summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip
AgeCommit message (Collapse)Author
2020-10-16Merge release-20201005.0-95-gdffa4c669 (automated)gVisor bot
2020-10-16Don't include link header when forwarding packetsGhanan Gowripalan
Before this change, if a link header was included in an incoming packet that is forwarded, the packet that gets sent out will take the original packet and add a link header to it while keeping the old link header. This would make the sent packet look like: OUTGOING LINK HDR | INCOMING LINK HDR | NETWORK HDR | ... Obviously this is incorrect as we should drop the incoming link header and only include the outgoing link header. This change fixes this bug. Test: integration_test.TestForwarding PiperOrigin-RevId: 337571447
2020-10-16Merge release-20201005.0-94-g4d27f33b0 (automated)gVisor bot
2020-10-16Make IPv4 check the IP header checksumJulian Elischer
The IPv4 header checksum has not been checked, at least in recent times, so add code to do so. Fix all the tests that fail because they never needed to set the checksum. Fixes #4484 PiperOrigin-RevId: 337556243
2020-10-16Merge release-20201005.0-93-gedc106824 (automated)gVisor bot
2020-10-16Enable IPv4 fragmentation for every code path.Arthur Sfez
Currently, fragmentation can only occur during WritePacket(). This enables it for WritePackets() and WriteIncludedHeaderPacket() as well. IPv4 unit tests were refactored to be consistent with the IPv6 unit tests. This removes the extraHeaderReserveLength field and the related "prependable bytes" unit tests (for both IPv4 and IPv6) because it was only testing a panic condition when the value was too low. Fixes #3796 PiperOrigin-RevId: 337550061
2020-10-16Merge release-20201005.0-89-gfbfcf8144 (automated)gVisor bot
2020-10-16Enable IPv6 WriteHeaderIncludedPacketGhanan Gowripalan
Allow writing an IPv6 packet where the IPv6 header is a provided by the user. * Introduce an error to let callers know a header is malformed. We previously useed tcpip.ErrInvalidOptionValue but that did not seem appropriate for generic malformed header errors. * Populate network header in WriteHeaderIncludedPacket IPv4's implementation of WriteHeaderIncludedPacket did not previously populate the packet buffer's network header. This change fixes that. Fixes #4527 Test: ip_test.TestWriteHeaderIncludedPacket PiperOrigin-RevId: 337534548
2020-10-15Merge release-20201005.0-83-g3269cefd6 (automated)gVisor bot
2020-10-15Process NAs without target link-layer addressesSam Balana
RFC 4861 section 4.4 comments the Target link-layer address option is sometimes optional in a Neighbor Advertisement packet: "When responding to a unicast Neighbor Solicitation this option SHOULD be included." Tests: pkg/tcpip/stack:stack_test - TestEntryStaleToReachableWhenSolicitedConfirmationWithoutAddress - TestEntryDelayToReachableWhenSolicitedConfirmationWithoutAddress - TestEntryProbeToReachableWhenSolicitedConfirmationWithoutAddress pkg/tcpip/network/ipv6:ipv6_test - TestCallsToNeighborCache PiperOrigin-RevId: 337396493
2020-10-15Refactor compareFragments to follow Go styleArthur Sfez
Test helpers should be used for test setup/teardown, not actual testing. Use cmp.Diff instead of bytes.Equal to improve readability. PiperOrigin-RevId: 337323242
2020-10-14Merge release-20200928.0-117-g6e6a9d3f3 (automated)gVisor bot
2020-10-14Find route before sending NA responseGhanan Gowripalan
This change also brings back the stack.Route.ResolveWith method so that we can immediately resolve a route when sending an NA in response to a a NS with a source link layer address option. Test: ipv6_test.TestNeighorSolicitationResponse PiperOrigin-RevId: 337185461
2020-10-13Merge release-20200928.0-111-g443e3cad4 (automated)gVisor bot
2020-10-13Merge pull request #4486 from patr0nus:master_udp_ep_fixgVisor bot
PiperOrigin-RevId: 336974095
2020-10-13Merge release-20200928.0-105-g51913ba40 (automated)gVisor bot
2020-10-13Correct NA minimum sizeSam Balana
Remove the duplicate NA size variable while I'm here. See https://tools.ietf.org/html/rfc4861#section-4.4 for the packet format. PiperOrigin-RevId: 336943206
2020-10-13Merge release-20200928.0-103-g7053f1785 (automated)gVisor bot
2020-10-13Use NDP option serializer instead of handcrafting the NSTamir Duberstein
Use the correct constant (Solicit, not Advert) while I'm here. PiperOrigin-RevId: 336924605
2020-10-11Assign ep.effectiveNetProtos in UDP forwarder's CreateEndpointpatr0nus
2020-10-10Merge release-20200928.0-90-gdb36d948f (automated)gVisor bot
2020-10-09TCP Receive window advertisement fixes.Bhasker Hariharan
The fix in commit 028e045da93b7c1c26417e80e4b4e388b86a713d was incorrect as it can cause the right edge of the window to shrink when we announce a zero window due to receive buffer being full as its done before the check for seeing if the window is being shrunk because of the selected window. Further the window was calculated purely on available space but in cases where we are getting full sized segments it makes more sense to use the actual bytes being held. This CL changes to use the lower of the total available space vs the available space in the maximal window we could advertise minus the actual payload bytes being held. This change also cleans up the code so that the window selection logic is not duplicated between getSendParams() and windowCrossedACKThresholdLocked. PiperOrigin-RevId: 336404827
2020-10-10Merge release-20200928.0-89-gd75fe7660 (automated)gVisor bot
2020-10-09RACK: Detect packet reordering.Nayana Bidari
RACK detects packet reordering by checking if the sender received ACK for the packet which has the sequence number less than the already acknowledged packets. PiperOrigin-RevId: 336397526
2020-10-09Merge release-20200928.0-78-g743327817 (automated)gVisor bot
2020-10-09Merge release-20200928.0-77-g257703c05 (automated)gVisor bot
2020-10-09Automated rollback of changelist 336304024Ghanan Gowripalan
PiperOrigin-RevId: 336339194
2020-10-09Merge release-20200928.0-74-g8566decab (automated)gVisor bot
2020-10-09Automated rollback of changelist 336185457Bhasker Hariharan
PiperOrigin-RevId: 336304024
2020-10-09Merge release-20200928.0-73-g07b1d7413 (automated)gVisor bot
2020-10-08Only block resolution when NUD is incompleteGhanan Gowripalan
When a completed entry exists for a neighbor, there is no need to block while reachability is (re)confirmed. The stack should continue to use the neighbor's link address while NUD is performed. Test: stack_test.TestNeighborCacheReplace PiperOrigin-RevId: 336199043
2020-10-08Merge release-20200928.0-71-g6768e6c59 (automated)gVisor bot
2020-10-08Do not resolve routes immediatelyGhanan Gowripalan
When a response needs to be sent to an incoming packet, the stack should consult its neighbour table to determine the remote address's link address. When an entry does not exist in the stack's neighbor table, the stack should queue the packet while link resolution completes. See comments. PiperOrigin-RevId: 336185457
2020-10-08Merge release-20200928.0-70-g40269d0c2 (automated)gVisor bot
2020-10-08Send unicast probes when link address is knownGhanan Gowripalan
When the neighbor table already has link address for a neighbor but is trying to confirm reachability, it may send unicast probes to the neighbor. PiperOrigin-RevId: 336166711
2020-10-08Merge release-20200928.0-67-g0c3134028 (automated)gVisor bot
2020-10-08Change IPv6 reassembly timeout to 60sArthur Sfez
It was originally set to 30s for IPv6 (same as IPv4) but this is not what RFC 8200 prescibes. Linux also defaults to 60s [1]. [1] https://github.com/torvalds/linux/blob/47ec5303d73ea344e84f46660fff693c57641386/include/net/ipv6.h#L456 PiperOrigin-RevId: 336034636
2020-10-08Merge release-20200928.0-66-ga55bd73d4 (automated)gVisor bot
2020-10-06Merge release-20200928.0-59-g95cac27d0 (automated)gVisor bot
2020-10-06Discard invalid Neighbor SolicitationsPeter Johnston
...per RFC 4861 s7.1.1. PiperOrigin-RevId: 335742851
2020-10-06Merge release-20200928.0-58-g99bf022c2 (automated)gVisor bot
2020-10-06Add support for IPv6 fragmentationArthur Sfez
Most of the IPv4 fragmentation code was moved in the fragmentation package and it is reused by IPv6 fragmentation. Test: - pkg/tcpip/network/ipv4:ipv4_test - pkg/tcpip/network/ipv6:ipv6_test - pkg/tcpip/network/fragmentation:fragmentation_test Fixes #4389 PiperOrigin-RevId: 335714280
2020-10-06Merge release-20200928.0-50-g798cc6b04 (automated)gVisor bot
2020-10-05Fix IPv4 ICMP echo handler to copy optionsJulian Elischer
The IPv4 RFCs are specific (though obtuse) that an echo response packet needs to contain all the options from the echo request, much as if it been routed back to the sender, though apparently with a new TTL. They suggest copying the incoming packet header to achieve this so that is what this patch does. PiperOrigin-RevId: 335559176
2020-10-05Merge release-20200928.0-39-g91e2d15a6 (automated)gVisor bot
2020-10-05Remove AssignableAddressEndpoint.NetworkEndpointGhanan Gowripalan
We can get the network endpoint directly from the NIC. This is a preparatory CL for when a Route needs to hold a dedicated NIC as its output interface. This is because when forwarding is enabled, packets may be sent from a NIC different from the NIC a route's local address is associated with. PiperOrigin-RevId: 335484500
2020-10-02Merge release-20200921.0-100-gd23f1ec0f (automated)gVisor bot
2020-10-02Update minimum RTT for RACK.Nayana Bidari
We are currently tracking the minimum RTT for RACK as smoothed RTT. As per RFC minimum RTT can be a global minimum of all RTTs or filtered value of recent RTT measurements. In this cl minimum RTT is updated to global minimum of all RTTs for the connection. PiperOrigin-RevId: 335061518
2020-09-30Merge release-20200921.0-93-g6f8d64f42 (automated)gVisor bot
2020-09-30ip6tables: redirect supportKevin Krakauer
Adds support for the IPv6-compatible redirect target. Redirection is a limited form of DNAT, where the destination is always the localhost. Updates #3549. PiperOrigin-RevId: 334698344