This test single handedly causes the syscalls:socket_inet_loopback_test test
variants to take more than an hour to run on some of our testing environments.
Reduce how aggressively this test tries to replicate a fixed flake. This is a
regression test.
PiperOrigin-RevId: 382849039
In gVisor today its possible that when trying to bind a TCP socket
w/ SO_REUSEADDR specified and requesting the kernel pick a port by
setting port to zero can result in a previously bound port being
returned. This behaviour is incorrect as the user is clearly requesting
a free port. The behaviour is fine when the user explicity specifies
a port.
This change now checks if the user specified a port when making a port
reservation for a TCP port and only returns unbound ports even if
SO_REUSEADDR was specified.
Fixes#6209
PiperOrigin-RevId: 382607638
When TUN is created with IFF_NO_PI flag, there will be no Ethernet header and no packet info, therefore, both read and write will fail.
This commit fix this bug.
Compare
if (!thread_group_leader(tracee))
tracee = rcu_dereference(tracee->group_leader);
in security/yama/yama_lsm.c:ptracer_exception_found().
PiperOrigin-RevId: 381074242
This allows these tests, which can cause flakiness when run in the same network
namespace as the other `socket_inet_loopback` tests, to run as separate tests
in their own environment. It also means that all of the shards of those tests
can be more isolated from each other as well.
PiperOrigin-RevId: 380930198
tcpdump is largely supported. We've also chose not to implement writeable
AF_PACKET sockets, and there's a bug specifically for promiscuous mode (#3333).
Fixes#173.
PiperOrigin-RevId: 380733686
Also makes the behavior of raw sockets WRT fragmentation clearer, and makes the
ICMPv4 header-length check explicit.
Fixes#3160.
PiperOrigin-RevId: 380033450
Later kernels add empty arguments to argv, throwing off return values for the
exec_basic_workload.cc binary. This is result of a bug introduced by
ccbb18b67323b "exec/binfmt_script: Don't modify bprm->buf and then return -
ENOEXEC". Before this change, an empty interpreter string was reported if the
first non-space/non-tab character after "#!" was '\0' (end of file, previously-
overwritten trailing space or tab, or previously-overwritten first newline).
After this change, an empty interpreter string is reported if all characters
after "#!" are spaces or tabs, or the first non-space non-tab character is at
i_end, which is the position of the first newline after "#!". However, if
there is no newline after "#!" (as in ExecTest.InterpreterScriptNoPath),
then i_end = buf_end (= bprm->buf + sizeof(bprm->buf) - 1, the last possible
byte in the buffer) and neither condition holds.
Change white space for script inputs to take into account the above bug.
Co-authored-by: Andrei Vagin <avagin@gmail.com>
PiperOrigin-RevId: 378997171
Intermittenly, the connection between the client redis_benchmark container can be
flaky with the server, even if the server has been up for a long time. If this
happens, just re-run a client until we get a result.
Also, don't start a new server for each operation.
Also also, modify Makefile run-benchmark call to accept RUNTIME=runc correctly.
PiperOrigin-RevId: 378918886
This test checks if an incoming ACK is dropped by the listener when the
accept queue is full. The ACK receive handling could race with the test
invoking accept on the DUT, causing the test to be flaky. Add a wait
time before invoking accept on the DUT to give cycles for the incoming
ACK to be handled/dropped by the listener.
PiperOrigin-RevId: 378770225
If the ACK completing the handshake has FIN or data, requeue the segment
for further processing by the newly established endpoint. Otherwise,
the segments would have to be retransmitted by the peer to be processed
by the established endpoint. Doing this, keeps the behavior in parity
with Linux.
This also addresses a test flake with TCPNonBlockingConnectClose where
the ACK (completing the handshake) and multiple retransmitted FINACKs
from the peer could be dropped by the listener, when using syncookies
and the accept queue is full. The handshake could eventually get
completed with a retransmitted FINACK, without actual processing of
FIN. This can cause the poll with POLLRDHUP on the accepted socket to
sometimes time out before the next FINACK retransmission.
PiperOrigin-RevId: 377651695
Forwards the testing verbose flag to the packetimpact test runner. This is
necessary for debugging inside packetimpact tests. When this flag is present,
all t.Logs in the packetimpact test wil be shown in the resulting test output.
PiperOrigin-RevId: 377614550
Fixes the erronously signaled fatal error when the sniffer receive timeout
duration is less than one usec. This was caused by the converstion from float64
to int64; the integer conversion truncated the floating point to 0, which
signaled the fatal error.
PiperOrigin-RevId: 377600179
Previously, the value of global_num_signals_received would persist between
tests. Now, we reset the value to zero when we register a signal handler.
PiperOrigin-RevId: 377308357
Address a race with non-blocking connect and socket close, causing the
FIN (because of socket close) to not be sent out, even after completing
the handshake.
The race occurs with this sequence:
(1) endpoint Connect starts handshake, sending out SYN
(2) handshake complete() releases endpoint lock, waiting on sleeper.Fetch()
(3) endpoint Close acquires endpoint lock, does not enqueue FIN (as the
endpoint is not yet connected) and asserts notifyClose
(4) SYNACK from peer gets enqueued asserting newSegmentWaker
(5) handshake complete() re-aqcuires lock, first processes newSegmentWaker
event, transitions to ESTABLISHED and proceeds to protocolMainLoop()
(6) protocolMainLoop() exits while processing notifyClose
When the execution follows the above sequence, no FIN is sent to the peer.
This causes the listener side to have a half-open connection sitting in
the accept queue.
Fix this by ensuring that the protocolMainLoop() performs clean shutdown
when the endpoint state is still ESTABLISHED.
This would not be a bug, if during handshake complete(), sleeper.Fetch()
prioritized notificationWaker over newSegmentWaker. In that case, the
handshake would not have completed in (5) above.
Fixes#6067
PiperOrigin-RevId: 376994395
The current implementation has a bug where TCP listener does not ignore
RSTs from the peer. While handling RST+ACK from the peer, this bug can
complete handshakes that use syncookies. This results in half-open
connection delivered to the accept queue.
Fixes#6076
PiperOrigin-RevId: 376868749
Executing `select {}` to wait forever triggers Go runtime deadlock
detection and kills the child, causing the number actual processes
be less than expected.
PiperOrigin-RevId: 376298799
Adds support for the SO_BINDTODEVICE socket option in ICMP sockets with an
accompanying packetimpact test to exercise use of this socket option.
Adds a unit test to exercise the NIC selection logic introduced by this change.
The remaining unit tests for ICMP sockets need to be added in a subsequent CL.
See https://gvisor.dev/issues/5623 for the list of remaining unit tests.
Adds a "timeout" field to PacketimpactTestInfo, necessary due to the long
runtime of the newly added packetimpact test.
Fixes#5678Fixes#4896
Updates #5623
Updates #5681
Updates #5763
Updates #5956
Updates #5966
Updates #5967
PiperOrigin-RevId: 376271581
Moves specification of subsequent layers to the Payload field of the ICMP and
ICMPv6 layers.
Removes the need to manually encode type-specific ICMP or ICMPv6 headers, such
as the "pointer" header of parameter problem messages, in the payload. This is
necessary prework to enable matching of more type-specific headers, such as
"ident" of echo requests.
Fixes a bug where the "reserved" header defined by ICMPv6 RFC 4443 was being
incorrectly encoded by ToBytes. This change fixes the implementation by copying
the payload into Payload, instead of the MessageBody.
PiperOrigin-RevId: 376026420
Jamie Liu
Ayush Ranjan
Bhasker Hariharan
gVisor bot
Lucas Manning
liornm
Kevin Krakauer
Tamir Duberstein
Etienne Perot
Ian Lewis
Zach Koopmans
Andrei Vagin
Mithun Iyer
Fabricio Voznika
Nicolas Lacasse
Sam Balana
Adam Barth
Zyad A. Ali
Chong Cai