mirrors/passt
1
0
Fork 0
mirror of https://passt.top/passt synced 2025-05-05 10:18:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Commit graph

  • 594dce66d3 isolation: keep CAP_SYS_PTRACE when required Paul Holzinger 2023-06-23 10:25:32 +02:00
  • 5b646b9b10 conf: Accept -a and -g without --config-net in pasta mode Stefano Brivio 2023-06-23 09:52:36 +02:00
  • d034fb698f conf: Make -a/--address really imply --no-copy-addrs Stefano Brivio 2023-06-22 15:46:41 +02:00
  • db29fd281a seccomp: Make seccomp.sh re-entrancy safe David Gibson 2023-06-21 13:06:37 +10:00
  • 3c6d1b9bb2 conf, log: On -h / --help, print usage to stdout, not stderr Stefano Brivio 2023-06-04 07:14:49 +02:00
  • d072ac2434 tap: With pasta, don't reset on tap errors, handle write failures Stefano Brivio 2023-06-04 06:51:47 +02:00
  • 429e1a7e71 conf: Fix erroneous check of ip6->gw 2023_06_03.429e1a7 David Gibson 2023-06-02 15:02:02 +10:00
  • e3b19530e4 test/nstool: Fix fd leak in accept() loop David Gibson 2023-05-23 12:25:43 +10:00
  • 527c822a3b test/nstool: Provide useful error if given a path that's too long David Gibson 2023-05-23 12:25:42 +10:00
  • 9f61c5b68b passt.h: Fix description of pasta_ifi in struct ctx Stefano Brivio 2023-05-14 19:46:39 +02:00
  • cc9d16758b conf, pasta: With --config-net, copy all addresses by default Stefano Brivio 2023-05-14 19:12:09 +02:00
  • e89da3cf03 netlink: Add functionality to copy addresses from outer namespace Stefano Brivio 2023-05-14 18:44:53 +02:00
  • a7359f0948 conf: Don't exit if sourced default route has no gateway Stefano Brivio 2023-05-14 16:24:11 +02:00
  • e8fef7525c Revert "conf: Adjust netmask on mismatch between IPv4 address/netmask and gateway" Stefano Brivio 2023-05-14 15:22:00 +02:00
  • da54641f14 conf, pasta: With --config-net, copy all routes by default Stefano Brivio 2023-05-14 15:04:38 +02:00
  • 468f19a852 conf: --config-net option is for pasta mode only Stefano Brivio 2023-05-14 14:14:29 +02:00
  • 2fe0461856 netlink: Add functionality to copy routes from outer namespace Stefano Brivio 2023-05-14 13:49:43 +02:00
  • f099afb1f2 pasta: Improve error handling on failure to join network namespace Stefano Brivio 2023-05-14 13:32:41 +02:00
  • 1c3c68970e netlink: Fix comment about response buffer size for nl_req() Stefano Brivio 2023-05-14 13:30:18 +02:00
  • 770d1a4502 isolation: Initially Keep CAP_SETFCAP if running as UID 0 in non-init Stefano Brivio 2023-05-21 15:03:31 +02:00
  • b0e450aa85 pasta: Detach mount namespace, (re)mount procfs before spawning command Stefano Brivio 2023-05-21 14:50:11 +02:00
  • b0881aae6d util, conf: Add and use ns_is_init() helper Stefano Brivio 2023-05-21 14:47:07 +02:00
  • 25f1d1a84f tap: Don't update ip6.addr_seen to :: David Gibson 2023-05-16 10:36:11 +10:00
  • 96f8d55c4f correct -6 option in manpage 2023_05_09.96f8d55 lemmi 2023-05-08 18:05:01 +02:00
  • 940bd3eff9 passt: Fix error check for signal(), improve error messages Stefano Brivio 2023-04-13 19:32:13 +02:00
  • 1a3ade9037 nstool: Enter holder's cwd when changing mount ns with nstool exec David Gibson 2023-04-06 13:28:19 +10:00
  • 98031bee73 nstool: Advertise the holder's cwd (in its mountns) across the socket David Gibson 2023-04-06 13:28:18 +10:00
  • 469b69aaa1 test: Use "nstool exec" to slightly simplify tests David Gibson 2023-04-06 13:28:17 +10:00
  • 3372cd0902 test: Initialise ${TRACE} properly David Gibson 2023-04-06 13:28:16 +10:00
  • 329149d51a nstool: Add --keep-caps option to nstool exec David Gibson 2023-04-06 13:28:15 +10:00
  • 0b66944648 nstool: Add nstool exec command to execute commands in an nstool namespace David Gibson 2023-04-06 13:28:14 +10:00
  • 3bcbca5db8 nstool: Helpers to iterate through namespace types David Gibson 2023-04-06 13:28:13 +10:00
  • f6a9ea3af5 nstool: Add magic number to advertized information David Gibson 2023-04-06 13:28:12 +10:00
  • 4311066bdb nstool: Detect what namespaces target is in David Gibson 2023-04-06 13:28:11 +10:00
  • fd4a752e92 nstool: Replace "pid" subcommand with "info" subcommand David Gibson 2023-04-06 13:28:10 +10:00
  • a4b017d91c nstool: Split some command line parsing and socket setup to subcommands David Gibson 2023-04-06 13:28:09 +10:00
  • 42fb218347 nstool: Move description of its operation modes from comment to usage David Gibson 2023-04-06 13:28:08 +10:00
  • 2884ccd2e7 nstool: Reverse parameters to nstool David Gibson 2023-04-06 13:28:07 +10:00
  • 4914fce77b nstool: Rename nsholder to nstool David Gibson 2023-04-06 13:28:06 +10:00
  • 55bbe3dbcb test: Remove race between commands run in the same context David Gibson 2023-04-05 11:56:42 +10:00
  • ca2749e1bd passt: Relicense to GPL 2.0, or any later version Stefano Brivio 2023-04-05 20:11:44 +02:00
  • b10b983fbd fedora: Adjust path for SELinux policy and interface file to latest guidelines 2023_03_29.b10b983 Stefano Brivio 2023-03-29 13:17:31 +02:00
  • 387f4aca74 fedora: Don't install useless SELinux interface file for pasta Stefano Brivio 2023-03-27 19:50:01 +02:00
  • dafd92d555 selinux: Drop useless interface file for pasta Stefano Brivio 2023-03-27 19:47:07 +02:00
  • 98a9a7d9e5 conf: Allow binding to ports on an interface without a specific address Stefano Brivio 2023-03-27 19:35:26 +02:00
  • 33d88f79d9 tcp: Clear ACK_FROM_TAP_DUE also on unchanged ACK sequence from peer Stefano Brivio 2023-03-23 16:07:57 +01:00
  • 4e73e9bd65 tcp: Don't special case the handling of the ack of a syn David Gibson 2023-03-27 14:56:34 +11:00
  • 085672f77c tcp: Clarify allowed state for tcp_data_from_tap() David Gibson 2023-03-27 14:56:33 +11:00
  • 1ee2f7cada tcp: Don't reset ACK_TO_TAP_DUE on any ACK, reschedule timer as needed 2023_03_21.1ee2f7c Stefano Brivio 2023-03-21 23:14:58 +01:00
  • 9ffccf7acc tcp: When a connection flag it set, don't negate it for debug print Stefano Brivio 2023-03-21 19:39:55 +01:00
  • 89d1494974 Fix false positive if cppcheck doesn't give a false positive David Gibson 2023-03-21 14:55:00 +11:00
  • 34ade90957 Work around weird false positives with cppcheck-2.9.1 David Gibson 2023-03-21 14:54:59 +11:00
  • ccf6d2a7b4 udp: Actually bind detected namespace ports in init namespace Stefano Brivio 2023-03-21 16:01:30 +01:00
  • 418f75ac37 pasta: fix tcp port forwarding in auto mode Paul Holzinger 2023-03-20 19:10:34 +01:00
  • dd23496619 fedora: Refresh SELinux labels in scriptlets, require -selinux package 2023_03_17.dd23496 Stefano Brivio 2023-03-16 20:51:23 +01:00
  • 87a655045b Makefile: Enable external override for TARGET Stefano Brivio 2023-03-15 10:08:47 +01:00
  • 7727804658 passt.1: Fix description of --mtu option Stefano Brivio 2023-03-15 10:06:50 +01:00
  • 4e6178fd46 log: Avoid time_t/__syscall_slong_t format mismatch with long int on X32 ABI Stefano Brivio 2023-03-10 23:15:35 +01:00
  • 70c0765b49 fedora: Install SELinux interface files to shared include directory 2023_03_10.70c0765 Stefano Brivio 2023-03-10 19:10:01 +01:00
  • 93105ea066 contrib/selinux: Split interfaces into smaller bits Stefano Brivio 2023-03-10 17:00:31 +00:00
  • dcdc50fc22 contrib/selinux: Drop unused passt_read_data() interface Stefano Brivio 2023-03-10 14:53:37 +00:00
  • 9f35cf0b11 contrib/selinux: Drop "example" from headers: this is the actual policy Stefano Brivio 2023-03-10 14:53:14 +00:00
  • 7c7625ddff README: Update Features section, plus minor improvements 2023_03_09.7c7625d Stefano Brivio 2023-03-08 23:43:10 +01:00
  • 294d6dc4c6 contrib: Drop libvirt out-of-tree patch, integration mostly works in 9.1.0 Stefano Brivio 2023-03-08 23:47:19 +01:00
  • 42fb62516d contrib: Drop QEMU out-of-tree patches Stefano Brivio 2023-03-08 23:46:13 +01:00
  • f3cd0f9e45 contrib: Drop Podman out-of-tree patch, integration is upstream now Stefano Brivio 2023-03-08 23:45:08 +01:00
  • d7272f1df8 tcp: Clamp MSS value when queueing data to tap, also for pasta Stefano Brivio 2023-03-08 18:07:42 +01:00
  • bb2b67cb35 conf: Terminate on EMFILE or ENFILE on sockets for port mapping Stefano Brivio 2023-03-08 13:21:19 +01:00
  • 5aea2f88ab tcp, udp: Fix partial success return codes in {tcp,udp}_sock_init() Stefano Brivio 2023-03-08 12:38:39 +01:00
  • 73992c42ce tcp, udp, util: Pass socket creation errors all the way up Stefano Brivio 2023-03-08 12:14:29 +01:00
  • 50687616e4 util: Carry own definition of __bswap_constant{16,32} Stefano Brivio 2023-03-08 04:13:50 +01:00
  • 89e38f5540 treewide: Fix header includes to build with musl Chris Kuhn 2023-03-08 04:00:22 +01:00
  • 5c58feab7b conf, passt: Rename stderr to force_stderr Chris Kuhn 2023-03-08 03:47:45 +01:00
  • fde8004ab0 netlink: Use 8 KiB * netlink message header size as response buffer Stefano Brivio 2023-03-08 03:43:25 +01:00
  • a9c59dd91b conf, icmp, tcp, udp: Add options to bind to outbound address and interface Stefano Brivio 2023-03-08 03:29:51 +01:00
  • 70148ce5be conf, passt.h: Rename "outbound" interface to "template" interface Stefano Brivio 2023-03-07 19:23:18 +01:00
  • d361fe6e80 contrib/selinux: Let interface users set paths for log, PID, socket files Stefano Brivio 2023-03-06 23:19:18 +00:00
  • de9b0cb5fe contrib/selinux: Allow binding and connecting to all UDP and TCP ports Stefano Brivio 2023-03-06 23:05:36 +00:00
  • 41bc669866 contrib/selinux: Let passt write to stdout and stderr when it starts Stefano Brivio 2023-03-06 22:49:39 +00:00
  • 009af75e45 contrib/selinux: Drop duplicate init_daemon_domain() rule Stefano Brivio 2023-03-06 22:48:21 +00:00
  • 83236216c4 udp: Fix signedness warning on 32-bits architectures Stefano Brivio 2023-02-28 00:59:19 +01:00
  • f6b6b66a88 Makefile: Fix SuperH 4 builds: it's AUDIT_ARCH_SH, not AUDIT_ARCH_SH4 Stefano Brivio 2023-02-28 00:54:56 +01:00
  • 0d8c114aa2 Makefile, seccomp.sh: Fix cross-builds, adjust syscalls list to compiler Stefano Brivio 2023-02-28 00:53:01 +01:00
  • c538ee8d69 util: Add own prototype for __clone2() on ia64 2023_02_27.c538ee8 Stefano Brivio 2023-02-27 17:49:23 +01:00
  • b1b75bd73a contrib/apparmor: Split profile into abstractions, use them Stefano Brivio 2023-02-27 17:24:40 +01:00
  • 0d547a5b0f qrap: Generate -netdev as JSON Andrea Bolognani 2023-02-24 19:49:49 +01:00
  • 4f2341f31d qrap: Introduce machine-specific PCI address base Andrea Bolognani 2023-02-24 19:49:48 +01:00
  • 8828a637ba qrap: Drop args in JSON format Andrea Bolognani 2023-02-24 19:49:47 +01:00
  • 16f19c87f5 qrap: Fix support for pc machines Andrea Bolognani 2023-02-24 19:49:46 +01:00
  • 9cec4309c9 qrap: Fix limits for PCI addresses Andrea Bolognani 2023-02-24 19:49:45 +01:00
  • d2df763232 log, conf, tap: Define die() as err() plus exit(), drop cppcheck workarounds Stefano Brivio 2023-02-27 04:06:19 +01:00
  • fb05a71378 doc/demo: Fix and suppress ShellCheck warnings Stefano Brivio 2023-02-27 03:44:25 +01:00
  • 26a0e4d6ee Fix definitions of SOCKET_MAX, TCP_MAX_CONNS Stefano Brivio 2023-02-27 03:30:01 +01:00
  • 4f523c3276 tcp: Avoid (theoretical) resource leak (CWE-772) Coverity warning Stefano Brivio 2023-02-27 03:13:31 +01:00
  • a1d5537741 tcp: Avoid false (but convoluted) positive Coverity CWE-476 warning Stefano Brivio 2023-02-27 03:05:26 +01:00
  • 5474bc5485 tcp, tcp_splice: Get rid of false positive CWE-394 Coverity warning from fls() Stefano Brivio 2023-02-27 02:45:42 +01:00
  • a48c5c2abf treewide: Disable gcc strict aliasing rules as needed, drop workarounds Stefano Brivio 2023-02-27 01:57:36 +01:00
  • da46fdac36 tcp: Suppress knownConditionTrueFalse cppcheck false positive Stefano Brivio 2023-02-25 12:09:01 +01:00
  • 834b9a3049 log: Send identifier string in log messages, openlog() won't work for us Stefano Brivio 2023-02-23 18:32:20 +01:00
  • bad2526872 conf, udp: Allow any loopback address to be used as resolver Stefano Brivio 2023-02-23 16:41:47 +00:00