Enables the reassembly of fragmented IPv6 packets and handling of the
Routing extension header with a Segments Left value of 0. Atomic
fragments are handled as described in RFC 6946 to not interfere with
"normal" fragment traffic. No specific routing header type is supported.
Note, the stack does not yet support sending ICMPv6 error messages in
response to IPv6 packets that cannot be handled/parsed. That will come
in a later change (Issue #2211).
Test:
- header_test.TestIPv6RoutingExtHdr
- header_test.TestIPv6FragmentExtHdr
- header_test.TestIPv6ExtHdrIterErr
- header_test.TestIPv6ExtHdrIter
- ipv6_test.TestReceiveIPv6ExtHdrs
- ipv6_test.TestReceiveIPv6Fragments
RELNOTES: n/a
PiperOrigin-RevId: 303189584
This feature will match UID and GID of the packet creator, for locally
generated packets. This match is only valid in the OUTPUT and POSTROUTING
chains. Forwarded packets do not have any socket associated with them.
Packets from kernel threads do have a socket, but usually no owner.
Pushing it down requires all implementation to check for
exec individualy which is not maintanable. Making it part
of GenericCheckPermissions add extra cost to everyone that
calls it. So it's better to keep is in
VirtualFilesystem.OpenAt.
Updates #1193
PiperOrigin-RevId: 302982993
This allows the link layer endpoints to consistenly hash a TCP
segment to a single underlying queue in case a link layer endpoint
does support multiple underlying queues.
Updates #231
PiperOrigin-RevId: 302760664
This is a precursor to be being able to build an intrusive list
of PacketBuffers for use in queuing disciplines being implemented.
Updates #2214
PiperOrigin-RevId: 302677662
utimensat is used by hostfs for setting timestamps on imported fds. Previously,
this would crash the sandbox since utimensat was not allowed.
Correct the VFS2 version of hostfs to match the call in VFS1.
PiperOrigin-RevId: 301970121
workMu is removed and e.mu is now a mutex that supports TryLock. The packet
processing path tries to lock the mutex and if its locked it will just queue the
packet and move on. The endpoint.UnlockUser() will process any backlog of
packets before unlocking the socket.
This simplifies the locking inside tcp endpoints a lot. Further the
endpoint.LockUser() implements spinning as long as the lock is not held by
another syscall goroutine. This ensures low latency as not spinning leads to the
task thread being put to sleep if the lock is held by the packet dispatch
path. This is suboptimal as the lower layer rarely holds the lock for long so
implementing spinning here helps.
If the lock is held by another task goroutine then we just proceed to call
LockUser() and the task could be put to sleep.
The protocol goroutines themselves just call e.mu.Lock() and block if the
lock is currently not available.
Updates #231, #357
PiperOrigin-RevId: 301808349
Refactor fs/host.TTYFileOperations so that the relevant functionality can be
shared with VFS2 (fsimpl/host.ttyFD).
Incorporate host.defaultFileFD into the default host.fileDescription. This way,
there is no need for a separate default_file.go. As in vfs1, the TTY file
implementation can be built on top of this default and override operations as
necessary (PRead/Read/PWrite/Write, Release, Ioctl).
Note that these changes still need to be plumbed into runsc, which refers to
imported TTYs in control/proc.go:ExecAsync.
Updates #1672.
PiperOrigin-RevId: 301718157
TestConcurrentAll executes 1000 goroutines which never sleep,
so they are not preempted by Go's runtime. In Go 1.14, async preemption
has been added, but the added runtime.Gosched() call will do nothing
wrong in this case too.
PiperOrigin-RevId: 301705712
rand.Read() results in a syscall to the host on every call instead
we can wrap it with a bufio.Reader to buffer and reduce number of syscalls.
This is especially important for TCP where every newly created endpoint
reads random data to initialize the timestamp offsets for the endpoint.
Updates #231
PiperOrigin-RevId: 301501607
Only gofer filesystem was calling vfs.CheckSetStat for
vfs.FilesystemImpl.SetStatAt and vfs.FileDescriptionImpl.SetStat.
Updates #1193, #1672, #1197
PiperOrigin-RevId: 301226522
- When setting up the virtual filesystem, mount a host.filesystem to contain
all files that need to be imported.
- Make read/preadv syscalls to the host in cases where preadv2 may not be
supported yet (likewise for writing).
- Make save/restore functions in kernel/kernel.go return early if vfs2 is
enabled.
PiperOrigin-RevId: 300922353
Previously, SLAAC related state was stored on a per-address basis. This was
sufficient for the simple case of a single SLAAC address per prefix, but
future CLs will introduce temporary addresses which will result in multiple
SLAAC addresses for a prefix. This refactor allows storing multiple addresses
for a prefix in a single SLAAC prefix state.
No behaviour changes - existing tests continue to pass.
PiperOrigin-RevId: 300832812
- Make oomScoreAdj a ThreadGroup field (Linux: signal_struct::oom_score_adj).
- Avoid deadlock caused by Task.OOMScoreAdj()/SetOOMScoreAdj() locking Task.mu
and TaskSet.mu in the wrong order (via Task.ExitState()).
PiperOrigin-RevId: 300814698
Ghanan Gowripalan
gVisor bot
Nicolas Lacasse
Nayana Bidari
Jay Zhuang
Fabricio Voznika
Bhasker Hariharan
Ian Lewis
Dean Deng
Ting-Yu Wang
Zach Koopmans
Andrei Vagin
Ian Gudger
Eyal Soha
Jamie Liu
Michael Pratt