summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/transport
AgeCommit message (Collapse)Author
2021-01-25Unlock tcp endpoint on zero-length atomic writesTamir Duberstein
Rewrite tcp.endpoint.Write to avoid manual locking and unlocking. This should prevent similar mistakes in the future. PiperOrigin-RevId: 353675734
2021-01-22Define tcpip.Payloader in terms of io.ReaderTamir Duberstein
Fixes #1509. PiperOrigin-RevId: 353295589
2021-01-15Remove count argument from tcpip.Endpoint.ReadTamir Duberstein
The same intent can be specified via the io.Writer. PiperOrigin-RevId: 352098747
2021-01-15[rack] Retransmit the probe segment after the probe timer expires.Ayush Ranjan
This change implements TLP details enumerated in https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.5.2. Fixes #5084 PiperOrigin-RevId: 352093473
2021-01-15Populate EgressRoute, GSO, Netproto for batch writesGhanan Gowripalan
We loop over the list of packets anyways so setting these aren't expensive. Now that they are populated only by the link endpoint that uses them, TCP does not need to. PiperOrigin-RevId: 352090853
2021-01-14Remove impossible errorsTamir Duberstein
Commit 25b5ec7 moved link address resolution out of the transport layer; special handling of link address resolution is no longer necessary in tcp. PiperOrigin-RevId: 351839254
2021-01-13Do not resolve remote link address at transport layerGhanan Gowripalan
Link address resolution is performed at the link layer (if required) so we can defer it from the transport layer. When link resolution is required, packets will be queued and sent once link resolution completes. If link resolution fails, the transport layer will receive a control message indicating that the stack failed to route the packet. tcpip.Endpoint.Write no longer returns a channel now that writes do not wait for link resolution at the transport layer. tcpip.ErrNoLinkAddress is no longer used so it is removed. Removed calls to stack.Route.ResolveWith from the transport layer so that link resolution is performed when a route is created in response to an incoming packet (e.g. to complete TCP handshakes or send a RST). Tests: - integration_test.TestForwarding - integration_test.TestTCPLinkResolutionFailure Fixes #4458 RELNOTES: n/a PiperOrigin-RevId: 351684158
2021-01-13Clean up the dummy network interface used by UDP testsArthur Sfez
It is now composed by a NetworkInterface interface which lets us delete the methods we don't need. PiperOrigin-RevId: 351613267
2021-01-13[rack] TLP: Recovery detection.Ayush Ranjan
This change implements TLP details enumerated in https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.6 Fixes #5131 PiperOrigin-RevId: 351558449
2021-01-12Drop TransportEndpointID from HandleControlPacketGhanan Gowripalan
When a control packet is delivered, it is delivered to a transport endpoint with a matching stack.TransportEndpointID so there is no need to pass the ID to the endpoint as it already knows its ID. PiperOrigin-RevId: 351497588
2021-01-12Remove unnecessary closureTamir Duberstein
PiperOrigin-RevId: 351491836
2021-01-12[rack] Set up TLP timer and configure timeout.Ayush Ranjan
This change implements TLP details enumerated in https://tools.ietf.org/html/draft-ietf-tcpm-rack-08#section-7.5.1. Fixes #5083 PiperOrigin-RevId: 351467357
2021-01-12Fix simple mistakes identified by goreportcard.Adin Scannell
These are primarily simplification and lint mistakes. However, minor fixes are also included and tests added where appropriate. PiperOrigin-RevId: 351425971
2021-01-07netstack: Refactor tcpip.Endpoint.ReadTing-Yu Wang
Read now takes a destination io.Writer, count, options. Keeping the method name Read, in contrast to the Write method. This enables: * direct transfer of views under VV * zero copy It also eliminates the need for sentry to keep a slice of view because userspace had requested a read that is smaller than the view returned, removing the complexity there. Read/Peek/ReadPacket are now consolidated together and some duplicate code is removed. PiperOrigin-RevId: 350636322
2021-01-06Support add/remove IPv6 multicast group sock optGhanan Gowripalan
IPv4 was always supported but UDP never supported joining/leaving IPv6 multicast groups via socket options. Add: IPPROTO_IPV6, IPV6_JOIN_GROUP/IPV6_ADD_MEMBERSHIP Remove: IPPROTO_IPV6, IPV6_LEAVE_GROUP/IPV6_DROP_MEMBERSHIP Test: integration_test.TestUDPAddRemoveMembershipSocketOption PiperOrigin-RevId: 350396072
2020-12-22Move SO_BINDTODEVICE to socketops.Nayana Bidari
PiperOrigin-RevId: 348696094
2020-12-22Invoke address resolution upon subsequent traffic to Failed neighborPeter Johnston
Removes the period of time in which subseqeuent traffic to a Failed neighbor immediately fails with ErrNoLinkAddress. A Failed neighbor is one in which address resolution fails; or in other words, the neighbor's IP address cannot be translated to a MAC address. This means removing the Failed state for linkAddrCache and allowing transitiong out of Failed into Incomplete for neighborCache. Previously, both caches would transition entries to Failed after address resolution fails. In this state, any subsequent traffic requested within an unreachable time would immediately fail with ErrNoLinkAddress. This does not follow RFC 4861 section 7.3.3: If address resolution fails, the entry SHOULD be deleted, so that subsequent traffic to that neighbor invokes the next-hop determination procedure again. Invoking next-hop determination at this point ensures that alternate default routers are tried. The API for getting a link address for a given address, whether through the link address cache or the neighbor table, is updated to optionally take a callback which will be called when address resolution completes. This allows `Route` to handle completing link resolution internally, so callers of (*Route).Resolve (e.g. endpoints) don’t have to keep track of when it completes and update the Route accordingly. This change also removes the wakers from LinkAddressCache, NeighborCache, and Route in favor of the callbacks, and callers that previously used a waker can now just pass a callback to (*Route).Resolve that will notify the waker on resolution completion. Fixes #4796 Startblock: has LGTM from sbalana and then add reviewer ghanan PiperOrigin-RevId: 348597478
2020-12-21RLock Endpoint in raw.Endpoint.HandlePacketKevin Krakauer
PiperOrigin-RevId: 348530530
2020-12-17[netstack] Implement IP(V6)_RECVERR socket option.Ayush Ranjan
PiperOrigin-RevId: 348055514
2020-12-16Automated rollback of changelist 346565589gVisor bot
PiperOrigin-RevId: 347911316
2020-12-16Add support to count the number of packets SACKed.Nayana Bidari
sacked_out is required in RACK to check the number of duplicate acknowledgements during updating the reorder window. If there is no reordering and the value for sacked_out is greater than the classic threshold value 3, then reorder window is set to zero. It is calculated by counting the number of segments sacked in the ACK and is reduced when a cumulative ACK is received which covers the SACK blocks. This value is set to zero when the connection enters recovery. PiperOrigin-RevId: 347872246
2020-12-16Ensure correctness of saved receive windowMithun Iyer
When the scaled receive window size > 65535 (max uint16), we advertise the scaled value as 65535, but are not adjusting the saved receive window value when doing so. This would keep our current window calculation logic to be incorrect, as the saved receive window value is different from what was advertised. Fixes #4903 PiperOrigin-RevId: 347771340
2020-12-15Fix error code for connect in raw sockets.Nayana Bidari
PiperOrigin-RevId: 347650354
2020-12-14Move SO_LINGER option to socketops.Nayana Bidari
PiperOrigin-RevId: 347437786
2020-12-14Move SO_ERROR and SO_OOBINLINE option to socketops.Nayana Bidari
SO_OOBINLINE option is set/get as boolean value, which is the same as linux. As we currently do not support disabling this option, we always return it as true. PiperOrigin-RevId: 347413905
2020-12-12Introduce IPv6 extension header serialization facilitiesBruno Dal Bo
Adds IPv6 extension header serializer and Hop by Hop options serializer. Add RouterAlert option serializer and use it in MLD. Fixed #4996 Startblock: has LGTM from marinaciocea and then add reviewer ghanan PiperOrigin-RevId: 347174537
2020-12-11Fix panic when IPv4 address is used in sendmsg for IPv6 socketsNayana Bidari
We do not rely on error for getsockopt options(which have boolean values) anymore. This will cause issue in sendmsg where we used to return error for IPV6_V6Only option. Fix the panic by returning error (for sockets other than TCP and UDP) if the address does not match the type(AF_INET/AF_INET6) of the socket. PiperOrigin-RevId: 347063838
2020-12-11[netstack] Decouple tcpip.ControlMessages from the IP control messges.Ayush Ranjan
tcpip.ControlMessages can not contain Linux specific structures which makes it painful to convert back and forth from Linux to tcpip back to Linux when passing around control messages in hostinet and raw sockets. Now we convert to the Linux version of the control message as soon as we are out of tcpip. PiperOrigin-RevId: 347027065
2020-12-09Add support for IP_RECVORIGDSTADDR IP option.Bhasker Hariharan
Fixes #5004 PiperOrigin-RevId: 346643745
2020-12-09Cap UDP payload size to length informed in UDP headerBruno Dal Bo
startblock: has LGTM from peterjohnston and then add reviewer ghanan,tamird PiperOrigin-RevId: 346565589
2020-12-05Fix zero receive window advertisements.Mithun Iyer
With the recent changes db36d948fa63ce950d94a5e8e9ebc37956543661, we try to balance the receive window advertisements between payload lengths vs segment overhead length. This works fine when segment size are much higher than the overhead, but not otherwise. In cases where the segment length is smaller than the segment overhead, we may end up not advertising zero receive window for long time and end up tail-dropping segments. This is especially pronounced when application socket reads are slow or stopped. In this change we do not grow the right edge of the receive window for smaller segment sizes similar to Linux. Also, we keep track of the socket buffer usage and let the window grow if the application is actively reading data. Fixes #4903 PiperOrigin-RevId: 345832012
2020-12-03Make `stack.Route` thread safePeter Johnston
Currently we rely on the user to take the lock on the endpoint that owns the route, in order to modify it safely. We can instead move `Route.RemoteLinkAddress` under `Route`'s mutex, and allow non-locking and thread-safe access to other fields of `Route`. PiperOrigin-RevId: 345461586
2020-12-03Support partitions for other tests.Adin Scannell
PiperOrigin-RevId: 345399936
2020-12-02Extract ICMPv4/v6 specific stats to their own typesArthur Sfez
This change lets us split the v4 stats from the v6 stats, which will be useful when adding stats for each network endpoint. PiperOrigin-RevId: 345322615
2020-12-02[netstack] Add back EndpointInfo struct in tcp.Ayush Ranjan
This was removed in an earlier commit. This should remain as it allows to add tcp-only state to be exposed. PiperOrigin-RevId: 345246155
2020-11-30Fix deadlock in UDP handleControlPacket path.Bhasker Hariharan
Fixing the sendto deadlock exposed yet another deadlock where a lock inversion occurs on the handleControlPacket path where e.mu and demuxer.epsByNIC.mu are acquired in reverse order from say when RegisterTransportEndpoint is called in endpoint.Connect(). This fix sidesteps the issue by just making endpoint.state an atomic and gets rid of the need to acquire e.mu in e.HandleControlPacket. PiperOrigin-RevId: 344939895
2020-11-26[netstack] Add SOL_TCP options to SocketOptions.Ayush Ranjan
Ports the following options: - TCP_NODELAY - TCP_CORK - TCP_QUICKACK Also deletes the {Get/Set}SockOptBool interface methods from all implementations PiperOrigin-RevId: 344378824
2020-11-25[netstack] Add SOL_IP and SOL_IPV6 options to SocketOptions.Ayush Ranjan
We will use SocketOptions for all kinds of options, not just SOL_SOCKET options because (1) it is consistent with Linux which defines all option variables on the top level socket struct, (2) avoid code complexity. Appropriate checks have been added for matching option level to the endpoint type. Ported the following options to this new utility: - IP_MULTICAST_LOOP - IP_RECVTOS - IPV6_RECVTCLASS - IP_PKTINFO - IP_HDRINCL - IPV6_V6ONLY Changes in behavior (these are consistent with what Linux does AFAICT): - Now IP_MULTICAST_LOOP can be set for TCP (earlier it was a noop) but does not affect the endpoint itself. - We can now getsockopt IP_HDRINCL (earlier we would get an error). - Now we return ErrUnknownProtocolOption if SOL_IP or SOL_IPV6 options are used on unix sockets. - Now we return ErrUnknownProtocolOption if SOL_IPV6 options are used on non AF_INET6 endpoints. This change additionally makes the following modifications: - Add State() uint32 to commonEndpoint because both tcpip.Endpoint and transport.Endpoint interfaces have it. It proves to be quite useful. - Gets rid of SocketOptionsHandler.IsListening(). It was an anomaly as it was not a handler. It is now implemented on netstack itself. - Gets rid of tcp.endpoint.EndpointInfo and directly embeds stack.TransportEndpointInfo. There was an unnecessary level of embedding which served no purpose. - Removes some checks dual_stack_test.go that used the errors from GetSockOptBool(tcpip.V6OnlyOption) to confirm some state. This is not consistent with the new design and also seemed to be testing the implementation instead of behavior. PiperOrigin-RevId: 344354051
2020-11-25Make stack.Route safe to access concurrentlyGhanan Gowripalan
Multiple goroutines may use the same stack.Route concurrently so the stack.Route should make sure that any functions called on it are thread-safe. Fixes #4073 PiperOrigin-RevId: 344320491
2020-11-19Perform IGMPv2 when joining IPv4 multicast groupsRyan Heacock
Added headers, stats, checksum parsing capabilities from RFC 2236 describing IGMPv2. IGMPv2 state machine is implemented for each condition, sending and receiving IGMP Membership Reports and Leave Group messages with backwards compatibility with IGMPv1 routers. Test: * Implemented igmp header parser and checksum calculator in header/igmp_test.go * ipv4/igmp_test.go tests incoming and outgoing IGMP messages and pathways. * Added unit test coverage for IGMPv2 RFC behavior + IGMPv1 backwards compatibility in ipv4/igmp_test.go. Fixes #4682 PiperOrigin-RevId: 343408809
2020-11-19Require sync.Mutex to lock and unlock from the same goroutineMichael Pratt
We would like to track locks ordering to detect ordering violations. Detecting violations is much simpler if mutexes must be unlocked by the same goroutine that locked them. Thus, as a first step to tracking lock ordering, add this lock/unlock requirement to gVisor's sync.Mutex. This is more strict than the Go standard library's sync.Mutex, but initial testing indicates only a single lock that is used across goroutines. The new sync.CrossGoroutineMutex relaxes the requirement (but will not provide lock order checking). Due to the additional overhead, enforcement is only enabled with the "checklocks" build tag. Build with this tag using: bazel build --define=gotags=checklocks ... From my spot-checking, this has no changed inlining properties when disabled. Updates #4804 PiperOrigin-RevId: 343370200
2020-11-18[netstack] Move SO_KEEPALIVE and SO_ACCEPTCONN option to SocketOptions.Ayush Ranjan
PiperOrigin-RevId: 343217712
2020-11-18[netstack] Move SO_REUSEPORT and SO_REUSEADDR option to SocketOptions.Ayush Ranjan
This changes also introduces: - `SocketOptionsHandler` interface which can be implemented by endpoints to handle endpoint specific behavior on SetSockOpt. This is analogous to what Linux does. - `DefaultSocketOptionsHandler` which is a default implementation of the above. This is embedded in all endpoints so that we don't have to uselessly implement empty functions. Endpoints with specific behavior can override the embedded method by manually defining its own implementation. PiperOrigin-RevId: 343158301
2020-11-18Automated rollback of changelist 342700744Nayana Bidari
PiperOrigin-RevId: 343152780
2020-11-18[netstack] Move SO_NO_CHECK option to SocketOptions.Ayush Ranjan
PiperOrigin-RevId: 343146856
2020-11-18Fix loopback subnet routing errorGhanan Gowripalan
Packets should be properly routed when sending packets to addresses in the loopback subnet which are not explicitly assigned to the loopback interface. Tests: - integration_test.TestLoopbackAcceptAllInSubnetUDP - integration_test.TestLoopbackAcceptAllInSubnetTCP PiperOrigin-RevId: 343135643
2020-11-18[netstack] Move SO_PASSCRED option to SocketOptions.Ayush Ranjan
This change also makes the following fixes: - Make SocketOptions use atomic operations instead of having to acquire/drop locks upon each get/set option. - Make documentation more consistent. - Remove tcpip.SocketOptions from socketOpsCommon because it already exists in transport.Endpoint. - Refactors get/set socket options tests to be easily extendable. PiperOrigin-RevId: 343103780
2020-11-17Fix endpoint.Read() when endpoint is in StateError.Bhasker Hariharan
If the endpoint is in StateError but e.hardErrorLocked() returns nil then return ErrClosedForRecieve. This can happen if a concurrent write on the same endpoint was in progress when the endpoint transitioned to an error state. PiperOrigin-RevId: 343018257
2020-11-17Fix possible deadlock in UDP.Write().Bhasker Hariharan
In UDP endpoint.Write() sendUDP is called with e.mu Rlocked. But if this happens to send a datagram over loopback which ends up generating an ICMP response of say ErrNoPortReachable, the handling of the response in HandleControlPacket also acquires e.mu using RLock. This is mostly fine unless there is a competing caller trying to acquire e.mu in exclusive mode using Lock(). This will deadlock as a caller waiting in Lock() disallows an new RLocks() to ensure it can actually acquire the Lock. This is documented here https://golang.org/pkg/sync/#RWMutex. This change releases the endpoint mutex before calling sendUDP to resolve the possibility of the deadlock. Reported-by: syzbot+537989797548c66e8ee3@syzkaller.appspotmail.com Reported-by: syzbot+eb0b73b4ab486f7673ba@syzkaller.appspotmail.com PiperOrigin-RevId: 342894148
2020-11-17Fix SO_ERROR behavior for TCP in gVisor.Bhasker Hariharan
Fixes the behaviour of SO_ERROR for tcp sockets where in linux it returns sk->sk_err and if sk->sk_err is 0 then it returns sk->sk_soft_err. In gVisor TCP we endpoint.HardError is the equivalent of sk->sk_err and endpoint.LastError holds soft errors. This change brings this into alignment with Linux such that both hard/soft errors are cleared when retrieved using getsockopt(.. SO_ERROR) is called on a socket. Fixes #3812 PiperOrigin-RevId: 342868552