Age | Commit message (Collapse) | Author |
|
|
|
IPv4 options extend the size of the IP header and have a basic known
format. The framework can process that format without needing to know
about every possible option. We can add more code to handle additional
option types as we need them. Bad options or mangled option entries
can result in ICMP Parameter Problem packets. The first types we
support are the Timestamp option and the Record Route option, included
in this change.
The options are processed at several points in the packet flow within
the Network stack, with slightly different requirements. The framework
includes a mechanism to control this at each point. Support has been
added for such points which are only present in upcoming CLs such as
during packet forwarding and fragmentation.
With this change, 'ping -R' and 'ping -T' work against gVisor and Fuchsia.
$ ping -R 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(124) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.990 ms
NOP
RR: 192.168.1.1
192.168.1.2
192.168.1.1
$ ping -T tsprespec 192.168.1.2 192.168.1.1 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(124) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=1.20 ms
TS: 192.168.1.2 71486821 absolute
192.168.1.1 746
Unit tests included for generic options, Timestamp options
and Record Route options.
PiperOrigin-RevId: 339379076
|
|
...instead of passing its fields piecemeal.
PiperOrigin-RevId: 339345899
|
|
|
|
Fixes #4427, #4428
PiperOrigin-RevId: 338805047
|
|
|
|
Previously, the NIC local address used when completing link resolution
was held in the neighbor entry. A neighbor is not identified by any
NIC local address so remove it.
PiperOrigin-RevId: 338699695
|
|
|
|
Previously a link endpoint was passed to
stack.LinkAddressResolver.LinkAddressRequest. With this change,
implementations that want a route for the link address request may
find one through the stack. Other implementations that want to send
a packet without a route may continue to do so using the network
interface directly.
Test: - arp_test.TestLinkAddressRequest
- ipv6.TestLinkAddressRequest
PiperOrigin-RevId: 338577474
|
|
|
|
Also enforce the minimum MTU for IPv4 and IPv6, and discard packets if the
minimum is not met.
PiperOrigin-RevId: 338404225
|
|
|
|
The IPv4 header checksum has not been checked, at least in recent times,
so add code to do so. Fix all the tests that fail because they never
needed to set the checksum.
Fixes #4484
PiperOrigin-RevId: 337556243
|
|
|
|
Currently, fragmentation can only occur during WritePacket(). This enables
it for WritePackets() and WriteIncludedHeaderPacket() as well.
IPv4 unit tests were refactored to be consistent with the IPv6 unit tests.
This removes the extraHeaderReserveLength field and the related
"prependable bytes" unit tests (for both IPv4 and IPv6) because it was only
testing a panic condition when the value was too low.
Fixes #3796
PiperOrigin-RevId: 337550061
|
|
|
|
Allow writing an IPv6 packet where the IPv6 header is a provided by
the user.
* Introduce an error to let callers know a header is malformed.
We previously useed tcpip.ErrInvalidOptionValue but that did not seem
appropriate for generic malformed header errors.
* Populate network header in WriteHeaderIncludedPacket
IPv4's implementation of WriteHeaderIncludedPacket did not previously
populate the packet buffer's network header. This change fixes that.
Fixes #4527
Test: ip_test.TestWriteHeaderIncludedPacket
PiperOrigin-RevId: 337534548
|
|
|
|
RFC 4861 section 4.4 comments the Target link-layer address option is sometimes
optional in a Neighbor Advertisement packet:
"When responding to a unicast Neighbor Solicitation this option SHOULD be
included."
Tests:
pkg/tcpip/stack:stack_test
- TestEntryStaleToReachableWhenSolicitedConfirmationWithoutAddress
- TestEntryDelayToReachableWhenSolicitedConfirmationWithoutAddress
- TestEntryProbeToReachableWhenSolicitedConfirmationWithoutAddress
pkg/tcpip/network/ipv6:ipv6_test
- TestCallsToNeighborCache
PiperOrigin-RevId: 337396493
|
|
Test helpers should be used for test setup/teardown, not actual
testing. Use cmp.Diff instead of bytes.Equal to improve readability.
PiperOrigin-RevId: 337323242
|
|
|
|
This change also brings back the stack.Route.ResolveWith method so that
we can immediately resolve a route when sending an NA in response to a
a NS with a source link layer address option.
Test: ipv6_test.TestNeighorSolicitationResponse
PiperOrigin-RevId: 337185461
|
|
|
|
Remove the duplicate NA size variable while I'm here.
See https://tools.ietf.org/html/rfc4861#section-4.4 for the packet format.
PiperOrigin-RevId: 336943206
|
|
|
|
Use the correct constant (Solicit, not Advert) while I'm here.
PiperOrigin-RevId: 336924605
|
|
|
|
|
|
PiperOrigin-RevId: 336339194
|
|
|
|
PiperOrigin-RevId: 336304024
|
|
|
|
When a response needs to be sent to an incoming packet, the stack should
consult its neighbour table to determine the remote address's link
address.
When an entry does not exist in the stack's neighbor table, the stack
should queue the packet while link resolution completes. See comments.
PiperOrigin-RevId: 336185457
|
|
|
|
When the neighbor table already has link address for a neighbor but is
trying to confirm reachability, it may send unicast probes to the
neighbor.
PiperOrigin-RevId: 336166711
|
|
|
|
It was originally set to 30s for IPv6 (same as IPv4) but this is not
what RFC 8200 prescibes. Linux also defaults to 60s [1].
[1] https://github.com/torvalds/linux/blob/47ec5303d73ea344e84f46660fff693c57641386/include/net/ipv6.h#L456
PiperOrigin-RevId: 336034636
|
|
|
|
|
|
...per RFC 4861 s7.1.1.
PiperOrigin-RevId: 335742851
|
|
|
|
Most of the IPv4 fragmentation code was moved in the fragmentation
package and it is reused by IPv6 fragmentation.
Test:
- pkg/tcpip/network/ipv4:ipv4_test
- pkg/tcpip/network/ipv6:ipv6_test
- pkg/tcpip/network/fragmentation:fragmentation_test
Fixes #4389
PiperOrigin-RevId: 335714280
|
|
|
|
The IPv4 RFCs are specific (though obtuse) that an echo response
packet needs to contain all the options from the echo request,
much as if it been routed back to the sender, though apparently
with a new TTL. They suggest copying the incoming packet header
to achieve this so that is what this patch does.
PiperOrigin-RevId: 335559176
|
|
|
|
Before this change, OutgoingPacketErrors was incremented in the
stack.Route methods. This was going to be a problem once
IPv4/IPv6 WritePackets support fragmentation because Route.WritePackets
might now know how many packets are left after an error occurs.
Test:
- pkg/tcpip/network/ipv4:ipv4_test
- pkg/tcpip/network/ipv6:ipv6_test
PiperOrigin-RevId: 334687983
|
|
|
|
Add code in IPv6 to send ICMP packets while processing extension headers.
Add some accounting in processing IPV6 Extension headers which
allows us to report meaningful information back in ICMP parameter
problem packets.
IPv4 also needs to send a message when an unsupported protocol
is requested.
Add some tests to generate both ipv4 and ipv6 packets with
various errors and check the responses.
Add some new checkers and cleanup some inconsistencies in
the messages in that file.
Add new error types for the ICMPv4/6 generators.
Fix a bug in the ICMPv4 generator that stopped it from generating
"Unknown protocol" messages.
Updates #2211
PiperOrigin-RevId: 334661716
|
|
|
|
Test: stack_test.TestGetMainNICAddressWhenNICDisabled
PiperOrigin-RevId: 334513286
|