[golibs] Update dependencies
- google.golang.org/api/storage: API regenerated
- google.golang.org/grpc:
https://github.com/grpc/grpc-go/releases/tag/v1.37.0
- gvisor.dev/pkg/tcpip:
+ a804b42fe Drop locks before calling waiterQueue.Notify
+ c84ff9912 Use the SecureRNG to generate listener nonces
+ 2fea7d096 Don't store accepted endpoints in a channel
+ d1edabdca iptables: support postrouting hook and SNAT target
+ dc8f6c691 Move maxListenBacklog check to sentry
+ 973ace6bd Rename IsV6LinkLocalAddress to IsV6LinkLocalUnicastAddress
+ 070b76fe7 Remove duplicate accept queue fullness check
+ 1fe5dd8c6 Propagate SYN handling error
+ 091badcb9 Do not forward link-local packets
Change-Id: I1c4a1a614170aaa7e4f4fedd116cb1cff9f8c490
Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/514063
Reviewed-by: Tamir Duberstein <tamird@google.com>
Commit-Queue: Tamir Duberstein <tamird@google.com>
Fuchsia-Auto-Submit: Tamir Duberstein <tamird@google.com>
diff --git a/src/connectivity/network/netstack/fidlconv/fidlconv.go b/src/connectivity/network/netstack/fidlconv/fidlconv.go
index 7760064..357899d 100644
--- a/src/connectivity/network/netstack/fidlconv/fidlconv.go
+++ b/src/connectivity/network/netstack/fidlconv/fidlconv.go
@@ -92,7 +92,7 @@
// scoped zone where global addresses may only be used once so zone information is not
// needed for global addresses. See RFC 4007 section 6 for more details.
var zoneIdx uint64
- if header.IsV6LinkLocalAddress(addr.Addr) || header.IsV6LinkLocalMulticastAddress(addr.Addr) {
+ if header.IsV6LinkLocalUnicastAddress(addr.Addr) || header.IsV6LinkLocalMulticastAddress(addr.Addr) {
zoneIdx = uint64(addr.NIC)
}
out.SetIpv6(net.Ipv6SocketAddress{
diff --git a/src/connectivity/network/netstack/ndp.go b/src/connectivity/network/netstack/ndp.go
index fba5700..c669856 100644
--- a/src/connectivity/network/netstack/ndp.go
+++ b/src/connectivity/network/netstack/ndp.go
@@ -221,7 +221,7 @@
// Metrics only care about dynamic global address configuration options so
// only increase the counter if we generated a global SLAAC address.
- if !header.IsV6LinkLocalAddress(addrWithPrefix.Address) {
+ if !header.IsV6LinkLocalUnicastAddress(addrWithPrefix.Address) {
n.dynamicAddressSourceObs.incGlobalSLAAC(nicID)
}
@@ -242,7 +242,7 @@
// Metrics only care about dynamic global address configuration options so
// only decrease the counter if we invalidated a global SLAAC address.
- if !header.IsV6LinkLocalAddress(addrWithPrefix.Address) {
+ if !header.IsV6LinkLocalUnicastAddress(addrWithPrefix.Address) {
n.dynamicAddressSourceObs.decGlobalSLAAC(nicID)
}
}
diff --git a/third_party/golibs/go.mod b/third_party/golibs/go.mod
index 2158a04d..f538e65 100644
--- a/third_party/golibs/go.mod
+++ b/third_party/golibs/go.mod
@@ -3,7 +3,6 @@
go 1.16
require (
- cloud.google.com/go v0.81.0 // indirect
cloud.google.com/go/storage v1.14.0
github.com/creack/pty v1.1.11
github.com/dustin/go-humanize v1.0.0
@@ -24,17 +23,16 @@
go.uber.org/multierr v1.6.0
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
golang.org/x/mod v0.4.2 // indirect
- golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
- golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602 // indirect
+ golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57
- golang.org/x/text v0.3.6 // indirect
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
gonum.org/v1/gonum v0.9.1
+ google.golang.org/api v0.44.0 // indirect
google.golang.org/genproto v0.0.0-20210406143921-e86de6bf7a46 // indirect
- google.golang.org/grpc v1.36.1
+ google.golang.org/grpc v1.37.0
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0
google.golang.org/protobuf v1.26.0
gopkg.in/yaml.v2 v2.4.0
- gvisor.dev/gvisor v0.0.0-20210408165525-a42b1fadad34
+ gvisor.dev/gvisor v0.0.0-20210412205723-5dc99694d8de
)
diff --git a/third_party/golibs/go.sum b/third_party/golibs/go.sum
index acb2c1f..27fb186 100644
--- a/third_party/golibs/go.sum
+++ b/third_party/golibs/go.sum
@@ -114,6 +114,7 @@
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/flynn/go-docopt v0.0.0-20140912013429-f6dd2ebbb31e/go.mod h1:HyVoz1Mz5Co8TFO8EupIdlcpwShBmY98dkT2xeHkvEI=
@@ -448,8 +449,8 @@
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1 h1:4qWs8cYYH6PoEFy4dfhDFgoMGkwAcETd+MmPdCPMzUc=
+golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -634,8 +635,9 @@
google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
-google.golang.org/api v0.43.0 h1:4sAyIHT6ZohtAQDoxws+ez7bROYmUlOVvsUscYCDTqA=
google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.44.0 h1:URs6qR1lAxDsqWITsQXI4ZkGiYJ5dHtRNiCpfs2OeKA=
+google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -707,8 +709,9 @@
google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
google.golang.org/grpc v1.36.0-dev.0.20210208035533-9280052d3665/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.36.1 h1:cmUfbeGKnz9+2DD/UYsMQXeqbHZqZDs4eQwW0sFOpBY=
google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.37.0 h1:uSZWeQJX5j11bIQ4AJoj+McDBo29cY1MCoC1wO3ts+c=
+google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0 h1:M1YKkFIboKNieVO5DLUEVzQfGwJD30Nv2jfUgzb5UcE=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -741,8 +744,8 @@
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
-gvisor.dev/gvisor v0.0.0-20210408165525-a42b1fadad34 h1:CiCphU0XTnxz6wggkWBGgxQgwzccuEpZNLs8HE6LqPo=
-gvisor.dev/gvisor v0.0.0-20210408165525-a42b1fadad34/go.mod h1:ucHEMlckp+S/YzKEpwwAyGBhAh807Wxq/8Erc6gFxCE=
+gvisor.dev/gvisor v0.0.0-20210412205723-5dc99694d8de h1:aEEjNgf32KBv0lwtob0++bv+MhzMWLG2WhJcLYoW+0A=
+gvisor.dev/gvisor v0.0.0-20210412205723-5dc99694d8de/go.mod h1:ucHEMlckp+S/YzKEpwwAyGBhAh807Wxq/8Erc6gFxCE=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/third_party/golibs/vendor/google.golang.org/api/storage/v1/storage-gen.go b/third_party/golibs/vendor/google.golang.org/api/storage/v1/storage-gen.go
index 5079930..27e393d 100644
--- a/third_party/golibs/vendor/google.golang.org/api/storage/v1/storage-gen.go
+++ b/third_party/golibs/vendor/google.golang.org/api/storage/v1/storage-gen.go
@@ -2400,6 +2400,11 @@
// Delete: Permanently deletes the ACL entry for the specified entity on
// the specified bucket.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
func (r *BucketAccessControlsService) Delete(bucket string, entity string) *BucketAccessControlsDeleteCall {
c := &BucketAccessControlsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -2449,7 +2454,7 @@
func (c *BucketAccessControlsDeleteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -2538,6 +2543,11 @@
// Get: Returns the ACL entry for the specified entity on the specified
// bucket.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
func (r *BucketAccessControlsService) Get(bucket string, entity string) *BucketAccessControlsGetCall {
c := &BucketAccessControlsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -2597,7 +2607,7 @@
func (c *BucketAccessControlsGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -2715,6 +2725,8 @@
}
// Insert: Creates a new ACL entry on the specified bucket.
+//
+// - bucket: Name of a bucket.
func (r *BucketAccessControlsService) Insert(bucket string, bucketaccesscontrol *BucketAccessControl) *BucketAccessControlsInsertCall {
c := &BucketAccessControlsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -2764,7 +2776,7 @@
func (c *BucketAccessControlsInsertCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -2879,6 +2891,8 @@
}
// List: Retrieves ACL entries on the specified bucket.
+//
+// - bucket: Name of a bucket.
func (r *BucketAccessControlsService) List(bucket string) *BucketAccessControlsListCall {
c := &BucketAccessControlsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -2937,7 +2951,7 @@
func (c *BucketAccessControlsListCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -3048,6 +3062,11 @@
}
// Patch: Patches an ACL entry on the specified bucket.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
func (r *BucketAccessControlsService) Patch(bucket string, entity string, bucketaccesscontrol *BucketAccessControl) *BucketAccessControlsPatchCall {
c := &BucketAccessControlsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -3098,7 +3117,7 @@
func (c *BucketAccessControlsPatchCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -3222,6 +3241,11 @@
}
// Update: Updates an ACL entry on the specified bucket.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
func (r *BucketAccessControlsService) Update(bucket string, entity string, bucketaccesscontrol *BucketAccessControl) *BucketAccessControlsUpdateCall {
c := &BucketAccessControlsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -3272,7 +3296,7 @@
func (c *BucketAccessControlsUpdateCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -3394,6 +3418,8 @@
}
// Delete: Permanently deletes an empty bucket.
+//
+// - bucket: Name of a bucket.
func (r *BucketsService) Delete(bucket string) *BucketsDeleteCall {
c := &BucketsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -3458,7 +3484,7 @@
func (c *BucketsDeleteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -3550,6 +3576,8 @@
}
// Get: Returns metadata for the specified bucket.
+//
+// - bucket: Name of a bucket.
func (r *BucketsService) Get(bucket string) *BucketsGetCall {
c := &BucketsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -3637,7 +3665,7 @@
func (c *BucketsGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -3775,6 +3803,8 @@
}
// GetIamPolicy: Returns an IAM policy for the specified bucket.
+//
+// - bucket: Name of a bucket.
func (r *BucketsService) GetIamPolicy(bucket string) *BucketsGetIamPolicyCall {
c := &BucketsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -3843,7 +3873,7 @@
func (c *BucketsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -3959,6 +3989,8 @@
}
// Insert: Creates a new bucket.
+//
+// - project: A valid API project identifier.
func (r *BucketsService) Insert(projectid string, bucket *Bucket) *BucketsInsertCall {
c := &BucketsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.urlParams_.Set("project", projectid)
@@ -4060,7 +4092,7 @@
func (c *BucketsInsertCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -4225,6 +4257,8 @@
}
// List: Retrieves a list of buckets for a given project.
+//
+// - project: A valid API project identifier.
func (r *BucketsService) List(projectid string) *BucketsListCall {
c := &BucketsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.urlParams_.Set("project", projectid)
@@ -4317,7 +4351,7 @@
func (c *BucketsListCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -4478,6 +4512,10 @@
}
// LockRetentionPolicy: Locks retention policy on a bucket.
+//
+// - bucket: Name of a bucket.
+// - ifMetagenerationMatch: Makes the operation conditional on whether
+// bucket's current metageneration matches the given value.
func (r *BucketsService) LockRetentionPolicy(bucket string, ifMetagenerationMatch int64) *BucketsLockRetentionPolicyCall {
c := &BucketsLockRetentionPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -4527,7 +4565,7 @@
func (c *BucketsLockRetentionPolicyCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -4645,6 +4683,8 @@
// Patch: Patches a bucket. Changes to the bucket will be readable
// immediately after writing, but configuration changes may take time to
// propagate.
+//
+// - bucket: Name of a bucket.
func (r *BucketsService) Patch(bucket string, bucket2 *Bucket) *BucketsPatchCall {
c := &BucketsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -4762,7 +4802,7 @@
func (c *BucketsPatchCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -4942,6 +4982,8 @@
}
// SetIamPolicy: Updates an IAM policy for the specified bucket.
+//
+// - bucket: Name of a bucket.
func (r *BucketsService) SetIamPolicy(bucket string, policy *Policy) *BucketsSetIamPolicyCall {
c := &BucketsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -4991,7 +5033,7 @@
func (c *BucketsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -5107,6 +5149,9 @@
// TestIamPermissions: Tests a set of permissions on the given bucket to
// see which, if any, are held by the caller.
+//
+// - bucket: Name of a bucket.
+// - permissions: Permissions to test.
func (r *BucketsService) TestIamPermissions(bucket string, permissions []string) *BucketsTestIamPermissionsCall {
c := &BucketsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -5166,7 +5211,7 @@
func (c *BucketsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -5289,6 +5334,8 @@
// Update: Updates a bucket. Changes to the bucket will be readable
// immediately after writing, but configuration changes may take time to
// propagate.
+//
+// - bucket: Name of a bucket.
func (r *BucketsService) Update(bucket string, bucket2 *Bucket) *BucketsUpdateCall {
c := &BucketsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -5406,7 +5453,7 @@
func (c *BucketsUpdateCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -5618,7 +5665,7 @@
func (c *ChannelsStopCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -5686,6 +5733,11 @@
// Delete: Permanently deletes the default object ACL entry for the
// specified entity on the specified bucket.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
func (r *DefaultObjectAccessControlsService) Delete(bucket string, entity string) *DefaultObjectAccessControlsDeleteCall {
c := &DefaultObjectAccessControlsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -5735,7 +5787,7 @@
func (c *DefaultObjectAccessControlsDeleteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -5824,6 +5876,11 @@
// Get: Returns the default object ACL entry for the specified entity on
// the specified bucket.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
func (r *DefaultObjectAccessControlsService) Get(bucket string, entity string) *DefaultObjectAccessControlsGetCall {
c := &DefaultObjectAccessControlsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -5883,7 +5940,7 @@
func (c *DefaultObjectAccessControlsGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -6002,6 +6059,8 @@
// Insert: Creates a new default object ACL entry on the specified
// bucket.
+//
+// - bucket: Name of a bucket.
func (r *DefaultObjectAccessControlsService) Insert(bucket string, objectaccesscontrol *ObjectAccessControl) *DefaultObjectAccessControlsInsertCall {
c := &DefaultObjectAccessControlsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -6051,7 +6110,7 @@
func (c *DefaultObjectAccessControlsInsertCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -6166,6 +6225,8 @@
}
// List: Retrieves default object ACL entries on the specified bucket.
+//
+// - bucket: Name of a bucket.
func (r *DefaultObjectAccessControlsService) List(bucket string) *DefaultObjectAccessControlsListCall {
c := &DefaultObjectAccessControlsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -6241,7 +6302,7 @@
func (c *DefaultObjectAccessControlsListCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -6364,6 +6425,11 @@
}
// Patch: Patches a default object ACL entry on the specified bucket.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
func (r *DefaultObjectAccessControlsService) Patch(bucket string, entity string, objectaccesscontrol *ObjectAccessControl) *DefaultObjectAccessControlsPatchCall {
c := &DefaultObjectAccessControlsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -6414,7 +6480,7 @@
func (c *DefaultObjectAccessControlsPatchCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -6538,6 +6604,11 @@
}
// Update: Updates a default object ACL entry on the specified bucket.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
func (r *DefaultObjectAccessControlsService) Update(bucket string, entity string, objectaccesscontrol *ObjectAccessControl) *DefaultObjectAccessControlsUpdateCall {
c := &DefaultObjectAccessControlsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -6588,7 +6659,7 @@
func (c *DefaultObjectAccessControlsUpdateCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -6711,6 +6782,9 @@
}
// Delete: Permanently deletes a notification subscription.
+//
+// - bucket: The parent bucket of the notification.
+// - notification: ID of the notification to delete.
func (r *NotificationsService) Delete(bucket string, notification string) *NotificationsDeleteCall {
c := &NotificationsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -6760,7 +6834,7 @@
func (c *NotificationsDeleteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -6849,6 +6923,9 @@
}
// Get: View a notification configuration.
+//
+// - bucket: The parent bucket of the notification.
+// - notification: Notification ID.
func (r *NotificationsService) Get(bucket string, notification string) *NotificationsGetCall {
c := &NotificationsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -6908,7 +6985,7 @@
func (c *NotificationsGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -7029,6 +7106,8 @@
}
// Insert: Creates a notification subscription for a given bucket.
+//
+// - bucket: The parent bucket of the notification.
func (r *NotificationsService) Insert(bucket string, notification *Notification) *NotificationsInsertCall {
c := &NotificationsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -7078,7 +7157,7 @@
func (c *NotificationsInsertCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -7195,6 +7274,8 @@
// List: Retrieves a list of notification subscriptions for a given
// bucket.
+//
+// - bucket: Name of a Google Cloud Storage bucket.
func (r *NotificationsService) List(bucket string) *NotificationsListCall {
c := &NotificationsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -7253,7 +7334,7 @@
func (c *NotificationsListCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -7368,6 +7449,13 @@
// Delete: Permanently deletes the ACL entry for the specified entity on
// the specified object.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectAccessControlsService) Delete(bucket string, object string, entity string) *ObjectAccessControlsDeleteCall {
c := &ObjectAccessControlsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -7426,7 +7514,7 @@
func (c *ObjectAccessControlsDeleteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -7530,6 +7618,13 @@
// Get: Returns the ACL entry for the specified entity on the specified
// object.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectAccessControlsService) Get(bucket string, object string, entity string) *ObjectAccessControlsGetCall {
c := &ObjectAccessControlsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -7598,7 +7693,7 @@
func (c *ObjectAccessControlsGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -7731,6 +7826,10 @@
}
// Insert: Creates a new ACL entry on the specified object.
+//
+// - bucket: Name of a bucket.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectAccessControlsService) Insert(bucket string, object string, objectaccesscontrol *ObjectAccessControl) *ObjectAccessControlsInsertCall {
c := &ObjectAccessControlsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -7789,7 +7888,7 @@
func (c *ObjectAccessControlsInsertCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -7919,6 +8018,10 @@
}
// List: Retrieves ACL entries on the specified object.
+//
+// - bucket: Name of a bucket.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectAccessControlsService) List(bucket string, object string) *ObjectAccessControlsListCall {
c := &ObjectAccessControlsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -7986,7 +8089,7 @@
func (c *ObjectAccessControlsListCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -8112,6 +8215,13 @@
}
// Patch: Patches an ACL entry on the specified object.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectAccessControlsService) Patch(bucket string, object string, entity string, objectaccesscontrol *ObjectAccessControl) *ObjectAccessControlsPatchCall {
c := &ObjectAccessControlsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -8171,7 +8281,7 @@
func (c *ObjectAccessControlsPatchCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -8310,6 +8420,13 @@
}
// Update: Updates an ACL entry on the specified object.
+//
+// - bucket: Name of a bucket.
+// - entity: The entity holding the permission. Can be user-userId,
+// user-emailAddress, group-groupId, group-emailAddress, allUsers, or
+// allAuthenticatedUsers.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectAccessControlsService) Update(bucket string, object string, entity string, objectaccesscontrol *ObjectAccessControl) *ObjectAccessControlsUpdateCall {
c := &ObjectAccessControlsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -8369,7 +8486,7 @@
func (c *ObjectAccessControlsUpdateCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -8508,6 +8625,12 @@
// Compose: Concatenates a list of existing objects into a new object in
// the same bucket.
+//
+// - destinationBucket: Name of the bucket containing the source
+// objects. The destination object is stored in this bucket.
+// - destinationObject: Name of the new object. For information about
+// how to URL encode object names to be path safe, see Encoding URI
+// Path Parts.
func (r *ObjectsService) Compose(destinationBucket string, destinationObject string, composerequest *ComposeRequest) *ObjectsComposeCall {
c := &ObjectsComposeCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.destinationBucket = destinationBucket
@@ -8606,7 +8729,7 @@
func (c *ObjectsComposeCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -8772,6 +8895,19 @@
// Copy: Copies a source object to a destination object. Optionally
// overrides metadata.
+//
+// - destinationBucket: Name of the bucket in which to store the new
+// object. Overrides the provided object metadata's bucket value, if
+// any.For information about how to URL encode object names to be path
+// safe, see Encoding URI Path Parts.
+// - destinationObject: Name of the new object. Required when the object
+// metadata is not otherwise provided. Overrides the object metadata's
+// name value, if any.
+// - sourceBucket: Name of the bucket in which to find the source
+// object.
+// - sourceObject: Name of the source object. For information about how
+// to URL encode object names to be path safe, see Encoding URI Path
+// Parts.
func (r *ObjectsService) Copy(sourceBucket string, sourceObject string, destinationBucket string, destinationObject string, object *Object) *ObjectsCopyCall {
c := &ObjectsCopyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.sourceBucket = sourceBucket
@@ -8949,7 +9085,7 @@
func (c *ObjectsCopyCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -9184,6 +9320,10 @@
// Delete: Deletes an object and its metadata. Deletions are permanent
// if versioning is not enabled for the bucket, or if the generation
// parameter is used.
+//
+// - bucket: Name of the bucket in which the object resides.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectsService) Delete(bucket string, object string) *ObjectsDeleteCall {
c := &ObjectsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -9277,7 +9417,7 @@
func (c *ObjectsDeleteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -9396,6 +9536,10 @@
}
// Get: Retrieves an object or its metadata.
+//
+// - bucket: Name of the bucket in which the object resides.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectsService) Get(bucket string, object string) *ObjectsGetCall {
c := &ObjectsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -9510,7 +9654,7 @@
func (c *ObjectsGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -9693,6 +9837,10 @@
}
// GetIamPolicy: Returns an IAM policy for the specified object.
+//
+// - bucket: Name of the bucket in which the object resides.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectsService) GetIamPolicy(bucket string, object string) *ObjectsGetIamPolicyCall {
c := &ObjectsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -9760,7 +9908,7 @@
func (c *ObjectsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -9888,6 +10036,9 @@
}
// Insert: Stores a new object and metadata.
+//
+// - bucket: Name of the bucket in which to store the new object.
+// Overrides the provided object metadata's bucket value, if any.
func (r *ObjectsService) Insert(bucket string, object *Object) *ObjectsInsertCall {
c := &ObjectsInsertCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -10077,7 +10228,7 @@
func (c *ObjectsInsertCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -10310,6 +10461,8 @@
}
// List: Retrieves a list of objects matching the criteria.
+//
+// - bucket: Name of the bucket in which to look for objects.
func (r *ObjectsService) List(bucket string) *ObjectsListCall {
c := &ObjectsListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -10450,7 +10603,7 @@
func (c *ObjectsListCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -10642,6 +10795,10 @@
}
// Patch: Patches an object's metadata.
+//
+// - bucket: Name of the bucket in which the object resides.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectsService) Patch(bucket string, object string, object2 *Object) *ObjectsPatchCall {
c := &ObjectsPatchCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -10767,7 +10924,7 @@
func (c *ObjectsPatchCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -10958,6 +11115,19 @@
// Rewrite: Rewrites a source object to a destination object. Optionally
// overrides metadata.
+//
+// - destinationBucket: Name of the bucket in which to store the new
+// object. Overrides the provided object metadata's bucket value, if
+// any.
+// - destinationObject: Name of the new object. Required when the object
+// metadata is not otherwise provided. Overrides the object metadata's
+// name value, if any. For information about how to URL encode object
+// names to be path safe, see Encoding URI Path Parts.
+// - sourceBucket: Name of the bucket in which to find the source
+// object.
+// - sourceObject: Name of the source object. For information about how
+// to URL encode object names to be path safe, see Encoding URI Path
+// Parts.
func (r *ObjectsService) Rewrite(sourceBucket string, sourceObject string, destinationBucket string, destinationObject string, object *Object) *ObjectsRewriteCall {
c := &ObjectsRewriteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.sourceBucket = sourceBucket
@@ -11159,7 +11329,7 @@
func (c *ObjectsRewriteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -11404,6 +11574,10 @@
}
// SetIamPolicy: Updates an IAM policy for the specified object.
+//
+// - bucket: Name of the bucket in which the object resides.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectsService) SetIamPolicy(bucket string, object string, policy *Policy) *ObjectsSetIamPolicyCall {
c := &ObjectsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -11462,7 +11636,7 @@
func (c *ObjectsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -11594,6 +11768,11 @@
// TestIamPermissions: Tests a set of permissions on the given object to
// see which, if any, are held by the caller.
+//
+// - bucket: Name of the bucket in which the object resides.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
+// - permissions: Permissions to test.
func (r *ObjectsService) TestIamPermissions(bucket string, object string, permissions []string) *ObjectsTestIamPermissionsCall {
c := &ObjectsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -11662,7 +11841,7 @@
func (c *ObjectsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -11798,6 +11977,10 @@
}
// Update: Updates an object's metadata.
+//
+// - bucket: Name of the bucket in which the object resides.
+// - object: Name of the object. For information about how to URL encode
+// object names to be path safe, see Encoding URI Path Parts.
func (r *ObjectsService) Update(bucket string, object string, object2 *Object) *ObjectsUpdateCall {
c := &ObjectsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -11923,7 +12106,7 @@
func (c *ObjectsUpdateCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -12110,6 +12293,8 @@
}
// WatchAll: Watch for changes on all objects in a bucket.
+//
+// - bucket: Name of the bucket in which to look for objects.
func (r *ObjectsService) WatchAll(bucket string, channel *Channel) *ObjectsWatchAllCall {
c := &ObjectsWatchAllCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.bucket = bucket
@@ -12241,7 +12426,7 @@
func (c *ObjectsWatchAllCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -12416,6 +12601,9 @@
}
// Create: Creates a new HMAC key for the specified service account.
+//
+// - projectId: Project ID owning the service account.
+// - serviceAccountEmail: Email address of the service account.
func (r *ProjectsHmacKeysService) Create(projectId string, serviceAccountEmail string) *ProjectsHmacKeysCreateCall {
c := &ProjectsHmacKeysCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.projectId = projectId
@@ -12457,7 +12645,7 @@
func (c *ProjectsHmacKeysCreateCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -12566,6 +12754,9 @@
}
// Delete: Deletes an HMAC key.
+//
+// - accessId: Name of the HMAC key to be deleted.
+// - projectId: Project ID owning the requested key.
func (r *ProjectsHmacKeysService) Delete(projectId string, accessId string) *ProjectsHmacKeysDeleteCall {
c := &ProjectsHmacKeysDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.projectId = projectId
@@ -12607,7 +12798,7 @@
func (c *ProjectsHmacKeysDeleteCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -12691,6 +12882,10 @@
}
// Get: Retrieves an HMAC key's metadata
+//
+// - accessId: Name of the HMAC key.
+// - projectId: Project ID owning the service account of the requested
+// key.
func (r *ProjectsHmacKeysService) Get(projectId string, accessId string) *ProjectsHmacKeysGetCall {
c := &ProjectsHmacKeysGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.projectId = projectId
@@ -12742,7 +12937,7 @@
func (c *ProjectsHmacKeysGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -12857,6 +13052,8 @@
}
// List: Retrieves a list of HMAC keys matching the criteria.
+//
+// - projectId: Name of the project in which to look for HMAC keys.
func (r *ProjectsHmacKeysService) List(projectId string) *ProjectsHmacKeysListCall {
c := &ProjectsHmacKeysListCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.projectId = projectId
@@ -12942,7 +13139,7 @@
func (c *ProjectsHmacKeysListCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -13095,6 +13292,10 @@
// Update: Updates the state of an HMAC key. See the HMAC Key resource
// descriptor for valid states.
+//
+// - accessId: Name of the HMAC key being updated.
+// - projectId: Project ID owning the service account of the updated
+// key.
func (r *ProjectsHmacKeysService) Update(projectId string, accessId string, hmackeymetadata *HmacKeyMetadata) *ProjectsHmacKeysUpdateCall {
c := &ProjectsHmacKeysUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.projectId = projectId
@@ -13137,7 +13338,7 @@
func (c *ProjectsHmacKeysUpdateCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
@@ -13256,6 +13457,8 @@
// Get: Get the email address of this project's Google Cloud Storage
// service account.
+//
+// - projectId: Project ID.
func (r *ProjectsServiceAccountService) Get(projectId string) *ProjectsServiceAccountGetCall {
c := &ProjectsServiceAccountGetCall{s: r.s, urlParams_: make(gensupport.URLParams)}
c.projectId = projectId
@@ -13314,7 +13517,7 @@
func (c *ProjectsServiceAccountGetCall) doRequest(alt string) (*http.Response, error) {
reqHeaders := make(http.Header)
- reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210322")
+ reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210406")
for k, v := range c.header_ {
reqHeaders[k] = v
}
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/balancer/balancer.go b/third_party/golibs/vendor/google.golang.org/grpc/balancer/balancer.go
index 788759b..ab531f4 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/balancer/balancer.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/balancer/balancer.go
@@ -101,6 +101,9 @@
// a new connection will be created.
//
// This will trigger a state transition for the SubConn.
+ //
+ // Deprecated: This method is now part of the ClientConn interface and will
+ // eventually be removed from here.
UpdateAddresses([]resolver.Address)
// Connect starts the connecting for this SubConn.
Connect()
@@ -143,6 +146,13 @@
// RemoveSubConn removes the SubConn from ClientConn.
// The SubConn will be shutdown.
RemoveSubConn(SubConn)
+ // UpdateAddresses updates the addresses used in the passed in SubConn.
+ // gRPC checks if the currently connected address is still in the new list.
+ // If so, the connection will be kept. Else, the connection will be
+ // gracefully closed, and a new connection will be created.
+ //
+ // This will trigger a state transition for the SubConn.
+ UpdateAddresses(SubConn, []resolver.Address)
// UpdateState notifies gRPC that the balancer's internal state has
// changed.
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/balancer/base/balancer.go b/third_party/golibs/vendor/google.golang.org/grpc/balancer/base/balancer.go
index e0d3428..c883efa 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/balancer/base/balancer.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/balancer/base/balancer.go
@@ -22,6 +22,7 @@
"errors"
"fmt"
+ "google.golang.org/grpc/attributes"
"google.golang.org/grpc/balancer"
"google.golang.org/grpc/connectivity"
"google.golang.org/grpc/grpclog"
@@ -41,7 +42,7 @@
cc: cc,
pickerBuilder: bb.pickerBuilder,
- subConns: make(map[resolver.Address]balancer.SubConn),
+ subConns: make(map[resolver.Address]subConnInfo),
scStates: make(map[balancer.SubConn]connectivity.State),
csEvltr: &balancer.ConnectivityStateEvaluator{},
config: bb.config,
@@ -57,6 +58,11 @@
return bb.name
}
+type subConnInfo struct {
+ subConn balancer.SubConn
+ attrs *attributes.Attributes
+}
+
type baseBalancer struct {
cc balancer.ClientConn
pickerBuilder PickerBuilder
@@ -64,7 +70,7 @@
csEvltr *balancer.ConnectivityStateEvaluator
state connectivity.State
- subConns map[resolver.Address]balancer.SubConn // `attributes` is stripped from the keys of this map (the addresses)
+ subConns map[resolver.Address]subConnInfo // `attributes` is stripped from the keys of this map (the addresses)
scStates map[balancer.SubConn]connectivity.State
picker balancer.Picker
config Config
@@ -114,7 +120,7 @@
aNoAttrs := a
aNoAttrs.Attributes = nil
addrsSet[aNoAttrs] = struct{}{}
- if sc, ok := b.subConns[aNoAttrs]; !ok {
+ if scInfo, ok := b.subConns[aNoAttrs]; !ok {
// a is a new address (not existing in b.subConns).
//
// When creating SubConn, the original address with attributes is
@@ -125,7 +131,7 @@
logger.Warningf("base.baseBalancer: failed to create new SubConn: %v", err)
continue
}
- b.subConns[aNoAttrs] = sc
+ b.subConns[aNoAttrs] = subConnInfo{subConn: sc, attrs: a.Attributes}
b.scStates[sc] = connectivity.Idle
sc.Connect()
} else {
@@ -135,13 +141,15 @@
// The SubConn does a reflect.DeepEqual of the new and old
// addresses. So this is a noop if the current address is the same
// as the old one (including attributes).
- sc.UpdateAddresses([]resolver.Address{a})
+ scInfo.attrs = a.Attributes
+ b.subConns[aNoAttrs] = scInfo
+ b.cc.UpdateAddresses(scInfo.subConn, []resolver.Address{a})
}
}
- for a, sc := range b.subConns {
+ for a, scInfo := range b.subConns {
// a was removed by resolver.
if _, ok := addrsSet[a]; !ok {
- b.cc.RemoveSubConn(sc)
+ b.cc.RemoveSubConn(scInfo.subConn)
delete(b.subConns, a)
// Keep the state of this sc in b.scStates until sc's state becomes Shutdown.
// The entry will be deleted in UpdateSubConnState.
@@ -184,9 +192,10 @@
readySCs := make(map[balancer.SubConn]SubConnInfo)
// Filter out all ready SCs from full subConn map.
- for addr, sc := range b.subConns {
- if st, ok := b.scStates[sc]; ok && st == connectivity.Ready {
- readySCs[sc] = SubConnInfo{Address: addr}
+ for addr, scInfo := range b.subConns {
+ if st, ok := b.scStates[scInfo.subConn]; ok && st == connectivity.Ready {
+ addr.Attributes = scInfo.attrs
+ readySCs[scInfo.subConn] = SubConnInfo{Address: addr}
}
}
b.picker = b.pickerBuilder.Build(PickerBuildInfo{ReadySCs: readySCs})
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/balancer_conn_wrappers.go b/third_party/golibs/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
index 11e592a..41061d6 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/balancer_conn_wrappers.go
@@ -163,6 +163,14 @@
ccb.cc.removeAddrConn(acbw.getAddrConn(), errConnDrain)
}
+func (ccb *ccBalancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) {
+ acbw, ok := sc.(*acBalancerWrapper)
+ if !ok {
+ return
+ }
+ acbw.UpdateAddresses(addrs)
+}
+
func (ccb *ccBalancerWrapper) UpdateState(s balancer.State) {
ccb.mu.Lock()
defer ccb.mu.Unlock()
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/go.mod b/third_party/golibs/vendor/google.golang.org/grpc/go.mod
index cab74e55..b177cfa 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/go.mod
+++ b/third_party/golibs/vendor/google.golang.org/grpc/go.mod
@@ -4,7 +4,7 @@
require (
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403
- github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad
+ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
github.com/golang/protobuf v1.4.2
github.com/google/go-cmp v0.5.0
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/go.sum b/third_party/golibs/vendor/google.golang.org/grpc/go.sum
index 77ee70b..bb25cd4 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/go.sum
+++ b/third_party/golibs/vendor/google.golang.org/grpc/go.sum
@@ -12,8 +12,8 @@
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad h1:EmNYJhPYy0pOFjCx2PrgtaBXmee0iUX9hLlxE1xHOJE=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d h1:QyzYnTnPE15SQyUeqU6qLbWxMkwyAyu+vGksa0b7j00=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/protoc-gen-validate v0.1.0 h1:EQciDnbrYxy13PgWoY8AqoxGiPrpgBZ1R8UNe3ddc+A=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/internal/resolver/config_selector.go b/third_party/golibs/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
index e699004..5e7f367 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/internal/resolver/config_selector.go
@@ -24,6 +24,7 @@
"sync"
"google.golang.org/grpc/internal/serviceconfig"
+ "google.golang.org/grpc/metadata"
"google.golang.org/grpc/resolver"
)
@@ -51,6 +52,74 @@
Context context.Context
MethodConfig serviceconfig.MethodConfig // configuration to use for this RPC
OnCommitted func() // Called when the RPC has been committed (retries no longer possible)
+ Interceptor ClientInterceptor
+}
+
+// ClientStream is the same as grpc.ClientStream, but defined here for circular
+// dependency reasons.
+type ClientStream interface {
+ // Header returns the header metadata received from the server if there
+ // is any. It blocks if the metadata is not ready to read.
+ Header() (metadata.MD, error)
+ // Trailer returns the trailer metadata from the server, if there is any.
+ // It must only be called after stream.CloseAndRecv has returned, or
+ // stream.Recv has returned a non-nil error (including io.EOF).
+ Trailer() metadata.MD
+ // CloseSend closes the send direction of the stream. It closes the stream
+ // when non-nil error is met. It is also not safe to call CloseSend
+ // concurrently with SendMsg.
+ CloseSend() error
+ // Context returns the context for this stream.
+ //
+ // It should not be called until after Header or RecvMsg has returned. Once
+ // called, subsequent client-side retries are disabled.
+ Context() context.Context
+ // SendMsg is generally called by generated code. On error, SendMsg aborts
+ // the stream. If the error was generated by the client, the status is
+ // returned directly; otherwise, io.EOF is returned and the status of
+ // the stream may be discovered using RecvMsg.
+ //
+ // SendMsg blocks until:
+ // - There is sufficient flow control to schedule m with the transport, or
+ // - The stream is done, or
+ // - The stream breaks.
+ //
+ // SendMsg does not wait until the message is received by the server. An
+ // untimely stream closure may result in lost messages. To ensure delivery,
+ // users should ensure the RPC completed successfully using RecvMsg.
+ //
+ // It is safe to have a goroutine calling SendMsg and another goroutine
+ // calling RecvMsg on the same stream at the same time, but it is not safe
+ // to call SendMsg on the same stream in different goroutines. It is also
+ // not safe to call CloseSend concurrently with SendMsg.
+ SendMsg(m interface{}) error
+ // RecvMsg blocks until it receives a message into m or the stream is
+ // done. It returns io.EOF when the stream completes successfully. On
+ // any other error, the stream is aborted and the error contains the RPC
+ // status.
+ //
+ // It is safe to have a goroutine calling SendMsg and another goroutine
+ // calling RecvMsg on the same stream at the same time, but it is not
+ // safe to call RecvMsg on the same stream in different goroutines.
+ RecvMsg(m interface{}) error
+}
+
+// ClientInterceptor is an interceptor for gRPC client streams.
+type ClientInterceptor interface {
+ // NewStream produces a ClientStream for an RPC which may optionally use
+ // the provided function to produce a stream for delegation. Note:
+ // RPCInfo.Context should not be used (will be nil).
+ //
+ // done is invoked when the RPC is finished using its connection, or could
+ // not be assigned a connection. RPC operations may still occur on
+ // ClientStream after done is called, since the interceptor is invoked by
+ // application-layer operations. done must never be nil when called.
+ NewStream(ctx context.Context, ri RPCInfo, done func(), newStream func(ctx context.Context, done func()) (ClientStream, error)) (ClientStream, error)
+}
+
+// ServerInterceptor is unimplementable; do not use.
+type ServerInterceptor interface {
+ notDefined()
}
type csKeyType string
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http2_client.go
index 8902b7f..d5bbe72 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http2_client.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http2_client.go
@@ -414,6 +414,7 @@
buf: newRecvBuffer(),
headerChan: make(chan struct{}),
contentSubtype: callHdr.ContentSubtype,
+ doneFunc: callHdr.DoneFunc,
}
s.wq = newWriteQuota(defaultWriteQuota, s.done)
s.requestRead = func(n int) {
@@ -832,6 +833,9 @@
t.controlBuf.executeAndPut(addBackStreamQuota, cleanup)
// This will unblock write.
close(s.done)
+ if s.doneFunc != nil {
+ s.doneFunc()
+ }
}
// Close kicks off the shutdown process of the transport. This should be called
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http2_server.go
index 0cf1cc3..7c6c89d 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http2_server.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http2_server.go
@@ -26,6 +26,7 @@
"io"
"math"
"net"
+ "net/http"
"strconv"
"sync"
"sync/atomic"
@@ -402,6 +403,20 @@
return true
}
t.maxStreamID = streamID
+ if state.data.httpMethod != http.MethodPost {
+ t.mu.Unlock()
+ if logger.V(logLevel) {
+ logger.Warningf("transport: http2Server.operateHeaders parsed a :method field: %v which should be POST", state.data.httpMethod)
+ }
+ t.controlBuf.put(&cleanupStream{
+ streamID: streamID,
+ rst: true,
+ rstCode: http2.ErrCodeProtocol,
+ onWrite: func() {},
+ })
+ s.cancel()
+ return false
+ }
t.activeStreams[streamID] = s
if len(t.activeStreams) == 1 {
t.idle = time.Time{}
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http_util.go b/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http_util.go
index 7e41d11..c7dee14 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http_util.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/http_util.go
@@ -111,6 +111,7 @@
timeoutSet bool
timeout time.Duration
method string
+ httpMethod string
// key-value metadata map from the peer.
mdata map[string][]string
statsTags []byte
@@ -363,6 +364,8 @@
}
d.data.statsTrace = v
d.addMetadata(f.Name, string(v))
+ case ":method":
+ d.data.httpMethod = f.Value
default:
if isReservedHeader(f.Name) && !isWhitelistedHeader(f.Name) {
break
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/transport.go b/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/transport.go
index 9c8f79c..5cf7c5f 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/transport.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/internal/transport/transport.go
@@ -241,6 +241,7 @@
ctx context.Context // the associated context of the stream
cancel context.CancelFunc // always nil for client side Stream
done chan struct{} // closed at the end of stream to unblock writers. On the client side.
+ doneFunc func() // invoked at the end of stream on client side.
ctxDone <-chan struct{} // same as done chan but for server side. Cache of ctx.Done() (for performance)
method string // the associated RPC method of the stream
recvCompress string
@@ -611,6 +612,8 @@
ContentSubtype string
PreviousAttempts int // value of grpc-previous-rpc-attempts header to set
+
+ DoneFunc func() // called when the stream is finished
}
// ClientTransport is the common interface for all gRPC client-side transport
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/pickfirst.go b/third_party/golibs/vendor/google.golang.org/grpc/pickfirst.go
index 56e33f6..b858c2a 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/pickfirst.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/pickfirst.go
@@ -84,7 +84,7 @@
b.cc.UpdateState(balancer.State{ConnectivityState: connectivity.Idle, Picker: &picker{result: balancer.PickResult{SubConn: b.sc}}})
b.sc.Connect()
} else {
- b.sc.UpdateAddresses(cs.ResolverState.Addresses)
+ b.cc.UpdateAddresses(b.sc, cs.ResolverState.Addresses)
b.sc.Connect()
}
return nil
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/stream.go b/third_party/golibs/vendor/google.golang.org/grpc/stream.go
index eda1248..77d2574 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/stream.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/stream.go
@@ -166,7 +166,6 @@
}
}()
}
- c := defaultCallInfo()
// Provide an opportunity for the first RPC to see the first service config
// provided by the resolver.
if err := cc.waitForResolvedAddrs(ctx); err != nil {
@@ -175,18 +174,40 @@
var mc serviceconfig.MethodConfig
var onCommit func()
- rpcConfig, err := cc.safeConfigSelector.SelectConfig(iresolver.RPCInfo{Context: ctx, Method: method})
- if err != nil {
- return nil, status.Convert(err).Err()
+ var newStream = func(ctx context.Context, done func()) (iresolver.ClientStream, error) {
+ return newClientStreamWithParams(ctx, desc, cc, method, mc, onCommit, done, opts...)
}
+
+ rpcInfo := iresolver.RPCInfo{Context: ctx, Method: method}
+ rpcConfig, err := cc.safeConfigSelector.SelectConfig(rpcInfo)
+ if err != nil {
+ return nil, toRPCErr(err)
+ }
+
if rpcConfig != nil {
if rpcConfig.Context != nil {
ctx = rpcConfig.Context
}
mc = rpcConfig.MethodConfig
onCommit = rpcConfig.OnCommitted
+ if rpcConfig.Interceptor != nil {
+ rpcInfo.Context = nil
+ ns := newStream
+ newStream = func(ctx context.Context, done func()) (iresolver.ClientStream, error) {
+ cs, err := rpcConfig.Interceptor.NewStream(ctx, rpcInfo, done, ns)
+ if err != nil {
+ return nil, toRPCErr(err)
+ }
+ return cs, nil
+ }
+ }
}
+ return newStream(ctx, func() {})
+}
+
+func newClientStreamWithParams(ctx context.Context, desc *StreamDesc, cc *ClientConn, method string, mc serviceconfig.MethodConfig, onCommit, doneFunc func(), opts ...CallOption) (_ iresolver.ClientStream, err error) {
+ c := defaultCallInfo()
if mc.WaitForReady != nil {
c.failFast = !*mc.WaitForReady
}
@@ -223,6 +244,7 @@
Host: cc.authority,
Method: method,
ContentSubtype: c.contentSubtype,
+ DoneFunc: doneFunc,
}
// Set our outgoing compression according to the UseCompressor CallOption, if
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/version.go b/third_party/golibs/vendor/google.golang.org/grpc/version.go
index 1051b7e..c3b87eb 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/version.go
+++ b/third_party/golibs/vendor/google.golang.org/grpc/version.go
@@ -19,4 +19,4 @@
package grpc
// Version is the current grpc version.
-const Version = "1.36.1"
+const Version = "1.37.0"
diff --git a/third_party/golibs/vendor/google.golang.org/grpc/vet.sh b/third_party/golibs/vendor/google.golang.org/grpc/vet.sh
index b41df6d..dcd939b 100644
--- a/third_party/golibs/vendor/google.golang.org/grpc/vet.sh
+++ b/third_party/golibs/vendor/google.golang.org/grpc/vet.sh
@@ -28,7 +28,8 @@
}
trap cleanup EXIT
-PATH="${GOPATH}/bin:${GOROOT}/bin:${PATH}"
+PATH="${HOME}/go/bin:${GOROOT}/bin:${PATH}"
+go version
if [[ "$1" = "-install" ]]; then
# Check for module support
@@ -107,7 +108,7 @@
# - gofmt, goimports, golint (with exceptions for generated code), go vet.
gofmt -s -d -l . 2>&1 | fail_on_output
goimports -l . 2>&1 | not grep -vE "\.pb\.go"
-golint ./... 2>&1 | not grep -vE "\.pb\.go:"
+golint ./... 2>&1 | not grep -vE "/testv3\.pb\.go:"
go vet -all ./...
misspell -error .
@@ -141,8 +142,11 @@
.NewAddress
.NewServiceConfig
.Type is deprecated: use Attributes
+BuildVersion is deprecated
balancer.ErrTransientFailure
balancer.Picker
+extDesc.Filename is deprecated
+github.com/golang/protobuf/jsonpb is deprecated
grpc.CallCustomCodec
grpc.Code
grpc.Compressor
@@ -164,13 +168,7 @@
grpc.WithTimeout
http.CloseNotifier
info.SecurityVersion
-resolver.Backend
-resolver.GRPCLB
-extDesc.Filename is deprecated
-BuildVersion is deprecated
-github.com/golang/protobuf/jsonpb is deprecated
proto is deprecated
-xxx_messageInfo_
proto.InternalMessageInfo is deprecated
proto.EnumName is deprecated
proto.ErrInternalBadWireType is deprecated
@@ -184,7 +182,12 @@
proto.RegisteredExtension is deprecated
proto.RegisteredExtensions is deprecated
proto.RegisterMapType is deprecated
-proto.Unmarshaler is deprecated' "${SC_OUT}"
+proto.Unmarshaler is deprecated
+resolver.Backend
+resolver.GRPCLB
+Target is deprecated: Use the Target field in the BuildOptions instead.
+xxx_messageInfo_
+' "${SC_OUT}"
# - special golint on package comments.
lint_package_comment_per_package() {
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/hash/jenkins/jenkins.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/hash/jenkins/jenkins.go
index 52c2223..33ff22a 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/hash/jenkins/jenkins.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/hash/jenkins/jenkins.go
@@ -42,26 +42,26 @@
// Sum32 returns the hash value
func (s *Sum32) Sum32() uint32 {
- hash := *s
+ sCopy := *s
- hash += (hash << 3)
- hash ^= hash >> 11
- hash += hash << 15
+ sCopy += sCopy << 3
+ sCopy ^= sCopy >> 11
+ sCopy += sCopy << 15
- return uint32(hash)
+ return uint32(sCopy)
}
// Write adds more data to the running hash.
//
// It never returns an error.
func (s *Sum32) Write(data []byte) (int, error) {
- hash := *s
+ sCopy := *s
for _, b := range data {
- hash += Sum32(b)
- hash += hash << 10
- hash ^= hash >> 6
+ sCopy += Sum32(b)
+ sCopy += sCopy << 10
+ sCopy ^= sCopy >> 6
}
- *s = hash
+ *s = sCopy
return len(data), nil
}
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/header/ipv4.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/header/ipv4.go
index f588311..85bd164 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/header/ipv4.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/header/ipv4.go
@@ -178,6 +178,26 @@
IPv4FlagDontFragment
)
+// ipv4LinkLocalUnicastSubnet is the IPv4 link local unicast subnet as defined
+// by RFC 3927 section 1.
+var ipv4LinkLocalUnicastSubnet = func() tcpip.Subnet {
+ subnet, err := tcpip.NewSubnet("\xa9\xfe\x00\x00", tcpip.AddressMask("\xff\xff\x00\x00"))
+ if err != nil {
+ panic(err)
+ }
+ return subnet
+}()
+
+// ipv4LinkLocalMulticastSubnet is the IPv4 link local multicast subnet as
+// defined by RFC 5771 section 4.
+var ipv4LinkLocalMulticastSubnet = func() tcpip.Subnet {
+ subnet, err := tcpip.NewSubnet("\xe0\x00\x00\x00", tcpip.AddressMask("\xff\xff\xff\x00"))
+ if err != nil {
+ panic(err)
+ }
+ return subnet
+}()
+
// IPv4EmptySubnet is the empty IPv4 subnet.
var IPv4EmptySubnet = func() tcpip.Subnet {
subnet, err := tcpip.NewSubnet(IPv4Any, tcpip.AddressMask(IPv4Any))
@@ -423,6 +443,18 @@
return true
}
+// IsV4LinkLocalUnicastAddress determines if the provided address is an IPv4
+// link-local unicast address.
+func IsV4LinkLocalUnicastAddress(addr tcpip.Address) bool {
+ return ipv4LinkLocalUnicastSubnet.Contains(addr)
+}
+
+// IsV4LinkLocalMulticastAddress determines if the provided address is an IPv4
+// link-local multicast address.
+func IsV4LinkLocalMulticastAddress(addr tcpip.Address) bool {
+ return ipv4LinkLocalMulticastSubnet.Contains(addr)
+}
+
// IsV4MulticastAddress determines if the provided address is an IPv4 multicast
// address (range 224.0.0.0 to 239.255.255.255). The four most significant bits
// will be 1110 = 0xe0.
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/header/ipv6.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/header/ipv6.go
index fa6ccff..c3a0407 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/header/ipv6.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/header/ipv6.go
@@ -391,23 +391,23 @@
return tcpip.Address(lladdrb[:])
}
-// IsV6LinkLocalAddress determines if the provided address is an IPv6
-// link-local address (fe80::/10).
-func IsV6LinkLocalAddress(addr tcpip.Address) bool {
+// IsV6LinkLocalUnicastAddress returns true iff the provided address is an IPv6
+// link-local unicast address, as defined by RFC 4291 section 2.5.6.
+func IsV6LinkLocalUnicastAddress(addr tcpip.Address) bool {
if len(addr) != IPv6AddressSize {
return false
}
return addr[0] == 0xfe && (addr[1]&0xc0) == 0x80
}
-// IsV6LoopbackAddress determines if the provided address is an IPv6 loopback
-// address.
+// IsV6LoopbackAddress returns true iff the provided address is an IPv6 loopback
+// address, as defined by RFC 4291 section 2.5.3.
func IsV6LoopbackAddress(addr tcpip.Address) bool {
return addr == IPv6Loopback
}
-// IsV6LinkLocalMulticastAddress determines if the provided address is an IPv6
-// link-local multicast address.
+// IsV6LinkLocalMulticastAddress returns true iff the provided address is an
+// IPv6 link-local multicast address, as defined by RFC 4291 section 2.7.
func IsV6LinkLocalMulticastAddress(addr tcpip.Address) bool {
return IsV6MulticastAddress(addr) && V6MulticastScope(addr) == IPv6LinkLocalMulticastScope
}
@@ -472,7 +472,7 @@
case IsV6LinkLocalMulticastAddress(addr):
return LinkLocalScope, nil
- case IsV6LinkLocalAddress(addr):
+ case IsV6LinkLocalUnicastAddress(addr):
return LinkLocalScope, nil
default:
@@ -531,7 +531,8 @@
}
}
-// IPv6MulticastScope is the scope of a multicast IPv6 address.
+// IPv6MulticastScope is the scope of a multicast IPv6 address, as defined by
+// RFC 7346 section 2.
type IPv6MulticastScope uint8
// The various values for IPv6 multicast scopes, as per RFC 7346 section 2:
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/internal/ip/stats.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/internal/ip/stats.go
index b6f39dd..d06b263 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/internal/ip/stats.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/internal/ip/stats.go
@@ -21,53 +21,56 @@
// MultiCounterIPStats holds IP statistics, each counter may have several
// versions.
type MultiCounterIPStats struct {
- // PacketsReceived is the total number of IP packets received from the link
- // layer.
+ // PacketsReceived is the number of IP packets received from the link layer.
PacketsReceived tcpip.MultiCounterStat
- // DisabledPacketsReceived is the total number of IP packets received from the
- // link layer when the IP layer is disabled.
+ // DisabledPacketsReceived is the number of IP packets received from the link
+ // layer when the IP layer is disabled.
DisabledPacketsReceived tcpip.MultiCounterStat
- // InvalidDestinationAddressesReceived is the total number of IP packets
- // received with an unknown or invalid destination address.
+ // InvalidDestinationAddressesReceived is the number of IP packets received
+ // with an unknown or invalid destination address.
InvalidDestinationAddressesReceived tcpip.MultiCounterStat
- // InvalidSourceAddressesReceived is the total number of IP packets received
- // with a source address that should never have been received on the wire.
+ // InvalidSourceAddressesReceived is the number of IP packets received with a
+ // source address that should never have been received on the wire.
InvalidSourceAddressesReceived tcpip.MultiCounterStat
- // PacketsDelivered is the total number of incoming IP packets that are
- // successfully delivered to the transport layer.
+ // PacketsDelivered is the number of incoming IP packets that are successfully
+ // delivered to the transport layer.
PacketsDelivered tcpip.MultiCounterStat
- // PacketsSent is the total number of IP packets sent via WritePacket.
+ // PacketsSent is the number of IP packets sent via WritePacket.
PacketsSent tcpip.MultiCounterStat
- // OutgoingPacketErrors is the total number of IP packets which failed to
- // write to a link-layer endpoint.
+ // OutgoingPacketErrors is the number of IP packets which failed to write to a
+ // link-layer endpoint.
OutgoingPacketErrors tcpip.MultiCounterStat
- // MalformedPacketsReceived is the total number of IP Packets that were
- // dropped due to the IP packet header failing validation checks.
+ // MalformedPacketsReceived is the number of IP Packets that were dropped due
+ // to the IP packet header failing validation checks.
MalformedPacketsReceived tcpip.MultiCounterStat
- // MalformedFragmentsReceived is the total number of IP Fragments that were
- // dropped due to the fragment failing validation checks.
+ // MalformedFragmentsReceived is the number of IP Fragments that were dropped
+ // due to the fragment failing validation checks.
MalformedFragmentsReceived tcpip.MultiCounterStat
- // IPTablesPreroutingDropped is the total number of IP packets dropped in the
+ // IPTablesPreroutingDropped is the number of IP packets dropped in the
// Prerouting chain.
IPTablesPreroutingDropped tcpip.MultiCounterStat
- // IPTablesInputDropped is the total number of IP packets dropped in the Input
+ // IPTablesInputDropped is the number of IP packets dropped in the Input
// chain.
IPTablesInputDropped tcpip.MultiCounterStat
- // IPTablesOutputDropped is the total number of IP packets dropped in the
- // Output chain.
+ // IPTablesOutputDropped is the number of IP packets dropped in the Output
+ // chain.
IPTablesOutputDropped tcpip.MultiCounterStat
+ // IPTablesPostroutingDropped is the number of IP packets dropped in the
+ // Postrouting chain.
+ IPTablesPostroutingDropped tcpip.MultiCounterStat
+
// TODO(https://gvisor.dev/issues/5529): Move the IPv4-only option stats out
// of IPStats.
@@ -98,6 +101,7 @@
m.IPTablesPreroutingDropped.Init(a.IPTablesPreroutingDropped, b.IPTablesPreroutingDropped)
m.IPTablesInputDropped.Init(a.IPTablesInputDropped, b.IPTablesInputDropped)
m.IPTablesOutputDropped.Init(a.IPTablesOutputDropped, b.IPTablesOutputDropped)
+ m.IPTablesPostroutingDropped.Init(a.IPTablesPostroutingDropped, b.IPTablesPostroutingDropped)
m.OptionTimestampReceived.Init(a.OptionTimestampReceived, b.OptionTimestampReceived)
m.OptionRecordRouteReceived.Init(a.OptionRecordRouteReceived, b.OptionRecordRouteReceived)
m.OptionRouterAlertReceived.Init(a.OptionRouterAlertReceived, b.OptionRouterAlertReceived)
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv4/ipv4.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv4/ipv4.go
index 6dc6fc9..9a3dc78c 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv4/ipv4.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv4/ipv4.go
@@ -415,6 +415,15 @@
return nil
}
+ // Postrouting NAT can only change the source address, and does not alter the
+ // route or outgoing interface of the packet.
+ outNicName := e.protocol.stack.FindNICNameFromID(e.nic.ID())
+ if ok := e.protocol.stack.IPTables().Check(stack.Postrouting, pkt, gso, r, "" /* preroutingAddr */, "" /* inNicName */, outNicName); !ok {
+ // iptables is telling us to drop the packet.
+ e.stats.ip.IPTablesPostroutingDropped.Increment()
+ return nil
+ }
+
stats := e.stats.ip
networkMTU, err := calculateNetworkMTU(e.nic.MTU(), uint32(pkt.NetworkHeader().View().Size()))
@@ -486,9 +495,9 @@
outNicName := e.protocol.stack.FindNICNameFromID(e.nic.ID())
// iptables filtering. All packets that reach here are locally
// generated.
- dropped, natPkts := e.protocol.stack.IPTables().CheckPackets(stack.Output, pkts, gso, r, "", outNicName)
- stats.IPTablesOutputDropped.IncrementBy(uint64(len(dropped)))
- for pkt := range dropped {
+ outputDropped, natPkts := e.protocol.stack.IPTables().CheckPackets(stack.Output, pkts, gso, r, "" /* inNicName */, outNicName)
+ stats.IPTablesOutputDropped.IncrementBy(uint64(len(outputDropped)))
+ for pkt := range outputDropped {
pkts.Remove(pkt)
}
@@ -510,6 +519,15 @@
}
+ // We ignore the list of NAT-ed packets here because Postrouting NAT can only
+ // change the source address, and does not alter the route or outgoing
+ // interface of the packet.
+ postroutingDropped, _ := e.protocol.stack.IPTables().CheckPackets(stack.Postrouting, pkts, gso, r, "" /* inNicName */, outNicName)
+ stats.IPTablesPostroutingDropped.IncrementBy(uint64(len(postroutingDropped)))
+ for pkt := range postroutingDropped {
+ pkts.Remove(pkt)
+ }
+
// The rest of the packets can be delivered to the NIC as a batch.
pktsLen := pkts.Len()
written, err := e.nic.WritePackets(r, gso, pkts, ProtocolNumber)
@@ -517,7 +535,7 @@
stats.OutgoingPacketErrors.IncrementBy(uint64(pktsLen - written))
// Dropped packets aren't errors, so include them in the return value.
- return locallyDelivered + written + len(dropped), err
+ return locallyDelivered + written + len(outputDropped) + len(postroutingDropped), err
}
// WriteHeaderIncludedPacket implements stack.NetworkEndpoint.
@@ -583,6 +601,22 @@
// forwardPacket attempts to forward a packet to its final destination.
func (e *endpoint) forwardPacket(pkt *stack.PacketBuffer) tcpip.Error {
h := header.IPv4(pkt.NetworkHeader().View())
+
+ dstAddr := h.DestinationAddress()
+ if header.IsV4LinkLocalUnicastAddress(h.SourceAddress()) || header.IsV4LinkLocalUnicastAddress(dstAddr) || header.IsV4LinkLocalMulticastAddress(dstAddr) {
+ // As per RFC 3927 section 7,
+ //
+ // A router MUST NOT forward a packet with an IPv4 Link-Local source or
+ // destination address, irrespective of the router's default route
+ // configuration or routes obtained from dynamic routing protocols.
+ //
+ // A router which receives a packet with an IPv4 Link-Local source or
+ // destination address MUST NOT forward the packet. This prevents
+ // forwarding of packets back onto the network segment from which they
+ // originated, or to any other segment.
+ return nil
+ }
+
ttl := h.TTL()
if ttl == 0 {
// As per RFC 792 page 6, Time Exceeded Message,
@@ -621,8 +655,6 @@
}
}
- dstAddr := h.DestinationAddress()
-
// Check if the destination is owned by the stack.
if ep := e.protocol.findEndpointWithAddress(dstAddr); ep != nil {
ep.handleValidatedPacket(h, pkt)
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/icmp.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/icmp.go
index a142b76..b2a80e1e 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/icmp.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/icmp.go
@@ -273,7 +273,7 @@
if iph.HopLimit() != header.MLDHopLimit {
return false
}
- if !header.IsV6LinkLocalAddress(iph.SourceAddress()) {
+ if !header.IsV6LinkLocalUnicastAddress(iph.SourceAddress()) {
return false
}
return true
@@ -804,7 +804,7 @@
routerAddr := srcAddr
// Is the IP Source Address a link-local address?
- if !header.IsV6LinkLocalAddress(routerAddr) {
+ if !header.IsV6LinkLocalUnicastAddress(routerAddr) {
// ...No, silently drop the packet.
received.invalid.Increment()
return
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/ipv6.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/ipv6.go
index 2a2ad648..2e51537 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/ipv6.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/ipv6.go
@@ -314,7 +314,7 @@
// Snooping switches MUST manage multicast forwarding state based on MLD
// Report and Done messages sent with the unspecified address as the
// IPv6 source address.
- if header.IsV6LinkLocalAddress(addr) {
+ if header.IsV6LinkLocalUnicastAddress(addr) {
e.mu.mld.sendQueuedReports()
}
}
@@ -769,6 +769,15 @@
return nil
}
+ // Postrouting NAT can only change the source address, and does not alter the
+ // route or outgoing interface of the packet.
+ outNicName := e.protocol.stack.FindNICNameFromID(e.nic.ID())
+ if ok := e.protocol.stack.IPTables().Check(stack.Postrouting, pkt, gso, r, "" /* preroutingAddr */, "" /* inNicName */, outNicName); !ok {
+ // iptables is telling us to drop the packet.
+ e.stats.ip.IPTablesPostroutingDropped.Increment()
+ return nil
+ }
+
stats := e.stats.ip
networkMTU, err := calculateNetworkMTU(e.nic.MTU(), uint32(pkt.NetworkHeader().View().Size()))
if err != nil {
@@ -840,9 +849,9 @@
// iptables filtering. All packets that reach here are locally
// generated.
outNicName := e.protocol.stack.FindNICNameFromID(e.nic.ID())
- dropped, natPkts := e.protocol.stack.IPTables().CheckPackets(stack.Output, pkts, gso, r, "" /* inNicName */, outNicName)
- stats.IPTablesOutputDropped.IncrementBy(uint64(len(dropped)))
- for pkt := range dropped {
+ outputDropped, natPkts := e.protocol.stack.IPTables().CheckPackets(stack.Output, pkts, gso, r, "" /* inNicName */, outNicName)
+ stats.IPTablesOutputDropped.IncrementBy(uint64(len(outputDropped)))
+ for pkt := range outputDropped {
pkts.Remove(pkt)
}
@@ -863,6 +872,15 @@
locallyDelivered++
}
+ // We ignore the list of NAT-ed packets here because Postrouting NAT can only
+ // change the source address, and does not alter the route or outgoing
+ // interface of the packet.
+ postroutingDropped, _ := e.protocol.stack.IPTables().CheckPackets(stack.Postrouting, pkts, gso, r, "" /* inNicName */, outNicName)
+ stats.IPTablesPostroutingDropped.IncrementBy(uint64(len(postroutingDropped)))
+ for pkt := range postroutingDropped {
+ pkts.Remove(pkt)
+ }
+
// The rest of the packets can be delivered to the NIC as a batch.
pktsLen := pkts.Len()
written, err := e.nic.WritePackets(r, gso, pkts, ProtocolNumber)
@@ -870,7 +888,7 @@
stats.OutgoingPacketErrors.IncrementBy(uint64(pktsLen - written))
// Dropped packets aren't errors, so include them in the return value.
- return locallyDelivered + written + len(dropped), err
+ return locallyDelivered + written + len(outputDropped) + len(postroutingDropped), err
}
// WriteHeaderIncludedPacket implements stack.NetworkEndpoint.
@@ -912,6 +930,16 @@
// forwardPacket attempts to forward a packet to its final destination.
func (e *endpoint) forwardPacket(pkt *stack.PacketBuffer) tcpip.Error {
h := header.IPv6(pkt.NetworkHeader().View())
+
+ dstAddr := h.DestinationAddress()
+ if header.IsV6LinkLocalUnicastAddress(h.SourceAddress()) || header.IsV6LinkLocalUnicastAddress(dstAddr) || header.IsV6LinkLocalMulticastAddress(dstAddr) {
+ // As per RFC 4291 section 2.5.6,
+ //
+ // Routers must not forward any packets with Link-Local source or
+ // destination addresses to other links.
+ return nil
+ }
+
hopLimit := h.HopLimit()
if hopLimit <= 1 {
// As per RFC 4443 section 3.3,
@@ -924,8 +952,6 @@
return e.protocol.returnError(&icmpReasonHopLimitExceeded{}, pkt)
}
- dstAddr := h.DestinationAddress()
-
// Check if the destination is owned by the stack.
if ep := e.protocol.findEndpointWithAddress(dstAddr); ep != nil {
ep.handleValidatedPacket(h, pkt)
@@ -1614,7 +1640,7 @@
var linkLocalAddr tcpip.Address
e.mu.addressableEndpointState.ForEachPrimaryEndpoint(func(addressEndpoint stack.AddressEndpoint) bool {
if addressEndpoint.IsAssigned(false /* allowExpired */) {
- if addr := addressEndpoint.AddressWithPrefix().Address; header.IsV6LinkLocalAddress(addr) {
+ if addr := addressEndpoint.AddressWithPrefix().Address; header.IsV6LinkLocalUnicastAddress(addr) {
linkLocalAddr = addr
return false
}
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/ndp.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/ndp.go
index dd7f6a1..a110faa 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/ndp.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/network/ipv6/ndp.go
@@ -737,7 +737,7 @@
prefix := opt.Subnet()
// Is the prefix a link-local?
- if header.IsV6LinkLocalAddress(prefix.ID()) {
+ if header.IsV6LinkLocalUnicastAddress(prefix.ID()) {
// ...Yes, skip as per RFC 4861 section 6.3.4,
// and RFC 4862 section 5.5.3.b (for SLAAC).
continue
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/conntrack.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/conntrack.go
index 3f08392..41e964c 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/conntrack.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/conntrack.go
@@ -16,6 +16,7 @@
import (
"encoding/binary"
+ "fmt"
"sync"
"time"
@@ -29,7 +30,7 @@
// The connection is created for a packet if it does not exist. Every
// connection contains two tuples (original and reply). The tuples are
// manipulated if there is a matching NAT rule. The packet is modified by
-// looking at the tuples in the Prerouting and Output hooks.
+// looking at the tuples in each hook.
//
// Currently, only TCP tracking is supported.
@@ -46,12 +47,14 @@
)
// Manipulation type for the connection.
+// TODO(gvisor.dev/issue/5696): Define this as a bit set and support SNAT and
+// DNAT at the same time.
type manipType int
const (
manipNone manipType = iota
- manipDstPrerouting
- manipDstOutput
+ manipSource
+ manipDestination
)
// tuple holds a connection's identifying and manipulating data in one
@@ -108,6 +111,7 @@
reply tuple
// manip indicates if the packet should be manipulated. It is immutable.
+ // TODO(gvisor.dev/issue/5696): Support updating manipulation type.
manip manipType
// tcbHook indicates if the packet is inbound or outbound to
@@ -124,6 +128,18 @@
lastUsed time.Time `state:".(unixTime)"`
}
+// newConn creates new connection.
+func newConn(orig, reply tupleID, manip manipType, hook Hook) *conn {
+ conn := conn{
+ manip: manip,
+ tcbHook: hook,
+ lastUsed: time.Now(),
+ }
+ conn.original = tuple{conn: &conn, tupleID: orig}
+ conn.reply = tuple{conn: &conn, tupleID: reply, direction: dirReply}
+ return &conn
+}
+
// timedOut returns whether the connection timed out based on its state.
func (cn *conn) timedOut(now time.Time) bool {
const establishedTimeout = 5 * 24 * time.Hour
@@ -219,18 +235,6 @@
}, nil
}
-// newConn creates new connection.
-func newConn(orig, reply tupleID, manip manipType, hook Hook) *conn {
- conn := conn{
- manip: manip,
- tcbHook: hook,
- lastUsed: time.Now(),
- }
- conn.original = tuple{conn: &conn, tupleID: orig}
- conn.reply = tuple{conn: &conn, tupleID: reply, direction: dirReply}
- return &conn
-}
-
func (ct *ConnTrack) init() {
ct.mu.Lock()
defer ct.mu.Unlock()
@@ -284,20 +288,41 @@
return nil
}
- // Create a new connection and change the port as per the iptables
- // rule. This tuple will be used to manipulate the packet in
- // handlePacket.
replyTID := tid.reply()
replyTID.srcAddr = address
replyTID.srcPort = port
- var manip manipType
- switch hook {
- case Prerouting:
- manip = manipDstPrerouting
- case Output:
- manip = manipDstOutput
+
+ conn, _ := ct.connForTID(tid)
+ if conn != nil {
+ // The connection is already tracked.
+ // TODO(gvisor.dev/issue/5696): Support updating an existing connection.
+ return nil
}
- conn := newConn(tid, replyTID, manip, hook)
+ conn = newConn(tid, replyTID, manipDestination, hook)
+ ct.insertConn(conn)
+ return conn
+}
+
+func (ct *ConnTrack) insertSNATConn(pkt *PacketBuffer, hook Hook, port uint16, address tcpip.Address) *conn {
+ tid, err := packetToTupleID(pkt)
+ if err != nil {
+ return nil
+ }
+ if hook != Input && hook != Postrouting {
+ return nil
+ }
+
+ replyTID := tid.reply()
+ replyTID.dstAddr = address
+ replyTID.dstPort = port
+
+ conn, _ := ct.connForTID(tid)
+ if conn != nil {
+ // The connection is already tracked.
+ // TODO(gvisor.dev/issue/5696): Support updating an existing connection.
+ return nil
+ }
+ conn = newConn(tid, replyTID, manipSource, hook)
ct.insertConn(conn)
return conn
}
@@ -322,6 +347,7 @@
// Now that we hold the locks, ensure the tuple hasn't been inserted by
// another thread.
+ // TODO(gvisor.dev/issue/5773): Should check conn.reply.tupleID, too?
alreadyInserted := false
for other := ct.buckets[tupleBucket].tuples.Front(); other != nil; other = other.Next() {
if other.tupleID == conn.original.tupleID {
@@ -343,86 +369,6 @@
}
}
-// handlePacketPrerouting manipulates ports for packets in Prerouting hook.
-// TODO(gvisor.dev/issue/170): Change address for Prerouting hook.
-func handlePacketPrerouting(pkt *PacketBuffer, conn *conn, dir direction) {
- // If this is a noop entry, don't do anything.
- if conn.manip == manipNone {
- return
- }
-
- netHeader := pkt.Network()
- tcpHeader := header.TCP(pkt.TransportHeader().View())
-
- // For prerouting redirection, packets going in the original direction
- // have their destinations modified and replies have their sources
- // modified.
- switch dir {
- case dirOriginal:
- port := conn.reply.srcPort
- tcpHeader.SetDestinationPort(port)
- netHeader.SetDestinationAddress(conn.reply.srcAddr)
- case dirReply:
- port := conn.original.dstPort
- tcpHeader.SetSourcePort(port)
- netHeader.SetSourceAddress(conn.original.dstAddr)
- }
-
- // TODO(gvisor.dev/issue/170): TCP checksums aren't usually validated
- // on inbound packets, so we don't recalculate them. However, we should
- // support cases when they are validated, e.g. when we can't offload
- // receive checksumming.
-
- // After modification, IPv4 packets need a valid checksum.
- if pkt.NetworkProtocolNumber == header.IPv4ProtocolNumber {
- netHeader := header.IPv4(pkt.NetworkHeader().View())
- netHeader.SetChecksum(0)
- netHeader.SetChecksum(^netHeader.CalculateChecksum())
- }
-}
-
-// handlePacketOutput manipulates ports for packets in Output hook.
-func handlePacketOutput(pkt *PacketBuffer, conn *conn, gso *GSO, r *Route, dir direction) {
- // If this is a noop entry, don't do anything.
- if conn.manip == manipNone {
- return
- }
-
- netHeader := pkt.Network()
- tcpHeader := header.TCP(pkt.TransportHeader().View())
-
- // For output redirection, packets going in the original direction
- // have their destinations modified and replies have their sources
- // modified. For prerouting redirection, we only reach this point
- // when replying, so packet sources are modified.
- if conn.manip == manipDstOutput && dir == dirOriginal {
- port := conn.reply.srcPort
- tcpHeader.SetDestinationPort(port)
- netHeader.SetDestinationAddress(conn.reply.srcAddr)
- } else {
- port := conn.original.dstPort
- tcpHeader.SetSourcePort(port)
- netHeader.SetSourceAddress(conn.original.dstAddr)
- }
-
- // Calculate the TCP checksum and set it.
- tcpHeader.SetChecksum(0)
- length := uint16(len(tcpHeader) + pkt.Data().Size())
- xsum := header.PseudoHeaderChecksum(header.TCPProtocolNumber, netHeader.SourceAddress(), netHeader.DestinationAddress(), length)
- if gso != nil && gso.NeedsCsum {
- tcpHeader.SetChecksum(xsum)
- } else if r.RequiresTXTransportChecksum() {
- xsum = header.ChecksumCombine(xsum, pkt.Data().AsRange().Checksum())
- tcpHeader.SetChecksum(^tcpHeader.CalculateChecksum(xsum))
- }
-
- if pkt.NetworkProtocolNumber == header.IPv4ProtocolNumber {
- netHeader := header.IPv4(pkt.NetworkHeader().View())
- netHeader.SetChecksum(0)
- netHeader.SetChecksum(^netHeader.CalculateChecksum())
- }
-}
-
// handlePacket will manipulate the port and address of the packet if the
// connection exists. Returns whether, after the packet traverses the tables,
// it should create a new entry in the table.
@@ -431,7 +377,9 @@
return false
}
- if hook != Prerouting && hook != Output {
+ switch hook {
+ case Prerouting, Input, Output, Postrouting:
+ default:
return false
}
@@ -441,23 +389,79 @@
}
conn, dir := ct.connFor(pkt)
- // Connection or Rule not found for the packet.
+ // Connection not found for the packet.
if conn == nil {
- return true
+ // If this is the last hook in the data path for this packet (Input if
+ // incoming, Postrouting if outgoing), indicate that a connection should be
+ // inserted by the end of this hook.
+ return hook == Input || hook == Postrouting
}
+ netHeader := pkt.Network()
tcpHeader := header.TCP(pkt.TransportHeader().View())
if len(tcpHeader) < header.TCPMinimumSize {
return false
}
+ // TODO(gvisor.dev/issue/5748): TCP checksums on inbound packets should be
+ // validated if checksum offloading is off. It may require IP defrag if the
+ // packets are fragmented.
+
switch hook {
- case Prerouting:
- handlePacketPrerouting(pkt, conn, dir)
- case Output:
- handlePacketOutput(pkt, conn, gso, r, dir)
+ case Prerouting, Output:
+ if conn.manip == manipDestination {
+ switch dir {
+ case dirOriginal:
+ tcpHeader.SetDestinationPort(conn.reply.srcPort)
+ netHeader.SetDestinationAddress(conn.reply.srcAddr)
+ case dirReply:
+ tcpHeader.SetSourcePort(conn.original.dstPort)
+ netHeader.SetSourceAddress(conn.original.dstAddr)
+ }
+ pkt.NatDone = true
+ }
+ case Input, Postrouting:
+ if conn.manip == manipSource {
+ switch dir {
+ case dirOriginal:
+ tcpHeader.SetSourcePort(conn.reply.dstPort)
+ netHeader.SetSourceAddress(conn.reply.dstAddr)
+ case dirReply:
+ tcpHeader.SetDestinationPort(conn.original.srcPort)
+ netHeader.SetDestinationAddress(conn.original.srcAddr)
+ }
+ pkt.NatDone = true
+ }
+ default:
+ panic(fmt.Sprintf("unrecognized hook = %s", hook))
}
- pkt.NatDone = true
+ if !pkt.NatDone {
+ return false
+ }
+
+ switch hook {
+ case Prerouting, Input:
+ case Output, Postrouting:
+ // Calculate the TCP checksum and set it.
+ tcpHeader.SetChecksum(0)
+ length := uint16(len(tcpHeader) + pkt.Data().Size())
+ xsum := header.PseudoHeaderChecksum(header.TCPProtocolNumber, netHeader.SourceAddress(), netHeader.DestinationAddress(), length)
+ if gso != nil && gso.NeedsCsum {
+ tcpHeader.SetChecksum(xsum)
+ } else if r.RequiresTXTransportChecksum() {
+ xsum = header.ChecksumCombine(xsum, pkt.Data().AsRange().Checksum())
+ tcpHeader.SetChecksum(^tcpHeader.CalculateChecksum(xsum))
+ }
+ default:
+ panic(fmt.Sprintf("unrecognized hook = %s", hook))
+ }
+
+ // After modification, IPv4 packets need a valid checksum.
+ if pkt.NetworkProtocolNumber == header.IPv4ProtocolNumber {
+ netHeader := header.IPv4(pkt.NetworkHeader().View())
+ netHeader.SetChecksum(0)
+ netHeader.SetChecksum(^netHeader.CalculateChecksum())
+ }
// Update the state of tcb.
// TODO(gvisor.dev/issue/170): Add support in tcpcontrack to handle
@@ -638,8 +642,8 @@
if conn == nil {
// Not a tracked connection.
return "", 0, &tcpip.ErrNotConnected{}
- } else if conn.manip == manipNone {
- // Unmanipulated connection.
+ } else if conn.manip != manipDestination {
+ // Unmanipulated destination.
return "", 0, &tcpip.ErrInvalidOptionValue{}
}
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/hook_string.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/hook_string.go
new file mode 100644
index 0000000..3dc8a7b
--- /dev/null
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/hook_string.go
@@ -0,0 +1,41 @@
+// Copyright 2021 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at //
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by "stringer -type Hook ."; DO NOT EDIT.
+
+package stack
+
+import "strconv"
+
+func _() {
+ // An "invalid array index" compiler error signifies that the constant values have changed.
+ // Re-run the stringer command to generate them again.
+ var x [1]struct{}
+ _ = x[Prerouting-0]
+ _ = x[Input-1]
+ _ = x[Forward-2]
+ _ = x[Output-3]
+ _ = x[Postrouting-4]
+ _ = x[NumHooks-5]
+}
+
+const _Hook_name = "PreroutingInputForwardOutputPostroutingNumHooks"
+
+var _Hook_index = [...]uint8{0, 10, 15, 22, 28, 39, 47}
+
+func (i Hook) String() string {
+ if i >= Hook(len(_Hook_index)-1) {
+ return "Hook(" + strconv.FormatInt(int64(i), 10) + ")"
+ }
+ return _Hook_name[_Hook_index[i]:_Hook_index[i+1]]
+}
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/iptables.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/iptables.go
index 52890f6..7ea87d3 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/iptables.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/iptables.go
@@ -175,9 +175,10 @@
},
},
priorities: [NumHooks][]TableID{
- Prerouting: {MangleID, NATID},
- Input: {NATID, FilterID},
- Output: {MangleID, NATID, FilterID},
+ Prerouting: {MangleID, NATID},
+ Input: {NATID, FilterID},
+ Output: {MangleID, NATID, FilterID},
+ Postrouting: {MangleID, NATID},
},
connections: ConnTrack{
seed: generateRandUint32(),
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/iptables_targets.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/iptables_targets.go
index 0e8b90c..317efe7 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/iptables_targets.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/iptables_targets.go
@@ -182,3 +182,81 @@
return RuleAccept, 0
}
+
+// SNATTarget modifies the source port/IP in the outgoing packets.
+type SNATTarget struct {
+ Addr tcpip.Address
+ Port uint16
+
+ // NetworkProtocol is the network protocol the target is used with. It
+ // is immutable.
+ NetworkProtocol tcpip.NetworkProtocolNumber
+}
+
+// Action implements Target.Action.
+func (st *SNATTarget) Action(pkt *PacketBuffer, ct *ConnTrack, hook Hook, gso *GSO, r *Route, address tcpip.Address) (RuleVerdict, int) {
+ // Sanity check.
+ if st.NetworkProtocol != pkt.NetworkProtocolNumber {
+ panic(fmt.Sprintf(
+ "SNATTarget.Action with NetworkProtocol %d called on packet with NetworkProtocolNumber %d",
+ st.NetworkProtocol, pkt.NetworkProtocolNumber))
+ }
+
+ // Packet is already manipulated.
+ if pkt.NatDone {
+ return RuleAccept, 0
+ }
+
+ // Drop the packet if network and transport header are not set.
+ if pkt.NetworkHeader().View().IsEmpty() || pkt.TransportHeader().View().IsEmpty() {
+ return RuleDrop, 0
+ }
+
+ switch hook {
+ case Postrouting, Input:
+ case Prerouting, Output, Forward:
+ panic(fmt.Sprintf("%s not supported", hook))
+ default:
+ panic(fmt.Sprintf("%s unrecognized", hook))
+ }
+
+ switch protocol := pkt.TransportProtocolNumber; protocol {
+ case header.UDPProtocolNumber:
+ udpHeader := header.UDP(pkt.TransportHeader().View())
+ udpHeader.SetChecksum(0)
+ udpHeader.SetSourcePort(st.Port)
+ netHeader := pkt.Network()
+ netHeader.SetSourceAddress(st.Addr)
+
+ // Only calculate the checksum if offloading isn't supported.
+ if r.RequiresTXTransportChecksum() {
+ length := uint16(pkt.Size()) - uint16(len(pkt.NetworkHeader().View()))
+ xsum := header.PseudoHeaderChecksum(protocol, netHeader.SourceAddress(), netHeader.DestinationAddress(), length)
+ xsum = header.ChecksumCombine(xsum, pkt.Data().AsRange().Checksum())
+ udpHeader.SetChecksum(^udpHeader.CalculateChecksum(xsum))
+ }
+
+ // After modification, IPv4 packets need a valid checksum.
+ if pkt.NetworkProtocolNumber == header.IPv4ProtocolNumber {
+ netHeader := header.IPv4(pkt.NetworkHeader().View())
+ netHeader.SetChecksum(0)
+ netHeader.SetChecksum(^netHeader.CalculateChecksum())
+ }
+ pkt.NatDone = true
+ case header.TCPProtocolNumber:
+ if ct == nil {
+ return RuleAccept, 0
+ }
+
+ // Set up conection for matching NAT rule. Only the first
+ // packet of the connection comes here. Other packets will be
+ // manipulated in connection tracking.
+ if conn := ct.insertSNATConn(pkt, hook, st.Port, st.Addr); conn != nil {
+ ct.handlePacket(pkt, hook, gso, r)
+ }
+ default:
+ return RuleDrop, 0
+ }
+
+ return RuleAccept, 0
+}
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/packet_buffer.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/packet_buffer.go
index 8f28867..c10304d 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/packet_buffer.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/packet_buffer.go
@@ -299,9 +299,18 @@
// See PacketBuffer.Data for details about how a packet buffer holds an inbound
// packet.
func (pk *PacketBuffer) CloneToInbound() *PacketBuffer {
- return NewPacketBuffer(PacketBufferOptions{
+ newPk := NewPacketBuffer(PacketBufferOptions{
Data: buffer.NewVectorisedView(pk.Size(), pk.Views()),
})
+ // TODO(gvisor.dev/issue/5696): reimplement conntrack so that no need to
+ // maintain this flag in the packet. Currently conntrack needs this flag to
+ // tell if a noop connection should be inserted at Input hook. Once conntrack
+ // redefines the manipulation field as mutable, we won't need the special noop
+ // connection.
+ if pk.NatDone {
+ newPk.NatDone = true
+ }
+ return newPk
}
// headerInfo stores metadata about a header in a packet.
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/route.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/route.go
index 3934480..4ae6bed 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/route.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/route.go
@@ -132,7 +132,7 @@
localAddr = addressEndpoint.AddressWithPrefix().Address
}
- if localAddressNIC != outgoingNIC && header.IsV6LinkLocalAddress(localAddr) {
+ if localAddressNIC != outgoingNIC && header.IsV6LinkLocalUnicastAddress(localAddr) {
addressEndpoint.DecRef()
return nil
}
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/stack.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/stack.go
index 931a97d..f231124 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/stack.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/stack/stack.go
@@ -1344,7 +1344,7 @@
s.mu.RLock()
defer s.mu.RUnlock()
- isLinkLocal := header.IsV6LinkLocalAddress(remoteAddr) || header.IsV6LinkLocalMulticastAddress(remoteAddr)
+ isLinkLocal := header.IsV6LinkLocalUnicastAddress(remoteAddr) || header.IsV6LinkLocalMulticastAddress(remoteAddr)
isLocalBroadcast := remoteAddr == header.IPv4Broadcast
isMulticast := header.IsV4MulticastAddress(remoteAddr) || header.IsV6MulticastAddress(remoteAddr)
isLoopback := header.IsV4LoopbackAddress(remoteAddr) || header.IsV6LoopbackAddress(remoteAddr)
@@ -1381,7 +1381,7 @@
return nil, &tcpip.ErrNetworkUnreachable{}
}
- canForward := s.Forwarding(netProto) && !header.IsV6LinkLocalAddress(localAddr) && !isLinkLocal
+ canForward := s.Forwarding(netProto) && !header.IsV6LinkLocalUnicastAddress(localAddr) && !isLinkLocal
// Find a route to the remote with the route table.
var chosenRoute tcpip.Route
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/tcpip.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/tcpip.go
index 60de165..2b6e6a8 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/tcpip.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/tcpip.go
@@ -1556,6 +1556,10 @@
// chain.
IPTablesOutputDropped *StatCounter
+ // IPTablesPostroutingDropped is the number of IP packets dropped in the
+ // Postrouting chain.
+ IPTablesPostroutingDropped *StatCounter
+
// TODO(https://gvisor.dev/issues/5529): Move the IPv4-only option stats out
// of IPStats.
// OptionTimestampReceived is the number of Timestamp options seen.
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/accept.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/accept.go
index 7372ebc..7acc7e7 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/accept.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/accept.go
@@ -23,7 +23,6 @@
"sync/atomic"
"time"
- "gvisor.dev/gvisor/pkg/rand"
"gvisor.dev/gvisor/pkg/sleep"
"gvisor.dev/gvisor/pkg/sync"
"gvisor.dev/gvisor/pkg/tcpip"
@@ -131,8 +130,11 @@
pendingEndpoints: make(map[stack.TransportEndpointID]*endpoint),
}
- rand.Read(l.nonce[0][:])
- rand.Read(l.nonce[1][:])
+ for i := range l.nonce {
+ if _, err := io.ReadFull(stk.SecureRNG(), l.nonce[i][:]); err != nil {
+ panic(err)
+ }
+ }
return l
}
@@ -150,14 +152,17 @@
// Feed everything to the hasher.
l.hasherMu.Lock()
l.hasher.Reset()
+
+ // Per hash.Hash.Writer:
+ //
+ // It never returns an error.
l.hasher.Write(payload[:])
l.hasher.Write(l.nonce[nonceIndex][:])
- io.WriteString(l.hasher, string(id.LocalAddress))
- io.WriteString(l.hasher, string(id.RemoteAddress))
+ l.hasher.Write([]byte(id.LocalAddress))
+ l.hasher.Write([]byte(id.RemoteAddress))
// Finalize the calculation of the hash and return the first 4 bytes.
- h := make([]byte, 0, sha1.Size)
- h = l.hasher.Sum(h)
+ h := l.hasher.Sum(nil)
l.hasherMu.Unlock()
return binary.BigEndian.Uint32(h[:])
@@ -196,7 +201,7 @@
// createConnectingEndpoint creates a new endpoint in a connecting state, with
// the connection parameters given by the arguments.
-func (l *listenContext) createConnectingEndpoint(s *segment, iss seqnum.Value, irs seqnum.Value, rcvdSynOpts *header.TCPSynOptions, queue *waiter.Queue) (*endpoint, tcpip.Error) {
+func (l *listenContext) createConnectingEndpoint(s *segment, rcvdSynOpts *header.TCPSynOptions, queue *waiter.Queue) (*endpoint, tcpip.Error) {
// Create a new endpoint.
netProto := l.netProto
if netProto == 0 {
@@ -243,7 +248,7 @@
// Create new endpoint.
irs := s.sequenceNumber
isn := generateSecureISN(s.id, l.stack.Seed())
- ep, err := l.createConnectingEndpoint(s, isn, irs, opts, queue)
+ ep, err := l.createConnectingEndpoint(s, opts, queue)
if err != nil {
return nil, err
}
@@ -385,32 +390,39 @@
}
// deliverAccepted delivers the newly-accepted endpoint to the listener. If the
-// endpoint has transitioned out of the listen state (acceptedChan is nil),
-// the new endpoint is closed instead.
+// listener has transitioned out of the listen state (accepted is the zero
+// value), the new endpoint is reset instead.
func (e *endpoint) deliverAccepted(n *endpoint, withSynCookie bool) {
e.mu.Lock()
e.pendingAccepted.Add(1)
e.mu.Unlock()
defer e.pendingAccepted.Done()
- e.acceptMu.Lock()
- for {
- if e.acceptedChan == nil {
- e.acceptMu.Unlock()
- n.notifyProtocolGoroutine(notifyReset)
- return
- }
- select {
- case e.acceptedChan <- n:
+ // Drop the lock before notifying to avoid deadlock in user-specified
+ // callbacks.
+ delivered := func() bool {
+ e.acceptMu.Lock()
+ defer e.acceptMu.Unlock()
+ for {
+ if e.accepted == (accepted{}) {
+ return false
+ }
+ if e.accepted.endpoints.Len() == e.accepted.cap {
+ e.acceptCond.Wait()
+ continue
+ }
+
+ e.accepted.endpoints.PushBack(n)
if !withSynCookie {
atomic.AddInt32(&e.synRcvdCount, -1)
}
- e.acceptMu.Unlock()
- e.waiterQueue.Notify(waiter.ReadableEvents)
- return
- default:
- e.acceptCond.Wait()
+ return true
}
+ }()
+ if delivered {
+ e.waiterQueue.Notify(waiter.ReadableEvents)
+ } else {
+ n.notifyProtocolGoroutine(notifyReset)
}
}
@@ -499,7 +511,7 @@
func (e *endpoint) synRcvdBacklogFull() bool {
e.acceptMu.Lock()
- acceptedChanCap := cap(e.acceptedChan)
+ backlog := e.accepted.cap
e.acceptMu.Unlock()
// The allocated accepted channel size would always be one greater than the
// listen backlog. But, the SYNRCVD connections count is always checked
@@ -509,12 +521,12 @@
// We maintain an equality check here as the synRcvdCount is incremented
// and compared only from a single listener context and the capacity of
// the accepted channel can only increase by a new listen call.
- return int(atomic.LoadInt32(&e.synRcvdCount)) == acceptedChanCap-1
+ return int(atomic.LoadInt32(&e.synRcvdCount)) == backlog-1
}
func (e *endpoint) acceptQueueIsFull() bool {
e.acceptMu.Lock()
- full := len(e.acceptedChan) == cap(e.acceptedChan)
+ full := e.accepted.endpoints.Len() == e.accepted.cap
e.acceptMu.Unlock()
return full
}
@@ -538,66 +550,56 @@
switch {
case s.flags == header.TCPFlagSyn:
- opts := parseSynSegmentOptions(s)
- if !ctx.useSynCookies() {
- if !e.acceptQueueIsFull() {
- s.incRef()
- atomic.AddInt32(&e.synRcvdCount, 1)
- _ = e.handleSynSegment(ctx, s, &opts)
- return nil
- }
+ if e.acceptQueueIsFull() {
e.stack.Stats().TCP.ListenOverflowSynDrop.Increment()
e.stats.ReceiveErrors.ListenOverflowSynDrop.Increment()
e.stack.Stats().DroppedPackets.Increment()
return nil
- } else {
- // If cookies are in use but the endpoint accept queue
- // is full then drop the syn.
- if e.acceptQueueIsFull() {
- e.stack.Stats().TCP.ListenOverflowSynDrop.Increment()
- e.stats.ReceiveErrors.ListenOverflowSynDrop.Increment()
- e.stack.Stats().DroppedPackets.Increment()
- return nil
- }
- cookie := ctx.createCookie(s.id, s.sequenceNumber, encodeMSS(opts.MSS))
-
- route, err := e.stack.FindRoute(s.nicID, s.dstAddr, s.srcAddr, s.netProto, false /* multicastLoop */)
- if err != nil {
- return err
- }
- defer route.Release()
-
- // Send SYN without window scaling because we currently
- // don't encode this information in the cookie.
- //
- // Enable Timestamp option if the original syn did have
- // the timestamp option specified.
- //
- // Use the user supplied MSS on the listening socket for
- // new connections, if available.
- synOpts := header.TCPSynOptions{
- WS: -1,
- TS: opts.TS,
- TSVal: tcpTimeStamp(time.Now(), timeStampOffset()),
- TSEcr: opts.TSVal,
- MSS: calculateAdvertisedMSS(e.userMSS, route),
- }
- fields := tcpFields{
- id: s.id,
- ttl: e.ttl,
- tos: e.sendTOS,
- flags: header.TCPFlagSyn | header.TCPFlagAck,
- seq: cookie,
- ack: s.sequenceNumber + 1,
- rcvWnd: ctx.rcvWnd,
- }
- if err := e.sendSynTCP(route, fields, synOpts); err != nil {
- return err
- }
- e.stack.Stats().TCP.ListenOverflowSynCookieSent.Increment()
- return nil
}
+ opts := parseSynSegmentOptions(s)
+ if !ctx.useSynCookies() {
+ s.incRef()
+ atomic.AddInt32(&e.synRcvdCount, 1)
+ return e.handleSynSegment(ctx, s, &opts)
+ }
+ route, err := e.stack.FindRoute(s.nicID, s.dstAddr, s.srcAddr, s.netProto, false /* multicastLoop */)
+ if err != nil {
+ return err
+ }
+ defer route.Release()
+
+ // Send SYN without window scaling because we currently
+ // don't encode this information in the cookie.
+ //
+ // Enable Timestamp option if the original syn did have
+ // the timestamp option specified.
+ //
+ // Use the user supplied MSS on the listening socket for
+ // new connections, if available.
+ synOpts := header.TCPSynOptions{
+ WS: -1,
+ TS: opts.TS,
+ TSVal: tcpTimeStamp(time.Now(), timeStampOffset()),
+ TSEcr: opts.TSVal,
+ MSS: calculateAdvertisedMSS(e.userMSS, route),
+ }
+ cookie := ctx.createCookie(s.id, s.sequenceNumber, encodeMSS(opts.MSS))
+ fields := tcpFields{
+ id: s.id,
+ ttl: e.ttl,
+ tos: e.sendTOS,
+ flags: header.TCPFlagSyn | header.TCPFlagAck,
+ seq: cookie,
+ ack: s.sequenceNumber + 1,
+ rcvWnd: ctx.rcvWnd,
+ }
+ if err := e.sendSynTCP(route, fields, synOpts); err != nil {
+ return err
+ }
+ e.stack.Stats().TCP.ListenOverflowSynCookieSent.Increment()
+ return nil
+
case (s.flags & header.TCPFlagAck) != 0:
if e.acceptQueueIsFull() {
// Silently drop the ack as the application can't accept
@@ -665,7 +667,7 @@
rcvdSynOptions.TSEcr = s.parsedOptions.TSEcr
}
- n, err := ctx.createConnectingEndpoint(s, iss, irs, rcvdSynOptions, &waiter.Queue{})
+ n, err := ctx.createConnectingEndpoint(s, rcvdSynOptions, &waiter.Queue{})
if err != nil {
return err
}
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/endpoint.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/endpoint.go
index 9438056..1060a0a9 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/endpoint.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/endpoint.go
@@ -15,6 +15,7 @@
package tcp
import (
+ "container/list"
"encoding/binary"
"fmt"
"io"
@@ -322,6 +323,15 @@
// marker interface.
func (*EndpointInfo) IsEndpointInfo() {}
+// +stateify savable
+type accepted struct {
+ // NB: this could be an endpointList, but ilist only permits endpoints to
+ // belong to one list at a time, and endpoints are already stored in the
+ // dispatcher's list.
+ endpoints list.List `state:".([]*endpoint)"`
+ cap int
+}
+
// endpoint represents a TCP endpoint. This struct serves as the interface
// between users of the endpoint and the protocol implementation; it is legal to
// have concurrent goroutines make calls into the endpoint, they are properly
@@ -337,7 +347,7 @@
// The following three mutexes can be acquired independent of e.mu but if
// acquired with e.mu then e.mu must be acquired first.
//
-// e.acceptMu -> protects acceptedChan.
+// e.acceptMu -> protects accepted.
// e.rcvListMu -> Protects the rcvList and associated fields.
// e.sndBufMu -> Protects the sndQueue and associated fields.
// e.lastErrorMu -> Protects the lastError field.
@@ -607,33 +617,26 @@
// listener.
deferAccept time.Duration
- // pendingAccepted is a synchronization primitive used to track number
- // of connections that are queued up to be delivered to the accepted
- // channel. We use this to ensure that all goroutines blocked on writing
- // to the acceptedChan below terminate before we close acceptedChan.
+ // pendingAccepted tracks connections queued to be accepted. It is used to
+ // ensure such queued connections are terminated before the accepted queue is
+ // marked closed (by setting its capacity to zero).
pendingAccepted sync.WaitGroup `state:"nosave"`
- // acceptMu protects acceptedChan.
+ // acceptMu protects accepted.
acceptMu sync.Mutex `state:"nosave"`
// acceptCond is a condition variable that can be used to block on when
- // acceptedChan is full and an endpoint is ready to be delivered.
- //
- // This condition variable is required because just blocking on sending
- // to acceptedChan does not work in cases where endpoint.Listen is
- // called twice with different backlog values. In such cases the channel
- // is closed and a new one created. Any pending goroutines blocking on
- // the write to the channel will panic.
+ // accepted is full and an endpoint is ready to be delivered.
//
// We use this condition variable to block/unblock goroutines which
// tried to deliver an endpoint but couldn't because accept backlog was
// full ( See: endpoint.deliverAccepted ).
acceptCond *sync.Cond `state:"nosave"`
- // acceptedChan is used by a listening endpoint protocol goroutine to
+ // accepted is used by a listening endpoint protocol goroutine to
// send newly accepted connections to the endpoint so that they can be
// read by Accept() calls.
- acceptedChan chan *endpoint `state:".([]*endpoint)"`
+ accepted accepted
// The following are only used from the protocol goroutine, and
// therefore don't need locks to protect them.
@@ -874,7 +877,7 @@
waiterQueue: waiterQueue,
state: StateInitial,
rcvBufSize: DefaultReceiveBufferSize,
- sndMTU: int(math.MaxInt32),
+ sndMTU: math.MaxInt32,
keepalive: keepalive{
// Linux defaults.
idle: 2 * time.Hour,
@@ -962,7 +965,7 @@
// Check if there's anything in the accepted channel.
if (mask & waiter.ReadableEvents) != 0 {
e.acceptMu.Lock()
- if len(e.acceptedChan) > 0 {
+ if e.accepted.endpoints.Len() != 0 {
result |= waiter.ReadableEvents
}
e.acceptMu.Unlock()
@@ -1145,22 +1148,22 @@
// handshake but not yet been delivered to the application.
func (e *endpoint) closePendingAcceptableConnectionsLocked() {
e.acceptMu.Lock()
- if e.acceptedChan == nil {
- e.acceptMu.Unlock()
- return
- }
- close(e.acceptedChan)
- ch := e.acceptedChan
- e.acceptedChan = nil
- e.acceptCond.Broadcast()
+ acceptedCopy := e.accepted
+ e.accepted = accepted{}
e.acceptMu.Unlock()
+ if acceptedCopy == (accepted{}) {
+ return
+ }
+
+ e.acceptCond.Broadcast()
+
// Reset all connections that are waiting to be accepted.
- for n := range ch {
- n.notifyProtocolGoroutine(notifyReset)
+ for n := acceptedCopy.endpoints.Front(); n != nil; n = n.Next() {
+ n.Value.(*endpoint).notifyProtocolGoroutine(notifyReset)
}
// Wait for reset of all endpoints that are still waiting to be delivered to
- // the now closed acceptedChan.
+ // the now closed accepted.
e.pendingAccepted.Wait()
}
@@ -1700,7 +1703,7 @@
}
// OnKeepAliveSet implements tcpip.SocketOptionsHandler.OnKeepAliveSet.
-func (e *endpoint) OnKeepAliveSet(v bool) {
+func (e *endpoint) OnKeepAliveSet(bool) {
e.notifyProtocolGoroutine(notifyKeepaliveChanged)
}
@@ -2232,12 +2235,22 @@
// src IP to ensure that for a given tuple (srcIP, destIP,
// destPort) the offset used as a starting point is the same to
// ensure that we can cycle through the port space effectively.
- h := jenkins.Sum32(e.stack.Seed())
- h.Write([]byte(e.ID.LocalAddress))
- h.Write([]byte(e.ID.RemoteAddress))
portBuf := make([]byte, 2)
binary.LittleEndian.PutUint16(portBuf, e.ID.RemotePort)
- h.Write(portBuf)
+
+ h := jenkins.Sum32(e.stack.Seed())
+ for _, s := range [][]byte{
+ []byte(e.ID.LocalAddress),
+ []byte(e.ID.RemoteAddress),
+ portBuf,
+ } {
+ // Per io.Writer.Write:
+ //
+ // Write must return a non-nil error if it returns n < len(p).
+ if _, err := h.Write(s); err != nil {
+ panic(err)
+ }
+ }
portOffset := uint16(h.Sum32())
var twReuse tcpip.TCPTimeWaitReuseOption
@@ -2474,20 +2487,10 @@
// Listen puts the endpoint in "listen" mode, which allows it to accept
// new connections.
func (e *endpoint) Listen(backlog int) tcpip.Error {
- if uint32(backlog) > MaxListenBacklog {
- // Linux treats incoming backlog as uint with a limit defined by
- // sysctl_somaxconn.
- // https://github.com/torvalds/linux/blob/7acac4b3196/net/socket.c#L1666
- //
- // We use the backlog to allocate a channel of that size, hence enforce
- // a hard limit for the backlog.
- backlog = MaxListenBacklog
- } else {
- // Accept one more than the configured listen backlog to keep in parity with
- // Linux. Ref, because of missing equality check here:
- // https://github.com/torvalds/linux/blob/7acac4b3196/include/net/sock.h#L937
- backlog++
- }
+ // Accept one more than the configured listen backlog to keep in parity with
+ // Linux. Ref, because of missing equality check here:
+ // https://github.com/torvalds/linux/blob/7acac4b3196/include/net/sock.h#L937
+ backlog++
err := e.listen(backlog)
if err != nil {
if !err.IgnoreStats() {
@@ -2505,28 +2508,20 @@
if e.EndpointState() == StateListen && !e.closed {
e.acceptMu.Lock()
defer e.acceptMu.Unlock()
- if e.acceptedChan == nil {
+ if e.accepted == (accepted{}) {
// listen is called after shutdown.
- e.acceptedChan = make(chan *endpoint, backlog)
+ e.accepted.cap = backlog
e.shutdownFlags = 0
e.rcvListMu.Lock()
e.rcvClosed = false
e.rcvListMu.Unlock()
} else {
- // Adjust the size of the channel iff we can fix
+ // Adjust the size of the backlog iff we can fit
// existing pending connections into the new one.
- if len(e.acceptedChan) > backlog {
+ if e.accepted.endpoints.Len() > backlog {
return &tcpip.ErrInvalidEndpointState{}
}
- if cap(e.acceptedChan) == backlog {
- return nil
- }
- origChan := e.acceptedChan
- e.acceptedChan = make(chan *endpoint, backlog)
- close(origChan)
- for ep := range origChan {
- e.acceptedChan <- ep
- }
+ e.accepted.cap = backlog
}
// Notify any blocked goroutines that they can attempt to
@@ -2559,12 +2554,12 @@
e.isRegistered = true
e.setEndpointState(StateListen)
- // The channel may be non-nil when we're restoring the endpoint, and it
+ // The queue may be non-zero when we're restoring the endpoint, and it
// may be pre-populated with some previously accepted (but not Accepted)
// endpoints.
e.acceptMu.Lock()
- if e.acceptedChan == nil {
- e.acceptedChan = make(chan *endpoint, backlog)
+ if e.accepted == (accepted{}) {
+ e.accepted.cap = backlog
}
e.acceptMu.Unlock()
@@ -2601,15 +2596,16 @@
}
// Get the new accepted endpoint.
- e.acceptMu.Lock()
- defer e.acceptMu.Unlock()
var n *endpoint
- select {
- case n = <-e.acceptedChan:
- e.acceptCond.Signal()
- default:
+ e.acceptMu.Lock()
+ if element := e.accepted.endpoints.Front(); element != nil {
+ n = e.accepted.endpoints.Remove(element).(*endpoint)
+ }
+ e.acceptMu.Unlock()
+ if n == nil {
return nil, nil, &tcpip.ErrWouldBlock{}
}
+ e.acceptCond.Signal()
if peerAddr != nil {
*peerAddr = n.getRemoteAddress()
}
@@ -2821,7 +2817,7 @@
// We only notify when there is half the sendBufferSize available after
// a full buffer event occurs. This ensures that we don't wake up
// writers to queue just 1-2 segments and go back to sleep.
- notify = notify && e.sndBufUsed < int(sendBufferSize)>>1
+ notify = notify && e.sndBufUsed < sendBufferSize>>1
e.sndBufMu.Unlock()
if notify {
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/endpoint_state.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/endpoint_state.go
index a53d769..f51b3ad 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/endpoint_state.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/endpoint_state.go
@@ -99,37 +99,19 @@
}
}
-// saveAcceptedChan is invoked by stateify.
-func (e *endpoint) saveAcceptedChan() []*endpoint {
- if e.acceptedChan == nil {
- return nil
- }
- acceptedEndpoints := make([]*endpoint, len(e.acceptedChan), cap(e.acceptedChan))
- for i := 0; i < len(acceptedEndpoints); i++ {
- select {
- case ep := <-e.acceptedChan:
- acceptedEndpoints[i] = ep
- default:
- panic("endpoint acceptedChan buffer got consumed by background context")
- }
- }
- for i := 0; i < len(acceptedEndpoints); i++ {
- select {
- case e.acceptedChan <- acceptedEndpoints[i]:
- default:
- panic("endpoint acceptedChan buffer got populated by background context")
- }
+// saveEndpoints is invoked by stateify.
+func (a *accepted) saveEndpoints() []*endpoint {
+ acceptedEndpoints := make([]*endpoint, a.endpoints.Len())
+ for i, e := 0, a.endpoints.Front(); e != nil; i, e = i+1, e.Next() {
+ acceptedEndpoints[i] = e.Value.(*endpoint)
}
return acceptedEndpoints
}
-// loadAcceptedChan is invoked by stateify.
-func (e *endpoint) loadAcceptedChan(acceptedEndpoints []*endpoint) {
- if cap(acceptedEndpoints) > 0 {
- e.acceptedChan = make(chan *endpoint, cap(acceptedEndpoints))
- for _, ep := range acceptedEndpoints {
- e.acceptedChan <- ep
- }
+// loadEndpoints is invoked by stateify.
+func (a *accepted) loadEndpoints(acceptedEndpoints []*endpoint) {
+ for _, ep := range acceptedEndpoints {
+ a.endpoints.PushBack(ep)
}
}
@@ -263,7 +245,7 @@
go func() {
connectedLoading.Wait()
bind()
- backlog := cap(e.acceptedChan)
+ backlog := e.accepted.cap
if err := e.Listen(backlog); err != nil {
panic("endpoint listening failed: " + err.String())
}
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/protocol.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/protocol.go
index 230fa6e..fe0d7f1 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/protocol.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/protocol.go
@@ -68,9 +68,6 @@
// DefaultSynRetries is the default value for the number of SYN retransmits
// before a connect is aborted.
DefaultSynRetries = 6
-
- // MaxListenBacklog is the maximum limit of listen backlog supported.
- MaxListenBacklog = 1024
)
const (
diff --git a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/tcp_state_autogen.go b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/tcp_state_autogen.go
index a92bec6..632287c 100644
--- a/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/tcp_state_autogen.go
+++ b/third_party/golibs/vendor/gvisor.dev/gvisor/pkg/tcpip/transport/tcp/tcp_state_autogen.go
@@ -158,6 +158,35 @@
stateSourceObject.Load(0, &e.TransportEndpointInfo)
}
+func (a *accepted) StateTypeName() string {
+ return "pkg/tcpip/transport/tcp.accepted"
+}
+
+func (a *accepted) StateFields() []string {
+ return []string{
+ "endpoints",
+ "cap",
+ }
+}
+
+func (a *accepted) beforeSave() {}
+
+// +checklocksignore
+func (a *accepted) StateSave(stateSinkObject state.Sink) {
+ a.beforeSave()
+ var endpointsValue []*endpoint = a.saveEndpoints()
+ stateSinkObject.SaveValue(0, endpointsValue)
+ stateSinkObject.Save(1, &a.cap)
+}
+
+func (a *accepted) afterLoad() {}
+
+// +checklocksignore
+func (a *accepted) StateLoad(stateSourceObject state.Source) {
+ stateSourceObject.Load(1, &a.cap)
+ stateSourceObject.LoadValue(0, new([]*endpoint), func(y interface{}) { a.loadEndpoints(y.([]*endpoint)) })
+}
+
func (e *endpoint) StateTypeName() string {
return "pkg/tcpip/transport/tcp.endpoint"
}
@@ -213,7 +242,7 @@
"keepalive",
"userTimeout",
"deferAccept",
- "acceptedChan",
+ "accepted",
"rcv",
"snd",
"connectingAddress",
@@ -236,8 +265,6 @@
stateSinkObject.SaveValue(13, stateValue)
var recentTSTimeValue unixTime = e.saveRecentTSTime()
stateSinkObject.SaveValue(26, recentTSTimeValue)
- var acceptedChanValue []*endpoint = e.saveAcceptedChan()
- stateSinkObject.SaveValue(49, acceptedChanValue)
var lastOutOfWindowAckTimeValue unixTime = e.saveLastOutOfWindowAckTime()
stateSinkObject.SaveValue(61, lastOutOfWindowAckTimeValue)
stateSinkObject.Save(0, &e.EndpointInfo)
@@ -287,6 +314,7 @@
stateSinkObject.Save(46, &e.keepalive)
stateSinkObject.Save(47, &e.userTimeout)
stateSinkObject.Save(48, &e.deferAccept)
+ stateSinkObject.Save(49, &e.accepted)
stateSinkObject.Save(50, &e.rcv)
stateSinkObject.Save(51, &e.snd)
stateSinkObject.Save(52, &e.connectingAddress)
@@ -349,6 +377,7 @@
stateSourceObject.Load(46, &e.keepalive)
stateSourceObject.Load(47, &e.userTimeout)
stateSourceObject.Load(48, &e.deferAccept)
+ stateSourceObject.Load(49, &e.accepted)
stateSourceObject.LoadWait(50, &e.rcv)
stateSourceObject.LoadWait(51, &e.snd)
stateSourceObject.Load(52, &e.connectingAddress)
@@ -362,7 +391,6 @@
stateSourceObject.Load(60, &e.ops)
stateSourceObject.LoadValue(13, new(EndpointState), func(y interface{}) { e.loadState(y.(EndpointState)) })
stateSourceObject.LoadValue(26, new(unixTime), func(y interface{}) { e.loadRecentTSTime(y.(unixTime)) })
- stateSourceObject.LoadValue(49, new([]*endpoint), func(y interface{}) { e.loadAcceptedChan(y.([]*endpoint)) })
stateSourceObject.LoadValue(61, new(unixTime), func(y interface{}) { e.loadLastOutOfWindowAckTime(y.(unixTime)) })
stateSourceObject.AfterLoad(e.afterLoad)
}
@@ -1093,6 +1121,7 @@
state.Register((*SACKInfo)(nil))
state.Register((*rcvBufAutoTuneParams)(nil))
state.Register((*EndpointInfo)(nil))
+ state.Register((*accepted)(nil))
state.Register((*endpoint)(nil))
state.Register((*keepalive)(nil))
state.Register((*rackControl)(nil))
diff --git a/third_party/golibs/vendor/modules.txt b/third_party/golibs/vendor/modules.txt
index 6918169..3bd9656 100644
--- a/third_party/golibs/vendor/modules.txt
+++ b/third_party/golibs/vendor/modules.txt
@@ -1,5 +1,4 @@
# cloud.google.com/go v0.81.0
-## explicit
cloud.google.com/go
cloud.google.com/go/compute/metadata
cloud.google.com/go/iam
@@ -139,7 +138,7 @@
## explicit
golang.org/x/mod/module
golang.org/x/mod/semver
-# golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+# golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1
## explicit
golang.org/x/net/bpf
golang.org/x/net/context
@@ -155,7 +154,6 @@
golang.org/x/net/ipv6
golang.org/x/net/trace
# golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602
-## explicit
golang.org/x/oauth2
golang.org/x/oauth2/google
golang.org/x/oauth2/google/internal/externalaccount
@@ -173,7 +171,6 @@
golang.org/x/sys/unix
golang.org/x/sys/windows
# golang.org/x/text v0.3.6
-## explicit
golang.org/x/text/secure/bidirule
golang.org/x/text/transform
golang.org/x/text/unicode/bidi
@@ -207,7 +204,8 @@
gonum.org/v1/gonum/mathext/internal/amos
gonum.org/v1/gonum/mathext/internal/cephes
gonum.org/v1/gonum/mathext/internal/gonum
-# google.golang.org/api v0.43.0
+# google.golang.org/api v0.44.0
+## explicit
google.golang.org/api/googleapi
google.golang.org/api/googleapi/transport
google.golang.org/api/internal
@@ -240,7 +238,7 @@
google.golang.org/genproto/googleapis/rpc/code
google.golang.org/genproto/googleapis/rpc/status
google.golang.org/genproto/googleapis/type/expr
-# google.golang.org/grpc v1.36.1
+# google.golang.org/grpc v1.37.0
## explicit
google.golang.org/grpc
google.golang.org/grpc/attributes
@@ -334,7 +332,7 @@
# gopkg.in/yaml.v2 v2.4.0
## explicit
gopkg.in/yaml.v2
-# gvisor.dev/gvisor v0.0.0-20210408165525-a42b1fadad34
+# gvisor.dev/gvisor v0.0.0-20210412205723-5dc99694d8de
## explicit
gvisor.dev/gvisor/pkg/gohacks
gvisor.dev/gvisor/pkg/goid