Skip to content

Commit

Permalink
Merge pull request containers#410 from AkihiroSuda/gvisor
Browse files Browse the repository at this point in the history
Update to gvisor release-20240916.0
  • Loading branch information
openshift-merge-bot[bot] authored Oct 24, 2024
2 parents 78d4944 + a312ff4 commit 94898d5
Show file tree
Hide file tree
Showing 12 changed files with 124 additions and 81 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ require (
golang.org/x/crypto v0.28.0
golang.org/x/sync v0.8.0
golang.org/x/sys v0.26.0
gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121
gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f
)

require (
Expand Down
7 changes: 2 additions & 5 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4t
github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
github.com/areYouLazy/libhosty v1.1.0 h1:kO6UTk9z72cHW28A/V1kKi7C8iKQGqINiVGXp+05Eao=
github.com/areYouLazy/libhosty v1.1.0/go.mod h1:dV4ir3feRrTbWdcJ21mt3MeZlASg0sc8db6nimL9GOA=
github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU=
github.com/containers/winquit v1.1.0 h1:jArun04BNDQvt2W0Y78kh9TazN2EIEMG5Im6/JY7+pE=
github.com/containers/winquit v1.1.0/go.mod h1:PsPeZlnbkmGGIToMPHF1zhWjBUkd8aHjMOr/vFcPxw8=
github.com/coreos/stream-metadata-go v0.4.4 h1:PM/6iNhofKGydsatiY1zdnMMHBT34skb5P7nfEFR4GU=
Expand Down Expand Up @@ -43,8 +42,6 @@ github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo
github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA=
github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626 h1:oeu2cpk2bBlSgMQiSQIBJ8+FZsTqMG9fwdPez/weEbk=
github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626/go.mod h1:Tojt5kmHpDIR2jMojxzZK2w2ZR7OILODmUo2gaSwjrk=
github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9 h1:LZJWucZz7ztCqY6Jsu7N9g124iJ2kt/O62j3+UchZFg=
github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=
github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
Expand Down Expand Up @@ -177,5 +174,5 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121 h1:2Vd3QUoPYevmDp3S7jUQgxEzdeMlDh8pYFELopFXn3w=
gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU=
gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f h1:O2w2DymsOlM/nv2pLNWCMCYOldgBBMkD7H0/prN5W2k=
gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU=
1 change: 1 addition & 0 deletions vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go
Original file line number Diff line number Diff line change
Expand Up @@ -394,6 +394,7 @@ type Waker struct {
allWakersNext *Waker
}

// +stateify savable
type wakerState struct {
asserted bool
other *Sleeper
Expand Down
29 changes: 29 additions & 0 deletions vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe_state_autogen.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,36 @@ func (w *Waker) StateLoad(ctx context.Context, stateSourceObject state.Source) {
stateSourceObject.LoadValue(0, new(wakerState), func(y any) { w.loadS(ctx, y.(wakerState)) })
}

func (w *wakerState) StateTypeName() string {
return "pkg/sleep.wakerState"
}

func (w *wakerState) StateFields() []string {
return []string{
"asserted",
"other",
}
}

func (w *wakerState) beforeSave() {}

// +checklocksignore
func (w *wakerState) StateSave(stateSinkObject state.Sink) {
w.beforeSave()
stateSinkObject.Save(0, &w.asserted)
stateSinkObject.Save(1, &w.other)
}

func (w *wakerState) afterLoad(context.Context) {}

// +checklocksignore
func (w *wakerState) StateLoad(ctx context.Context, stateSourceObject state.Source) {
stateSourceObject.Load(0, &w.asserted)
stateSourceObject.Load(1, &w.other)
}

func init() {
state.Register((*Sleeper)(nil))
state.Register((*Waker)(nil))
state.Register((*wakerState)(nil))
}
22 changes: 9 additions & 13 deletions vendor/gvisor.dev/gvisor/pkg/state/wire/wire.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,17 +58,8 @@ func (r *Reader) readByte() byte {
type Writer struct {
io.Writer

buf [1]byte
}

// writeByte writes a single byte to w.Writer without allocation. It panics on
// error.
func (w *Writer) writeByte(b byte) {
w.buf[0] = b
n, err := w.Write(w.buf[:])
if n != 1 {
panic(err)
}
// buf is used by Uint as a scratch buffer.
buf [10]byte
}

// readFull is a utility. The equivalent is not needed for Write, but the API
Expand Down Expand Up @@ -173,11 +164,16 @@ func loadUint(r *Reader) Uint {

// save implements Object.save.
func (u Uint) save(w *Writer) {
i := 0
for u >= 0x80 {
w.writeByte(byte(u) | 0x80)
w.buf[i] = byte(u) | 0x80
i++
u >>= 7
}
w.writeByte(byte(u))
w.buf[i] = byte(u)
if _, err := w.Write(w.buf[:i+1]); err != nil {
panic(err)
}
}

// load implements Object.load.
Expand Down
79 changes: 44 additions & 35 deletions vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,17 +44,19 @@ var LogPackets atomicbitops.Uint32 = atomicbitops.FromUint32(1)
// sniffer was created for this flag to have effect.
var LogPacketsToPCAP atomicbitops.Uint32 = atomicbitops.FromUint32(1)

// Endpoint is used to sniff and log network traffic.
//
// +stateify savable
type endpoint struct {
type Endpoint struct {
nested.Endpoint
writer io.Writer
maxPCAPLen uint32
logPrefix string
}

var _ stack.GSOEndpoint = (*endpoint)(nil)
var _ stack.LinkEndpoint = (*endpoint)(nil)
var _ stack.NetworkDispatcher = (*endpoint)(nil)
var _ stack.GSOEndpoint = (*Endpoint)(nil)
var _ stack.LinkEndpoint = (*Endpoint)(nil)
var _ stack.NetworkDispatcher = (*Endpoint)(nil)

// A Direction indicates whether the packing is being sent or received.
type Direction int
Expand All @@ -66,9 +68,20 @@ const (
DirectionRecv
)

func (dr Direction) String() string {
switch dr {
case DirectionSend:
return "send"
case DirectionRecv:
return "recv"
default:
panic(fmt.Sprintf("invalid Direction %d", dr))
}
}

// New creates a new sniffer link-layer endpoint. It wraps around another
// endpoint and logs packets and they traverse the endpoint.
func New(lower stack.LinkEndpoint) stack.LinkEndpoint {
func New(lower stack.LinkEndpoint) *Endpoint {
return NewWithPrefix(lower, "")
}

Expand All @@ -79,8 +92,8 @@ func New(lower stack.LinkEndpoint) stack.LinkEndpoint {
// logPrefix is prepended to the log line without any separators.
// E.g. logPrefix = "NIC:en0/" will produce log lines like
// "NIC:en0/send udp [...]".
func NewWithPrefix(lower stack.LinkEndpoint, logPrefix string) stack.LinkEndpoint {
sniffer := &endpoint{logPrefix: logPrefix}
func NewWithPrefix(lower stack.LinkEndpoint, logPrefix string) *Endpoint {
sniffer := &Endpoint{logPrefix: logPrefix}
sniffer.Endpoint.Init(lower, sniffer)
return sniffer
}
Expand Down Expand Up @@ -119,11 +132,11 @@ func writePCAPHeader(w io.Writer, maxLen uint32) error {
// snapLen is the maximum amount of a packet to be saved. Packets with a length
// less than or equal to snapLen will be saved in their entirety. Longer
// packets will be truncated to snapLen.
func NewWithWriter(lower stack.LinkEndpoint, writer io.Writer, snapLen uint32) (stack.LinkEndpoint, error) {
func NewWithWriter(lower stack.LinkEndpoint, writer io.Writer, snapLen uint32) (*Endpoint, error) {
if err := writePCAPHeader(writer, snapLen); err != nil {
return nil, err
}
sniffer := &endpoint{
sniffer := &Endpoint{
writer: writer,
maxPCAPLen: snapLen,
}
Expand All @@ -134,22 +147,28 @@ func NewWithWriter(lower stack.LinkEndpoint, writer io.Writer, snapLen uint32) (
// DeliverNetworkPacket implements the stack.NetworkDispatcher interface. It is
// called by the link-layer endpoint being wrapped when a packet arrives, and
// logs the packet before forwarding to the actual dispatcher.
func (e *endpoint) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) {
e.dumpPacket(DirectionRecv, protocol, pkt)
func (e *Endpoint) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) {
e.DumpPacket(DirectionRecv, protocol, pkt, nil)
e.Endpoint.DeliverNetworkPacket(protocol, pkt)
}

func (e *endpoint) dumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) {
// DumpPacket logs a packet, depending on configuration, to stderr and/or a
// pcap file. ts is an optional timestamp for the packet.
func (e *Endpoint) DumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer, ts *time.Time) {
writer := e.writer
if LogPackets.Load() == 1 {
LogPacket(e.logPrefix, dir, protocol, pkt)
}
if writer != nil && LogPacketsToPCAP.Load() == 1 {
packet := pcapPacket{
timestamp: time.Now(),
packet: pkt,
maxCaptureLen: int(e.maxPCAPLen),
}
if ts == nil {
packet.timestamp = time.Now()
} else {
packet.timestamp = *ts
}
b, err := packet.MarshalBinary()
if err != nil {
panic(err)
Expand All @@ -163,9 +182,9 @@ func (e *endpoint) dumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumbe
// WritePackets implements the stack.LinkEndpoint interface. It is called by
// higher-level protocols to write packets; it just logs the packet and
// forwards the request to the lower endpoint.
func (e *endpoint) WritePackets(pkts stack.PacketBufferList) (int, tcpip.Error) {
func (e *Endpoint) WritePackets(pkts stack.PacketBufferList) (int, tcpip.Error) {
for _, pkt := range pkts.AsSlice() {
e.dumpPacket(DirectionSend, pkt.NetworkProtocolNumber, pkt)
e.DumpPacket(DirectionSend, pkt.NetworkProtocolNumber, pkt, nil)
}
return e.Endpoint.WritePackets(pkts)
}
Expand All @@ -181,16 +200,6 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe
var fragmentOffset uint16
var moreFragments bool

var directionPrefix string
switch dir {
case DirectionSend:
directionPrefix = "send"
case DirectionRecv:
directionPrefix = "recv"
default:
panic(fmt.Sprintf("unrecognized direction: %d", dir))
}

clone := trimmedClone(pkt)
defer clone.DecRef()
switch protocol {
Expand Down Expand Up @@ -232,14 +241,14 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe
log.Infof(
"%s%s arp %s (%s) -> %s (%s) valid:%t",
prefix,
directionPrefix,
dir,
tcpip.AddrFromSlice(arp.ProtocolAddressSender()), tcpip.LinkAddress(arp.HardwareAddressSender()),
tcpip.AddrFromSlice(arp.ProtocolAddressTarget()), tcpip.LinkAddress(arp.HardwareAddressTarget()),
arp.IsValid(),
)
return
default:
log.Infof("%s%s unknown network protocol: %d", prefix, directionPrefix, protocol)
log.Infof("%s%s unknown network protocol: %d", prefix, dir, protocol)
return
}

Expand Down Expand Up @@ -283,7 +292,7 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe
icmpType = "info reply"
}
}
log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, directionPrefix, transName, src, dst, icmpType, size, id, icmp.Code())
log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, dir, transName, src, dst, icmpType, size, id, icmp.Code())
return

case header.ICMPv6ProtocolNumber:
Expand Down Expand Up @@ -318,7 +327,7 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe
case header.ICMPv6RedirectMsg:
icmpType = "redirect message"
}
log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, directionPrefix, transName, src, dst, icmpType, size, id, icmp.Code())
log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, dir, transName, src, dst, icmpType, size, id, icmp.Code())
return

case header.UDPProtocolNumber:
Expand Down Expand Up @@ -359,24 +368,24 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe

// Initialize the TCP flags.
flags := tcp.Flags()
details = fmt.Sprintf("flags: %s seqnum: %d ack: %d win: %d xsum:0x%x", flags, tcp.SequenceNumber(), tcp.AckNumber(), tcp.WindowSize(), tcp.Checksum())
details = fmt.Sprintf("flags:%s seqnum:%d ack:%d win:%d xsum:0x%x", flags, tcp.SequenceNumber(), tcp.AckNumber(), tcp.WindowSize(), tcp.Checksum())
if flags&header.TCPFlagSyn != 0 {
details += fmt.Sprintf(" options: %+v", header.ParseSynOptions(tcp.Options(), flags&header.TCPFlagAck != 0))
details += fmt.Sprintf(" options:%+v", header.ParseSynOptions(tcp.Options(), flags&header.TCPFlagAck != 0))
} else {
details += fmt.Sprintf(" options: %+v", tcp.ParsedOptions())
details += fmt.Sprintf(" options:%+v", tcp.ParsedOptions())
}
}

default:
log.Infof("%s%s %s -> %s unknown transport protocol: %d", prefix, directionPrefix, src, dst, transProto)
log.Infof("%s%s %s -> %s unknown transport protocol: %d", prefix, dir, src, dst, transProto)
return
}

if pkt.GSOOptions.Type != stack.GSONone {
details += fmt.Sprintf(" gso: %#v", pkt.GSOOptions)
details += fmt.Sprintf(" gso:%#v", pkt.GSOOptions)
}

log.Infof("%s%s %s %s:%d -> %s:%d len:%d id:%04x %s", prefix, directionPrefix, transName, src, srcPort, dst, dstPort, size, id, details)
log.Infof("%s%s %s %s:%d -> %s:%d len:%d id:0x%04x %s", prefix, dir, transName, src, srcPort, dst, dstPort, size, id, details)
}

// trimmedClone clones the packet buffer to not modify the original. It trims
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,11 @@ import (
"gvisor.dev/gvisor/pkg/state"
)

func (e *endpoint) StateTypeName() string {
return "pkg/tcpip/link/sniffer.endpoint"
func (e *Endpoint) StateTypeName() string {
return "pkg/tcpip/link/sniffer.Endpoint"
}

func (e *endpoint) StateFields() []string {
func (e *Endpoint) StateFields() []string {
return []string{
"Endpoint",
"writer",
Expand All @@ -21,27 +21,27 @@ func (e *endpoint) StateFields() []string {
}
}

func (e *endpoint) beforeSave() {}
func (e *Endpoint) beforeSave() {}

// +checklocksignore
func (e *endpoint) StateSave(stateSinkObject state.Sink) {
func (e *Endpoint) StateSave(stateSinkObject state.Sink) {
e.beforeSave()
stateSinkObject.Save(0, &e.Endpoint)
stateSinkObject.Save(1, &e.writer)
stateSinkObject.Save(2, &e.maxPCAPLen)
stateSinkObject.Save(3, &e.logPrefix)
}

func (e *endpoint) afterLoad(context.Context) {}
func (e *Endpoint) afterLoad(context.Context) {}

// +checklocksignore
func (e *endpoint) StateLoad(ctx context.Context, stateSourceObject state.Source) {
func (e *Endpoint) StateLoad(ctx context.Context, stateSourceObject state.Source) {
stateSourceObject.Load(0, &e.Endpoint)
stateSourceObject.Load(1, &e.writer)
stateSourceObject.Load(2, &e.maxPCAPLen)
stateSourceObject.Load(3, &e.logPrefix)
}

func init() {
state.Register((*endpoint)(nil))
state.Register((*Endpoint)(nil))
}
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,12 @@ type AddressableEndpointState struct {
// AddressableEndpointState.mu
// addressState.mu
mu addressableEndpointStateRWMutex `state:"nosave"`
// TODO(b/361075310): Enable s/r for the below fields.
//
// +checklocks:mu
endpoints map[tcpip.Address]*addressState
endpoints map[tcpip.Address]*addressState `state:"nosave"`
// +checklocks:mu
primary []*addressState
primary []*addressState `state:"nosave"`
}

// AddressableEndpointStateOptions contains options used to configure an
Expand Down
Loading

0 comments on commit 94898d5

Please sign in to comment.