Merge release-20210309.0-27-gb1d578772 (automated)

author: gVisor bot <gvisor-bot@google.com> 2021-03-16 01:55:27 +0000
committer: gVisor bot <gvisor-bot@google.com> 2021-03-16 01:55:27 +0000
commit: 302095201997b26cef9c2b5fe28a7eb23cfdcc66 (patch)
tree: 4dc22840faa0b54a0ca717a6f41cb1a40f615883 /pkg/sentry/fs
parent: ed21cec72081f64b619dc1580b1700eb976f32d4 (diff)
parent: b1d57877264c2b94e3024375efc9914881f0bbe8 (diff)
1 files changed, 7 insertions, 8 deletions
diff --git a/pkg/sentry/fs/dev/net_tun.go b/pkg/sentry/fs/dev/net_tun.go
index 5227ef652..11a2984d8 100644
--- a/pkg/sentry/fs/dev/net_tun.go
+++ b/pkg/sentry/fs/dev/net_tun.go
@@ -108,19 +108,18 @@ func (n *netTunFileOperations) Ioctl(ctx context.Context, file *fs.File, io user
 		if _, err := req.CopyIn(t, data); err != nil {
 			return 0, err
 		}
-		flags := usermem.ByteOrder.Uint16(req.Data[:])
+
+		// Validate flags.
+		flags, err := netstack.LinuxToTUNFlags(usermem.ByteOrder.Uint16(req.Data[:]))
+		if err != nil {
+			return 0, err
+		}
 		return 0, n.device.SetIff(stack.Stack, req.Name(), flags)
 
 	case linux.TUNGETIFF:
 		var req linux.IFReq
-
 		copy(req.IFName[:], n.device.Name())
-
-		// Linux adds IFF_NOFILTER (the same value as IFF_NO_PI unfortunately) when
-		// there is no sk_filter. See __tun_chr_ioctl() in net/drivers/tun.c.
-		flags := n.device.Flags() | linux.IFF_NOFILTER
-		usermem.ByteOrder.PutUint16(req.Data[:], flags)
-
+		usermem.ByteOrder.PutUint16(req.Data[:], netstack.TUNFlagsToLinux(n.device.Flags()))
 		_, err := req.CopyOut(t, data)
 		return 0, err
author	gVisor bot <gvisor-bot@google.com>	2021-03-16 01:55:27 +0000
committer	gVisor bot <gvisor-bot@google.com>	2021-03-16 01:55:27 +0000
commit	302095201997b26cef9c2b5fe28a7eb23cfdcc66 (patch)
tree	4dc22840faa0b54a0ca717a6f41cb1a40f615883 /pkg/sentry/fs
parent	ed21cec72081f64b619dc1580b1700eb976f32d4 (diff)
parent	b1d57877264c2b94e3024375efc9914881f0bbe8 (diff)