Merge pull request #410 from AkihiroSuda/gvisor

Update to gvisor release-20240916.0

Author: openshift-merge-bot[bot]

go.mod

@@ -28,7 +28,7 @@ require (
 	golang.org/x/crypto v0.28.0
 	golang.org/x/sync v0.8.0
 	golang.org/x/sys v0.26.0
-	gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121
+	gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f
 )
 
 require (

go.sum

@@ -4,7 +4,6 @@ github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4t
 github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
 github.com/areYouLazy/libhosty v1.1.0 h1:kO6UTk9z72cHW28A/V1kKi7C8iKQGqINiVGXp+05Eao=
 github.com/areYouLazy/libhosty v1.1.0/go.mod h1:dV4ir3feRrTbWdcJ21mt3MeZlASg0sc8db6nimL9GOA=
-github.com/armon/go-proxyproto v0.0.0-20210323213023-7e956b284f0a/go.mod h1:QmP9hvJ91BbJmGVGSbutW19IC0Q9phDCLGaomwTJbgU=
 github.com/containers/winquit v1.1.0 h1:jArun04BNDQvt2W0Y78kh9TazN2EIEMG5Im6/JY7+pE=
 github.com/containers/winquit v1.1.0/go.mod h1:PsPeZlnbkmGGIToMPHF1zhWjBUkd8aHjMOr/vFcPxw8=
 github.com/coreos/stream-metadata-go v0.4.4 h1:PM/6iNhofKGydsatiY1zdnMMHBT34skb5P7nfEFR4GU=
@@ -43,8 +42,6 @@ github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo
 github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA=
 github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626 h1:oeu2cpk2bBlSgMQiSQIBJ8+FZsTqMG9fwdPez/weEbk=
-github.com/inetaf/tcpproxy v0.0.0-20221017015627-91f861402626/go.mod h1:Tojt5kmHpDIR2jMojxzZK2w2ZR7OILODmUo2gaSwjrk=
 github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9 h1:LZJWucZz7ztCqY6Jsu7N9g124iJ2kt/O62j3+UchZFg=
 github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=
 github.com/josharian/native v1.1.0 h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
@@ -177,5 +174,5 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121 h1:2Vd3QUoPYevmDp3S7jUQgxEzdeMlDh8pYFELopFXn3w=
-gvisor.dev/gvisor v0.0.0-20240826182512-9f3309e5b121/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU=
+gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f h1:O2w2DymsOlM/nv2pLNWCMCYOldgBBMkD7H0/prN5W2k=
+gvisor.dev/gvisor v0.0.0-20240916094835-a174eb65023f/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU=

vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go

@@ -394,6 +394,7 @@ type Waker struct {
 	allWakersNext *Waker
 }
 
+// +stateify savable
 type wakerState struct {
 	asserted bool
 	other    *Sleeper

vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe_state_autogen.go

@@ -74,7 +74,36 @@ func (w *Waker) StateLoad(ctx context.Context, stateSourceObject state.Source) {
 	stateSourceObject.LoadValue(0, new(wakerState), func(y any) { w.loadS(ctx, y.(wakerState)) })
 }
 
+func (w *wakerState) StateTypeName() string {
+	return "pkg/sleep.wakerState"
+}
+
+func (w *wakerState) StateFields() []string {
+	return []string{
+		"asserted",
+		"other",
+	}
+}
+
+func (w *wakerState) beforeSave() {}
+
+// +checklocksignore
+func (w *wakerState) StateSave(stateSinkObject state.Sink) {
+	w.beforeSave()
+	stateSinkObject.Save(0, &w.asserted)
+	stateSinkObject.Save(1, &w.other)
+}
+
+func (w *wakerState) afterLoad(context.Context) {}
+
+// +checklocksignore
+func (w *wakerState) StateLoad(ctx context.Context, stateSourceObject state.Source) {
+	stateSourceObject.Load(0, &w.asserted)
+	stateSourceObject.Load(1, &w.other)
+}
+
 func init() {
 	state.Register((*Sleeper)(nil))
 	state.Register((*Waker)(nil))
+	state.Register((*wakerState)(nil))
 }

vendor/gvisor.dev/gvisor/pkg/state/wire/wire.go

@@ -58,17 +58,8 @@ func (r *Reader) readByte() byte {
 type Writer struct {
 	io.Writer
 
-	buf [1]byte
-}
-
-// writeByte writes a single byte to w.Writer without allocation. It panics on
-// error.
-func (w *Writer) writeByte(b byte) {
-	w.buf[0] = b
-	n, err := w.Write(w.buf[:])
-	if n != 1 {
-		panic(err)
-	}
+	// buf is used by Uint as a scratch buffer.
+	buf [10]byte
 }
 
 // readFull is a utility. The equivalent is not needed for Write, but the API
@@ -173,11 +164,16 @@ func loadUint(r *Reader) Uint {
 
 // save implements Object.save.
 func (u Uint) save(w *Writer) {
+	i := 0
 	for u >= 0x80 {
-		w.writeByte(byte(u) | 0x80)
+		w.buf[i] = byte(u) | 0x80
+		i++
 		u >>= 7
 	}
-	w.writeByte(byte(u))
+	w.buf[i] = byte(u)
+	if _, err := w.Write(w.buf[:i+1]); err != nil {
+		panic(err)
+	}
 }
 
 // load implements Object.load.

vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer.go

@@ -44,17 +44,19 @@ var LogPackets atomicbitops.Uint32 = atomicbitops.FromUint32(1)
 // sniffer was created for this flag to have effect.
 var LogPacketsToPCAP atomicbitops.Uint32 = atomicbitops.FromUint32(1)
 
+// Endpoint is used to sniff and log network traffic.
+//
 // +stateify savable
-type endpoint struct {
+type Endpoint struct {
 	nested.Endpoint
 	writer     io.Writer
 	maxPCAPLen uint32
 	logPrefix  string
 }
 
-var _ stack.GSOEndpoint = (*endpoint)(nil)
-var _ stack.LinkEndpoint = (*endpoint)(nil)
-var _ stack.NetworkDispatcher = (*endpoint)(nil)
+var _ stack.GSOEndpoint = (*Endpoint)(nil)
+var _ stack.LinkEndpoint = (*Endpoint)(nil)
+var _ stack.NetworkDispatcher = (*Endpoint)(nil)
 
 // A Direction indicates whether the packing is being sent or received.
 type Direction int
@@ -66,9 +68,20 @@ const (
 	DirectionRecv
 )
 
+func (dr Direction) String() string {
+	switch dr {
+	case DirectionSend:
+		return "send"
+	case DirectionRecv:
+		return "recv"
+	default:
+		panic(fmt.Sprintf("invalid Direction %d", dr))
+	}
+}
+
 // New creates a new sniffer link-layer endpoint. It wraps around another
 // endpoint and logs packets and they traverse the endpoint.
-func New(lower stack.LinkEndpoint) stack.LinkEndpoint {
+func New(lower stack.LinkEndpoint) *Endpoint {
 	return NewWithPrefix(lower, "")
 }
 
@@ -79,8 +92,8 @@ func New(lower stack.LinkEndpoint) stack.LinkEndpoint {
 // logPrefix is prepended to the log line without any separators.
 // E.g. logPrefix = "NIC:en0/" will produce log lines like
 // "NIC:en0/send udp [...]".
-func NewWithPrefix(lower stack.LinkEndpoint, logPrefix string) stack.LinkEndpoint {
-	sniffer := &endpoint{logPrefix: logPrefix}
+func NewWithPrefix(lower stack.LinkEndpoint, logPrefix string) *Endpoint {
+	sniffer := &Endpoint{logPrefix: logPrefix}
 	sniffer.Endpoint.Init(lower, sniffer)
 	return sniffer
 }
@@ -119,11 +132,11 @@ func writePCAPHeader(w io.Writer, maxLen uint32) error {
 // snapLen is the maximum amount of a packet to be saved. Packets with a length
 // less than or equal to snapLen will be saved in their entirety. Longer
 // packets will be truncated to snapLen.
-func NewWithWriter(lower stack.LinkEndpoint, writer io.Writer, snapLen uint32) (stack.LinkEndpoint, error) {
+func NewWithWriter(lower stack.LinkEndpoint, writer io.Writer, snapLen uint32) (*Endpoint, error) {
 	if err := writePCAPHeader(writer, snapLen); err != nil {
 		return nil, err
 	}
-	sniffer := &endpoint{
+	sniffer := &Endpoint{
 		writer:     writer,
 		maxPCAPLen: snapLen,
 	}
@@ -134,22 +147,28 @@ func NewWithWriter(lower stack.LinkEndpoint, writer io.Writer, snapLen uint32) (
 // DeliverNetworkPacket implements the stack.NetworkDispatcher interface. It is
 // called by the link-layer endpoint being wrapped when a packet arrives, and
 // logs the packet before forwarding to the actual dispatcher.
-func (e *endpoint) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) {
-	e.dumpPacket(DirectionRecv, protocol, pkt)
+func (e *Endpoint) DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) {
+	e.DumpPacket(DirectionRecv, protocol, pkt, nil)
 	e.Endpoint.DeliverNetworkPacket(protocol, pkt)
 }
 
-func (e *endpoint) dumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer) {
+// DumpPacket logs a packet, depending on configuration, to stderr and/or a
+// pcap file. ts is an optional timestamp for the packet.
+func (e *Endpoint) DumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumber, pkt *stack.PacketBuffer, ts *time.Time) {
 	writer := e.writer
 	if LogPackets.Load() == 1 {
 		LogPacket(e.logPrefix, dir, protocol, pkt)
 	}
 	if writer != nil && LogPacketsToPCAP.Load() == 1 {
 		packet := pcapPacket{
-			timestamp:     time.Now(),
 			packet:        pkt,
 			maxCaptureLen: int(e.maxPCAPLen),
 		}
+		if ts == nil {
+			packet.timestamp = time.Now()
+		} else {
+			packet.timestamp = *ts
+		}
 		b, err := packet.MarshalBinary()
 		if err != nil {
 			panic(err)
@@ -163,9 +182,9 @@ func (e *endpoint) dumpPacket(dir Direction, protocol tcpip.NetworkProtocolNumbe
 // WritePackets implements the stack.LinkEndpoint interface. It is called by
 // higher-level protocols to write packets; it just logs the packet and
 // forwards the request to the lower endpoint.
-func (e *endpoint) WritePackets(pkts stack.PacketBufferList) (int, tcpip.Error) {
+func (e *Endpoint) WritePackets(pkts stack.PacketBufferList) (int, tcpip.Error) {
 	for _, pkt := range pkts.AsSlice() {
-		e.dumpPacket(DirectionSend, pkt.NetworkProtocolNumber, pkt)
+		e.DumpPacket(DirectionSend, pkt.NetworkProtocolNumber, pkt, nil)
 	}
 	return e.Endpoint.WritePackets(pkts)
 }
@@ -181,16 +200,6 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe
 	var fragmentOffset uint16
 	var moreFragments bool
 
-	var directionPrefix string
-	switch dir {
-	case DirectionSend:
-		directionPrefix = "send"
-	case DirectionRecv:
-		directionPrefix = "recv"
-	default:
-		panic(fmt.Sprintf("unrecognized direction: %d", dir))
-	}
-
 	clone := trimmedClone(pkt)
 	defer clone.DecRef()
 	switch protocol {
@@ -232,14 +241,14 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe
 		log.Infof(
 			"%s%s arp %s (%s) -> %s (%s) valid:%t",
 			prefix,
-			directionPrefix,
+			dir,
 			tcpip.AddrFromSlice(arp.ProtocolAddressSender()), tcpip.LinkAddress(arp.HardwareAddressSender()),
 			tcpip.AddrFromSlice(arp.ProtocolAddressTarget()), tcpip.LinkAddress(arp.HardwareAddressTarget()),
 			arp.IsValid(),
 		)
 		return
 	default:
-		log.Infof("%s%s unknown network protocol: %d", prefix, directionPrefix, protocol)
+		log.Infof("%s%s unknown network protocol: %d", prefix, dir, protocol)
 		return
 	}
 
@@ -283,7 +292,7 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe
 				icmpType = "info reply"
 			}
 		}
-		log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, directionPrefix, transName, src, dst, icmpType, size, id, icmp.Code())
+		log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, dir, transName, src, dst, icmpType, size, id, icmp.Code())
 		return
 
 	case header.ICMPv6ProtocolNumber:
@@ -318,7 +327,7 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe
 		case header.ICMPv6RedirectMsg:
 			icmpType = "redirect message"
 		}
-		log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, directionPrefix, transName, src, dst, icmpType, size, id, icmp.Code())
+		log.Infof("%s%s %s %s -> %s %s len:%d id:%04x code:%d", prefix, dir, transName, src, dst, icmpType, size, id, icmp.Code())
 		return
 
 	case header.UDPProtocolNumber:
@@ -359,24 +368,24 @@ func LogPacket(prefix string, dir Direction, protocol tcpip.NetworkProtocolNumbe
 
 			// Initialize the TCP flags.
 			flags := tcp.Flags()
-			details = fmt.Sprintf("flags: %s seqnum: %d ack: %d win: %d xsum:0x%x", flags, tcp.SequenceNumber(), tcp.AckNumber(), tcp.WindowSize(), tcp.Checksum())
+			details = fmt.Sprintf("flags:%s seqnum:%d ack:%d win:%d xsum:0x%x", flags, tcp.SequenceNumber(), tcp.AckNumber(), tcp.WindowSize(), tcp.Checksum())
 			if flags&header.TCPFlagSyn != 0 {
-				details += fmt.Sprintf(" options: %+v", header.ParseSynOptions(tcp.Options(), flags&header.TCPFlagAck != 0))
+				details += fmt.Sprintf(" options:%+v", header.ParseSynOptions(tcp.Options(), flags&header.TCPFlagAck != 0))
 			} else {
-				details += fmt.Sprintf(" options: %+v", tcp.ParsedOptions())
+				details += fmt.Sprintf(" options:%+v", tcp.ParsedOptions())
 			}
 		}
 
 	default:
-		log.Infof("%s%s %s -> %s unknown transport protocol: %d", prefix, directionPrefix, src, dst, transProto)
+		log.Infof("%s%s %s -> %s unknown transport protocol: %d", prefix, dir, src, dst, transProto)
 		return
 	}
 
 	if pkt.GSOOptions.Type != stack.GSONone {
-		details += fmt.Sprintf(" gso: %#v", pkt.GSOOptions)
+		details += fmt.Sprintf(" gso:%#v", pkt.GSOOptions)
 	}
 
-	log.Infof("%s%s %s %s:%d -> %s:%d len:%d id:%04x %s", prefix, directionPrefix, transName, src, srcPort, dst, dstPort, size, id, details)
+	log.Infof("%s%s %s %s:%d -> %s:%d len:%d id:0x%04x %s", prefix, dir, transName, src, srcPort, dst, dstPort, size, id, details)
 }
 
 // trimmedClone clones the packet buffer to not modify the original. It trims

vendor/gvisor.dev/gvisor/pkg/tcpip/link/sniffer/sniffer_state_autogen.go

@@ -8,11 +8,11 @@ import (
 	"gvisor.dev/gvisor/pkg/state"
 )
 
-func (e *endpoint) StateTypeName() string {
-	return "pkg/tcpip/link/sniffer.endpoint"
+func (e *Endpoint) StateTypeName() string {
+	return "pkg/tcpip/link/sniffer.Endpoint"
 }
 
-func (e *endpoint) StateFields() []string {
+func (e *Endpoint) StateFields() []string {
 	return []string{
 		"Endpoint",
 		"writer",
@@ -21,27 +21,27 @@ func (e *endpoint) StateFields() []string {
 	}
 }
 
-func (e *endpoint) beforeSave() {}
+func (e *Endpoint) beforeSave() {}
 
 // +checklocksignore
-func (e *endpoint) StateSave(stateSinkObject state.Sink) {
+func (e *Endpoint) StateSave(stateSinkObject state.Sink) {
 	e.beforeSave()
 	stateSinkObject.Save(0, &e.Endpoint)
 	stateSinkObject.Save(1, &e.writer)
 	stateSinkObject.Save(2, &e.maxPCAPLen)
 	stateSinkObject.Save(3, &e.logPrefix)
 }
 
-func (e *endpoint) afterLoad(context.Context) {}
+func (e *Endpoint) afterLoad(context.Context) {}
 
 // +checklocksignore
-func (e *endpoint) StateLoad(ctx context.Context, stateSourceObject state.Source) {
+func (e *Endpoint) StateLoad(ctx context.Context, stateSourceObject state.Source) {
 	stateSourceObject.Load(0, &e.Endpoint)
 	stateSourceObject.Load(1, &e.writer)
 	stateSourceObject.Load(2, &e.maxPCAPLen)
 	stateSourceObject.Load(3, &e.logPrefix)
 }
 
 func init() {
-	state.Register((*endpoint)(nil))
+	state.Register((*Endpoint)(nil))
 }

vendor/gvisor.dev/gvisor/pkg/tcpip/stack/addressable_endpoint_state.go

@@ -41,10 +41,12 @@ type AddressableEndpointState struct {
 	// AddressableEndpointState.mu
 	//   addressState.mu
 	mu addressableEndpointStateRWMutex `state:"nosave"`
+	// TODO(b/361075310): Enable s/r for the below fields.
+	//
 	// +checklocks:mu
-	endpoints map[tcpip.Address]*addressState
+	endpoints map[tcpip.Address]*addressState `state:"nosave"`
 	// +checklocks:mu
-	primary []*addressState
+	primary []*addressState `state:"nosave"`
 }
 
 // AddressableEndpointStateOptions contains options used to configure an