- Added a new Stats() method in inet.Stack to get the saved stats
during restore.
- Mark stack.nic, tcpip.Route and stack.addressState structs as "nosave".
These fields should not be saved because the IP addresses and routes can
change during restore and new configuration of routes and IP addresses will be
extracted from the restore spec and initialized in the saved stack.
- Changes in Restore() method in icmp, udp, tcp, packet and raw endpoint files
to support save restore of these endpoints. These changes are flag guarded by
the TESTONLY-save-restore-netstack flag.
PiperOrigin-RevId: 707639274
This CL restores the listening connections when netstack s/r is enabled.
The changes include:
- New method as a workaround to replace the new routes and nics to the loaded
stack after restore.
- New Restore() for transport layer protocols to restore the protocol level
background workers.
- Adds afterLoad() method for fdbased processors.
- Adds a test to verify listening connection is restored after checkpointing
with netstack s/r enabled.
- Few other changes to save restore fields to enable netstack s/r.
PiperOrigin-RevId: 698453124
- Adds a new flag which will enable netstack s/r. When the flag is not enabled,
there is no change in the existing behavior. The flag will be enabled only in
tests to verify the s/r functionality of netstack.
- Some additional fields in netstack were causing panic when netstack is
save/restored. Such fields are marked as 'save'/'nosave' accordingly to resolve
the panic.
PiperOrigin-RevId: 668566657
And add a comment above the socket type check, since that *is* a bitmask.
This uncovered a bug in the hostnet handling of IP_MULTICAST_IF socket option.
The kernel allows different-sized structures to be passed, but we were only
forwarding the first 4 bytes.
PiperOrigin-RevId: 628115391
The NEWLINK commands contains many properties and here is no reason to have
another abstract interface between the Sentry and network stacks.
PiperOrigin-RevId: 627916629
Resume method resumes the endpoints after save which is required for
save/resume. This method resumes the endpoint states which were frozen during
save.
PiperOrigin-RevId: 615467468
The existing Resume method in netstack is doing the work of Restore. This
method does not resume endpoints as the resumable endpoints are only stored
during the Restore of the sandbox, rename the method appropriately.
PiperOrigin-RevId: 613320887
Starting with Go 1.21, build tags select the language version. We currently
have several `go:build go1.1` tags, which were intended to act as "true" tags.
But that will break with 1.21. So replace them with "!false".
Fixes#9568.
PiperOrigin-RevId: 576020779
The important change here is in tcpip/tcpip.go, where tcpip.Address is defined.
The rest is updating uses of tcpip.Address.
This is preparation for netip.Addr or []byte based addresses, which should save
us a bunch of allocations. Currently, we allocate every time we want to, say,
get a tcpip.Address from a header. This is because the header is a byte slice,
but Address is a string. Strings are immutable, so Go allocates and copies.
PiperOrigin-RevId: 532284732
A few minor fixes. The biggest change is that the blocking implementation needs
to wait on POLLHUP and POLLERR events, in addition to readable/writable events.
We also need to track shutdown state in the socket.
PiperOrigin-RevId: 529816115
The blocking implementation needs to wait on POLLHUP and POLLERR events, in
addition to readable/writable events. That fixed at least one test.
There's still two unresolved issues in the tests, but we can enable the rest
of the suite while we figure out those two.
PiperOrigin-RevId: 525849045
And enable all of the netlink tests that depend on this functionality.
Specifially, this CL implements hostinet.stack:
* .RemoveInterface()
* .AddInterfaceAddr()
* .RemoveInterfaceAddr()
Applications use netlink messages to call into these methods. For hostinet, we
use netlink messages to the host to implement these methods.
Note that the netlink messages are not simple passed from the application to
the host -- they are parsed first and only carefully crafted messages are sent
to the host.
This CL required a lot of refactoring to the existing netlink code in the
hostinet package, as well as a bunch of new functionality. All of that code has
been collected in hostinet/netlink.go
I also changed how we handle CAP_NET_ADMIN and CAP_NET_RAW in tests, since we
must drop those capabilities inside the sandbox if we don't have them on the
host. The new solution is cleaner and does not rely on google-specific env
variables.
PiperOrigin-RevId: 522685544
Previously we were initializing these at startup and they could never change.
Now they are read dynamically every time they are requested. This is a
pre-requisite for implementing methods that mutate the interfaces
(stack.AddInterface()).
PiperOrigin-RevId: 522109098
No functional changes. Refactored some methods into smaller chunks for easy
reuse. Got rid of some needlessly exported methods.
PiperOrigin-RevId: 520748526
Nayana Bidari
Jamie Liu
Koichi Shiraishi
Jing Chen
Kevin Krakauer
Nicolas Lacasse
Andrei Vagin
Ayush Ranjan