summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2019-09-12Automated rollback of changelist 268047073Ghanan Gowripalan
PiperOrigin-RevId: 268757842
2019-09-09Fix ephemeral port leak.Ian Gudger
Fix a bug where udp.(*endpoint).Disconnect [accessible in gVisor via epsocket.(*SocketOperations).Connect with AF_UNSPEC] would leak a port reservation if the socket/endpoint had an ephemeral port assigned to it. glibc's getaddrinfo uses connect with AF_UNSPEC, causing each call of getaddrinfo to leak a port. Call getaddrinfo too many times and you run out of ports (shows up as connect returning EAGAIN and getaddrinfo returning EAI_NONAME "Name or service not known"). PiperOrigin-RevId: 268071160
2019-09-09go_marshal: Implement automatic generation of ABI marshalling code.Rahat Mahmood
This CL implements go_marshal, a code generation utility for automatically serializing and deserializing ABI structs. The go_marshal tool automatically generates implementations of the new marshal interface. Unlike binary.Marshal/Unmarshal, the generated interface implementations use no runtime reflection, and translates to a single memcpy for most structs. See go_marshal/README.md for details. PiperOrigin-RevId: 268065475
2019-09-09Join IPv6 all-nodes and solicited-node multicast addresses where appropriate.Ghanan Gowripalan
The IPv6 all-nodes multicast address will be joined on NIC enable, and the appropriate IPv6 solicited-node multicast address will be joined when IPv6 addresses are added. Tests: Test receiving packets destined to the IPv6 link-local all-nodes multicast address and the IPv6 solicted node address of an added IPv6 address. PiperOrigin-RevId: 268047073
2019-09-06Remove reundant global tcpip.LinkEndpointID.Ian Gudger
PiperOrigin-RevId: 267709597
2019-09-06Indicate flipcall synchronization to the Go race detector.Jamie Liu
Since each Endpoint has a distinct mapping of the packet window, the Go race detector does not recognize accesses by connected Endpoints to be related. This means that this change isn't necessary for the Go race detector to accept accesses of flipcall.Endpoint.Data(), but it *is* necessary for it to accept accesses to shared variables outside the scope of flipcall that are synchronized by flipcall.Endpoint state; see updated test for an example. RaceReleaseMerge is needed (instead of RaceRelease) because calls to raceBecomeInactive() from *unrelated* Endpoints can occur in any order. (DowngradableRWMutex.RUnlock() has a similar property: calls to RUnlock() on the same DowngradableRWMutex from different goroutines can occur in any order. Remove the TODO asking to explain this now that this is understood.) PiperOrigin-RevId: 267705325
2019-09-05Better strace logs for statx.Nicolas Lacasse
PiperOrigin-RevId: 267498537
2019-09-04Fix RST generation bugs.Bhasker Hariharan
There are a few cases addressed by this change - We no longer generate a RST in response to a RST packet. - When we receive a RST we cleanup and release all reservations immediately as the connection is now aborted. - An ACK received by a listening socket generates a RST when SYN cookies are not in-use. The only reason an ACK should land at the listening socket is if we are using SYN cookies otherwise the goroutine for the handshake in progress should have gotten the packet and it should never have arrived at the listening endpoint. - Also fixes the error returned when a connection times out due to a Keepalive timer expiration from ECONNRESET to a ETIMEDOUT. PiperOrigin-RevId: 267238427
2019-09-04Handle subnet and broadcast addresses correctly with NIC.subnetsChris Kuiper
This also renames "subnet" to "addressRange" to avoid any more confusion with an interface IP's subnet. Lastly, this also removes the Stack.ContainsSubnet(..) API since it isn't used by anyone. Plus the same information can be obtained from Stack.NICAddressRanges(). PiperOrigin-RevId: 267229843
2019-09-03Impose order on test scripts.Adin Scannell
The simple test script has gotten out of control. Shard this script into different pieces and attempt to impose order on overall test structure. This change helps lay some of the foundations for future improvements. * The runsc/test directories are moved into just test/. * The runsc/test/testutil package is split into logical pieces. * The scripts/ directory contains new top-level targets. * Each test is now responsible for building targets it requires. * The install functionality is moved into `runsc` itself for simplicity. * The existing kokoro run_tests.sh file now just calls all (can be split). After this change is merged, I will create multiple distinct workflows for Kokoro, one for each of the scripts currently targeted by `run_tests.sh` today, which should dramatically reduce the time-to-run for the Kokoro tests, and provides a better foundation for further improvements to the infrastructure. PiperOrigin-RevId: 267081397
2019-09-03Validate IPv6 Hop Limit field for received NDP packetsGhanan Gowripalan
Make sure that NDP packets are only received if their IP header's hop limit field is set to 255, as per RFC 4861. PiperOrigin-RevId: 267061457
2019-09-03Make UDP traceroute work.Bhasker Hariharan
Adds support to generate Port Unreachable messages for UDP datagrams received on a port for which there is no valid endpoint. Fixes #703 PiperOrigin-RevId: 267034418
2019-09-03Ensure that flipcall.Endpoint.Shutdown() shuts down inactive peers.Jamie Liu
PiperOrigin-RevId: 267022978
2019-09-02Remove duplicated file in pkg/tcpip/link/rawfile.Haibo Xu
The blockingpoll_unsafe.go was copied to blockingpoll_noyield_unsafe.go during merging commit 7206202bb9439499. If it still stay here, it would cause build errors on non-amd64 platform. ERROR: pkg/tcpip/link/rawfile/BUILD:5:1: GoCompilePkg pkg/tcpip/link/rawfile.a failed (Exit 1) builder failed: error executing command bazel-out/host/bin/external/go_sdk/builder compilepkg -sdk external/go_sdk -installsuffix linux_arm64 -src pkg/tcpip/link/rawfile/blockingpoll_noyield_unsafe.go -src ... (remaining 33 argument(s) skipped) Use --sandbox_debug to see verbose messages from the sandbox compilepkg: error running subcommand: exit status 2 pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go:35:6: BlockingPoll redeclared in this block previous declaration at pkg/tcpip/link/rawfile/blockingpoll_unsafe.go:26:78 Target //pkg/tcpip/link/rawfile:rawfile failed to build Use --verbose_failures to see the command lines of failed build steps. INFO: Elapsed time: 25.531s, Critical Path: 21.08s INFO: 262 processes: 262 linux-sandbox. FAILED: Build did NOT complete successfully Signed-off-by: Haibo Xu <haibo.xu@arm.com> Change-Id: I4e21f82984225d0aa173de456f7a7c66053a053e
2019-08-30Remove support for non-incremental mapped accounting.Jamie Liu
PiperOrigin-RevId: 266496644
2019-08-30Automated rollback of changelist 261387276Bhasker Hariharan
PiperOrigin-RevId: 266491264
2019-08-30Fix data race accessing referencedNetworkEndpoint.kindChris Kuiper
Wrapping "kind" into atomic access functions. Fixes #789 PiperOrigin-RevId: 266485501
2019-08-30Return correct buffer size for ioctl(socket, FIONREAD)Fabricio Voznika
Ioctl was returning just the buffer size from epsocket.endpoint and it was not considering data from epsocket.SocketOperations that was read from the endpoint, but not yet sent to the caller. PiperOrigin-RevId: 266485461
2019-08-29Implement /proc/net/udp.Rahat Mahmood
PiperOrigin-RevId: 266229756
2019-08-29Merge pull request #655 from praveensastry:feature/runsc-ref-chk-leakgVisor bot
PiperOrigin-RevId: 266226714
2019-08-29Add limit_host_fd_translation Gofer mount option.Jamie Liu
PiperOrigin-RevId: 266177409
2019-08-28Export generated linkAddrEntryEntryTamir Duberstein
PiperOrigin-RevId: 266000128
2019-08-27Populate link address cache at dispatchTamir Duberstein
This allows the stack to learn remote link addresses on incoming packets, reducing the need to ARP to send responses. This also reduces the number of round trips to the system clock, since that may also prove to be performance-sensitive. Fixes #739. PiperOrigin-RevId: 265815816
2019-08-27Fix comment typoMichael Pratt
PiperOrigin-RevId: 265731735
2019-08-27Fix sendfile(2) error codeFabricio Voznika
When output file is in append mode, sendfile(2) should fail with EINVAL and not EBADF. Closes #721 PiperOrigin-RevId: 265718958
2019-08-27Mount volumes as super userFabricio Voznika
This used to be the case, but regressed after a recent change. Also made a few fixes around it and clean up the code a bit. Closes #720 PiperOrigin-RevId: 265717496
2019-08-26netstack/tcp: Add LastAck transition.Rahat Mahmood
Add missing state transition to LastAck, which should happen when the endpoint has already recieved a FIN from the remote side, and is sending its own FIN. PiperOrigin-RevId: 265568314
2019-08-26Add support for Intel cache CPUID leafsMichael Pratt
This exposes L1, L2, etc. cache sizes, cache line size, etc. Across S/R, everything except cache line size can differ from the host. This is because cache line size is critical for correct use of CLFLUSH / CLFLUSHOPT, but as far as I know, the other cache parameters can only affect performance, not correctness. AMD uses different leafs for cache information, which are not yet supported. fail. There are no known cases of cache line size other than 64 in the fleet. PiperOrigin-RevId: 265544786
2019-08-26Merge pull request #696 from xiaobo55x:tcpip_linkgVisor bot
PiperOrigin-RevId: 265534854
2019-08-26Prevent a network endpoint to send/rcv if its address was removedChris Kuiper
This addresses the problem where an endpoint has its address removed but still has outstanding references held by routes used in connected TCP/UDP sockets which prevent the removal of the endpoint. The fix adds a new "expired" flag to the referenced network endpoint, which is set when an endpoint has its address removed. Incoming packets are not delivered to an expired endpoint (unless in promiscuous mode), while sending outgoing packets triggers an error to the caller (unless in spoofing mode). In addition, a few helper functions were added to stack_test.go to reduce code duplications. PiperOrigin-RevId: 265514326
2019-08-23Implement fmt.Stringer on Route by valueTamir Duberstein
This is more convenient, since it implements the interface for both value and pointer. PiperOrigin-RevId: 265086510
2019-08-22Ensure yield-equivalent with an already-expired timeout.Adin Scannell
PiperOrigin-RevId: 264920977
2019-08-22Add log prefix for better claritypraveensastry
2019-08-21Support binding to multicast and broadcast addressesChris Kuiper
This fixes the issue of not being able to bind to either a multicast or broadcast address as well as to send and receive data from it. The way to solve this is to treat these addresses similar to the ANY address and register their transport endpoint ID with the global stack's demuxer rather than the NIC's. That way there is no need to require an endpoint with that multicast or broadcast address. The stack's demuxer is in fact the only correct one to use, because neither broadcast- nor multicast-bound sockets care which NIC a packet was received on (for multicast a join is still needed to receive packets on a NIC). I also took the liberty of refactoring udp_test.go to consolidate a lot of duplicate code and make it easier to create repetitive tests that test the same feature for a variety of packet and socket types. For this purpose I created a "flowType" that represents two things: 1) the type of packet being sent or received and 2) the type of socket used for the test. E.g., a "multicastV4in6" flow represents a V4-mapped multicast packet run through a V6-dual socket. This allows writing significantly simpler tests. A nice example is testTTL(). PiperOrigin-RevId: 264766909
2019-08-21Use tcpip.Subnet in tcpip.RouteTamir Duberstein
This is the first step in replacing some of the redundant types with the standard library equivalents. PiperOrigin-RevId: 264706552
2019-08-20Add tcpip.Route.String and tcpip.AddressMask.PrefixChris Kuiper
PiperOrigin-RevId: 264544163
2019-08-19Document RWF_HIPRI not implemented for preadv2/pwritev2.Zach Koopmans
Document limitation of no reasonable implementation for RWF_HIPRI flag (High Priority Read/Write for block-based file systems). PiperOrigin-RevId: 264237589
2019-08-19Internal change.gVisor bot
PiperOrigin-RevId: 264218306
2019-08-19hostinet: fix parsing route netlink messageJianfeng Tan
We wrongly parses output interface as gateway address. The fix is straightforward. Fixes #638 Signed-off-by: Jianfeng Tan <henry.tjf@antfin.com> Change-Id: Ia4bab31f3c238b0278ea57ab22590fad00eaf061 COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/684 from tanjianfeng:fix-638 b940e810367ad1273519bfa594f4371bdd293e83 PiperOrigin-RevId: 264211336
2019-08-19Read iptables via sockopts.Kevin Krakauer
PiperOrigin-RevId: 264180125
2019-08-16netstack: disconnect an unix socket only if the address family is AF_UNSPECAndrei Vagin
Linux allows to call connect for ANY and the zero port. PiperOrigin-RevId: 263892534
2019-08-16procfs: Migrate seqfile implementations.Ayush Ranjan
Migrates all (except 3) seqfile implementations to the vfs.DynamicBytesSource interface. There should not be any change in functionality due to this migration itself. Please note that the following seqfile implementations have not been migrated: - /proc/filesystems in proc/filesystems.go - /proc/[pid]/mountinfo in proc/mounts.go - /proc/[pid]/mounts in proc/mounts.go This is because these depend on pending changes in /pkg/senty/vfs. PiperOrigin-RevId: 263880719
2019-08-16ptrace: detect if a stub process exited unexpectedlyAndrei Vagin
PiperOrigin-RevId: 263880577
2019-08-16Add subnet checking to NIC.findEndpoint and consolidate with NIC.getRefChris Kuiper
This adds the same logic to NIC.findEndpoint that is already done in NIC.getRef. Since this makes the two functions very similar they were combined into one with the originals being wrappers. PiperOrigin-RevId: 263864708
2019-08-16vfs: Remove vfs.DefaultDirectoryFD from embedding vfs.DefaultFD.Ayush Ranjan
This fixes the implementation ambiguity issues when a filesystem implementation embeds vfs.DefaultDirectoryFD to its directory FD along with an internal common fileDescription utility. For similar reasons also removes FileDescriptionDefaultImpl from DynamicBytesFileDescriptionImpl. PiperOrigin-RevId: 263795513
2019-08-15Document source and versioning of the TCPInfo struct.Rahat Mahmood
PiperOrigin-RevId: 263637194
2019-08-15Don't dereference errors passed to panic()Tamir Duberstein
These errors are always pointers; there's no sense in dereferencing them in the panic call. Changed one false positive for clarity. PiperOrigin-RevId: 263611579
2019-08-15netstack: move resumption logic into *_state.goTamir Duberstein
13a98df rearranged some of this code in a way that broke compilation of the netstack-only export at github.com/google/netstack because *_state.go files are not included in that export. This commit moves resumption logic back into *_state.go, fixing the compilation breakage. PiperOrigin-RevId: 263601629
2019-08-15Enabling pkg/tcpip/link support on arm64.Haibo Xu
Signed-off-by: Haibo Xu haibo.xu@arm.com Change-Id: Ib6b4aa2db19032e58bf0395f714e6883caee460a
2019-08-15Rename fdbased/mmap.go to fdbased/mmap_stub.go.Haibo Xu
Signed-off-by: Haibo Xu haibo.xu@arm.com Change-Id: Id4489554b9caa332695df8793d361f8332f6a13b