From 0636c1c929da3b58d3a34262fbc6567f86bfb594 Mon Sep 17 00:00:00 2001
From: liornm <lior.neumann@gmail.com>
Date: Wed, 19 May 2021 17:52:01 +0300
Subject: Allow use of IFF_ONE_QUEUE

Before fix, use of this flag causes an error.
It affects applications like OpenVPN which sets this flag for legacy reasons.
According to linux/if_tun.h "This flag has no real effect".
---
 pkg/abi/linux/ioctl_tun.go        | 3 +++
 pkg/sentry/socket/netstack/tun.go | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

(limited to 'pkg')

diff --git a/pkg/abi/linux/ioctl_tun.go b/pkg/abi/linux/ioctl_tun.go
index c59c9c136..ea4fdca0f 100644
--- a/pkg/abi/linux/ioctl_tun.go
+++ b/pkg/abi/linux/ioctl_tun.go
@@ -26,4 +26,7 @@ const (
 	IFF_TAP      = 0x0002
 	IFF_NO_PI    = 0x1000
 	IFF_NOFILTER = 0x1000
+
+	// According to linux/if_tun.h "This flag has no real effect"
+	IFF_ONE_QUEUE = 0x2000
 )
diff --git a/pkg/sentry/socket/netstack/tun.go b/pkg/sentry/socket/netstack/tun.go
index 288dd0c9e..c7ed52702 100644
--- a/pkg/sentry/socket/netstack/tun.go
+++ b/pkg/sentry/socket/netstack/tun.go
@@ -40,7 +40,7 @@ func LinuxToTUNFlags(flags uint16) (tun.Flags, error) {
 	// Linux adds IFF_NOFILTER (the same value as IFF_NO_PI unfortunately)
 	// when there is no sk_filter. See __tun_chr_ioctl() in
 	// net/drivers/tun.c.
-	if flags&^uint16(linux.IFF_TUN|linux.IFF_TAP|linux.IFF_NO_PI) != 0 {
+	if flags&^uint16(linux.IFF_TUN|linux.IFF_TAP|linux.IFF_NO_PI|linux.IFF_ONE_QUEUE) != 0 {
 		return tun.Flags{}, syserror.EINVAL
 	}
 	return tun.Flags{
-- 
cgit v1.2.3