Age | Commit message (Collapse) | Author |
|
Added a new flag num_duts to the test runner to create multiple DUTs for the
testbench can connect to.
PiperOrigin-RevId: 344195435
|
|
Because the code handles a bad header as "payload" right up to the last moment
we need to make sure payload handling does not remove the error information.
Fixes #4909
PiperOrigin-RevId: 344141690
|
|
1. setsockopt(SO_RCVTIMEO, 0) == never timeout
2. float64(time.Microsecond/time.Second) == 0
3. packetimpact tests use a lot of 1s timeouts
This becomes a more significant problem because of a recent change that binds
the sniffer only on the specific testNet interface so now the traffic on the
ctrlNet cannot wake up the blocking call anymore.
PiperOrigin-RevId: 344123465
|
|
Summary of the approach: the test runner will set up a few DUTs according to
a flag and pass all the test networks to the testbench. The testbench will only
reside in a single container. The testbench will put all the test networks into
a buffered channel which served as a semaphore and now the user can freely use
t.Parallel() in (sub)tests and the true parallelism will be determined by how
many DUTs are configured. Creating DUTs on demand is not supported yet, the
test author should determine the number of DUTs to be used statically.
Specifically in this change:
- Don't export any global variables about the test network in testbench.
- Sniffer only binds on the local interface because it will be possible to have
multiple interfaces to multiple DUTs in a single testbench container.
- Migrate existing tests to stop using global variables.
PiperOrigin-RevId: 343965962
|
|
Group addressable endpoints can simply check if it has joined the
multicast group without maintaining address endpoints. This also
helps remove the dependency on AddressableEndpoint from
GroupAddressableEndpoint.
Now that group addresses are not tracked with address endpoints, we can
avoid accidentally obtaining a route with a multicast local address.
PiperOrigin-RevId: 343336912
|
|
PiperOrigin-RevId: 343144023
|
|
Updates #4427
PiperOrigin-RevId: 342703931
|
|
PiperOrigin-RevId: 342366891
|
|
RELNOTES: n/a
PiperOrigin-RevId: 342176296
|
|
Most packets don't have options but they are an integral part of the
standard. Teaching the ipv4 code how to handle them will simplify future
testing and use. Because Options are so rare it is worth making sure
that the extra work is kept out of the fast path as much as possible.
Prior to this change, all usages of the IHL field of the IPv4Fields/Encode
system set it to the same constant value except in a couple of tests
for bad values. From this change IHL will not be a constant as it will
depend on the size of any Options. Since ipv4.Encode() now handles the
options it becomes a possible source of errors to let the callers set
this value, so remove it entirely and calculate the value from the size
of the Options if present (or not) therefore guaranteeing a correct value.
Fixes #4709
RELNOTES: n/a
PiperOrigin-RevId: 341864765
|
|
Teach ICMP.Parser/ToBytes to handle some non echo ICMP packets.
Teach IPv4.Parser that fragments only have a payload, not an upper layer.
Fix IPv4 and IPv6 reassembly tests to handle the change.
Fixes #4758
PiperOrigin-RevId: 341549665
|
|
PiperOrigin-RevId: 341470647
|
|
PiperOrigin-RevId: 340763455
|
|
The IPv6 reassembly test was also refactored to be easily extended with
more cases.
PiperOrigin-RevId: 339768605
|
|
PiperOrigin-RevId: 339699771
|
|
This makes handling inbound fragmented packets easier, because a fragmented
packet might not have an actual ICMP header but only a payload. After this
change, the ICMPv4 is the last layer you can get because the payload is
embedded in it.
Note that this makes it consistent with the ICMPv6 implementation.
While I'm here, I've also added the Ident and Sequence fields on the ICMPv4
type. Defaults are still zero.
PiperOrigin-RevId: 339577094
|
|
PiperOrigin-RevId: 339476515
|
|
By exposing an ALL_TESTS list in defs.bzl we can make sure all packetimpact
users get to agree on the list of all tests. A defect in this approach is that
we have to keep a list of packetimpact_testbench rules in the BUILD file. An
helper validate_all_tests has been added to help keep BUILD and .bzl files in
sync.
PiperOrigin-RevId: 337411839
|
|
PiperOrigin-RevId: 336350318
|
|
This change also adds support to go_stateify for detecting an appropriate
receiver name, avoiding a large number of false positives.
PiperOrigin-RevId: 335994587
|
|
Most of the IPv4 fragmentation code was moved in the fragmentation
package and it is reused by IPv6 fragmentation.
Test:
- pkg/tcpip/network/ipv4:ipv4_test
- pkg/tcpip/network/ipv6:ipv6_test
- pkg/tcpip/network/fragmentation:fragmentation_test
Fixes #4389
PiperOrigin-RevId: 335714280
|
|
When the socket is set with SO_LINGER and close()'d in the initial state, it
should not linger and return immediately.
PiperOrigin-RevId: 334263149
|
|
segment_queue today has its own standalone limit of MaxUnprocessedSegments but
this can be a problem in UnlockUser() we do not release the lock till there are
segments to be processed. What can happen is as handleSegments dequeues packets
more keep getting queued and we will never release the lock. This can keep
happening even if the receive buffer is full because nothing can read() till we
release the lock.
Further having a separate limit for pending segments makes it harder to track
memory usage etc. Unifying the limits makes it easier to reason about memory in
use and makes the overall buffer behaviour more consistent.
PiperOrigin-RevId: 333508122
|
|
PiperOrigin-RevId: 333400865
|
|
TCP needs to enqueue any send requests arriving when the connection is in
SYN_SENT state. The data should be sent out soon after completion of the
connection handshake.
Fixes #3995
PiperOrigin-RevId: 332482041
|
|
There are two device names on the test net.
- The sniffer/injector device which is always a linux device. Only the
testbench library is interested in this device.
- The device which is on the DUT. It happens to be the same device as
the former if DUT is linux. An individual test might be interested in
this device if the test cares about the device name.
PiperOrigin-RevId: 332112968
|
|
PiperOrigin-RevId: 332097286
|
|
gVisor stack ignores RSTs when in TIME_WAIT which is not the default
Linux behavior. Add a packetimpact test to test the same.
Also update code comments to reflect the rationale for the current
gVisor behavior.
PiperOrigin-RevId: 331629879
|
|
Packetimpact on Fuchsia was formerly using the Linux test device name. This
change fixes that.
PiperOrigin-RevId: 331211518
|
|
PiperOrigin-RevId: 329902747
|
|
blaze test <test_name>_fuchsia_test will run the corresponding packetimpact
test against fuchsia.
PiperOrigin-RevId: 329835290
|
|
On receiving an ACK with unacceptable ACK number, in a closing state,
TCP, needs to reply back with an ACK with correct seq and ack numbers and
remain in same state. This change is as per RFC793 page 37, but with a
difference that it does not apply to ESTABLISHED state, just as in Linux.
Also add more tests to check for OTW sequence number and unacceptable
ack numbers in these states.
Fixes #3785
PiperOrigin-RevId: 329616283
|
|
PiperOrigin-RevId: 329526153
|
|
This prevents setting stale errno on responses.
Also fixes TestDiscardsUDPPacketsWithMcastSourceAddressV6 to use correct
multicast addresses in test.
Fixes #3793
PiperOrigin-RevId: 329391155
|
|
Currently the logs produce
TestOne: packetimpact_test.go:182: listing devices on ... container: process terminated with status: 126
which is not actionable; presumably the `ip` command output is interesting.
PiperOrigin-RevId: 329032105
|
|
Updates #3374
PiperOrigin-RevId: 328378700
|
|
When SO_LINGER option is enabled, the close will not return until all the
queued messages are sent and acknowledged for the socket or linger timeout is
reached. If the option is not set, close will return immediately. This option
is mainly supported for connection oriented protocols such as TCP.
PiperOrigin-RevId: 328350576
|
|
PiperOrigin-RevId: 328157101
|
|
PiperOrigin-RevId: 326733912
|
|
This is a preparatory commit for a larger commit working on
ICMP generation in error cases.
This is removal of technical debt and cleanup in the gvisor code
as part of gvisor issue 2211.
Updates #2211.
PiperOrigin-RevId: 326615389
|
|
PiperOrigin-RevId: 325280924
|
|
PiperOrigin-RevId: 325269275
|
|
Test:
- stack_test.TestJoinLeaveMulticastOnNICEnableDisable
- integration_test.TestIncomingMulticastAndBroadcast
PiperOrigin-RevId: 325185259
|
|
This required minor fixes to the bazel wrapper. The "dut_platform" is
also changed to "native" to line-up with the system call tests and
remove the hard-coded "linux" and "netstack" strings.
|
|
PiperOrigin-RevId: 323773771
|
|
PiperOrigin-RevId: 323553832
|
|
Storing *testing.T on test helper structs is problematic when
subtests are used, because it is possible for nested tests to call
Fatal on parent test, which incorrect terminates the parent test.
For example
func TestOuter(t *testing.T) {
dut := NewDUT(t)
t.Run("first test", func(t *testing.T) {
dut.FallibleCall()
})
t.Run("second test", func(t *testing.T) {
dut.FallibleCall()
}
}
In the example above, assuming `FallibleCall` calls `t.Fatal` on the
`t` it holds, if `dut.FallibleCall` fails in "first test", it will
call `Fatal` on the parent `t`, quitting `TestOuter`. This is not a
behavior we want.
PiperOrigin-RevId: 323350241
|
|
Adds profiling with `runsc debug` or pprof to dockerutil. All
targets using dockerutil should now be able to use profiling.
In addition, modifies existing benchmarks to use profiling.
PiperOrigin-RevId: 323298634
|
|
Previously, ICMP destination unreachable datagrams were ignored by TCP
endpoints. This caused connect to hang when an intermediate router
couldn't find a route to the host.
This manifested as a Kokoro error when Docker IPv6 was enabled. The Ruby
image test would try to install the sinatra gem and hang indefinitely
attempting to use an IPv6 address.
Fixes #3079.
|
|
PiperOrigin-RevId: 322265513
|