summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip
AgeCommit message (Collapse)Author
2020-11-25Make stack.Route safe to access concurrentlyGhanan Gowripalan
Multiple goroutines may use the same stack.Route concurrently so the stack.Route should make sure that any functions called on it are thread-safe. Fixes #4073 PiperOrigin-RevId: 344320491
2020-11-24Correctly lock when removing neighbor entriesSam Balana
Fix a panic when two entries in Failed state are removed at the same time. PiperOrigin-RevId: 344143777
2020-11-24Report correct pointer value for "bad next header" ICMP errorJulian Elischer
Because the code handles a bad header as "payload" right up to the last moment we need to make sure payload handling does not remove the error information. Fixes #4909 PiperOrigin-RevId: 344141690
2020-11-24Track number of packets queued to Failed neighborsSam Balana
Add a NIC-specific neighbor table statistic so we can determine how many packets have been queued to Failed neighbors, indicating an unhealthy local network. This change assists us to debug in-field issues where subsequent traffic to a neighbor fails. Fixes #4819 PiperOrigin-RevId: 344131119
2020-11-24Extract IGMPv2 core state machineGhanan Gowripalan
The IGMPv2 core state machine can be shared with MLDv1 since they are almost identical, ignoring specific addresses, constants and packets. Bug #4682, #4861 PiperOrigin-RevId: 344102615
2020-11-24Deduplicate code in ipv6.protocolGhanan Gowripalan
PiperOrigin-RevId: 344009602
2020-11-23Use time.Duration for IGMP Max Response Time fieldGhanan Gowripalan
Bug #4682 PiperOrigin-RevId: 343993297
2020-11-19Perform IGMPv2 when joining IPv4 multicast groupsRyan Heacock
Added headers, stats, checksum parsing capabilities from RFC 2236 describing IGMPv2. IGMPv2 state machine is implemented for each condition, sending and receiving IGMP Membership Reports and Leave Group messages with backwards compatibility with IGMPv1 routers. Test: * Implemented igmp header parser and checksum calculator in header/igmp_test.go * ipv4/igmp_test.go tests incoming and outgoing IGMP messages and pathways. * Added unit test coverage for IGMPv2 RFC behavior + IGMPv1 backwards compatibility in ipv4/igmp_test.go. Fixes #4682 PiperOrigin-RevId: 343408809
2020-11-19Add types to parse MLD messagesGhanan Gowripalan
Preparing for upcoming CLs that add MLD functionality. Bug #4861 Test: header.TestMLD PiperOrigin-RevId: 343391556
2020-11-19Fix possible panic due to bad data.Julian Elischer
Found by a Fuzzer. Reported-by: syzbot+619fa10be366d553ef7f@syzkaller.appspotmail.com PiperOrigin-RevId: 343379575
2020-11-19Propagate IP address prefix from host to netstackFabricio Voznika
Closes #4022 PiperOrigin-RevId: 343378647
2020-11-19Require sync.Mutex to lock and unlock from the same goroutineMichael Pratt
We would like to track locks ordering to detect ordering violations. Detecting violations is much simpler if mutexes must be unlocked by the same goroutine that locked them. Thus, as a first step to tracking lock ordering, add this lock/unlock requirement to gVisor's sync.Mutex. This is more strict than the Go standard library's sync.Mutex, but initial testing indicates only a single lock that is used across goroutines. The new sync.CrossGoroutineMutex relaxes the requirement (but will not provide lock order checking). Due to the additional overhead, enforcement is only enabled with the "checklocks" build tag. Build with this tag using: bazel build --define=gotags=checklocks ... From my spot-checking, this has no changed inlining properties when disabled. Updates #4804 PiperOrigin-RevId: 343370200
2020-11-19Don't hold AddressEndpoints for multicast addressesGhanan Gowripalan
Group addressable endpoints can simply check if it has joined the multicast group without maintaining address endpoints. This also helps remove the dependency on AddressableEndpoint from GroupAddressableEndpoint. Now that group addresses are not tracked with address endpoints, we can avoid accidentally obtaining a route with a multicast local address. PiperOrigin-RevId: 343336912
2020-11-19Remove unused NoChecksumOptionBruno Dal Bo
Migration to unified socket options left this behind. PiperOrigin-RevId: 343305434
2020-11-19Fix some code not using NewPacketBuffer for creating a PacketBuffer.Ting-Yu Wang
PiperOrigin-RevId: 343299993
2020-11-18[netstack] Move SO_KEEPALIVE and SO_ACCEPTCONN option to SocketOptions.Ayush Ranjan
PiperOrigin-RevId: 343217712
2020-11-18Remove unused methods from stack.RouteGhanan Gowripalan
PiperOrigin-RevId: 343211553
2020-11-18[netstack] Move SO_REUSEPORT and SO_REUSEADDR option to SocketOptions.Ayush Ranjan
This changes also introduces: - `SocketOptionsHandler` interface which can be implemented by endpoints to handle endpoint specific behavior on SetSockOpt. This is analogous to what Linux does. - `DefaultSocketOptionsHandler` which is a default implementation of the above. This is embedded in all endpoints so that we don't have to uselessly implement empty functions. Endpoints with specific behavior can override the embedded method by manually defining its own implementation. PiperOrigin-RevId: 343158301
2020-11-18Automated rollback of changelist 342700744Nayana Bidari
PiperOrigin-RevId: 343152780
2020-11-18[netstack] Move SO_NO_CHECK option to SocketOptions.Ayush Ranjan
PiperOrigin-RevId: 343146856
2020-11-18Fix loopback subnet routing errorGhanan Gowripalan
Packets should be properly routed when sending packets to addresses in the loopback subnet which are not explicitly assigned to the loopback interface. Tests: - integration_test.TestLoopbackAcceptAllInSubnetUDP - integration_test.TestLoopbackAcceptAllInSubnetTCP PiperOrigin-RevId: 343135643
2020-11-18[netstack] Move SO_PASSCRED option to SocketOptions.Ayush Ranjan
This change also makes the following fixes: - Make SocketOptions use atomic operations instead of having to acquire/drop locks upon each get/set option. - Make documentation more consistent. - Remove tcpip.SocketOptions from socketOpsCommon because it already exists in transport.Endpoint. - Refactors get/set socket options tests to be easily extendable. PiperOrigin-RevId: 343103780
2020-11-18Introduce stack.WritePacketToRemote, remove LinkEndpoint.WriteRawPacketBruno Dal Bo
Redefine stack.WritePacket into stack.WritePacketToRemote which lets the NIC decide whether to append link headers. PiperOrigin-RevId: 343071742
2020-11-17Remove sniffer from gonet_test.Bhasker Hariharan
This was added by mistake in cl/342868552. PiperOrigin-RevId: 343021431
2020-11-17Fix endpoint.Read() when endpoint is in StateError.Bhasker Hariharan
If the endpoint is in StateError but e.hardErrorLocked() returns nil then return ErrClosedForRecieve. This can happen if a concurrent write on the same endpoint was in progress when the endpoint transitioned to an error state. PiperOrigin-RevId: 343018257
2020-11-17Add per-sniffer instance log prefixBruno Dal Bo
A prefix associated with a sniffer instance can help debug situations where more than one NIC (i.e. more than one sniffer) exists. PiperOrigin-RevId: 342950027
2020-11-17Fix possible deadlock in UDP.Write().Bhasker Hariharan
In UDP endpoint.Write() sendUDP is called with e.mu Rlocked. But if this happens to send a datagram over loopback which ends up generating an ICMP response of say ErrNoPortReachable, the handling of the response in HandleControlPacket also acquires e.mu using RLock. This is mostly fine unless there is a competing caller trying to acquire e.mu in exclusive mode using Lock(). This will deadlock as a caller waiting in Lock() disallows an new RLocks() to ensure it can actually acquire the Lock. This is documented here https://golang.org/pkg/sync/#RWMutex. This change releases the endpoint mutex before calling sendUDP to resolve the possibility of the deadlock. Reported-by: syzbot+537989797548c66e8ee3@syzkaller.appspotmail.com Reported-by: syzbot+eb0b73b4ab486f7673ba@syzkaller.appspotmail.com PiperOrigin-RevId: 342894148
2020-11-17Fix SO_ERROR behavior for TCP in gVisor.Bhasker Hariharan
Fixes the behaviour of SO_ERROR for tcp sockets where in linux it returns sk->sk_err and if sk->sk_err is 0 then it returns sk->sk_soft_err. In gVisor TCP we endpoint.HardError is the equivalent of sk->sk_err and endpoint.LastError holds soft errors. This change brings this into alignment with Linux such that both hard/soft errors are cleared when retrieved using getsockopt(.. SO_ERROR) is called on a socket. Fixes #3812 PiperOrigin-RevId: 342868552
2020-11-16Remove ARP address workaroundGhanan Gowripalan
- Make AddressableEndpoint optional for NetworkEndpoint. Not all NetworkEndpoints need to support addressing (e.g. ARP), so AddressableEndpoint should only be implemented for protocols that support addressing such as IPv4 and IPv6. With this change, tcpip.ErrNotSupported will be returned by the stack when attempting to modify addresses on a network endpoint that does not support addressing. Now that packets are fully handled at the network layer, and (with this change) addresses are optional for network endpoints, we no longer need the workaround for ARP where a fake ARP address was added to each NIC that performs ARP so that packets would be delivered to the ARP layer. PiperOrigin-RevId: 342722547
2020-11-16Clean up fragmentation.ProcessToshi Kikuchi
- Pass a PacketBuffer directly instead of releaseCB - No longer pass a VectorisedView, which is included in the PacketBuffer - Make it an error if data size is not equal to (last - first + 1) - Set the callback for the reassembly timeout on NewFragmentation PiperOrigin-RevId: 342702432
2020-11-16Automated rollback of changelist 342312166Bhasker Hariharan
PiperOrigin-RevId: 342700744
2020-11-16Automated rollback of changelist 340274194Dean Deng
PiperOrigin-RevId: 342669574
2020-11-13Requested Comment/Message wording changesJulian Elischer
PiperOrigin-RevId: 342366891
2020-11-13RACK: Detect DSACKNayana Bidari
Detect if the ACK is a duplicate and update in RACK. PiperOrigin-RevId: 342332569
2020-11-13Decrement TTL/Hop Limit when forwarding IP packetsGhanan Gowripalan
If the packet must no longer be forwarded because its TTL/Hop Limit reaches 0, send an ICMP Time Exceeded error to the source. Required as per relevant RFCs. See comments in code for RFC references. Fixes #1085 Tests: - ipv4_test.TestForwarding - ipv6.TestForwarding PiperOrigin-RevId: 342323610
2020-11-13Refactor loss recovery in TCP.Nayana Bidari
The current implementation of loss recovery algorithms SACK and NewReno are in the same file(snd.go). The functions have multiple checks to see which one is currently used by the endpoint. This CL will refactor and separate the implementation of existing recovery algorithms which will help us to implement new recovery algorithms(such as RACK) with less changes to the existing code. There is no change in the behavior. PiperOrigin-RevId: 342312166
2020-11-12Refactor SOL_SOCKET optionsNayana Bidari
Store all the socket level options in a struct and call {Get/Set}SockOpt on this struct. This will avoid implementing socket level options on all endpoints. This CL contains implementing one socket level option for tcp and udp endpoints. PiperOrigin-RevId: 342203981
2020-11-12Change AllocationSize to SizeWithPadding as requestedJulian Elischer
RELNOTES: n/a PiperOrigin-RevId: 342176296
2020-11-12Pad with a loop rather than a copy from an allocation.Julian Elischer
Add a unit test for ipv4.Encode and a round trip test. PiperOrigin-RevId: 342169517
2020-11-12Move packet handling to NetworkEndpointGhanan Gowripalan
The NIC should not hold network-layer state or logic - network packet handling/forwarding should be performed at the network layer instead of the NIC. Fixes #4688 PiperOrigin-RevId: 342166985
2020-11-11Teach netstack how to add options to IPv4 packetsJulian Elischer
Most packets don't have options but they are an integral part of the standard. Teaching the ipv4 code how to handle them will simplify future testing and use. Because Options are so rare it is worth making sure that the extra work is kept out of the fast path as much as possible. Prior to this change, all usages of the IHL field of the IPv4Fields/Encode system set it to the same constant value except in a couple of tests for bad values. From this change IHL will not be a constant as it will depend on the size of any Options. Since ipv4.Encode() now handles the options it becomes a possible source of errors to let the callers set this value, so remove it entirely and calculate the value from the size of the Options if present (or not) therefore guaranteeing a correct value. Fixes #4709 RELNOTES: n/a PiperOrigin-RevId: 341864765
2020-11-09Skip `EventHUp` notify in `FIN_WAIT2` on a socket close.Mithun Iyer
This Notify was added as part of cl/279106406; but notifying `EventHUp` in `FIN_WAIT2` is incorrect, as we want to only notify later on `TIME_WAIT` or a reset. However, we do need to notify any blocked waiters of an activity on the endpoint with `EventIn`|`EventOut`. PiperOrigin-RevId: 341490913
2020-11-09net: connect to the ipv4 localhost returns ENETUNREACH if the address isn't setAndrei Vagin
cl/340002915 modified the code to return EADDRNOTAVAIL if connect is called for a localhost address which isn't set. But actually, Linux returns EADDRNOTAVAIL for ipv6 addresses and ENETUNREACH for ipv4 addresses. Updates #4735 PiperOrigin-RevId: 341479129
2020-11-09Initialize references with a value of 1.Dean Deng
This lets us avoid treating a value of 0 as one reference. All references using the refsvfs2 template must call InitRefs() before the reference is incremented/decremented, or else a panic will occur. Therefore, it should be pretty easy to identify missing InitRef calls during testing. Updates #1486. PiperOrigin-RevId: 341411151
2020-11-06Trim link headers from buffer clone when sniffingGhanan Gowripalan
PiperOrigin-RevId: 341135083
2020-11-06Return early in walkSACK if segment has no SACK blocks.Bhasker Hariharan
This avoids a needless allocation. Updates #231 PiperOrigin-RevId: 341113160
2020-11-06Do not send to the zero portGhanan Gowripalan
Port 0 is not meant to identify any remote port so attempting to send a packet to it should return an error. PiperOrigin-RevId: 341009528
2020-11-05Cache addressEndpoint.addr.Subnet() to avoid allocations.Bhasker Hariharan
This change adds a Subnet() method to AddressableEndpoint so that we can avoid repeated calls to AddressableEndpoint.AddressWithPrefix().Subnet(). Updates #231 PiperOrigin-RevId: 340969877
2020-11-05Use stack.Route exclusively for writing packetsGhanan Gowripalan
* Remove stack.Route from incoming packet path. There is no need to pass around a stack.Route during the incoming path of a packet. Instead, pass around the packet's link/network layer information in the packet buffer since all layers may need this information. * Support address bound and outgoing packet NIC in routes. When forwarding is enabled, the source address of a packet may be bound to a different interface than the outgoing interface. This change updates stack.Route to hold both NICs so that one can be used to write packets while the other is used to check if the route's bound address is valid. Note, we need to hold the address's interface so we can check if the address is a spoofed address. * Introduce the concept of a local route. Local routes are routes where the packet never needs to leave the stack; the destination is stack-local. We can now route between interfaces within a stack if the packet never needs to leave the stack, even when forwarding is disabled. * Always obtain a route from the stack before sending a packet. If a packet needs to be sent in response to an incoming packet, a route must be obtained from the stack to ensure the stack is configured to send packets to the packet's source from the packet's destination. * Enable spoofing if a stack may send packets from unowned addresses. This change required changes to some netgophers since previously, promiscuous mode was enough to let the netstack respond to all incoming packets regardless of the packet's destination address. Now that a stack.Route is not held for each incoming packet, finding a route may fail with local addresses we don't own but accepted packets for while in promiscuous mode. Since we also want to be able to send from any address (in response the received promiscuous mode packets), we need to enable spoofing. * Skip transport layer checksum checks for locally generated packets. If a packet is locally generated, the stack can safely assume that no errors were introduced while being locally routed since the packet is never sent out the wire. Some bugs fixed: - transport layer checksum was never calculated after NAT. - handleLocal didn't handle routing across interfaces. - stack didn't support forwarding across interfaces. - always consult the routing table before creating an endpoint. Updates #4688 Fixes #3906 PiperOrigin-RevId: 340943442
2020-11-04Unlock tcp endpoint mutex before blocking forever.Dean Deng
This was occasionally causing tests to get stuck due to races with the save process, during which the same mutex is acquired. PiperOrigin-RevId: 340789616