Age | Commit message (Collapse) | Author |
|
PiperOrigin-RevId: 375740504
|
|
Fixes #5974
Updates #161
PiperOrigin-RevId: 375024740
|
|
Before fix, use of this flag causes an error.
It affects applications like OpenVPN which sets this flag for legacy reasons.
According to linux/if_tun.h "This flag has no real effect".
|
|
PiperOrigin-RevId: 373265454
|
|
PiperOrigin-RevId: 372020696
|
|
Co-Author: ayushranjan
PiperOrigin-RevId: 370785009
|
|
Use MarshalUnsafe for packed types as it is faster than MarshalBytes.
PiperOrigin-RevId: 368076368
|
|
The current SNAT implementation has several limitations:
- SNAT source port has to be specified. It is not optional.
- SNAT source port range is not supported.
- SNAT for UDP is a one-way translation. No response packets
are handled (because conntrack doesn't support UDP currently).
- SNAT and REDIRECT can't work on the same connection.
Fixes #5489
PiperOrigin-RevId: 367750325
|
|
A skeleton implementation of cgroupfs. It supports trivial cpu and
memory controllers with no support for hierarchies.
PiperOrigin-RevId: 366561126
|
|
PiperOrigin-RevId: 366344805
|
|
PiperOrigin-RevId: 362297474
|
|
Restrict ptrace(2) according to the default configurations of the YAMA security
module (mode 1), which is a common default among various Linux distributions.
The new access checks only permit the tracer to proceed if one of the following
conditions is met:
a) The tracer is already attached to the tracee.
b) The target is a descendant of the tracer.
c) The target has explicitly given permission to the tracer through the
PR_SET_PTRACER prctl.
d) The tracer has CAP_SYS_PTRACE.
See security/yama/yama_lsm.c for more details.
Note that these checks are added to CanTrace, which is checked for
PTRACE_ATTACH as well as some other operations, e.g., checking a process'
memory layout through /proc/[pid]/mem.
Since this patch adds restrictions to ptrace, it may break compatibility for
applications run by non-root users that, for instance, rely on being able to
trace processes that are not descended from the tracer (e.g., `gdb -p`). YAMA
restrictions can be turned off by setting /proc/sys/kernel/yama/ptrace_scope
to 0, or exceptions can be made on a per-process basis with the PR_SET_PTRACER
prctl.
Reported-by: syzbot+622822d8bca08c99e8c8@syzkaller.appspotmail.com
PiperOrigin-RevId: 359237723
|
|
This makes it easier to implement dynamically sized types in go-marshal. You
really only need to implement MarshalBytes, UnmarshalBytes and SizeBytes to
implement the entire interface.
By using the `dynamic` tag, the autogenerator will generate the rest of the
methods for us.
This change also simplifies how KernelIPTGetEntries implements Marshallable
using the newly added utility.
PiperOrigin-RevId: 356397114
|
|
PiperOrigin-RevId: 354595623
|
|
This CL adds support for the following fields:
- RTT, RTTVar, RTO
- send congestion window (sndCwnd) and send slow start threshold (sndSsthresh)
- congestion control state(CaState)
- ReorderSeen
PiperOrigin-RevId: 354195361
|
|
Fixes #5113.
PiperOrigin-RevId: 353313374
|
|
These are primarily simplification and lint mistakes. However, minor
fixes are also included and tests added where appropriate.
PiperOrigin-RevId: 351425971
|
|
IPv4 was always supported but UDP never supported joining/leaving IPv6
multicast groups via socket options.
Add: IPPROTO_IPV6, IPV6_JOIN_GROUP/IPV6_ADD_MEMBERSHIP
Remove: IPPROTO_IPV6, IPV6_LEAVE_GROUP/IPV6_DROP_MEMBERSHIP
Test: integration_test.TestUDPAddRemoveMembershipSocketOption
PiperOrigin-RevId: 350396072
|
|
Introduces the per-socket error queue and the necessary cmsg mechanisms.
PiperOrigin-RevId: 348028508
|
|
PiperOrigin-RevId: 347711998
|
|
PiperOrigin-RevId: 347047550
|
|
tcpip.ControlMessages can not contain Linux specific structures which makes it
painful to convert back and forth from Linux to tcpip back to Linux when passing
around control messages in hostinet and raw sockets.
Now we convert to the Linux version of the control message as soon as we are
out of tcpip.
PiperOrigin-RevId: 347027065
|
|
PiperOrigin-RevId: 345589628
|
|
These options allow overriding the signal that gets sent to the process when
I/O operations are available on the file descriptor, rather than the default
`SIGIO` signal. Doing so also populates `siginfo` to contain extra information
about which file descriptor caused the event (`si_fd`) and what events happened
on it (`si_band`). The logic around which FD is populated within `si_fd`
matches Linux's, which means it has some weird edge cases where that value may
not actually refer to a file descriptor that is still valid.
This CL also ports extra S/R logic regarding async handler in VFS2.
Without this, async I/O handlers aren't properly re-registered after S/R.
PiperOrigin-RevId: 345436598
|
|
PiperOrigin-RevId: 345178956
|
|
PiperOrigin-RevId: 339377254
|
|
PiperOrigin-RevId: 338756277
|
|
cf. 2a36ab717e8f "rseq/membarrier: Add MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ"
PiperOrigin-RevId: 336186795
|
|
Updates #267
PiperOrigin-RevId: 335713923
|
|
PiperOrigin-RevId: 335077195
|
|
Adds support for the IPv6-compatible redirect target. Redirection is a limited
form of DNAT, where the destination is always the localhost.
Updates #3549.
PiperOrigin-RevId: 334698344
|
|
PiperOrigin-RevId: 334682753
|
|
Like matchers, targets should use a module-like register/lookup system. This
replaces the brittle switch statements we had before.
The only behavior change is supporing IPT_GET_REVISION_TARGET. This makes it
much easier to add IPv6 redirect in the next change.
Updates #3549.
PiperOrigin-RevId: 334469418
|
|
The previous value was for unix
PiperOrigin-RevId: 333571962
|
|
|
|
|
|
Fixes #3696
|
|
|
|
|
|
This commit implements FUSE_SETATTR command. When a system call modifies
the metadata of a regular file or a folder by chown(2), chmod(2),
truncate(2), utime(2), or utimes(2), they should be translated to
corresponding FUSE_SETATTR command and sent to the FUSE server.
Fixes #3332
|
|
According to Linux 4.4's FUSE behavior, the flags and fh attributes in
FUSE_GETATTR are only used in read, write, and lseek. fstat(2) doesn't
use them either. Add tests to ensure the requests sent from FUSE module
are consistent with Linux's.
Updates #3655
|
|
This commit adds basic write(2) support for FUSE.
|
|
FUSE_CREATE is called when issuing creat(2) or open(2) with O_CREAT. It
creates a new file on the FUSE filesystem.
Fixes #3825
|
|
|
|
This commit removes unused marshalling functions in linux abi package
and moves self-defined FUSEInitRes wrapper to fuse package.
Updates #3707
|
|
The fuse_init_out struct changes in different FUSE kernel versions. A
FUSE server may implement older versions of fuse_init_out, but they
share common attributes from the beginning. Implement variable-length
marshallable interface to support older versions of ABI.
Fixes #3707
|
|
Until #3698 is resolved, this change is needed to ensure we're not
corrupting memory anywhere.
|
|
Fixes #3255.
This change adds support for IterDirents. You can now use `ls` in
the FUSE sandbox.
Co-authored-by: Craig Chi <craigchi@google.com>
|
|
Fixes #3587
Co-authored-by: Craig Chi <craigchi@google.com>
|
|
Fixes #3206
|