This change adds support to let an integrator know when it receives an NDP
Router Advertisement message with the NDP Recursive DNS Server option with at
least one DNS server's address. The stack will not maintain any state related to
the DNS servers - the integrator is expected to maintain any required state and
invalidate the servers after its valid lifetime expires, or refresh the lifetime
when a new one is received for a known DNS server.
Test: Unittest to make sure that an event is sent to the integrator when an NDP
Recursive DNS Server option is received with at least one address.
PiperOrigin-RevId: 284890502
Test now no longer deletes files incorrectly, due to a fix in fs utils
used by TempPath (github.com/google/gvisor/pull/1368).
Fixes#1366
PiperOrigin-RevId: 284814605
IsDirectory() is used in RecursivelyDelete(), which should not follow symlinks.
The only other use (syscalls/linux/rename.cc) is not affected by this change.
Updates #1366.
PiperOrigin-RevId: 284803968
Package strace is missing some syscalls we actually implement (e.g.,
getrandom). We also see newer syscalls sometimes (e.g., membarrier) that would
be handy to have formatted.
Let's go ahead and add all syscalls in the latest upstream release (v5.4), even
though we only intend to implement v4.4. None of them are implemented, just
included as placeholders.
PiperOrigin-RevId: 284797577
These are currently duplicated in ip_socket_test_util, so tests including
both netinet/tcp.h and ip_socket_test_util won't compile.
PiperOrigin-RevId: 284623958
Add a decent set of syscall tests for rseq(2). These are a bit awkward because
of issues with library integration. libc may register rseq on thread start
(including before main on the initial thread), precluding much testing. Thus we
run tests in a libc-free subprocess.
Support for rseq(2) in gVisor will come in a later commit.
PiperOrigin-RevId: 284595994
This change marks the socket as ESTABLISHED and creates the receiver and sender
the moment we send the final ACK in case of an active TCP handshake or when we
receive the final ACK for a passive TCP handshake. Before this change there was
a short window in which an ACK can be received and processed but the state on
the socket is not yet ESTABLISHED.
This can be seen in TestConnectBindToDevice which is flaky because sometimes
the socket is in SYN-SENT and not ESTABLISHED even though the other side has
already received the final ACK of the handshake.
PiperOrigin-RevId: 284277713
This will require a reasonably modern toolchain. I've put minimum compiler
versions in the README based on versions in
https://en.cppreference.com/w/cpp/compiler_support that have mostly complete
language and library support.
The minimum Bazel version bump is unrelated, but 0.28 is definitely not
supported anymore.
Please report issues on gvisor.dev/issue/1349.
Fixes#1349
PiperOrigin-RevId: 284274250
This change allows the netstack to do SLAAC as outlined by RFC 4862 section 5.5.
Note, this change will not break existing uses of netstack as the default
configuration for the stack options is set in such a way that SLAAC
will not be performed. See `stack.Options` and `stack.NDPConfigurations` for
more details.
This change reuses 1 option and introduces a new one that is required to take
advantage of SLAAC, all available under NDPConfigurations:
- HandleRAs: Whether or not NDP RAs are processes
- AutoGenGlobalAddresses: Whether or not SLAAC is performed.
Also note, this change does not deprecate SLAAC generated addresses after the
preferred lifetime. That will come in a later change (b/143713887). Currently,
only the valid lifetime is honoured.
Tests: Unittest to make sure that SLAAC generates and adds addresses only when
configured to do so. Tests also makes sure that conflicts with static addresses
do not modify the static address.
PiperOrigin-RevId: 284265317
Threadgroups already know their TTY (if they have one), which now contains the
TTY Index, and is returned in the Processes() call.
PiperOrigin-RevId: 284263850
When the sandbox is destroyed, making URPC calls to destroy the
container will fail. The code was checking if the sandbox was
running before attempting to make the URPC call, but that is racy.
PiperOrigin-RevId: 284093764
TcpPortReuseMultiThread creates lots of connections which result in
a lot of goroutines in the sentry. This can cause gotsan runs to
take really long and timeout. Increasing listen backlog and
reducing number of connections should help the connections complete
faster as well as reduce the number of goroutines that gotsan needs
to track.
PiperOrigin-RevId: 284046018
Get rid of the SocketTest class, which is only extended by ReadvSocketTest.
Also, get rid of TCP sockets (which were unused anyway) from readv_socket.cc.
This is a very old test suite that isn't the right place for TCP loopback
tests.
PiperOrigin-RevId: 283672772
If the socket is bound to ANY and connected to a loopback address,
getsockname() has to return the loopback address. Without this fix,
getsockname() returns ANY.
PiperOrigin-RevId: 283647781
The code in rcv.consumeSegment incorrectly transitions to
CLOSED state from LAST-ACK before the final ACK for the FIN.
Further if receiving a segment changes a socket to a closed state
then we should not invoke the sender as the socket is now closed
and sending any segments is incorrect.
PiperOrigin-RevId: 283625300
Ghanan Gowripalan
Brad Burlage
Dean Deng
Michael Pratt
Ian Gudger
Jay Zhuang
Fabricio Voznika
Bhasker Hariharan
Adin Scannell
gVisor bot
Mithun Iyer
Nicolas Lacasse
Zach Koopmans
Jamie Liu
dependabot[bot]
Andrei Vagin