From 66d5930ec77caed942404ceef4829f2c4ca431bd Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Wed, 13 Oct 2021 22:25:03 +0200 Subject: passt, pasta: Add seccomp support List of allowed syscalls comes from comments in the form: #syscalls for syscalls needed both in passt and pasta mode, and: #syscalls:pasta #syscalls:passt for syscalls specifically needed in pasta or passt mode only. seccomp.sh builds a list of BPF statements from those comments, prefixed by a binary search tree to keep lookup fast. While at it, clean up a bit the Makefile using wildcards. Signed-off-by: Stefano Brivio --- udp.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'udp.c') diff --git a/udp.c b/udp.c index 0837cba..e77345f 100644 --- a/udp.c +++ b/udp.c @@ -419,6 +419,8 @@ static void udp_sock6_iov_init(void) * @splice: UDP_BACK_TO_INIT from init, UDP_BACK_TO_NS from namespace * * Return: connected socket, negative error code on failure + * + * #syscalls:pasta getsockname */ int udp_splice_connect(struct ctx *c, int v6, int bound_sock, in_port_t src, in_port_t dst, int splice) @@ -640,6 +642,9 @@ static void udp_sock_handler_splice(struct ctx *c, union epoll_ref ref, * @ref: epoll reference * @events: epoll events bitmap * @now: Current timestamp + * + * #syscalls recvmmsg + * #syscalls:passt sendmmsg sendmsg */ void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events, struct timespec *now) @@ -877,6 +882,8 @@ void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events, * @now: Current timestamp * * Return: count of consumed packets + * + * #syscalls sendmmsg */ int udp_tap_handler(struct ctx *c, int af, void *addr, struct tap_l4_msg *msg, int count, struct timespec *now) -- cgit v1.2.3