summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/transport/raw
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2021-10-13 14:36:53 -0700
committergVisor bot <gvisor-bot@google.com>2021-10-13 14:40:04 -0700
commit1796cd89d516033800f9c887250481c26bab0ae0 (patch)
treeb3386a5ab483f0c3a62f32a18e2e5e326bbdfdb8 /pkg/tcpip/transport/raw
parent82218937948bd59f8d20e44575405874d56f0ae7 (diff)
add create-only raw sockets
These can be used by applications to manipulate iptables rules without enabling arbitrary reads from and writes to the underlying packet socket. PiperOrigin-RevId: 402924733
Diffstat (limited to 'pkg/tcpip/transport/raw')
-rw-r--r--pkg/tcpip/transport/raw/BUILD1
-rw-r--r--pkg/tcpip/transport/raw/protocol.go16
2 files changed, 17 insertions, 0 deletions
diff --git a/pkg/tcpip/transport/raw/BUILD b/pkg/tcpip/transport/raw/BUILD
index b7e97e218..10b0c35fb 100644
--- a/pkg/tcpip/transport/raw/BUILD
+++ b/pkg/tcpip/transport/raw/BUILD
@@ -35,6 +35,7 @@ go_library(
"//pkg/tcpip/stack",
"//pkg/tcpip/transport",
"//pkg/tcpip/transport/internal/network",
+ "//pkg/tcpip/transport/internal/noop",
"//pkg/tcpip/transport/packet",
"//pkg/waiter",
],
diff --git a/pkg/tcpip/transport/raw/protocol.go b/pkg/tcpip/transport/raw/protocol.go
index e393b993d..624e2dbe7 100644
--- a/pkg/tcpip/transport/raw/protocol.go
+++ b/pkg/tcpip/transport/raw/protocol.go
@@ -17,6 +17,7 @@ package raw
import (
"gvisor.dev/gvisor/pkg/tcpip"
"gvisor.dev/gvisor/pkg/tcpip/stack"
+ "gvisor.dev/gvisor/pkg/tcpip/transport/internal/noop"
"gvisor.dev/gvisor/pkg/tcpip/transport/packet"
"gvisor.dev/gvisor/pkg/waiter"
)
@@ -33,3 +34,18 @@ func (EndpointFactory) NewUnassociatedEndpoint(stack *stack.Stack, netProto tcpi
func (EndpointFactory) NewPacketEndpoint(stack *stack.Stack, cooked bool, netProto tcpip.NetworkProtocolNumber, waiterQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error) {
return packet.NewEndpoint(stack, cooked, netProto, waiterQueue)
}
+
+// CreateOnlyFactory implements stack.RawFactory. It allows creation of raw
+// endpoints that do not support reading, writing, binding, etc.
+type CreateOnlyFactory struct{}
+
+// NewUnassociatedEndpoint implements stack.RawFactory.NewUnassociatedEndpoint.
+func (CreateOnlyFactory) NewUnassociatedEndpoint(stk *stack.Stack, _ tcpip.NetworkProtocolNumber, _ tcpip.TransportProtocolNumber, _ *waiter.Queue) (tcpip.Endpoint, tcpip.Error) {
+ return noop.New(stk), nil
+}
+
+// NewPacketEndpoint implements stack.RawFactory.NewPacketEndpoint.
+func (CreateOnlyFactory) NewPacketEndpoint(*stack.Stack, bool, tcpip.NetworkProtocolNumber, *waiter.Queue) (tcpip.Endpoint, tcpip.Error) {
+ // This isn't needed by anything, so it isn't implemented.
+ return nil, &tcpip.ErrNotPermitted{}
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-05 07:47:12 +0000