summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/header
AgeCommit message (Collapse)Author
2021-10-21Add an integration test for istio like redirect.Bhasker Hariharan
Updates #6441,#6317 PiperOrigin-RevId: 404872327
2021-10-19Always parse Transport headersGhanan Gowripalan
..including ICMP headers before delivering them to the TransportDispatcher. Updates #3810. PiperOrigin-RevId: 404404002
2021-08-19Add loopback interface as an ethernet-based deviceGhanan Gowripalan
...to match Linux behaviour. We can see evidence of Linux representing loopback as an ethernet-based device below: ``` # EUI-48 based MAC addresses. $ ip link show lo 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 # tcpdump showing ethernet frames when sniffing loopback and logging the # link-type as EN10MB (Ethernet). $ sudo tcpdump -i lo -e -c 2 -n tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on lo, link-type EN10MB (Ethernet), snapshot length 262144 bytes 03:09:05.002034 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 66: 127.0.0.1.9557 > 127.0.0.1.36828: Flags [.], ack 3562800815, win 15342, options [nop,nop,TS val 843174495 ecr 843159493], length 0 03:09:05.002094 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 66: 127.0.0.1.36828 > 127.0.0.1.9557: Flags [.], ack 1, win 6160, options [nop,nop,TS val 843174496 ecr 843159493], length 0 2 packets captured 116 packets received by filter 0 packets dropped by kernel ``` Wireshark shows a similar result as the tcpdump example above. Linux's loopback setup: https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/drivers/net/loopback.c#L162 PiperOrigin-RevId: 391836719
2021-06-30Implement fmt.Stringer for NDPRoutePreferenceGhanan Gowripalan
PiperOrigin-RevId: 382427879
2021-06-29Support parsing NDP Route Information optionGhanan Gowripalan
This change prepares for a later change which supports the NDP Route Information option to discover more-specific routes, as per RFC 4191. Updates #6172. PiperOrigin-RevId: 382225812
2021-06-24Incrementally update checksum when NAT-ingGhanan Gowripalan
...instead of calculating a fresh checksum to avoid re-calcalculating a checksum on unchanged bytes. Fixes #5340. PiperOrigin-RevId: 381403888
2021-06-21Use fake clocks in NDP testsGhanan Gowripalan
Updates #5940. PiperOrigin-RevId: 380668609
2021-06-14Support parsing Prf field in RAsGhanan Gowripalan
This change prepares for a later change which actually handles the Prf field in RAs to discover default routers with preference values, as per RFC 4191. Updates #6172. Test: header_test.TestNDPRouterAdvert PiperOrigin-RevId: 379421710
2021-05-28Clean up warningsTamir Duberstein
- Typos - Unused arguments - Useless conversions PiperOrigin-RevId: 376362730
2021-05-26Move presence methods from segment to TCPFlagsTamir Duberstein
PiperOrigin-RevId: 376001032
2021-05-25Use opaque types to represent timeTamir Duberstein
Introduce tcpip.MonotonicTime; replace int64 in tcpip.Clock method returns with time.Time and MonotonicTime to improve type safety and ensure that monotonic clock readings are never compared to wall clock readings. PiperOrigin-RevId: 375775907
2021-05-22Remove detritusTamir Duberstein
- Unused constants - Unused functions - Unused arguments - Unkeyed literals - Unnecessary conversions PiperOrigin-RevId: 375253464
2021-05-13Migrate PacketBuffer to use pkg/bufferTing-Yu Wang
Benchmark iperf3: Before After native->runsc 5.14 5.01 (Gbps) runsc->native 4.15 4.07 (Gbps) It did introduce overhead, mainly at the bridge between pkg/buffer and VectorisedView, the ExtractVV method. Once endpoints start migrating away from VV, this overhead will be gone. Updates #2404 PiperOrigin-RevId: 373651666
2021-04-20Expose header methods that validate checksumsArthur Sfez
This is done for IPv4, UDP and TCP headers. This also changes the packet checkers used in tests to error on zero-checksum, not sure why it was allowed before. And while I'm here, make comments' case consistent. RELNOTES: n/a Fixes #5049 PiperOrigin-RevId: 369383862
2021-04-15Use nicer formatting for IP addresses in testsKevin Krakauer
This was semi-automated -- there are many addresses that were not replaced. Future commits should clean those up. Parse4 and Parse6 were given their own package because //pkg/test can introduce dependency cycles, as it depends transitively on //pkg/tcpip and some other netstack packages. PiperOrigin-RevId: 368726528
2021-04-09Rename IsV6LinkLocalAddress to IsV6LinkLocalUnicastAddressGhanan Gowripalan
To match the V4 variant. PiperOrigin-RevId: 367691981
2021-04-08Do not forward link-local packetsGhanan Gowripalan
As per RFC 3927 section 7 and RFC 4291 section 2.5.6. Test: forward_test.TestMulticastForwarding PiperOrigin-RevId: 367519336
2021-04-08Join all routers group when forwarding is enabledGhanan Gowripalan
See comments inline code for rationale. Test: ip_test.TestJoinLeaveAllRoutersGroup PiperOrigin-RevId: 367449434
2021-04-06Do not perform MLD for certain multicast scopesGhanan Gowripalan
...as per RFC 2710 section 5 page 10. Test: ipv6_test.TestMLDSkipProtocol PiperOrigin-RevId: 367031126
2021-03-16Unexport methods on NDPOptionGhanan Gowripalan
They are not used outside of the header package. PiperOrigin-RevId: 363237708
2021-03-16Detect looped-back NDP DAD messagesGhanan Gowripalan
...as per RFC 7527. If a looped-back DAD message is received, do not fail DAD since our own DAD message does not indicate that a neighbor has the address assigned. Test: ndp_test.TestDADResolveLoopback PiperOrigin-RevId: 363224288
2021-03-09Give TCP flags a dedicated typeZeling Feng
- Implement Stringer for it so that we can improve error messages. - Use TCPFlags through the code base. There used to be a mixed usage of byte, uint8 and int as TCP flags. PiperOrigin-RevId: 361940150
2021-03-03Make dedicated methods for data operations in PacketBufferTing-Yu Wang
One of the preparation to decouple underlying buffer implementation. There are still some methods that tie to VectorisedView, and they will be changed gradually in later CLs. This CL also introduce a new ICMPv6ChecksumParams to replace long list of parameters when calling ICMPv6Checksum, aiming to be more descriptive. PiperOrigin-RevId: 360778149
2021-02-18Validate IGMP packetsArthur Sfez
This change also adds support for Router Alert option processing on incoming packets, a new stat for Router Alert option, and exports all the IP-option related stats. Fixes #5491 PiperOrigin-RevId: 358238123
2021-02-01Refactor HandleControlPacket/SockErrorGhanan Gowripalan
...to remove the need for the transport layer to deduce the type of error it received. Rename HandleControlPacket to HandleError as HandleControlPacket only handles errors. tcpip.SockError now holds a tcpip.SockErrorCause interface that different errors can implement. PiperOrigin-RevId: 354994306
2021-01-28Change tcpip.Error to an interfaceTamir Duberstein
This makes it possible to add data to types that implement tcpip.Error. ErrBadLinkEndpoint is removed as it is unused. PiperOrigin-RevId: 354437314
2021-01-20Change the way the IP options report problemsJulian Elischer
The error messages are not needed or used as these are not processing errors so much as errors to be reported back to the packet sender. Implicitly describe whether each error should generate ICMP packets or not. Most do but there are a couple that do not. Slightly alter some test expectations for Linux compatibility and add a couple more. Improve Linux compatibility on error packet returns. Some cosmetic changes to tests to match the upcoming packet impact version of the same tests. PiperOrigin-RevId: 352889785
2020-12-21Prefer matching labels and longest matching prefixGhanan Gowripalan
...when performing source address selection for IPv6. These are defined in RFC 6724 section 5 rule 6 (prefer matching label) and rule 8 (use longest matching prefix). This change also considers ULA of global scope instead of its own scope, as per RFC 6724 section 3.1: Also, note that ULAs are considered as global, not site-local, scope but are handled via the prefix policy table as discussed in Section 10.6. Test: stack_test.TestIPv6SourceAddressSelectionScope Startblock: has LGTM from peterjohnston and then add reviewer brunodalbo PiperOrigin-RevId: 348580996
2020-12-21Don't modify a packet header when it can be used by other endpointsAndrei Vagin
Reported-by: syzbot+48c43f82fe7738fceae9@syzkaller.appspotmail.com PiperOrigin-RevId: 348540796
2020-12-17[netstack] Implement IP(V6)_RECVERR socket option.Ayush Ranjan
PiperOrigin-RevId: 348055514
2020-12-16Automated rollback of changelist 346565589gVisor bot
PiperOrigin-RevId: 347911316
2020-12-15Validate router alert's data lengthGhanan Gowripalan
RFC 2711 specifies that the router alert's length field is always 2 so we should make sure only 2 bytes are read from a router alert option's data field. Test: header.TestIPv6OptionsExtHdrIterErr PiperOrigin-RevId: 347727876
2020-12-12Introduce IPv6 extension header serialization facilitiesBruno Dal Bo
Adds IPv6 extension header serializer and Hop by Hop options serializer. Add RouterAlert option serializer and use it in MLD. Fixed #4996 Startblock: has LGTM from marinaciocea and then add reviewer ghanan PiperOrigin-RevId: 347174537
2020-12-09Cap UDP payload size to length informed in UDP headerBruno Dal Bo
startblock: has LGTM from peterjohnston and then add reviewer ghanan,tamird PiperOrigin-RevId: 346565589
2020-12-04Introduce IPv4 options serializer and add RouterAlert to IGMPBruno Dal Bo
PiperOrigin-RevId: 345701623
2020-11-25Support listener-side MLDv1Ghanan Gowripalan
...as defined by RFC 2710. Querier (router)-side MLDv1 is not yet supported. The core state machine is shared with IGMPv2. This is guarded behind a flag (ipv6.Options.MLDEnabled). Tests: ip_test.TestMGP* Bug #4861 PiperOrigin-RevId: 344344095
2020-11-24Report correct pointer value for "bad next header" ICMP errorJulian Elischer
Because the code handles a bad header as "payload" right up to the last moment we need to make sure payload handling does not remove the error information. Fixes #4909 PiperOrigin-RevId: 344141690
2020-11-23Use time.Duration for IGMP Max Response Time fieldGhanan Gowripalan
Bug #4682 PiperOrigin-RevId: 343993297
2020-11-19Perform IGMPv2 when joining IPv4 multicast groupsRyan Heacock
Added headers, stats, checksum parsing capabilities from RFC 2236 describing IGMPv2. IGMPv2 state machine is implemented for each condition, sending and receiving IGMP Membership Reports and Leave Group messages with backwards compatibility with IGMPv1 routers. Test: * Implemented igmp header parser and checksum calculator in header/igmp_test.go * ipv4/igmp_test.go tests incoming and outgoing IGMP messages and pathways. * Added unit test coverage for IGMPv2 RFC behavior + IGMPv1 backwards compatibility in ipv4/igmp_test.go. Fixes #4682 PiperOrigin-RevId: 343408809
2020-11-19Add types to parse MLD messagesGhanan Gowripalan
Preparing for upcoming CLs that add MLD functionality. Bug #4861 Test: header.TestMLD PiperOrigin-RevId: 343391556
2020-11-16Clean up fragmentation.ProcessToshi Kikuchi
- Pass a PacketBuffer directly instead of releaseCB - No longer pass a VectorisedView, which is included in the PacketBuffer - Make it an error if data size is not equal to (last - first + 1) - Set the callback for the reassembly timeout on NewFragmentation PiperOrigin-RevId: 342702432
2020-11-13Requested Comment/Message wording changesJulian Elischer
PiperOrigin-RevId: 342366891
2020-11-13Decrement TTL/Hop Limit when forwarding IP packetsGhanan Gowripalan
If the packet must no longer be forwarded because its TTL/Hop Limit reaches 0, send an ICMP Time Exceeded error to the source. Required as per relevant RFCs. See comments in code for RFC references. Fixes #1085 Tests: - ipv4_test.TestForwarding - ipv6.TestForwarding PiperOrigin-RevId: 342323610
2020-11-12Change AllocationSize to SizeWithPadding as requestedJulian Elischer
RELNOTES: n/a PiperOrigin-RevId: 342176296
2020-11-12Pad with a loop rather than a copy from an allocation.Julian Elischer
Add a unit test for ipv4.Encode and a round trip test. PiperOrigin-RevId: 342169517
2020-11-11Teach netstack how to add options to IPv4 packetsJulian Elischer
Most packets don't have options but they are an integral part of the standard. Teaching the ipv4 code how to handle them will simplify future testing and use. Because Options are so rare it is worth making sure that the extra work is kept out of the fast path as much as possible. Prior to this change, all usages of the IHL field of the IPv4Fields/Encode system set it to the same constant value except in a couple of tests for bad values. From this change IHL will not be a constant as it will depend on the size of any Options. Since ipv4.Encode() now handles the options it becomes a possible source of errors to let the callers set this value, so remove it entirely and calculate the value from the size of the Options if present (or not) therefore guaranteeing a correct value. Fixes #4709 RELNOTES: n/a PiperOrigin-RevId: 341864765
2020-10-31net/tcpip: connect to unset loopback address has to return EADDRNOTAVAILAndrei Vagin
In the docker container, the ipv6 loopback address is not set, and connect("::1") has to return ENEADDRNOTAVAIL in this case. Without this fix, it returns EHOSTUNREACH. PiperOrigin-RevId: 340002915
2020-10-27Add support for Timestamp and RecordRoute IP optionsJulian Elischer
IPv4 options extend the size of the IP header and have a basic known format. The framework can process that format without needing to know about every possible option. We can add more code to handle additional option types as we need them. Bad options or mangled option entries can result in ICMP Parameter Problem packets. The first types we support are the Timestamp option and the Record Route option, included in this change. The options are processed at several points in the packet flow within the Network stack, with slightly different requirements. The framework includes a mechanism to control this at each point. Support has been added for such points which are only present in upcoming CLs such as during packet forwarding and fragmentation. With this change, 'ping -R' and 'ping -T' work against gVisor and Fuchsia. $ ping -R 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(124) bytes of data. 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.990 ms NOP RR: 192.168.1.1 192.168.1.2 192.168.1.1 $ ping -T tsprespec 192.168.1.2 192.168.1.1 192.168.1.2 PING 192.168.1.2 (192.168.1.2) 56(124) bytes of data. 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=1.20 ms TS: 192.168.1.2 71486821 absolute 192.168.1.1 746 Unit tests included for generic options, Timestamp options and Record Route options. PiperOrigin-RevId: 339379076
2020-10-24Send ICMP error message if IP fragment reassembly failsToshi Kikuchi
Fixes #4427, #4428 PiperOrigin-RevId: 338805047
2020-10-21Add underflow check when calculating the MTUArthur Sfez
Also enforce the minimum MTU for IPv4 and IPv6, and discard packets if the minimum is not met. PiperOrigin-RevId: 338404225