summaryrefslogtreecommitdiffhomepage
path: root/test
AgeCommit message (Collapse)Author
2020-07-22iptables: don't NAT existing connectionsKevin Krakauer
Fixes a NAT bug that manifested as: - A SYN was sent from gVisor to another host, unaffected by iptables. - The corresponding SYN/ACK was NATted by a PREROUTING REDIRECT rule despite being part of the existing connection. - The socket that sent the SYN never received the SYN/ACK and thus a connection could not be established. We handle this (as Linux does) by tracking all connections, inserting a no-op conntrack rule for new connections with no rules of their own. Needed for istio support (#170).
2020-07-22Add O_APPEND support in vfs2 gofer.Ayush Ranjan
Helps in fixing open syscall tests: AppendConcurrentWrite and AppendOnly. We also now update the file size for seekable special files (regular files) which we were not doing earlier. Updates #2923 PiperOrigin-RevId: 322670843
2020-07-22Support for receiving outbound packets in AF_PACKET.Bhasker Hariharan
Updates #173 PiperOrigin-RevId: 322665518
2020-07-22Skip RawHDRINCL tests that are blocking presubmits/releases.Dean Deng
Temporarily skip these, on bhaskherh@'s advice. PiperOrigin-RevId: 322664955
2020-07-20Add standard entrypoints for test targets.Adin Scannell
PiperOrigin-RevId: 322265513
2020-07-17Runtime tests are enormousAyush Ranjan
PiperOrigin-RevId: 321885126
2020-07-17Move main methods for benchmark packages main package file.Zach Koopmans
PiperOrigin-RevId: 321875119
2020-07-17DUT logs in test failure messages in packetimpactJay Zhuang
DUT logs will include logs from the posix server and gVisor, which provides a way to instrument the DUT during test failures. PiperOrigin-RevId: 321816647
2020-07-17Automated rollback of changelist 321647645Ayush Ranjan
PiperOrigin-RevId: 321808673
2020-07-17Test UDP packets with mcast source addr are discardedJay Zhuang
PiperOrigin-RevId: 321790802
2020-07-16Add support to return protocol in recvmsg for AF_PACKET.Bhasker Hariharan
Updates #173 PiperOrigin-RevId: 321690756
2020-07-16Port runtime tests to use go_testAyush Ranjan
PiperOrigin-RevId: 321647645
2020-07-15Port httpd benchmarkZach Koopmans
PiperOrigin-RevId: 321478001
2020-07-15Add support for SO_ERROR to packet sockets.Bhasker Hariharan
Packet sockets also seem to allow double binding and do not return an error on linux. This was tested by running the syscall test in a linux namespace as root and the current test DoubleBind fails@HEAD. Passes after this change. Updates #173 PiperOrigin-RevId: 321445137
2020-07-15Fix minor bugs in a couple of interface IOCTLs.Bhasker Hariharan
gVisor incorrectly returns the wrong ARP type for SIOGIFHWADDR. This breaks tcpdump as it tries to interpret the packets incorrectly. Similarly, SIOCETHTOOL is used by tcpdump to query interface properties which fails with an EINVAL since we don't implement it. For now change it to return EOPNOTSUPP to indicate that we don't support the query rather than return EINVAL. NOTE: ARPHRD types for link endpoints are distinct from NIC capabilities and NIC flags. In Linux all 3 exist eg. ARPHRD types are stored in dev->type field while NIC capabilities are more like the device features which can be queried using SIOCETHTOOL but not modified and NIC Flags are fields that can be modified from user space. eg. NIC status (UP/DOWN/MULTICAST/BROADCAST) etc. Updates #2746 PiperOrigin-RevId: 321436525
2020-07-15Merge pull request #3165 from ridwanmsharif:ridwanmsharif/fuse-off-by-defaultgVisor bot
PiperOrigin-RevId: 321411758
2020-07-14Test IPv6 fragment reassemblyZeling Feng
A packetimpact test for: "A node must be able to accept a fragmented packet that, after reassembly, is as large as 1500 octets." PiperOrigin-RevId: 321210729
2020-07-14Add support for UDP IPv6Jay Zhuang
Also ironed out all the bugs found on the IPv6 code path that affects socket bind, send and receive. PiperOrigin-RevId: 321202653
2020-07-13Merge pull request #2672 from amscanne:shim-integratedgVisor bot
PiperOrigin-RevId: 321053634
2020-07-13Initial golang BenchmarksZach Koopmans
PiperOrigin-RevId: 321021071
2020-07-13Add ReadAllFd to test utilFabricio Voznika
PiperOrigin-RevId: 321008185
2020-07-13Create packetimpact test for UDP broadcastJay Zhuang
PiperOrigin-RevId: 321000340
2020-07-13Print testbench log on packetimpact failuresJay Zhuang
These logs include flags passed to packetimpact tests (the Go tests), and test failure messages. PiperOrigin-RevId: 320989521
2020-07-11Runtime test batch executorAyush Ranjan
Earlier we were docker exec-ing each test at a time. However invoking the test framework has a fixed overhead which made it infeasible to make the runtime tests run as presubmits. This change now executes tests in batches of 50 (can be altered). This really speeds up testing process. With this change, the following tests can be run in reasonable times: - Go - Nodejs - Php - Python PiperOrigin-RevId: 320763916
2020-07-11Stub out SO_DETACH_FILTER.Bhasker Hariharan
Updates #2746 PiperOrigin-RevId: 320757963
2020-07-09Update shim to build using bazel.Adin Scannell
The go.mod dependency tree for the shim was somehow contradictory. After resolving these issues (e.g. explicitly imported k8s 1.14, pulling a specific dbus version), and adding all dependencies, the shim can now be build as part of the regular bazel tree. As part of this process, minor cleanup was done in all the source files: headers were standardized (and include "The gVisor Authors" in addition to the "The containerd Authors" if originally derived from containerd sources), and comments were cleaned up to meet coding standards. This change makes the containerd installation dynamic, so that multiple versions can be tested, and drops the static installer for the VM image itself. This change also updates test/root/crictl_test.go and related utilities, so that the containerd tests can be run on any version (and in cases where it applies, they can be run on both v1 and v2 as parameterized tests).
2020-07-09Merge gvisor-containerd-shimAdin Scannell
2020-07-09Add support for IP_HDRINCL IP option for raw sockets.Bhasker Hariharan
Updates #2746 Fixes #3158 PiperOrigin-RevId: 320497190
2020-07-09Gate FUSE behind a runsc flagRidwan Sharif
This change gates all FUSE commands (by gating /dev/fuse) behind a runsc flag. In order to use FUSE commands, use the --fuse flag with the --vfs2 flag. Check if FUSE is enabled by running dmesg in the sandbox.
2020-07-08Merge pull request #3171 from kevinGC:ipv6-kokorogVisor bot
PiperOrigin-RevId: 320290162
2020-07-08ip6tables: handle both IPv4 and v6 addressesKevin Krakauer
Enabling IPv6 in Docker caused IPv4 tests to fail because localAddrs didn't distinguish between address types. Example failure: https://source.cloud.google.com/results/invocations/203b2401-3333-4bec-9a56-72cc53d68ddd/log
2020-07-08Move all tests to new docker API.Zach Koopmans
Moves following to new dockerutil API: - //test/e2e:integration_test - //test/image:image_test - //test/iptables:iptables_test - //test/root:root_test - //test/packetimpact:packetimpact_test PiperOrigin-RevId: 320253118
2020-07-08Enable shards in runtime test runner.Ayush Ranjan
Fixed an issue with the runtime test runner which enables us to run tests in shards. We had to touch the status file as indicated by an env var. PiperOrigin-RevId: 320236205
2020-07-07Deflake exec test.Jamie Liu
- Only use MAXSYMLINKS/2+1 symlinks for each of the interpreter and script paths in SymlinkLimitRefreshedForInterpreter to tolerate cases where the original paths (/tmp, /bin, or /bin/echo) themselves contain symlinks. - Ensure that UnshareFiles performs execve immediately after clone(CLONE_VFORK) (no heap allocation for ExecveArray/RunfilesPath). - Use lstat() rather than stat() for the existence check in fs_util's Exists; the latter will fail if the symlink target does not exist, even if the symlink does. PiperOrigin-RevId: 320110156
2020-07-07Set IPv4 ID on all non-atomic datagramsTony Gong
RFC 6864 imposes various restrictions on the uniqueness of the IPv4 Identification field for non-atomic datagrams, defined as an IP datagram that either can be fragmented (DF=0) or is already a fragment (MF=1 or positive fragment offset). In order to be compliant, the ID field is assigned for all non-atomic datagrams. Add a TCP unit test that induces retransmissions and checks that the IPv4 ID field is unique every time. Add basic handling of the IP_MTU_DISCOVER socket option so that the option can be used to disable PMTU discovery, effectively setting DF=0. Attempting to set the sockopt to anything other than disabled will fail because PMTU discovery is currently not implemented, and the default behavior matches that of disabled. PiperOrigin-RevId: 320081842
2020-07-07Fix mknod and inotify syscall testAyush Ranjan
This change fixes a few things: - creating sockets using mknod(2) is supported via vfs2 - fsgofer can create regular files via mknod(2) - mode = 0 for mknod(2) will be interpreted as regular file in vfs2 as well Updates #2923 PiperOrigin-RevId: 320074267
2020-07-06Add support for SO_RCVBUF/SO_SNDBUF for AF_PACKET sockets.Bhasker Hariharan
Updates #2746 PiperOrigin-RevId: 319887810
2020-07-06Merge pull request #3110 from craig08:add-missing-ICRNLgVisor bot
PiperOrigin-RevId: 319827554
2020-07-03Improve failure messageTamir Duberstein
Currently this test produces an error resembling tcp_zero_window_probe_retransmit_test.go:92: zero probe came sooner interval 3200179405 probe 4 which is approximately useless. PiperOrigin-RevId: 319572263
2020-07-03Update build rule to appease deprecationTamir Duberstein
Before this change, running packetimpact tests produces: parameter 'direct' must contain a list of elements, and may no longer accept a depset. The deprecated behavior may be temporarily re-enabled by setting --incompatible_disable_depset_inputs=false The positional parameter to depset has been changed to mean `direct` rather than its previous meaning of `items`. The documentation[0] explains: A positional parameter distinct from other parameters for legacy support. If --incompatible_disable_depset_items is false, this parameter serves as the value of items. If --incompatible_disable_depset_items is true, this parameter serves as the value of direct. See the documentation for these parameters for more details. [0] https://docs.bazel.build/versions/master/skylark/lib/globals.html PiperOrigin-RevId: 319555138
2020-07-01Update preadv2/pwritev2 flag handling in vfs2.Dean Deng
We do not support RWF_SYNC/RWF_DSYNC and probably shouldn't silently accept them, since the user may incorrectly believe that we are synchronizing I/O. Remove the pwritev2 test verifying that we support these flags. gvisor.dev/issue/2601 is the tracking bug for deciding which RWF_.* flags we need and supporting them. Updates #2923, #2601. PiperOrigin-RevId: 319351286
2020-07-01[vfs2][gofer] Fix mmap syscall test.Ayush Ranjan
We were not invalidating mappings when the file size changed in shared mode. Enabled the syscall test for vfs2. Updates #2923 PiperOrigin-RevId: 319346569
2020-07-01Port vfs1 implementation of sync_file_range to vfs2.Dean Deng
Currently, we always perform a full-file sync which could be extremely expensive for some applications. Although vfs1 did not fully support sync_file_range, there were some optimizations that allowed us skip some unnecessary write-outs. Updates #2923, #1897. PiperOrigin-RevId: 319324213
2020-07-01TCP receive should block when in SYN-SENT state.Mithun Iyer
The application can choose to initiate a non-blocking connect and later block on a read, when the endpoint is still in SYN-SENT state. PiperOrigin-RevId: 319311016
2020-07-01Use directory fds in sticky test to avoid permission issues.Dean Deng
After we change credentials, it is possible that we no longer have access to the sticky directory where we are trying to delete files. Use an open fd so this is not an issue. PiperOrigin-RevId: 319306255
2020-07-01Port fallocate to VFS2.Zach Koopmans
PiperOrigin-RevId: 319283715
2020-07-01Add test env variable "fuchsia"Jay Zhuang
... so that Fuchsia gets the same special cases applied to gVisor in tests when this envrionment variable is set. PiperOrigin-RevId: 319239064
2020-07-01Complete async signal delivery support in vfs2.Dean Deng
- Support FIOASYNC, FIO{SET,GET}OWN, SIOC{G,S}PGRP (refactor getting/setting owner in the process). - Unset signal recipient when setting owner with pid == 0 and valid owner type. Updates #2923. PiperOrigin-RevId: 319231420
2020-06-30Fix two bugs in TCP sender.Bhasker Hariharan
a) When GSO is in use we should not cap the segment to maxPayloadSize in sender.maybeSendSegment as the GSO logic will cap the segment to the correct size. Without this the host GSO is not used as we end up breaking up large segments into small MSS sized segments before writing the packets to the host. b) The check to not split a segment due to it not fitting in the receiver window when there are pending segments is incorrect as segments in writeList can be really large as we just take the write call's buffer size and create a single large segment. So a write of say 128KB will just be 1 segment in the writeList. The linux code checks if 1 MSS sized segments fits in the receiver's window and if not then does not split the current segment. gVisor's check was incorrect that it was checking if the whole segment which could be >>> 1 MSS would fit in the receiver's window. This was causing us to prematurely stop sending and falling back to retransmit timer/probe from the other end to send data. This was seen when running HTTPD benchmarks where @ HEAD when sending large files the benchmark was taking forever to run. The tcp_splitseg_mss_test.go is being deleted as the test as written doesn't test what is intended correctly. This is because GSO is enabled by default and the reason the MSS+1 sized segment is sent is because GSO is in use. A proper test will require disabling GSO on linux and netstack which is going to take a bit of work in packetimpact to do it correctly. Separately a new test probably should be written that verifies that a segment > availableWindow is not split if the availableWindow is < 1 MSS. Fixes #3107 PiperOrigin-RevId: 319172089
2020-06-30Remove struct packing to fix compiler warning.Dean Deng
-Waddress-of-packed-member warns on inet_aton() being used with a packed struct member. This was added in cl/291990716. PiperOrigin-RevId: 319111253