Proto commits in google/gvisor

These commits are when the Protocol Buffers files have changed: (only the last 100 relevant commits are shown)

2025-02-25

Merge pull request #11473 from Champ-Goblem:shim-add-cgroup-v2-metrics-support PiperOrigin-RevId: 730560110

The documentation is generated from this commit.

2025-02-24

netstack/packet: use lockdep mutexes FUTURE_COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/11473 from Champ-Goblem:shim-add-cgroup-v2-metrics-support b602afb7647546148cab820775aba3b57e767213 PiperOrigin-RevId: 730536578

The documentation is generated from this commit.

2025-02-22

Relocate containerd-shim-runsc-v1 deps from shim/ to shim/v1. FUTURE_COPYBARA_INTEGRATE_REVIEW=https://github.com/google/gvisor/pull/11473 from Champ-Goblem:shim-add-cgroup-v2-metrics-support b602afb7647546148cab820775aba3b57e767213 PiperOrigin-RevId: 729612115

The documentation is generated from this commit.

2025-01-30

Fix a few typos

2024-12-30

Kubernetes benchmarks: Refactor kubectl context to allow sets of clusters. Also add sanity check to make sure each cluster works as part of initialization, by running a sample pod within. PiperOrigin-RevId: 710786751

2024-12-23

Internal change (diffbased). PiperOrigin-RevId: 709157384

2024-11-06

Add test to check COS drivers as they are posted. Our current check of COS drivers often lags behind COS releases. This is due to needing to preload GPU docker images onto the images that run in our CI pipelines. In addition, COS can be a bit more complex than originally thought releasing driver versions both across GPU types and release branches. Thus, this test searches the latest COS images on each family for new drivers. It does this by looking at COS's published release notes which include a proto of LATEST/DEFAULT drivers selected for each device. This will flag new versions faster with more coverage than our CI pipeline currently. Due to this not actually needing a GPU to run, this can run on any VM. PiperOrigin-RevId: 693736100

2024-10-22

Unbreak build failures in Kubernetes benchmarks. This updates the Google Cloud APIs and their Go libraries to their latest versions, which adds some of the missing fields of the container cluster service v1 proto that didn't exist in the version defined in `WORKSPACE`. This also severs the proto import dependency of `test_range_config.proto` on the container cluster API proto, both because it shouldn't be GKE-specific but also because the Go genproto version of the container cluster API is different (from the Go linker's perspective) from the container cluster proto that is imported from `test_range_config.proto`. Instead, it is encoded as an "any" proto for both nodepools and clusters. Go repositories are re-arranged such that the genproto version imported is taken from the `WORKSPACE` file rather than the one embedded in other Go repositories earlier in the file. The version of this API in Go's genproto library is still missing some of the TPU node placement fields, so that part is filled in via reflection when available. That is hacky but that codepath only applies to TPU clusters so not applicable for most benchmarks. PiperOrigin-RevId: 688682505

2024-10-16

Add Kubernetes benchmarks suite. This is a large set of Kubernetes-based performance benchmarks that has been in use at Google for gVisor performance testing on GKE, and is now open-source. This set of benchmarks has been created and maintained by multiple contributors over the last 2 years: @zkoopmans, @EtiennePerot, @kevinGC, @ayushr2, @manninglucas, @konstantin-s-bogom. PiperOrigin-RevId: 686649688

2024-06-18

Add ioctl sniffing tool to run GPU workloads and report unsupported ioctl calls. PiperOrigin-RevId: 644197930

2023-10-25

Fix a few typos It is an idea of running codespell as part of our presubmit checks. Before enabling it for new changes, let's fix what it has found. Signed-off-by: Andrei Vagin <avagin@gmail.com>

Fix a few typos It is an idea of running codespell as part of our presubmit checks. Before enabling it for new changes, let's fix what it has found. Signed-off-by: Andrei Vagin <avagin@gmail.com>

2023-09-06

Emit SentryTcpListenEvent when the application listens on a tcp port. PiperOrigin-RevId: 562957239

Emit SentryTcpListenEvent when the application listens on a tcp port. PiperOrigin-RevId: 562957239

2023-04-10

Introduce SentryMountPromiseBlockEvent. PiperOrigin-RevId: 523233705

Introduce SentryMountPromiseBlockEvent. PiperOrigin-RevId: 523233705

2022-12-27

gVisor: Add library for exporting instrumentation data in Prometheus format. This adds a new library, `//pkg/prometheus`, which contains just enough data structures such that we can encode instrumentation information in Prometheus information. These data structures are JSON-encodable, such that they can be used over the `runsc` control channel for export (implemented in a future CL). The existing `metric.go` library gains new functionality to export its own data using this new export format. This change is part of a series of changes to support Prometheus-style metrics in `runsc`. Doing so requires making several seemingly-odd design decisions, due to the following architectural constraints: - Prometheus requires an HTTP server serving the `/metrics` endpoint. - For performance reasons, the `runsc boot` process cannot run the `netpoller` goroutine. - Since we don't want to write our own HTTP server implementation, this means the HTTP endpoint has to be served by a separate process that remains running during the lifetime of the container. - The `runsc boot` process is untrusted. - This means we cannot trust metrics data that comes out of the Sentry. Therefore, there needs to be an elaborate dance where we pre-register metric metadata before starting any untrusted workload. Then, the server relaying the metric data must verify the validity of metric values against this metric metadata. This avoids leaking metrics, cardinality blow-ups, and other such DoS vectors. - This feature needs to be easy-to-use in a typical Docker setting. - This means having the ability to just say `--metrics-server=localhost:1337` in the `runsc` runtime entry in `/etc/docker/daemon.json` and have that Just Work(TM), even when multiple containers are running. - Since only one process may listen on a port at a given time, this means the metric server needs to be able to multiplex requests out to multiple running sandboxes, and remain alive for the entire duration of either of these sandboxes. However, it should also die when there are no sandboxes, so that we don't end up with leftover metric servers lying around. - For this reason, the metrics server runs *outside* of the usual per-container cgroups. - This also saves system resources by not running one server per sandbox. - The metrics server must be exposed to the outside world, and cannot assume that its clients are trustworthy. - For this reason, a metrics server is bound to a runtime root directory, and double-checks all that the sandboxes it is asked to follow actually exist in this root directory. PiperOrigin-RevId: 498039624

gVisor: Add library for exporting instrumentation data in Prometheus format. This adds a new library, `//pkg/prometheus`, which contains just enough data structures such that we can encode instrumentation information in Prometheus information. These data structures are JSON-encodable, such that they can be used over the `runsc` control channel for export (implemented in a future CL). The existing `metric.go` library gains new functionality to export its own data using this new export format. This change is part of a series of changes to support Prometheus-style metrics in `runsc`. Doing so requires making several seemingly-odd design decisions, due to the following architectural constraints: - Prometheus requires an HTTP server serving the `/metrics` endpoint. - For performance reasons, the `runsc boot` process cannot run the `netpoller` goroutine. - Since we don't want to write our own HTTP server implementation, this means the HTTP endpoint has to be served by a separate process that remains running during the lifetime of the container. - The `runsc boot` process is untrusted. - This means we cannot trust metrics data that comes out of the Sentry. Therefore, there needs to be an elaborate dance where we pre-register metric metadata before starting any untrusted workload. Then, the server relaying the metric data must verify the validity of metric values against this metric metadata. This avoids leaking metrics, cardinality blow-ups, and other such DoS vectors. - This feature needs to be easy-to-use in a typical Docker setting. - This means having the ability to just say `--metrics-server=localhost:1337` in the `runsc` runtime entry in `/etc/docker/daemon.json` and have that Just Work(TM), even when multiple containers are running. - Since only one process may listen on a port at a given time, this means the metric server needs to be able to multiplex requests out to multiple running sandboxes, and remain alive for the entire duration of either of these sandboxes. However, it should also die when there are no sandboxes, so that we don't end up with leftover metric servers lying around. - For this reason, the metrics server runs *outside* of the usual per-container cgroups. - This also saves system resources by not running one server per sandbox. - The metrics server must be exposed to the outside world, and cannot assume that its clients are trustworthy. - For this reason, a metrics server is bound to a runtime root directory, and double-checks all that the sandboxes it is asked to follow actually exist in this root directory. PiperOrigin-RevId: 498039624

2022-12-14

Adding container_start_duration metric for container multi-container mode. Including the time when a container start request is received and the time it is completed in the ContainerStartedEvent proto message. PiperOrigin-RevId: 495390114

Adding container_start_duration metric for container multi-container mode. Including the time when a container start request is received and the time it is completed in the ContainerStartedEvent proto message. PiperOrigin-RevId: 495390114

2022-12-07

Adding metrics for start container in multi-container mode. PiperOrigin-RevId: 493655449

Adding metrics for start container in multi-container mode. PiperOrigin-RevId: 493655449

2022-11-17

Adding more trace point integration tests for the following syscalls: - Chdir - Fchdir - Setgid - Setuid - Setsid - Setresuid - Setresgid Updates #4805 PiperOrigin-RevId: 489076929

Adding more trace point integration tests for the following syscalls: - Chdir - Fchdir - Setgid - Setuid - Setsid - Setresuid - Setresgid Updates #4805 PiperOrigin-RevId: 489076929

2022-11-15

Add read/write syscalls to trace points Closes #8092 PiperOrigin-RevId: 488719448

Add read/write syscalls to trace points Closes #8092 PiperOrigin-RevId: 488719448

2022-10-07

Add container exit event. PiperOrigin-RevId: 479651998

Add container exit event. PiperOrigin-RevId: 479651998

2022-09-15

Implement sentry control commands for cgroupfs. Add sentry control commands to read and write cgroup control values. PiperOrigin-RevId: 474663678

Implement sentry control commands for cgroupfs. Add sentry control commands to read and write cgroup control values. PiperOrigin-RevId: 474663678

2022-07-07

Add Points to some syscalls Added a raw syscall points to all syscalls. Added schematized syscall points to the following syscalls: - timerfd_create - timerfd_settime - timerfd_gettime - fork, vfork - inotify_init, inotify_init1 - inotify_add_watch - inotify_rm_watch - socketpair Updates #4805 PiperOrigin-RevId: 459596784

Add Points to some syscalls Added a raw syscall points to all syscalls. Added schematized syscall points to the following syscalls: - timerfd_create - timerfd_settime - timerfd_gettime - fork, vfork - inotify_init, inotify_init1 - inotify_add_watch - inotify_rm_watch - socketpair Updates #4805 PiperOrigin-RevId: 459596784

2022-06-25

Add Points to some syscalls Added a raw syscall points to all syscalls. Added schematized syscall points to the following syscalls: - chroot - dup, dup2, dup3 - prlimit64 - eventfd, eventfd2 - signalfd, signalfd4 - bind - accept, accept4 - fcntl - pipe, pipe2 Updates #4805 PiperOrigin-RevId: 457139504

Add Points to some syscalls Added a raw syscall points to all syscalls. Added schematized syscall points to the following syscalls: - chroot - dup, dup2, dup3 - prlimit64 - eventfd, eventfd2 - signalfd, signalfd4 - bind - accept, accept4 - fcntl - pipe, pipe2 Updates #4805 PiperOrigin-RevId: 457139504

2022-05-25

Add Points to some syscalls Added a raw syscall points to all syscalls. Added schematized syscall points to the following syscalls: - Chdir - Fchdir - Setgid - Setuid - Setsid - Setresuid - Setresgid PiperOrigin-RevId: 451001973

Add Points to some syscalls Added a raw syscall points to all syscalls. Added schematized syscall points to the following syscalls: - Chdir - Fchdir - Setgid - Setuid - Setsid - Setresuid - Setresgid PiperOrigin-RevId: 451001973

Remove unused field from syscall.Read proto Updates #4805 PiperOrigin-RevId: 450802760

Remove unused field from syscall.Read proto Updates #4805 PiperOrigin-RevId: 450802760

2022-05-13

Add version handshake before communication is stablished Details on how it works is in wire.Handshake. Updates #4805 PiperOrigin-RevId: 448552448

Add version handshake before communication is stablished Details on how it works is in wire.Handshake. Updates #4805 PiperOrigin-RevId: 448552448

2022-05-06

Fire clone point for thread creation Thread creation tracking is required by Falco. Updates #4805 PiperOrigin-RevId: 447003670

Fire clone point for thread creation Thread creation tracking is required by Falco. Updates #4805 PiperOrigin-RevId: 447003670

Faster proto serialization The use of protobuf.Any is convenient, but adds to proto serialization time and number of memory allocations required to send a message. Instead, we now use an enum to indentify the message and use it to determine how to unmarshall the message on the receiveing end. It also speeds up event consuption by not requiring a map from string (proto names) to callbacks. BenchmarkProtoAny-6 115.9 ns/op 210 B/op 4 allocs/op BenchmarkProtoEnum-6 58.3 ns/op 2 B/op 1 allocs/op Updates #4805 PiperOrigin-RevId: 446879057

Faster proto serialization The use of protobuf.Any is convenient, but adds to proto serialization time and number of memory allocations required to send a message. Instead, we now use an enum to indentify the message and use it to determine how to unmarshall the message on the receiveing end. It also speeds up event consuption by not requiring a map from string (proto names) to callbacks. BenchmarkProtoAny-6 115.9 ns/op 210 B/op 4 allocs/op BenchmarkProtoEnum-6 58.3 ns/op 2 B/op 1 allocs/op Updates #4805 PiperOrigin-RevId: 446879057

2022-05-02

Add Points to some syscalls Added a raw syscall points to all syscalls. Added schematized syscall points to the following syscalls: - read - close - socket - connect - execve - creat - openat - execveat Updates #4805 PiperOrigin-RevId: 446008358

Add Points to some syscalls Added a raw syscall points to all syscalls. Added schematized syscall points to the following syscalls: - read - close - socket - connect - execve - creat - openat - execveat Updates #4805 PiperOrigin-RevId: 446008358

Add container/start context fields Updates #4805 PiperOrigin-RevId: 445976770

Add container/start context fields Updates #4805 PiperOrigin-RevId: 445976770

2022-04-29

Add support for syscall points Each syscall provides 4 different points. There is a raw syscall point that contains the syscall number and all 6 arguments, nothing else. Some syscalls can provide a schematized version of the syscall by defining a function that converts the syscall into a proto representing the syscall. Each of these flavors have a point for enter and another for exit. In both cases, the exit event adds return value and errno (if any). Updates #4805 PiperOrigin-RevId: 445510907

Add support for syscall points Each syscall provides 4 different points. There is a raw syscall point that contains the syscall number and all 6 arguments, nothing else. Some syscalls can provide a schematized version of the syscall by defining a function that converts the syscall into a proto representing the syscall. Each of these flavors have a point for enter and another for exit. In both cases, the exit event adds return value and errno (if any). Updates #4805 PiperOrigin-RevId: 445510907

2022-04-28

Add sentry/task_exit point Updates #4805 PiperOrigin-RevId: 445222912

Add sentry/task_exit point Updates #4805 PiperOrigin-RevId: 445222912

2022-04-27

Add container/start Point Updates #4805 PiperOrigin-RevId: 444983390

Add container/start Point Updates #4805 PiperOrigin-RevId: 444983390

2022-04-19

Use proto structs for seccheck points Given that in most cases points are serialized to another process, point data is now created diretly into protos. As part of this change, infrastructure to track optional and context fields was created to facilitate addition of lots of Points which is needed for upcomming of changes. Updates #4805 Currently the SST code is converting seccheck protos into SST protos in the sentry before sending it to the API. After this change, SST checker will be changed to send seccheck protos to the API and the API then converts these into SST on the way to pubsub. PiperOrigin-RevId: 442688320

Use proto structs for seccheck points Given that in most cases points are serialized to another process, point data is now created diretly into protos. As part of this change, infrastructure to track optional and context fields was created to facilitate addition of lots of Points which is needed for upcomming of changes. Updates #4805 Currently the SST code is converting seccheck protos into SST protos in the sentry before sending it to the API. After this change, SST checker will be changed to send seccheck protos to the API and the API then converts these into SST on the way to pubsub. PiperOrigin-RevId: 442688320

2022-03-23

Implement distribution metrics in the Sentry, with arbitrary number of fields. Distribution metrics are well-suited for recording "events" and the time these events take, for performance measurements. They bucket durations in buckets, and keep track of the number of samples in each bucket. As this structure also inherently keeps track of the *total* number of samples, it can be used as a simple event counter as well, obviating the need for a counter metric next to it counting the same thing. In order to be compatible with the needs of the KVM platform to track events that happen where new memory allocations would not be possible, the code for adding a sample to a distribution is optimized to be fast and allocation-free. The tradeoff there mostly comes in the form of memory, such as requiring a weird new `fieldMapper` recursive struct that acts as a lookup table for the concatenated key containing the values of all the fields for which the sample is being recorded. Since we do not expect to deal with large number of field combinations, this should not be a problem. Another tradeoff this imposes is the lack of support for a generic `Bucketer` interface allowing users to define their own bucketing scheme, as we would not be able to enforce the lack of allocations in custom `Bucketer` implementations, nor enforce `+checkescape` on them. However, since in practice all bucketing implementations will probably reside in `metric.go`, this is worked around by just having the distribution metric code refer to `Bucketer` implementations as references and call them directly (without the interface indirection). Since there is only one implementation currently (`ExponentialBucketer`), this is faster than using the interface. PiperOrigin-RevId: 436614053

Implement distribution metrics in the Sentry, with arbitrary number of fields. Distribution metrics are well-suited for recording "events" and the time these events take, for performance measurements. They bucket durations in buckets, and keep track of the number of samples in each bucket. As this structure also inherently keeps track of the *total* number of samples, it can be used as a simple event counter as well, obviating the need for a counter metric next to it counting the same thing. In order to be compatible with the needs of the KVM platform to track events that happen where new memory allocations would not be possible, the code for adding a sample to a distribution is optimized to be fast and allocation-free. The tradeoff there mostly comes in the form of memory, such as requiring a weird new `fieldMapper` recursive struct that acts as a lookup table for the concatenated key containing the values of all the fields for which the sample is being recorded. Since we do not expect to deal with large number of field combinations, this should not be a problem. Another tradeoff this imposes is the lack of support for a generic `Bucketer` interface allowing users to define their own bucketing scheme, as we would not be able to enforce the lack of allocations in custom `Bucketer` implementations, nor enforce `+checkescape` on them. However, since in practice all bucketing implementations will probably reside in `metric.go`, this is worked around by just having the distribution metric code refer to `Bucketer` implementations as references and call them directly (without the interface indirection). Since there is only one implementation currently (`ExponentialBucketer`), this is faster than using the interface. PiperOrigin-RevId: 436614053

2021-10-25

Add support for containerd 1.5 "cri.runtimeoptions.v1" moved to "runtimeoptions.v1" and containerd configuration format version 2 is required. Updates #6449 PiperOrigin-RevId: 405474653

Add support for containerd 1.5 "cri.runtimeoptions.v1" moved to "runtimeoptions.v1" and containerd configuration format version 2 is required. Updates #6449 PiperOrigin-RevId: 405474653

2021-08-18

Add control configs Also plumber the controls through runsc PiperOrigin-RevId: 391594318

Add control configs Also plumber the controls through runsc PiperOrigin-RevId: 391594318

2021-07-23

Add control configs PiperOrigin-RevId: 386340922

2021-07-09

Add TimeToRecover metric to record time spent by the connection in recovery. - The new sentry metric will record the duration when the connection is in Fast/SACK recovery and RTO recovery. This metric will help us to compare between different loss recovery algorithms such as Reno, SACK and RACK. - Added a new field in the TCP sender to record the start time of recovery. - Made changes to create sentry metrics with Microseconds unit. PiperOrigin-RevId: 383539850

2021-07-07

Sentry: Measure the time it takes to initialize the Sentry. PiperOrigin-RevId: 383472507

Sentry: Measure the time it takes to initialize the Sentry. PiperOrigin-RevId: 383472507

2021-04-16

Add field support to the sentry metrics. Fields allow counter metrics to have multiple tabular values. At most one field is supported at the moment. PiperOrigin-RevId: 368767040

Add field support to the sentry metrics. Fields allow counter metrics to have multiple tabular values. At most one field is supported at the moment. PiperOrigin-RevId: 368767040

2021-03-15

Packetimpact test for ACK to OTW Seq segments behavior in CLOSING TCP, in CLOSING state, MUST send an ACK with next expected SEQ number after receiving any segment with OTW SEQ number and remain in the same state. While I am here, I also changed shutdown to behave the same as other calls in posix_server. PiperOrigin-RevId: 362976955

Packetimpact test for ACK to OTW Seq segments behavior in CLOSING TCP, in CLOSING state, MUST send an ACK with next expected SEQ number after receiving any segment with OTW SEQ number and remain in the same state. While I am here, I also changed shutdown to behave the same as other calls in posix_server. PiperOrigin-RevId: 362976955

2021-02-25

Move SetNonblocking into posix_server - open flags can be different on different OSs, by putting SetNonblocking into the posix_server rather than the testbench, we can always get the right value for O_NONBLOCK - merged the tcp_queue_{send,receive}_in_syn_sent into a single file PiperOrigin-RevId: 359620630

Move SetNonblocking into posix_server - open flags can be different on different OSs, by putting SetNonblocking into the posix_server rather than the testbench, we can always get the right value for O_NONBLOCK - merged the tcp_queue_{send,receive}_in_syn_sent into a single file PiperOrigin-RevId: 359620630

2021-01-28

Make tcp_noaccept_close_rst more robust There used to be a race condition where we may call Close before the connection is established. Adding poll support so that we can eliminate this kind of race. Startblock: has LGTM from iyerm and then add reviewer tamird PiperOrigin-RevId: 354369130

Make tcp_noaccept_close_rst more robust There used to be a race condition where we may call Close before the connection is established. Adding poll support so that we can eliminate this kind of race. Startblock: has LGTM from iyerm and then add reviewer tamird PiperOrigin-RevId: 354369130

2021-01-13

Delete shim v1 gvisor-containerd-shim is not compatible with containerd 1.1 or earlier. Starting from containerd 1.2, shim v2 is the preferred interface. PiperOrigin-RevId: 351485556

Delete shim v1 gvisor-containerd-shim is not compatible with containerd 1.1 or earlier. Starting from containerd 1.2, shim v2 is the preferred interface. PiperOrigin-RevId: 351485556

2020-10-19

Remove legacy bazel configurations. Using the newer bazel rules necessitates a transition from proto1 to proto2. In order to resolve the incompatibility between proto2 and gogoproto, the cri runtimeoptions proto must be vendored. Further, some of the semantics of bazel caching changed during the transition. It is now necessary to: - Ensure that :gopath depends only on pure library targets, as the propagation of go_binary build attributes (pure, static) will affected the generated files (though content remains the same, there are conflicts with respect to the gopath). - Update bazel.mk to include the possibility of binaries in the bazel-out directory, as it will now put runsc and others there. This required some refinements to the mechanism of extracting paths, since some the existing regex resulted in false positives. - Change nogo rules to prevent escape generation on binary targets. For some reason, the newer version of bazel attempted to run the nogo analysis on the binary targets, which fails due to the fact that objdump does not work on the final binary. This must be due to a change in the semantics of aspects in bazel3. PiperOrigin-RevId: 337958324

Remove legacy bazel configurations. Using the newer bazel rules necessitates a transition from proto1 to proto2. In order to resolve the incompatibility between proto2 and gogoproto, the cri runtimeoptions proto must be vendored. Further, some of the semantics of bazel caching changed during the transition. It is now necessary to: - Ensure that :gopath depends only on pure library targets, as the propagation of go_binary build attributes (pure, static) will affected the generated files (though content remains the same, there are conflicts with respect to the gopath). - Update bazel.mk to include the possibility of binaries in the bazel-out directory, as it will now put runsc and others there. This required some refinements to the mechanism of extracting paths, since some the existing regex resulted in false positives. - Change nogo rules to prevent escape generation on binary targets. For some reason, the newer version of bazel attempted to run the nogo analysis on the binary targets, which fails due to the fact that objdump does not work on the final binary. This must be due to a change in the semantics of aspects in bazel3. PiperOrigin-RevId: 337958324

2020-09-25

arm64: some minor changes This patch adds minor changes for Arm64 platform: 1, add SetRobustList/GetRobustList support for arm64 syscall module. 2, add newfstatat support for arm64 vfs2 syscall module. 3, add tls value in ProtoBuf. Signed-off-by: Bin Lu <bin.lu@arm.com>

arm64: some minor changes This patch adds minor changes for Arm64 platform: 1, add SetRobustList/GetRobustList support for arm64 syscall module. 2, add newfstatat support for arm64 vfs2 syscall module. 3, add tls value in ProtoBuf. Signed-off-by: Bin Lu <bin.lu@arm.com>

2020-09-10

Support SO_LINGER socket option. When SO_LINGER option is enabled, the close will not return until all the queued messages are sent and acknowledged for the socket or linger timeout is reached. If the option is not set, close will return immediately. This option is mainly supported for connection oriented protocols such as TCP. PiperOrigin-RevId: 328350576

Fix handling of unacceptable ACKs during close. On receiving an ACK with unacceptable ACK number, in a closing state, TCP, needs to reply back with an ACK with correct seq and ack numbers and remain in same state. This change is as per RFC793 page 37, but with a difference that it does not apply to ESTABLISHED state, just as in Linux. Also add more tests to check for OTW sequence number and unacceptable ack numbers in these states. Fixes #3785 PiperOrigin-RevId: 329616283

Change runtimeoptions proto handling. Stolen from cl/327337408 (ascannell is OOO) PiperOrigin-RevId: 327475423

Automated rollback of changelist 328350576 PiperOrigin-RevId: 329526153

2020-09-02

Fix handling of unacceptable ACKs during close. On receiving an ACK with unacceptable ACK number, in a closing state, TCP, needs to reply back with an ACK with correct seq and ack numbers and remain in same state. This change is as per RFC793 page 37, but with a difference that it does not apply to ESTABLISHED state, just as in Linux. Also add more tests to check for OTW sequence number and unacceptable ack numbers in these states. Fixes #3785 PiperOrigin-RevId: 329616283

Fix handling of unacceptable ACKs during close. On receiving an ACK with unacceptable ACK number, in a closing state, TCP, needs to reply back with an ACK with correct seq and ack numbers and remain in same state. This change is as per RFC793 page 37, but with a difference that it does not apply to ESTABLISHED state, just as in Linux. Also add more tests to check for OTW sequence number and unacceptable ack numbers in these states. Fixes #3785 PiperOrigin-RevId: 329616283

2020-09-01

Automated rollback of changelist 328350576 PiperOrigin-RevId: 329526153

Automated rollback of changelist 328350576 PiperOrigin-RevId: 329526153

2020-08-25

Support SO_LINGER socket option. When SO_LINGER option is enabled, the close will not return until all the queued messages are sent and acknowledged for the socket or linger timeout is reached. If the option is not set, close will return immediately. This option is mainly supported for connection oriented protocols such as TCP. PiperOrigin-RevId: 328350576

Support SO_LINGER socket option. When SO_LINGER option is enabled, the close will not return until all the queued messages are sent and acknowledged for the socket or linger timeout is reached. If the option is not set, close will return immediately. This option is mainly supported for connection oriented protocols such as TCP. PiperOrigin-RevId: 328350576

2020-08-19

Change runtimeoptions proto handling. Stolen from cl/327337408 (ascannell is OOO) PiperOrigin-RevId: 327475423

Change runtimeoptions proto handling. Stolen from cl/327337408 (ascannell is OOO) PiperOrigin-RevId: 327475423

Change runtimeoptions proto handling. PiperOrigin-RevId: 327337408

2020-07-13

Merge pull request #2672 from amscanne:shim-integrated PiperOrigin-RevId: 321053634

Merge pull request #2672 from amscanne:shim-integrated PiperOrigin-RevId: 321053634

2020-06-24

Support for saving pointers to fields in the state package. Previously, it was not possible to encode/decode an object graph which contained a pointer to a field within another type. This was because the encoder was previously unable to disambiguate a pointer to an object and a pointer within the object. This CL remedies this by constructing an address map tracking the full memory range object occupy. The encoded Refvalue message has been extended to allow references to children objects within another object. Because the encoding process may learn about object structure over time, we cannot encode any objects under the entire graph has been generated. This CL also updates the state package to use standard interfaces intead of reflection-based dispatch in order to improve performance overall. This includes a custom wire protocol to significantly reduce the number of allocations and take advantage of structure packing. As part of these changes, there are a small number of minor changes in other places of the code base: * The lists used during encoding are changed to use intrusive lists with the objectEncodeState directly, which required that the ilist Len() method is updated to work properly with the ElementMapper mechanism. * A bug is fixed in the list code wherein Remove() called on an element that is already removed can corrupt the list (removing the element if there's only a single element). Now the behavior is correct. * Standard error wrapping is introduced. * Compressio was updated to implement the new wire.Reader and wire.Writer inteface methods directly. The lack of a ReadByte and WriteByte caused issues not due to interface dispatch, but because underlying slices for a Read or Write call through an interface would always escape to the heap! * Statify has been updated to support the new APIs. See README.md for a description of how the new mechanism works. PiperOrigin-RevId: 318010298

Support for saving pointers to fields in the state package. Previously, it was not possible to encode/decode an object graph which contained a pointer to a field within another type. This was because the encoder was previously unable to disambiguate a pointer to an object and a pointer within the object. This CL remedies this by constructing an address map tracking the full memory range object occupy. The encoded Refvalue message has been extended to allow references to children objects within another object. Because the encoding process may learn about object structure over time, we cannot encode any objects under the entire graph has been generated. This CL also updates the state package to use standard interfaces intead of reflection-based dispatch in order to improve performance overall. This includes a custom wire protocol to significantly reduce the number of allocations and take advantage of structure packing. As part of these changes, there are a small number of minor changes in other places of the code base: * The lists used during encoding are changed to use intrusive lists with the objectEncodeState directly, which required that the ilist Len() method is updated to work properly with the ElementMapper mechanism. * A bug is fixed in the list code wherein Remove() called on an element that is already removed can corrupt the list (removing the element if there's only a single element). Now the behavior is correct. * Standard error wrapping is introduced. * Compressio was updated to implement the new wire.Reader and wire.Writer inteface methods directly. The lack of a ReadByte and WriteByte caused issues not due to interface dispatch, but because underlying slices for a Read or Write call through an interface would always escape to the heap! * Statify has been updated to support the new APIs. See README.md for a description of how the new mechanism works. PiperOrigin-RevId: 318010298

2020-06-12

Add test for reordering. Tests the effect of reordering on retransmission and window size. Test covers the expected behavior of both Linux and netstack, however, netstack does not behave as expected. Further, the current expected behavior of netstack is not ideal and should be adjusted in the future. PiperOrigin-RevId: 316015184

Add test for reordering. Tests the effect of reordering on retransmission and window size. Test covers the expected behavior of both Linux and netstack, however, netstack does not behave as expected. Further, the current expected behavior of netstack is not ideal and should be adjusted in the future. PiperOrigin-RevId: 316015184

2020-06-11

Add sendmsg/recvmsg support to packetimpact Add support for calling sendmsg and recvmsg on the posix_server in packetimpact, and a test which exercises the new functionality. PiperOrigin-RevId: 315970656