summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip
AgeCommit message (Collapse)Author
2021-11-09Implement OriginalDestinationAddrgonet-originaldestinationMikael Magnusson
2021-11-09Merge release-20211101.0-27-g3f5cfe694 (automated)gogVisor bot
2021-11-09Remove Stack.NewJobTamir Duberstein
Use the static method instead; these methods encourage callers to retain a pointer to the entire stack rather than only its clock which they require. PiperOrigin-RevId: 408651956
2021-11-08Merge release-20211101.0-26-g84b38f4c6 (automated)gVisor bot
2021-11-08Add reference counting to packet buffers.Lucas Manning
PiperOrigin-RevId: 408426639
2021-11-05Merge release-20211101.0-19-gd80af5f8b (automated)gVisor bot
2021-11-04Remove id from sleep.Sleeper API.Adin Scannell
In a subsequent change, the Sleeper API will be plumbed through and used for arbitrary task wakeups. This requires a non-static association of Wakers and Sleepers, which means that a fixed ID no longer works. This is a relatively simple change that removes the ID from the Waker association, and simply uses the Waker pointer itself. That change also makes minor improvements to the tests to ensure that the benchmarks are more representative by removing goroutine start from the hot path (and uses Wakers for required synchronization), adds assertion checks to AddWaker, and clears relevant fields during Done (to allow assertions to pass). PiperOrigin-RevId: 407719630
2021-11-04Merge release-20211026.0-33-g23a115dae (automated)gVisor bot
2021-11-04[syserr] Reverse dependency for tcpip.ErrorZach Koopmans
PiperOrigin-RevId: 407638912
2021-11-02Merge release-20211026.0-26-g88cf2e93e (automated)gVisor bot
2021-11-02Extract tcb & lastUsed to its own lockGhanan Gowripalan
These fields do not need to synchronize reads/writes with the rest of the connection. PiperOrigin-RevId: 407183693
2021-11-02Merge release-20211026.0-23-gea792cb3e (automated)gVisor bot
2021-11-02Properly reap NATed connectionsGhanan Gowripalan
This change fixes a bug when reaping tuples of NAT-ed connections. Previously when reaping a tuple, the other direction's tuple ID was calculated by taking the reaping tuple's ID and inverting it. This works when a connection is not NATed but doesn't work when NAT is performed as the other direction's tuple may use different addresses. PiperOrigin-RevId: 407160930
2021-11-02Merge release-20211026.0-21-g42a08f036 (automated)gVisor bot
2021-11-01Allow partial packets in ICMP errors when NATingGhanan Gowripalan
An ICMP error may not hold the full packet that triggered the ICMP response. As long as the IP header and the transport header is parsable, we should be able to successfully NAT as that is all that we need to identify the connection. PiperOrigin-RevId: 406966048
2021-10-29Merge release-20211019.0-52-g1953d2ad2 (automated)gVisor bot
2021-10-28NAT ICMPv6 errorsGhanan Gowripalan
...so a NAT-ed connection's socket can handle ICMP errors. Updates #5916. PiperOrigin-RevId: 406270868
2021-10-28Merge release-20211019.0-48-g8acc3a9bb (automated)gVisor bot
2021-10-27Reduce eventFD notifications on transmit.Bhasker Hariharan
When transmitting packets we only need to notify if the peer is not already processing packets. sharedData region is used to enable/disable notifications and the peer will disable notifications when its actively processing packets and enable notifications just before it goes to sleep waiting on packets. This allows more efficient transmit as the sharedmem endpoint does not need to notify on eventFD and incur an expensive host systemcall when the peer is already awake. PiperOrigin-RevId: 406018843
2021-10-27Merge release-20211019.0-47-g9541a5842 (automated)gVisor bot
2021-10-27rename tcp_conntrack inbound/outbound to reply/originalKevin Krakauer
Connection tracking is agnostic to whether the packet is inbound or outbound. It cares who initiated the connection. The naming can get confusing as conntrack can track connections originating from any host. Part of resolving #6736. PiperOrigin-RevId: 405997540
2021-10-27Merge release-20211019.0-46-g3015c0ac6 (automated)gVisor bot
2021-10-27NAT ICMPv4 errorsGhanan Gowripalan
...so a NAT-ed connection's socket can handle ICMP errors. Updates #5916. PiperOrigin-RevId: 405970089
2021-10-27Merge release-20211019.0-45-g22a6a3707 (automated)gVisor bot
2021-10-27Record counts of packets with unknown L3/L4 numbersNick Brown
Previously, we recorded a single aggregated count. These per-protocol counts can help us debug field issues when frames are dropped for this reason. PiperOrigin-RevId: 405913911
2021-10-26Merge release-20211019.0-43-gf54a25c1f (automated)gVisor bot
2021-10-26Validate an icmp header before accessing itAndrei Vagin
A header can't be smaller than header.ICMPv4MinimumSize. Reported-by: syzbot+57b68b14b4f6a58bf985@syzkaller.appspotmail.com PiperOrigin-RevId: 405748438
2021-10-21Merge release-20211011.0-39-g207221ffb (automated)gVisor bot
2021-10-21Add an integration test for istio like redirect.Bhasker Hariharan
Updates #6441,#6317 PiperOrigin-RevId: 404872327
2021-10-20Merge release-20211011.0-36-gbdf4e41c8 (automated)gVisor bot
2021-10-19Always parse Transport headersGhanan Gowripalan
..including ICMP headers before delivering them to the TransportDispatcher. Updates #3810. PiperOrigin-RevId: 404404002
2021-10-19Merge release-20211011.0-33-g64aee33ed (automated)gVisor bot
2021-10-19Continue reaping bucket after reaping a tupleGhanan Gowripalan
Reaping an expired tuple removes it from its bucket so we need to grab the succeeding tuple in the bucket before reaping the expired tuple. Before this change, only the first expired tuple in a bucket was reaped per reaper run on the bucket. This change just allows more connections to be reaped. PiperOrigin-RevId: 404392925
2021-10-19Merge release-20211005.0-59-g03bc93d2b (automated)gVisor bot
2021-10-18conntrack: update state of un-NATted connectionsKevin Krakauer
This prevents reaping connections unnecessarily early. This change both moves the state update to the beginning of handlePacket and fixes a bug where un-finalized connections could become un-reapable. Fixes #6748 PiperOrigin-RevId: 404141012
2021-10-18Merge release-20211005.0-58-g211bbf82a (automated)gVisor bot
2021-10-18conntrack: use tcpip.Clock instead of time.TimeKevin Krakauer
- We should be using a monotonic clock - This will make future testing easier Updates #6748. PiperOrigin-RevId: 404072318
2021-10-18Merge release-20211005.0-52-g4f6cda4d0 (automated)gVisor bot
2021-10-18Support distinction for RWMutex and read-only locks.Adin Scannell
Fixes #6590 PiperOrigin-RevId: 404007524
2021-10-15Satisfy nogoGhanan Gowripalan
PiperOrigin-RevId: 403479257
2021-10-15Merge release-20211005.0-49-ge4fc15bd8 (automated)gVisor bot
2021-10-15Implement WriteRawPacket for pipeTony Gong
Implement WriteRawPacket for pipe by calling `DeliverNetworkPacket` on the other end with empty values for the route and protocol number, and relies on the `NetworkDispatcher` to decapsulate the link layer header from the raw packet itself. PiperOrigin-RevId: 403461448
2021-10-13Merge release-20210927.0-71-g4e2cc2bef (automated)gVisor bot
2021-10-13Minor fixes to sharedmem.Bhasker Hariharan
Use route/protocol from packetbuffer. Sharedmem implementation should use the EgressRoute/NetworkProtocolNumber embedded in the packetbuffer rather than what is passed as parameters to Write(Raw)Packet(s). PiperOrigin-RevId: 402934171
2021-10-13Merge release-20210927.0-70-g1796cd89d (automated)gVisor bot
2021-10-13add create-only raw socketsKevin Krakauer
These can be used by applications to manipulate iptables rules without enabling arbitrary reads from and writes to the underlying packet socket. PiperOrigin-RevId: 402924733
2021-10-13Merge release-20210927.0-68-gb74bbe11e (automated)gVisor bot
2021-10-13Represent direction with booleanGhanan Gowripalan
...since direction can only hold one of two possible values. PiperOrigin-RevId: 402855698
2021-10-13Merge release-20210927.0-67-g747cb9246 (automated)gVisor bot
2021-10-12Support Twice NATGhanan Gowripalan
This CL allows both SNAT and DNAT targets to be performed on the same packet. Fixes #5696. PiperOrigin-RevId: 402714738