Age | Commit message (Collapse) | Author |
|
test/syscalls/linux/iptables.cc:130:3:
error: C99 designator 'name' outside aggregate initializer
130 | };
|
PiperOrigin-RevId: 336331738
|
|
This change also adds support to go_stateify for detecting an appropriate
receiver name, avoiding a large number of false positives.
PiperOrigin-RevId: 335994587
|
|
PiperOrigin-RevId: 335927821
|
|
Most of the IPv4 fragmentation code was moved in the fragmentation
package and it is reused by IPv6 fragmentation.
Test:
- pkg/tcpip/network/ipv4:ipv4_test
- pkg/tcpip/network/ipv6:ipv6_test
- pkg/tcpip/network/fragmentation:fragmentation_test
Fixes #4389
PiperOrigin-RevId: 335714280
|
|
Updates #267
PiperOrigin-RevId: 335713923
|
|
Updates #1487
PiperOrigin-RevId: 335516732
|
|
PiperOrigin-RevId: 335516625
|
|
PiperOrigin-RevId: 335429072
|
|
- When the KCOV_ENABLE_TRACE ioctl is called with the trace kind KCOV_TRACE_PC,
the kcov mode should be set to KCOV_*MODE*_TRACE_PC.
- When the owning task of kcov exits, the memory mapping should not be cleared
so it can be used by other tasks.
- Add more tests (also tested on native Linux kcov).
PiperOrigin-RevId: 335202585
|
|
PiperOrigin-RevId: 335070320
|
|
PiperOrigin-RevId: 334716351
|
|
Adds support for the IPv6-compatible redirect target. Redirection is a limited
form of DNAT, where the destination is always the localhost.
Updates #3549.
PiperOrigin-RevId: 334698344
|
|
Closes #3374
PiperOrigin-RevId: 334505627
|
|
PiperOrigin-RevId: 334478850
|
|
Like matchers, targets should use a module-like register/lookup system. This
replaces the brittle switch statements we had before.
The only behavior change is supporing IPT_GET_REVISION_TARGET. This makes it
much easier to add IPv6 redirect in the next change.
Updates #3549.
PiperOrigin-RevId: 334469418
|
|
PiperOrigin-RevId: 334419854
|
|
When the socket is set with SO_LINGER and close()'d in the initial state, it
should not linger and return immediately.
PiperOrigin-RevId: 334263149
|
|
Network or transport protocols may want to reach the stack. Support this
by letting the stack create the protocol instances so it can pass a
reference to itself at protocol creation time.
Note, protocols do not yet use the stack in this CL but later CLs will
make use of the stack from protocols.
PiperOrigin-RevId: 334260210
|
|
Fixes #1479, #317.
PiperOrigin-RevId: 334258052
|
|
Previously, we did not check the kcov mode when performing task work. As a
result, disabling kcov did not do anything.
Also avoid expensive atomic RMW when consuming coverage data. We don't need the
swap if the value is already zero (which is most of the time), and it is ok if
there are slight inconsistencies due to a race between coverage data generation
(incrementing the value) and consumption (reading a nonzero value and writing
zero).
PiperOrigin-RevId: 334049207
|
|
Regarding ThreadCpuTimeArray.java: The test starts 10 threads, each of which
does some computation, then blocks. When all threads are blocked, the test
sleeps for 200ms, then checks that less than 100ns of CPU time in userspace
elapse over the course of the sleep; AFAICT, the 100ns of slop is because a
thread indicates that it's in the WAITING state before it actually blocks, and
because signals can cause threads to be temporarily woken. gVisor's CPU clocks
have a granularity of 10ms (the interval of Kernel.cpuClockTicker is
//pkg/abi/linux.ClockTick), so a single tick pushes the test over the
threshold.
PiperOrigin-RevId: 333830287
|
|
Changes in Nginx Benchmarks in network_tests also affect Startup/Size
Nginx Benchmarks. Make sure the commands line up.
PiperOrigin-RevId: 333543697
|
|
segment_queue today has its own standalone limit of MaxUnprocessedSegments but
this can be a problem in UnlockUser() we do not release the lock till there are
segments to be processed. What can happen is as handleSegments dequeues packets
more keep getting queued and we will never release the lock. This can keep
happening even if the receive buffer is full because nothing can read() till we
release the lock.
Further having a separate limit for pending segments makes it harder to track
memory usage etc. Unifying the limits makes it easier to reason about memory in
use and makes the overall buffer behaviour more consistent.
PiperOrigin-RevId: 333508122
|
|
PiperOrigin-RevId: 333461380
|
|
Mostly simplifies SKIP_IF statements and adds some more documentation.
Also, mknod is now supported by gofer fs, so remove SKIP_IFs related to this.
PiperOrigin-RevId: 333449932
|
|
PiperOrigin-RevId: 333408633
|
|
PiperOrigin-RevId: 333400865
|
|
PiperOrigin-RevId: 332961666
|
|
Calls to recv sometimes fail with EAGAIN, so call select beforehand.
PiperOrigin-RevId: 332943156
|
|
"DefaultValueEqZero" is only valid if the test is in a
sandbox. Our CI VMs often have "/proc/sys/net/ipv4/ip_forward" set
to 1.
PiperOrigin-RevId: 332910859
|
|
PiperOrigin-RevId: 332907453
|
|
`recv` calls with MSG_DONTWAIT can fail with EAGAIN randomly
in tests. Fix this by calling `select` on sockets with a timeout
prior to attempting a `recv`.
PiperOrigin-RevId: 332873735
|
|
PiperOrigin-RevId: 332760843
|
|
Unfortunately, I think TSC misalignment means that we can't really expect any
consistent correspondence between a TSC-based VDSO and the sentry's view of
time on the KVM platform.
PiperOrigin-RevId: 332576147
|
|
PiperOrigin-RevId: 332546659
|
|
Updates #1199
PiperOrigin-RevId: 332539197
|
|
PiperOrigin-RevId: 332521647
|
|
This is more consistent with Linux (see comment on MM.NewSharedAnonMappable()).
We don't do the same thing on VFS1 for reasons documented by the updated
comment.
PiperOrigin-RevId: 332514849
|
|
Updates #3549.
PiperOrigin-RevId: 332501660
|
|
TCP needs to enqueue any send requests arriving when the connection is in
SYN_SENT state. The data should be sent out soon after completion of the
connection handshake.
Fixes #3995
PiperOrigin-RevId: 332482041
|
|
`ip6tables -t filter` is now usable. NAT support will come in a future CL.
#3549
PiperOrigin-RevId: 332381801
|
|
SO_LINGER is a socket level option and should be stored on all endpoints even
though it is used to linger only for TCP endpoints.
PiperOrigin-RevId: 332369252
|
|
Docker does not have IPv6 port forwarding as tracked by the following issue:
https://github.com/moby/moby/issues/11518
So when running bazel itself inside a docker container, we can not use the host
port bindings to communicate with sockets inside the container. This was causing
integration tests and image tests to fail when run through our Makefile targets.
PiperOrigin-RevId: 332355051
|
|
This change includes overlay, special regular gofer files, and hostfs.
Fixes #3589.
PiperOrigin-RevId: 332330860
|
|
PiperOrigin-RevId: 332328860
|
|
|
|
PiperOrigin-RevId: 332281930
|
|
PiperOrigin-RevId: 332281912
|
|
PiperOrigin-RevId: 332122081
|
|
There are two device names on the test net.
- The sniffer/injector device which is always a linux device. Only the
testbench library is interested in this device.
- The device which is on the DUT. It happens to be the same device as
the former if DUT is linux. An individual test might be interested in
this device if the test cares about the device name.
PiperOrigin-RevId: 332112968
|