summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip
AgeCommit message (Collapse)Author
2020-05-28Merge release-20200518.0-47-g835e8c89 (automated)gVisor bot
2020-05-27Remove linkEP from DeliverNetworkPacketSam Balana
The specified LinkEndpoint is not being used in a significant way. No behavior change, existing tests pass. This change is a breaking change. PiperOrigin-RevId: 313496602
2020-05-27Merge release-20200518.0-45-g0bc022b7 (automated)gVisor bot
2020-05-27Fix tiny typo.Kevin Krakauer
PiperOrigin-RevId: 313414690
2020-05-20Test that we have PAWS mechanismZeling Feng
If there is a Timestamps option in the arriving segment and SEG.TSval < TS.Recent and if TS.Recent is valid, then treat the arriving segment as not acceptable: Send an acknowledgement in reply as specified in RFC-793 page 69 and drop the segment. https://tools.ietf.org/html/rfc1323#page-19 PiperOrigin-RevId: 312590678
2020-05-20Internal change.gVisor bot
PiperOrigin-RevId: 312559963
2020-05-16Merge release-20200511.0-251-g420b791 (automated)gVisor bot
2020-05-15Minor formatting updates for gvisor.dev.Adin Scannell
* Aggregate architecture Overview in "What is gVisor?" as it makes more sense in one place. * Drop "user-space kernel" and use "application kernel". The term "user-space kernel" is confusing when some platform implementation do not run in user-space (instead running in guest ring zero). * Clear up the relationship between the Platform page in the user guide and the Platform page in the architecture guide, and ensure they are cross-linked. * Restore the call-to-action quick start link in the main page, and drop the GitHub link (which also appears in the top-right). * Improve image formatting by centering all doc and blog images, and move the image captions to the alt text. PiperOrigin-RevId: 311845158
2020-05-14Merge release-20200422.0-302-gf1ad2d5 (automated)gVisor bot
2020-05-13Fix TCP segment retransmit timeout handling.Mithun Iyer
As per RFC 1122 and Linux retransmit timeout handling: - The segment retransmit timeout needs to exponentially increase and cap at a predefined value. - TCP connection needs to timeout after a predefined number of segment retransmissions. - TCP connection should not timeout when the retranmission timeout exceeds MaxRTO, predefined upper bound. Fixes #2673 PiperOrigin-RevId: 311463961
2020-05-14Merge release-20200422.0-301-g8b8774d (automated)gVisor bot
2020-05-13Stub support for TCP_SYNCNT and TCP_WINDOW_CLAMP.Bhasker Hariharan
This change adds support for TCP_SYNCNT and TCP_WINDOW_CLAMP options in GetSockOpt/SetSockOpt. This change does not really change any behaviour in Netstack and only stores/returns the stored value. Actual honoring of these options will be added as required. Fixes #2626, #2625 PiperOrigin-RevId: 311453777
2020-05-11Merge release-20200422.0-66-ge838e7a (automated)gVisor bot
2020-05-11Automated rollback of changelist 310417191Bhasker Hariharan
PiperOrigin-RevId: 310963404
2020-05-11Merge release-20200422.0-64-g0cb9e1d (automated)gVisor bot
2020-05-11Fix view.ToVectorisedView().Bhasker Hariharan
view.ToVectorisedView() now just returns an empty vectorised view if the view is of zero length. Earlier it would return a VectorisedView of zero length but with 1 empty view. This has been a source of bugs as lower layers don't expect zero length views in VectorisedViews. VectorisedView.AppendView() now is a no-op if the view being appended is of zero length. Fixes #2658 PiperOrigin-RevId: 310942269
2020-05-08Merge release-20200422.0-61-gcfd3066 (automated)gVisor bot
2020-05-08iptables - filter packets using outgoing interface.gVisor bot
Enables commands with -o (--out-interface) for iptables rules. $ iptables -A OUTPUT -o eth0 -j ACCEPT PiperOrigin-RevId: 310642286
2020-05-08Merge release-20200422.0-58-g5d7d5ed (automated)gVisor bot
2020-05-08Send ACK to OTW SEQs/unacc ACKs in CLOSE_WAITZeling Feng
This fixed the corresponding packetimpact test. PiperOrigin-RevId: 310593470
2020-05-07Capture range variable in parallel subtestsSam Balana
Only the last test was running before since the goroutines won't be executed until after this loop. I added t.Log(test.name) and this is was the result: TestListenNoAcceptNonUnicastV4/SourceUnspecified: DestOtherMulticast TestListenNoAcceptNonUnicastV4/DestUnspecified: DestOtherMulticast TestListenNoAcceptNonUnicastV4/DestOtherMulticast: DestOtherMulticast TestListenNoAcceptNonUnicastV4/SourceBroadcast: DestOtherMulticast TestListenNoAcceptNonUnicastV4/DestOurMulticast: DestOtherMulticast TestListenNoAcceptNonUnicastV4/DestBroadcast: DestOtherMulticast TestListenNoAcceptNonUnicastV4/SourceOtherMulticast: DestOtherMulticast TestListenNoAcceptNonUnicastV4/SourceOurMulticast: DestOtherMulticast https://github.com/golang/go/wiki/TableDrivenTests#parallel-testing PiperOrigin-RevId: 310440629
2020-05-07Merge release-20200422.0-51-g1f4087e (automated)gVisor bot
2020-05-07Merge release-20200422.0-50-g28b5565 (automated)gVisor bot
2020-05-07Automated rollback of changelist 309339316Bhasker Hariharan
PiperOrigin-RevId: 310417191
2020-05-07Merge release-20200422.0-46-g08f4846 (automated)gVisor bot
2020-05-07Fix bugs in SACK recovery.Bhasker Hariharan
Every call to sender.NextSeg does not need to iterate from the front of the writeList as in a given recovery episode we can cache the last nextSeg returned. There cannot be a lower sequenced segment that matches the next call to NextSeg as otherwise we would have returned that instead in the previous call. This fixes the issue of excessive CPU usage w/ large send buffers where we spend a lot of time iterating from the front of the list on every NextSeg invocation. Further the following other bugs were also fixed: * Iteration of segments never sent in NextSeg() when looking for segments for retransmission that match step1/3/4 of the NextSeg algorithm * Correctly setting rescueRxt only if the rescue segment was actually sent. * Correctly initializing rescueRxt/highRxt when entering SACK recovery. * Correctly re-arming the timer only on retransmissions when SACK is in use and not for every segment being sent as it was being done before. * Copy over xmitTime and xmitCount on segment clone. * Move writeNext along when skipping over SACKED segments. This is required to prevent spurious retransmissions where we end up retransmitting data that was never lost. PiperOrigin-RevId: 310387671
2020-05-07Merge pull request #2639 from kevinGC:ipv4-frag-reassembly-testgVisor bot
PiperOrigin-RevId: 310380911
2020-05-06Add basic incoming ipv4 fragment testsKevin Krakauer
Based on ipv6's TestReceiveIPv6Fragments.
2020-05-06Merge release-20200422.0-38-g485ca36 (automated)gVisor bot
2020-05-06Do not assume no DHCPv6 configurationsGhanan Gowripalan
Do not assume that networks need any DHCPv6 configurations. Instead, notify the NDP dispatcher in response to the first NDP RA's DHCPv6 flags, even if the flags indicate no DHCPv6 configurations are available. PiperOrigin-RevId: 310245068
2020-05-06Merge release-20200422.0-36-gb08222c (automated)gVisor bot
2020-05-06sniffer: fix accidental logging of good packets as badKevin Krakauer
We need to check vv.Size() instead of len(tcp), as tcp will always be 20 bytes long. PiperOrigin-RevId: 310218351
2020-05-05Merge release-20200422.0-31-ge590314 (automated)gVisor bot
2020-05-05Support TCP zero window probes.Mithun Iyer
As per RFC 1122 4.2.2.17, when the remote advertizes zero receive window, the sender needs to probe for the window-size to become non-zero starting from the next retransmission interval. The TCP connection needs to be kept open as long as the remote is acknowledging the zero window probes. We reuse the retransmission timers to support this. Fixes #1644 PiperOrigin-RevId: 310021575
2020-05-04Merge release-20200422.0-18-g711439b (automated)gVisor bot
2020-05-01Support for connection tracking of TCP packets.Nayana Bidari
Connection tracking is used to track packets in prerouting and output hooks of iptables. The NAT rules modify the tuples in connections. The connection tracking code modifies the packets by looking at the modified tuples.
2020-05-01Merge release-20200422.0-12-g40d6aae (automated)gVisor bot
2020-05-01Regenerate SLAAC address on conflicts with the NICGhanan Gowripalan
If the NIC already has a generated SLAAC address, regenerate a new SLAAC address until one is generated that does not conflict with the NIC's existing addresses, up to a maximum of 10 attempts. This applies to both stable and temporary SLAAC addresses. Test: stack_test.TestMixedSLAACAddrConflictRegen PiperOrigin-RevId: 309495628
2020-05-01Merge release-20200422.0-11-g5e1e61f (automated)gVisor bot
2020-05-01Automated rollback of changelist 308674219Kevin Krakauer
PiperOrigin-RevId: 309491861
2020-05-01Merge release-20200422.0-8-g8962b78 (automated)gVisor bot
2020-04-30Enable FIFO QDisc by default in runsc.Bhasker Hariharan
Updates #231 PiperOrigin-RevId: 309339316
2020-04-30Merge release-20200422.0-7-gae15d90 (automated)gVisor bot
2020-04-30FIFO QDisc implementationBhasker Hariharan
Updates #231 PiperOrigin-RevId: 309323808
2020-04-30Merge release-20200413.0-28-g043b7d8 (automated)gVisor bot
2020-04-30Prefer temporary addressesGhanan Gowripalan
Implement rule 7 of Source Address Selection RFC 6724 section 5. This makes temporary (short-lived) addresses preferred over non-temporary addresses when earlier rules are equal. Test: stack_test.TestIPv6SourceAddressSelectionScopeAndSameAddress PiperOrigin-RevId: 309250975
2020-04-29Merge release-20200413.0-17-g24abccb (automated)gVisor bot
2020-04-28Internal change.gVisor bot
PiperOrigin-RevId: 308940886
2020-04-28Merge release-20200413.0-15-g37a59bc (automated)gVisor bot
2020-04-28Support IPv6 Privacy Extensions for SLAACGhanan Gowripalan
Support generating temporary (short-lived) IPv6 SLAAC addresses to address privacy concerns outlined in RFC 4941. Tests: - stack_test.TestAutoGenTempAddr - stack_test.TestNoAutoGenTempAddrForLinkLocal - stack_test.TestAutoGenTempAddrRegen - stack_test.TestAutoGenTempAddrRegenTimerUpdates - stack_test.TestNoAutoGenTempAddrWithoutStableAddr - stack_test.TestAutoGenAddrInResponseToDADConflicts PiperOrigin-RevId: 308915566