summaryrefslogtreecommitdiffhomepage
path: root/pkg
AgeCommit message (Collapse)Author
2020-07-16Merge release-20200622.1-168-g5c8c0d65b (automated)gVisor bot
2020-07-15Merge release-20200622.1-167-ge92f38ff0 (automated)gVisor bot
2020-07-15iptables: remove check for NetworkHeaderKevin Krakauer
This is no longer necessary, as we always set NetworkHeader before calling iptables.Check. PiperOrigin-RevId: 321461978
2020-07-15Merge release-20200622.1-166-gbdbab2702 (automated)gVisor bot
2020-07-15Merge release-20200622.1-164-gdb653bb34 (automated)gVisor bot
2020-07-15Merge release-20200622.1-163-g857d03f25 (automated)gVisor bot
2020-07-15fdbased: Vectorized write for packet; relax writev syscall filter.Ting-Yu Wang
Now it calls pkt.Data.ToView() when writing the packet. This may require copying when the packet is large, which puts the worse case in an even worse situation. This sent out in a separate preparation change as it requires syscall filter changes. This change will be followed by the change for the adoption of the new PacketHeader API. PiperOrigin-RevId: 321447003
2020-07-15Add support for SO_ERROR to packet sockets.Bhasker Hariharan
Packet sockets also seem to allow double binding and do not return an error on linux. This was tested by running the syscall test in a linux namespace as root and the current test DoubleBind fails@HEAD. Passes after this change. Updates #173 PiperOrigin-RevId: 321445137
2020-07-15Merge release-20200622.1-162-gfef90c61c (automated)gVisor bot
2020-07-15Fix minor bugs in a couple of interface IOCTLs.Bhasker Hariharan
gVisor incorrectly returns the wrong ARP type for SIOGIFHWADDR. This breaks tcpdump as it tries to interpret the packets incorrectly. Similarly, SIOCETHTOOL is used by tcpdump to query interface properties which fails with an EINVAL since we don't implement it. For now change it to return EOPNOTSUPP to indicate that we don't support the query rather than return EINVAL. NOTE: ARPHRD types for link endpoints are distinct from NIC capabilities and NIC flags. In Linux all 3 exist eg. ARPHRD types are stored in dev->type field while NIC capabilities are more like the device features which can be queried using SIOCETHTOOL but not modified and NIC Flags are fields that can be modified from user space. eg. NIC status (UP/DOWN/MULTICAST/BROADCAST) etc. Updates #2746 PiperOrigin-RevId: 321436525
2020-07-15Merge release-20200622.1-160-g8939fae0a (automated)gVisor bot
2020-07-15Merge pull request #3165 from ridwanmsharif:ridwanmsharif/fuse-off-by-defaultgVisor bot
PiperOrigin-RevId: 321411758
2020-07-15Merge release-20200622.1-158-gfc48ace73 (automated)gVisor bot
2020-07-15hostinet: fix fd leak in fdnotifier for VFS2Tiwei Bie
When we failed to create the new socket after adding the fd to fdnotifier, we should remove the fd from fdnotifier, because we are going to close the fd directly. Fixes: #3241 Signed-off-by: Tiwei Bie <tiwei.btw@antgroup.com>
2020-07-15Merge release-20200622.1-156-g1b9965e06 (automated)gVisor bot
2020-07-14Update special file option name in comment.Dean Deng
PiperOrigin-RevId: 321269281
2020-07-13Merge pull request #3200 from lubinszARM:pr_kvm_ut_1gVisor bot
PiperOrigin-RevId: 321060717
2020-07-13Merge release-20200622.1-148-gc81ac8ec3 (automated)gVisor bot
2020-07-13Merge pull request #2672 from amscanne:shim-integratedgVisor bot
PiperOrigin-RevId: 321053634
2020-07-13Merge release-20200622.1-108-g59a547940 (automated)gVisor bot
2020-07-13Disable debug time adjustment loggingFabricio Voznika
When --debug is enabled, the following log messages are printed every second filling up the log: D0430 18:04:42.823775 129561 parameters.go:238] Clock(Monotonic): error: 46 ns, adjusted frequency from 3591713733 Hz to 3591714196 Hz D0430 18:04:42.823870 129561 parameters.go:238] Clock(Realtime): error: 36 ns, adjusted frequency from 3591714003 Hz to 3591714169 Hz D0430 18:04:42.823892 129561 timekeeper.go:209] Updating VDSO parameters: {monotonicReady:1 monotonicBaseCycles:15758797714254696 monotonicBaseRef:29000233837 monotonicFrequency:3591714196 realtimeReady:1 realtimeBaseCycles:15758797714610880 realtimeBaseRef:1588269882823867374 realtimeFrequency:3591714169} Info and warning messages for larger changes are kept the same. PiperOrigin-RevId: 321048523
2020-07-13Merge release-20200622.1-106-ga287309d9 (automated)gVisor bot
2020-07-13Fix recvMMsgDispatcher not slicing link header correctly.Ting-Yu Wang
PiperOrigin-RevId: 321035635
2020-07-13Merge release-20200622.1-104-gcf0826653 (automated)gVisor bot
2020-07-13Clean up inotify comments.Dean Deng
PiperOrigin-RevId: 321028238
2020-07-13Merge release-20200622.1-102-g6994f4d59 (automated)gVisor bot
2020-07-13[vfs2] Make gofer metadata atomics consistentAyush Ranjan
For accessing metadata fields: - If metadataMu is locked, we can access without atomics - If metadataMu is unlocked, we should use atomics For mutating metadata fields: - Always lock metadataMu and use atomics. There were some instances of inconsistencies which have been fixed. PiperOrigin-RevId: 321022895
2020-07-13Initial golang BenchmarksZach Koopmans
PiperOrigin-RevId: 321021071
2020-07-13Merge release-20200622.1-100-g505b4f5e5 (automated)gVisor bot
2020-07-13Merge pull request #3136 from lubinszARM:pr_sys64_1gVisor bot
PiperOrigin-RevId: 321020733
2020-07-13Merge release-20200622.1-97-g43c209f48 (automated)gVisor bot
2020-07-13garbage collect connectionsKevin Krakauer
As in Linux, we must periodically clean up unused connections. PiperOrigin-RevId: 321003353
2020-07-13Merge release-20200622.1-92-g9c32fd3f4 (automated)gVisor bot
2020-07-12Do not copy sleep.WakerGhanan Gowripalan
sleep.Waker's fields are modified as values. PiperOrigin-RevId: 320873451
2020-07-11Merge release-20200622.1-90-g216dcebc0 (automated)gVisor bot
2020-07-11Stub out SO_DETACH_FILTER.Bhasker Hariharan
Updates #2746 PiperOrigin-RevId: 320757963
2020-07-10Split the kvm ut test cases to correspond to different platformsBin Lu
Split the kvm ut test cases to pass unit-tests on Arm64. I will add the tls and full-context test cases for Arm64 later. Signed-off-by: Bin Lu <bin.lu@arm.com>
2020-07-10Merge release-20200622.1-89-g5df3a8fed (automated)gVisor bot
2020-07-09Discard multicast UDP source address.gVisor bot
RFC-1122 (and others) specify that UDP should not receive datagrams that have a source address that is a multicast address. Packets should never be received FROM a multicast address. See also, RFC 768: 'User Datagram Protocol' J. Postel, ISI, 28 August 1980 A UDP datagram received with an invalid IP source address (e.g., a broadcast or multicast address) must be discarded by UDP or by the IP layer (see rfc 1122 Section 3.2.1.3). This CL does not address TCP or broadcast which is more complicated. Also adds a test for both ipv6 and ipv4 UDP. Fixes #3154 PiperOrigin-RevId: 320547674
2020-07-09Update shim to build using bazel.Adin Scannell
The go.mod dependency tree for the shim was somehow contradictory. After resolving these issues (e.g. explicitly imported k8s 1.14, pulling a specific dbus version), and adding all dependencies, the shim can now be build as part of the regular bazel tree. As part of this process, minor cleanup was done in all the source files: headers were standardized (and include "The gVisor Authors" in addition to the "The containerd Authors" if originally derived from containerd sources), and comments were cleaned up to meet coding standards. This change makes the containerd installation dynamic, so that multiple versions can be tested, and drops the static installer for the VM image itself. This change also updates test/root/crictl_test.go and related utilities, so that the containerd tests can be run on any version (and in cases where it applies, they can be run on both v1 and v2 as parameterized tests).
2020-07-09Update canonical paths.Adin Scannell
2020-07-09Merge gvisor-containerd-shimAdin Scannell
2020-07-09Merge release-20200622.1-88-g5946f1118 (automated)gVisor bot
2020-07-09Add support for IP_HDRINCL IP option for raw sockets.Bhasker Hariharan
Updates #2746 Fixes #3158 PiperOrigin-RevId: 320497190
2020-07-09Gate FUSE behind a runsc flagRidwan Sharif
This change gates all FUSE commands (by gating /dev/fuse) behind a runsc flag. In order to use FUSE commands, use the --fuse flag with the --vfs2 flag. Check if FUSE is enabled by running dmesg in the sandbox.
2020-07-09Merge release-20200622.1-85-gc4815af94 (automated)gVisor bot
2020-07-08Add shared mount hints to VFS2Fabricio Voznika
Container restart test is disabled for VFS2 for now. Updates #1487 PiperOrigin-RevId: 320296401
2020-07-08Merge release-20200622.1-81-gf3fa43cf2 (automated)gVisor bot
2020-07-08Move all tests to new docker API.Zach Koopmans
Moves following to new dockerutil API: - //test/e2e:integration_test - //test/image:image_test - //test/iptables:iptables_test - //test/root:root_test - //test/packetimpact:packetimpact_test PiperOrigin-RevId: 320253118
2020-07-08Merge release-20200622.1-80-ge1f11dea2 (automated)gVisor bot