Age | Commit message (Collapse) | Author |
|
On receiving an ICMP error during handshake, the error is propagated
by reading `endpoint.lastError`. This can race with the socket layer
invoking getsockopt() with SO_ERROR where the same value is read and
cleared, causing the handshake to bail out with a non-error state.
Fix the race by checking for lastError state and failing the
handshake with ErrConnectionAborted if the lastError was read and
cleared by say SO_ERROR.
The race mentioned in the bug, is caught only with the newly added
tcp_test unit test, where we have control over stopping/resuming
protocol loop. Adding a packetimpact test as well for sanity testing
of ICMP error handling during handshake.
Fixes #5922
PiperOrigin-RevId: 372135662
|
|
PiperOrigin-RevId: 368938936
|
|
- Change the accept queue full condition for a listening endpoint
to only honor completed (and delivered) connections.
- Use syncookies if the number of incomplete connections is beyond
listen backlog. This also cleans up the SynThreshold option code
as that is no longer used with this change.
- Added a new stack option to unconditionally generate syncookies.
Similar to sysctl -w net.ipv4.tcp_syncookies=2 on Linux.
- Enable keeping of incomplete connections beyond listen backlog.
- Drop incoming SYNs only if the accept queue is filled up.
- Drop incoming ACKs that complete handshakes when accept queue is full
- Enable the stack to accept one more connection than programmed by
listen backlog.
- Handle backlog argument being zero, negative for listen, as Linux.
- Add syscall and packetimpact tests to reflect the changes above.
- Remove TCPConnectBacklog test which is polling for completed
connections on the client side which is not reflective of whether
the accept queue is filled up by the test. The modified syscall test
in this CL addresses testing of connecting sockets.
Fixes #3153
PiperOrigin-RevId: 366935921
|
|
- Don't cleanup containers in Network.Cleanup, otherwise containers will
be killed and removed several times.
- Don't set AutoRemove for containers. This will prevent the confusing
'removal already in progress' messages.
Fixes #3795
PiperOrigin-RevId: 364404414
|
|
The tests were not using the correct windowSize so the testing segments were
actually within the window for seqNumOffset=0 tests. The issue is already fixed
by #5674.
PiperOrigin-RevId: 364252630
|
|
Netstack does not check ACK number for FIN-ACK packets and goes into TIMEWAIT
unconditionally. Fixing the state machine will give us back the retransmission
of FIN.
PiperOrigin-RevId: 363301883
|
|
TCP, in CLOSING state, MUST send an ACK with next expected SEQ number after
receiving any segment with OTW SEQ number and remain in the same state.
While I am here, I also changed shutdown to behave the same as other calls
in posix_server.
PiperOrigin-RevId: 362976955
|
|
By default net.ipv4.ping_group_range is set to "1 0" and no one (even the root)
can create an ICMP socket. Setting it to "0 0" allows root, which we are inside
the container, to create ICMP sockets for packetimpact tests.
PiperOrigin-RevId: 362454201
|
|
Some OSs behave slightly differently, but still within the RFC. It can be useful
to have access to uname information from the testbench.
PiperOrigin-RevId: 361193766
|
|
- open flags can be different on different OSs, by putting SetNonblocking into
the posix_server rather than the testbench, we can always get the right value
for O_NONBLOCK
- merged the tcp_queue_{send,receive}_in_syn_sent into a single file
PiperOrigin-RevId: 359620630
|
|
Remove flaky tcp_reordering_test as it does not check reordering. We have
added new reorder tests in tcp_rack_test.go
PiperOrigin-RevId: 357278769
|
|
Previously, sending on an unconnected UDP socket would ignore the
SO_BINDTODEVICE option. Send on the configured interface when an UDP socket
is bound to an interface through setsockop SO_BINDTODEVICE.
Add packetimpact tests exercising UDP reads and writes with every combination
of bound/unbound, broadcast/multicast/unicast destination, and bound/not-bound
to device.
PiperOrigin-RevId: 354299670
|
|
This CL adds support for the following fields:
- RTT, RTTVar, RTO
- send congestion window (sndCwnd) and send slow start threshold (sndSsthresh)
- congestion control state(CaState)
- ReorderSeen
PiperOrigin-RevId: 354195361
|
|
- Added packetimpact tests for RACK.
PiperOrigin-RevId: 353282342
|
|
This includes minor fix-ups:
* Handle SIGTERM in runsc debug, to exit gracefully.
* Fix cmd.debug.go opening all profiles as RDONLY.
* Fix the test name in fio_test.go, and encode the block size in the test.
PiperOrigin-RevId: 350205718
|
|
PiperOrigin-RevId: 346487763
|
|
Prior to this change tcpdump would fail to create its output file
because the destination directory was owned by root. This would later
cause killall to fail, as tcpdump was not running. Check exit code of
tcpdump/tshark to produce better error messages should this regress.
PiperOrigin-RevId: 346353911
|
|
Avoid action at a distance where both `snifferArgs` and `snifferProg`
must stay in sync.
PiperOrigin-RevId: 346341231
|
|
- Remove unused constants
- Correct function doc comment
- Remove useless cast
- Restore comment removed in an earlier change
PiperOrigin-RevId: 346205943
|
|
PiperOrigin-RevId: 346109185
|
|
With the recent changes db36d948fa63ce950d94a5e8e9ebc37956543661, we try
to balance the receive window advertisements between payload lengths vs
segment overhead length. This works fine when segment size are much
higher than the overhead, but not otherwise. In cases where the segment
length is smaller than the segment overhead, we may end up not
advertising zero receive window for long time and end up tail-dropping
segments. This is especially pronounced when application socket reads
are slow or stopped. In this change we do not grow the right edge of
the receive window for smaller segment sizes similar to Linux.
Also, we keep track of the socket buffer usage and let the window grow
if the application is actively reading data.
Fixes #4903
PiperOrigin-RevId: 345832012
|
|
To create DUTs in parallel, we need to create goroutines to do the setup. The
old code base has a lot of t.Fatal(f) usage in those setup functions which is
not great for this change: "FailNow must be called from the goroutine running
the test or benchmark function, not from other goroutines created during the
test" (https://golang.org/pkg/testing/#T.FailNow).
- Cleanup all t.Fatal(f) usage in DUT.Prepare()
- use goroutines to create DUTs in parallel
PiperOrigin-RevId: 344275809
|
|
Added a new flag num_duts to the test runner to create multiple DUTs for the
testbench can connect to.
PiperOrigin-RevId: 344195435
|
|
Because the code handles a bad header as "payload" right up to the last moment
we need to make sure payload handling does not remove the error information.
Fixes #4909
PiperOrigin-RevId: 344141690
|
|
Group addressable endpoints can simply check if it has joined the
multicast group without maintaining address endpoints. This also
helps remove the dependency on AddressableEndpoint from
GroupAddressableEndpoint.
Now that group addresses are not tracked with address endpoints, we can
avoid accidentally obtaining a route with a multicast local address.
PiperOrigin-RevId: 343336912
|
|
PiperOrigin-RevId: 343144023
|
|
Updates #4427
PiperOrigin-RevId: 342703931
|
|
The IPv6 reassembly test was also refactored to be easily extended with
more cases.
PiperOrigin-RevId: 339768605
|
|
By exposing an ALL_TESTS list in defs.bzl we can make sure all packetimpact
users get to agree on the list of all tests. A defect in this approach is that
we have to keep a list of packetimpact_testbench rules in the BUILD file. An
helper validate_all_tests has been added to help keep BUILD and .bzl files in
sync.
PiperOrigin-RevId: 337411839
|
|
PiperOrigin-RevId: 333400865
|
|
There are two device names on the test net.
- The sniffer/injector device which is always a linux device. Only the
testbench library is interested in this device.
- The device which is on the DUT. It happens to be the same device as
the former if DUT is linux. An individual test might be interested in
this device if the test cares about the device name.
PiperOrigin-RevId: 332112968
|
|
Packetimpact on Fuchsia was formerly using the Linux test device name. This
change fixes that.
PiperOrigin-RevId: 331211518
|
|
blaze test <test_name>_fuchsia_test will run the corresponding packetimpact
test against fuchsia.
PiperOrigin-RevId: 329835290
|
|
Currently the logs produce
TestOne: packetimpact_test.go:182: listing devices on ... container: process terminated with status: 126
which is not actionable; presumably the `ip` command output is interesting.
PiperOrigin-RevId: 329032105
|
|
Updates #3374
PiperOrigin-RevId: 328378700
|
|
PiperOrigin-RevId: 325280924
|
|
This required minor fixes to the bazel wrapper. The "dut_platform" is
also changed to "native" to line-up with the system call tests and
remove the hard-coded "linux" and "netstack" strings.
|
|
Adds profiling with `runsc debug` or pprof to dockerutil. All
targets using dockerutil should now be able to use profiling.
In addition, modifies existing benchmarks to use profiling.
PiperOrigin-RevId: 323298634
|
|
Previously, ICMP destination unreachable datagrams were ignored by TCP
endpoints. This caused connect to hang when an intermediate router
couldn't find a route to the host.
This manifested as a Kokoro error when Docker IPv6 was enabled. The Ruby
image test would try to install the sinatra gem and hang indefinitely
attempting to use an IPv6 address.
Fixes #3079.
|
|
PiperOrigin-RevId: 322265513
|
|
DUT logs will include logs from the posix server and gVisor, which
provides a way to instrument the DUT during test failures.
PiperOrigin-RevId: 321816647
|
|
Also ironed out all the bugs found on the IPv6 code path that affects socket
bind, send and receive.
PiperOrigin-RevId: 321202653
|
|
These logs include flags passed to packetimpact tests (the Go tests), and test
failure messages.
PiperOrigin-RevId: 320989521
|
|
Moves following to new dockerutil API:
- //test/e2e:integration_test
- //test/image:image_test
- //test/iptables:iptables_test
- //test/root:root_test
- //test/packetimpact:packetimpact_test
PiperOrigin-RevId: 320253118
|
|
Before this change, running packetimpact tests produces:
parameter 'direct' must contain a list of elements, and may no longer
accept a depset. The deprecated behavior may be temporarily re-enabled
by setting --incompatible_disable_depset_inputs=false
The positional parameter to depset has been changed to mean `direct`
rather than its previous meaning of `items`. The documentation[0]
explains:
A positional parameter distinct from other parameters for legacy
support.
If --incompatible_disable_depset_items is false, this parameter
serves as the value of items.
If --incompatible_disable_depset_items is true, this parameter
serves as the value of direct.
See the documentation for these parameters for more details.
[0] https://docs.bazel.build/versions/master/skylark/lib/globals.html
PiperOrigin-RevId: 319555138
|
|
a) When GSO is in use we should not cap the segment to maxPayloadSize in
sender.maybeSendSegment as the GSO logic will cap the segment to the correct
size. Without this the host GSO is not used as we end up breaking up large
segments into small MSS sized segments before writing the packets to the
host.
b) The check to not split a segment due to it not fitting in the receiver window
when there are pending segments is incorrect as segments in writeList can be
really large as we just take the write call's buffer size and create a single
large segment. So a write of say 128KB will just be 1 segment in the
writeList.
The linux code checks if 1 MSS sized segments fits in the receiver's window
and if not then does not split the current segment. gVisor's check was
incorrect that it was checking if the whole segment which could be >>> 1 MSS
would fit in the receiver's window. This was causing us to prematurely stop
sending and falling back to retransmit timer/probe from the other end to send
data.
This was seen when running HTTPD benchmarks where @ HEAD when sending large
files the benchmark was taking forever to run.
The tcp_splitseg_mss_test.go is being deleted as the test as written doesn't
test what is intended correctly. This is because GSO is enabled by default and
the reason the MSS+1 sized segment is sent is because GSO is in use. A proper
test will require disabling GSO on linux and netstack which is going to take a
bit of work in packetimpact to do it correctly.
Separately a new test probably should be written that verifies that a segment >
availableWindow is not split if the availableWindow is < 1 MSS.
Fixes #3107
PiperOrigin-RevId: 319172089
|
|
Separate mount configuration from links and move it to
RunOpts, like the other options.
PiperOrigin-RevId: 317010158
|
|
Tests the effect of reordering on retransmission and window size.
Test covers the expected behavior of both Linux and netstack, however, netstack
does not behave as expected. Further, the current expected behavior of netstack
is not ideal and should be adjusted in the future.
PiperOrigin-RevId: 316015184
|
|
This makes debugging packetimpact tests much easier.
PiperOrigin-RevId: 313662654
|
|
PiperOrigin-RevId: 313300554
|