gvisor - Container Runtime Sandbox

Age	Commit message (Collapse)	Author
2021-09-21	WIP: GRE	Mikael Magnusson

2021-09-20	Support getsockname for packet sockets	Ghanan Gowripalan
	Updates #6621 PiperOrigin-RevId: 397898852
2021-09-20	Do not allow unbinding network protocol	Ghanan Gowripalan
	Once a packet socket is bound to a network protocol, it cannot be unbound from that protocol; the network protocol binding may only be updated to a different network protocol. To comply with Linux. PiperOrigin-RevId: 397810878
2021-09-19	Support IPV6_RECVPKTINFO on UDP sockets	Ghanan Gowripalan
	PiperOrigin-RevId: 397631833
2021-09-18	Avoid ambient clock on ICMP Rate Limiter	Bruno Dal Bo
	PiperOrigin-RevId: 397496920
2021-09-17	Allow rebinding packet socket protocol	Ghanan Gowripalan
	...to change the network protocol a packet socket may receive packets from. This CL is a portion of an originally larger CL that was split with https://github.com/google/gvisor/commit/a8ad692fd36cbaf7f5a6b9af39d601053dbee338 being the dependent CL. That CL (accidentally) included the change in the endpoint's `afterLoad` method to take the required lock when accessing the endpoint's netProto field. That change should have been in this CL. The CL that made the change mentioned in the commit message is cl/396946187. PiperOrigin-RevId: 397412582
2021-09-17	Fix lock ordering violation	Ghanan Gowripalan
	This fixes a lock ordering violations introduced in https://github.com/google/gvisor/commit/ae3bd32011889fe59bb89946532dd7ee14973696 and https://github.com/google/gvisor/commit/477d7e5e10378e2f80f21ac9f536d12c4b94d7ce when connecting/binding sockets races with handling of packets/errors as the connect/bind path takes the transport/internal/network.Endpoint.mu lock before taking stack.endpointsByNIC.mu but the locks are taken in the reverse order when handling packets/errors. The fix is to revert the change to use a lock instead of atomics in https://github.com/google/gvisor/commit/477d7e5e10378e2f80f21ac9f536d12c4b94d7ce and introduce a new lock protecting only the endpoint info in transport/internal/network.Endpoint. ``` goroutine 60 [semacquire]: sync.runtime_Semacquire(0x62c957) go/gc/src/runtime/sema.go:56 +0x25 gvisor/pkg/sync/sync.(CrossGoroutineRWMutex).RLock(0xc0006c4870) gvisor/pkg/sync/rwmutex_unsafe.go:76 +0x57 gvisor/pkg/sync/sync.(RWMutex).RLock(...) gvisor/pkg/sync/rwmutex_unsafe.go:254 gvisor/pkg/tcpip/transport/internal/network/network.(Endpoint).State(0xc0006c4858) gvisor/pkg/tcpip/transport/internal/network/endpoint.go:123 +0x3c gvisor/pkg/tcpip/transport/udp/udp.(endpoint).HandleError(0xc0006c4840, {0x1c3a418, 0x2847498}, 0xc0006bdeea) gvisor/pkg/tcpip/transport/udp/endpoint.go:983 +0x5c gvisor/pkg/tcpip/stack/stack.(endpointsByNIC).handleError(0xc00003dd70, 0xc0000f08c0, {0x75e1, {0xc0005da110, 0x10}, 0xdeea, {0xc0005da120, 0x10}}, {0x1c3a418, 0x2847498}, ...) gvisor/pkg/tcpip/stack/transport_demuxer.go:203 +0x254 gvisor/pkg/tcpip/stack/stack.(transportDemuxer).deliverError(0xc00047c588, 0xc000688ca8, 0x86dd, 0x11, {0x1c3a418, 0x2847498}, 0xdf2345, {0x75e1, {0xc0005da110, 0x10}, ...}) gvisor/pkg/tcpip/stack/transport_demuxer.go:631 +0x205 gvisor/pkg/tcpip/stack/stack.(nic).DeliverTransportError(0xc0000f08c0, {0xc0005da110, 0x10}, {0xc0005da120, 0x10}, 0x62c985, 0x0, {0x1c3a418, 0x2847498}, 0xc000299000) gvisor/pkg/tcpip/stack/nic.go:922 +0x253 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).handleControl(0xc00045d000, {0x1c3a418, 0x2847498}, 0xc000299000) gvisor/pkg/tcpip/network/ipv6/icmp.go:209 +0x3ac gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).handleICMP(0xc00045d000, 0xc000299000, 0x0, 0x10) gvisor/pkg/tcpip/network/ipv6/icmp.go:353 +0x96c gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).processExtensionHeaders(0xc00045d000, {0xc0005b7f0e, 0x28, 0x30}, 0xc000299000, 0x0) gvisor/pkg/tcpip/network/ipv6/ipv6.go:1554 +0x849 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).handleValidatedPacket(0xc00045d000, {0xc0005b7f0e, 0x28, 0x2b206370203a3033}, 0xc000299000, {0x18baf5d, 0x2}) gvisor/pkg/tcpip/network/ipv6/ipv6.go:1191 +0x396 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).HandlePacket(0xc00045d000, 0xc000031310) gvisor/pkg/tcpip/network/ipv6/ipv6.go:1107 +0x538 gvisor/pkg/tcpip/stack/stack.(nic).DeliverNetworkPacket(0xc0000f08c0, {0x0, 0xc000688c38}, {0xc0005da09a, 0x6}, 0x86dd, 0xc000299000) gvisor/pkg/tcpip/stack/nic.go:779 +0x3fd gvisor/pkg/tcpip/link/nested/nested.(Endpoint).DeliverNetworkPacket(0xc0003d1f10, {0xc0005da08a, 0x6}, {0xc0005da09a, 0x6}, 0x62c985, 0x962610) gvisor/pkg/tcpip/link/nested/nested.go:59 +0xd1 gvisor/pkg/tcpip/link/sniffer/sniffer.(endpoint).DeliverNetworkPacket(0xc0003d1f10, {0xc0005da08a, 0x6}, {0xc0005da09a, 0x6}, 0x610f56, 0x6) gvisor/pkg/tcpip/link/sniffer/sniffer.go:140 +0x87 gvisor/pkg/tcpip/link/nested/nested.(Endpoint).DeliverNetworkPacket(0xc0005200f0, {0xc0005da08a, 0x6}, {0xc0005da09a, 0x6}, 0x397800, 0x200) gvisor/pkg/tcpip/link/nested/nested.go:59 +0xd1 gvisor/pkg/tcpip/link/ethernet/ethernet.(Endpoint).DeliverNetworkPacket(0xc0005200f0, {0xc0005032c0, 0x4}, {0x4, 0x26e}, 0x60d600, 0x6) gvisor/pkg/tcpip/link/ethernet/ethernet.go:63 +0x1ad gvisor/pkg/tcpip/link/loopback/loopback.(endpoint).WriteRawPacket(0xc00019a540, 0xc000298f00) gvisor/pkg/tcpip/link/loopback/loopback.go:107 +0x191 gvisor/pkg/tcpip/link/loopback/loopback.(endpoint).WritePacket(0x62c985, {{{0xc0005da060, 0x10}, {0xc0005da070, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/link/loopback/loopback.go:80 +0x37 gvisor/pkg/tcpip/link/nested/nested.(Endpoint).WritePacket(...) gvisor/pkg/tcpip/link/nested/nested.go:107 gvisor/pkg/tcpip/link/ethernet/ethernet.(Endpoint).WritePacket(0xc0005200f0, {{{0xc0005da060, 0x10}, {0xc0005da070, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/link/ethernet/ethernet.go:78 +0x142 gvisor/pkg/tcpip/link/nested/nested.(Endpoint).WritePacket(...) gvisor/pkg/tcpip/link/nested/nested.go:107 gvisor/pkg/tcpip/link/sniffer/sniffer.(endpoint).WritePacket(0xc0003d1f10, {{{0xc0005da060, 0x10}, {0xc0005da070, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/link/sniffer/sniffer.go:169 +0x108 gvisor/pkg/tcpip/stack/stack.(nic).writePacket(0xc0000f08c0, {{{0xc0005da060, 0x10}, {0xc0005da070, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/stack/nic.go:380 +0x264 gvisor/pkg/tcpip/stack/stack.(nic).writePacketBuffer(0xc0006c3540, {{{0xc0005da060, 0x10}, {0xc0005da070, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/stack/nic.go:324 +0xec gvisor/pkg/tcpip/stack/stack.(nic).enqueuePacketBuffer(0xc0000f08c0, 0x62c985, 0xfc2c55, {0x1bfdac0, 0xc000298f00}) gvisor/pkg/tcpip/stack/nic.go:339 +0x234 gvisor/pkg/tcpip/stack/stack.(nic).WritePacket(0xc000298f00, 0xffd8, 0x41a000, 0x4) gvisor/pkg/tcpip/stack/nic.go:317 +0x50 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).writePacket(0xc00045d000, 0xc0006c3540, 0xc000298f00, 0x3, 0x0) gvisor/pkg/tcpip/network/ipv6/ipv6.go:823 +0x427 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).WritePacket(0xc00045d000, 0xc0006c3540, {0x86dd, 0x0, 0x0}, 0xc000298f00) gvisor/pkg/tcpip/network/ipv6/ipv6.go:774 +0x2db gvisor/pkg/tcpip/stack/stack.(Route).WritePacket(0xc0006c3540, {0x37a9f0, 0xc0, 0x0}, 0x86dd) gvisor/pkg/tcpip/stack/route.go:462 +0xe4 gvisor/pkg/tcpip/network/ipv6/ipv6.(protocol).returnError(0xc000298400, {0x1c253e8, 0x2847498}, 0xc000298e00) gvisor/pkg/tcpip/network/ipv6/icmp.go:1277 +0x15f8 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).processExtensionHeaders(0xc00045d000, {0xc0005b7ece, 0x28, 0x30}, 0xc000298e00, 0x0) gvisor/pkg/tcpip/network/ipv6/ipv6.go:1565 +0x12e5 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).handleValidatedPacket(0xc00045d000, {0xc0005b7ece, 0x28, 0x0}, 0xc000298e00, {0x18baf5d, 0x2}) gvisor/pkg/tcpip/network/ipv6/ipv6.go:1191 +0x396 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).HandlePacket(0xc00045d000, 0xc0003df610) gvisor/pkg/tcpip/network/ipv6/ipv6.go:1107 +0x538 gvisor/pkg/tcpip/stack/stack.(nic).DeliverNetworkPacket(0xc0000f08c0, {0x0, 0xc000688838}, {0xc000663fea, 0x6}, 0x86dd, 0xc000298e00) gvisor/pkg/tcpip/stack/nic.go:779 +0x3fd gvisor/pkg/tcpip/link/nested/nested.(Endpoint).DeliverNetworkPacket(0xc0003d1f10, {0xc000663fda, 0x6}, {0xc000663fea, 0x6}, 0x62c985, 0x962610) gvisor/pkg/tcpip/link/nested/nested.go:59 +0xd1 gvisor/pkg/tcpip/link/sniffer/sniffer.(endpoint).DeliverNetworkPacket(0xc0003d1f10, {0xc000663fda, 0x6}, {0xc000663fea, 0x6}, 0x610f56, 0x6) gvisor/pkg/tcpip/link/sniffer/sniffer.go:140 +0x87 gvisor/pkg/tcpip/link/nested/nested.(Endpoint).DeliverNetworkPacket(0xc0005200f0, {0xc000663fda, 0x6}, {0xc000663fea, 0x6}, 0x397800, 0x200) gvisor/pkg/tcpip/link/nested/nested.go:59 +0xd1 gvisor/pkg/tcpip/link/ethernet/ethernet.(Endpoint).DeliverNetworkPacket(0xc0005200f0, {0xc00003dec0, 0x2}, {0x2, 0x23e}, 0x60d600, 0x6) gvisor/pkg/tcpip/link/ethernet/ethernet.go:63 +0x1ad gvisor/pkg/tcpip/link/loopback/loopback.(endpoint).WriteRawPacket(0xc00019a540, 0xc000298d00) gvisor/pkg/tcpip/link/loopback/loopback.go:107 +0x191 gvisor/pkg/tcpip/link/loopback/loopback.(endpoint).WritePacket(0x62c985, {{{0xc000663fa0, 0x10}, {0xc000378f40, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/link/loopback/loopback.go:80 +0x37 gvisor/pkg/tcpip/link/nested/nested.(Endpoint).WritePacket(...) gvisor/pkg/tcpip/link/nested/nested.go:107 gvisor/pkg/tcpip/link/ethernet/ethernet.(Endpoint).WritePacket(0xc0005200f0, {{{0xc000663fa0, 0x10}, {0xc000378f40, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/link/ethernet/ethernet.go:78 +0x142 gvisor/pkg/tcpip/link/nested/nested.(Endpoint).WritePacket(...) gvisor/pkg/tcpip/link/nested/nested.go:107 gvisor/pkg/tcpip/link/sniffer/sniffer.(endpoint).WritePacket(0xc0003d1f10, {{{0xc000663fa0, 0x10}, {0xc000378f40, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/link/sniffer/sniffer.go:169 +0x108 gvisor/pkg/tcpip/stack/stack.(nic).writePacket(0xc0000f08c0, {{{0xc000663fa0, 0x10}, {0xc000378f40, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/stack/nic.go:380 +0x264 gvisor/pkg/tcpip/stack/stack.(nic).writePacketBuffer(0xc0006c2fa0, {{{0xc000663fa0, 0x10}, {0xc000378f40, 0x10}, {0x1bf6590, 0x6}, {0x0, 0x0}, 0x86dd, ...}, ...}, ...) gvisor/pkg/tcpip/stack/nic.go:324 +0xec gvisor/pkg/tcpip/stack/stack.(nic).enqueuePacketBuffer(0xc0000f08c0, 0x62c985, 0xfc2c55, {0x1bfdac0, 0xc000298d00}) gvisor/pkg/tcpip/stack/nic.go:339 +0x234 gvisor/pkg/tcpip/stack/stack.(nic).WritePacket(0xc000298d00, 0xffd8, 0x41a000, 0x4) gvisor/pkg/tcpip/stack/nic.go:317 +0x50 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).writePacket(0xc00045d000, 0xc0006c2fa0, 0xc000298d00, 0x3, 0x0) gvisor/pkg/tcpip/network/ipv6/ipv6.go:823 +0x427 gvisor/pkg/tcpip/network/ipv6/ipv6.(endpoint).WritePacket(0xc00045d000, 0xc0006c2fa0, {0x86dd, 0x0, 0x0}, 0xc000298d00) gvisor/pkg/tcpip/network/ipv6/ipv6.go:774 +0x2db gvisor/pkg/tcpip/stack/stack.(Route).WritePacket(0xc0006c2fa0, {0x2080000, 0xea, 0xde}, 0x6) gvisor/pkg/tcpip/stack/route.go:462 +0xe4 gvisor/pkg/tcpip/transport/internal/network/network.(WriteContext).WritePacket(0xc0003e05e0, 0xc000298d00, 0x0) gvisor/pkg/tcpip/transport/internal/network/endpoint.go:212 +0x154 gvisor/pkg/tcpip/transport/udp/udp.(endpoint).write(0xc0006c4840, {0x1c23ad0, 0xc0006cfd60}, {0xc0002ecf00, 0xf0, 0xdb, 0x3}) gvisor/pkg/tcpip/transport/udp/endpoint.go:457 +0x74c gvisor/pkg/tcpip/transport/udp/udp.(endpoint).Write(0xc0006c4840, {0x1c23ad0, 0xc0006cfd60}, {0xc0002ecf00, 0x85, 0xc9, 0x62}) gvisor/pkg/tcpip/transport/udp/endpoint.go:323 +0x74 goroutine 133 [semacquire]: sync.runtime_Semacquire(0xc00003dd70) go/gc/src/runtime/sema.go:56 +0x25 gvisor/pkg/sync/sync.(CrossGoroutineRWMutex).Lock(0xc00003dd70) gvisor/pkg/sync/rwmutex_unsafe.go:151 +0x79 gvisor/pkg/sync/sync.(RWMutex).Lock(...) gvisor/pkg/sync/rwmutex_unsafe.go:286 gvisor/pkg/tcpip/stack/stack.(endpointsByNIC).unregisterEndpoint(0xc00003dd70, 0x37a300, {0x1c3a558, 0xc0006c4840}, {0x0, 0x0, 0x0}) gvisor/pkg/tcpip/stack/transport_demuxer.go:246 +0x72 gvisor/pkg/tcpip/stack/stack.(transportEndpoints).unregisterEndpoint(0xc0004b3f40, {0x75e1, {0x0, 0x0}, 0x0, {0x0, 0x0}}, {0x1c3a558, 0xc0006c4840}, {0x0, ...}, ...) gvisor/pkg/tcpip/stack/transport_demuxer.go:52 +0x193 gvisor/pkg/tcpip/stack/stack.(transportDemuxer).unregisterEndpoint(0xc00047c588, {0xc000663fc8, 0x2, 0x0}, 0x11, {0x75e1, {0x0, 0x0}, 0x0, {0x0, ...}}, ...) gvisor/pkg/tcpip/stack/transport_demuxer.go:527 +0x1d4 gvisor/pkg/tcpip/stack/stack.(Stack).UnregisterTransportEndpoint(...) gvisor/pkg/tcpip/stack/stack.go:1417 gvisor/pkg/tcpip/transport/udp/udp.(endpoint).Connect.func1(0x86dd, {0x75e1, {0x0, 0x0}, 0x0, {0x0, 0x0}}, {0x75e1, {0x0, 0x0}, ...}) gvisor/pkg/tcpip/transport/udp/endpoint.go:619 +0x433 gvisor/pkg/tcpip/transport/internal/network/network.(Endpoint).ConnectAndThen(0xc0006c4858, {0x0, {0xc000144270, 0xa0000eade88c0}, 0xabc5}, 0xc000353518) gvisor/pkg/tcpip/transport/internal/network/endpoint.go:408 +0x3cc gvisor/pkg/tcpip/transport/udp/udp.(endpoint).Connect(0xc0006c4840, {0x37b9e0, {0xc000144270, 0xc000328a80}, 0xc1a0}) gvisor/pkg/tcpip/transport/udp/endpoint.go:593 +0x149 ``` PiperOrigin-RevId: 397412256
2021-09-16	Don't allow binding to broadcast on ICMP sockets	Ghanan Gowripalan
	...to match Linux behaviour. Fixes #5711. PiperOrigin-RevId: 397132671
2021-09-15	Annotate checklocks on mutex protected fields	Ghanan Gowripalan
	...to catch lock-related bugs in nogo tests. Also update the endpoint's state field to be accessed while the mutex is held instead of requiring atomic operations as nothing needs to call the State method while the mutex is held. Updates #6566. PiperOrigin-RevId: 397010316
2021-09-15	Annotate checklocks on mutex protected fields	Ghanan Gowripalan
	...to catch lock-related bugs in nogo tests. This change also disables/enables packet reception before/after save/restore with a flag that is protected by rcvMu instead of mu. Updates #6566. PiperOrigin-RevId: 396946187
2021-09-15	Pass address properties in a single struct	Tony Gong
	Replaced the current AddAddressWithOptions method with AddAddressWithProperties which passes all address properties in a single AddressProperties type. More properties that need to be configured in the future are expected, so adding a type makes adding them easier. PiperOrigin-RevId: 396930729
2021-09-14	Compose raw IP with datagram-based endpoint	Ghanan Gowripalan
	A raw IP endpoint's write and socket option get/set path can use the datagram-based endpoint. This change extracts tests from UDP that may also run on Raw IP sockets. Updates #6565. Test: Raw IP + datagram-based socket syscall tests. PiperOrigin-RevId: 396729727
2021-09-14	Explicitly bind endpoint to a NIC	Ghanan Gowripalan
	Previously, any time a datagram-based network endpoint (e.g. UDP) was bound, the bound NIC is always set based on the bound address (if specified). However, we should only consider the endpoint bound to an NIC if a NIC was explicitly bound to. If an endpoint has been bound to an address and attempts to send packets to an unconnected remote, the endpoint will default to sending packets through the bound address' NIC if not explicitly bound to a NIC. Updates #6565. PiperOrigin-RevId: 396712415
2021-09-14	Defer mutex unlocking	Ghanan Gowripalan
	PiperOrigin-RevId: 396670516
2021-09-13	Accept packets destined to bound address	Ghanan Gowripalan
	...if bound to an address. We previously checked the source of a packet instead of the destination of a packet when bound to an address. PiperOrigin-RevId: 396497647
2021-09-13	Separate IPv4 ToS & IPv6 TClass in dgram endpoint	Ghanan Gowripalan
	Setting the ToS for IPv4 packets (SOL_IP, IP_TOS) should not affect the Traffic Class of IPv6 packets (SOL_IPV6, IPV6_TCLASS). Also only return the ToS value XOR Traffic Class as a packet cannot be both an IPv4 and an IPv6 packet; It is invalid to return both the IPv4 ToS and IPv6 Traffic Class control messages when reading packets. Updates #6389. PiperOrigin-RevId: 396399096
2021-09-09	Remove linux-compat loopback hacks from packet endpoint	Ghanan Gowripalan
	Previously, gVisor did not represent loopback devices as an ethernet device as Linux does. To maintain Linux API compatibility for packet sockets, a workaround was used to add an ethernet header if a link header was not already present in the packet buffer delivered to a packet endpoint. However, this workaround is a bug for non-ethernet based interfaces; not all links use an ethernet header (e.g. pure L3/TUN interfaces). As of 3b4bb947517d0d9010120aaa1c3989fd6abf278e, gVisor represents loopback devices as an ethernet-based device so this workaround can now be removed. BUG: https://fxbug.dev/81592 Updates #6530, #6531. PiperOrigin-RevId: 395819151
2021-09-07	Remove protocolMainLoop unused return value	Arthur Sfez
	PiperOrigin-RevId: 395325998
2021-09-01	Support sending with packet sockets	Ghanan Gowripalan
	...through the loopback interface, only. This change only supports sending on packet sockets through the loopback interface as the loopback interface is the only interface used in packet socket syscall tests - the other link endpoints are not excercised with the existing test infrastructure. Support for sending on packet sockets through the other interfaces will be added as needed. BUG: https://fxbug.dev/81592 PiperOrigin-RevId: 394368899
2021-09-01	Out-of-order segment should not block in-sequence segments.	Bhasker Hariharan
	For a small receive buffer the first out-of-order segment will get accepted and fill up the receive buffer today. This change now includes the size of the out-of-order segment when checking whether to queue the out of order segment or not. PiperOrigin-RevId: 394351309
2021-09-01	Extract network datagram endpoint common facilities	Ghanan Gowripalan
	...from the UDP endpoint. Datagram-based transport endpoints (e.g. UDP, RAW IP) can share a lot of their write path due to the datagram-based nature of these endpoints. Extract the common facilities from UDP so they can be shared with other transport endpoints (in a later change). Test: UDP syscall tests. PiperOrigin-RevId: 394347774
2021-08-30	Avoid pseudo endpoint for TSVal generation	Zeling Feng
	PiperOrigin-RevId: 393808461
2021-08-26	Centralize TCP timestamp logic	Tamir Duberstein
	Remove freestanding functions that convert time values to raw integers; centralize time->uint32 logic in methods on tcp.endpoint. Importantly, the knowledge that TSVal is in milliseconds now lives in adjacent functions rather than being spread around various files. Incidental cleanup: - Remove unused constant - Remove redundant conversion - Remove redundant parentheses - Add missing error check PiperOrigin-RevId: 393184768
2021-08-26	Avoid unhandled error warnings	Tamir Duberstein
	PiperOrigin-RevId: 393104589
2021-08-26	Remove unused argument	Tamir Duberstein
	PiperOrigin-RevId: 393100095
2021-08-26	Pass must-not-be-nil by value	Tamir Duberstein
	PiperOrigin-RevId: 393095246
2021-08-25	Improve TestTimestampSynCookies	Zeling Feng
	.. by advancing the clock so that NowMonotonic does not return 0. PiperOrigin-RevId: 393005373
2021-08-25	Avoid the appearance of allocation	Tamir Duberstein
	PiperOrigin-RevId: 393004533
2021-08-24	Measure RTT during handshake since Linux does the same	Zeling Feng
	Some tcp unit tests are affected by this change: - Some retransmission tests assumed RTO=1s when connection is established. This is no longer true because minRTO was set to 3s in tests so now RTO becomes 3s after the first updateRTO call. Set minRTO=1s for these tests. - Some RACK enabled tests are affected because now that RTT is initialized, and the estimated RTT is quite small, spurious TLP might be sent out and causing flakes, introduce an artificial delay for these tests so that the estimated RTT is larger. PiperOrigin-RevId: 392768725
2021-08-19	Add loopback interface as an ethernet-based device	Ghanan Gowripalan
	...to match Linux behaviour. We can see evidence of Linux representing loopback as an ethernet-based device below: ``` # EUI-48 based MAC addresses. $ ip link show lo 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 # tcpdump showing ethernet frames when sniffing loopback and logging the # link-type as EN10MB (Ethernet). $ sudo tcpdump -i lo -e -c 2 -n tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on lo, link-type EN10MB (Ethernet), snapshot length 262144 bytes 03:09:05.002034 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 66: 127.0.0.1.9557 > 127.0.0.1.36828: Flags [.], ack 3562800815, win 15342, options [nop,nop,TS val 843174495 ecr 843159493], length 0 03:09:05.002094 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 66: 127.0.0.1.36828 > 127.0.0.1.9557: Flags [.], ack 1, win 6160, options [nop,nop,TS val 843174496 ecr 843159493], length 0 2 packets captured 116 packets received by filter 0 packets dropped by kernel ``` Wireshark shows a similar result as the tcpdump example above. Linux's loopback setup: https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/drivers/net/loopback.c#L162 PiperOrigin-RevId: 391836719
2021-08-19	Use a hash function to generate tcp timestamp offset	Zeling Feng
	Also fix an option parsing error in checker.TCPTimestampChecker while I am here. PiperOrigin-RevId: 391828329
2021-08-18	Split TCP secrets from Stack to tcp.protocol	Zeling Feng
	Use different secrets for different purposes (port picking, ISN generation, tsOffset generation) and moved the secrets from stack.Stack to tcp.protocol. PiperOrigin-RevId: 391641238
2021-08-13	Free multicastMemberships on UDP endpoint close	Ghanan Gowripalan
	tcpip.Endpoint.Close is documented to free all resources associated with an endpoint so we don't need to create an empty map to clear the multicast memberships. PiperOrigin-RevId: 390609826
2021-08-12	Add support for TCP send buffer auto tuning.	Nayana Bidari
	Send buffer size in TCP indicates the amount of bytes available for the sender to transmit. This change will allow TCP to update the send buffer size when - TCP enters established state. - ACK is received. The auto tuning is disabled when the send buffer size is set with the SO_SNDBUF option. PiperOrigin-RevId: 390312274
2021-07-21	Add metric to count number of segments acknowledged by DSACK.	Nayana Bidari
	- Creates new metric "/tcp/segments_acked_with_dsack" to count the number of segments acked with DSACK. - Added check to verify the metric is getting incremented when a DSACK is sent in the unit tests. PiperOrigin-RevId: 386135949
2021-07-20	Enable RACK by default in netstack.	Nayana Bidari
	PiperOrigin-RevId: 385944428
2021-07-20	Expose local address from raw sockets	Ghanan Gowripalan
	PiperOrigin-RevId: 385940836
2021-07-20	Add go:build directives as required by Go 1.17's gofmt.	Jamie Liu
	PiperOrigin-RevId: 385894869
2021-07-14	Set tcp endpoint state atomically	Tamir Duberstein
	PiperOrigin-RevId: 384776517
2021-07-12	netstack: move SO_SNDBUF/RCVBUF clamping logic out of //pkg/tcpip	Kevin Krakauer
	- Keeps Linux-specific behavior out of //pkg/tcpip - Makes it clearer that clamping is done only for setsockopt calls from users - Removes code duplication PiperOrigin-RevId: 384389809
2021-07-08	Do not queue zero sized segments.	Bhasker Hariharan
	Commit 16b751b6c610ec2c5a913cb8a818e9239ee7da71 introduced a bug where writes of zero size would end up queueing a zero sized segment which will cause the sandbox to panic when trying to send a zero sized segment(e.g. after an RTO) as netstack asserts that the all non FIN segments have size > 0. This change adds the check for a zero sized payload back to avoid queueing such segments. The associated test panics without the fix and passes with it. PiperOrigin-RevId: 383677884
2021-07-01	Mix checklocks and atomic analyzers.	Adin Scannell
	This change makes the checklocks analyzer considerable more powerful, adding: * The ability to traverse complex structures, e.g. to have multiple nested fields as part of the annotation. * The ability to resolve simple anonymous functions and closures, and perform lock analysis across these invocations. This does not apply to closures that are passed elsewhere, since it is not possible to know the context in which they might be invoked. * The ability to annotate return values in addition to receivers and other parameters, with the same complex structures noted above. * Ignoring locking semantics for "fresh" objects, i.e. objects that are allocated in the local frame (typically a new-style function). * Sanity checking of locking state across block transitions and returns, to ensure that no unexpected locks are held. Note that initially, most of these findings are excluded by a comprehensive nogo.yaml. The findings that are included are fundamental lock violations. The changes here should be relatively low risk, minor refactorings to either include necessary annotations to simplify the code structure (in general removing closures in favor of methods) so that the analyzer can be easily track the lock state. This change additional includes two changes to nogo itself: * Sanity checking of all types to ensure that the binary and ast-derived types have a consistent objectpath, to prevent the bug above from occurring silently (and causing much confusion). This also requires a trick in order to ensure that serialized facts are consumable downstream. This can be removed with https://go-review.googlesource.com/c/tools/+/331789 merged. * A minor refactoring to isolation the objdump settings in its own package. This was originally used to implement the sanity check above, but this information is now being passed another way. The minor refactor is preserved however, since it cleans up the code slightly and is minimal risk. PiperOrigin-RevId: 382613300
2021-06-28	netstack: deflake TestSynRcvdBadSeqNumber	Kevin Krakauer
	There was a race wherein Accept() could fail, then the handshake would complete, and then a waiter would be created to listen for the handshake. In such cases, no notification was ever sent and the test timed out. PiperOrigin-RevId: 381913041
2021-06-25	Remove sndQueue as its pointless now.	Bhasker Hariharan
	sndQueue made sense when the worker goroutine and the syscall context held different locks. Now both lock the endpoint lock before doing anything which means adding to sndQueue is pointless as we move it to writeList immediately after that in endpoint.Write() by calling e.drainSendQueue. PiperOrigin-RevId: 381523177
2021-06-22	Wake up Writers when tcp socket is shutdown for writes.	Bhasker Hariharan
	PiperOrigin-RevId: 380967023
2021-06-22	netstack: further deflake tcp_test	Kevin Krakauer
	There are unnecessarily short timeouts in several places. Note: a later change will switch tcp_test to fake clocks intead of the built-in `time` package. PiperOrigin-RevId: 380935400
2021-06-21	clean up tcpdump TODOs	Kevin Krakauer
	tcpdump is largely supported. We've also chose not to implement writeable AF_PACKET sockets, and there's a bug specifically for promiscuous mode (#3333). Fixes #173. PiperOrigin-RevId: 380733686
2021-06-21	netstack: don't ACK SYNs in TIME-WAIT	Kevin Krakauer
	It was possible for a SYN to arrive after the endpoint sent an ACK as part of the transition to TIME-WAIT, but before returning from handleSegmentsLocked(). This caused the SYN to be dequeued and ACK'd despite the change in EndpointState. Deflakes TestTCPTimeWaitNewSyn. Tested with: blaze test --config=gotsan --runs_per_test 10000 \ //third_party/gvisor/pkg/tcpip/transport/tcp:tcp_x_test -j 2000 \ // --test_filter TestTCPTimeWaitNewSyn PiperOrigin-RevId: 380639808
2021-06-17	raw sockets: don't overwrite destination address	Kevin Krakauer
	Also makes the behavior of raw sockets WRT fragmentation clearer, and makes the ICMPv4 header-length check explicit. Fixes #3160. PiperOrigin-RevId: 380033450
2021-06-16	Fix broken hdrincl test	Kevin Krakauer
	Fixes #3159. PiperOrigin-RevId: 379814096