, and discard packets if the minimum is not met. PiperOrigin-RevId: 338404225
2020-10-13Merge release-20200928.0-105-g51913ba40 (automated)gVisor bot
2020-10-13Correct NA minimum sizeSam Balana
Remove the duplicate NA size variable while I'm here. See https://tools.ietf.org/html/rfc4861#section-4.4 for the packet format. PiperOrigin-RevId: 336943206
2020-10-09Merge release-20200928.0-78-g743327817 (automated)gVisor bot
2020-10-09Merge release-20200928.0-77-g257703c05 (automated)gVisor bot
2020-10-09Automated rollback of changelist 336304024Ghanan Gowripalan
PiperOrigin-RevId: 336339194
2020-10-09Merge release-20200928.0-74-g8566decab (automated)gVisor bot
2020-10-09Automated rollback of changelist 336185457Bhasker Hariharan
PiperOrigin-RevId: 336304024
2020-10-08Merge release-20200928.0-71-g6768e6c59 (automated)gVisor bot
2020-10-08Do not resolve routes immediatelyGhanan Gowripalan
When a response needs to be sent to an incoming packet, the stack should consult its neighbour table to determine the remote address's link address. When an entry does not exist in the stack's neighbor table, the stack should queue the packet while link resolution completes. See comments. PiperOrigin-RevId: 336185457
2020-10-08Merge release-20200928.0-66-ga55bd73d4 (automated)gVisor bot
2020-10-06Merge release-20200928.0-59-g95cac27d0 (automated)gVisor bot
2020-10-06Discard invalid Neighbor SolicitationsPeter Johnston
...per RFC 4861 s7.1.1. PiperOrigin-RevId: 335742851
2020-10-06Merge release-20200928.0-50-g798cc6b04 (automated)gVisor bot
2020-10-05Fix IPv4 ICMP echo handler to copy optionsJulian Elischer
The IPv4 RFCs are specific (though obtuse) that an echo response packet needs to contain all the options from the echo request, much as if it been routed back to the sender, though apparently with a new TTL. They suggest copying the incoming packet header to achieve this so that is what this patch does. PiperOrigin-RevId: 335559176
2020-09-30Merge release-20200921.0-82-g694d6ae32 (automated)gVisor bot
2020-09-30Use the ICMP error response facilityJulian Elischer
Add code in IPv6 to send ICMP packets while processing extension headers. Add some accounting in processing IPV6 Extension headers which allows us to report meaningful information back in ICMP parameter problem packets. IPv4 also needs to send a message when an unsupported protocol is requested. Add some tests to generate both ipv4 and ipv6 packets with various errors and check the responses. Add some new checkers and cleanup some inconsistencies in the messages in that file. Add new error types for the ICMPv4/6 generators. Fix a bug in the ICMPv4 generator that stopped it from generating "Unknown protocol" messages. Updates #2211 PiperOrigin-RevId: 334661716
2020-09-30Merge release-20200921.0-78-g3ef549b67 (automated)gVisor bot
2020-09-29Set transport protocol number during parsingKevin Krakauer
PiperOrigin-RevId: 334535896
2020-09-23Merge release-20200914.0-137-g99decaadd (automated)gVisor bot
2020-09-23Extract ICMP error sender from UDPJulian Elischer
Store transport protocol number on packet buffers for use in ICMP error generation. Updates #2211. PiperOrigin-RevId: 333252762
2020-09-18Merge release-20200907.0-138-g360006d89 (automated)gVisor bot
2020-09-18Use common parsing utilities when sniffingGhanan Gowripalan
Extract parsing utilities so they can be used by the sniffer. Fixes #3930 PiperOrigin-RevId: 332401880
2020-09-13Merge release-20200907.0-38-gb6ca96b9b (automated)gVisor bot
2020-09-12Cap reassembled IPv6 packets at 65535 octetsToshi Kikuchi
IPv4 can accept 65536-octet reassembled packets. Test: - ipv4_test.TestInvalidFragments - ipv4_test.TestReceiveFragments - ipv6.TestInvalidIPv6Fragments - ipv6.TestReceiveIPv6Fragments Fixes #3770 PiperOrigin-RevId: 331382977
2020-08-14Merge release-20200810.0-29-g190634e0f (automated)gVisor bot
2020-08-14Give the ICMP Code its own typeJulian Elischer
This is a preparatory commit for a larger commit working on ICMP generation in error cases. This is removal of technical debt and cleanup in the gvisor code as part of gvisor issue 2211. Updates #2211. PiperOrigin-RevId: 326615389
2020-08-13Merge release-20200810.0-22-gb928d074b (automated)gVisor bot
2020-08-13Ensure TCP TIME-WAIT is not terminated prematurely.Bhasker Hariharan
Netstack's TIME-WAIT state for a TCP socket could be terminated prematurely if the socket entered TIME-WAIT using shutdown(..., SHUT_RDWR) and then was closed using close(). This fixes that bug and updates the tests to verify that Netstack correctly honors TIME-WAIT under such conditions. Fixes #3106 PiperOrigin-RevId: 326456443
2020-08-06Merge release-20200804.0-28-gfc4dd3ef4 (automated)gVisor bot
2020-08-06Join IPv4 all-systems group on NIC enableGhanan Gowripalan
Test: - stack_test.TestJoinLeaveMulticastOnNICEnableDisable - integration_test.TestIncomingMulticastAndBroadcast PiperOrigin-RevId: 325185259
2020-07-23Merge release-20200622.1-198-gfc26b3764 (automated)gVisor bot
2020-07-22make connect(2) fail when dest is unreachableKevin Krakauer
Previously, ICMP destination unreachable datagrams were ignored by TCP endpoints. This caused connect to hang when an intermediate router couldn't find a route to the host. This manifested as a Kokoro error when Docker IPv6 was enabled. The Ruby image test would try to install the sinatra gem and hang indefinitely attempting to use an IPv6 address. Fixes #3079.