Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] system call hijack support #12

Closed
wants to merge 2 commits into from
Closed

[RFC] system call hijack support #12

wants to merge 2 commits into from

Commits on Dec 4, 2015

  1. lkl: add new API, LKL system call API, for POSIX userspace applications 

    This commit introduce new userspace API, prefixed lkl_sys_wrapper_(),
which preserves the same signature with what the (ordinal) system call
wrapper API has.

Function arguments signatures are same as LKL system call API (i.e.,
lkl_sys_xxx()), but the return values are different: upon errors
happened, LKL system call API returns a negative value which kernel
functions returns where this new API returns -1 and set error value by
newly introduce host_ops callback entry, ops->seterrno().

Signed-off-by: Hajime Tazaki <thehajime@gmail.com>
    @thehajime
    thehajime committed Dec 4, 2015
    Configuration menu
    Copy the full SHA
    bc16e5b View commit details
    Browse the repository at this point in the history

  2. lkl: add initial system call hijack support (a.k.a. NUSE of libos) 

    This commit introduces initial support of system call hijack, based on
LD_PRELOAD with POSIX applications on a host.

Note that system call hijack by renaming symbol by LD_PRELOAD is not a
complete solution: it must address various issues with dirty tricks.

Those tricks/issues are:
- introduce file descriptor offset (i.e., fd + offset)
- path name isolation (i.e., chrooted)
- need of handling mixture of fd between host and lkl-ed ones
- un-hijackable symbol (__socket inside if_nametoindex() of linux
  glibc) needs to be hijacked by upper call (i.e., if_nametoindex)

Nevertheless, it is powerful in some case such as replacing network
stack only for an application.

It has been tested with socket(AF_INET/AF_INET6/AF_NETLINK) without any
external netdevices, i.e. only works with localhost (127.0.0.1/::1).
It may need more work on non-Linux host.

select(2)/poll(2)/epoll_create(2) need more work.

The below should work on Linux.
% ./tools/lkl/bin/hijack.sh ip ad

Signed-off-by: Hajime Tazaki <thehajime@gmail.com>
    @thehajime
    thehajime committed Dec 4, 2015
    Configuration menu
    Copy the full SHA
    83f4310 View commit details
    Browse the repository at this point in the history