summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip
AgeCommit message (Collapse)Author
2020-02-04Merge release-20200127.0-65-g95ce8bb (automated)gVisor bot
2020-01-31Merge release-20200127.0-51-g02997af (automated)gVisor bot
2020-01-31Fix method comment to match method name.Ian Gudger
PiperOrigin-RevId: 292624867
2020-01-31Merge release-20200127.0-48-g77bf586 (automated)gVisor bot
2020-01-31Use multicast Ethernet address for multicast NDPGhanan Gowripalan
As per RFC 2464 section 7, an IPv6 packet with a multicast destination address is transmitted to the mapped Ethernet multicast address. Test: - ipv6.TestLinkResolution - stack_test.TestDADResolve - stack_test.TestRouterSolicitation PiperOrigin-RevId: 292610529
2020-01-31iptables: enable TCP matching with "-m tcp".Kevin Krakauer
A couple other things that changed: - There's a proper extension registration system for matchers. Anyone adding another matcher can use tcp_matcher.go or udp_matcher.go as a template. - All logging and use of syserr.Error in the netfilter package happens at the highest possible level (public functions). Lower-level functions just return normal, descriptive golang errors.
2020-01-31Merge release-20200127.0-47-g528dd1e (automated)gVisor bot
2020-01-31Extract multicast IP to Ethernet address mappingGhanan Gowripalan
Test: header.TestEthernetAddressFromMulticastIPAddress PiperOrigin-RevId: 292604649
2020-01-30Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-30Merge release-20200127.0-38-g4ee64a2 (automated)gVisor bot
2020-01-30Fix for panic in endpoint.Close().Bhasker Hariharan
When sending a RST on shutdown we need to double check the state after acquiring the work mutex as the endpoint could have transitioned out of a connected state from the time we checked it and we acquired the workMutex. I added two tests but sadly neither reproduce the panic. I am going to leave the tests in as they are good to have anyway. PiperOrigin-RevId: 292393800
2020-01-30Merge release-20200127.0-34-gec06797 (automated)gVisor bot
2020-01-30Do not include the Source Link Layer option with an unspecified source addressGhanan Gowripalan
When sending NDP messages with an unspecified source address, the Source Link Layer address must not be included. Test: stack_test.TestDADResolve PiperOrigin-RevId: 292341334
2020-01-30Merge release-20200127.0-33-g6f841c3 (automated)gVisor bot
2020-01-29Do not spawn a goroutine when calling stack.NDPDispatcher's methodsGhanan Gowripalan
Do not start a new goroutine when calling stack.NDPDispatcher.OnDuplicateAddressDetectionStatus. PiperOrigin-RevId: 292268574
2020-01-30Merge release-20200127.0-31-g51b7835 (automated)gVisor bot
2020-01-29Add support for TCP_DEFER_ACCEPT.Bhasker Hariharan
PiperOrigin-RevId: 292233574
2020-01-29Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-28Merge release-20200115.0-126-g431ff52 (automated)gVisor bot
2020-01-28Update link address for senders of Neighbor SolicitationsGhanan Gowripalan
Update link address for senders of NDP Neighbor Solicitations when the NS contains an NDP Source Link Layer Address option. Tests: - ipv6.TestNeighorSolicitationWithSourceLinkLayerOption - ipv6.TestNeighorSolicitationWithInvalidSourceLinkLayerOption PiperOrigin-RevId: 292028553
2020-01-28Merge release-20200115.0-123-gce0bac4 (automated)gVisor bot
2020-01-28Include the NDP Source Link Layer option when sending DAD messagesGhanan Gowripalan
Test: stack_test.TestDADResolve PiperOrigin-RevId: 292003124
2020-01-28Merge release-20200115.0-115-g2a2da5b (automated)gVisor bot
2020-01-27Add a type to represent the NDP Source Link Layer Address optionGhanan Gowripalan
Tests: - header.TestNDPSourceLinkLayerAddressOptionEthernetAddress - header.TestNDPSourceLinkLayerAddressOptionSerialize - header.TestNDPOptionsIterCheck - header.TestNDPOptionsIter PiperOrigin-RevId: 291856429
2020-01-27Merge release-20200115.0-109-g60d7ff7 (automated)gVisor bot
2020-01-27Merge pull request #1676 from majek:marek/FIX-1632-expose-NewPacketConngVisor bot
PiperOrigin-RevId: 291803499
2020-01-27Merge release-20200115.0-107-g90ec596 (automated)gVisor bot
2020-01-27Fix licenses.Adin Scannell
The preferred Copyright holder is "The gVisor Authors". PiperOrigin-RevId: 291786657
2020-01-27Merge release-20200115.0-106-gfbfcfcf (automated)gVisor bot
2020-01-27Update ChecksumVVWithoffset to use unrolled version.Bhasker Hariharan
Fixes #1656 PiperOrigin-RevId: 291777279
2020-01-27Merge release-20200115.0-104-g6b14be4 (automated)gVisor bot
2020-01-27Refactor to hide C from channel.Endpoint.Ting-Yu Wang
This is to aid later implementation for /dev/net/tun device. PiperOrigin-RevId: 291746025
2020-01-27More cleanup.Kevin Krakauer
2020-01-27Cleanup for GH review.Kevin Krakauer
2020-01-27Standardize on tools directory.Adin Scannell
PiperOrigin-RevId: 291745021
2020-01-27Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-27Expose gonet.NewPacketConn, for parity with gonet.NewConn APIMarek Majkowski
gonet.Conn can be created with both gonet.NewConn and gonet.Dial. gonet.PacketConn was created only by gonet.DialUDP. This prevented us from being able to use PacketConn in udp.NewForwarder() context. This simple constructor - NewPacketConn, allows user to create correct structure from that context.
2020-01-27Merge release-20200115.0-102-g6b43cf7 (automated)gVisor bot
2020-01-27Replace calculateChecksum w/ the unrolled version.Bhasker Hariharan
Fixes #1656 PiperOrigin-RevId: 291703760
2020-01-27Merge release-20200115.0-101-g68514d4 (automated)gVisor bot
2020-01-26Unroll checksum computation loop.Bhasker Hariharan
Checksum computation is one of the most expensive bits of packet processing. Manual unrolling of the loop provides significant improvement in checksum speed. Updates #1656 BenchmarkChecksum/checksum_64-12 49834124 23.6 ns/op BenchmarkChecksum/checksum_128-12 27111997 44.1 ns/op BenchmarkChecksum/checksum_256-12 11416683 91.5 ns/op BenchmarkChecksum/checksum_512-12 6375298 174 ns/op BenchmarkChecksum/checksum_1024-12 3403852 338 ns/op BenchmarkChecksum/checksum_1500-12 2343576 493 ns/op BenchmarkChecksum/checksum_2048-12 1730521 656 ns/op BenchmarkChecksum/checksum_4096-12 920469 1327 ns/op BenchmarkChecksum/checksum_8192-12 445885 2637 ns/op BenchmarkChecksum/checksum_16384-12 226342 5268 ns/op BenchmarkChecksum/checksum_32767-12 114210 10503 ns/op BenchmarkChecksum/checksum_32768-12 99138 10610 ns/op BenchmarkChecksum/checksum_65535-12 53438 21158 ns/op BenchmarkChecksum/checksum_65536-12 52993 21067 ns/op BenchmarkUnrolledChecksum/checksum_64-12 61035639 19.1 ns/op BenchmarkUnrolledChecksum/checksum_128-12 36067015 33.6 ns/op BenchmarkUnrolledChecksum/checksum_256-12 19731220 60.4 ns/op BenchmarkUnrolledChecksum/checksum_512-12 9091291 116 ns/op BenchmarkUnrolledChecksum/checksum_1024-12 4976406 226 ns/op BenchmarkUnrolledChecksum/checksum_1500-12 3685224 328 ns/op BenchmarkUnrolledChecksum/checksum_2048-12 2579108 447 ns/op BenchmarkUnrolledChecksum/checksum_4096-12 1350475 887 ns/op BenchmarkUnrolledChecksum/checksum_8192-12 658248 1780 ns/op BenchmarkUnrolledChecksum/checksum_16384-12 335869 3534 ns/op BenchmarkUnrolledChecksum/checksum_32767-12 168650 7095 ns/op BenchmarkUnrolledChecksum/checksum_32768-12 168075 7098 ns/op BenchmarkUnrolledChecksum/checksum_65535-12 75085 14277 ns/op BenchmarkUnrolledChecksum/checksum_65536-12 75921 14127 ns/op PiperOrigin-RevId: 291643290
2020-01-24Merge release-20200115.0-99-g878bda6 (automated)gVisor bot
2020-01-24Lock the NIC when checking if an address is tentativeGhanan Gowripalan
PiperOrigin-RevId: 291426657
2020-01-24Increase timeouts for NDP tests' async eventsGhanan Gowripalan
Increase the timeout to 1s when waiting for async NDP events to help reduce flakiness. This will not significantly increase test times as the async events continue to receive an event on a channel. The increased timeout allows more time for an event to be sent on the channel as the previous timeout of 100ms caused some flakes. Test: Existing tests pass PiperOrigin-RevId: 291420936
2020-01-24Merge branch 'master' into ipt-udp-matchersKevin Krakauer
2020-01-23Merge release-20200115.0-93-g3d10edc (automated)gVisor bot
2020-01-23Merge pull request #1617 from kevinGC:iptables-write-filter-protogVisor bot
PiperOrigin-RevId: 291249314
2020-01-22Merge release-20200115.0-77-g1d97ada (automated)gVisor bot
2020-01-22Use embedded mutex pattern for stack.NICGhanan Gowripalan
- Wrap NIC's fields that should only be accessed while holding the mutex in an anonymous struct with the embedded mutex. - Make sure NIC's spoofing and promiscuous mode flags are only read while holding the NIC's mutex. - Use the correct endpoint when sending DAD messages. - Do not hold the NIC's lock when sending DAD messages. This change does not introduce any behaviour changes. Tests: Existing tests continue to pass. PiperOrigin-RevId: 291036251
2020-01-22Error marshalling the matcher.Kevin Krakauer
The iptables binary is looking for libxt_.so when it should be looking for libxt_udp.so, so it's having an issue reading the data in xt_match_entry. I think it may be an alignment issue. Trying to fix this is leading to me fighting with the metadata struct, so I'm gonna go kill that.