Age | Commit message (Collapse) | Author |
|
As per RFC 7217 section 6, attempt to regenerate IPv6 SLAAC address in response
to a DAD conflict if the address was generated with an opaque IID as outlined in
RFC 7217 section 5.
Test:
- stack_test.TestAutoGenAddrWithOpaqueIIDDADRetries
- stack_test.TestAutoGenAddrWithEUI64IIDNoDADRetries
- stack_test.TestAutoGenAddrContinuesLifetimesAfterRetry
PiperOrigin-RevId: 306555645
|
|
PiperOrigin-RevId: 305807868
|
|
Better validate NDP NS messages and their options before doing work in
response to them. Also make sure that NA messages sent in response to
an NS use the correct IPv6 and link-layer addresses so they are
routed properly and received by the right node.
Test: stack_test.TestNeighorSolicitationResponse
PiperOrigin-RevId: 305799054
|
|
PiperOrigin-RevId: 305699233
|
|
Updates #2243
|
|
Updates #2243
|
|
Test:
- header_test.TestIPv6ExtHdrIter
- ipv6_test.TestReceiveIPv6Fragments
Updates #2197, #2333
PiperOrigin-RevId: 305330178
|
|
Software GSO implementation currently has a complicated code path with
implicit assumptions that all packets to WritePackets carry same Data
and it does this to avoid allocations on the path etc. But this makes it
hard to reuse the WritePackets API.
This change breaks all such assumptions by introducing a new Vectorised
View API ReadToVV which can be used to cleanly split a VV into multiple
independent VVs. Further this change also makes packet buffers linkable
to form an intrusive list. This allows us to get rid of the array of
packet buffers that are passed in the WritePackets API call and replace
it with a list of packet buffers.
While this code does introduce some more allocations in the benchmarks
it doesn't cause any degradation.
Updates #231
PiperOrigin-RevId: 304731742
|
|
As per RFC 6980 section 5, nodes MUST silently ignore NDP messages if
the packet carrying them include an IPv6 Fragmentation Header.
Test: ipv6_test.TestNDPValidation
PiperOrigin-RevId: 304519379
|
|
Tests:
- ipv6_test.TestHopLimitValidation
- ipv6_test.TestRouterAdvertValidation
PiperOrigin-RevId: 304495723
|
|
Timeouts were increased to deflake pkg/tcpip/stack:stack_x_test tests
that depend on timers. Some timeouts used previously were intended for
tests that do not depend on timers, so this change updates those
timeouts to give more time for a timer-based event to occur. This
change also de-parallelizes non-subtests to reduce the number of active
timers.
Test: bazel test //pkg/tcpip/stack:stack_x_test --runs_per_test=500
PiperOrigin-RevId: 304287622
|
|
PiperOrigin-RevId: 304098611
|
|
Enables handling the Hop by Hop and Destination Options extension
headers, but options are not yet supported. All options will be
treated as unknown and their respective action will be followed.
Note, the stack does not yet support sending ICMPv6 error messages in
response to options that cannot be handled/parsed. That will come
in a later change (Issue #2211).
Tests:
- header_test.TestIPv6UnknownExtHdrOption
- header_test.TestIPv6OptionsExtHdrIterErr
- header_test.TestIPv6OptionsExtHdrIter
- ipv6_test.TestReceiveIPv6ExtHdrs
PiperOrigin-RevId: 303433085
|
|
PiperOrigin-RevId: 303212189
|
|
PiperOrigin-RevId: 303208407
|
|
Enables the reassembly of fragmented IPv6 packets and handling of the
Routing extension header with a Segments Left value of 0. Atomic
fragments are handled as described in RFC 6946 to not interfere with
"normal" fragment traffic. No specific routing header type is supported.
Note, the stack does not yet support sending ICMPv6 error messages in
response to IPv6 packets that cannot be handled/parsed. That will come
in a later change (Issue #2211).
Test:
- header_test.TestIPv6RoutingExtHdr
- header_test.TestIPv6FragmentExtHdr
- header_test.TestIPv6ExtHdrIterErr
- header_test.TestIPv6ExtHdrIter
- ipv6_test.TestReceiveIPv6ExtHdrs
- ipv6_test.TestReceiveIPv6Fragments
RELNOTES: n/a
PiperOrigin-RevId: 303189584
|
|
This feature will match UID and GID of the packet creator, for locally
generated packets. This match is only valid in the OUTPUT and POSTROUTING
chains. Forwarded packets do not have any socket associated with them.
Packets from kernel threads do have a socket, but usually no owner.
|
|
PiperOrigin-RevId: 303156734
|
|
- Change receiver of endpoint lookup functions
- Remove unused struct fields and functions in test
- s/%v/%s/ for errors
- Capitalize NIC
https://github.com/golang/go/wiki/CodeReviewComments#initialisms
PiperOrigin-RevId: 303119580
|
|
PiperOrigin-RevId: 302924789
|
|
This allows the link layer endpoints to consistenly hash a TCP
segment to a single underlying queue in case a link layer endpoint
does support multiple underlying queues.
Updates #231
PiperOrigin-RevId: 302760664
|
|
This is a precursor to be being able to build an intrusive list
of PacketBuffers for use in queuing disciplines being implemented.
Updates #2214
PiperOrigin-RevId: 302677662
|
|
PiperOrigin-RevId: 302110328
|
|
PiperOrigin-RevId: 301859066
|
|
Updates #231, #357
PiperOrigin-RevId: 301833669
|
|
workMu is removed and e.mu is now a mutex that supports TryLock. The packet
processing path tries to lock the mutex and if its locked it will just queue the
packet and move on. The endpoint.UnlockUser() will process any backlog of
packets before unlocking the socket.
This simplifies the locking inside tcp endpoints a lot. Further the
endpoint.LockUser() implements spinning as long as the lock is not held by
another syscall goroutine. This ensures low latency as not spinning leads to the
task thread being put to sleep if the lock is held by the packet dispatch
path. This is suboptimal as the lower layer rarely holds the lock for long so
implementing spinning here helps.
If the lock is held by another task goroutine then we just proceed to call
LockUser() and the task could be put to sleep.
The protocol goroutines themselves just call e.mu.Lock() and block if the
lock is currently not available.
Updates #231, #357
PiperOrigin-RevId: 301808349
|
|
This will aid in segment reordering detection.
Updates #691
PiperOrigin-RevId: 301692638
|
|
PiperOrigin-RevId: 301382690
|
|
PiperOrigin-RevId: 301208471
|
|
PiperOrigin-RevId: 301197007
|
|
PiperOrigin-RevId: 301157950
|
|
PiperOrigin-RevId: 300832988
|
|
Previously, SLAAC related state was stored on a per-address basis. This was
sufficient for the simple case of a single SLAAC address per prefix, but
future CLs will introduce temporary addresses which will result in multiple
SLAAC addresses for a prefix. This refactor allows storing multiple addresses
for a prefix in a single SLAAC prefix state.
No behaviour changes - existing tests continue to pass.
PiperOrigin-RevId: 300832812
|
|
When a NIC is removed, attempt to disable the NIC first to cleanup
dynamic state and stop ongoing periodic tasks (e.g. IPv6 router
solicitations, DAD) so that a removed NIC does not attempt to send
packets.
Tests:
- stack_test.TestRemoveUnknownNIC
- stack_test.TestRemoveNIC
- stack_test.TestDADStop
- stack_test.TestCleanupNDPState
- stack_test.TestRouteWithDownNIC
- stack_test.TestStopStartSolicitingRouters
PiperOrigin-RevId: 300805857
|
|
- Don't allocate []*endpointsByNic in transportDemuxer.deliverPacket() unless
actually needed for UDP broadcast/multicast.
- Don't allocate []*endpointsByNic via transportDemuxer.findEndpointLocked()
=> transportDemuxer.findAllEndpointsLocked().
- Skip unnecessary map lookups in transportDemuxer.findEndpointLocked() =>
transportDemuxer.findAllEndpointsLocked() (now iterEndpointsLocked).
For most deliverable packets other than UDP broadcast/multicast packets, this
saves two slice allocations and three map lookups per packet.
PiperOrigin-RevId: 300804135
|
|
LinkEndpoints may expect/assume that the a tcpip.PacketBuffer's Header
has enough capacity for its own headers, as per documentation for
LinkEndpoint.MaxHeaderLength.
Test: stack_test.TestNICForwarding
PiperOrigin-RevId: 300784192
|
|
PiperOrigin-RevId: 300668506
|
|
Mark /pkg/tcpip/adapters/gonet/gonet_test as flaky.
PiperOrigin-RevId: 300609529
|
|
...instead of sorting at various times. Plug a memory leak by setting
removed elements to nil.
PiperOrigin-RevId: 300471087
|
|
PiperOrigin-RevId: 300467253
|
|
Atomically close the endpoint. Before this change, it was possible for
multiple callers to perform duplicate work.
PiperOrigin-RevId: 300462110
|
|
Endpoints which were being terminated in an ERROR state or were moved to CLOSED
by the worker goroutine do not run cleanupLocked() as that should already be run
by the worker termination. But when making that change we made the mistake of
not removing the endpoint from the danglingEndpoints which is normally done in
cleanupLocked().
As a result these endpoints are leaked since a reference is held to them in the
danglingEndpoints array forever till Stack is torn down.
PiperOrigin-RevId: 300438426
|
|
PiperOrigin-RevId: 300362789
|
|
PiperOrigin-RevId: 300308974
|
|
This change also updates where the IP packet buffer is held in an
outbound tcpip.PacketBuffer from Header to Data. This change removes
unncessary copying of the IP packet buffer when forwarding.
Test: stack_test.TestNICForwarding
PiperOrigin-RevId: 300217972
|
|
Fixes #1510
Test:
- stack_test.TestForwardingWithStaticResolver
- stack_test.TestForwardingWithFakeResolver
- stack_test.TestForwardingWithNoResolver
- stack_test.TestForwardingWithFakeResolverPartialTimeout
- stack_test.TestForwardingWithFakeResolverTwoPackets
- stack_test.TestForwardingWithFakeResolverManyPackets
- stack_test.TestForwardingWithFakeResolverManyResolutions
PiperOrigin-RevId: 300182570
|
|
When list elements are removed from a list but not discarded, it becomes
important to invalidate the references they hold to their former
neighbors to prevent memory leaks.
PiperOrigin-RevId: 299412421
|
|
From RFC 793 s3.9 p61 Event Processing:
CLOSE Call during TIME-WAIT: return with "error: connection closing"
Fixes #1603
PiperOrigin-RevId: 299401353
|
|
If the NIC has a valid IPv6 address assigned, use it as the
source address for outgoing NDP Router Solicitation packets.
Test: stack_test.TestRouterSolicitation
PiperOrigin-RevId: 299398763
|
|
|