Teach ICMP.Parser/ToBytes to handle some non echo ICMP packets.
Teach IPv4.Parser that fragments only have a payload, not an upper layer.
Fix IPv4 and IPv6 reassembly tests to handle the change.
Fixes#4758
PiperOrigin-RevId: 341549665
This makes handling inbound fragmented packets easier, because a fragmented
packet might not have an actual ICMP header but only a payload. After this
change, the ICMPv4 is the last layer you can get because the payload is
embedded in it.
Note that this makes it consistent with the ICMPv6 implementation.
While I'm here, I've also added the Ident and Sequence fields on the ICMPv4
type. Defaults are still zero.
PiperOrigin-RevId: 339577094
This change also adds support to go_stateify for detecting an appropriate
receiver name, avoiding a large number of false positives.
PiperOrigin-RevId: 335994587
There are two device names on the test net.
- The sniffer/injector device which is always a linux device. Only the
testbench library is interested in this device.
- The device which is on the DUT. It happens to be the same device as
the former if DUT is linux. An individual test might be interested in
this device if the test cares about the device name.
PiperOrigin-RevId: 332112968
On receiving an ACK with unacceptable ACK number, in a closing state,
TCP, needs to reply back with an ACK with correct seq and ack numbers and
remain in same state. This change is as per RFC793 page 37, but with a
difference that it does not apply to ESTABLISHED state, just as in Linux.
Also add more tests to check for OTW sequence number and unacceptable
ack numbers in these states.
Fixes#3785
PiperOrigin-RevId: 329616283
When SO_LINGER option is enabled, the close will not return until all the
queued messages are sent and acknowledged for the socket or linger timeout is
reached. If the option is not set, close will return immediately. This option
is mainly supported for connection oriented protocols such as TCP.
PiperOrigin-RevId: 328350576
This is a preparatory commit for a larger commit working on
ICMP generation in error cases.
This is removal of technical debt and cleanup in the gvisor code
as part of gvisor issue 2211.
Updates #2211.
PiperOrigin-RevId: 326615389
This required minor fixes to the bazel wrapper. The "dut_platform" is
also changed to "native" to line-up with the system call tests and
remove the hard-coded "linux" and "netstack" strings.
Storing *testing.T on test helper structs is problematic when
subtests are used, because it is possible for nested tests to call
Fatal on parent test, which incorrect terminates the parent test.
For example
func TestOuter(t *testing.T) {
dut := NewDUT(t)
t.Run("first test", func(t *testing.T) {
dut.FallibleCall()
})
t.Run("second test", func(t *testing.T) {
dut.FallibleCall()
}
}
In the example above, assuming `FallibleCall` calls `t.Fatal` on the
`t` it holds, if `dut.FallibleCall` fails in "first test", it will
call `Fatal` on the parent `t`, quitting `TestOuter`. This is not a
behavior we want.
PiperOrigin-RevId: 323350241
Previously, ICMP destination unreachable datagrams were ignored by TCP
endpoints. This caused connect to hang when an intermediate router
couldn't find a route to the host.
This manifested as a Kokoro error when Docker IPv6 was enabled. The Ruby
image test would try to install the sinatra gem and hang indefinitely
attempting to use an IPv6 address.
Fixes#3079.
A packetimpact test for: "A node must be able to accept a fragmented packet
that, after reassembly, is as large as 1500 octets."
PiperOrigin-RevId: 321210729
Moved the function for generating a payload of random byets of a specified
length into the testbench package so that it's availbale for all tests to use.
Added a test case to the IPv4 ID uniqueness test which uses a payload length
of 512 bytes. This test case passes for gVisor currently, whereas the test case
with a small payload of 11 bytes fails because gVisor only assigns the ID field
if the IP payload is sufficiently large.
PiperOrigin-RevId: 316185097
Tests the effect of reordering on retransmission and window size.
Test covers the expected behavior of both Linux and netstack, however, netstack
does not behave as expected. Further, the current expected behavior of netstack
is not ideal and should be adjusted in the future.
PiperOrigin-RevId: 316015184
Reorganize the Connection types such that the defined types no longer expose
the lower-level functions SendFrame and CreateFrame. These methods are still
exported on the underlying Connection type, and thus can be accessed via a
type-cast. In future, defined types should have one or more type-safe versions
of the send() method on Connection, e.g. UDPIPv4 has Send() which allows the UDP
header to be overridden and SendIP() which allows both the IPv4 and UDP headers
to be modified.
testbench.Connection gets a SendFrameStateless method which sends frames
without updating the state of any of the layers. This should be used when
sending out-of-band control messages such as ICMP messages, as using the
normal Send method can result in errors when attempting to update the TCP
state using an ICMP packet.
Also remove the localAddr field of testbench.Connection and instead compute
it on the fly as needed for UDPIPv4 and TCPIPv4.
PiperOrigin-RevId: 315969714
- Always split segments larger than MSS.
Currently, we base the segment split decision as a function of the
send congestion window and MSS, which could be greater than the MSS
advertised by remote.
- While splitting segments, ensure the PSH flag is reset when there
are segments that are queued to be sent.
- With TCP_CORK, hold up segments up until MSS. Fix a bug in computing
available send space before attempting to coalesce segments.
Fixes#2832
PiperOrigin-RevId: 314802928
RST handling is broken when the TCP state transitions
from SYN-SENT to SYN-RCVD in case of simultaneous open.
An incoming RST should trigger cleanup of the endpoint.
RFC793, section 3.9, page 70.
Fixes#2814
PiperOrigin-RevId: 313828777
This change adds a layer of abstraction around the internal Docker APIs,
and eliminates all direct dependencies on Dockerfiles in the infrastructure.
A subsequent change will automated the generation of local images (with
efficient caching). Note that this change drops the use of bazel container
rules, as that experiment does not seem to be viable.
PiperOrigin-RevId: 308095430
TCP, in CLOSE-WAIT state, MUST return ACK with proper SEQ and ACK numbers after
recv a seg with OTW SEQ or unacc ACK number, and remain in same state. If the
connection is in a synchronized state, any unacceptable segment (out of window
sequence number or unacceptable acknowledgment number) must elicit only an empty
acknowledgment segment containing the current send-sequence number and an
acknowledgment indicating the next sequence number expected to be received, and
the connection remains in the same state.
PiperOrigin-RevId: 306897984
Rather than have a struct for the state of each type of connection, such as
TCP/IPv4, UDP/IPv4, TCP/IPv6, etc, have a state for each layer, such as UDP,
TCP, IPv4, IPv6. Those states can be composed into connections.
Tested:
Existing unit tests still pass/fail as expected.
PiperOrigin-RevId: 306703180
Add Sniffer.Drain() which drains the socket's receive buffer by temporarily
setting the socket to non-blocking, and receiving in a loop until EINTR,
EWOULDBLOCK or EAGAIN. This method should be used when long periods of time
elapses without receiving on the socket, because uninteresting packets may have
piled up in the receive buffer, filling it up and causing packets critical to
test operation to be dropped.
PiperOrigin-RevId: 306380480
Dereference any fields which are pointers before string formatting so that the
value pointed to ends up in the string representation.
Tested:
Added TestLayerStringFormat to
//third_party/gvisor/test/packetimpact/testbench:testbench_test
PiperOrigin-RevId: 305627821
RFC 1122 Section 3.7: A sending TCP MUST be robust against window shrinking,
which may cause the "useable window" to become negative.
PiperOrigin-RevId: 305377072
Julian Elischer
Arthur Sfez
Ting-Yu Wang
Adin Scannell
Zeling Feng
Nayana Bidari
Mithun Iyer
Jay Zhuang
Kevin Krakauer
gVisor bot
Tony Gong
Ian Gudger
Bhasker Hariharan
Eyal Soha