From a312ff43010b56de4e85a7396694c89eba79be8c Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sat, 19 Oct 2024 07:35:56 +0900 Subject: [PATCH] Update to gvisor release-20240916.0 This is the last version that supports Go 1.22 https://github.com/google/gvisor/compare/9f3309e5b121...a174eb65023f Signed-off-by: Akihiro Suda --- go.mod | 2 +- go.sum | 7 +- .../gvisor/pkg/sleep/sleep_unsafe.go | 1 + .../pkg/sleep/sleep_unsafe_state_autogen.go | 29 +++++++ .../gvisor.dev/gvisor/pkg/state/wire/wire.go | 22 +++--- .../gvisor/pkg/tcpip/link/sniffer/sniffer.go | 79 +++++++++++-------- .../link/sniffer/sniffer_state_autogen.go | 16 ++-- .../tcpip/stack/addressable_endpoint_state.go | 6 +- .../pkg/tcpip/stack/stack_state_autogen.go | 6 -- .../gvisor/pkg/tcpip/transport/tcp/connect.go | 33 +++++--- .../pkg/tcpip/transport/tcp/protocol.go | 2 +- vendor/modules.txt | 2 +- 12 files changed, 124 insertions(+), 81 deletions(-) diff --git a/go.mod b/go.mod index e1d7d5a5c..c7a33cf14 100644 --- a/go.mod +++ b/go.mod @@ -28,7 +28,7 @@ require ( golang.org/x/crypto v0.28.0 golang.org/x/sync v0.8.0 golang.org/x/sys v0.26.0 - gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121 + gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f ) require ( diff --git a/go.sum b/go.sum index 534c60674..6246065e1 100644 --- a/go.sum +++ b/go.sum @@ -4,7 +4,6 @@ github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4t github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/areYouLazy/libhosty v1.1.0 h1:kO6UTk9z72cHW28A/V1kKi7C8iKQGqINiVGXp+05Eao= github.com/areYouLazy/libhosty v1.1.0/go.mod h1:dV4ir3feRrTbWdcJ21mt3MeZlASg0sc8db6nimL9GOA= -github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU= github.com/containers/winquit v1.1.0 h1:jArun04BNDQvt2W0Y78kh9TazN2EIEMG5Im6/JY7+pE= github.com/containers/winquit v1.1.0/go.mod h1:PsPeZlnbkmGGIToMPHF1zhWjBUkd8aHjMOr/vFcPxw8= github.com/coreos/stream-metadata-go v0.4.4 h1:PM/6iNhofKGydsatiY1zdnMMHBT34skb5P7nfEFR4GU= @@ -43,8 +42,6 @@ github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA= github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626 h1:oeu2cpk2bBlSgMQiSQIBJ8+FZsTqMG9fwdPez/weEbk= -github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626/go.mod h1:Tojt5kmHpDIR2jMojxzZK2w2ZR7OILODmUo2gaSwjrk= github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9 h1:LZJWucZz7ztCqY6Jsu7N9g124iJ2kt/O62j3+UchZFg= github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic= github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA= @@ -177,5 +174,5 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121 h1:2Vd3QUoPYevmDp3S7jUQgxEzdeMlDh8pYFELopFXn3w= -gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU= +gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f h1:O2w2DymsOlM/nv2pLNWCMCYOldgBBMkD7H0/prN5W2k= +gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU= diff --git a/vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go b/vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go index eab682dc0..9dcd78c09 100644 --- a/vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go +++ b/vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go @@ -394,6 +394,7 @@ type Waker struct { allWakersNext *Waker } +// +stateify savable type wakerState struct { asserted bool other *Sleeper diff --git a/vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe_state_autogen.go b/vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe_state_autogen.go index b346c34a3..c6d7cf509 100644 --- a/vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe_state_autogen.go +++ b/vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe_state_autogen.go @@ -74,7 +74,36 @@ func (w *Waker) StateLoad(ctx context.Context, stateSourceObject state.Source) { stateSourceObject.LoadValue(0, new(wakerState), func(y any) { w.loadS(ctx, y.(wakerState)) }) } +func (w *wakerState) StateTypeName() string { + return "pkg/sleep.wakerState" +} + +func (w *wakerState) StateFields() []string { + return []string{ + "asserted", + "other", + } +} + +func (w *wakerState) beforeSave() {} + +// +checklocksignore +func (w *wakerState) StateSave(stateSinkObject state.Sink) { + w.beforeSave() + stateSinkObject.Save(0, &w.asserted) + stateSinkObject.Save(1, &w.other) +} + +func (w *wakerState) afterLoad(context.Context) {} + +// +checklocksignore +func (w *wakerState) StateLoad(ctx context.Context, stateSourceObject state.Source) { + stateSourceObject.Load(0, &w.asserted) + stateSourceObject.Load(1, &w.other) +} + func init() { state.Register((*Sleeper)(nil)) state.Register((*Waker)(nil)) + state.Register((*wakerState)(nil)) } diff --git a/vendor/gvisor.dev/gvisor/pkg/state/wire/wire.go b/vendor/gvisor.dev/gvisor/pkg/state/wire/wire.go index 657f3dbb5..f89067acd 100644 --- a/vendor/gvisor.dev/gvisor/pkg/state/wire/wire.go +++ b/vendor/gvisor.dev/gvisor/pkg/state/wire/wire.go @@ -58,17 +58,8 @@ func (r *Reader) readByte() byte { type Writer struct { io.Writer - buf [1]byte -} - -// writeByte writes a single byte to w.Writer without allocation. It panics on -// error. -func (w *Writer) writeByte(b byte) { - w.buf[0] = b - n, err := w.Write(w.buf[:]) - if n != 1 { - panic(err) - } + // buf is used by Uint as a scratch buffer. + buf [10]byte } // readFull is a utility. The equivalent is not needed for Write, but the API @@ -173,11 +164,16 @@ func loadUint(r *Reader) Uint { // save implements Object.save. func (u Uint) save(w *Writer) { + i := 0 for u >= 0x80 { - w.writeByte(byte(u) | 0x80) + w.buf[i] = byte(u) | 0x80 + i++ u >>= 7 } - w.writeByte(byte(u)) + w.buf[i] = byte(u) + if _, err := w.Write(w.buf[:i+1]); err != nil { + panic(err) + } } // load implements Object.load. diff --git a/vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer.go b/vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer.go index 9fcff324a..583e7d899 100644 --- a/vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer.go +++ b/vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer.go @@ -44,17 +44,19 @@ var LogPackets atomicbitops.Uint32 = atomicbitops.FromUint32(1) // sniffer was created for this flag to have effect. var LogPacketsToPCAP atomicbitops.Uint32 = atomicbitops.FromUint32(1) +// Endpoint is used to sniff and log network traffic. +// // +stateify savable -type endpoint struct { +type Endpoint struct { nested.Endpoint writer io.Writer maxPCAPLen uint32 logPrefix string } -var _ stack.GSOEndpoint = (*endpoint)(nil) -var _ stack.LinkEndpoint = (*endpoint)(nil) -var _ stack.NetworkDispatcher = (*endpoint)(nil) +var _ stack.GSOEndpoint = (*Endpoint)(nil) +var _ stack.LinkEndpoint = (*Endpoint)(nil) +var _ stack.NetworkDispatcher = (*Endpoint)(nil) // A Direction indicates whether the packing is being sent or received. type Direction int @@ -66,9 +68,20 @@ const ( DirectionRecv ) +func (dr Direction) String() string { + switch dr { + case DirectionSend: + return "send" + case DirectionRecv: + return "recv" + default: + panic(fmt.Sprintf("invalid Direction %d", dr)) + } +} + // New creates a new sniffer link-layer endpoint. It wraps around another // endpoint and logs packets and they traverse the endpoint. -func New(lower stack.LinkEndpoint) stack.LinkEndpoint { +func New(lower stack.LinkEndpoint) *Endpoint { return NewWithPrefix(lower, "") } @@ -79,8 +92,8 @@ func New(lower stack.LinkEndpoint) stack.LinkEndpoint { // logPrefix is prepended to the log line without any separators. // E.g. logPrefix = "NIC:en0/" will produce log lines like // "NIC:en0/send udp [...]". -func NewWithPrefix(lower stack.LinkEndpoint, logPrefix string) stack.LinkEndpoint { - sniffer := &endpoint{logPrefix: logPrefix} +func NewWithPrefix(lower stack.LinkEndpoint, logPrefix string) *Endpoint { + sniffer := &Endpoint{logPrefix: logPrefix} sniffer.Endpoint.Init(lower, sniffer) return sniffer } @@ -119,11 +132,11 @@ func writePCAPHeader(w io.Writer, maxLen uint32) error { // snapLen is the maximum amount of a packet to be saved. Packets with a length // less than or equal to snapLen will be saved in their entirety. Longer // packets will be truncated to snapLen. -func NewWithWriter(lower stack.LinkEndpoint, writer io.Writer, snapLen uint32) (stack.LinkEndpoint, error) { +func NewWithWriter(lower stack.LinkEndpoint, writer io.Writer, snapLen uint32) (*Endpoint, error) { if err := writePCAPHeader(writer, snapLen); err != nil { return nil, err } - sniffer := &endpoint{ + sniffer := &Endpoint{ writer: writer, maxPCAPLen: snapLen, } @@ -134,22 +147,28 @@ func NewWithWriter(lower stack.LinkEndpoint, writer io.Writer, snapLen uint32) ( // DeliverNetworkPacket implements the stack.NetworkDispatcher interface. It is // called by the link-layer endpoint being wrapped when a packet arrives, and // logs the packet before forwarding to the actual dispatcher. -func (e *endpoint) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) { - e.dumpPacket(DirectionRecv, protocol, pkt) +func (e *Endpoint) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) { + e.DumpPacket(DirectionRecv, protocol, pkt, nil) e.Endpoint.DeliverNetworkPacket(protocol, pkt) } -func (e *endpoint) dumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) { +// DumpPacket logs a packet, depending on configuration, to stderr and/or a +// pcap file. ts is an optional timestamp for the packet. +func (e *Endpoint) DumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer, ts *time.Time) { writer := e.writer if LogPackets.Load() == 1 { LogPacket(e.logPrefix, dir, protocol, pkt) } if writer != nil && LogPacketsToPCAP.Load() == 1 { packet := pcapPacket{ - timestamp: time.Now(), packet: pkt, maxCaptureLen: int(e.maxPCAPLen), } + if ts == nil { + packet.timestamp = time.Now() + } else { + packet.timestamp = *ts + } b, err := packet.MarshalBinary() if err != nil { panic(err) @@ -163,9 +182,9 @@ func (e *endpoint) dumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumbe // WritePackets implements the stack.LinkEndpoint interface. It is called by // higher-level protocols to write packets; it just logs the packet and // forwards the request to the lower endpoint. -func (e *endpoint) WritePackets(pkts stack.PacketBufferList) (int, tcpip.Error) { +func (e *Endpoint) WritePackets(pkts stack.PacketBufferList) (int, tcpip.Error) { for _, pkt := range pkts.AsSlice() { - e.dumpPacket(DirectionSend, pkt.NetworkProtocolNumber, pkt) + e.DumpPacket(DirectionSend, pkt.NetworkProtocolNumber, pkt, nil) } return e.Endpoint.WritePackets(pkts) } @@ -181,16 +200,6 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe var fragmentOffset uint16 var moreFragments bool - var directionPrefix string - switch dir { - case DirectionSend: - directionPrefix = "send" - case DirectionRecv: - directionPrefix = "recv" - default: - panic(fmt.Sprintf("unrecognized direction: %d", dir)) - } - clone := trimmedClone(pkt) defer clone.DecRef() switch protocol { @@ -232,14 +241,14 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe log.Infof( "%s%s arp %s (%s) -> %s (%s) valid:%t", prefix, - directionPrefix, + dir, tcpip.AddrFromSlice(arp.ProtocolAddressSender()), tcpip.LinkAddress(arp.HardwareAddressSender()), tcpip.AddrFromSlice(arp.ProtocolAddressTarget()), tcpip.LinkAddress(arp.HardwareAddressTarget()), arp.IsValid(), ) return default: - log.Infof("%s%s unknown network protocol: %d", prefix, directionPrefix, protocol) + log.Infof("%s%s unknown network protocol: %d", prefix, dir, protocol) return } @@ -283,7 +292,7 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe icmpType = "info reply" } } - log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, directionPrefix, transName, src, dst, icmpType, size, id, icmp.Code()) + log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, dir, transName, src, dst, icmpType, size, id, icmp.Code()) return case header.ICMPv6ProtocolNumber: @@ -318,7 +327,7 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe case header.ICMPv6RedirectMsg: icmpType = "redirect message" } - log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, directionPrefix, transName, src, dst, icmpType, size, id, icmp.Code()) + log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, dir, transName, src, dst, icmpType, size, id, icmp.Code()) return case header.UDPProtocolNumber: @@ -359,24 +368,24 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe // Initialize the TCP flags. flags := tcp.Flags() - details = fmt.Sprintf("flags: %s seqnum: %d ack: %d win: %d xsum:0x%x", flags, tcp.SequenceNumber(), tcp.AckNumber(), tcp.WindowSize(), tcp.Checksum()) + details = fmt.Sprintf("flags:%s seqnum:%d ack:%d win:%d xsum:0x%x", flags, tcp.SequenceNumber(), tcp.AckNumber(), tcp.WindowSize(), tcp.Checksum()) if flags&header.TCPFlagSyn != 0 { - details += fmt.Sprintf(" options: %+v", header.ParseSynOptions(tcp.Options(), flags&header.TCPFlagAck != 0)) + details += fmt.Sprintf(" options:%+v", header.ParseSynOptions(tcp.Options(), flags&header.TCPFlagAck != 0)) } else { - details += fmt.Sprintf(" options: %+v", tcp.ParsedOptions()) + details += fmt.Sprintf(" options:%+v", tcp.ParsedOptions()) } } default: - log.Infof("%s%s %s -> %s unknown transport protocol: %d", prefix, directionPrefix, src, dst, transProto) + log.Infof("%s%s %s -> %s unknown transport protocol: %d", prefix, dir, src, dst, transProto) return } if pkt.GSOOptions.Type != stack.GSONone { - details += fmt.Sprintf(" gso: %#v", pkt.GSOOptions) + details += fmt.Sprintf(" gso:%#v", pkt.GSOOptions) } - log.Infof("%s%s %s %s:%d -> %s:%d len:%d id:%04x %s", prefix, directionPrefix, transName, src, srcPort, dst, dstPort, size, id, details) + log.Infof("%s%s %s %s:%d -> %s:%d len:%d id:0x%04x %s", prefix, dir, transName, src, srcPort, dst, dstPort, size, id, details) } // trimmedClone clones the packet buffer to not modify the original. It trims diff --git a/vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer_state_autogen.go b/vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer_state_autogen.go index 169e7b7a4..ed843f12b 100644 --- a/vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer_state_autogen.go +++ b/vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer_state_autogen.go @@ -8,11 +8,11 @@ import ( "gvisor.dev/gvisor/pkg/state" ) -func (e *endpoint) StateTypeName() string { - return "pkg/tcpip/link/sniffer.endpoint" +func (e *Endpoint) StateTypeName() string { + return "pkg/tcpip/link/sniffer.Endpoint" } -func (e *endpoint) StateFields() []string { +func (e *Endpoint) StateFields() []string { return []string{ "Endpoint", "writer", @@ -21,10 +21,10 @@ func (e *endpoint) StateFields() []string { } } -func (e *endpoint) beforeSave() {} +func (e *Endpoint) beforeSave() {} // +checklocksignore -func (e *endpoint) StateSave(stateSinkObject state.Sink) { +func (e *Endpoint) StateSave(stateSinkObject state.Sink) { e.beforeSave() stateSinkObject.Save(0, &e.Endpoint) stateSinkObject.Save(1, &e.writer) @@ -32,10 +32,10 @@ func (e *endpoint) StateSave(stateSinkObject state.Sink) { stateSinkObject.Save(3, &e.logPrefix) } -func (e *endpoint) afterLoad(context.Context) {} +func (e *Endpoint) afterLoad(context.Context) {} // +checklocksignore -func (e *endpoint) StateLoad(ctx context.Context, stateSourceObject state.Source) { +func (e *Endpoint) StateLoad(ctx context.Context, stateSourceObject state.Source) { stateSourceObject.Load(0, &e.Endpoint) stateSourceObject.Load(1, &e.writer) stateSourceObject.Load(2, &e.maxPCAPLen) @@ -43,5 +43,5 @@ func (e *endpoint) StateLoad(ctx context.Context, stateSourceObject state.Source } func init() { - state.Register((*endpoint)(nil)) + state.Register((*Endpoint)(nil)) } diff --git a/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/addressable_endpoint_state.go b/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/addressable_endpoint_state.go index c0290ca6a..bb2e0faf0 100644 --- a/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/addressable_endpoint_state.go +++ b/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/addressable_endpoint_state.go @@ -41,10 +41,12 @@ type AddressableEndpointState struct { // AddressableEndpointState.mu // addressState.mu mu addressableEndpointStateRWMutex `state:"nosave"` + // TODO(b/361075310): Enable s/r for the below fields. + // // +checklocks:mu - endpoints map[tcpip.Address]*addressState + endpoints map[tcpip.Address]*addressState `state:"nosave"` // +checklocks:mu - primary []*addressState + primary []*addressState `state:"nosave"` } // AddressableEndpointStateOptions contains options used to configure an diff --git a/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/stack_state_autogen.go b/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/stack_state_autogen.go index 13cd3771b..b3f89110d 100644 --- a/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/stack_state_autogen.go +++ b/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/stack_state_autogen.go @@ -40,8 +40,6 @@ func (a *AddressableEndpointState) StateFields() []string { return []string{ "networkEndpoint", "options", - "endpoints", - "primary", } } @@ -52,8 +50,6 @@ func (a *AddressableEndpointState) StateSave(stateSinkObject state.Sink) { a.beforeSave() stateSinkObject.Save(0, &a.networkEndpoint) stateSinkObject.Save(1, &a.options) - stateSinkObject.Save(2, &a.endpoints) - stateSinkObject.Save(3, &a.primary) } func (a *AddressableEndpointState) afterLoad(context.Context) {} @@ -62,8 +58,6 @@ func (a *AddressableEndpointState) afterLoad(context.Context) {} func (a *AddressableEndpointState) StateLoad(ctx context.Context, stateSourceObject state.Source) { stateSourceObject.Load(0, &a.networkEndpoint) stateSourceObject.Load(1, &a.options) - stateSourceObject.Load(2, &a.endpoints) - stateSourceObject.Load(3, &a.primary) } func (a *AddressableEndpointStateOptions) StateTypeName() string { diff --git a/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/connect.go b/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/connect.go index 7de3fe9e4..4125af98c 100644 --- a/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/connect.go +++ b/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/connect.go @@ -30,15 +30,22 @@ import ( "gvisor.dev/gvisor/pkg/waiter" ) -// InitialRTO is the initial retransmission timeout. -// https://github.com/torvalds/linux/blob/7c636d4d20f/include/net/tcp.h#L142 -const InitialRTO = time.Second - -// maxSegmentsPerWake is the maximum number of segments to process in the main -// protocol goroutine per wake-up. Yielding [after this number of segments are -// processed] allows other events to be processed as well (e.g., timeouts, -// resets, etc.). -const maxSegmentsPerWake = 100 +const ( + // tcpMinTimeout is the minimum timeout for a SYN retransmit. + // This mirrors the TCP_TIMEOUT_MIN variable in Linux. + // See: https://github.com/torvalds/linux/blob/249aca0d3d631660aa3583c6a3559b75b6e971b4/include/net/tcp.h#L143 + tcpMinTimeout = 2 * time.Microsecond + + // InitialRTO is the initial retransmission timeout. + // https://github.com/torvalds/linux/blob/7c636d4d20f/include/net/tcp.h#L142 + InitialRTO = time.Second + + // maxSegmentsPerWake is the maximum number of segments to process in the main + // protocol goroutine per wake-up. Yielding [after this number of segments are + // processed] allows other events to be processed as well (e.g., timeouts, + // resets, etc.). + maxSegmentsPerWake = 100 +) type handshakeState int @@ -297,6 +304,9 @@ func (h *handshake) synSentState(s *segment) tcpip.Error { // // and send it. h.ep.sendEmptyRaw(header.TCPFlagRst, s.ackNumber, 0, 0) + // Since this was a challenge ACK reschedule the retransmit timer to fire + // soon so that the SYN is retransmitted quickly. + h.retransmitTimer.reinit(tcpMinTimeout) return nil } @@ -701,6 +711,11 @@ func (bt *backoffTimer) reset() tcpip.Error { return nil } +func (bt *backoffTimer) reinit(timeout time.Duration) { + bt.timeout = timeout + bt.t.Reset(bt.timeout) +} + func (bt *backoffTimer) stop() { bt.t.Stop() } diff --git a/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/protocol.go b/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/protocol.go index e3f760b04..73829ac48 100644 --- a/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/protocol.go +++ b/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/protocol.go @@ -364,7 +364,7 @@ func (p *protocol) SetOption(option tcpip.SettableTransportProtocolOption) tcpip return nil case *tcpip.TCPSynRetriesOption: - if *v < 1 || *v > 255 { + if *v < 1 { return &tcpip.ErrInvalidOptionValue{} } p.mu.Lock() diff --git a/vendor/modules.txt b/vendor/modules.txt index 5f2dbc45c..404a7e972 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -233,7 +233,7 @@ gopkg.in/tomb.v1 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121 +# gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f ## explicit; go 1.22.0 gvisor.dev/gvisor/pkg/atomicbitops gvisor.dev/gvisor/pkg/bits