| Age | Commit message (Collapse) | Author |
|---|
|
|
|
It was originally set to 30s for IPv6 (same as IPv4) but this is not
what RFC 8200 prescibes. Linux also defaults to 60s [1].
[1] https://github.com/torvalds/linux/blob/47ec5303d73ea344e84f46660fff693c57641386/include/net/ipv6.h#L456
PiperOrigin-RevId: 336034636
|
|
|
|
|
|
...per RFC 4861 s7.1.1.
PiperOrigin-RevId: 335742851
|
|
|
|
Most of the IPv4 fragmentation code was moved in the fragmentation
package and it is reused by IPv6 fragmentation.
Test:
- pkg/tcpip/network/ipv4:ipv4_test
- pkg/tcpip/network/ipv6:ipv6_test
- pkg/tcpip/network/fragmentation:fragmentation_test
Fixes #4389
PiperOrigin-RevId: 335714280
|
|
|
|
The IPv4 RFCs are specific (though obtuse) that an echo response
packet needs to contain all the options from the echo request,
much as if it been routed back to the sender, though apparently
with a new TTL. They suggest copying the incoming packet header
to achieve this so that is what this patch does.
PiperOrigin-RevId: 335559176
|
|
|
|
We can get the network endpoint directly from the NIC.
This is a preparatory CL for when a Route needs to hold a dedicated NIC
as its output interface. This is because when forwarding is enabled,
packets may be sent from a NIC different from the NIC a route's local
address is associated with.
PiperOrigin-RevId: 335484500
|
|
|
|
We are currently tracking the minimum RTT for RACK as smoothed RTT. As per RFC
minimum RTT can be a global minimum of all RTTs or filtered value of recent
RTT measurements. In this cl minimum RTT is updated to global minimum of all
RTTs for the connection.
PiperOrigin-RevId: 335061518
|
|
|
|
Adds support for the IPv6-compatible redirect target. Redirection is a limited
form of DNAT, where the destination is always the localhost.
Updates #3549.
PiperOrigin-RevId: 334698344
|
|
|
|
Before this change, OutgoingPacketErrors was incremented in the
stack.Route methods. This was going to be a problem once
IPv4/IPv6 WritePackets support fragmentation because Route.WritePackets
might now know how many packets are left after an error occurs.
Test:
- pkg/tcpip/network/ipv4:ipv4_test
- pkg/tcpip/network/ipv6:ipv6_test
PiperOrigin-RevId: 334687983
|
|
|
|
Add code in IPv6 to send ICMP packets while processing extension headers.
Add some accounting in processing IPV6 Extension headers which
allows us to report meaningful information back in ICMP parameter
problem packets.
IPv4 also needs to send a message when an unsupported protocol
is requested.
Add some tests to generate both ipv4 and ipv6 packets with
various errors and check the responses.
Add some new checkers and cleanup some inconsistencies in
the messages in that file.
Add new error types for the ICMPv4/6 generators.
Fix a bug in the ICMPv4 generator that stopped it from generating
"Unknown protocol" messages.
Updates #2211
PiperOrigin-RevId: 334661716
|
|
|
|
PiperOrigin-RevId: 334652998
|
|
|
|
PiperOrigin-RevId: 334535896
|
|
|
|
PiperOrigin-RevId: 334531794
|
|
|
|
Test: stack_test.TestGetMainNICAddressWhenNICDisabled
PiperOrigin-RevId: 334513286
|
|
|
|
As per relevant IP RFCS (see code comments), broadcast (for IPv4) and
multicast addresses are not allowed. Currently checks for these are
done at the transport layer, but since it is explicitly forbidden at
the IP layers, check for them there.
This change also removes the UDP.InvalidSourceAddress stat since there
is no longer a need for it.
Test: ip_test.TestSourceAddressValidation
PiperOrigin-RevId: 334490971
|
|
|
|
Like matchers, targets should use a module-like register/lookup system. This
replaces the brittle switch statements we had before.
The only behavior change is supporing IPT_GET_REVISION_TARGET. This makes it
much easier to add IPv6 redirect in the next change.
Updates #3549.
PiperOrigin-RevId: 334469418
|
|
|
|
Linux doesn't generate a link-local address for the loopback interface.
Test: integration_test.TestInitialLoopbackAddresses
PiperOrigin-RevId: 334453182
|
|
|
|
Currently expired IP fragments are discarded only if another fragment for the
same IP datagram is received after timeout or the total size of the fragment
queue exceeded a predefined value.
Test: fragmentation.TestReassemblingTimeout
Fixes #3960
PiperOrigin-RevId: 334423710
|
|
|
|
* Remove Capabilities and NICID methods from NetworkEndpoint.
* Remove linkEP and stack parameters from NetworkProtocol.NewEndpoint.
The LinkEndpoint can be fetched from the NetworkInterface. The stack
is passed to the NetworkProtocol when it is created so the
NetworkEndpoint can get it from its protocol.
* Remove stack parameter from TransportProtocol.NewEndpoint.
Like the NetworkProtocol/Endpoint, the stack is passed to the
TransportProtocol when it is created.
PiperOrigin-RevId: 334332721
|
|
|
|
* Add network address to network endpoints.
Hold network-specific state in the NetworkEndpoint instead of the stack.
This results in the stack no longer needing to "know" about the network
endpoints and special case certain work for various endpoints
(e.g. IPv6 DAD).
* Provide NetworkEndpoints with an NetworkInterface interface.
Instead of just passing the NIC ID of a NIC, pass an interface so the
network endpoint may query other information about the NIC such as
whether or not it is a loopback device.
* Move NDP code and state to the IPv6 package.
NDP is IPv6 specific so there is no need for it to live in the stack.
* Control forwarding through NetworkProtocols instead of Stack
Forwarding should be controlled on a per-network protocol basis so
forwarding configurations are now controlled through network protocols.
* Remove stack.referencedNetworkEndpoint.
Now that addresses are exposed via AddressEndpoint and only one
NetworkEndpoint is created per interface, there is no need for a
referenced NetworkEndpoint.
* Assume network teardown methods are infallible.
Fixes #3871, #3916
PiperOrigin-RevId: 334319433
|
|
|
|
In TestReceiveBufferAutoTuning we now send a keep-alive packet to measure the
current window rather than a 1 byte segment as the returned window value in the
latter case is reduced due to the 1 byte segment now being held in the receive
buffer and can cause the test to flake if the segment overheads were to change.
In getSendParams in rcv.go we were advertising a non-zero window even if
available window space was zero after we received the previous segment. In such
a case newWnd and curWnd will be the same and we end up advertising a tiny but
non-zero window and this can cause the next segment to be dropped.
PiperOrigin-RevId: 334314070
|
|
|
|
When the socket is set with SO_LINGER and close()'d in the initial state, it
should not linger and return immediately.
PiperOrigin-RevId: 334263149
|
|
|
|
Network or transport protocols may want to reach the stack. Support this
by letting the stack create the protocol instances so it can pass a
reference to itself at protocol creation time.
Note, protocols do not yet use the stack in this CL but later CLs will
make use of the stack from protocols.
PiperOrigin-RevId: 334260210
|
|
|
|
Generic ICMP errors were required because the transport dispatcher was
given the responsibility of sending ICMP errors in response to transport
packet delivery failures. Instead, the transport dispatcher should let
network layer know it failed to deliver a packet (and why) and let the
network layer make the decision as to what error to send (if any).
Fixes #4068
PiperOrigin-RevId: 333962333
|
|
PiperOrigin-RevId: 333591566
|
|
|
|
segment_queue today has its own standalone limit of MaxUnprocessedSegments but
this can be a problem in UnlockUser() we do not release the lock till there are
segments to be processed. What can happen is as handleSegments dequeues packets
more keep getting queued and we will never release the lock. This can keep
happening even if the receive buffer is full because nothing can read() till we
release the lock.
Further having a separate limit for pending segments makes it harder to track
memory usage etc. Unifying the limits makes it easier to reason about memory in
use and makes the overall buffer behaviour more consistent.
PiperOrigin-RevId: 333508122
|
