summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip
AgeCommit message (Collapse)Author
2020-05-04Merge release-20200422.0-18-g711439b (automated)gVisor bot
2020-05-01Support for connection tracking of TCP packets.Nayana Bidari
Connection tracking is used to track packets in prerouting and output hooks of iptables. The NAT rules modify the tuples in connections. The connection tracking code modifies the packets by looking at the modified tuples.
2020-05-01Merge release-20200422.0-12-g40d6aae (automated)gVisor bot
2020-05-01Regenerate SLAAC address on conflicts with the NICGhanan Gowripalan
If the NIC already has a generated SLAAC address, regenerate a new SLAAC address until one is generated that does not conflict with the NIC's existing addresses, up to a maximum of 10 attempts. This applies to both stable and temporary SLAAC addresses. Test: stack_test.TestMixedSLAACAddrConflictRegen PiperOrigin-RevId: 309495628
2020-05-01Merge release-20200422.0-11-g5e1e61f (automated)gVisor bot
2020-05-01Automated rollback of changelist 308674219Kevin Krakauer
PiperOrigin-RevId: 309491861
2020-05-01Merge release-20200422.0-8-g8962b78 (automated)gVisor bot
2020-04-30Enable FIFO QDisc by default in runsc.Bhasker Hariharan
Updates #231 PiperOrigin-RevId: 309339316
2020-04-30Merge release-20200422.0-7-gae15d90 (automated)gVisor bot
2020-04-30FIFO QDisc implementationBhasker Hariharan
Updates #231 PiperOrigin-RevId: 309323808
2020-04-30Merge release-20200413.0-28-g043b7d8 (automated)gVisor bot
2020-04-30Prefer temporary addressesGhanan Gowripalan
Implement rule 7 of Source Address Selection RFC 6724 section 5. This makes temporary (short-lived) addresses preferred over non-temporary addresses when earlier rules are equal. Test: stack_test.TestIPv6SourceAddressSelectionScopeAndSameAddress PiperOrigin-RevId: 309250975
2020-04-29Merge release-20200413.0-17-g24abccb (automated)gVisor bot
2020-04-28Internal change.gVisor bot
PiperOrigin-RevId: 308940886
2020-04-28Merge release-20200413.0-15-g37a59bc (automated)gVisor bot
2020-04-28Support IPv6 Privacy Extensions for SLAACGhanan Gowripalan
Support generating temporary (short-lived) IPv6 SLAAC addresses to address privacy concerns outlined in RFC 4941. Tests: - stack_test.TestAutoGenTempAddr - stack_test.TestNoAutoGenTempAddrForLinkLocal - stack_test.TestAutoGenTempAddrRegen - stack_test.TestAutoGenTempAddrRegenTimerUpdates - stack_test.TestNoAutoGenTempAddrWithoutStableAddr - stack_test.TestAutoGenAddrInResponseToDADConflicts PiperOrigin-RevId: 308915566
2020-04-27Reduce flakiness in tcp_test.Bhasker Hariharan
Poll for metric updates as immediately trying to read them can sometimes be flaky if due to goroutine scheduling the check happens before the sender has got a chance to update the corresponding sent metric. PiperOrigin-RevId: 308712817
2020-04-27Merge release-20200323.0-253-g55f0c33 (automated)gVisor bot
2020-04-27Automated rollback of changelist 308163542gVisor bot
PiperOrigin-RevId: 308674219
2020-04-24Merge release-20200323.0-243-gdfff265 (automated)gVisor bot
2020-04-24Add ICMP6 param problem testEyal Soha
Tested: When run on Linux, a correct ICMPv6 response is received. On netstack, no ICMPv6 response is received. PiperOrigin-RevId: 308343113
2020-04-24Merge release-20200323.0-237-g1ceee04 (automated)gVisor bot
2020-04-24Do not copy tcpip.CancellableTimerGhanan Gowripalan
A CancellableTimer's AfterFunc timer instance creates a closure over the CancellableTimer's address. This closure makes a CancellableTimer unsafe to copy. No behaviour change, existing tests pass. PiperOrigin-RevId: 308306664
2020-04-24Merge release-20200323.0-227-geccae0f (automated)gVisor bot
2020-04-23Remove View.First() and View.RemoveFirst()Kevin Krakauer
These methods let users eaily break the VectorisedView abstraction, and allowed netstack to slip into pseudo-enforcement of the "all headers are in the first View" invariant. Removing them and replacing with PullUp(n) breaks this reliance and will make it easier to add iptables support and rework network buffer management. The new View.PullUp(n) method is low cost in the common case, when when all the headers fit in the first View. PiperOrigin-RevId: 308163542
2020-04-23Simplify Docker test infrastructure.Adin Scannell
This change adds a layer of abstraction around the internal Docker APIs, and eliminates all direct dependencies on Dockerfiles in the infrastructure. A subsequent change will automated the generation of local images (with efficient caching). Note that this change drops the use of bazel container rules, as that experiment does not seem to be viable. PiperOrigin-RevId: 308095430
2020-04-22Merge release-20200323.0-214-g37f863f (automated)gVisor bot
2020-04-22tcp: handle listen after shutdown properlyAndrei Vagin
Right now, sentry panics in this case: panic: close of nil channel goroutine 67 [running]: pkg/tcpip/transport/tcp/tcp.(*endpoint).listen(0xc0000ce000, 0x9, 0x0) pkg/tcpip/transport/tcp/endpoint.go:2208 +0x170 pkg/tcpip/transport/tcp/tcp.(*endpoint).Listen(0xc0000ce000, 0x9, 0xc0003a1ad0) pkg/tcpip/transport/tcp/endpoint.go:2179 +0x50 Fixes #2468 PiperOrigin-RevId: 307896725
2020-04-21Merge release-20200323.0-199-g120d3b5 (automated)gVisor bot
2020-04-21Automated rollback of changelist 307477185gVisor bot
PiperOrigin-RevId: 307598974
2020-04-20Merge release-20200323.0-197-g7820415 (automated)gVisor bot
2020-04-20Prevent race when reassigning CancellableTimerGhanan Gowripalan
Capture a timer's locker for each instance of a CancellableTimer so that reassigning a tcpip.CancellableTimer does not cause a data race. Reassigning a tcpip.CancellableTimer updates its underlying locker. When a timer fires, it does a read of the timer's locker variable to lock it. This read of the locker was not synchronized so a race existed where one goroutine may reassign the timer (updating the locker) and another handles the timer firing (attempts to lock the timer's locker). Test: tcpip_test.TestCancellableTimerReassignment PiperOrigin-RevId: 307499822
2020-04-20Merge release-20200323.0-195-g07b1b4c (automated)gVisor bot
2020-04-20Merge pull request #2313 from kevinGC:firstngVisor bot
PiperOrigin-RevId: 307477185
2020-04-20Merge release-20200323.0-187-gdb2a60b (automated)gVisor bot
2020-04-19Don't accept segments outside the receive windowEyal Soha
Fixed to match RFC 793 page 69. Fixes #1607 PiperOrigin-RevId: 307334892
2020-04-17Merge release-20200323.0-181-g486759a (automated)gVisor bot
2020-04-17Support NDP DNS Search List optionGhanan Gowripalan
Inform the netstack integrator when the netstack receives an NDP Router Advertisement message with the NDP DNS Search List option with at least one domain name. The stack will not maintain any state related to the search list - the integrator is expected to maintain any required state and invalidate domain names after their lifetime expires, or refresh the lifetime when a new one is received for a known domain name. Test: - header_test.TestNDPDNSSearchListOption - header_test.TestNDPDNSSearchListOptionSerialize - header_test.TestNDPSearchListOptionDomainNameLabelInvalidSymbols - header_test.TestNDPOptionsIterCheck - stack_test.TestNDPDNSSearchListDispatch PiperOrigin-RevId: 307109375
2020-04-17Remove View.First() and View.RemoveFirst()Kevin Krakauer
These methods let users eaily break the VectorisedView abstraction, and allowed netstack to slip into pseudo-enforcement of the "all headers are in the first View" invariant. Removing them and replacing with PullUp(n) breaks this reliance and will make it easier to add iptables support and rework network buffer management. The new View.PullUp(n) method is low cost in the common case, when when all the headers fit in the first View.
2020-04-17Merge release-20200323.0-175-g6c225ea (automated)gVisor bot
2020-04-17Allow caller-defined sinks for packet sniffing.Tamir Duberstein
PiperOrigin-RevId: 307053624
2020-04-17Merge release-20200323.0-174-gb4de018 (automated)gVisor bot
2020-04-17Permit setting unknown optionsTamir Duberstein
This previously changed in 305699233, but this behaviour turned out to be load bearing. PiperOrigin-RevId: 307033802
2020-04-17Merge release-20200323.0-172-gf367cf8 (automated)gVisor bot
2020-04-16Drop invalid NDP NA messagesGhanan Gowripalan
Better validate NDP NAs options before updating the link address cache. Test: stack_test.TestNeighorAdvertisementWithTargetLinkLayerOption PiperOrigin-RevId: 306962924
2020-04-17Merge release-20200323.0-171-ge7dcd94 (automated)gVisor bot
2020-04-16Properly delegate WaitTamir Duberstein
PiperOrigin-RevId: 306959393
2020-04-17Merge release-20200323.0-170-g3b05f57 (automated)gVisor bot
2020-04-16Reset pending connections on listener shutdown.Mithun Iyer
When the listening socket is read shutdown, we need to reset all pending and incoming connections. Ensure that the endpoint is not cleaned up from the demuxer and subsequent bind to same port does not go through. PiperOrigin-RevId: 306958038
2020-04-17Merge release-20200323.0-169-gb33c3bb (automated)gVisor bot