summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/header
AgeCommit message (Collapse)Author
2020-06-07Merge release-20200522.0-94-g32b823fc (automated)gVisor bot
2020-06-07netstack: parse incoming packet headers up-frontKevin Krakauer
Netstack has traditionally parsed headers on-demand as a packet moves up the stack. This is conceptually simple and convenient, but incompatible with iptables, where headers can be inspected and mangled before even a routing decision is made. This changes header parsing to happen early in the incoming packet path, as soon as the NIC gets the packet from a link endpoint. Even if an invalid packet is found (e.g. a TCP header of insufficient length), the packet is passed up the stack for proper stats bookkeeping. PiperOrigin-RevId: 315179302
2020-05-27Merge release-20200518.0-45-g0bc022b7 (automated)gVisor bot
2020-05-20Test that we have PAWS mechanismZeling Feng
If there is a Timestamps option in the arriving segment and SEG.TSval < TS.Recent and if TS.Recent is valid, then treat the arriving segment as not acceptable: Send an acknowledgement in reply as specified in RFC-793 page 69 and drop the segment. https://tools.ietf.org/html/rfc1323#page-19 PiperOrigin-RevId: 312590678
2020-05-08Merge release-20200422.0-58-g5d7d5ed (automated)gVisor bot
2020-05-08Send ACK to OTW SEQs/unacc ACKs in CLOSE_WAITZeling Feng
This fixed the corresponding packetimpact test. PiperOrigin-RevId: 310593470
2020-05-04Merge release-20200422.0-18-g711439b (automated)gVisor bot
2020-05-01Support for connection tracking of TCP packets.Nayana Bidari
Connection tracking is used to track packets in prerouting and output hooks of iptables. The NAT rules modify the tuples in connections. The connection tracking code modifies the packets by looking at the modified tuples.
2020-04-29Merge release-20200413.0-17-g24abccb (automated)gVisor bot
2020-04-28Internal change.gVisor bot
PiperOrigin-RevId: 308940886
2020-04-28Merge release-20200413.0-15-g37a59bc (automated)gVisor bot
2020-04-28Support IPv6 Privacy Extensions for SLAACGhanan Gowripalan
Support generating temporary (short-lived) IPv6 SLAAC addresses to address privacy concerns outlined in RFC 4941. Tests: - stack_test.TestAutoGenTempAddr - stack_test.TestNoAutoGenTempAddrForLinkLocal - stack_test.TestAutoGenTempAddrRegen - stack_test.TestAutoGenTempAddrRegenTimerUpdates - stack_test.TestNoAutoGenTempAddrWithoutStableAddr - stack_test.TestAutoGenAddrInResponseToDADConflicts PiperOrigin-RevId: 308915566
2020-04-24Merge release-20200323.0-243-gdfff265 (automated)gVisor bot
2020-04-24Add ICMP6 param problem testEyal Soha
Tested: When run on Linux, a correct ICMPv6 response is received. On netstack, no ICMPv6 response is received. PiperOrigin-RevId: 308343113
2020-04-17Merge release-20200323.0-181-g486759a (automated)gVisor bot
2020-04-17Support NDP DNS Search List optionGhanan Gowripalan
Inform the netstack integrator when the netstack receives an NDP Router Advertisement message with the NDP DNS Search List option with at least one domain name. The stack will not maintain any state related to the search list - the integrator is expected to maintain any required state and invalidate domain names after their lifetime expires, or refresh the lifetime when a new one is received for a known domain name. Test: - header_test.TestNDPDNSSearchListOption - header_test.TestNDPDNSSearchListOptionSerialize - header_test.TestNDPSearchListOptionDomainNameLabelInvalidSymbols - header_test.TestNDPOptionsIterCheck - stack_test.TestNDPDNSSearchListDispatch PiperOrigin-RevId: 307109375
2020-04-17Merge release-20200323.0-169-gb33c3bb (automated)gVisor bot
2020-04-16Return detailed errors when iterating NDP optionsGhanan Gowripalan
Test: header_test.TestNDPOptionsIterCheck PiperOrigin-RevId: 306953867
2020-04-08Fix all printf formatting errors.Adin Scannell
Updates #2243
2020-04-07Merge release-20200323.0-80-g6db55a5 (automated)gVisor bot
2020-04-07Require that IPv6 headers be in the first fragmentGhanan Gowripalan
Test: - header_test.TestIPv6ExtHdrIter - ipv6_test.TestReceiveIPv6Fragments Updates #2197, #2333 PiperOrigin-RevId: 305330178
2020-04-03Merge release-20200323.0-61-g4582a2f (automated)gVisor bot
2020-04-02Drop NDP messages with fragment extension headerGhanan Gowripalan
As per RFC 6980 section 5, nodes MUST silently ignore NDP messages if the packet carrying them include an IPv6 Fragmentation Header. Test: ipv6_test.TestNDPValidation PiperOrigin-RevId: 304519379
2020-04-01Merge release-20200323.0-44-gd25036a (automated)gVisor bot
2020-03-31Test receiving multicast packets over UDPEyal Soha
PiperOrigin-RevId: 304098611
2020-03-27Merge release-20200219.0-253-g2a4aff7 (automated)gVisor bot
2020-03-27Support Hop By Hop and Destination Options ext hdrGhanan Gowripalan
Enables handling the Hop by Hop and Destination Options extension headers, but options are not yet supported. All options will be treated as unknown and their respective action will be followed. Note, the stack does not yet support sending ICMPv6 error messages in response to options that cannot be handled/parsed. That will come in a later change (Issue #2211). Tests: - header_test.TestIPv6UnknownExtHdrOption - header_test.TestIPv6OptionsExtHdrIterErr - header_test.TestIPv6OptionsExtHdrIter - ipv6_test.TestReceiveIPv6ExtHdrs PiperOrigin-RevId: 303433085
2020-03-26Merge release-20200219.0-247-gfbe8046 (automated)gVisor bot
2020-03-26Handle IPv6 Fragment & Routing extension headersGhanan Gowripalan
Enables the reassembly of fragmented IPv6 packets and handling of the Routing extension header with a Segments Left value of 0. Atomic fragments are handled as described in RFC 6946 to not interfere with "normal" fragment traffic. No specific routing header type is supported. Note, the stack does not yet support sending ICMPv6 error messages in response to IPv6 packets that cannot be handled/parsed. That will come in a later change (Issue #2211). Test: - header_test.TestIPv6RoutingExtHdr - header_test.TestIPv6FragmentExtHdr - header_test.TestIPv6ExtHdrIterErr - header_test.TestIPv6ExtHdrIter - ipv6_test.TestReceiveIPv6ExtHdrs - ipv6_test.TestReceiveIPv6Fragments RELNOTES: n/a PiperOrigin-RevId: 303189584
2020-03-17Merge release-20200219.0-186-g3192e55 (automated)gVisor bot
2020-03-17Packetimpact in Go with c++ stubEyal Soha
PiperOrigin-RevId: 301382690
2020-03-13Merge release-20200219.0-160-gf693e13 (automated)gVisor bot
2020-03-12Clarify comments about IHL in ipv4.go.Eyal Soha
PiperOrigin-RevId: 300668506
2020-02-25Merge release-20200219.0-41-g5f1f9dd (automated)gVisor bot
2020-02-25Use link-local source address for link-local multicastGhanan Gowripalan
Tests: - header_test.TestIsV6LinkLocalMulticastAddress - header_test.TestScopeForIPv6Address - stack_test.TestIPv6SourceAddressSelectionScopeAndSameAddress PiperOrigin-RevId: 297215576
2020-02-11Merge release-20200127.0-130-g9be46e5 (automated)gVisor bot
2020-01-31Use multicast Ethernet address for multicast NDPGhanan Gowripalan
As per RFC 2464 section 7, an IPv6 packet with a multicast destination address is transmitted to the mapped Ethernet multicast address. Test: - ipv6.TestLinkResolution - stack_test.TestDADResolve - stack_test.TestRouterSolicitation PiperOrigin-RevId: 292610529
2020-01-31Merge release-20200127.0-47-g528dd1e (automated)gVisor bot
2020-01-31Extract multicast IP to Ethernet address mappingGhanan Gowripalan
Test: header.TestEthernetAddressFromMulticastIPAddress PiperOrigin-RevId: 292604649
2020-01-28Merge release-20200115.0-123-gce0bac4 (automated)gVisor bot
2020-01-28Include the NDP Source Link Layer option when sending DAD messagesGhanan Gowripalan
Test: stack_test.TestDADResolve PiperOrigin-RevId: 292003124
2020-01-28Merge release-20200115.0-115-g2a2da5b (automated)gVisor bot
2020-01-27Add a type to represent the NDP Source Link Layer Address optionGhanan Gowripalan
Tests: - header.TestNDPSourceLinkLayerAddressOptionEthernetAddress - header.TestNDPSourceLinkLayerAddressOptionSerialize - header.TestNDPOptionsIterCheck - header.TestNDPOptionsIter PiperOrigin-RevId: 291856429
2020-01-27Merge release-20200115.0-106-gfbfcfcf (automated)gVisor bot
2020-01-27Update ChecksumVVWithoffset to use unrolled version.Bhasker Hariharan
Fixes #1656 PiperOrigin-RevId: 291777279
2020-01-27Standardize on tools directory.Adin Scannell
PiperOrigin-RevId: 291745021
2020-01-27Merge release-20200115.0-102-g6b43cf7 (automated)gVisor bot
2020-01-27Replace calculateChecksum w/ the unrolled version.Bhasker Hariharan
Fixes #1656 PiperOrigin-RevId: 291703760
2020-01-27Merge release-20200115.0-101-g68514d4 (automated)gVisor bot
2020-01-26Unroll checksum computation loop.Bhasker Hariharan
Checksum computation is one of the most expensive bits of packet processing. Manual unrolling of the loop provides significant improvement in checksum speed. Updates #1656 BenchmarkChecksum/checksum_64-12 49834124 23.6 ns/op BenchmarkChecksum/checksum_128-12 27111997 44.1 ns/op BenchmarkChecksum/checksum_256-12 11416683 91.5 ns/op BenchmarkChecksum/checksum_512-12 6375298 174 ns/op BenchmarkChecksum/checksum_1024-12 3403852 338 ns/op BenchmarkChecksum/checksum_1500-12 2343576 493 ns/op BenchmarkChecksum/checksum_2048-12 1730521 656 ns/op BenchmarkChecksum/checksum_4096-12 920469 1327 ns/op BenchmarkChecksum/checksum_8192-12 445885 2637 ns/op BenchmarkChecksum/checksum_16384-12 226342 5268 ns/op BenchmarkChecksum/checksum_32767-12 114210 10503 ns/op BenchmarkChecksum/checksum_32768-12 99138 10610 ns/op BenchmarkChecksum/checksum_65535-12 53438 21158 ns/op BenchmarkChecksum/checksum_65536-12 52993 21067 ns/op BenchmarkUnrolledChecksum/checksum_64-12 61035639 19.1 ns/op BenchmarkUnrolledChecksum/checksum_128-12 36067015 33.6 ns/op BenchmarkUnrolledChecksum/checksum_256-12 19731220 60.4 ns/op BenchmarkUnrolledChecksum/checksum_512-12 9091291 116 ns/op BenchmarkUnrolledChecksum/checksum_1024-12 4976406 226 ns/op BenchmarkUnrolledChecksum/checksum_1500-12 3685224 328 ns/op BenchmarkUnrolledChecksum/checksum_2048-12 2579108 447 ns/op BenchmarkUnrolledChecksum/checksum_4096-12 1350475 887 ns/op BenchmarkUnrolledChecksum/checksum_8192-12 658248 1780 ns/op BenchmarkUnrolledChecksum/checksum_16384-12 335869 3534 ns/op BenchmarkUnrolledChecksum/checksum_32767-12 168650 7095 ns/op BenchmarkUnrolledChecksum/checksum_32768-12 168075 7098 ns/op BenchmarkUnrolledChecksum/checksum_65535-12 75085 14277 ns/op BenchmarkUnrolledChecksum/checksum_65536-12 75921 14127 ns/op PiperOrigin-RevId: 291643290