Allow use of IFF_ONE_QUEUE

Before fix, use of this flag causes an error. It affects applications like OpenVPN which sets this flag for legacy reasons. According to linux/if_tun.h "This flag has no real effect".
author: liornm <lior.neumann@gmail.com> 2021-05-19 17:52:01 +0300
committer: liornm <lior.neumann@gmail.com> 2021-05-19 17:52:01 +0300
commit: 0636c1c929da3b58d3a34262fbc6567f86bfb594 (patch)
tree: de336284191a6f1cb489e1be399765b3999ca9d3 /pkg
parent: 32b66bb2be1b3b56138ca856045381519e210b68 (diff)
2 files changed, 4 insertions, 1 deletions
diff --git a/pkg/abi/linux/ioctl_tun.go b/pkg/abi/linux/ioctl_tun.go
index c59c9c136..ea4fdca0f 100644
--- a/pkg/abi/linux/ioctl_tun.go
+++ b/pkg/abi/linux/ioctl_tun.go
@@ -26,4 +26,7 @@ const (
 	IFF_TAP      = 0x0002
 	IFF_NO_PI    = 0x1000
 	IFF_NOFILTER = 0x1000
+
+	// According to linux/if_tun.h "This flag has no real effect"
+	IFF_ONE_QUEUE = 0x2000
 )
diff --git a/pkg/sentry/socket/netstack/tun.go b/pkg/sentry/socket/netstack/tun.go
index 288dd0c9e..c7ed52702 100644
--- a/pkg/sentry/socket/netstack/tun.go
+++ b/pkg/sentry/socket/netstack/tun.go
@@ -40,7 +40,7 @@ func LinuxToTUNFlags(flags uint16) (tun.Flags, error) {
 	// Linux adds IFF_NOFILTER (the same value as IFF_NO_PI unfortunately)
 	// when there is no sk_filter. See __tun_chr_ioctl() in
 	// net/drivers/tun.c.
-	if flags&^uint16(linux.IFF_TUN|linux.IFF_TAP|linux.IFF_NO_PI) != 0 {
+	if flags&^uint16(linux.IFF_TUN|linux.IFF_TAP|linux.IFF_NO_PI|linux.IFF_ONE_QUEUE) != 0 {
 		return tun.Flags{}, syserror.EINVAL
 	}
 	return tun.Flags{
author	liornm <lior.neumann@gmail.com>	2021-05-19 17:52:01 +0300
committer	liornm <lior.neumann@gmail.com>	2021-05-19 17:52:01 +0300
commit	0636c1c929da3b58d3a34262fbc6567f86bfb594 (patch)
tree	de336284191a6f1cb489e1be399765b3999ca9d3 /pkg
parent	32b66bb2be1b3b56138ca856045381519e210b68 (diff)