13 files changed, 291 insertions, 174 deletions
diff --git a/pkg/abi/linux/BUILD b/pkg/abi/linux/BUILD
index ecaeb11ac..29ead20d0 100644
--- a/pkg/abi/linux/BUILD
+++ b/pkg/abi/linux/BUILD
@@ -15,6 +15,7 @@ go_library(
         "bpf.go",
         "capability.go",
         "clone.go",
+        "context.go",
         "dev.go",
         "elf.go",
         "epoll.go",
@@ -76,8 +77,8 @@ go_library(
     visibility = ["//visibility:public"],
     deps = [
         "//pkg/abi",
-        "//pkg/binary",
         "//pkg/bits",
+        "//pkg/context",
         "//pkg/marshal",
         "//pkg/marshal/primitive",
     ],
@@ -86,9 +87,8 @@ go_library(
 go_test(
     name = "linux_test",
     size = "small",
-    srcs = ["netfilter_test.go"],
-    library = ":linux",
-    deps = [
-        "//pkg/binary",
+    srcs = [
+        "netfilter_test.go",
     ],
+    library = ":linux",
 )
diff --git a/pkg/abi/linux/context.go b/pkg/abi/linux/context.go
new file mode 100644
index 000000000..d2dbba183
--- /dev/null
+++ b/pkg/abi/linux/context.go
@@ -0,0 +1,36 @@
+// Copyright 2021 The gVisor Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package linux
+
+import (
+	"gvisor.dev/gvisor/pkg/context"
+)
+
+// contextID is the linux package's type for context.Context.Value keys.
+type contextID int
+
+const (
+	// CtxSignalNoInfoFunc is a Context.Value key for a function to send signals.
+	CtxSignalNoInfoFunc contextID = iota
+)
+
+// SignalNoInfoFuncFromContext returns a callback function that can be used to send a
+// signal to the given context.
+func SignalNoInfoFuncFromContext(ctx context.Context) func(Signal) error {
+	if f := ctx.Value(CtxSignalNoInfoFunc); f != nil {
+		return f.(func(Signal) error)
+	}
+	return nil
+}
diff --git a/pkg/abi/linux/elf.go b/pkg/abi/linux/elf.go
index 7c9a02f20..c5713541f 100644
--- a/pkg/abi/linux/elf.go
+++ b/pkg/abi/linux/elf.go
@@ -106,3 +106,53 @@ const (
 	// NT_ARM_TLS is for ARM TLS register.
 	NT_ARM_TLS = 0x401
 )
+
+// ElfHeader64 is the ELF64 file header.
+//
+// +marshal
+type ElfHeader64 struct {
+	Ident     [16]byte // File identification.
+	Type      uint16   // File type.
+	Machine   uint16   // Machine architecture.
+	Version   uint32   // ELF format version.
+	Entry     uint64   // Entry point.
+	Phoff     uint64   // Program header file offset.
+	Shoff     uint64   // Section header file offset.
+	Flags     uint32   // Architecture-specific flags.
+	Ehsize    uint16   // Size of ELF header in bytes.
+	Phentsize uint16   // Size of program header entry.
+	Phnum     uint16   // Number of program header entries.
+	Shentsize uint16   // Size of section header entry.
+	Shnum     uint16   // Number of section header entries.
+	Shstrndx  uint16   // Section name strings section.
+}
+
+// ElfSection64 is the ELF64 Section header.
+//
+// +marshal
+type ElfSection64 struct {
+	Name      uint32 // Section name (index into the section header string table).
+	Type      uint32 // Section type.
+	Flags     uint64 // Section flags.
+	Addr      uint64 // Address in memory image.
+	Off       uint64 // Offset in file.
+	Size      uint64 // Size in bytes.
+	Link      uint32 // Index of a related section.
+	Info      uint32 // Depends on section type.
+	Addralign uint64 // Alignment in bytes.
+	Entsize   uint64 // Size of each entry in section.
+}
+
+// ElfProg64 is the ELF64 Program header.
+//
+// +marshal
+type ElfProg64 struct {
+	Type   uint32 // Entry type.
+	Flags  uint32 // Access permission flags.
+	Off    uint64 // File offset of contents.
+	Vaddr  uint64 // Virtual address in memory image.
+	Paddr  uint64 // Physical address (not used).
+	Filesz uint64 // Size of contents in file.
+	Memsz  uint64 // Size of contents in memory.
+	Align  uint64 // Alignment in memory and file.
+}
diff --git a/pkg/abi/linux/epoll.go b/pkg/abi/linux/epoll.go
index 1121a1a92..67706f5aa 100644
--- a/pkg/abi/linux/epoll.go
+++ b/pkg/abi/linux/epoll.go
@@ -14,10 +14,6 @@
 
 package linux
 
-import (
-	"gvisor.dev/gvisor/pkg/binary"
-)
-
 // Event masks.
 const (
 	EPOLLIN     = 0x1
@@ -59,4 +55,4 @@ const (
 )
 
 // SizeOfEpollEvent is the size of EpollEvent struct.
-var SizeOfEpollEvent = int(binary.Size(EpollEvent{}))
+var SizeOfEpollEvent = (*EpollEvent)(nil).SizeBytes()
diff --git a/pkg/abi/linux/errors.go b/pkg/abi/linux/errors.go
index 93f85a864..b08b2687e 100644
--- a/pkg/abi/linux/errors.go
+++ b/pkg/abi/linux/errors.go
@@ -15,158 +15,149 @@
 package linux
 
 // Errno represents a Linux errno value.
-type Errno struct {
-	number int
-	name   string
-}
-
-// Number returns the errno number.
-func (e *Errno) Number() int {
-	return e.number
-}
-
-// String implements fmt.Stringer.String.
-func (e *Errno) String() string {
-	return e.name
-}
+type Errno int
 
 // Errno values from include/uapi/asm-generic/errno-base.h.
-var (
-	EPERM   = &Errno{1, "operation not permitted"}
-	ENOENT  = &Errno{2, "no such file or directory"}
-	ESRCH   = &Errno{3, "no such process"}
-	EINTR   = &Errno{4, "interrupted system call"}
-	EIO     = &Errno{5, "I/O error"}
-	ENXIO   = &Errno{6, "no such device or address"}
-	E2BIG   = &Errno{7, "argument list too long"}
-	ENOEXEC = &Errno{8, "exec format error"}
-	EBADF   = &Errno{9, "bad file number"}
-	ECHILD  = &Errno{10, "no child processes"}
-	EAGAIN  = &Errno{11, "try again"}
-	ENOMEM  = &Errno{12, "out of memory"}
-	EACCES  = &Errno{13, "permission denied"}
-	EFAULT  = &Errno{14, "bad address"}
-	ENOTBLK = &Errno{15, "block device required"}
-	EBUSY   = &Errno{16, "device or resource busy"}
-	EEXIST  = &Errno{17, "file exists"}
-	EXDEV   = &Errno{18, "cross-device link"}
-	ENODEV  = &Errno{19, "no such device"}
-	ENOTDIR = &Errno{20, "not a directory"}
-	EISDIR  = &Errno{21, "is a directory"}
-	EINVAL  = &Errno{22, "invalid argument"}
-	ENFILE  = &Errno{23, "file table overflow"}
-	EMFILE  = &Errno{24, "too many open files"}
-	ENOTTY  = &Errno{25, "not a typewriter"}
-	ETXTBSY = &Errno{26, "text file busy"}
-	EFBIG   = &Errno{27, "file too large"}
-	ENOSPC  = &Errno{28, "no space left on device"}
-	ESPIPE  = &Errno{29, "illegal seek"}
-	EROFS   = &Errno{30, "read-only file system"}
-	EMLINK  = &Errno{31, "too many links"}
-	EPIPE   = &Errno{32, "broken pipe"}
-	EDOM    = &Errno{33, "math argument out of domain of func"}
-	ERANGE  = &Errno{34, "math result not representable"}
+const (
+	NOERRNO = iota
+	EPERM
+	ENOENT
+	ESRCH
+	EINTR
+	EIO
+	ENXIO
+	E2BIG
+	ENOEXEC
+	EBADF
+	ECHILD // 10
+	EAGAIN
+	ENOMEM
+	EACCES
+	EFAULT
+	ENOTBLK
+	EBUSY
+	EEXIST
+	EXDEV
+	ENODEV
+	ENOTDIR // 20
+	EISDIR
+	EINVAL
+	ENFILE
+	EMFILE
+	ENOTTY
+	ETXTBSY
+	EFBIG
+	ENOSPC
+	ESPIPE
+	EROFS // 30
+	EMLINK
+	EPIPE
+	EDOM
+	ERANGE
+	// Errno values from include/uapi/asm-generic/errno.h.
+	EDEADLK
+	ENAMETOOLONG
+	ENOLCK
+	ENOSYS
+	ENOTEMPTY
+	ELOOP  //40
+	_      // Skip for EWOULDBLOCK = EAGAIN
+	ENOMSG //42
+	EIDRM
+	ECHRNG
+	EL2NSYNC
+	EL3HLT
+	EL3RST
+	ELNRNG
+	EUNATCH
+	ENOCSI
+	EL2HLT // 50
+	EBADE
+	EBADR
+	EXFULL
+	ENOANO
+	EBADRQC
+	EBADSLT
+	_ // Skip for EDEADLOCK = EDEADLK
+	EBFONT
+	ENOSTR // 60
+	ENODATA
+	ETIME
+	ENOSR
+	ENONET
+	ENOPKG
+	EREMOTE
+	ENOLINK
+	EADV
+	ESRMNT
+	ECOMM // 70
+	EPROTO
+	EMULTIHOP
+	EDOTDOT
+	EBADMSG
+	EOVERFLOW
+	ENOTUNIQ
+	EBADFD
+	EREMCHG
+	ELIBACC
+	ELIBBAD // 80
+	ELIBSCN
+	ELIBMAX
+	ELIBEXEC
+	EILSEQ
+	ERESTART
+	ESTRPIPE
+	EUSERS
+	ENOTSOCK
+	EDESTADDRREQ
+	EMSGSIZE // 90
+	EPROTOTYPE
+	ENOPROTOOPT
+	EPROTONOSUPPORT
+	ESOCKTNOSUPPORT
+	EOPNOTSUPP
+	EPFNOSUPPORT
+	EAFNOSUPPORT
+	EADDRINUSE
+	EADDRNOTAVAIL
+	ENETDOWN // 100
+	ENETUNREACH
+	ENETRESET
+	ECONNABORTED
+	ECONNRESET
+	ENOBUFS
+	EISCONN
+	ENOTCONN
+	ESHUTDOWN
+	ETOOMANYREFS
+	ETIMEDOUT // 110
+	ECONNREFUSED
+	EHOSTDOWN
+	EHOSTUNREACH
+	EALREADY
+	EINPROGRESS
+	ESTALE
+	EUCLEAN
+	ENOTNAM
+	ENAVAIL
+	EISNAM // 120
+	EREMOTEIO
+	EDQUOT
+	ENOMEDIUM
+	EMEDIUMTYPE
+	ECANCELED
+	ENOKEY
+	EKEYEXPIRED
+	EKEYREVOKED
+	EKEYREJECTED
+	EOWNERDEAD // 130
+	ENOTRECOVERABLE
+	ERFKILL
+	EHWPOISON
 )
 
-// Errno values from include/uapi/asm-generic/errno.h.
-var (
-	EDEADLK         = &Errno{35, "resource deadlock would occur"}
-	ENAMETOOLONG    = &Errno{36, "file name too long"}
-	ENOLCK          = &Errno{37, "no record locks available"}
-	ENOSYS          = &Errno{38, "invalid system call number"}
-	ENOTEMPTY       = &Errno{39, "directory not empty"}
-	ELOOP           = &Errno{40, "too many symbolic links encountered"}
-	EWOULDBLOCK     = &Errno{EAGAIN.number, "operation would block"}
-	ENOMSG          = &Errno{42, "no message of desired type"}
-	EIDRM           = &Errno{43, "identifier removed"}
-	ECHRNG          = &Errno{44, "channel number out of range"}
-	EL2NSYNC        = &Errno{45, "level 2 not synchronized"}
-	EL3HLT          = &Errno{46, "level 3 halted"}
-	EL3RST          = &Errno{47, "level 3 reset"}
-	ELNRNG          = &Errno{48, "link number out of range"}
-	EUNATCH         = &Errno{49, "protocol driver not attached"}
-	ENOCSI          = &Errno{50, "no CSI structure available"}
-	EL2HLT          = &Errno{51, "level 2 halted"}
-	EBADE           = &Errno{52, "invalid exchange"}
-	EBADR           = &Errno{53, "invalid request descriptor"}
-	EXFULL          = &Errno{54, "exchange full"}
-	ENOANO          = &Errno{55, "no anode"}
-	EBADRQC         = &Errno{56, "invalid request code"}
-	EBADSLT         = &Errno{57, "invalid slot"}
-	EDEADLOCK       = EDEADLK
-	EBFONT          = &Errno{59, "bad font file format"}
-	ENOSTR          = &Errno{60, "device not a stream"}
-	ENODATA         = &Errno{61, "no data available"}
-	ETIME           = &Errno{62, "timer expired"}
-	ENOSR           = &Errno{63, "out of streams resources"}
-	ENONET          = &Errno{64, "machine is not on the network"}
-	ENOPKG          = &Errno{65, "package not installed"}
-	EREMOTE         = &Errno{66, "object is remote"}
-	ENOLINK         = &Errno{67, "link has been severed"}
-	EADV            = &Errno{68, "advertise error"}
-	ESRMNT          = &Errno{69, "srmount error"}
-	ECOMM           = &Errno{70, "communication error on send"}
-	EPROTO          = &Errno{71, "protocol error"}
-	EMULTIHOP       = &Errno{72, "multihop attempted"}
-	EDOTDOT         = &Errno{73, "RFS specific error"}
-	EBADMSG         = &Errno{74, "not a data message"}
-	EOVERFLOW       = &Errno{75, "value too large for defined data type"}
-	ENOTUNIQ        = &Errno{76, "name not unique on network"}
-	EBADFD          = &Errno{77, "file descriptor in bad state"}
-	EREMCHG         = &Errno{78, "remote address changed"}
-	ELIBACC         = &Errno{79, "can not access a needed shared library"}
-	ELIBBAD         = &Errno{80, "accessing a corrupted shared library"}
-	ELIBSCN         = &Errno{81, ".lib section in a.out corrupted"}
-	ELIBMAX         = &Errno{82, "attempting to link in too many shared libraries"}
-	ELIBEXEC        = &Errno{83, "cannot exec a shared library directly"}
-	EILSEQ          = &Errno{84, "illegal byte sequence"}
-	ERESTART        = &Errno{85, "interrupted system call should be restarted"}
-	ESTRPIPE        = &Errno{86, "streams pipe error"}
-	EUSERS          = &Errno{87, "too many users"}
-	ENOTSOCK        = &Errno{88, "socket operation on non-socket"}
-	EDESTADDRREQ    = &Errno{89, "destination address required"}
-	EMSGSIZE        = &Errno{90, "message too long"}
-	EPROTOTYPE      = &Errno{91, "protocol wrong type for socket"}
-	ENOPROTOOPT     = &Errno{92, "protocol not available"}
-	EPROTONOSUPPORT = &Errno{93, "protocol not supported"}
-	ESOCKTNOSUPPORT = &Errno{94, "socket type not supported"}
-	EOPNOTSUPP      = &Errno{95, "operation not supported on transport endpoint"}
-	EPFNOSUPPORT    = &Errno{96, "protocol family not supported"}
-	EAFNOSUPPORT    = &Errno{97, "address family not supported by protocol"}
-	EADDRINUSE      = &Errno{98, "address already in use"}
-	EADDRNOTAVAIL   = &Errno{99, "cannot assign requested address"}
-	ENETDOWN        = &Errno{100, "network is down"}
-	ENETUNREACH     = &Errno{101, "network is unreachable"}
-	ENETRESET       = &Errno{102, "network dropped connection because of reset"}
-	ECONNABORTED    = &Errno{103, "software caused connection abort"}
-	ECONNRESET      = &Errno{104, "connection reset by peer"}
-	ENOBUFS         = &Errno{105, "no buffer space available"}
-	EISCONN         = &Errno{106, "transport endpoint is already connected"}
-	ENOTCONN        = &Errno{107, "transport endpoint is not connected"}
-	ESHUTDOWN       = &Errno{108, "cannot send after transport endpoint shutdown"}
-	ETOOMANYREFS    = &Errno{109, "too many references: cannot splice"}
-	ETIMEDOUT       = &Errno{110, "connection timed out"}
-	ECONNREFUSED    = &Errno{111, "connection refused"}
-	EHOSTDOWN       = &Errno{112, "host is down"}
-	EHOSTUNREACH    = &Errno{113, "no route to host"}
-	EALREADY        = &Errno{114, "operation already in progress"}
-	EINPROGRESS     = &Errno{115, "operation now in progress"}
-	ESTALE          = &Errno{116, "stale file handle"}
-	EUCLEAN         = &Errno{117, "structure needs cleaning"}
-	ENOTNAM         = &Errno{118, "not a XENIX named type file"}
-	ENAVAIL         = &Errno{119, "no XENIX semaphores available"}
-	EISNAM          = &Errno{120, "is a named type file"}
-	EREMOTEIO       = &Errno{121, "remote I/O error"}
-	EDQUOT          = &Errno{122, "quota exceeded"}
-	ENOMEDIUM       = &Errno{123, "no medium found"}
-	EMEDIUMTYPE     = &Errno{124, "wrong medium type"}
-	ECANCELED       = &Errno{125, "operation Canceled"}
-	ENOKEY          = &Errno{126, "required key not available"}
-	EKEYEXPIRED     = &Errno{127, "key has expired"}
-	EKEYREVOKED     = &Errno{128, "key has been revoked"}
-	EKEYREJECTED    = &Errno{129, "key was rejected by service"}
-	EOWNERDEAD      = &Errno{130, "owner died"}
-	ENOTRECOVERABLE = &Errno{131, "state not recoverable"}
-	ERFKILL         = &Errno{132, "operation not possible due to RF-kill"}
-	EHWPOISON       = &Errno{133, "memory page has hardware error"}
+// errnos derived from other errnos
+const (
+	EWOULDBLOCK = EAGAIN
+	EDEADLOCK   = EDEADLK
 )
diff --git a/pkg/abi/linux/file.go b/pkg/abi/linux/file.go
index e11ca2d62..1e23850a9 100644
--- a/pkg/abi/linux/file.go
+++ b/pkg/abi/linux/file.go
@@ -19,7 +19,6 @@ import (
 	"strings"
 
 	"gvisor.dev/gvisor/pkg/abi"
-	"gvisor.dev/gvisor/pkg/binary"
 )
 
 // Constants for open(2).
@@ -201,7 +200,7 @@ const (
 )
 
 // SizeOfStat is the size of a Stat struct.
-var SizeOfStat = binary.Size(Stat{})
+var SizeOfStat = (*Stat)(nil).SizeBytes()
 
 // Flags for statx.
 const (
@@ -268,7 +267,7 @@ type Statx struct {
 }
 
 // SizeOfStatx is the size of a Statx struct.
-var SizeOfStatx = binary.Size(Statx{})
+var SizeOfStatx = (*Statx)(nil).SizeBytes()
 
 // FileMode represents a mode_t.
 type FileMode uint16
diff --git a/pkg/abi/linux/netdevice.go b/pkg/abi/linux/netdevice.go
index 0faf015c7..51a39704b 100644
--- a/pkg/abi/linux/netdevice.go
+++ b/pkg/abi/linux/netdevice.go
@@ -14,8 +14,6 @@
 
 package linux
 
-import "gvisor.dev/gvisor/pkg/binary"
-
 const (
 	// IFNAMSIZ is the size of the name field for IFReq.
 	IFNAMSIZ = 16
@@ -66,7 +64,7 @@ func (ifr *IFReq) SetName(name string) {
 }
 
 // SizeOfIFReq is the binary size of an IFReq struct (40 bytes).
-var SizeOfIFReq = binary.Size(IFReq{})
+var SizeOfIFReq = (*IFReq)(nil).SizeBytes()
 
 // IFMap contains interface hardware parameters.
 type IFMap struct {
diff --git a/pkg/abi/linux/netfilter.go b/pkg/abi/linux/netfilter.go
index 35c632168..3fd05483a 100644
--- a/pkg/abi/linux/netfilter.go
+++ b/pkg/abi/linux/netfilter.go
@@ -245,6 +245,8 @@ const SizeOfXTCounters = 16
 // include/uapi/linux/netfilter/x_tables.h. That struct contains a union
 // exposing different data to the user and kernel, but this struct holds only
 // the user data.
+//
+// +marshal
 type XTEntryMatch struct {
 	MatchSize uint16
 	Name      ExtensionName
@@ -284,6 +286,8 @@ const SizeOfXTGetRevision = 30
 // include/uapi/linux/netfilter/x_tables.h. That struct contains a union
 // exposing different data to the user and kernel, but this struct holds only
 // the user data.
+//
+// +marshal
 type XTEntryTarget struct {
 	TargetSize uint16
 	Name       ExtensionName
@@ -306,6 +310,8 @@ type KernelXTEntryTarget struct {
 // XTStandardTarget is a built-in target, one of ACCEPT, DROP, JUMP, QUEUE,
 // RETURN, or jump. It corresponds to struct xt_standard_target in
 // include/uapi/linux/netfilter/x_tables.h.
+//
+// +marshal
 type XTStandardTarget struct {
 	Target XTEntryTarget
 	// A positive verdict indicates a jump, and is the offset from the
@@ -322,6 +328,8 @@ const SizeOfXTStandardTarget = 40
 // beginning of user-defined chains by putting the name of the chain in
 // ErrorName. It corresponds to struct xt_error_target in
 // include/uapi/linux/netfilter/x_tables.h.
+//
+// +marshal
 type XTErrorTarget struct {
 	Target XTEntryTarget
 	Name   ErrorName
@@ -349,6 +357,8 @@ const (
 // NfNATIPV4Range corresponds to struct nf_nat_ipv4_range
 // in include/uapi/linux/netfilter/nf_nat.h. The fields are in
 // network byte order.
+//
+// +marshal
 type NfNATIPV4Range struct {
 	Flags   uint32
 	MinIP   [4]byte
@@ -359,6 +369,8 @@ type NfNATIPV4Range struct {
 
 // NfNATIPV4MultiRangeCompat corresponds to struct
 // nf_nat_ipv4_multi_range_compat in include/uapi/linux/netfilter/nf_nat.h.
+//
+// +marshal
 type NfNATIPV4MultiRangeCompat struct {
 	RangeSize uint32
 	RangeIPV4 NfNATIPV4Range
@@ -366,6 +378,8 @@ type NfNATIPV4MultiRangeCompat struct {
 
 // XTRedirectTarget triggers a redirect when reached.
 // Adding 4 bytes of padding to make the struct 8 byte aligned.
+//
+// +marshal
 type XTRedirectTarget struct {
 	Target  XTEntryTarget
 	NfRange NfNATIPV4MultiRangeCompat
@@ -377,6 +391,8 @@ const SizeOfXTRedirectTarget = 56
 
 // XTSNATTarget triggers Source NAT when reached.
 // Adding 4 bytes of padding to make the struct 8 byte aligned.
+//
+// +marshal
 type XTSNATTarget struct {
 	Target  XTEntryTarget
 	NfRange NfNATIPV4MultiRangeCompat
@@ -463,6 +479,8 @@ var _ marshal.Marshallable = (*KernelIPTGetEntries)(nil)
 // IPTReplace is the argument for the IPT_SO_SET_REPLACE sockopt. It
 // corresponds to struct ipt_replace in
 // include/uapi/linux/netfilter_ipv4/ip_tables.h.
+//
+// +marshal
 type IPTReplace struct {
 	Name        TableName
 	ValidHooks  uint32
@@ -502,6 +520,8 @@ func (tn TableName) String() string {
 
 // ErrorName holds the name of a netfilter error. These can also hold
 // user-defined chains.
+//
+// +marshal
 type ErrorName [XT_FUNCTION_MAXNAMELEN]byte
 
 // String implements fmt.Stringer.
@@ -520,6 +540,8 @@ func goString(cstring []byte) string {
 
 // XTTCP holds data for matching TCP packets. It corresponds to struct xt_tcp
 // in include/uapi/linux/netfilter/xt_tcpudp.h.
+//
+// +marshal
 type XTTCP struct {
 	// SourcePortStart specifies the inclusive start of the range of source
 	// ports to which the matcher applies.
@@ -573,6 +595,8 @@ const (
 
 // XTUDP holds data for matching UDP packets. It corresponds to struct xt_udp
 // in include/uapi/linux/netfilter/xt_tcpudp.h.
+//
+// +marshal
 type XTUDP struct {
 	// SourcePortStart is the inclusive start of the range of source ports
 	// to which the matcher applies.
@@ -613,6 +637,8 @@ const (
 
 // IPTOwnerInfo holds data for matching packets with owner. It corresponds
 // to struct ipt_owner_info in libxt_owner.c of iptables binary.
+//
+// +marshal
 type IPTOwnerInfo struct {
 	// UID is user id which created the packet.
 	UID uint32
@@ -634,7 +660,7 @@ type IPTOwnerInfo struct {
 	Match uint8
 
 	// Invert flips the meaning of Match field.
-	Invert uint8
+	Invert uint8 `marshal:"unaligned"`
 }
 
 // SizeOfIPTOwnerInfo is the size of an XTOwnerMatchInfo.
diff --git a/pkg/abi/linux/netfilter_ipv6.go b/pkg/abi/linux/netfilter_ipv6.go
index f7c70b430..b088b207c 100644
--- a/pkg/abi/linux/netfilter_ipv6.go
+++ b/pkg/abi/linux/netfilter_ipv6.go
@@ -264,6 +264,8 @@ const (
 
 // NFNATRange corresponds to struct nf_nat_range in
 // include/uapi/linux/netfilter/nf_nat.h.
+//
+// +marshal
 type NFNATRange struct {
 	Flags    uint32
 	MinAddr  Inet6Addr
diff --git a/pkg/abi/linux/netfilter_test.go b/pkg/abi/linux/netfilter_test.go
index bf73271c6..600820a0b 100644
--- a/pkg/abi/linux/netfilter_test.go
+++ b/pkg/abi/linux/netfilter_test.go
@@ -15,9 +15,8 @@
 package linux
 
 import (
+	"encoding/binary"
 	"testing"
-
-	"gvisor.dev/gvisor/pkg/binary"
 )
 
 func TestSizes(t *testing.T) {
@@ -42,7 +41,7 @@ func TestSizes(t *testing.T) {
 	}
 
 	for _, tc := range testCases {
-		if calculated := binary.Size(tc.typ); calculated != tc.defined {
+		if calculated := uintptr(binary.Size(tc.typ)); calculated != tc.defined {
 			t.Errorf("%T has a defined size of %d and calculated size of %d", tc.typ, tc.defined, calculated)
 		}
 	}
diff --git a/pkg/abi/linux/netlink.go b/pkg/abi/linux/netlink.go
index b41f94a69..232fee67e 100644
--- a/pkg/abi/linux/netlink.go
+++ b/pkg/abi/linux/netlink.go
@@ -53,6 +53,8 @@ type SockAddrNetlink struct {
 const SockAddrNetlinkSize = 12
 
 // NetlinkMessageHeader is struct nlmsghdr, from uapi/linux/netlink.h.
+//
+// +marshal
 type NetlinkMessageHeader struct {
 	Length uint32
 	Type   uint16
@@ -99,6 +101,8 @@ const NLMSG_ALIGNTO = 4
 // NetlinkAttrHeader is the header of a netlink attribute, followed by payload.
 //
 // This is struct nlattr, from uapi/linux/netlink.h.
+//
+// +marshal
 type NetlinkAttrHeader struct {
 	Length uint16
 	Type   uint16
@@ -126,6 +130,8 @@ const (
 )
 
 // NetlinkErrorMessage is struct nlmsgerr, from uapi/linux/netlink.h.
+//
+// +marshal
 type NetlinkErrorMessage struct {
 	Error  int32
 	Header NetlinkMessageHeader
diff --git a/pkg/abi/linux/netlink_route.go b/pkg/abi/linux/netlink_route.go
index ceda0a8d3..581a11b24 100644
--- a/pkg/abi/linux/netlink_route.go
+++ b/pkg/abi/linux/netlink_route.go
@@ -85,6 +85,8 @@ const (
 )
 
 // InterfaceInfoMessage is struct ifinfomsg, from uapi/linux/rtnetlink.h.
+//
+// +marshal
 type InterfaceInfoMessage struct {
 	Family uint8
 	_      uint8
@@ -164,6 +166,8 @@ const (
 )
 
 // InterfaceAddrMessage is struct ifaddrmsg, from uapi/linux/if_addr.h.
+//
+// +marshal
 type InterfaceAddrMessage struct {
 	Family    uint8
 	PrefixLen uint8
@@ -193,6 +197,8 @@ const (
 )
 
 // RouteMessage is struct rtmsg, from uapi/linux/rtnetlink.h.
+//
+// +marshal
 type RouteMessage struct {
 	Family uint8
 	DstLen uint8
diff --git a/pkg/abi/linux/socket.go b/pkg/abi/linux/socket.go
index 185eee0bb..95871b8a5 100644
--- a/pkg/abi/linux/socket.go
+++ b/pkg/abi/linux/socket.go
@@ -15,7 +15,6 @@
 package linux
 
 import (
-	"gvisor.dev/gvisor/pkg/binary"
 	"gvisor.dev/gvisor/pkg/marshal"
 )
 
@@ -251,18 +250,24 @@ type SockAddrInet struct {
 }
 
 // Inet6MulticastRequest is struct ipv6_mreq, from uapi/linux/in6.h.
+//
+// +marshal
 type Inet6MulticastRequest struct {
 	MulticastAddr  Inet6Addr
 	InterfaceIndex int32
 }
 
 // InetMulticastRequest is struct ip_mreq, from uapi/linux/in.h.
+//
+// +marshal
 type InetMulticastRequest struct {
 	MulticastAddr InetAddr
 	InterfaceAddr InetAddr
 }
 
 // InetMulticastRequestWithNIC is struct ip_mreqn, from uapi/linux/in.h.
+//
+// +marshal
 type InetMulticastRequestWithNIC struct {
 	InetMulticastRequest
 	InterfaceIndex int32
@@ -491,7 +496,7 @@ type TCPInfo struct {
 }
 
 // SizeOfTCPInfo is the binary size of a TCPInfo struct.
-var SizeOfTCPInfo = int(binary.Size(TCPInfo{}))
+var SizeOfTCPInfo = (*TCPInfo)(nil).SizeBytes()
 
 // Control message types, from linux/socket.h.
 const (
@@ -502,6 +507,8 @@ const (
 // A ControlMessageHeader is the header for a socket control message.
 //
 // ControlMessageHeader represents struct cmsghdr from linux/socket.h.
+//
+// +marshal
 type ControlMessageHeader struct {
 	Length uint64
 	Level  int32
@@ -510,7 +517,7 @@ type ControlMessageHeader struct {
 
 // SizeOfControlMessageHeader is the binary size of a ControlMessageHeader
 // struct.
-var SizeOfControlMessageHeader = int(binary.Size(ControlMessageHeader{}))
+var SizeOfControlMessageHeader = (*ControlMessageHeader)(nil).SizeBytes()
 
 // A ControlMessageCredentials is an SCM_CREDENTIALS socket control message.
 //
@@ -527,6 +534,7 @@ type ControlMessageCredentials struct {
 //
 // ControlMessageIPPacketInfo represents struct in_pktinfo from linux/in.h.
 //
+// +marshal
 // +stateify savable
 type ControlMessageIPPacketInfo struct {
 	NIC             int32
@@ -536,7 +544,7 @@ type ControlMessageIPPacketInfo struct {
 
 // SizeOfControlMessageCredentials is the binary size of a
 // ControlMessageCredentials struct.
-var SizeOfControlMessageCredentials = int(binary.Size(ControlMessageCredentials{}))
+var SizeOfControlMessageCredentials = (*ControlMessageCredentials)(nil).SizeBytes()
 
 // A ControlMessageRights is an SCM_RIGHTS socket control message.
 type ControlMessageRights []int32