Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 290846481
|
|
PiperOrigin-RevId: 290840370
|
|
Bug 68320120 was revived because TODOs referenced the IP_RECVTOS bug instead
of the IPV6_RECVTCLASS bug.
PiperOrigin-RevId: 290820178
|
|
Note that these simply will use the same logic as getxattr and setxattr, which
is not yet implemented for most filesystems.
PiperOrigin-RevId: 290800960
|
|
PiperOrigin-RevId: 290793754
|
|
PiperOrigin-RevId: 290789087
|
|
It is used for signalfd where the maximum signal is 64.
PiperOrigin-RevId: 290331008
|
|
PiperOrigin-RevId: 290273702
|
|
PiperOrigin-RevId: 290273561
|
|
These can remain disabled until we actually support extended attributes.
The following modifications were also made:
1. Disable save/restore on tests that change file permissions. Restore will not
work properly for these tests, since it will try to open the file with
read-write after it has been read- or write-only.
2. Change user.abc to user.test.
PiperOrigin-RevId: 290123941
|
|
All inbound segments for connections in ESTABLISHED state are delivered to the
endpoint's queue but for every segment delivered we also queue the endpoint for
processing to a selected processor. This ensures that when there are a large
number of connections in ESTABLISHED state the inbound packets are all handled
by a small number of goroutines and significantly reduces the amount of work the
goscheduler has to perform.
We let connections in other states follow the current path where the
endpoint's goroutine directly handles the segments.
Updates #231
PiperOrigin-RevId: 289728325
|
|
PiperOrigin-RevId: 289718534
|
|
Fixes #1490
Fixes #1495
PiperOrigin-RevId: 289523250
|
|
|
|
PiperOrigin-RevId: 289467083
|
|
Added tests for tcp protocol with input and output rules including options sport and dport
Increased timeout in iptables_test as TCP tests were timing out with existing value.
|
|
This test fails on ubuntu 18.04 because preadv2 for some reason returns
EOPNOTSUPP instead of EINVAL. Instead of root-causing the failure, I'm dropping
the flag in the preadv2 call since it isn't under test in this scenario.
PiperOrigin-RevId: 289188358
|
|
Fix indentation and change function names.
|
|
Problems with different platform architectures have been solved.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 289010316
|
|
Fix the indentation and print statements.
Moved the NAT redirect tests to new file.
Added negative test to check redirect rule on ports other than
redirected port.
|
|
|
|
This change calls a new Truncate method on the EndpointReader in RecvMsg for
both netlink and unix sockets. This allows readers such as sockets to peek at
the length of data without actually reading it to a buffer.
Fixes #993 #1240
PiperOrigin-RevId: 288800167
|
|
Panic found by syzakller.
PiperOrigin-RevId: 288799046
|
|
|
|
PiperOrigin-RevId: 288767927
|
|
|
|
|
|
|
|
|
|
This gets us closer to passing the iptables tests and opens up iptables
so it can be worked on by multiple people.
A few restrictions are enforced for security (i.e. we don't want to let
users write a bunch of iptables rules and then just not enforce them):
- Only the filter table is writable.
- Only ACCEPT rules with no matching criteria can be added.
|
|
PiperOrigin-RevId: 288642552
|
|
The write tests are fitted to Linux-specific behavior, but it is not
well-specified. Tweak the tests to allow for both acceptable outcomes.
PiperOrigin-RevId: 288606386
|
|
PiperOrigin-RevId: 288402480
|
|
There is no syscall_create_module on Arm64.
Signed-off-by: Bin Lu <bin.lu@arm.com>
|
|
PiperOrigin-RevId: 287217899
|
|
Added the ability to get/set the IP_RECVTOS socket option on UDP endpoints. If
enabled, TOS from the incoming Network Header passed as ancillary data in the
ControlMessages.
Test:
* Added unit test to udp_test.go that tests getting/setting as well as
verifying that we receive expected TOS from incoming packet.
* Added a syscall test
PiperOrigin-RevId: 287029703
|
|
This change is needed to be compatible with the Linux kernel.
There is no glibc wrapper for the futex system call, so it is easy to
make a mistake and call syscall(__NR_futex, FUTEX_WAKE, addr) without
the fourth argument. This works on Linux, because it wakes one waiter
even if val is nonpositive.
PiperOrigin-RevId: 286494396
|
|
This test suite has existed for quite a while and has become kind of messy.
Various tests can be joined together by parameterizing.
PiperOrigin-RevId: 286482240
|
|
When listen(2) is called on an unbound socket, the socket is
automatically bound to a random free port with the local address
set to INADDR_ANY.
PiperOrigin-RevId: 286305906
|
|
PiperOrigin-RevId: 286249699
|
|
This avoids conflicting definitions of GetSocketPairs() in outer namespace when
multiple such cc files are complied for one binary.
PiperOrigin-RevId: 286243045
|
|
PiperOrigin-RevId: 286083614
|
|
PiperOrigin-RevId: 286003946
|
|
PiperOrigin-RevId: 285968611
|
|
Add checks for input arguments, file type, permissions, etc. that match
the Linux implementation. A call to get/setxattr that passes all the
checks will still currently return EOPNOTSUPP. Actual support will be
added in following commits.
Only allow user.* extended attributes for the time being.
PiperOrigin-RevId: 285835159
|
|
It would be preferrable to test iptables via syscall tests, but there are some
problems with that approach:
* We're limited to loopback-only, as syscall tests involve only a single
container. Other link interfaces (e.g. fdbased) should be tested.
* We'd have to shell out to call iptables anyways, as the iptables syscall
interface itself is too large and complex to work with alone.
* Running the Linux/native version of the syscall test will require root, which
is a pain to configure, is inherently unsafe, and could leave host iptables
misconfigured.
Using the go_test target allows there to be no new test runner.
PiperOrigin-RevId: 285274275
|
|
Reported-by: syzbot+2c0bcfd87fb4e8b7b009@syzkaller.appspotmail.com
PiperOrigin-RevId: 285228312
|
|
The implementation follows the linux behavior where specifying
a TCP_USER_TIMEOUT will cause the resend timer to honor the
user specified timeout rather than the default rto based timeout.
Further it alters when connections are timedout due to keepalive
failures. It does not alter the behavior of when keepalives are
sent. This is as per the linux behavior.
PiperOrigin-RevId: 285099795
|
|
Support for getxattr and setxattr are in subsequent commits.
PiperOrigin-RevId: 285088817
|