DisableTLSALPNChallenge: !enableTLSALPNChallenge,
})
- magic.Issuer = myACME
+ magic.Issuers = []certmagic.Issuer{myACME}
// this obtains certificates or renews them if necessary
err := magic.ManageSync([]string{domain})
github.com/blevesearch/bleve/v2 v2.0.2
github.com/boombuler/barcode v1.0.1 // indirect
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b // indirect
- github.com/caddyserver/certmagic v0.12.0
+ github.com/caddyserver/certmagic v0.13.0
github.com/chi-middleware/proxy v1.1.1
github.com/couchbase/go-couchbase v0.0.0-20210224140812-5740cd35f448 // indirect
github.com/couchbase/gomemcached v0.1.2 // indirect
github.com/klauspost/pgzip v1.2.5 // indirect
github.com/lafriks/xormstore v1.4.0
github.com/lib/pq v1.9.0
- github.com/libdns/libdns v0.2.0 // indirect
github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
github.com/mailru/easyjson v0.7.7 // indirect
github.com/markbates/goth v1.67.1
github.com/mattn/go-sqlite3 v1.14.6
github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81
github.com/mgechev/revive v1.0.3
- github.com/mholt/acmez v0.1.3 // indirect
github.com/mholt/archiver/v3 v3.5.0
github.com/microcosm-cc/bluemonday v1.0.7
- github.com/miekg/dns v1.1.40 // indirect
+ github.com/miekg/dns v1.1.41 // indirect
github.com/minio/md5-simd v1.1.2 // indirect
github.com/minio/minio-go/v7 v7.0.10
github.com/minio/sha256-simd v1.0.0 // indirect
go.jolheiser.com/pwn v0.0.3
go.uber.org/multierr v1.6.0 // indirect
go.uber.org/zap v1.16.0 // indirect
- golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
- golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
+ golang.org/x/net v0.0.0-20210421230115-4e50805a0758
golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93
- golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44
- golang.org/x/text v0.3.5
+ golang.org/x/sys v0.0.0-20210421221651-33663a62ff08
+ golang.org/x/text v0.3.6
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
golang.org/x/tools v0.1.0
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
github.com/bradfitz/gomemcache v0.0.0-20190329173943-551aad21a668/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b h1:L/QXpzIa3pOvUGt1D1lA5KjYhPBAN/3iWdP7xeFS9F0=
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA=
-github.com/caddyserver/certmagic v0.12.0 h1:1f7kxykaJkOVVpXJ8ZrC6RAO5F6+kKm9U7dBFbLNeug=
-github.com/caddyserver/certmagic v0.12.0/go.mod h1:tr26xh+9fY5dN0J6IPAlMj07qpog22PJKa7Nw7j835U=
+github.com/caddyserver/certmagic v0.13.0 h1:ky0rntZvIFiUKFdIikYxj31WN+Ts0Od6Wjz83iTzxfc=
+github.com/caddyserver/certmagic v0.13.0/go.mod h1:dNOzF4iOB7H9E51xTooMB90vs+2XNVtpnx0liQNsQY4=
github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/lib/pq v1.7.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lib/pq v1.9.0 h1:L8nSXQQzAYByakOFMTwpjRoHsMJklur4Gi59b6VivR8=
github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
github.com/libdns/libdns v0.2.0 h1:ewg3ByWrdUrxrje8ChPVMBNcotg7H9LQYg+u5De2RzI=
github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
github.com/mgechev/dots v0.0.0-20190921121421-c36f7dcfbb81/go.mod h1:KQ7+USdGKfpPjXk4Ga+5XxQM4Lm4e3gAogrreFAYpOg=
github.com/mgechev/revive v1.0.3 h1:z3FL6IFFN3JKzHYHD8O1ExH9g/4lAGJ5x1+9rPZgsFg=
github.com/mgechev/revive v1.0.3/go.mod h1:POGGZagSo/0frdr7VeAifzS5Uka0d0GPiM35MsTO8nE=
-github.com/mholt/acmez v0.1.1/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk=
github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
github.com/mholt/archiver/v3 v3.5.0 h1:nE8gZIrw66cu4osS/U7UW7YDuGMHssxKutU8IfWxwWE=
github.com/microcosm-cc/bluemonday v1.0.7/go.mod h1:HOT/6NaBlR0f9XlxD3zolN6Z3N8Lp4pvhp+jLS5ihnI=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
-github.com/miekg/dns v1.1.40 h1:pyyPFfGMnciYUk/mXpKkVmeMQjfXqt3FAJ2hy7tPiLA=
-github.com/miekg/dns v1.1.40/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
+github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY=
+github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI=
github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw=
github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
github.com/unknwon/i18n v0.0.0-20210321134014-0ebbf2df1c44/go.mod h1:+5rDk6sDGpl3azws3O+f+GpFSyN9GVr0K8cvQLQM2ZQ=
github.com/unknwon/paginater v0.0.0-20200328080006-042474bd0eae h1:ihaXiJkaca54IaCSnEXtE/uSZOmPxKZhDfVLrzZLFDs=
github.com/unknwon/paginater v0.0.0-20200328080006-042474bd0eae/go.mod h1:1fdkY6xxl6ExVs2QFv7R0F5IRZHKA8RahhB9fMC9RvM=
-github.com/unrolled/render v1.0.3 h1:baO+NG1bZSF2WR4zwh+0bMWauWky7DVrTOfvE2w+aFo=
-github.com/unrolled/render v1.0.3/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
github.com/unrolled/render v1.1.0 h1:gvpR9hHxTt6DcGqRYuVVFcfd8rtK+nyEPUJN06KB57Q=
github.com/unrolled/render v1.1.0/go.mod h1:gN9T0NhL4Bfbwu8ann7Ry/TGHYfosul+J0obPf6NBdM=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
-golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b h1:7mWr3k41Qtv8XlltBkDkl8LoP3mpSgBW8BUoxtEdbXg=
+golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210331212208-0fccb6fa2b5c/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4 h1:4nGaVu0QrbjT/AK2PRLuQfQuh6DJve+pELhqTdAj3x0=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758 h1:aEpZnXcAmXkd6AvLb2OPt+EN1Zu/8Ne3pCqPjja5PXY=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a h1:DcqTD9SDLc+1P/r1EmRBwnVsrOwW+kk2vWf9n+1sGhs=
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44 h1:Bli41pIlzTzf3KEY06n+xnzK/BESIg2ze4Pgfh/aI8c=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210421221651-33663a62ff08 h1:qyN5bV+96OX8pL78eXDuz6YlDPzCYgdW74H5yE9BoSU=
+golang.org/x/sys v0.0.0-20210421221651-33663a62ff08/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
// any customizations you need go here
})
-myACME := certmagic.NewACMEManager(magic, ACMEManager{
+myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
CA: certmagic.LetsEncryptStagingCA,
Email: "you@yours.com",
Agreed: true,
// we can simply set its GetCertificate field and append the
// TLS-ALPN challenge protocol to the NextProtos
myTLSConfig.GetCertificate = magic.GetCertificate
-myTLSConfig.NextProtos = append(myTLSConfig.NextProtos, tlsalpn01.ACMETLS1Protocol}
+myTLSConfig.NextProtos = append(myTLSConfig.NextProtos, tlsalpn01.ACMETLS1Protocol)
// the HTTP challenge has to be handled by your HTTP server;
// if you don't have one, you should have disabled it earlier
import "github.com/libdns/cloudflare"
certmagic.DefaultACME.DNS01Solver = &certmagic.DNS01Solver{
- DNSProvider: cloudflare.Provider{
+ DNSProvider: &cloudflare.Provider{
APIToken: "topsecret",
},
}
import (
"bufio"
+ "bytes"
+ "context"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
// getAccount either loads or creates a new account, depending on if
// an account can be found in storage for the given CA + email combo.
func (am *ACMEManager) getAccount(ca, email string) (acme.Account, error) {
- regBytes, err := am.config.Storage.Load(am.storageKeyUserReg(ca, email))
+ acct, err := am.loadAccount(ca, email)
if err != nil {
if _, ok := err.(ErrNotExist); ok {
return am.newAccount(email)
}
+ return acct, err
+ }
+ return acct, err
+}
+
+// loadAccount loads an account from storage, but does not create a new one.
+func (am *ACMEManager) loadAccount(ca, email string) (acme.Account, error) {
+ regBytes, err := am.config.Storage.Load(am.storageKeyUserReg(ca, email))
+ if err != nil {
return acme.Account{}, err
}
keyBytes, err := am.config.Storage.Load(am.storageKeyUserPrivateKey(ca, email))
if err != nil {
- if _, ok := err.(ErrNotExist); ok {
- return am.newAccount(email)
- }
return acme.Account{}, err
}
return acct, fmt.Errorf("could not decode account's private key: %v", err)
}
- // TODO: July 2020 - transition to new ACME lib and account structure;
- // for a while, we will need to convert old accounts to new structure
- acct, err = am.transitionAccountToACMEzJuly2020Format(ca, acct, regBytes)
- if err != nil {
- return acct, fmt.Errorf("one-time account transition: %v", err)
- }
-
- return acct, err
-}
-
-// TODO: this is a temporary transition helper starting July 2020.
-// It can go away when we think enough time has passed that most active assets have transitioned.
-func (am *ACMEManager) transitionAccountToACMEzJuly2020Format(ca string, acct acme.Account, regBytes []byte) (acme.Account, error) {
- if acct.Status != "" && acct.Location != "" {
- return acct, nil
- }
-
- var oldAcct struct {
- Email string `json:"Email"`
- Registration struct {
- Body struct {
- Status string `json:"status"`
- TermsOfServiceAgreed bool `json:"termsOfServiceAgreed"`
- Orders string `json:"orders"`
- ExternalAccountBinding json.RawMessage `json:"externalAccountBinding"`
- } `json:"body"`
- URI string `json:"uri"`
- } `json:"Registration"`
- }
- err := json.Unmarshal(regBytes, &oldAcct)
- if err != nil {
- return acct, fmt.Errorf("decoding into old account type: %v", err)
- }
-
- acct.Status = oldAcct.Registration.Body.Status
- acct.TermsOfServiceAgreed = oldAcct.Registration.Body.TermsOfServiceAgreed
- acct.Location = oldAcct.Registration.URI
- acct.ExternalAccountBinding = oldAcct.Registration.Body.ExternalAccountBinding
- acct.Orders = oldAcct.Registration.Body.Orders
- if oldAcct.Email != "" {
- acct.Contact = []string{"mailto:" + oldAcct.Email}
- }
-
- err = am.saveAccount(ca, acct)
- if err != nil {
- return acct, fmt.Errorf("saving converted account: %v", err)
- }
-
return acct, nil
}
return acct, nil
}
+// GetAccount first tries loading the account with the associated private key from storage.
+// If it does not exist in storage, it will be retrieved from the ACME server and added to storage.
+// The account must already exist; it does not create a new account.
+func (am *ACMEManager) GetAccount(ctx context.Context, privateKeyPEM []byte) (acme.Account, error) {
+ account, err := am.loadAccountByKey(ctx, privateKeyPEM)
+ if err != nil {
+ if _, ok := err.(ErrNotExist); ok {
+ account, err = am.lookUpAccount(ctx, privateKeyPEM)
+ } else {
+ return account, err
+ }
+ }
+ return account, err
+}
+
+// loadAccountByKey loads the account with the given private key from storage, if it exists.
+// If it does not exist, an error of type ErrNotExist is returned. This is not very efficient
+// for lots of accounts.
+func (am *ACMEManager) loadAccountByKey(ctx context.Context, privateKeyPEM []byte) (acme.Account, error) {
+ accountList, err := am.config.Storage.List(am.storageKeyUsersPrefix(am.CA), false)
+ if err != nil {
+ return acme.Account{}, err
+ }
+ for _, accountFolderKey := range accountList {
+ email := path.Base(accountFolderKey)
+ keyBytes, err := am.config.Storage.Load(am.storageKeyUserPrivateKey(am.CA, email))
+ if err != nil {
+ return acme.Account{}, err
+ }
+ if bytes.Equal(bytes.TrimSpace(keyBytes), bytes.TrimSpace(privateKeyPEM)) {
+ return am.loadAccount(am.CA, email)
+ }
+ }
+ return acme.Account{}, ErrNotExist(fmt.Errorf("no account found with that key"))
+}
+
+// lookUpAccount looks up the account associated with privateKeyPEM from the ACME server.
+// If the account is found by the server, it will be saved to storage and returned.
+func (am *ACMEManager) lookUpAccount(ctx context.Context, privateKeyPEM []byte) (acme.Account, error) {
+ client, err := am.newACMEClient(false)
+ if err != nil {
+ return acme.Account{}, fmt.Errorf("creating ACME client: %v", err)
+ }
+
+ privateKey, err := decodePrivateKey([]byte(privateKeyPEM))
+ if err != nil {
+ return acme.Account{}, fmt.Errorf("decoding private key: %v", err)
+ }
+
+ // look up the account
+ account := acme.Account{PrivateKey: privateKey}
+ account, err = client.GetAccount(ctx, account)
+ if err != nil {
+ return acme.Account{}, fmt.Errorf("looking up account with server: %v", err)
+ }
+
+ // save the account details to storage
+ err = am.saveAccount(client.Directory, account)
+ if err != nil {
+ return account, fmt.Errorf("could not save account to storage: %v", err)
+ }
+
+ return account, nil
+}
+
// saveAccount persists an ACME account's info and private key to storage.
// It does NOT register the account via ACME or prompt the user.
func (am *ACMEManager) saveAccount(ca string, account acme.Account) error {
return answer == "y" || answer == "yes"
}
+func storageKeyACMECAPrefix(issuerKey string) string {
+ return path.Join(prefixACME, StorageKeys.Safe(issuerKey))
+}
+
func (am *ACMEManager) storageKeyCAPrefix(caURL string) string {
- return path.Join(prefixACME, StorageKeys.Safe(am.issuerKey(caURL)))
+ return storageKeyACMECAPrefix(am.issuerKey(caURL))
}
func (am *ACMEManager) storageKeyUsersPrefix(caURL string) string {
// get all the key infos ahead of sorting, because
// we might filter some out
stats := make(map[string]KeyInfo)
- for i, u := range accountList {
+ for i := 0; i < len(accountList); i++ {
+ u := accountList[i]
keyInfo, err := am.config.Storage.Stat(u)
if err != nil {
continue
// frankly one's OS shouldn't mess with the data folder
// in the first place.
accountList = append(accountList[:i], accountList[i+1:]...)
+ i--
continue
}
stats[u] = keyInfo
weakrand.Seed(time.Now().UnixNano())
}
-// acmeClient holds state necessary for us to perform
-// ACME operations for certificate management. Call
-// ACMEManager.newACMEClient() to get a valid one to .
+// acmeClient holds state necessary to perform ACME operations
+// for certificate management with an ACME account. Call
+// ACMEManager.newACMEClientWithAccount() to get a valid one.
type acmeClient struct {
mgr *ACMEManager
acmeClient *acmez.Client
account acme.Account
}
-// newACMEClient creates the underlying ACME library client type.
-// If useTestCA is true, am.TestCA will be used if it is set;
-// otherwise, the primary CA will still be used.
-func (am *ACMEManager) newACMEClient(ctx context.Context, useTestCA, interactive bool) (*acmeClient, error) {
+// newACMEClientWithAccount creates an ACME client ready to use with an account, including
+// loading one from storage or registering a new account with the CA if necessary. If
+// useTestCA is true, am.TestCA will be used if set; otherwise, the primary CA will be used.
+func (am *ACMEManager) newACMEClientWithAccount(ctx context.Context, useTestCA, interactive bool) (*acmeClient, error) {
+ // first, get underlying ACME client
+ client, err := am.newACMEClient(useTestCA)
+ if err != nil {
+ return nil, err
+ }
+
+ // look up or create the ACME account
+ var account acme.Account
+ if am.AccountKeyPEM != "" {
+ account, err = am.GetAccount(ctx, []byte(am.AccountKeyPEM))
+ } else {
+ account, err = am.getAccount(client.Directory, am.Email)
+ }
+ if err != nil {
+ return nil, fmt.Errorf("getting ACME account: %v", err)
+ }
+
+ // register account if it is new
+ if account.Status == "" {
+ if am.NewAccountFunc != nil {
+ account, err = am.NewAccountFunc(ctx, am, account)
+ if err != nil {
+ return nil, fmt.Errorf("account pre-registration callback: %v", err)
+ }
+ }
+
+ // agree to terms
+ if interactive {
+ if !am.Agreed {
+ var termsURL string
+ dir, err := client.GetDirectory(ctx)
+ if err != nil {
+ return nil, fmt.Errorf("getting directory: %w", err)
+ }
+ if dir.Meta != nil {
+ termsURL = dir.Meta.TermsOfService
+ }
+ if termsURL != "" {
+ am.Agreed = am.askUserAgreement(termsURL)
+ if !am.Agreed {
+ return nil, fmt.Errorf("user must agree to CA terms")
+ }
+ }
+ }
+ } else {
+ // can't prompt a user who isn't there; they should
+ // have reviewed the terms beforehand
+ am.Agreed = true
+ }
+ account.TermsOfServiceAgreed = am.Agreed
+
+ // associate account with external binding, if configured
+ if am.ExternalAccount != nil {
+ err := account.SetExternalAccountBinding(ctx, client.Client, *am.ExternalAccount)
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ // create account
+ account, err = client.NewAccount(ctx, account)
+ if err != nil {
+ return nil, fmt.Errorf("registering account %v with server: %w", account.Contact, err)
+ }
+
+ // persist the account to storage
+ err = am.saveAccount(client.Directory, account)
+ if err != nil {
+ return nil, fmt.Errorf("could not save account %v: %v", account.Contact, err)
+ }
+ }
+
+ c := &acmeClient{
+ mgr: am,
+ acmeClient: client,
+ account: account,
+ }
+
+ return c, nil
+}
+
+// newACMEClient creates a new underlying ACME client using the settings in am,
+// independent of any particular ACME account. If useTestCA is true, am.TestCA
+// will be used if it is set; otherwise, the primary CA will be used.
+func (am *ACMEManager) newACMEClient(useTestCA bool) (*acmez.Client, error) {
// ensure defaults are filled in
var caURL string
if useTestCA {
return nil, fmt.Errorf("%s: insecure CA URL (HTTPS required)", caURL)
}
- // look up or create the ACME account
- account, err := am.getAccount(caURL, am.Email)
- if err != nil {
- return nil, fmt.Errorf("getting ACME account: %v", err)
- }
-
// set up the dialers and resolver for the ACME client's HTTP client
dialer := &net.Dialer{
Timeout: 30 * time.Second,
useHTTPPort = am.AltHTTPPort
}
client.ChallengeSolvers[acme.ChallengeTypeHTTP01] = distributedSolver{
- acmeManager: am,
+ storage: am.config.Storage,
+ storageKeyIssuerPrefix: am.storageKeyCAPrefix(client.Directory),
solver: &httpSolver{
acmeManager: am,
address: net.JoinHostPort(am.ListenHost, strconv.Itoa(useHTTPPort)),
},
- caURL: client.Directory,
}
}
useTLSALPNPort = am.AltTLSALPNPort
}
client.ChallengeSolvers[acme.ChallengeTypeTLSALPN01] = distributedSolver{
- acmeManager: am,
+ storage: am.config.Storage,
+ storageKeyIssuerPrefix: am.storageKeyCAPrefix(client.Directory),
solver: &tlsALPNSolver{
config: am.config,
address: net.JoinHostPort(am.ListenHost, strconv.Itoa(useTLSALPNPort)),
},
- caURL: client.Directory,
}
}
} else {
client.ChallengeSolvers[acme.ChallengeTypeDNS01] = am.DNS01Solver
}
- // register account if it is new
- if account.Status == "" {
- if am.NewAccountFunc != nil {
- err = am.NewAccountFunc(ctx, am, account)
- if err != nil {
- return nil, fmt.Errorf("account pre-registration callback: %v", err)
- }
- }
-
- // agree to terms
- if interactive {
- if !am.Agreed {
- var termsURL string
- dir, err := client.GetDirectory(ctx)
- if err != nil {
- return nil, fmt.Errorf("getting directory: %w", err)
- }
- if dir.Meta != nil {
- termsURL = dir.Meta.TermsOfService
- }
- if termsURL != "" {
- am.Agreed = am.askUserAgreement(termsURL)
- if !am.Agreed {
- return nil, fmt.Errorf("user must agree to CA terms")
- }
- }
- }
- } else {
- // can't prompt a user who isn't there; they should
- // have reviewed the terms beforehand
- am.Agreed = true
- }
- account.TermsOfServiceAgreed = am.Agreed
-
- // associate account with external binding, if configured
- if am.ExternalAccount != nil {
- err := account.SetExternalAccountBinding(ctx, client.Client, *am.ExternalAccount)
- if err != nil {
- return nil, err
- }
- }
-
- // create account
- account, err = client.NewAccount(ctx, account)
- if err != nil {
- return nil, fmt.Errorf("registering account with server: %w", err)
- }
-
- // persist the account to storage
- err = am.saveAccount(caURL, account)
- if err != nil {
- return nil, fmt.Errorf("could not save account: %v", err)
- }
- }
-
- c := &acmeClient{
- mgr: am,
- acmeClient: client,
- account: account,
+ // wrap solvers in our wrapper so that we can keep track of challenge
+ // info: this is useful for solving challenges globally as a process;
+ // for example, usually there is only one process that can solve the
+ // HTTP and TLS-ALPN challenges, and only one server in that process
+ // that can bind the necessary port(s), so if a server listening on
+ // a different port needed a certificate, it would have to know about
+ // the other server listening on that port, and somehow convey its
+ // challenge info or share its config, but this isn't always feasible;
+ // what the wrapper does is it accesses a global challenge memory so
+ // that unrelated servers in this process can all solve each others'
+ // challenges without having to know about each other - Caddy's admin
+ // endpoint uses this functionality since it and the HTTP/TLS modules
+ // do not know about each other
+ // (doing this here in a separate loop ensures that even if we expose
+ // solver config to users later, we will even wrap their own solvers)
+ for name, solver := range client.ChallengeSolvers {
+ client.ChallengeSolvers[name] = solverWrapper{solver}
}
- return c, nil
+ return client, nil
}
func (c *acmeClient) throttle(ctx context.Context, names []string) error {
// RateLimitEvents is how many new events can be allowed
// in RateLimitEventsWindow.
- RateLimitEvents = 10
+ RateLimitEvents = 20
// RateLimitEventsWindow is the size of the sliding
// window that throttles events.
"fmt"
"net/http"
"net/url"
+ "sort"
"strings"
"time"
// Issuer, and Revoker interfaces.
//
// It is NOT VALID to use an ACMEManager without calling NewACMEManager().
-// It fills in default values from DefaultACME as well as setting up
+// It fills in any default values from DefaultACME as well as setting up
// internal state that is necessary for valid use. Always call
// NewACMEManager() to get a valid ACMEManager value.
type ACMEManager struct {
// selecting an existing ACME server account
Email string
+ // The PEM-encoded private key of the ACME
+ // account to use; only needed if the account
+ // is already created on the server and
+ // can be looked up with the ACME protocol
+ AccountKeyPEM string
+
// Set to true if agreed to the CA's
// subscriber agreement
Agreed bool
// Callback function that is called before a
// new ACME account is registered with the CA;
// it allows for last-second config changes
- // of the ACMEManager (TODO: this feature is
- // still EXPERIMENTAL and subject to change)
- NewAccountFunc func(context.Context, *ACMEManager, acme.Account) error
+ // of the ACMEManager and the Account.
+ // (TODO: this feature is still EXPERIMENTAL and subject to change)
+ NewAccountFunc func(context.Context, *ACMEManager, acme.Account) (acme.Account, error)
+
+ // Preferences for selecting alternate
+ // certificate chains
+ PreferredChains ChainPreference
// Set a logger to enable logging
Logger *zap.Logger
// NewACMEManager constructs a valid ACMEManager based on a template
// configuration; any empty values will be filled in by defaults in
-// DefaultACME. The associated config is also required.
+// DefaultACME, and if any required values are still empty, sensible
+// defaults will be used.
//
-// Typically, you'll create the Config first, then call NewACMEManager(),
-// then assign the return value to the Issuer/Revoker fields of the Config.
+// Typically, you'll create the Config first with New() or NewDefault(),
+// then call NewACMEManager(), then assign the return value to the Issuers
+// field of the Config.
func NewACMEManager(cfg *Config, template ACMEManager) *ACMEManager {
if cfg == nil {
panic("cannot make valid ACMEManager without an associated CertMagic config")
if template.Email == "" {
template.Email = DefaultACME.Email
}
+ if template.AccountKeyPEM == "" {
+ template.AccountKeyPEM = DefaultACME.AccountKeyPEM
+ }
if !template.Agreed {
template.Agreed = DefaultACME.Agreed
}
return am.issuerKey(am.CA)
}
-func (am *ACMEManager) issuerKey(ca string) string {
+func (*ACMEManager) issuerKey(ca string) string {
key := ca
if caURL, err := url.Parse(key); err == nil {
key = caURL.Host
// batch is eligible for certificates if using Let's Encrypt.
// It also ensures that an email address is available.
func (am *ACMEManager) PreCheck(_ context.Context, names []string, interactive bool) error {
- letsEncrypt := strings.Contains(am.CA, "api.letsencrypt.org")
- if letsEncrypt {
+ publicCA := strings.Contains(am.CA, "api.letsencrypt.org") || strings.Contains(am.CA, "acme.zerossl.com")
+ if publicCA {
for _, name := range names {
if !SubjectQualifiesForPublicCert(name) {
- return fmt.Errorf("subject does not qualify for a Let's Encrypt certificate: %s", name)
+ return fmt.Errorf("subject does not qualify for a public certificate: %s", name)
}
}
}
}
func (am *ACMEManager) doIssue(ctx context.Context, csr *x509.CertificateRequest, useTestCA bool) (*IssuedCertificate, bool, error) {
- client, err := am.newACMEClient(ctx, useTestCA, false)
+ client, err := am.newACMEClientWithAccount(ctx, useTestCA, false)
if err != nil {
return nil, false, err
}
if err != nil {
return nil, usingTestCA, fmt.Errorf("%v %w (ca=%s)", nameSet, err, client.acmeClient.Directory)
}
+ if len(certChains) == 0 {
+ return nil, usingTestCA, fmt.Errorf("no certificate chains")
+ }
+
+ preferredChain := am.selectPreferredChain(certChains)
- // TODO: ACME server could in theory issue a cert with multiple chains,
- // but we don't (yet) have a way to choose one, so just use first one
ic := &IssuedCertificate{
- Certificate: certChains[0].ChainPEM,
- Metadata: certChains[0],
+ Certificate: preferredChain.ChainPEM,
+ Metadata: preferredChain,
}
return ic, usingTestCA, nil
}
+// selectPreferredChain sorts and then filters the certificate chains to find the optimal
+// chain preferred by the client. If there's only one chain, that is returned without any
+// processing. If there are no matches, the first chain is returned.
+func (am *ACMEManager) selectPreferredChain(certChains []acme.Certificate) acme.Certificate {
+ if len(certChains) == 1 {
+ if am.Logger != nil && (len(am.PreferredChains.AnyCommonName) > 0 || len(am.PreferredChains.RootCommonName) > 0) {
+ am.Logger.Debug("there is only one chain offered; selecting it regardless of preferences",
+ zap.String("chain_url", certChains[0].URL))
+ }
+ return certChains[0]
+ }
+
+ if am.PreferredChains.Smallest != nil {
+ if *am.PreferredChains.Smallest {
+ sort.Slice(certChains, func(i, j int) bool {
+ return len(certChains[i].ChainPEM) < len(certChains[j].ChainPEM)
+ })
+ } else {
+ sort.Slice(certChains, func(i, j int) bool {
+ return len(certChains[i].ChainPEM) > len(certChains[j].ChainPEM)
+ })
+ }
+ }
+
+ if len(am.PreferredChains.AnyCommonName) > 0 || len(am.PreferredChains.RootCommonName) > 0 {
+ // in order to inspect, we need to decode their PEM contents
+ decodedChains := make([][]*x509.Certificate, len(certChains))
+ for i, chain := range certChains {
+ certs, err := parseCertsFromPEMBundle(chain.ChainPEM)
+ if err != nil {
+ if am.Logger != nil {
+ am.Logger.Error("unable to parse PEM certificate chain",
+ zap.Int("chain", i),
+ zap.Error(err))
+ }
+ continue
+ }
+ decodedChains[i] = certs
+ }
+
+ if len(am.PreferredChains.AnyCommonName) > 0 {
+ for _, prefAnyCN := range am.PreferredChains.AnyCommonName {
+ for i, chain := range decodedChains {
+ for _, cert := range chain {
+ if cert.Issuer.CommonName == prefAnyCN {
+ if am.Logger != nil {
+ am.Logger.Debug("found preferred certificate chain by issuer common name",
+ zap.String("preference", prefAnyCN),
+ zap.Int("chain", i))
+ }
+ return certChains[i]
+ }
+ }
+ }
+ }
+ }
+
+ if len(am.PreferredChains.RootCommonName) > 0 {
+ for _, prefRootCN := range am.PreferredChains.RootCommonName {
+ for i, chain := range decodedChains {
+ if chain[len(chain)-1].Issuer.CommonName == prefRootCN {
+ if am.Logger != nil {
+ am.Logger.Debug("found preferred certificate chain by root common name",
+ zap.String("preference", prefRootCN),
+ zap.Int("chain", i))
+ }
+ return certChains[i]
+ }
+ }
+ }
+ }
+
+ if am.Logger != nil {
+ am.Logger.Warn("did not find chain matching preferences; using first")
+ }
+ }
+
+ return certChains[0]
+}
+
// Revoke implements the Revoker interface. It revokes the given certificate.
func (am *ACMEManager) Revoke(ctx context.Context, cert CertificateResource, reason int) error {
- client, err := am.newACMEClient(ctx, false, false)
+ client, err := am.newACMEClientWithAccount(ctx, false, false)
if err != nil {
return err
}
return client.revoke(ctx, certs[0], reason)
}
-// DefaultACME specifies the default settings
-// to use for ACMEManagers.
+// ChainPreference describes the client's preferred certificate chain,
+// useful if the CA offers alternate chains. The first matching chain
+// will be selected.
+type ChainPreference struct {
+ // Prefer chains with the fewest number of bytes.
+ Smallest *bool
+
+ // Select first chain having a root with one of
+ // these common names.
+ RootCommonName []string
+
+ // Select first chain that has any issuer with one
+ // of these common names.
+ AnyCommonName []string
+}
+
+// DefaultACME specifies default settings to use for ACMEManagers.
+// Using this value is optional but can be convenient.
var DefaultACME = ACMEManager{
CA: LetsEncryptProductionCA,
TestCA: LetsEncryptStagingCA,
const (
LetsEncryptStagingCA = "https://acme-staging-v02.api.letsencrypt.org/directory"
LetsEncryptProductionCA = "https://acme-v02.api.letsencrypt.org/directory"
+ ZeroSSLProductionCA = "https://acme.zerossl.com/v2/DV90"
)
// prefixACME is the storage key prefix used for ACME-specific assets.
return cert, nil
}
-// loadManagedCertificate loads the managed certificate for domain,
-// but it does not add it to the cache. It just loads from storage.
+// loadManagedCertificate loads the managed certificate for domain from any
+// of the configured issuers' storage locations, but it does not add it to
+// the cache. It just loads from storage and returns it.
func (cfg *Config) loadManagedCertificate(domain string) (Certificate, error) {
- certRes, err := cfg.loadCertResource(domain)
+ certRes, err := cfg.loadCertResourceAnyIssuer(domain)
if err != nil {
return Certificate{}, err
}
if err != nil {
return err
}
- _, err = stapleOCSP(cfg.Storage, &cert, nil)
+ _, err = stapleOCSP(cfg.OCSP, cfg.Storage, &cert, nil)
if err != nil && cfg.Logger != nil {
cfg.Logger.Warn("stapling OCSP", zap.Error(err))
}
if err != nil {
return cert, err
}
- _, err = stapleOCSP(cfg.Storage, &cert, certPEMBlock)
+ _, err = stapleOCSP(cfg.OCSP, cfg.Storage, &cert, certPEMBlock)
if err != nil && cfg.Logger != nil {
cfg.Logger.Warn("stapling OCSP", zap.Error(err))
}
// meantime, and it would be a good idea to simply load the cert
// into our cache rather than repeating the renewal process again.
func (cfg *Config) managedCertInStorageExpiresSoon(cert Certificate) (bool, error) {
- certRes, err := cfg.loadCertResource(cert.Names[0])
+ certRes, err := cfg.loadCertResourceAnyIssuer(cert.Names[0])
if err != nil {
return false, err
}
- tlsCert, err := tls.X509KeyPair(certRes.CertificatePEM, certRes.PrivateKeyPEM)
- if err != nil {
- return false, err
- }
- leaf, err := x509.ParseCertificate(tlsCert.Certificate[0])
- if err != nil {
- return false, err
- }
- return currentlyInRenewalWindow(leaf.NotBefore, leaf.NotAfter, cfg.RenewalWindowRatio), nil
+ _, needsRenew := cfg.managedCertNeedsRenewal(certRes)
+ return needsRenew, nil
}
// reloadManagedCertificate reloads the certificate corresponding to the name(s)
!strings.HasPrefix(subj, ".") &&
!strings.HasSuffix(subj, ".") &&
- // if it has a wildcard, must be a left-most label
- (!strings.Contains(subj, "*") || strings.HasPrefix(subj, "*.")) &&
+ // if it has a wildcard, must be a left-most label (or exactly "*"
+ // which won't be trusted by browsers but still technically works)
+ (!strings.Contains(subj, "*") || strings.HasPrefix(subj, "*.") || subj == "*") &&
// must not contain other common special characters
!strings.ContainsAny(subj, "()[]{}<> \t\n\"\\!@#$%^&|;'+=")
// allowed, as long as they conform to CABF requirements (only
// one wildcard label, and it must be the left-most label).
func SubjectQualifiesForPublicCert(subj string) bool {
- // must at least qualify for certificate
+ // must at least qualify for a certificate
return SubjectQualifiesForCert(subj) &&
- // localhost is ineligible
- subj != "localhost" &&
-
- // .localhost TLD is ineligible
- !strings.HasSuffix(subj, ".localhost") &&
+ // localhost, .localhost TLD, and .local TLD are ineligible
+ !SubjectIsInternal(subj) &&
- // .local TLD is ineligible
- !strings.HasSuffix(subj, ".local") &&
+ // cannot be an IP address (as of yet), see
+ // https://community.letsencrypt.org/t/certificate-for-static-ip/84/2?u=mholt
+ !SubjectIsIP(subj) &&
- // only one wildcard label allowed, and it must be left-most
+ // only one wildcard label allowed, and it must be left-most, with 3+ labels
(!strings.Contains(subj, "*") ||
(strings.Count(subj, "*") == 1 &&
+ strings.Count(subj, ".") > 1 &&
len(subj) > 2 &&
- strings.HasPrefix(subj, "*."))) &&
+ strings.HasPrefix(subj, "*.")))
+}
- // cannot be an IP address (as of yet), see
- // https://community.letsencrypt.org/t/certificate-for-static-ip/84/2?u=mholt
- net.ParseIP(subj) == nil
+// SubjectIsIP returns true if subj is an IP address.
+func SubjectIsIP(subj string) bool {
+ return net.ParseIP(subj) != nil
+}
+
+// SubjectIsInternal returns true if subj is an internal-facing
+// hostname or address.
+func SubjectIsInternal(subj string) bool {
+ return subj == "localhost" ||
+ strings.HasSuffix(subj, ".localhost") ||
+ strings.HasSuffix(subj, ".local")
}
// MatchWildcard returns true if subject (a candidate DNS name)
// matches wildcard (a reference DNS name), mostly according to
-// RFC6125-compliant wildcard rules.
+// RFC 6125-compliant wildcard rules. See also RFC 2818 which
+// states that IP addresses must match exactly, but this function
+// does not attempt to distinguish IP addresses from internal or
+// external DNS names that happen to look like IP addresses.
+// It uses DNS wildcard matching logic.
+// https://tools.ietf.org/html/rfc2818#section-3.1
func MatchWildcard(subject, wildcard string) bool {
if subject == wildcard {
return true
WriteTimeout: 5 * time.Second,
IdleTimeout: 5 * time.Second,
}
- if am, ok := cfg.Issuer.(*ACMEManager); ok {
- httpServer.Handler = am.HTTPChallengeHandler(http.HandlerFunc(httpRedirectHandler))
+ if len(cfg.Issuers) > 0 {
+ if am, ok := cfg.Issuers[0].(*ACMEManager); ok {
+ httpServer.Handler = am.HTTPChallengeHandler(http.HandlerFunc(httpRedirectHandler))
+ }
}
httpsServer := &http.Server{
ReadHeaderTimeout: 10 * time.Second,
// Default contains the package defaults for the
// various Config fields. This is used as a template
-// when creating your own Configs with New(), and it
-// is also used as the Config by all the high-level
-// functions in this package.
+// when creating your own Configs with New() or
+// NewDefault(), and it is also used as the Config
+// by all the high-level functions in this package
+// that abstract away most configuration (HTTPS(),
+// TLS(), Listen(), etc).
//
// The fields of this value will be used for Config
// fields which are unset. Feel free to modify these
// obtained by calling New() (if you have your own
// certificate cache) or NewDefault() (if you only
// need a single config and want to use the default
-// cache). This is the only Config which can access
-// the default certificate cache.
+// cache).
+//
+// Even if the Issuers or Storage fields are not set,
+// defaults will be applied in the call to New().
var Default = Config{
RenewalWindowRatio: DefaultRenewalWindowRatio,
Storage: defaultFileStorage,
// are set to; otherwise ACME challenges will fail.
var (
// HTTPPort is the port on which to serve HTTP
- // and, by extension, the HTTP challenge (unless
+ // and, as such, the HTTP challenge (unless
// Default.AltHTTPPort is set).
HTTPPort = 80
// HTTPSPort is the port on which to serve HTTPS
- // and, by extension, the TLS-ALPN challenge
+ // and, as such, the TLS-ALPN challenge
// (unless Default.AltTLSALPNPort is set).
HTTPSPort = 443
)
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
+ "encoding/json"
"fmt"
weakrand "math/rand"
"net"
"time"
"github.com/mholt/acmez"
+ "github.com/mholt/acmez/acme"
"go.uber.org/zap"
+ "golang.org/x/net/idna"
)
// Config configures a certificate manager instance.
// DefaultServerName specifies a server name
// to use when choosing a certificate if the
- // ClientHello's ServerName field is empty
+ // ClientHello's ServerName field is empty.
DefaultServerName string
// The state needed to operate on-demand TLS;
// if non-nil, on-demand TLS is enabled and
// certificate operations are deferred to
- // TLS handshakes (or as-needed)
+ // TLS handshakes (or as-needed).
// TODO: Can we call this feature "Reactive/Lazy/Passive TLS" instead?
OnDemand *OnDemandConfig
- // Add the must staple TLS extension to the CSR
+ // Adds the must staple TLS extension to the CSR.
MustStaple bool
- // The type that issues certificates; the
- // default Issuer is ACMEManager
- Issuer Issuer
-
- // The type that revokes certificates; must
- // be configured in conjunction with the Issuer
- // field such that both the Issuer and Revoker
- // are related (because issuance information is
- // required for revocation)
- Revoker Revoker
+ // The source for getting new certificates; the
+ // default Issuer is ACMEManager. If multiple
+ // issuers are specified, they will be tried in
+ // turn until one succeeds.
+ Issuers []Issuer
// The source of new private keys for certificates;
- // the default KeySource is StandardKeyGenerator
+ // the default KeySource is StandardKeyGenerator.
KeySource KeyGenerator
// CertSelection chooses one of the certificates
// with which the ClientHello will be completed;
// if not set, DefaultCertificateSelector will
- // be used
+ // be used.
CertSelection CertificateSelector
- // The storage to access when storing or
- // loading TLS assets
+ // OCSP configures how OCSP is handled. By default,
+ // OCSP responses are fetched for every certificate
+ // with a responder URL, and cached on disk. Changing
+ // these defaults is STRONGLY discouraged unless you
+ // have a compelling reason to put clients at greater
+ // risk and reduce their privacy.
+ OCSP OCSPConfig
+
+ // The storage to access when storing or loading
+ // TLS assets. Default is the local file system.
Storage Storage
- // Set a logger to enable logging
+ // Set a logger to enable logging.
Logger *zap.Logger
// required pointer to the in-memory cert cache
// same, default certificate cache. All configs returned
// by NewDefault() are based on the values of the fields of
// Default at the time it is called.
+//
+// This is the only way to get a config that uses the
+// default certificate cache.
func NewDefault() *Config {
defaultCacheMu.Lock()
if defaultCache == nil {
// the vast majority of cases, there will be only a
// single Config, thus the default cache (which always
// uses the default Config) and default config will
-// suffice, and you should use New() instead.
+// suffice, and you should use NewDefault() instead.
func New(certCache *Cache, cfg Config) *Config {
if certCache == nil {
panic("a certificate cache is required")
if cfg.Storage == nil {
cfg.Storage = Default.Storage
}
- if cfg.Issuer == nil {
- cfg.Issuer = Default.Issuer
- if cfg.Issuer == nil {
- // okay really, we need an issuer,
- // that's kind of the point; most
- // people would probably want ACME
- cfg.Issuer = NewACMEManager(&cfg, DefaultACME)
- }
- // issuer and revoker go together; if user
- // specifies their own issuer, we don't want
- // to override their revoker, hence we only
- // do this if Issuer was also nil
- if cfg.Revoker == nil {
- cfg.Revoker = Default.Revoker
- if cfg.Revoker == nil {
- cfg.Revoker = NewACMEManager(&cfg, DefaultACME)
- }
+ if len(cfg.Issuers) == 0 {
+ cfg.Issuers = Default.Issuers
+ if len(cfg.Issuers) == 0 {
+ // at least one issuer is absolutely required
+ cfg.Issuers = []Issuer{NewACMEManager(&cfg, DefaultACME)}
}
}
cfg.Storage = defaultFileStorage
}
- // ensure the unexported fields are valid
cfg.certCache = certCache
return &cfg
return cfg.manageAll(nil, domainNames, false)
}
+// ClientCredentials returns a list of TLS client certificate chains for the given identifiers.
+// The return value can be used in a tls.Config to enable client authentication using managed certificates.
+// Any certificates that need to be obtained or renewed for these identifiers will be managed accordingly.
+func (cfg *Config) ClientCredentials(ctx context.Context, identifiers []string) ([]tls.Certificate, error) {
+ err := cfg.manageAll(ctx, identifiers, false)
+ if err != nil {
+ return nil, err
+ }
+ var chains []tls.Certificate
+ for _, id := range identifiers {
+ certRes, err := cfg.loadCertResourceAnyIssuer(id)
+ if err != nil {
+ return chains, err
+ }
+ chain, err := tls.X509KeyPair(certRes.CertificatePEM, certRes.PrivateKeyPEM)
+ if err != nil {
+ return chains, err
+ }
+ chains = append(chains, chain)
+ }
+ return chains, nil
+}
+
// ManageAsync is the same as ManageSync, except that ACME
// operations are performed asynchronously (in the background).
// This method returns before certificates are ready. It is
return nil
}
+// Unmanage causes the certificates for domainNames to stop being managed.
+// If there are certificates for the supplied domain names in the cache, they
+// are evicted from the cache.
+func (cfg *Config) Unmanage(domainNames []string) {
+ var deleteQueue []Certificate
+ for _, domainName := range domainNames {
+ certs := cfg.certCache.AllMatchingCertificates(domainName)
+ for _, cert := range certs {
+ if !cert.managed {
+ continue
+ }
+ deleteQueue = append(deleteQueue, cert)
+ }
+ }
+
+ cfg.certCache.mu.Lock()
+ for _, cert := range deleteQueue {
+ cfg.certCache.removeCertificate(cert)
+ }
+ cfg.certCache.mu.Unlock()
+}
+
// ObtainCert obtains a certificate for name using cfg, as long
// as a certificate does not already exist in storage for that
// name. The name must qualify and cfg must be flagged as Managed.
// TODO: consider moving interactive param into the Config struct,
// and maybe retry settings into the Config struct as well? (same for RenewCert)
func (cfg *Config) ObtainCert(ctx context.Context, name string, interactive bool) error {
- if cfg.storageHasCertResources(name) {
- return nil
- }
- issuer, err := cfg.getPrecheckedIssuer(ctx, []string{name}, interactive)
- if err != nil {
- return err
+ if len(cfg.Issuers) == 0 {
+ return fmt.Errorf("no issuers configured; impossible to obtain or check for existing certificate in storage")
}
- if issuer == nil {
+ if cfg.storageHasCertResourcesAnyIssuer(name) {
return nil
}
- return cfg.obtainWithIssuer(ctx, issuer, name, interactive)
-}
-
-func loggerNamed(l *zap.Logger, name string) *zap.Logger {
- if l == nil {
- return nil
+ // ensure storage is writeable and readable
+ // TODO: this is not necessary every time; should only perform check once every so often for each storage, which may require some global state...
+ err := cfg.checkStorage()
+ if err != nil {
+ return fmt.Errorf("failed storage check: %v - storage is probably misconfigured", err)
}
- return l.Named(name)
+ return cfg.obtainCert(ctx, name, interactive)
}
-func (cfg *Config) obtainWithIssuer(ctx context.Context, issuer Issuer, name string, interactive bool) error {
+func (cfg *Config) obtainCert(ctx context.Context, name string, interactive bool) error {
log := loggerNamed(cfg.Logger, "obtain")
if log != nil {
}
// ensure idempotency of the obtain operation for this name
- lockKey := cfg.lockKey("cert_acme", name)
+ lockKey := cfg.lockKey(certIssueLockOp, name)
err := acquireLock(ctx, cfg.Storage, lockKey)
if err != nil {
- return err
+ return fmt.Errorf("unable to acquire lock '%s': %v", lockKey, err)
}
defer func() {
if log != nil {
f := func(ctx context.Context) error {
// check if obtain is still needed -- might have been obtained during lock
- if cfg.storageHasCertResources(name) {
+ if cfg.storageHasCertResourcesAnyIssuer(name) {
if log != nil {
log.Info("certificate already exists in storage", zap.String("identifier", name))
}
return err
}
- issuedCert, err := issuer.Issue(ctx, csr)
+ // try to obtain from each issuer until we succeed
+ var issuedCert *IssuedCertificate
+ var issuerUsed Issuer
+ for _, issuer := range cfg.Issuers {
+ if prechecker, ok := issuer.(PreChecker); ok {
+ err = prechecker.PreCheck(ctx, []string{name}, interactive)
+ if err != nil {
+ continue
+ }
+ }
+ issuedCert, err = issuer.Issue(ctx, csr)
+ if err == nil {
+ issuerUsed = issuer
+ break
+ }
+ }
if err != nil {
+ // TODO: only the error from the last issuer will be returned, oh well?
return fmt.Errorf("[%s] Obtain: %w", name, err)
}
PrivateKeyPEM: privKeyPEM,
IssuerData: issuedCert.Metadata,
}
- err = cfg.saveCertResource(certRes)
+ err = cfg.saveCertResource(issuerUsed, certRes)
if err != nil {
return fmt.Errorf("[%s] Obtain: saving assets: %v", name, err)
}
return err
}
+func (cfg *Config) storageHasCertResourcesAnyIssuer(name string) bool {
+ for _, iss := range cfg.Issuers {
+ if cfg.storageHasCertResources(iss, name) {
+ return true
+ }
+ }
+ return false
+}
+
// RenewCert renews the certificate for name using cfg. It stows the
// renewed certificate and its assets in storage if successful. It
// DOES NOT update the in-memory cache with the new certificate.
func (cfg *Config) RenewCert(ctx context.Context, name string, interactive bool) error {
- issuer, err := cfg.getPrecheckedIssuer(ctx, []string{name}, interactive)
- if err != nil {
- return err
+ if len(cfg.Issuers) == 0 {
+ return fmt.Errorf("no issuers configured; impossible to renew or check existing certificate in storage")
}
- if issuer == nil {
- return nil
+ // ensure storage is writeable and readable
+ // TODO: this is not necessary every time; should only perform check once every so often for each storage, which may require some global state...
+ err := cfg.checkStorage()
+ if err != nil {
+ return fmt.Errorf("failed storage check: %v - storage is probably misconfigured", err)
}
- return cfg.renewWithIssuer(ctx, issuer, name, interactive)
+ return cfg.renewCert(ctx, name, interactive)
}
-func (cfg *Config) renewWithIssuer(ctx context.Context, issuer Issuer, name string, interactive bool) error {
+func (cfg *Config) renewCert(ctx context.Context, name string, interactive bool) error {
log := loggerNamed(cfg.Logger, "renew")
if log != nil {
}
// ensure idempotency of the renew operation for this name
- lockKey := cfg.lockKey("cert_acme", name)
+ lockKey := cfg.lockKey(certIssueLockOp, name)
err := acquireLock(ctx, cfg.Storage, lockKey)
if err != nil {
- return err
+ return fmt.Errorf("unable to acquire lock '%s': %v", lockKey, err)
}
defer func() {
if log != nil {
f := func(ctx context.Context) error {
// prepare for renewal (load PEM cert, key, and meta)
- certRes, err := cfg.loadCertResource(name)
+ certRes, err := cfg.loadCertResourceAnyIssuer(name)
if err != nil {
return err
}
return err
}
- issuedCert, err := issuer.Issue(ctx, csr)
+ // try to obtain from each issuer until we succeed
+ var issuedCert *IssuedCertificate
+ var issuerUsed Issuer
+ for _, issuer := range cfg.Issuers {
+ if prechecker, ok := issuer.(PreChecker); ok {
+ err = prechecker.PreCheck(ctx, []string{name}, interactive)
+ if err != nil {
+ continue
+ }
+ }
+ issuedCert, err = issuer.Issue(ctx, csr)
+ if err == nil {
+ issuerUsed = issuer
+ break
+ }
+ }
if err != nil {
+ // TODO: only the error from the last issuer will be returned, oh well?
return fmt.Errorf("[%s] Renew: %w", name, err)
}
PrivateKeyPEM: certRes.PrivateKeyPEM,
IssuerData: issuedCert.Metadata,
}
- err = cfg.saveCertResource(newCertRes)
+ err = cfg.saveCertResource(issuerUsed, newCertRes)
if err != nil {
return fmt.Errorf("[%s] Renew: saving assets: %v", name, err)
}
} else if u, err := url.Parse(name); err == nil && strings.Contains(name, "/") {
csrTemplate.URIs = append(csrTemplate.URIs, u)
} else {
- csrTemplate.DNSNames = append(csrTemplate.DNSNames, name)
+ // convert IDNs to ASCII according to RFC 5280 section 7
+ normalizedName, err := idna.ToASCII(name)
+ if err != nil {
+ return nil, fmt.Errorf("converting identifier '%s' to ASCII: %v", name, err)
+ }
+ csrTemplate.DNSNames = append(csrTemplate.DNSNames, normalizedName)
}
}
}
// RevokeCert revokes the certificate for domain via ACME protocol. It requires
-// that cfg.Issuer is properly configured with the same issuer that issued the
+// that cfg.Issuers is properly configured with the same issuer that issued the
// certificate being revoked. See RFC 5280 §5.3.1 for reason codes.
func (cfg *Config) RevokeCert(ctx context.Context, domain string, reason int, interactive bool) error {
- rev := cfg.Revoker
- if rev == nil {
- rev = Default.Revoker
- }
+ for i, issuer := range cfg.Issuers {
+ issuerKey := issuer.IssuerKey()
- certRes, err := cfg.loadCertResource(domain)
- if err != nil {
- return err
- }
+ rev, ok := issuer.(Revoker)
+ if !ok {
+ return fmt.Errorf("issuer %d (%s) is not a Revoker", i, issuerKey)
+ }
- issuerKey := cfg.Issuer.IssuerKey()
+ certRes, err := cfg.loadCertResource(issuer, domain)
+ if err != nil {
+ return err
+ }
- if !cfg.Storage.Exists(StorageKeys.SitePrivateKey(issuerKey, domain)) {
- return fmt.Errorf("private key not found for %s", certRes.SANs)
- }
+ if !cfg.Storage.Exists(StorageKeys.SitePrivateKey(issuerKey, domain)) {
+ return fmt.Errorf("private key not found for %s", certRes.SANs)
+ }
- err = rev.Revoke(ctx, certRes, reason)
- if err != nil {
- return err
- }
+ err = rev.Revoke(ctx, certRes, reason)
+ if err != nil {
+ return fmt.Errorf("issuer %d (%s): %v", i, issuerKey, err)
+ }
- cfg.emit("cert_revoked", domain)
+ cfg.emit("cert_revoked", domain)
- err = cfg.Storage.Delete(StorageKeys.SiteCert(issuerKey, domain))
- if err != nil {
- return fmt.Errorf("certificate revoked, but unable to delete certificate file: %v", err)
- }
- err = cfg.Storage.Delete(StorageKeys.SitePrivateKey(issuerKey, domain))
- if err != nil {
- return fmt.Errorf("certificate revoked, but unable to delete private key: %v", err)
- }
- err = cfg.Storage.Delete(StorageKeys.SiteMeta(issuerKey, domain))
- if err != nil {
- return fmt.Errorf("certificate revoked, but unable to delete certificate metadata: %v", err)
+ err = cfg.Storage.Delete(StorageKeys.SiteCert(issuerKey, domain))
+ if err != nil {
+ return fmt.Errorf("certificate revoked, but unable to delete certificate file: %v", err)
+ }
+ err = cfg.Storage.Delete(StorageKeys.SitePrivateKey(issuerKey, domain))
+ if err != nil {
+ return fmt.Errorf("certificate revoked, but unable to delete private key: %v", err)
+ }
+ err = cfg.Storage.Delete(StorageKeys.SiteMeta(issuerKey, domain))
+ if err != nil {
+ return fmt.Errorf("certificate revoked, but unable to delete certificate metadata: %v", err)
+ }
}
return nil
}
}
-// getPrecheckedIssuer returns an Issuer with pre-checks
-// completed, if it is also a PreChecker. It also checks
-// that storage is functioning. If a nil Issuer is returned
-// with a nil error, that means to skip this operation
-// (not an error, just a no-op).
-func (cfg *Config) getPrecheckedIssuer(ctx context.Context, names []string, interactive bool) (Issuer, error) {
- // ensure storage is writeable and readable
- // TODO: this is not necessary every time; should only
- // perform check once every so often for each storage,
- // which may require some global state...
- err := cfg.checkStorage()
- if err != nil {
- return nil, fmt.Errorf("failed storage check: %v - storage is probably misconfigured", err)
- }
- if prechecker, ok := cfg.Issuer.(PreChecker); ok {
- err := prechecker.PreCheck(ctx, names, interactive)
- if err != nil {
- return nil, err
+// getChallengeInfo loads the challenge info from either the internal challenge memory
+// or the external storage (implying distributed solving). The second return value
+// indicates whether challenge info was loaded from external storage. If true, the
+// challenge is being solved in a distributed fashion; if false, from internal memory.
+// If no matching challenge information can be found, an error is returned.
+func (cfg *Config) getChallengeInfo(identifier string) (Challenge, bool, error) {
+ // first, check if our process initiated this challenge; if so, just return it
+ chalData, ok := GetACMEChallenge(identifier)
+ if ok {
+ return chalData, false, nil
+ }
+
+ // otherwise, perhaps another instance in the cluster initiated it; check
+ // the configured storage to retrieve challenge data
+
+ var chalInfo acme.Challenge
+ var chalInfoBytes []byte
+ var tokenKey string
+ for _, issuer := range cfg.Issuers {
+ ds := distributedSolver{
+ storage: cfg.Storage,
+ storageKeyIssuerPrefix: storageKeyACMECAPrefix(issuer.IssuerKey()),
+ }
+ tokenKey = ds.challengeTokensKey(identifier)
+ var err error
+ chalInfoBytes, err = cfg.Storage.Load(tokenKey)
+ if err == nil {
+ break
+ }
+ if _, ok := err.(ErrNotExist); ok {
+ continue
}
+ return Challenge{}, false, fmt.Errorf("opening distributed challenge token file %s: %v", tokenKey, err)
+ }
+ if len(chalInfoBytes) == 0 {
+ return Challenge{}, false, fmt.Errorf("no information found to solve challenge for identifier: %s", identifier)
+ }
+
+ err := json.Unmarshal(chalInfoBytes, &chalInfo)
+ if err != nil {
+ return Challenge{}, false, fmt.Errorf("decoding challenge token file %s (corrupted?): %v", tokenKey, err)
}
- return cfg.Issuer, nil
+
+ return Challenge{Challenge: chalInfo}, true, nil
}
// checkStorage tests the storage by writing random bytes
// associated with cfg's certificate cache has all the
// resources related to the certificate for domain: the
// certificate, the private key, and the metadata.
-func (cfg *Config) storageHasCertResources(domain string) bool {
- issuerKey := cfg.Issuer.IssuerKey()
+func (cfg *Config) storageHasCertResources(issuer Issuer, domain string) bool {
+ issuerKey := issuer.IssuerKey()
certKey := StorageKeys.SiteCert(issuerKey, domain)
keyKey := StorageKeys.SitePrivateKey(issuerKey, domain)
metaKey := StorageKeys.SiteMeta(issuerKey, domain)
// lockKey returns a key for a lock that is specific to the operation
// named op being performed related to domainName and this config's CA.
func (cfg *Config) lockKey(op, domainName string) string {
- return fmt.Sprintf("%s_%s_%s", op, domainName, cfg.Issuer.IssuerKey())
+ return fmt.Sprintf("%s_%s", op, domainName)
}
-// managedCertNeedsRenewal returns true if certRes is
-// expiring soon or already expired, or if the process
-// of checking the expiration returned an error.
+// managedCertNeedsRenewal returns true if certRes is expiring soon or already expired,
+// or if the process of decoding the cert and checking its expiration returned an error.
func (cfg *Config) managedCertNeedsRenewal(certRes CertificateResource) (time.Duration, bool) {
- cert, err := makeCertificate(certRes.CertificatePEM, certRes.PrivateKeyPEM)
+ certChain, err := parseCertsFromPEMBundle(certRes.CertificatePEM)
if err != nil {
return 0, true
}
- return time.Until(cert.Leaf.NotAfter), cert.NeedsRenewal(cfg)
+ remaining := time.Until(certChain[0].NotAfter)
+ needsRenew := currentlyInRenewalWindow(certChain[0].NotBefore, certChain[0].NotAfter, cfg.RenewalWindowRatio)
+ return remaining, needsRenew
}
func (cfg *Config) emit(eventName string, data interface{}) {
cfg.OnEvent(eventName, data)
}
+func loggerNamed(l *zap.Logger, name string) *zap.Logger {
+ if l == nil {
+ return nil
+ }
+ return l.Named(name)
+}
+
// CertificateSelector is a type which can select a certificate to use given multiple choices.
type CertificateSelector interface {
SelectCertificate(*tls.ClientHelloInfo, []Certificate) (Certificate, error)
}
+// OCSPConfig configures how OCSP is handled.
+type OCSPConfig struct {
+ // Disable automatic OCSP stapling; strongly
+ // discouraged unless you have a good reason.
+ // Disabling this puts clients at greater risk
+ // and reduces their privacy.
+ DisableStapling bool
+
+ // A map of OCSP responder domains to replacement
+ // domains for querying OCSP servers. Used for
+ // overriding the OCSP responder URL that is
+ // embedded in certificates. Mapping to an empty
+ // URL will disable OCSP from that responder.
+ ResponderOverrides map[string]string
+}
+
+// certIssueLockOp is the name of the operation used
+// when naming a lock to make it mutually exclusive
+// with other certificate issuance operations for a
+// certain name.
+const certIssueLockOp = "issue_cert"
+
// Constants for PKIX MustStaple extension.
var (
tlsFeatureExtensionOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 24}
"encoding/pem"
"fmt"
"hash/fnv"
+ "sort"
"strings"
"github.com/klauspost/cpuid"
+ "go.uber.org/zap"
+ "golang.org/x/net/idna"
)
// encodePrivateKey marshals a EC or RSA private key into a PEM-encoded array of bytes.
// saveCertResource saves the certificate resource to disk. This
// includes the certificate file itself, the private key, and the
// metadata file.
-func (cfg *Config) saveCertResource(cert CertificateResource) error {
+func (cfg *Config) saveCertResource(issuer Issuer, cert CertificateResource) error {
metaBytes, err := json.MarshalIndent(cert, "", "\t")
if err != nil {
return fmt.Errorf("encoding certificate metadata: %v", err)
}
- issuerKey := cfg.Issuer.IssuerKey()
+ issuerKey := issuer.IssuerKey()
certKey := cert.NamesKey()
all := []keyValue{
return storeTx(cfg.Storage, all)
}
-func (cfg *Config) loadCertResource(certNamesKey string) (CertificateResource, error) {
- var certRes CertificateResource
- issuerKey := cfg.Issuer.IssuerKey()
- certBytes, err := cfg.Storage.Load(StorageKeys.SiteCert(issuerKey, certNamesKey))
- if err != nil {
- return CertificateResource{}, err
+// loadCertResourceAnyIssuer loads and returns the certificate resource from any
+// of the configured issuers. If multiple are found (e.g. if there are 3 issuers
+// configured, and all 3 have a resource matching certNamesKey), then the newest
+// (latest NotBefore date) resource will be chosen.
+func (cfg *Config) loadCertResourceAnyIssuer(certNamesKey string) (CertificateResource, error) {
+ // we can save some extra decoding steps if there's only one issuer, since
+ // we don't need to compare potentially multiple available resources to
+ // select the best one, when there's only one choice anyway
+ if len(cfg.Issuers) == 1 {
+ return cfg.loadCertResource(cfg.Issuers[0], certNamesKey)
}
- certRes.CertificatePEM = certBytes
- keyBytes, err := cfg.Storage.Load(StorageKeys.SitePrivateKey(issuerKey, certNamesKey))
- if err != nil {
- return CertificateResource{}, err
+
+ type decodedCertResource struct {
+ CertificateResource
+ issuer Issuer
+ decoded *x509.Certificate
}
- certRes.PrivateKeyPEM = keyBytes
- metaBytes, err := cfg.Storage.Load(StorageKeys.SiteMeta(issuerKey, certNamesKey))
- if err != nil {
- return CertificateResource{}, err
+ var certResources []decodedCertResource
+ var lastErr error
+
+ // load and decode all certificate resources found with the
+ // configured issuers so we can sort by newest
+ for _, issuer := range cfg.Issuers {
+ certRes, err := cfg.loadCertResource(issuer, certNamesKey)
+ if err != nil {
+ if _, ok := err.(ErrNotExist); ok {
+ // not a problem, but we need to remember the error
+ // in case we end up not finding any cert resources
+ // since we'll need an error to return in that case
+ lastErr = err
+ continue
+ }
+ return CertificateResource{}, err
+ }
+ certs, err := parseCertsFromPEMBundle(certRes.CertificatePEM)
+ if err != nil {
+ return CertificateResource{}, err
+ }
+ certResources = append(certResources, decodedCertResource{
+ CertificateResource: certRes,
+ issuer: issuer,
+ decoded: certs[0],
+ })
}
- err = json.Unmarshal(metaBytes, &certRes)
- if err != nil {
- return CertificateResource{}, fmt.Errorf("decoding certificate metadata: %v", err)
+ if len(certResources) == 0 {
+ if lastErr == nil {
+ lastErr = fmt.Errorf("no certificate resources found") // just in case; e.g. no Issuers configured
+ }
+ return CertificateResource{}, lastErr
}
- // TODO: July 2020 - transition to new ACME lib and cert resource structure;
- // for a while, we will need to convert old cert resources to new structure
- certRes, err = cfg.transitionCertMetaToACMEzJuly2020Format(certRes, metaBytes)
- if err != nil {
- return certRes, fmt.Errorf("one-time certificate resource transition: %v", err)
+ // sort by date so the most recently issued comes first
+ sort.Slice(certResources, func(i, j int) bool {
+ return certResources[j].decoded.NotBefore.Before(certResources[i].decoded.NotBefore)
+ })
+
+ if cfg.Logger != nil {
+ cfg.Logger.Debug("loading managed certificate",
+ zap.String("domain", certNamesKey),
+ zap.Time("expiration", certResources[0].decoded.NotAfter),
+ zap.String("issuer_key", certResources[0].issuer.IssuerKey()),
+ zap.Any("storage", cfg.Storage),
+ )
}
- return certRes, nil
+ return certResources[0].CertificateResource, nil
}
-// TODO: this is a temporary transition helper starting July 2020.
-// It can go away when we think enough time has passed that most active assets have transitioned.
-func (cfg *Config) transitionCertMetaToACMEzJuly2020Format(certRes CertificateResource, metaBytes []byte) (CertificateResource, error) {
- data, ok := certRes.IssuerData.(map[string]interface{})
- if !ok {
- return certRes, nil
- }
- if certURL, ok := data["url"].(string); ok && certURL != "" {
- return certRes, nil
+// loadCertResource loads a certificate resource from the given issuer's storage location.
+func (cfg *Config) loadCertResource(issuer Issuer, certNamesKey string) (CertificateResource, error) {
+ var certRes CertificateResource
+ issuerKey := issuer.IssuerKey()
+
+ normalizedName, err := idna.ToASCII(certNamesKey)
+ if err != nil {
+ return certRes, fmt.Errorf("converting '%s' to ASCII: %v", certNamesKey, err)
}
- var oldCertRes struct {
- SANs []string `json:"sans"`
- IssuerData struct {
- Domain string `json:"domain"`
- CertURL string `json:"certUrl"`
- CertStableURL string `json:"certStableUrl"`
- } `json:"issuer_data"`
+ certBytes, err := cfg.Storage.Load(StorageKeys.SiteCert(issuerKey, normalizedName))
+ if err != nil {
+ return CertificateResource{}, err
}
- err := json.Unmarshal(metaBytes, &oldCertRes)
+ certRes.CertificatePEM = certBytes
+ keyBytes, err := cfg.Storage.Load(StorageKeys.SitePrivateKey(issuerKey, normalizedName))
if err != nil {
- return certRes, fmt.Errorf("decoding into old certificate resource type: %v", err)
+ return CertificateResource{}, err
}
-
- data = map[string]interface{}{
- "url": oldCertRes.IssuerData.CertURL,
+ certRes.PrivateKeyPEM = keyBytes
+ metaBytes, err := cfg.Storage.Load(StorageKeys.SiteMeta(issuerKey, normalizedName))
+ if err != nil {
+ return CertificateResource{}, err
}
- certRes.IssuerData = data
-
- err = cfg.saveCertResource(certRes)
+ err = json.Unmarshal(metaBytes, &certRes)
if err != nil {
- return certRes, fmt.Errorf("saving converted certificate resource: %v", err)
+ return CertificateResource{}, fmt.Errorf("decoding certificate metadata: %v", err)
}
return certRes, nil
err2 := json.NewDecoder(f).Decode(&meta)
f.Close()
if err2 != nil {
- return err2
+ return fmt.Errorf("decoding lockfile contents: %w", err2)
}
}
// write updated timestamp
meta.Updated = time.Now()
- return false, json.NewEncoder(f).Encode(meta)
+ if err = json.NewEncoder(f).Encode(meta); err != nil {
+ return false, err
+ }
+
+ // sync to device; we suspect that sometimes file systems
+ // (particularly AWS EFS) don't do this on their own,
+ // leaving the file empty when we close it; see
+ // https://github.com/caddyserver/caddy/issues/3954
+ return false, f.Sync()
}
// atomicallyCreateFile atomically creates the file
Created: now,
Updated: now,
}
- err := json.NewEncoder(f).Encode(meta)
- if err != nil {
+ if err := json.NewEncoder(f).Encode(meta); err != nil {
+ return err
+ }
+ // see https://github.com/caddyserver/caddy/issues/3954
+ if err := f.Sync(); err != nil {
return err
}
}
require (
github.com/klauspost/cpuid v1.2.5
- github.com/libdns/libdns v0.1.0
- github.com/mholt/acmez v0.1.1
+ github.com/libdns/libdns v0.2.0
+ github.com/mholt/acmez v0.1.3
github.com/miekg/dns v1.1.30
go.uber.org/zap v1.15.0
golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+ golang.org/x/net v0.0.0-20200707034311-ab3426394381
)
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/libdns/libdns v0.1.0 h1:0ctCOrVJsVzj53mop1angHp/pE3hmAhP7KiHvR0HD04=
-github.com/libdns/libdns v0.1.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
-github.com/mholt/acmez v0.1.1 h1:KQODCqk+hBn3O7qfCRPj6L96uG65T5BSS95FKNEqtdA=
-github.com/mholt/acmez v0.1.1/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
+github.com/libdns/libdns v0.2.0 h1:ewg3ByWrdUrxrje8ChPVMBNcotg7H9LQYg+u5De2RzI=
+github.com/libdns/libdns v0.2.0/go.mod h1:yQCXzk1lEZmmCPa857bnk4TsOiqYasqpyOEeSObbb40=
+github.com/mholt/acmez v0.1.3 h1:J7MmNIk4Qf9b8mAGqAh4XkNeowv3f1zW816yf4zt7Qk=
+github.com/mholt/acmez v0.1.3/go.mod h1:8qnn8QA/Ewx8E3ZSsmscqsIjhhpxuy9vqdgbX2ceceM=
github.com/miekg/dns v1.1.30 h1:Qww6FseFn8PRfw07jueqIXqodm0JKiiKuK0DeXSqfyo=
github.com/miekg/dns v1.1.30/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g=
golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU=
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5 h1:hKsoRgsbwY1NafxrwTs+k64bikrLBkAgPir1TNCj3Zs=
golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 h1:VvQyQJN0tSuecqgcIxMWnnfG5kSmgy9KZR9sW3W5QeA=
golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
import (
"context"
"crypto/tls"
- "encoding/json"
"fmt"
"net"
"strings"
"time"
"github.com/mholt/acmez"
- "github.com/mholt/acmez/acme"
"go.uber.org/zap"
)
// (https://tools.ietf.org/html/draft-ietf-acme-tls-alpn-05)
for _, proto := range clientHello.SupportedProtos {
if proto == acmez.ACMETLS1Protocol {
- cfg.certCache.mu.RLock()
- challengeCert, ok := cfg.certCache.cache[tlsALPNCertKeyName(clientHello.ServerName)]
- cfg.certCache.mu.RUnlock()
- if !ok {
- // see if this challenge was started in a cluster; try distributed challenge solver
- // (note that the tls.Config's ALPN settings must include the ACME TLS-ALPN challenge
- // protocol string, otherwise a valid certificate will not solve the challenge; we
- // should already have taken care of that when we made the tls.Config)
- challengeCert, ok, err := cfg.tryDistributedChallengeSolver(clientHello)
- if err != nil {
- if cfg.Logger != nil {
- cfg.Logger.Error("tls-alpn challenge",
- zap.String("server_name", clientHello.ServerName),
- zap.Error(err))
- }
- }
- if ok {
- if cfg.Logger != nil {
- cfg.Logger.Info("served key authentication certificate",
- zap.String("server_name", clientHello.ServerName),
- zap.String("challenge", "tls-alpn-01"),
- zap.String("remote", clientHello.Conn.RemoteAddr().String()),
- zap.Bool("distributed", true))
- }
- return &challengeCert.Certificate, nil
+ challengeCert, distributed, err := cfg.getTLSALPNChallengeCert(clientHello)
+ if err != nil {
+ if cfg.Logger != nil {
+ cfg.Logger.Error("tls-alpn challenge",
+ zap.String("server_name", clientHello.ServerName),
+ zap.Error(err))
}
- return nil, fmt.Errorf("no certificate to complete TLS-ALPN challenge for SNI name: %s", clientHello.ServerName)
+ return nil, err
}
if cfg.Logger != nil {
cfg.Logger.Info("served key authentication certificate",
zap.String("server_name", clientHello.ServerName),
zap.String("challenge", "tls-alpn-01"),
- zap.String("remote", clientHello.Conn.RemoteAddr().String()))
+ zap.String("remote", clientHello.Conn.RemoteAddr().String()),
+ zap.Bool("distributed", distributed))
}
- return &challengeCert.Certificate, nil
+ return challengeCert, nil
}
}
//
// This function is safe for concurrent use.
func (cfg *Config) getCertificate(hello *tls.ClientHelloInfo) (cert Certificate, matched, defaulted bool) {
- name := NormalizedName(hello.ServerName)
+ name := normalizedName(hello.ServerName)
if name == "" {
// if SNI is empty, prefer matching IP address
if hello.Conn != nil {
- addr := hello.Conn.LocalAddr().String()
- ip, _, err := net.SplitHostPort(addr)
- if err == nil {
- addr = ip
- }
+ addr := localIPFromConn(hello.Conn)
cert, matched = cfg.selectCert(hello, addr)
if matched {
return
// fall back to a "default" certificate, if specified
if cfg.DefaultServerName != "" {
- normDefault := NormalizedName(cfg.DefaultServerName)
+ normDefault := normalizedName(cfg.DefaultServerName)
cert, defaulted = cfg.selectCert(hello, normDefault)
if defaulted {
return
if cfg.OnDemand != nil && loadIfNecessary {
// Then check to see if we have one on disk
loadedCert, err := cfg.CacheManagedCertificate(name)
+ if _, ok := err.(ErrNotExist); ok {
+ // If no exact match, try a wildcard variant, which is something we can still use
+ labels := strings.Split(name, ".")
+ labels[0] = "*"
+ loadedCert, err = cfg.CacheManagedCertificate(strings.Join(labels, "."))
+ }
if err == nil {
loadedCert, err = cfg.handshakeMaintenance(hello, loadedCert)
if err != nil {
}
if obtainIfNecessary {
// By this point, we need to ask the CA for a certificate
-
- // Make sure the certificate should be obtained based on config
- err := cfg.checkIfCertShouldBeObtained(name)
- if err != nil {
- return Certificate{}, err
- }
-
- // Obtain certificate from the CA
return cfg.obtainOnDemandCertificate(hello)
}
}
name := cfg.getNameFromClientHello(hello)
+ getCertWithoutReobtaining := func() (Certificate, error) {
+ // very important to set the obtainIfNecessary argument to false, so we don't repeat this infinitely
+ return cfg.getCertDuringHandshake(hello, true, false)
+ }
+
// We must protect this process from happening concurrently, so synchronize.
obtainCertWaitChansMu.Lock()
wait, ok := obtainCertWaitChans[name]
// lucky us -- another goroutine is already obtaining the certificate.
// wait for it to finish obtaining the cert and then we'll use it.
obtainCertWaitChansMu.Unlock()
- <-wait
- return cfg.getCertDuringHandshake(hello, true, false)
+
+ // TODO: see if we can get a proper context in here, for true cancellation
+ timeout := time.NewTimer(2 * time.Minute)
+ select {
+ case <-timeout.C:
+ return Certificate{}, fmt.Errorf("timed out waiting to obtain certificate for %s", name)
+ case <-wait:
+ timeout.Stop()
+ }
+
+ return getCertWithoutReobtaining()
}
// looks like it's up to us to do all the work and obtain the cert.
obtainCertWaitChans[name] = wait
obtainCertWaitChansMu.Unlock()
- // obtain the certificate
+ unblockWaiters := func() {
+ obtainCertWaitChansMu.Lock()
+ close(wait)
+ delete(obtainCertWaitChans, name)
+ obtainCertWaitChansMu.Unlock()
+ }
+
+ // Make sure the certificate should be obtained based on config
+ err := cfg.checkIfCertShouldBeObtained(name)
+ if err != nil {
+ unblockWaiters()
+ return Certificate{}, err
+ }
+
if log != nil {
log.Info("obtaining new certificate", zap.String("server_name", name))
}
+
// TODO: use a proper context; we use one with timeout because retries are enabled because interactive is false
ctx, cancel := context.WithTimeout(context.TODO(), 90*time.Second)
defer cancel()
- err := cfg.ObtainCert(ctx, name, false)
+
+ // Obtain the certificate
+ err = cfg.ObtainCert(ctx, name, false)
// immediately unblock anyone waiting for it; doing this in
// a defer would risk deadlock because of the recursive call
// to getCertDuringHandshake below when we return!
- obtainCertWaitChansMu.Lock()
- close(wait)
- delete(obtainCertWaitChans, name)
- obtainCertWaitChansMu.Unlock()
+ unblockWaiters()
if err != nil {
// shucks; failed to solve challenge on-demand
// success; certificate was just placed on disk, so
// we need only restart serving the certificate
- return cfg.getCertDuringHandshake(hello, true, false)
+ return getCertWithoutReobtaining()
}
// handshakeMaintenance performs a check on cert for expiration and OCSP validity.
log := loggerNamed(cfg.Logger, "on_demand")
// Check cert expiration
- timeLeft := cert.Leaf.NotAfter.Sub(time.Now().UTC())
if currentlyInRenewalWindow(cert.Leaf.NotBefore, cert.Leaf.NotAfter, cfg.RenewalWindowRatio) {
- if log != nil {
- log.Info("certificate expires soon; attempting renewal",
- zap.Strings("identifiers", cert.Names),
- zap.Duration("remaining", timeLeft))
- }
return cfg.renewDynamicCertificate(hello, cert)
}
if cert.ocsp != nil {
refreshTime := cert.ocsp.ThisUpdate.Add(cert.ocsp.NextUpdate.Sub(cert.ocsp.ThisUpdate) / 2)
if time.Now().After(refreshTime) {
- _, err := stapleOCSP(cfg.Storage, &cert, nil)
+ _, err := stapleOCSP(cfg.OCSP, cfg.Storage, &cert, nil)
if err != nil {
// An error with OCSP stapling is not the end of the world, and in fact, is
// quite common considering not all certs have issuer URLs that support it.
// renewDynamicCertificate renews the certificate for name using cfg. It returns the
// certificate to use and an error, if any. name should already be lower-cased before
// calling this function. name is the name obtained directly from the handshake's
-// ClientHello.
+// ClientHello. If the certificate hasn't yet expired, currentCert will be returned
+// and the renewal will happen in the background; otherwise this blocks until the
+// certificate has been renewed, and returns the renewed certificate.
//
// This function is safe for use by multiple concurrent goroutines.
func (cfg *Config) renewDynamicCertificate(hello *tls.ClientHelloInfo, currentCert Certificate) (Certificate, error) {
log := loggerNamed(cfg.Logger, "on_demand")
name := cfg.getNameFromClientHello(hello)
+ timeLeft := time.Until(currentCert.Leaf.NotAfter)
+ getCertWithoutReobtaining := func() (Certificate, error) {
+ // very important to set the obtainIfNecessary argument to false, so we don't repeat this infinitely
+ return cfg.getCertDuringHandshake(hello, true, false)
+ }
+
+ // see if another goroutine is already working on this certificate
obtainCertWaitChansMu.Lock()
wait, ok := obtainCertWaitChans[name]
if ok {
- // lucky us -- another goroutine is already renewing the certificate.
- // wait for it to finish, then we'll use the new one.
+ // lucky us -- another goroutine is already renewing the certificate
obtainCertWaitChansMu.Unlock()
- <-wait
- return cfg.getCertDuringHandshake(hello, true, false)
+
+ if timeLeft > 0 {
+ // the current certificate hasn't expired, and another goroutine is already
+ // renewing it, so we might as well serve what we have without blocking
+ if log != nil {
+ log.Debug("certificate expires soon but is already being renewed; serving current certificate",
+ zap.Strings("identifiers", currentCert.Names),
+ zap.Duration("remaining", timeLeft))
+ }
+ return currentCert, nil
+ }
+
+ // otherwise, we'll have to wait for the renewal to finish so we don't serve
+ // an expired certificate
+
+ if log != nil {
+ log.Debug("certificate has expired, but is already being renewed; waiting for renewal to complete",
+ zap.Strings("identifiers", currentCert.Names),
+ zap.Time("expired", currentCert.Leaf.NotAfter))
+ }
+
+ // TODO: see if we can get a proper context in here, for true cancellation
+ timeout := time.NewTimer(2 * time.Minute)
+ select {
+ case <-timeout.C:
+ return Certificate{}, fmt.Errorf("timed out waiting for certificate renewal of %s", name)
+ case <-wait:
+ timeout.Stop()
+ }
+
+ return getCertWithoutReobtaining()
}
// looks like it's up to us to do all the work and renew the cert
obtainCertWaitChans[name] = wait
obtainCertWaitChansMu.Unlock()
+ unblockWaiters := func() {
+ obtainCertWaitChansMu.Lock()
+ close(wait)
+ delete(obtainCertWaitChans, name)
+ obtainCertWaitChansMu.Unlock()
+ }
+
+ if log != nil {
+ log.Info("attempting certificate renewal",
+ zap.String("server_name", name),
+ zap.Strings("identifiers", currentCert.Names),
+ zap.Time("expiration", currentCert.Leaf.NotAfter),
+ zap.Duration("remaining", timeLeft))
+ }
+
// Make sure a certificate for this name should be obtained on-demand
err := cfg.checkIfCertShouldBeObtained(name)
if err != nil {
cfg.certCache.mu.Lock()
cfg.certCache.removeCertificate(currentCert)
cfg.certCache.mu.Unlock()
+ unblockWaiters()
return Certificate{}, err
}
- // renew and reload the certificate
- if log != nil {
- log.Info("renewing certificate", zap.String("server_name", name))
- }
- // TODO: use a proper context; we use one with timeout because retries are enabled because interactive is false
- ctx, cancel := context.WithTimeout(context.TODO(), 90*time.Second)
- defer cancel()
- err = cfg.RenewCert(ctx, name, false)
- if err == nil {
- // even though the recursive nature of the dynamic cert loading
- // would just call this function anyway, we do it here to
- // make the replacement as atomic as possible.
- newCert, err := cfg.CacheManagedCertificate(name)
- if err != nil {
- if log != nil {
- log.Error("loading renewed certificate", zap.String("server_name", name), zap.Error(err))
+ // Renew and reload the certificate
+ renewAndReload := func(ctx context.Context, cancel context.CancelFunc) (Certificate, error) {
+ defer cancel()
+ err = cfg.RenewCert(ctx, name, false)
+ if err == nil {
+ // even though the recursive nature of the dynamic cert loading
+ // would just call this function anyway, we do it here to
+ // make the replacement as atomic as possible.
+ newCert, err := cfg.CacheManagedCertificate(name)
+ if err != nil {
+ if log != nil {
+ log.Error("loading renewed certificate", zap.String("server_name", name), zap.Error(err))
+ }
+ } else {
+ // replace the old certificate with the new one
+ cfg.certCache.replaceCertificate(currentCert, newCert)
}
- } else {
- // replace the old certificate with the new one
- cfg.certCache.replaceCertificate(currentCert, newCert)
}
- }
- // immediately unblock anyone waiting for it; doing this in
- // a defer would risk deadlock because of the recursive call
- // to getCertDuringHandshake below when we return!
- obtainCertWaitChansMu.Lock()
- close(wait)
- delete(obtainCertWaitChans, name)
- obtainCertWaitChansMu.Unlock()
+ // immediately unblock anyone waiting for it; doing this in
+ // a defer would risk deadlock because of the recursive call
+ // to getCertDuringHandshake below when we return!
+ unblockWaiters()
- if err != nil {
- return Certificate{}, err
+ if err != nil {
+ return Certificate{}, err
+ }
+
+ return getCertWithoutReobtaining()
}
- return cfg.getCertDuringHandshake(hello, true, false)
+ // if the certificate hasn't expired, we can serve what we have and renew in the background
+ if timeLeft > 0 {
+ // TODO: get a proper context; we use one with timeout because retries are enabled because interactive is false
+ ctx, cancel := context.WithTimeout(context.TODO(), 5*time.Minute)
+ go renewAndReload(ctx, cancel)
+ return currentCert, nil
+ }
+
+ // otherwise, we have to block while we renew an expired certificate
+ ctx, cancel := context.WithTimeout(context.TODO(), 90*time.Second)
+ return renewAndReload(ctx, cancel)
}
-// tryDistributedChallengeSolver is to be called when the clientHello pertains to
-// a TLS-ALPN challenge and a certificate is required to solve it. This method
-// checks the distributed store of challenge info files and, if a matching ServerName
-// is present, it makes a certificate to solve this challenge and returns it. For
-// this to succeed, it requires that cfg.Issuer is of type *ACMEManager.
-// A boolean true is returned if a valid certificate is returned.
-func (cfg *Config) tryDistributedChallengeSolver(clientHello *tls.ClientHelloInfo) (Certificate, bool, error) {
- am, ok := cfg.Issuer.(*ACMEManager)
- if !ok {
- return Certificate{}, false, nil
- }
- tokenKey := distributedSolver{acmeManager: am, caURL: am.CA}.challengeTokensKey(clientHello.ServerName)
- chalInfoBytes, err := cfg.Storage.Load(tokenKey)
+// getTLSALPNChallengeCert is to be called when the clientHello pertains to
+// a TLS-ALPN challenge and a certificate is required to solve it. This method gets
+// the relevant challenge info and then returns the associated certificate (if any)
+// or generates it anew if it's not available (as is the case when distributed
+// solving). True is returned if the challenge is being solved distributed (there
+// is no semantic difference with distributed solving; it is mainly for logging).
+func (cfg *Config) getTLSALPNChallengeCert(clientHello *tls.ClientHelloInfo) (*tls.Certificate, bool, error) {
+ chalData, distributed, err := cfg.getChallengeInfo(clientHello.ServerName)
if err != nil {
- if _, ok := err.(ErrNotExist); ok {
- return Certificate{}, false, nil
- }
- return Certificate{}, false, fmt.Errorf("opening distributed challenge token file %s: %v", tokenKey, err)
+ return nil, distributed, err
}
- var chalInfo acme.Challenge
- err = json.Unmarshal(chalInfoBytes, &chalInfo)
- if err != nil {
- return Certificate{}, false, fmt.Errorf("decoding challenge token file %s (corrupted?): %v", tokenKey, err)
+ // fast path: we already created the certificate (this avoids having to re-create
+ // it at every handshake that tries to verify, e.g. multi-perspective validation)
+ if chalData.data != nil {
+ return chalData.data.(*tls.Certificate), distributed, nil
}
- cert, err := acmez.TLSALPN01ChallengeCert(chalInfo)
+ // otherwise, we can re-create the solution certificate, but it takes a few cycles
+ cert, err := acmez.TLSALPN01ChallengeCert(chalData.Challenge)
if err != nil {
- return Certificate{}, false, fmt.Errorf("making TLS-ALPN challenge certificate: %v", err)
+ return nil, distributed, fmt.Errorf("making TLS-ALPN challenge certificate: %v", err)
}
if cert == nil {
- return Certificate{}, false, fmt.Errorf("got nil TLS-ALPN challenge certificate but no error")
+ return nil, distributed, fmt.Errorf("got nil TLS-ALPN challenge certificate but no error")
}
- return Certificate{Certificate: *cert}, true, nil
+ return cert, distributed, nil
}
// getNameFromClientHello returns a normalized form of hello.ServerName.
// If hello.ServerName is empty (i.e. client did not use SNI), then the
// associated connection's local address is used to extract an IP address.
func (*Config) getNameFromClientHello(hello *tls.ClientHelloInfo) string {
- name := NormalizedName(hello.ServerName)
- if name != "" || hello.Conn == nil {
+ if name := normalizedName(hello.ServerName); name != "" {
return name
}
+ return localIPFromConn(hello.Conn)
+}
- // if no SNI, try using IP address on the connection
- localAddr := hello.Conn.LocalAddr().String()
- localAddrHost, _, err := net.SplitHostPort(localAddr)
- if err == nil {
- return localAddrHost
+// localIPFromConn returns the host portion of c's local address
+// and strips the scope ID if one exists (see RFC 4007).
+func localIPFromConn(c net.Conn) string {
+ if c == nil {
+ return ""
+ }
+ localAddr := c.LocalAddr().String()
+ ip, _, err := net.SplitHostPort(localAddr)
+ if err != nil {
+ // OK; assume there was no port
+ ip = localAddr
+ }
+ // IPv6 addresses can have scope IDs, e.g. "fe80::4c3:3cff:fe4f:7e0b%eth0",
+ // but for our purposes, these are useless (unless a valid use case proves
+ // otherwise; see issue #3911)
+ if scopeIDStart := strings.Index(ip, "%"); scopeIDStart > -1 {
+ ip = ip[:scopeIDStart]
}
- return localAddr
+ return ip
}
-// NormalizedName returns a cleaned form of serverName that is
+// normalizedName returns a cleaned form of serverName that is
// used for consistency when referring to a SNI value.
-func NormalizedName(serverName string) string {
+func normalizedName(serverName string) string {
return strings.ToLower(strings.TrimSpace(serverName))
}
package certmagic
import (
- "encoding/json"
"net/http"
"strings"
if am == nil {
return false
}
-
host := hostOnly(r.Host)
-
- tokenKey := distributedSolver{acmeManager: am, caURL: am.CA}.challengeTokensKey(host)
- chalInfoBytes, err := am.config.Storage.Load(tokenKey)
- if err != nil {
- if _, ok := err.(ErrNotExist); !ok {
- if am.Logger != nil {
- am.Logger.Error("opening distributed HTTP challenge token file",
- zap.String("host", host),
- zap.Error(err))
- }
- }
- return false
- }
-
- var challenge acme.Challenge
- err = json.Unmarshal(chalInfoBytes, &challenge)
+ chalInfo, distributed, err := am.config.getChallengeInfo(host)
if err != nil {
if am.Logger != nil {
- am.Logger.Error("decoding HTTP challenge token file (corrupted?)",
+ am.Logger.Error("looking up info for HTTP challenge",
zap.String("host", host),
- zap.String("token_key", tokenKey),
zap.Error(err))
}
return false
}
-
- return am.answerHTTPChallenge(w, r, challenge)
+ return solveHTTPChallenge(am.Logger, w, r, chalInfo.Challenge, distributed)
}
-// answerHTTPChallenge solves the challenge with chalInfo.
-// Most of this code borrowed from xenolf's built-in HTTP-01
-// challenge solver in March 2018.
-func (am *ACMEManager) answerHTTPChallenge(w http.ResponseWriter, r *http.Request, challenge acme.Challenge) bool {
+// solveHTTPChallenge solves the HTTP challenge using the given challenge information.
+// If the challenge is being solved in a distributed fahsion, set distributed to true for logging purposes.
+// It returns true the properties of the request check out in relation to the HTTP challenge.
+// Most of this code borrowed from xenolf's built-in HTTP-01 challenge solver in March 2018.
+func solveHTTPChallenge(logger *zap.Logger, w http.ResponseWriter, r *http.Request, challenge acme.Challenge, distributed bool) bool {
challengeReqPath := challenge.HTTP01ResourcePath()
if r.URL.Path == challengeReqPath &&
strings.EqualFold(hostOnly(r.Host), challenge.Identifier.Value) && // mitigate DNS rebinding attacks
w.Header().Add("Content-Type", "text/plain")
w.Write([]byte(challenge.KeyAuthorization))
r.Close = true
- if am.Logger != nil {
- am.Logger.Info("served key authentication",
+ if logger != nil {
+ logger.Info("served key authentication",
zap.String("identifier", challenge.Identifier.Value),
zap.String("challenge", "http-01"),
- zap.String("remote", r.RemoteAddr))
+ zap.String("remote", r.RemoteAddr),
+ zap.Bool("distributed", distributed))
}
return true
}
return false
}
+// SolveHTTPChallenge solves the HTTP challenge. It should be used only on HTTP requests that are
+// from ACME servers trying to validate an identifier (i.e. LooksLikeHTTPChallenge() == true). It
+// returns true if the request criteria check out and it answered with key authentication, in which
+// case no further handling of the request is necessary.
+func SolveHTTPChallenge(logger *zap.Logger, w http.ResponseWriter, r *http.Request, challenge acme.Challenge) bool {
+ return solveHTTPChallenge(logger, w, r, challenge, false)
+}
+
// LooksLikeHTTPChallenge returns true if r looks like an ACME
// HTTP challenge request from an ACME server.
func LooksLikeHTTPChallenge(r *http.Request) bool {
}
continue
}
+ if cfg.OnDemand != nil {
+ continue
+ }
// if time is up or expires soon, we need to try to renew it
if cert.NeedsRenewal(cfg) {
continue
}
- ocspResp, err := stapleOCSP(cfg.Storage, &cert, nil)
- if err != nil {
+ ocspResp, err := stapleOCSP(cfg.OCSP, cfg.Storage, &cert, nil)
+ if err != nil || ocspResp == nil {
if cert.ocsp != nil {
// if there was no staple before, that's fine; otherwise we should log the error
if log != nil {
// If you don't have the PEM blocks already, just pass in nil.
//
// Errors here are not necessarily fatal, it could just be that the
-// certificate doesn't have an issuer URL.
+// certificate doesn't have an issuer URL. This function may return
+// both nil values if OCSP stapling is disabled according to ocspConfig.
//
// If a status was received, it returns that status. Note that the
// returned status is not always stapled to the certificate.
-func stapleOCSP(storage Storage, cert *Certificate, pemBundle []byte) (*ocsp.Response, error) {
+func stapleOCSP(ocspConfig OCSPConfig, storage Storage, cert *Certificate, pemBundle []byte) (*ocsp.Response, error) {
+ if ocspConfig.DisableStapling {
+ return nil, nil
+ }
+
if pemBundle == nil {
// we need a PEM encoding only for some function calls below
bundle := new(bytes.Buffer)
// If we couldn't get a fresh staple by reading the cache,
// then we need to request it from the OCSP responder
if ocspResp == nil || len(ocspBytes) == 0 {
- ocspBytes, ocspResp, ocspErr = getOCSPForCert(pemBundle)
+ ocspBytes, ocspResp, ocspErr = getOCSPForCert(ocspConfig, pemBundle)
if ocspErr != nil {
// An error here is not a problem because a certificate may simply
// not contain a link to an OCSP server. But we should log it anyway.
// values are nil, the OCSP status may be assumed OCSPUnknown.
//
// Borrowed from xenolf.
-func getOCSPForCert(bundle []byte) ([]byte, *ocsp.Response, error) {
+func getOCSPForCert(ocspConfig OCSPConfig, bundle []byte) ([]byte, *ocsp.Response, error) {
// TODO: Perhaps this should be synchronized too, with a Locker?
certificates, err := parseCertsFromPEMBundle(bundle)
if len(issuedCert.OCSPServer) == 0 {
return nil, nil, fmt.Errorf("no OCSP server specified in certificate")
}
+
+ // apply override for responder URL
+ respURL := issuedCert.OCSPServer[0]
+ if len(ocspConfig.ResponderOverrides) > 0 {
+ if override, ok := ocspConfig.ResponderOverrides[respURL]; ok {
+ respURL = override
+ }
+ }
+ if respURL == "" {
+ return nil, nil, fmt.Errorf("override disables querying OCSP responder: %v", issuedCert.OCSPServer[0])
+ }
+
if len(certificates) == 1 {
if len(issuedCert.IssuingCertificateURL) == 0 {
return nil, nil, fmt.Errorf("no URL to issuing certificate")
}
reader := bytes.NewReader(ocspReq)
- req, err := http.Post(issuedCert.OCSPServer[0], "application/ocsp-request", reader)
+ req, err := http.Post(respURL, "application/ocsp-request", reader)
if err != nil {
return nil, nil, fmt.Errorf("making OCSP request: %v", err)
}
// Present adds the certificate to the certificate cache and, if
// needed, starts a TLS server for answering TLS-ALPN challenges.
func (s *tlsALPNSolver) Present(ctx context.Context, chal acme.Challenge) error {
- // load the certificate into the cache; this isn't strictly necessary
- // if we're using the distributed solver since our GetCertificate
- // function will check storage for the keyAuth anyway, but it seems
- // like loading it into the cache is the right thing to do
+ // we pre-generate the certificate for efficiency with multi-perspective
+ // validation, so it only has to be done once (at least, by this instance;
+ // distributed solving does not have that luxury, oh well) - update the
+ // challenge data in memory to be the generated certificate
cert, err := acmez.TLSALPN01ChallengeCert(chal)
if err != nil {
return err
}
- certHash := hashCertificateChain(cert.Certificate)
- s.config.certCache.mu.Lock()
- s.config.certCache.cache[tlsALPNCertKeyName(chal.Identifier.Value)] = Certificate{
- Certificate: *cert,
- Names: []string{chal.Identifier.Value},
- hash: certHash, // perhaps not necesssary
- }
- s.config.certCache.mu.Unlock()
+ activeChallengesMu.Lock()
+ chalData := activeChallenges[chal.Identifier.Value]
+ chalData.data = cert
+ activeChallenges[chal.Identifier.Value] = chalData
+ activeChallengesMu.Unlock()
// the rest of this function increments the
// challenge count for the solver at this
dnsName := challenge.DNS01TXTRecordName()
keyAuth := challenge.DNS01KeyAuthorization()
- rec := libdns.Record{
- Type: "TXT",
- Name: dnsName,
- Value: keyAuth,
- TTL: s.TTL,
- }
-
// multiple identifiers can have the same ACME challenge
// domain (e.g. example.com and *.example.com) so we need
// to ensure that we don't solve those concurrently and
return fmt.Errorf("could not determine zone for domain %q: %v", dnsName, err)
}
+ rec := libdns.Record{
+ Type: "TXT",
+ Name: libdns.RelativeName(dnsName+".", zone),
+ Value: keyAuth,
+ TTL: s.TTL,
+ }
+
results, err := s.DNSProvider.AppendRecords(ctx, zone, []libdns.Record{rec})
if err != nil {
return fmt.Errorf("adding temporary record for zone %s: %w", zone, err)
// sharing sync and storage, and using the facilities provided by
// this package for solving the challenges.
type distributedSolver struct {
- // The config with a certificate cache
- // with a reference to the storage to
- // use which is shared among all the
- // instances in the cluster - REQUIRED.
- acmeManager *ACMEManager
+ // The storage backing the distributed solver. It must be
+ // the same storage configuration as what is solving the
+ // challenge in order to be effective.
+ storage Storage
+
+ // The storage key prefix, associated with the issuer
+ // that is solving the challenge.
+ storageKeyIssuerPrefix string
// Since the distributedSolver is only a
// wrapper over an actual solver, place
// the actual solver here.
solver acmez.Solver
-
- // The CA endpoint URL associated with
- // this solver.
- caURL string
}
// Present invokes the underlying solver's Present method
return err
}
- err = dhs.acmeManager.config.Storage.Store(dhs.challengeTokensKey(chal.Identifier.Value), infoBytes)
+ err = dhs.storage.Store(dhs.challengeTokensKey(chal.Identifier.Value), infoBytes)
if err != nil {
return err
}
return nil
}
+// Wait wraps the underlying solver's Wait() method, if any. Implements acmez.Waiter.
+func (dhs distributedSolver) Wait(ctx context.Context, challenge acme.Challenge) error {
+ if waiter, ok := dhs.solver.(acmez.Waiter); ok {
+ return waiter.Wait(ctx, challenge)
+ }
+ return nil
+}
+
// CleanUp invokes the underlying solver's CleanUp method
// and also cleans up any assets saved to storage.
func (dhs distributedSolver) CleanUp(ctx context.Context, chal acme.Challenge) error {
- err := dhs.acmeManager.config.Storage.Delete(dhs.challengeTokensKey(chal.Identifier.Value))
+ err := dhs.storage.Delete(dhs.challengeTokensKey(chal.Identifier.Value))
if err != nil {
return err
}
// challengeTokensPrefix returns the key prefix for challenge info.
func (dhs distributedSolver) challengeTokensPrefix() string {
- return path.Join(dhs.acmeManager.storageKeyCAPrefix(dhs.caURL), "challenge_tokens")
+ return path.Join(dhs.storageKeyIssuerPrefix, "challenge_tokens")
}
// challengeTokensKey returns the key to use to store and access
return err
}
+// GetACMEChallenge returns an active ACME challenge for the given identifier,
+// or false if no active challenge for that identifier is known.
+func GetACMEChallenge(identifier string) (Challenge, bool) {
+ activeChallengesMu.Lock()
+ chalData, ok := activeChallenges[identifier]
+ activeChallengesMu.Unlock()
+ return chalData, ok
+}
+
// The active challenge solvers, keyed by listener address,
// and protected by a mutex. Note that the creation of
// solver listeners and the incrementing of their counts
solversMu sync.Mutex
)
+// activeChallenges holds information about all known, currently-active
+// ACME challenges, keyed by identifier. CertMagic guarantees that
+// challenges for the same identifier do not overlap, by its locking
+// mechanisms; thus if a challenge comes in for a certain identifier,
+// we can be confident that if this process initiated the challenge,
+// the correct information to solve it is in this map. (It may have
+// alternatively been initiated by another instance in a cluster, in
+// which case the distributed solver will take care of that.)
+var (
+ activeChallenges = make(map[string]Challenge)
+ activeChallengesMu sync.Mutex
+)
+
+// Challenge is an ACME challenge, but optionally paired with
+// data that can make it easier or more efficient to solve.
+type Challenge struct {
+ acme.Challenge
+ data interface{}
+}
+
+// solverWrapper should be used to wrap all challenge solvers so that
+// we can add the challenge info to memory; this makes challenges globally
+// solvable by a single HTTP or TLS server even if multiple servers with
+// different configurations/scopes need to get certificates.
+type solverWrapper struct{ acmez.Solver }
+
+func (sw solverWrapper) Present(ctx context.Context, chal acme.Challenge) error {
+ activeChallengesMu.Lock()
+ activeChallenges[chal.Identifier.Value] = Challenge{Challenge: chal}
+ activeChallengesMu.Unlock()
+ return sw.Solver.Present(ctx, chal)
+}
+
+func (sw solverWrapper) Wait(ctx context.Context, chal acme.Challenge) error {
+ if waiter, ok := sw.Solver.(acmez.Waiter); ok {
+ return waiter.Wait(ctx, chal)
+ }
+ return nil
+}
+
+func (sw solverWrapper) CleanUp(ctx context.Context, chal acme.Challenge) error {
+ activeChallengesMu.Lock()
+ delete(activeChallenges, chal.Identifier.Value)
+ activeChallengesMu.Unlock()
+ return sw.Solver.CleanUp(ctx, chal)
+}
+
// Interface guards
var (
- _ acmez.Solver = (*DNS01Solver)(nil)
- _ acmez.Waiter = (*DNS01Solver)(nil)
+ _ acmez.Solver = (*solverWrapper)(nil)
+ _ acmez.Waiter = (*solverWrapper)(nil)
+ _ acmez.Waiter = (*distributedSolver)(nil)
)
import (
"context"
- "log"
"path"
"regexp"
"strings"
"sync"
"time"
+
+ "go.uber.org/zap"
)
// Storage is a type that implements a key-value store.
// this does not cancel the operations that
// the locks are synchronizing, this should be
// called only immediately before process exit.
-func CleanUpOwnLocks() {
+// Errors are only reported if a logger is given.
+func CleanUpOwnLocks(logger *zap.Logger) {
locksMu.Lock()
defer locksMu.Unlock()
for lockKey, storage := range locks {
err := storage.Unlock(lockKey)
if err == nil {
delete(locks, lockKey)
- } else {
- log.Printf("[ERROR] Unable to clean up lock: %v (lock=%s storage=%s)",
- err, lockKey, storage)
+ } else if logger != nil {
+ logger.Error("unable to clean up lock in storage backend",
+ zap.Any("storage", storage),
+ zap.String("lock_key", lockKey),
+ zap.Error(err),
+ )
}
}
}
// ErrNotExist is returned by Storage implementations when
// a resource is not found. It is similar to os.IsNotExist
// except this is a type, not a variable.
+// TODO: use new Go error wrapping conventions
type ErrNotExist interface {
error
}
# Makefile for releasing.
#
# The release is controlled from version.go. The version found there is
-# used to tag the git repo, we're not building any artifects so there is nothing
+# used to tag the git repo, we're not building any artifacts so there is nothing
# to upload to github.
#
# * Up the version in version.go
func ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, err error) {
client := Client{Net: "udp"}
r, _, err = client.ExchangeContext(ctx, m, a)
- // ignorint rtt to leave the original ExchangeContext API unchanged, but
+ // ignoring rtt to leave the original ExchangeContext API unchanged, but
// this function will go away
return r, err
}
// Add it, in reverse, to the buffer
for i := len(ip) - 1; i >= 0; i-- {
v := ip[i]
- buf = append(buf, hexDigit[v&0xF])
- buf = append(buf, '.')
- buf = append(buf, hexDigit[v>>4])
- buf = append(buf, '.')
+ buf = append(buf, hexDigit[v&0xF], '.', hexDigit[v>>4], '.')
}
// Append "ip6.arpa." and return (buf already has the final .)
buf = append(buf, "ip6.arpa."...)
"bytes"
"crypto"
"crypto/ecdsa"
+ "crypto/ed25519"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"sort"
"strings"
"time"
-
- "golang.org/x/crypto/ed25519"
)
// DNSSEC encryption algorithm codes.
return ti <= utc && utc <= te
}
-// Return the signatures base64 encodedig sigdata as a byte slice.
+// Return the signatures base64 encoding sigdata as a byte slice.
func (rr *RRSIG) sigBuf() []byte {
sigbuf, err := fromBase64([]byte(rr.Signature))
if err != nil {
import (
"crypto"
"crypto/ecdsa"
+ "crypto/ed25519"
"crypto/elliptic"
"crypto/rand"
"crypto/rsa"
"math/big"
-
- "golang.org/x/crypto/ed25519"
)
// Generate generates a DNSKEY of the given bit size.
"bufio"
"crypto"
"crypto/ecdsa"
+ "crypto/ed25519"
"crypto/rsa"
"io"
"math/big"
"strconv"
"strings"
-
- "golang.org/x/crypto/ed25519"
)
// NewPrivateKey returns a PrivateKey by parsing the string s.
import (
"crypto"
"crypto/ecdsa"
+ "crypto/ed25519"
"crypto/rsa"
"math/big"
"strconv"
-
- "golang.org/x/crypto/ed25519"
)
const format = "Private-key-format: v1.3\n"
}
func (e *EDNS0_N3U) copy() EDNS0 { return &EDNS0_N3U{e.Code, e.AlgCode} }
-// EDNS0_EXPIRE implementes the EDNS0 option as described in RFC 7314.
+// EDNS0_EXPIRE implements the EDNS0 option as described in RFC 7314.
type EDNS0_EXPIRE struct {
Code uint16 // Always EDNS0EXPIRE
Expire uint32
module github.com/miekg/dns
-go 1.12
+go 1.13
require (
- golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
- golang.org/x/net v0.0.0-20190923162816-aa69164e4478
- golang.org/x/sync v0.0.0-20190423024810-112230192c58
- golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe
- golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 // indirect
+ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
+ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+ golang.org/x/sys v0.0.0-20210303074136-134d130e1a04
)
-golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4 h1:Vk3wNqEZwyGyei9yq5ekj7frek2u7HUfffJ1/opblzc=
-golang.org/x/crypto v0.0.0-20181001203147-e3636079e1a4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472 h1:Gv7RPwsi3eZ2Fgewe3CBsuOebPwO27PoXzRpJPsvSSM=
-golang.org/x/crypto v0.0.0-20190829043050-9756ffdc2472/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392 h1:ACG4HJsFiNMf47Y4PeRoebLNy/2lXT9EtprMuTFWt1M=
-golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3 h1:dgd4x4kJt7G4k4m93AYLzM8Ni6h2qLTfh9n9vXJT3/0=
-golang.org/x/net v0.0.0-20180926154720-4dfa2610cdf3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297 h1:k7pJ2yAPLPgbskkFdhRCsA77k2fySZ1zf2zCjvQCiIM=
-golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g=
-golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611 h1:O33LKL7WyJgjN9CvxfTIomjIClbd/Kq86/iipowHQU0=
-golang.org/x/sys v0.0.0-20180928133829-e4b3c5e90611/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd h1:DBH9mDw0zluJT/R+nGuV3jWFWLFaHyYZWD4tOT+cjn0=
-golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
-golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04 h1:cEhElsAv9LUt9ZUUocxzWe05oFLVd+AA2nstydTeI8g=
+golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216052735-49a3e744a425 h1:VvQyQJN0tSuecqgcIxMWnnfG5kSmgy9KZR9sW3W5QeA=
-golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
// escaped dots (\.) for instance.
// s must be a syntactically valid domain name, see IsDomainName.
func SplitDomainName(s string) (labels []string) {
- if len(s) == 0 {
+ if s == "" {
return nil
}
fqdnEnd := 0 // offset of the final '.' or the length of the name
}
// Set extended rcode unconditionally if we have an opt, this will allow
- // reseting the extended rcode bits if they need to.
+ // resetting the extended rcode bits if they need to.
if opt := dns.IsEdns0(); opt != nil {
opt.SetExtendedRcode(uint16(dns.Rcode))
} else if dns.Rcode > 0xF {
// RFC 6895. This allows one to experiment with new RR types, without requesting an
// official type code. Also see dns.PrivateHandle and dns.PrivateHandleRemove.
type PrivateRdata interface {
- // String returns the text presentaton of the Rdata of the Private RR.
+ // String returns the text presentation of the Rdata of the Private RR.
String() string
// Parse parses the Rdata of the private RR.
Parse([]string) error
// 'nn.1' must be treated as 'nn-meters and 10cm, not 1cm.
cmeters *= 10
}
- if len(s[0]) == 0 {
+ if s[0] == "" {
// This will allow omitting the 'meter' part, like .01 (meaning 0.01m = 1cm).
break
}
if len(l.token) < 19 {
return 0, &ParseError{l.token, "bad NID/L64 NodeID/Locator64", l}
}
- // There must be three colons at fixes postitions, if not its a parse error
+ // There must be three colons at fixes positions, if not its a parse error
if l.token[4] != ':' && l.token[9] != ':' && l.token[14] != ':' {
return 0, &ParseError{l.token, "bad NID/L64 NodeID/Locator64", l}
}
c.Next() // zBlank
l, _ = c.Next()
- if i, err := strconv.ParseFloat(l.token, 32); err != nil || l.err || i < 0 || i >= 60 {
+ if i, err := strconv.ParseFloat(l.token, 64); err != nil || l.err || i < 0 || i >= 60 {
return &ParseError{"", "bad LOC Latitude seconds", l}
} else {
rr.Latitude += uint32(1000 * i)
}
c.Next() // zBlank
l, _ = c.Next()
- if i, err := strconv.ParseFloat(l.token, 32); err != nil || l.err || i < 0 || i >= 60 {
+ if i, err := strconv.ParseFloat(l.token, 64); err != nil || l.err || i < 0 || i >= 60 {
return &ParseError{"", "bad LOC Longitude seconds", l}
} else {
rr.Longitude += uint32(1000 * i)
Altitude:
c.Next() // zBlank
l, _ = c.Next()
- if len(l.token) == 0 || l.err {
+ if l.token == "" || l.err {
return &ParseError{"", "bad LOC Altitude", l}
}
if l.token[len(l.token)-1] == 'M' || l.token[len(l.token)-1] == 'm' {
c.Next() // zBlank
l, _ = c.Next() // zString
- if len(l.token) == 0 || l.err {
+ if l.token == "" || l.err {
return &ParseError{"", "bad HIP Hit", l}
}
rr.Hit = l.token // This can not contain spaces, see RFC 5205 Section 6.
c.Next() // zBlank
l, _ = c.Next() // zString
- if len(l.token) == 0 || l.err {
+ if l.token == "" || l.err {
return &ParseError{"", "bad HIP PublicKey", l}
}
rr.PublicKey = l.token // This cannot contain spaces
return nil
}
+func (rr *ZONEMD) parse(c *zlexer, o string) *ParseError {
+ l, _ := c.Next()
+ i, e := strconv.ParseUint(l.token, 10, 32)
+ if e != nil || l.err {
+ return &ParseError{"", "bad ZONEMD Serial", l}
+ }
+ rr.Serial = uint32(i)
+
+ c.Next() // zBlank
+ l, _ = c.Next()
+ i, e1 := strconv.ParseUint(l.token, 10, 8)
+ if e1 != nil || l.err {
+ return &ParseError{"", "bad ZONEMD Scheme", l}
+ }
+ rr.Scheme = uint8(i)
+
+ c.Next() // zBlank
+ l, _ = c.Next()
+ i, err := strconv.ParseUint(l.token, 10, 8)
+ if err != nil || l.err {
+ return &ParseError{"", "bad ZONEMD Hash Algorithm", l}
+ }
+ rr.Hash = uint8(i)
+
+ s, e2 := endingToString(c, "bad ZONEMD Digest")
+ if e2 != nil {
+ return e2
+ }
+ rr.Digest = s
+ return nil
+}
+
func (rr *SIG) parse(c *zlexer, o string) *ParseError { return rr.RRSIG.parse(c, o) }
func (rr *RRSIG) parse(c *zlexer, o string) *ParseError {
rr.Iterations = uint16(i)
c.Next()
l, _ = c.Next()
- if len(l.token) == 0 || l.err {
+ if l.token == "" || l.err {
return &ParseError{"", "bad NSEC3 Salt", l}
}
if l.token != "-" {
c.Next()
l, _ = c.Next()
- if len(l.token) == 0 || l.err {
+ if l.token == "" || l.err {
return &ParseError{"", "bad NSEC3 NextDomain", l}
}
rr.HashLength = 20 // Fix for NSEC3 (sha1 160 bits)
if k == nil {
return nil, ErrPrivKey
}
- if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 {
+ if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 {
return nil, ErrKey
}
if k == nil {
return ErrKey
}
- if rr.KeyTag == 0 || len(rr.SignerName) == 0 || rr.Algorithm == 0 {
+ if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 {
return ErrKey
}
// Liberally estimate the size of an alpn as 10 octets
b := make([]byte, 0, 10*len(s.Alpn))
for _, e := range s.Alpn {
- if len(e) == 0 {
+ if e == "" {
return nil, errors.New("dns: svcbalpn: empty alpn-id")
}
if len(e) > 255 {
}
func (*SVCBNoDefaultAlpn) parse(b string) error {
- if len(b) != 0 {
+ if b != "" {
return errors.New("dns: svcbnodefaultalpn: no_default_alpn must have no value")
}
return nil
TypeCDNSKEY uint16 = 60
TypeOPENPGPKEY uint16 = 61
TypeCSYNC uint16 = 62
+ TypeZONEMD uint16 = 63
TypeSVCB uint16 = 64
TypeHTTPS uint16 = 65
TypeSPF uint16 = 99
OpcodeUpdate = 5
)
+// Used in ZONEMD https://tools.ietf.org/html/rfc8976
+
+const (
+ // ZoneMD Accepted Schemes
+ ZoneMDSchemeSimple = 1
+
+ // ZoneMD Hash Algorithms
+ ZoneMDHashAlgSHA384 = 1
+ ZoneMDHashAlgSHA512 = 2
+)
+
// Header is the wire format for the DNS packet header.
type Header struct {
Id uint16
return l
}
+// ZONEMD RR, from draft-ietf-dnsop-dns-zone-digest
+type ZONEMD struct {
+ Hdr RR_Header
+ Serial uint32
+ Scheme uint8
+ Hash uint8
+ Digest string `dns:"hex"`
+}
+
+func (rr *ZONEMD) String() string {
+ return rr.Hdr.String() +
+ strconv.Itoa(int(rr.Serial)) +
+ " " + strconv.Itoa(int(rr.Scheme)) +
+ " " + strconv.Itoa(int(rr.Hash)) +
+ " " + rr.Digest
+}
+
// APL RR. See RFC 3123.
type APL struct {
Hdr RR_Header
// saltToString converts a NSECX salt to uppercase and returns "-" when it is empty.
func saltToString(s string) string {
- if len(s) == 0 {
+ if s == "" {
return "-"
}
return strings.ToUpper(s)
import "fmt"
// Version is current version of this library.
-var Version = v{1, 1, 40}
+var Version = v{1, 1, 41}
// v holds the version of this library.
type v struct {
}
return true
}
+
+func (r1 *ZONEMD) isDuplicate(_r2 RR) bool {
+ r2, ok := _r2.(*ZONEMD)
+ if !ok {
+ return false
+ }
+ _ = r2
+ if r1.Serial != r2.Serial {
+ return false
+ }
+ if r1.Scheme != r2.Scheme {
+ return false
+ }
+ if r1.Hash != r2.Hash {
+ return false
+ }
+ if r1.Digest != r2.Digest {
+ return false
+ }
+ return true
+}
return off, nil
}
+func (rr *ZONEMD) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
+ off, err = packUint32(rr.Serial, msg, off)
+ if err != nil {
+ return off, err
+ }
+ off, err = packUint8(rr.Scheme, msg, off)
+ if err != nil {
+ return off, err
+ }
+ off, err = packUint8(rr.Hash, msg, off)
+ if err != nil {
+ return off, err
+ }
+ off, err = packStringHex(rr.Digest, msg, off)
+ if err != nil {
+ return off, err
+ }
+ return off, nil
+}
+
// unpack*() functions
func (rr *A) unpack(msg []byte, off int) (off1 int, err error) {
}
return off, nil
}
+
+func (rr *ZONEMD) unpack(msg []byte, off int) (off1 int, err error) {
+ rdStart := off
+ _ = rdStart
+
+ rr.Serial, off, err = unpackUint32(msg, off)
+ if err != nil {
+ return off, err
+ }
+ if off == len(msg) {
+ return off, nil
+ }
+ rr.Scheme, off, err = unpackUint8(msg, off)
+ if err != nil {
+ return off, err
+ }
+ if off == len(msg) {
+ return off, nil
+ }
+ rr.Hash, off, err = unpackUint8(msg, off)
+ if err != nil {
+ return off, err
+ }
+ if off == len(msg) {
+ return off, nil
+ }
+ rr.Digest, off, err = unpackStringHex(msg, off, rdStart+int(rr.Hdr.Rdlength))
+ if err != nil {
+ return off, err
+ }
+ return off, nil
+}
TypeUINFO: func() RR { return new(UINFO) },
TypeURI: func() RR { return new(URI) },
TypeX25: func() RR { return new(X25) },
+ TypeZONEMD: func() RR { return new(ZONEMD) },
}
// TypeToString is a map of strings for each RR type.
TypeUNSPEC: "UNSPEC",
TypeURI: "URI",
TypeX25: "X25",
+ TypeZONEMD: "ZONEMD",
TypeNSAPPTR: "NSAP-PTR",
}
func (rr *UINFO) Header() *RR_Header { return &rr.Hdr }
func (rr *URI) Header() *RR_Header { return &rr.Hdr }
func (rr *X25) Header() *RR_Header { return &rr.Hdr }
+func (rr *ZONEMD) Header() *RR_Header { return &rr.Hdr }
// len() functions
func (rr *A) len(off int, compression map[string]struct{}) int {
l += len(rr.PSDNAddress) + 1
return l
}
+func (rr *ZONEMD) len(off int, compression map[string]struct{}) int {
+ l := rr.Hdr.len(off, compression)
+ l += 4 // Serial
+ l++ // Scheme
+ l++ // Hash
+ l += len(rr.Digest) / 2
+ return l
+}
// copy() functions
func (rr *A) copy() RR {
func (rr *X25) copy() RR {
return &X25{rr.Hdr, rr.PSDNAddress}
}
+func (rr *ZONEMD) copy() RR {
+ return &ZONEMD{rr.Hdr, rr.Serial, rr.Scheme, rr.Hash, rr.Digest}
+}
BGE loop
bytes_between_0_and_15:
- CMP $0, R5
+ CMP R5, $0
BEQ done
MOVD $0, R16 // h0
MOVD $0, R17 // h1
// Exactly 8
MOVD (R4), R16
- CMP $0, R17
+ CMP R17, $0
// Check if we've already set R17; if not
// set 1 to indicate end of msg.
ADD $2, R4
less2:
- CMP $0, R5
+ CMP R5, $0
BEQ insert1
MOVBZ (R4), R21
SLD R22, R21, R21
carry:
// Add new values to h0, h1, h2
- ADDC R16, R8
- ADDE R17, R9
- ADDE $0, R10
- MOVD $16, R5
- ADD R5, R4
- BR multiply
+ ADDC R16, R8
+ ADDE R17, R9
+ ADDZE R10, R10
+ MOVD $16, R5
+ ADD R5, R4
+ BR multiply
done:
// Save h0, h1, h2 in state
import (
"crypto/sha256"
+ "encoding/binary"
"errors"
"math/bits"
func smix(b []byte, r, N int, v, xy []uint32) {
var tmp [16]uint32
+ R := 32 * r
x := xy
- y := xy[32*r:]
+ y := xy[R:]
j := 0
- for i := 0; i < 32*r; i++ {
- x[i] = uint32(b[j]) | uint32(b[j+1])<<8 | uint32(b[j+2])<<16 | uint32(b[j+3])<<24
+ for i := 0; i < R; i++ {
+ x[i] = binary.LittleEndian.Uint32(b[j:])
j += 4
}
for i := 0; i < N; i += 2 {
- blockCopy(v[i*(32*r):], x, 32*r)
+ blockCopy(v[i*R:], x, R)
blockMix(&tmp, x, y, r)
- blockCopy(v[(i+1)*(32*r):], y, 32*r)
+ blockCopy(v[(i+1)*R:], y, R)
blockMix(&tmp, y, x, r)
}
for i := 0; i < N; i += 2 {
j := int(integer(x, r) & uint64(N-1))
- blockXOR(x, v[j*(32*r):], 32*r)
+ blockXOR(x, v[j*R:], R)
blockMix(&tmp, x, y, r)
j = int(integer(y, r) & uint64(N-1))
- blockXOR(y, v[j*(32*r):], 32*r)
+ blockXOR(y, v[j*R:], R)
blockMix(&tmp, y, x, r)
}
j = 0
- for _, v := range x[:32*r] {
- b[j+0] = byte(v >> 0)
- b[j+1] = byte(v >> 8)
- b[j+2] = byte(v >> 16)
- b[j+3] = byte(v >> 24)
+ for _, v := range x[:R] {
+ binary.LittleEndian.PutUint32(b[j:], v)
j += 4
}
}
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
package socket
sysAF_INET6 = unix.AF_INET6
sysSOCK_RAW = unix.SOCK_RAW
+
+ sizeofSockaddrInet4 = unix.SizeofSockaddrInet4
+ sizeofSockaddrInet6 = unix.SizeofSockaddrInet6
)
+++ /dev/null
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build zos
-// +build zos
-
-package socket
-
-import "syscall"
-
-const (
- sysAF_UNSPEC = syscall.AF_UNSPEC
- sysAF_INET = syscall.AF_INET
- sysAF_INET6 = syscall.AF_INET6
-
- sysSOCK_RAW = syscall.SOCK_RAW
-)
func marshalSockaddr(ip net.IP, port int, zone string) []byte {
if ip4 := ip.To4(); ip4 != nil {
- b := make([]byte, sizeofSockaddrInet)
+ b := make([]byte, sizeofSockaddrInet4)
switch runtime.GOOS {
case "android", "illumos", "linux", "solaris", "windows":
NativeEndian.PutUint16(b[:2], uint16(sysAF_INET))
default:
- b[0] = sizeofSockaddrInet
+ b[0] = sizeofSockaddrInet4
b[1] = sysAF_INET
}
binary.BigEndian.PutUint16(b[2:4], uint16(port))
var ip net.IP
var zone string
if af == sysAF_INET {
- if len(b) < sizeofSockaddrInet {
+ if len(b) < sizeofSockaddrInet4 {
return nil, errors.New("short address")
}
ip = make(net.IP, net.IPv4len)
sysAF_INET6 = 0xa
sysSOCK_RAW = 0x3
+
+ sizeofSockaddrInet4 = 0x10
+ sizeofSockaddrInet6 = 0x1c
)
func marshalInetAddr(ip net.IP, port int, zone string) []byte {
sysAF_INET6 = windows.AF_INET6
sysSOCK_RAW = windows.SOCK_RAW
-)
-
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]uint8
-}
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
-const (
- sizeofSockaddrInet = 0x10
+ sizeofSockaddrInet4 = 0x10
sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]uint8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x38
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x38
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x38
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x38
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x38
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x38
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x38
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- X__pad [8]uint8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x38
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x8
sizeofMsghdr = 0x1c
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Len uint8
- Family uint8
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Len uint8
- Family uint8
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x1c
)
Type int32
}
-type sockaddrInet struct {
- Family uint16
- Port uint16
- Addr [4]byte /* in_addr */
- Zero [8]int8
-}
-
-type sockaddrInet6 struct {
- Family uint16
- Port uint16
- Flowinfo uint32
- Addr [16]byte /* in6_addr */
- Scope_id uint32
- X__sin6_src_id uint32
-}
-
const (
sizeofIovec = 0x10
sizeofMsghdr = 0x30
-
- sizeofSockaddrInet = 0x10
- sizeofSockaddrInet6 = 0x20
)
Type int32
}
-const (
- sizeofCmsghdr = 12
- sizeofSockaddrInet = 16
- sizeofSockaddrInet6 = 28
-)
+const sizeofCmsghdr = 12
"golang.org/x/net/internal/iana"
"golang.org/x/net/internal/socket"
+
+ "golang.org/x/sys/unix"
)
func marshalDst(b []byte, cm *ControlMessage) []byte {
m := socket.ControlMessage(b)
- m.MarshalHeader(iana.ProtocolIP, sysIP_RECVDSTADDR, net.IPv4len)
+ m.MarshalHeader(iana.ProtocolIP, unix.IP_RECVDSTADDR, net.IPv4len)
return m.Next(net.IPv4len)
}
func marshalInterface(b []byte, cm *ControlMessage) []byte {
m := socket.ControlMessage(b)
- m.MarshalHeader(iana.ProtocolIP, sysIP_RECVIF, syscall.SizeofSockaddrDatalink)
+ m.MarshalHeader(iana.ProtocolIP, sockoptReceiveInterface, syscall.SizeofSockaddrDatalink)
return m.Next(syscall.SizeofSockaddrDatalink)
}
"golang.org/x/net/internal/iana"
"golang.org/x/net/internal/socket"
+
+ "golang.org/x/sys/unix"
)
func setControlMessage(c *socket.Conn, opt *rawOpt, cf ControlFlags, on bool) error {
func marshalTTL(b []byte, cm *ControlMessage) []byte {
m := socket.ControlMessage(b)
- m.MarshalHeader(iana.ProtocolIP, sysIP_RECVTTL, 1)
+ m.MarshalHeader(iana.ProtocolIP, unix.IP_RECVTTL, 1)
return m.Next(1)
}
"golang.org/x/sys/unix"
)
+// IP_RECVIF is defined on AIX but doesn't work. IP_RECVINTERFACE must be used instead.
+const sockoptReceiveInterface = unix.IP_RECVINTERFACE
+
var (
ctlOpts = [ctlMax]ctlOpt{
ctlTTL: {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
"golang.org/x/sys/unix"
)
+const sockoptReceiveInterface = unix.IP_RECVIF
+
var (
ctlOpts = [ctlMax]ctlOpt{
ctlTTL: {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
"golang.org/x/sys/unix"
)
+const sockoptReceiveInterface = unix.IP_RECVIF
+
var (
ctlOpts = [ctlMax]ctlOpt{
ctlTTL: {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
"golang.org/x/sys/unix"
)
+const sockoptReceiveInterface = unix.IP_RECVIF
+
var (
ctlOpts = [ctlMax]ctlOpt{
ctlTTL: {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
"golang.org/x/sys/unix"
)
+const sockoptReceiveInterface = unix.IP_RECVIF
+
var (
ctlOpts = [ctlMax]ctlOpt{
ctlTTL: {unix.IP_RECVTTL, 1, marshalTTL, parseTTL},
"golang.org/x/sys/unix"
)
+const sockoptReceiveInterface = unix.IP_RECVIF
+
var (
ctlOpts = [ctlMax]ctlOpt{
ctlTTL: {unix.IP_RECVTTL, 4, marshalTTL, parseTTL},
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x20
- sysIP_RECVTTL = 0x22
-
sizeofIPMreq = 0x8
)
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x14
- sysIP_RECVTTL = 0x18
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x14
- sysIP_RECVTTL = 0x41
-
sizeofIPMreq = 0x8
)
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x14
- sysIP_RECVTTL = 0x41
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x14
- sysIP_RECVTTL = 0x41
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x14
- sysIP_RECVTTL = 0x41
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x14
- sysIP_RECVTTL = 0x41
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVTTL = 0xc
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x14
- sysIP_RECVTTL = 0x17
-
sizeofIPMreq = 0x8
)
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x1e
- sysIP_RECVTTL = 0x1f
-
sizeofIPMreq = 0x8
)
package ipv4
const (
- sysIP_RECVDSTADDR = 0x7
- sysIP_RECVIF = 0x9
- sysIP_RECVTTL = 0xb
-
sizeofSockaddrStorage = 0x100
sizeofSockaddrInet = 0x10
sizeofInetPktinfo = 0xc
"golang.org/x/net/internal/iana"
"golang.org/x/net/internal/socket"
+
+ "golang.org/x/sys/unix"
)
func marshalTrafficClass(b []byte, cm *ControlMessage) []byte {
m := socket.ControlMessage(b)
- m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_TCLASS, 4)
+ m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_TCLASS, 4)
if cm != nil {
socket.NativeEndian.PutUint32(m.Data(4), uint32(cm.TrafficClass))
}
func marshalHopLimit(b []byte, cm *ControlMessage) []byte {
m := socket.ControlMessage(b)
- m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_HOPLIMIT, 4)
+ m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_HOPLIMIT, 4)
if cm != nil {
socket.NativeEndian.PutUint32(m.Data(4), uint32(cm.HopLimit))
}
func marshalPacketInfo(b []byte, cm *ControlMessage) []byte {
m := socket.ControlMessage(b)
- m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_PKTINFO, sizeofInet6Pktinfo)
+ m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_PKTINFO, sizeofInet6Pktinfo)
if cm != nil {
pi := (*inet6Pktinfo)(unsafe.Pointer(&m.Data(sizeofInet6Pktinfo)[0]))
if ip := cm.Src.To16(); ip != nil && ip.To4() == nil {
func marshalNextHop(b []byte, cm *ControlMessage) []byte {
m := socket.ControlMessage(b)
- m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_NEXTHOP, sizeofSockaddrInet6)
+ m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_NEXTHOP, sizeofSockaddrInet6)
if cm != nil {
sa := (*sockaddrInet6)(unsafe.Pointer(&m.Data(sizeofSockaddrInet6)[0]))
sa.setSockaddr(cm.NextHop, cm.IfIndex)
func marshalPathMTU(b []byte, cm *ControlMessage) []byte {
m := socket.ControlMessage(b)
- m.MarshalHeader(iana.ProtocolIPv6, sysIPV6_PATHMTU, sizeofIPv6Mtuinfo)
+ m.MarshalHeader(iana.ProtocolIPv6, unix.IPV6_PATHMTU, sizeofIPv6Mtuinfo)
return m.Next(sizeofIPv6Mtuinfo)
}
"golang.org/x/net/internal/iana"
"golang.org/x/net/internal/socket"
+
+ "golang.org/x/sys/unix"
)
var (
ctlOpts = [ctlMax]ctlOpt{
- ctlTrafficClass: {sysIPV6_TCLASS, 4, marshalTrafficClass, parseTrafficClass},
- ctlHopLimit: {sysIPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
- ctlPacketInfo: {sysIPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
- ctlNextHop: {sysIPV6_NEXTHOP, sizeofSockaddrInet6, marshalNextHop, parseNextHop},
- ctlPathMTU: {sysIPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
+ ctlTrafficClass: {unix.IPV6_TCLASS, 4, marshalTrafficClass, parseTrafficClass},
+ ctlHopLimit: {unix.IPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
+ ctlPacketInfo: {unix.IPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
+ ctlNextHop: {unix.IPV6_NEXTHOP, sizeofSockaddrInet6, marshalNextHop, parseNextHop},
+ ctlPathMTU: {unix.IPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
}
sockOpts = map[int]*sockOpt{
- ssoTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_TCLASS, Len: 4}},
- ssoHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_UNICAST_HOPS, Len: 4}},
- ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_IF, Len: 4}},
- ssoMulticastHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_HOPS, Len: 4}},
- ssoMulticastLoopback: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_LOOP, Len: 4}},
- ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVTCLASS, Len: 4}},
- ssoReceiveHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVHOPLIMIT, Len: 4}},
- ssoReceivePacketInfo: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPKTINFO, Len: 4}},
- ssoReceivePathMTU: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPATHMTU, Len: 4}},
- ssoPathMTU: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_PATHMTU, Len: sizeofIPv6Mtuinfo}},
- ssoChecksum: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_CHECKSUM, Len: 4}},
- ssoICMPFilter: {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: sysICMP6_FILTER, Len: sizeofICMPv6Filter}},
- ssoJoinGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
- ssoLeaveGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
- ssoJoinSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
- ssoLeaveSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
- ssoBlockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
- ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+ ssoTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_TCLASS, Len: 4}},
+ ssoHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_UNICAST_HOPS, Len: 4}},
+ ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_IF, Len: 4}},
+ ssoMulticastHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_HOPS, Len: 4}},
+ ssoMulticastLoopback: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_LOOP, Len: 4}},
+ ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVTCLASS, Len: 4}},
+ ssoReceiveHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVHOPLIMIT, Len: 4}},
+ ssoReceivePacketInfo: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVPKTINFO, Len: 4}},
+ ssoReceivePathMTU: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVPATHMTU, Len: 4}},
+ ssoPathMTU: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_PATHMTU, Len: sizeofIPv6Mtuinfo}},
+ ssoChecksum: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_CHECKSUM, Len: 4}},
+ ssoICMPFilter: {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: unix.ICMP6_FILTER, Len: sizeofICMPv6Filter}},
+ ssoJoinGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+ ssoLeaveGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+ ssoJoinSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+ ssoLeaveSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+ ssoBlockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+ ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
}
)
"golang.org/x/net/internal/iana"
"golang.org/x/net/internal/socket"
+
+ "golang.org/x/sys/unix"
)
var (
ctlOpts = [ctlMax]ctlOpt{
- ctlHopLimit: {sysIPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
- ctlPacketInfo: {sysIPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
- ctlPathMTU: {sysIPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
+ ctlHopLimit: {unix.IPV6_HOPLIMIT, 4, marshalHopLimit, parseHopLimit},
+ ctlPacketInfo: {unix.IPV6_PKTINFO, sizeofInet6Pktinfo, marshalPacketInfo, parsePacketInfo},
+ ctlPathMTU: {unix.IPV6_PATHMTU, sizeofIPv6Mtuinfo, marshalPathMTU, parsePathMTU},
}
sockOpts = map[int]*sockOpt{
- ssoTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_TCLASS, Len: 4}},
- ssoHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_UNICAST_HOPS, Len: 4}},
- ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_IF, Len: 4}},
- ssoMulticastHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_HOPS, Len: 4}},
- ssoMulticastLoopback: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_MULTICAST_LOOP, Len: 4}},
- ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVTCLASS, Len: 4}},
- ssoReceiveHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVHOPLIMIT, Len: 4}},
- ssoReceivePacketInfo: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPKTINFO, Len: 4}},
- ssoReceivePathMTU: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_RECVPATHMTU, Len: 4}},
- ssoChecksum: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysIPV6_CHECKSUM, Len: 4}},
- ssoICMPFilter: {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: sysICMP6_FILTER, Len: sizeofICMPv6Filter}},
- ssoJoinGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
- ssoLeaveGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
- ssoJoinSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
- ssoLeaveSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
- ssoBlockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
- ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: sysMCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+ ssoTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_TCLASS, Len: 4}},
+ ssoHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_UNICAST_HOPS, Len: 4}},
+ ssoMulticastInterface: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_IF, Len: 4}},
+ ssoMulticastHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_HOPS, Len: 4}},
+ ssoMulticastLoopback: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_MULTICAST_LOOP, Len: 4}},
+ ssoReceiveTrafficClass: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVTCLASS, Len: 4}},
+ ssoReceiveHopLimit: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVHOPLIMIT, Len: 4}},
+ ssoReceivePacketInfo: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVPKTINFO, Len: 4}},
+ ssoReceivePathMTU: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_RECVPATHMTU, Len: 4}},
+ ssoChecksum: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.IPV6_CHECKSUM, Len: 4}},
+ ssoICMPFilter: {Option: socket.Option{Level: iana.ProtocolIPv6ICMP, Name: unix.ICMP6_FILTER, Len: sizeofICMPv6Filter}},
+ ssoJoinGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_JOIN_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+ ssoLeaveGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_LEAVE_GROUP, Len: sizeofGroupReq}, typ: ssoTypeGroupReq},
+ ssoJoinSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_JOIN_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+ ssoLeaveSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_LEAVE_SOURCE_GROUP, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+ ssoBlockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_BLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
+ ssoUnblockSourceGroup: {Option: socket.Option{Level: iana.ProtocolIPv6, Name: unix.MCAST_UNBLOCK_SOURCE, Len: sizeofGroupSourceReq}, typ: ssoTypeGroupSourceReq},
}
)
package ipv6
const (
- sysIPV6_PATHMTU = 0x2e
- sysIPV6_PKTINFO = 0x21
- sysIPV6_HOPLIMIT = 0x28
- sysIPV6_NEXTHOP = 0x30
- sysIPV6_TCLASS = 0x2b
-
sizeofSockaddrStorage = 0x508
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_TCLASS = 0x24
- sysIPV6_PATHMTU = 0x2c
- sysIPV6_PKTINFO = 0x2e
- sysIPV6_HOPLIMIT = 0x2f
- sysIPV6_NEXTHOP = 0x30
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_PATHMTU = 0x2c
- sysIPV6_PKTINFO = 0x2e
- sysIPV6_HOPLIMIT = 0x2f
- sysIPV6_NEXTHOP = 0x30
- sysIPV6_TCLASS = 0x3d
-
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
sizeofIPv6Mtuinfo = 0x20
package ipv6
const (
- sysIPV6_PATHMTU = 0x2c
- sysIPV6_PKTINFO = 0x2e
- sysIPV6_HOPLIMIT = 0x2f
- sysIPV6_NEXTHOP = 0x30
- sysIPV6_TCLASS = 0x3d
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_PATHMTU = 0x2c
- sysIPV6_PKTINFO = 0x2e
- sysIPV6_HOPLIMIT = 0x2f
- sysIPV6_NEXTHOP = 0x30
- sysIPV6_TCLASS = 0x3d
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_PATHMTU = 0x2c
- sysIPV6_PKTINFO = 0x2e
- sysIPV6_HOPLIMIT = 0x2f
- sysIPV6_NEXTHOP = 0x30
- sysIPV6_TCLASS = 0x3d
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_PATHMTU = 0x2c
- sysIPV6_PKTINFO = 0x2e
- sysIPV6_HOPLIMIT = 0x2f
- sysIPV6_NEXTHOP = 0x30
- sysIPV6_TCLASS = 0x3d
-
sizeofSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_NEXTHOP = 0x9
- sysIPV6_PKTINFO = 0x32
- sysIPV6_HOPLIMIT = 0x34
- sysIPV6_PATHMTU = 0x3d
- sysIPV6_TCLASS = 0x43
-
sizeofKernelSockaddrStorage = 0x80
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_PATHMTU = 0x2c
- sysIPV6_PKTINFO = 0x2e
- sysIPV6_HOPLIMIT = 0x2f
- sysIPV6_NEXTHOP = 0x30
- sysIPV6_TCLASS = 0x3d
-
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
sizeofIPv6Mtuinfo = 0x20
package ipv6
const (
- sysIPV6_PATHMTU = 0x2c
- sysIPV6_PKTINFO = 0x2e
- sysIPV6_HOPLIMIT = 0x2f
- sysIPV6_NEXTHOP = 0x30
- sysIPV6_TCLASS = 0x3d
-
sizeofSockaddrInet6 = 0x1c
sizeofInet6Pktinfo = 0x14
sizeofIPv6Mtuinfo = 0x20
package ipv6
const (
- sysIPV6_UNICAST_HOPS = 0x5
- sysIPV6_MULTICAST_IF = 0x6
- sysIPV6_MULTICAST_HOPS = 0x7
- sysIPV6_MULTICAST_LOOP = 0x8
- sysIPV6_JOIN_GROUP = 0x9
- sysIPV6_LEAVE_GROUP = 0xa
-
- sysIPV6_PKTINFO = 0xb
-
- sysIPV6_HOPLIMIT = 0xc
- sysIPV6_NEXTHOP = 0xd
- sysIPV6_HOPOPTS = 0xe
- sysIPV6_DSTOPTS = 0xf
-
- sysIPV6_RTHDR = 0x10
- sysIPV6_RTHDRDSTOPTS = 0x11
-
- sysIPV6_RECVPKTINFO = 0x12
- sysIPV6_RECVHOPLIMIT = 0x13
- sysIPV6_RECVHOPOPTS = 0x14
-
- sysIPV6_RECVRTHDR = 0x16
-
- sysIPV6_RECVRTHDRDSTOPTS = 0x17
-
- sysIPV6_CHECKSUM = 0x18
- sysIPV6_RECVTCLASS = 0x19
- sysIPV6_USE_MIN_MTU = 0x20
- sysIPV6_DONTFRAG = 0x21
- sysIPV6_SEC_OPT = 0x22
- sysIPV6_SRC_PREFERENCES = 0x23
- sysIPV6_RECVPATHMTU = 0x24
- sysIPV6_PATHMTU = 0x25
- sysIPV6_TCLASS = 0x26
- sysIPV6_V6ONLY = 0x27
-
- sysIPV6_RECVDSTOPTS = 0x28
-
- sysMCAST_JOIN_GROUP = 0x29
- sysMCAST_LEAVE_GROUP = 0x2a
- sysMCAST_BLOCK_SOURCE = 0x2b
- sysMCAST_UNBLOCK_SOURCE = 0x2c
- sysMCAST_JOIN_SOURCE_GROUP = 0x2d
- sysMCAST_LEAVE_SOURCE_GROUP = 0x2e
-
- sysIPV6_PREFER_SRC_HOME = 0x1
- sysIPV6_PREFER_SRC_COA = 0x2
- sysIPV6_PREFER_SRC_PUBLIC = 0x4
- sysIPV6_PREFER_SRC_TMP = 0x8
- sysIPV6_PREFER_SRC_NONCGA = 0x10
- sysIPV6_PREFER_SRC_CGA = 0x20
-
- sysIPV6_PREFER_SRC_MIPMASK = 0x3
- sysIPV6_PREFER_SRC_MIPDEFAULT = 0x1
- sysIPV6_PREFER_SRC_TMPMASK = 0xc
- sysIPV6_PREFER_SRC_TMPDEFAULT = 0x4
- sysIPV6_PREFER_SRC_CGAMASK = 0x30
- sysIPV6_PREFER_SRC_CGADEFAULT = 0x10
-
- sysIPV6_PREFER_SRC_MASK = 0x3f
-
- sysIPV6_PREFER_SRC_DEFAULT = 0x15
-
- sysIPV6_BOUND_IF = 0x41
- sysIPV6_UNSPEC_SRC = 0x42
-
- sysICMP6_FILTER = 0x1
-
sizeofSockaddrStorage = 0x100
sizeofSockaddrInet6 = 0x20
sizeofInet6Pktinfo = 0x14
package ipv6
const (
- sysIPV6_ADDR_PREFERENCES = 32
- sysIPV6_CHECKSUM = 19
- sysIPV6_DONTFRAG = 29
- sysIPV6_DSTOPTS = 23
- sysIPV6_HOPLIMIT = 11
- sysIPV6_HOPOPTS = 22
- sysIPV6_JOIN_GROUP = 5
- sysIPV6_LEAVE_GROUP = 6
- sysIPV6_MULTICAST_HOPS = 9
- sysIPV6_MULTICAST_IF = 7
- sysIPV6_MULTICAST_LOOP = 4
- sysIPV6_NEXTHOP = 20
- sysIPV6_PATHMTU = 12
- sysIPV6_PKTINFO = 13
- sysIPV6_PREFER_SRC_CGA = 0x10
- sysIPV6_PREFER_SRC_COA = 0x02
- sysIPV6_PREFER_SRC_HOME = 0x01
- sysIPV6_PREFER_SRC_NONCGA = 0x20
- sysIPV6_PREFER_SRC_PUBLIC = 0x08
- sysIPV6_PREFER_SRC_TMP = 0x04
- sysIPV6_RECVDSTOPTS = 28
- sysIPV6_RECVHOPLIMIT = 14
- sysIPV6_RECVHOPOPTS = 26
- sysIPV6_RECVPATHMTU = 16
- sysIPV6_RECVPKTINFO = 15
- sysIPV6_RECVRTHDR = 25
- sysIPV6_RECVTCLASS = 31
- sysIPV6_RTHDR = 21
- sysIPV6_RTHDRDSTOPTS = 24
- sysIPV6_RTHDR_TYPE_0 = 0
- sysIPV6_TCLASS = 30
- sysIPV6_UNICAST_HOPS = 3
- sysIPV6_USE_MIN_MTU = 18
- sysIPV6_V6ONLY = 10
-
- sysMCAST_JOIN_GROUP = 40
- sysMCAST_LEAVE_GROUP = 41
- sysMCAST_JOIN_SOURCE_GROUP = 42
- sysMCAST_LEAVE_SOURCE_GROUP = 43
- sysMCAST_BLOCK_SOURCE = 44
- sysMCAST_UNBLOCK_SOURCE = 45
-
- sysICMP6_FILTER = 0x1
-
sizeofSockaddrStorage = 128
sizeofICMPv6Filter = 32
sizeofInet6Pktinfo = 20
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle)
-// +build linux,386 linux,arm linux,mips linux,mipsle
+//go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
+// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
package unix
--- /dev/null
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package unix
+
+import (
+ "runtime"
+ "unsafe"
+)
+
+// IoctlRetInt performs an ioctl operation specified by req on a device
+// associated with opened file descriptor fd, and returns a non-negative
+// integer that is returned by the ioctl syscall.
+func IoctlRetInt(fd int, req uint) (int, error) {
+ ret, _, err := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), 0)
+ if err != 0 {
+ return 0, err
+ }
+ return int(ret), nil
+}
+
+func IoctlGetUint32(fd int, req uint) (uint32, error) {
+ var value uint32
+ err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
+ return value, err
+}
+
+func IoctlGetRTCTime(fd int) (*RTCTime, error) {
+ var value RTCTime
+ err := ioctl(fd, RTC_RD_TIME, uintptr(unsafe.Pointer(&value)))
+ return &value, err
+}
+
+func IoctlSetRTCTime(fd int, value *RTCTime) error {
+ err := ioctl(fd, RTC_SET_TIME, uintptr(unsafe.Pointer(value)))
+ runtime.KeepAlive(value)
+ return err
+}
+
+func IoctlGetRTCWkAlrm(fd int) (*RTCWkAlrm, error) {
+ var value RTCWkAlrm
+ err := ioctl(fd, RTC_WKALM_RD, uintptr(unsafe.Pointer(&value)))
+ return &value, err
+}
+
+func IoctlSetRTCWkAlrm(fd int, value *RTCWkAlrm) error {
+ err := ioctl(fd, RTC_WKALM_SET, uintptr(unsafe.Pointer(value)))
+ runtime.KeepAlive(value)
+ return err
+}
+
+type ifreqEthtool struct {
+ name [IFNAMSIZ]byte
+ data unsafe.Pointer
+}
+
+// IoctlGetEthtoolDrvinfo fetches ethtool driver information for the network
+// device specified by ifname.
+func IoctlGetEthtoolDrvinfo(fd int, ifname string) (*EthtoolDrvinfo, error) {
+ // Leave room for terminating NULL byte.
+ if len(ifname) >= IFNAMSIZ {
+ return nil, EINVAL
+ }
+
+ value := EthtoolDrvinfo{
+ Cmd: ETHTOOL_GDRVINFO,
+ }
+ ifreq := ifreqEthtool{
+ data: unsafe.Pointer(&value),
+ }
+ copy(ifreq.name[:], ifname)
+ err := ioctl(fd, SIOCETHTOOL, uintptr(unsafe.Pointer(&ifreq)))
+ runtime.KeepAlive(ifreq)
+ return &value, err
+}
+
+// IoctlGetWatchdogInfo fetches information about a watchdog device from the
+// Linux watchdog API. For more information, see:
+// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
+func IoctlGetWatchdogInfo(fd int) (*WatchdogInfo, error) {
+ var value WatchdogInfo
+ err := ioctl(fd, WDIOC_GETSUPPORT, uintptr(unsafe.Pointer(&value)))
+ return &value, err
+}
+
+// IoctlWatchdogKeepalive issues a keepalive ioctl to a watchdog device. For
+// more information, see:
+// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
+func IoctlWatchdogKeepalive(fd int) error {
+ return ioctl(fd, WDIOC_KEEPALIVE, 0)
+}
+
+// IoctlFileCloneRange performs an FICLONERANGE ioctl operation to clone the
+// range of data conveyed in value to the file associated with the file
+// descriptor destFd. See the ioctl_ficlonerange(2) man page for details.
+func IoctlFileCloneRange(destFd int, value *FileCloneRange) error {
+ err := ioctl(destFd, FICLONERANGE, uintptr(unsafe.Pointer(value)))
+ runtime.KeepAlive(value)
+ return err
+}
+
+// IoctlFileClone performs an FICLONE ioctl operation to clone the entire file
+// associated with the file description srcFd to the file associated with the
+// file descriptor destFd. See the ioctl_ficlone(2) man page for details.
+func IoctlFileClone(destFd, srcFd int) error {
+ return ioctl(destFd, FICLONE, uintptr(srcFd))
+}
+
+type FileDedupeRange struct {
+ Src_offset uint64
+ Src_length uint64
+ Reserved1 uint16
+ Reserved2 uint32
+ Info []FileDedupeRangeInfo
+}
+
+type FileDedupeRangeInfo struct {
+ Dest_fd int64
+ Dest_offset uint64
+ Bytes_deduped uint64
+ Status int32
+ Reserved uint32
+}
+
+// IoctlFileDedupeRange performs an FIDEDUPERANGE ioctl operation to share the
+// range of data conveyed in value from the file associated with the file
+// descriptor srcFd to the value.Info destinations. See the
+// ioctl_fideduperange(2) man page for details.
+func IoctlFileDedupeRange(srcFd int, value *FileDedupeRange) error {
+ buf := make([]byte, SizeofRawFileDedupeRange+
+ len(value.Info)*SizeofRawFileDedupeRangeInfo)
+ rawrange := (*RawFileDedupeRange)(unsafe.Pointer(&buf[0]))
+ rawrange.Src_offset = value.Src_offset
+ rawrange.Src_length = value.Src_length
+ rawrange.Dest_count = uint16(len(value.Info))
+ rawrange.Reserved1 = value.Reserved1
+ rawrange.Reserved2 = value.Reserved2
+
+ for i := range value.Info {
+ rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
+ uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
+ uintptr(i*SizeofRawFileDedupeRangeInfo)))
+ rawinfo.Dest_fd = value.Info[i].Dest_fd
+ rawinfo.Dest_offset = value.Info[i].Dest_offset
+ rawinfo.Bytes_deduped = value.Info[i].Bytes_deduped
+ rawinfo.Status = value.Info[i].Status
+ rawinfo.Reserved = value.Info[i].Reserved
+ }
+
+ err := ioctl(srcFd, FIDEDUPERANGE, uintptr(unsafe.Pointer(&buf[0])))
+
+ // Output
+ for i := range value.Info {
+ rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
+ uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
+ uintptr(i*SizeofRawFileDedupeRangeInfo)))
+ value.Info[i].Dest_fd = rawinfo.Dest_fd
+ value.Info[i].Dest_offset = rawinfo.Dest_offset
+ value.Info[i].Bytes_deduped = rawinfo.Bytes_deduped
+ value.Info[i].Status = rawinfo.Status
+ value.Info[i].Reserved = rawinfo.Reserved
+ }
+
+ return err
+}
+
+func IoctlHIDGetDesc(fd int, value *HIDRawReportDescriptor) error {
+ err := ioctl(fd, HIDIOCGRDESC, uintptr(unsafe.Pointer(value)))
+ runtime.KeepAlive(value)
+ return err
+}
+
+func IoctlHIDGetRawInfo(fd int) (*HIDRawDevInfo, error) {
+ var value HIDRawDevInfo
+ err := ioctl(fd, HIDIOCGRAWINFO, uintptr(unsafe.Pointer(&value)))
+ return &value, err
+}
+
+func IoctlHIDGetRawName(fd int) (string, error) {
+ var value [_HIDIOCGRAWNAME_LEN]byte
+ err := ioctl(fd, _HIDIOCGRAWNAME, uintptr(unsafe.Pointer(&value[0])))
+ return ByteSliceToString(value[:]), err
+}
+
+func IoctlHIDGetRawPhys(fd int) (string, error) {
+ var value [_HIDIOCGRAWPHYS_LEN]byte
+ err := ioctl(fd, _HIDIOCGRAWPHYS, uintptr(unsafe.Pointer(&value[0])))
+ return ByteSliceToString(value[:]), err
+}
+
+func IoctlHIDGetRawUniq(fd int) (string, error) {
+ var value [_HIDIOCGRAWUNIQ_LEN]byte
+ err := ioctl(fd, _HIDIOCGRAWUNIQ, uintptr(unsafe.Pointer(&value[0])))
+ return ByteSliceToString(value[:]), err
+}
#include <net/if_arp.h>
#include <net/if_types.h>
#include <net/route.h>
+#include <netinet/icmp6.h>
#include <netinet/in.h>
-#include <termios.h>
#include <netinet/ip.h>
#include <netinet/ip_mroute.h>
+#include <termios.h>
'
$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
$2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
- $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|ICMP6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL)_/ ||
+ $2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL)_/ ||
$2 ~ /^TP_STATUS_/ ||
$2 ~ /^FALLOC_/ ||
- $2 ~ /^ICMP(V6)?_FILTER/ ||
+ $2 ~ /^ICMPV?6?_(FILTER|SEC)/ ||
$2 == "SOMAXCONN" ||
$2 == "NAME_MAX" ||
$2 == "IFNAMSIZ" ||
// ioctl itself should not be exposed directly, but additional get/set
// functions for specific types are permissible.
-
-// IoctlRetInt performs an ioctl operation specified by req on a device
-// associated with opened file descriptor fd, and returns a non-negative
-// integer that is returned by the ioctl syscall.
-func IoctlRetInt(fd int, req uint) (int, error) {
- ret, _, err := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), 0)
- if err != 0 {
- return 0, err
- }
- return int(ret), nil
-}
-
-func IoctlSetRTCTime(fd int, value *RTCTime) error {
- err := ioctl(fd, RTC_SET_TIME, uintptr(unsafe.Pointer(value)))
- runtime.KeepAlive(value)
- return err
-}
-
-func IoctlSetRTCWkAlrm(fd int, value *RTCWkAlrm) error {
- err := ioctl(fd, RTC_WKALM_SET, uintptr(unsafe.Pointer(value)))
- runtime.KeepAlive(value)
- return err
-}
-
-func IoctlGetUint32(fd int, req uint) (uint32, error) {
- var value uint32
- err := ioctl(fd, req, uintptr(unsafe.Pointer(&value)))
- return value, err
-}
-
-func IoctlGetRTCTime(fd int) (*RTCTime, error) {
- var value RTCTime
- err := ioctl(fd, RTC_RD_TIME, uintptr(unsafe.Pointer(&value)))
- return &value, err
-}
-
-// IoctlGetWatchdogInfo fetches information about a watchdog device from the
-// Linux watchdog API. For more information, see:
-// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
-func IoctlGetWatchdogInfo(fd int) (*WatchdogInfo, error) {
- var value WatchdogInfo
- err := ioctl(fd, WDIOC_GETSUPPORT, uintptr(unsafe.Pointer(&value)))
- return &value, err
-}
-
-func IoctlGetRTCWkAlrm(fd int) (*RTCWkAlrm, error) {
- var value RTCWkAlrm
- err := ioctl(fd, RTC_WKALM_RD, uintptr(unsafe.Pointer(&value)))
- return &value, err
-}
-
-// IoctlFileCloneRange performs an FICLONERANGE ioctl operation to clone the
-// range of data conveyed in value to the file associated with the file
-// descriptor destFd. See the ioctl_ficlonerange(2) man page for details.
-func IoctlFileCloneRange(destFd int, value *FileCloneRange) error {
- err := ioctl(destFd, FICLONERANGE, uintptr(unsafe.Pointer(value)))
- runtime.KeepAlive(value)
- return err
-}
-
-// IoctlFileClone performs an FICLONE ioctl operation to clone the entire file
-// associated with the file description srcFd to the file associated with the
-// file descriptor destFd. See the ioctl_ficlone(2) man page for details.
-func IoctlFileClone(destFd, srcFd int) error {
- return ioctl(destFd, FICLONE, uintptr(srcFd))
-}
-
-type FileDedupeRange struct {
- Src_offset uint64
- Src_length uint64
- Reserved1 uint16
- Reserved2 uint32
- Info []FileDedupeRangeInfo
-}
-
-type FileDedupeRangeInfo struct {
- Dest_fd int64
- Dest_offset uint64
- Bytes_deduped uint64
- Status int32
- Reserved uint32
-}
-
-// IoctlFileDedupeRange performs an FIDEDUPERANGE ioctl operation to share the
-// range of data conveyed in value from the file associated with the file
-// descriptor srcFd to the value.Info destinations. See the
-// ioctl_fideduperange(2) man page for details.
-func IoctlFileDedupeRange(srcFd int, value *FileDedupeRange) error {
- buf := make([]byte, SizeofRawFileDedupeRange+
- len(value.Info)*SizeofRawFileDedupeRangeInfo)
- rawrange := (*RawFileDedupeRange)(unsafe.Pointer(&buf[0]))
- rawrange.Src_offset = value.Src_offset
- rawrange.Src_length = value.Src_length
- rawrange.Dest_count = uint16(len(value.Info))
- rawrange.Reserved1 = value.Reserved1
- rawrange.Reserved2 = value.Reserved2
-
- for i := range value.Info {
- rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
- uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
- uintptr(i*SizeofRawFileDedupeRangeInfo)))
- rawinfo.Dest_fd = value.Info[i].Dest_fd
- rawinfo.Dest_offset = value.Info[i].Dest_offset
- rawinfo.Bytes_deduped = value.Info[i].Bytes_deduped
- rawinfo.Status = value.Info[i].Status
- rawinfo.Reserved = value.Info[i].Reserved
- }
-
- err := ioctl(srcFd, FIDEDUPERANGE, uintptr(unsafe.Pointer(&buf[0])))
-
- // Output
- for i := range value.Info {
- rawinfo := (*RawFileDedupeRangeInfo)(unsafe.Pointer(
- uintptr(unsafe.Pointer(&buf[0])) + uintptr(SizeofRawFileDedupeRange) +
- uintptr(i*SizeofRawFileDedupeRangeInfo)))
- value.Info[i].Dest_fd = rawinfo.Dest_fd
- value.Info[i].Dest_offset = rawinfo.Dest_offset
- value.Info[i].Bytes_deduped = rawinfo.Bytes_deduped
- value.Info[i].Status = rawinfo.Status
- value.Info[i].Reserved = rawinfo.Reserved
- }
-
- return err
-}
-
-// IoctlWatchdogKeepalive issues a keepalive ioctl to a watchdog device. For
-// more information, see:
-// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
-func IoctlWatchdogKeepalive(fd int) error {
- return ioctl(fd, WDIOC_KEEPALIVE, 0)
-}
-
-func IoctlHIDGetDesc(fd int, value *HIDRawReportDescriptor) error {
- err := ioctl(fd, HIDIOCGRDESC, uintptr(unsafe.Pointer(value)))
- runtime.KeepAlive(value)
- return err
-}
-
-func IoctlHIDGetRawInfo(fd int) (*HIDRawDevInfo, error) {
- var value HIDRawDevInfo
- err := ioctl(fd, HIDIOCGRAWINFO, uintptr(unsafe.Pointer(&value)))
- return &value, err
-}
-
-func IoctlHIDGetRawName(fd int) (string, error) {
- var value [_HIDIOCGRAWNAME_LEN]byte
- err := ioctl(fd, _HIDIOCGRAWNAME, uintptr(unsafe.Pointer(&value[0])))
- return ByteSliceToString(value[:]), err
-}
-
-func IoctlHIDGetRawPhys(fd int) (string, error) {
- var value [_HIDIOCGRAWPHYS_LEN]byte
- err := ioctl(fd, _HIDIOCGRAWPHYS, uintptr(unsafe.Pointer(&value[0])))
- return ByteSliceToString(value[:]), err
-}
-
-func IoctlHIDGetRawUniq(fd int) (string, error) {
- var value [_HIDIOCGRAWUNIQ_LEN]byte
- err := ioctl(fd, _HIDIOCGRAWUNIQ, uintptr(unsafe.Pointer(&value[0])))
- return ByteSliceToString(value[:]), err
-}
+// These are defined in ioctl.go and ioctl_linux.go.
//sys Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error)
// CID and Port specify a context ID and port address for a VM socket.
// Guests have a unique CID, and hosts may have a well-known CID of:
// - VMADDR_CID_HYPERVISOR: refers to the hypervisor process.
+ // - VMADDR_CID_LOCAL: refers to local communication (loopback).
// - VMADDR_CID_HOST: refers to other processes on the host.
- CID uint32
- Port uint32
- raw RawSockaddrVM
+ CID uint32
+ Port uint32
+ Flags uint8
+ raw RawSockaddrVM
}
func (sa *SockaddrVM) sockaddr() (unsafe.Pointer, _Socklen, error) {
sa.raw.Family = AF_VSOCK
sa.raw.Port = sa.Port
sa.raw.Cid = sa.CID
+ sa.raw.Flags = sa.Flags
return unsafe.Pointer(&sa.raw), SizeofSockaddrVM, nil
}
case AF_VSOCK:
pp := (*RawSockaddrVM)(unsafe.Pointer(rsa))
sa := &SockaddrVM{
- CID: pp.Cid,
- Port: pp.Port,
+ CID: pp.Cid,
+ Port: pp.Port,
+ Flags: pp.Flags,
}
return sa, nil
case AF_BLUETOOTH:
--- /dev/null
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && ppc
+// +build linux
+// +build ppc
+
+package unix
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+//sys dup2(oldfd int, newfd int) (err error)
+//sysnb EpollCreate(size int) (fd int, err error)
+//sys EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error)
+//sys Fchown(fd int, uid int, gid int) (err error)
+//sys Fstat(fd int, stat *Stat_t) (err error) = SYS_FSTAT64
+//sys Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) = SYS_FSTATAT64
+//sys Ftruncate(fd int, length int64) (err error) = SYS_FTRUNCATE64
+//sysnb Getegid() (egid int)
+//sysnb Geteuid() (euid int)
+//sysnb Getgid() (gid int)
+//sysnb Getuid() (uid int)
+//sysnb InotifyInit() (fd int, err error)
+//sys Ioperm(from int, num int, on int) (err error)
+//sys Iopl(level int) (err error)
+//sys Lchown(path string, uid int, gid int) (err error)
+//sys Listen(s int, n int) (err error)
+//sys Lstat(path string, stat *Stat_t) (err error) = SYS_LSTAT64
+//sys Pause() (err error)
+//sys Pread(fd int, p []byte, offset int64) (n int, err error) = SYS_PREAD64
+//sys Pwrite(fd int, p []byte, offset int64) (n int, err error) = SYS_PWRITE64
+//sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error)
+//sys Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) = SYS__NEWSELECT
+//sys sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) = SYS_SENDFILE64
+//sys setfsgid(gid int) (prev int, err error)
+//sys setfsuid(uid int) (prev int, err error)
+//sysnb Setregid(rgid int, egid int) (err error)
+//sysnb Setresgid(rgid int, egid int, sgid int) (err error)
+//sysnb Setresuid(ruid int, euid int, suid int) (err error)
+//sysnb Setreuid(ruid int, euid int) (err error)
+//sys Shutdown(fd int, how int) (err error)
+//sys Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error)
+//sys Stat(path string, stat *Stat_t) (err error) = SYS_STAT64
+//sys Truncate(path string, length int64) (err error) = SYS_TRUNCATE64
+//sys Ustat(dev int, ubuf *Ustat_t) (err error)
+//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error)
+//sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error)
+//sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error)
+//sysnb getgroups(n int, list *_Gid_t) (nn int, err error)
+//sysnb setgroups(n int, list *_Gid_t) (err error)
+//sys getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error)
+//sys setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error)
+//sysnb socket(domain int, typ int, proto int) (fd int, err error)
+//sysnb socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
+//sysnb getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sysnb getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error)
+//sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+//sys sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error)
+//sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error)
+//sys sendmsg(s int, msg *Msghdr, flags int) (n int, err error)
+
+//sys futimesat(dirfd int, path string, times *[2]Timeval) (err error)
+//sysnb Gettimeofday(tv *Timeval) (err error)
+//sysnb Time(t *Time_t) (tt Time_t, err error)
+//sys Utime(path string, buf *Utimbuf) (err error)
+//sys utimes(path string, times *[2]Timeval) (err error)
+
+func Fadvise(fd int, offset int64, length int64, advice int) (err error) {
+ _, _, e1 := Syscall6(SYS_FADVISE64_64, uintptr(fd), uintptr(advice), uintptr(offset>>32), uintptr(offset), uintptr(length>>32), uintptr(length))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+func seek(fd int, offset int64, whence int) (int64, syscall.Errno) {
+ var newoffset int64
+ offsetLow := uint32(offset & 0xffffffff)
+ offsetHigh := uint32((offset >> 32) & 0xffffffff)
+ _, _, err := Syscall6(SYS__LLSEEK, uintptr(fd), uintptr(offsetHigh), uintptr(offsetLow), uintptr(unsafe.Pointer(&newoffset)), uintptr(whence), 0)
+ return newoffset, err
+}
+
+func Seek(fd int, offset int64, whence int) (newoffset int64, err error) {
+ newoffset, errno := seek(fd, offset, whence)
+ if errno != 0 {
+ return 0, errno
+ }
+ return newoffset, nil
+}
+
+func Fstatfs(fd int, buf *Statfs_t) (err error) {
+ _, _, e := Syscall(SYS_FSTATFS64, uintptr(fd), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+ if e != 0 {
+ err = e
+ }
+ return
+}
+
+func Statfs(path string, buf *Statfs_t) (err error) {
+ pathp, err := BytePtrFromString(path)
+ if err != nil {
+ return err
+ }
+ _, _, e := Syscall(SYS_STATFS64, uintptr(unsafe.Pointer(pathp)), unsafe.Sizeof(*buf), uintptr(unsafe.Pointer(buf)))
+ if e != 0 {
+ err = e
+ }
+ return
+}
+
+//sys mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error)
+
+func mmap(addr uintptr, length uintptr, prot int, flags int, fd int, offset int64) (xaddr uintptr, err error) {
+ page := uintptr(offset / 4096)
+ if offset != int64(page)*4096 {
+ return 0, EINVAL
+ }
+ return mmap2(addr, length, prot, flags, fd, page)
+}
+
+func setTimespec(sec, nsec int64) Timespec {
+ return Timespec{Sec: int32(sec), Nsec: int32(nsec)}
+}
+
+func setTimeval(sec, usec int64) Timeval {
+ return Timeval{Sec: int32(sec), Usec: int32(usec)}
+}
+
+type rlimit32 struct {
+ Cur uint32
+ Max uint32
+}
+
+//sysnb getrlimit(resource int, rlim *rlimit32) (err error) = SYS_UGETRLIMIT
+
+const rlimInf32 = ^uint32(0)
+const rlimInf64 = ^uint64(0)
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+ err = prlimit(0, resource, nil, rlim)
+ if err != ENOSYS {
+ return err
+ }
+
+ rl := rlimit32{}
+ err = getrlimit(resource, &rl)
+ if err != nil {
+ return
+ }
+
+ if rl.Cur == rlimInf32 {
+ rlim.Cur = rlimInf64
+ } else {
+ rlim.Cur = uint64(rl.Cur)
+ }
+
+ if rl.Max == rlimInf32 {
+ rlim.Max = rlimInf64
+ } else {
+ rlim.Max = uint64(rl.Max)
+ }
+ return
+}
+
+//sysnb setrlimit(resource int, rlim *rlimit32) (err error) = SYS_SETRLIMIT
+
+func Setrlimit(resource int, rlim *Rlimit) (err error) {
+ err = prlimit(0, resource, rlim, nil)
+ if err != ENOSYS {
+ return err
+ }
+
+ rl := rlimit32{}
+ if rlim.Cur == rlimInf64 {
+ rl.Cur = rlimInf32
+ } else if rlim.Cur < uint64(rlimInf32) {
+ rl.Cur = uint32(rlim.Cur)
+ } else {
+ return EINVAL
+ }
+ if rlim.Max == rlimInf64 {
+ rl.Max = rlimInf32
+ } else if rlim.Max < uint64(rlimInf32) {
+ rl.Max = uint32(rlim.Max)
+ } else {
+ return EINVAL
+ }
+
+ return setrlimit(resource, &rl)
+}
+
+func (r *PtraceRegs) PC() uint32 { return r.Nip }
+
+func (r *PtraceRegs) SetPC(pc uint32) { r.Nip = pc }
+
+func (iov *Iovec) SetLen(length int) {
+ iov.Len = uint32(length)
+}
+
+func (msghdr *Msghdr) SetControllen(length int) {
+ msghdr.Controllen = uint32(length)
+}
+
+func (msghdr *Msghdr) SetIovlen(length int) {
+ msghdr.Iovlen = uint32(length)
+}
+
+func (cmsg *Cmsghdr) SetLen(length int) {
+ cmsg.Len = uint32(length)
+}
+
+//sysnb pipe(p *[2]_C_int) (err error)
+
+func Pipe(p []int) (err error) {
+ if len(p) != 2 {
+ return EINVAL
+ }
+ var pp [2]_C_int
+ err = pipe(&pp)
+ p[0] = int(pp[0])
+ p[1] = int(pp[1])
+ return
+}
+
+//sysnb pipe2(p *[2]_C_int, flags int) (err error)
+
+func Pipe2(p []int, flags int) (err error) {
+ if len(p) != 2 {
+ return EINVAL
+ }
+ var pp [2]_C_int
+ err = pipe2(&pp, flags)
+ p[0] = int(pp[0])
+ p[1] = int(pp[1])
+ return
+}
+
+//sys poll(fds *PollFd, nfds int, timeout int) (n int, err error)
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+ if len(fds) == 0 {
+ return poll(nil, 0, timeout)
+ }
+ return poll(&fds[0], len(fds), timeout)
+}
+
+//sys syncFileRange2(fd int, flags int, off int64, n int64) (err error) = SYS_SYNC_FILE_RANGE2
+
+func SyncFileRange(fd int, off int64, n int64, flags int) error {
+ // The sync_file_range and sync_file_range2 syscalls differ only in the
+ // order of their arguments.
+ return syncFileRange2(fd, flags, off, n)
+}
+
+//sys kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error)
+
+func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error {
+ cmdlineLen := len(cmdline)
+ if cmdlineLen > 0 {
+ // Account for the additional NULL byte added by
+ // BytePtrFromString in kexecFileLoad. The kexec_file_load
+ // syscall expects a NULL-terminated string.
+ cmdlineLen++
+ }
+ return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
+}
--- /dev/null
+// mkerrors.sh -Wall -Werror -static -I/tmp/include
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && linux
+// +build ppc,linux
+
+// Code generated by cmd/cgo -godefs; DO NOT EDIT.
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/_const.go
+
+package unix
+
+import "syscall"
+
+const (
+ B1000000 = 0x17
+ B115200 = 0x11
+ B1152000 = 0x18
+ B1500000 = 0x19
+ B2000000 = 0x1a
+ B230400 = 0x12
+ B2500000 = 0x1b
+ B3000000 = 0x1c
+ B3500000 = 0x1d
+ B4000000 = 0x1e
+ B460800 = 0x13
+ B500000 = 0x14
+ B57600 = 0x10
+ B576000 = 0x15
+ B921600 = 0x16
+ BLKBSZGET = 0x40041270
+ BLKBSZSET = 0x80041271
+ BLKFLSBUF = 0x20001261
+ BLKFRAGET = 0x20001265
+ BLKFRASET = 0x20001264
+ BLKGETSIZE = 0x20001260
+ BLKGETSIZE64 = 0x40041272
+ BLKPBSZGET = 0x2000127b
+ BLKRAGET = 0x20001263
+ BLKRASET = 0x20001262
+ BLKROGET = 0x2000125e
+ BLKROSET = 0x2000125d
+ BLKRRPART = 0x2000125f
+ BLKSECTGET = 0x20001267
+ BLKSECTSET = 0x20001266
+ BLKSSZGET = 0x20001268
+ BOTHER = 0x1f
+ BS1 = 0x8000
+ BSDLY = 0x8000
+ CBAUD = 0xff
+ CBAUDEX = 0x0
+ CIBAUD = 0xff0000
+ CLOCAL = 0x8000
+ CR1 = 0x1000
+ CR2 = 0x2000
+ CR3 = 0x3000
+ CRDLY = 0x3000
+ CREAD = 0x800
+ CS6 = 0x100
+ CS7 = 0x200
+ CS8 = 0x300
+ CSIZE = 0x300
+ CSTOPB = 0x400
+ ECHOCTL = 0x40
+ ECHOE = 0x2
+ ECHOK = 0x4
+ ECHOKE = 0x1
+ ECHONL = 0x10
+ ECHOPRT = 0x20
+ EFD_CLOEXEC = 0x80000
+ EFD_NONBLOCK = 0x800
+ EPOLL_CLOEXEC = 0x80000
+ EXTPROC = 0x10000000
+ FF1 = 0x4000
+ FFDLY = 0x4000
+ FICLONE = 0x80049409
+ FICLONERANGE = 0x8020940d
+ FLUSHO = 0x800000
+ FS_IOC_ENABLE_VERITY = 0x80806685
+ FS_IOC_GETFLAGS = 0x40046601
+ FS_IOC_GET_ENCRYPTION_NONCE = 0x4010661b
+ FS_IOC_GET_ENCRYPTION_POLICY = 0x800c6615
+ FS_IOC_GET_ENCRYPTION_PWSALT = 0x80106614
+ FS_IOC_SETFLAGS = 0x80046602
+ FS_IOC_SET_ENCRYPTION_POLICY = 0x400c6613
+ F_GETLK = 0xc
+ F_GETLK64 = 0xc
+ F_GETOWN = 0x9
+ F_RDLCK = 0x0
+ F_SETLK = 0xd
+ F_SETLK64 = 0xd
+ F_SETLKW = 0xe
+ F_SETLKW64 = 0xe
+ F_SETOWN = 0x8
+ F_UNLCK = 0x2
+ F_WRLCK = 0x1
+ HIDIOCGRAWINFO = 0x40084803
+ HIDIOCGRDESC = 0x50044802
+ HIDIOCGRDESCSIZE = 0x40044801
+ HUPCL = 0x4000
+ ICANON = 0x100
+ IEXTEN = 0x400
+ IN_CLOEXEC = 0x80000
+ IN_NONBLOCK = 0x800
+ IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ ISIG = 0x80
+ IUCLC = 0x1000
+ IXOFF = 0x400
+ IXON = 0x200
+ MAP_ANON = 0x20
+ MAP_ANONYMOUS = 0x20
+ MAP_DENYWRITE = 0x800
+ MAP_EXECUTABLE = 0x1000
+ MAP_GROWSDOWN = 0x100
+ MAP_HUGETLB = 0x40000
+ MAP_LOCKED = 0x80
+ MAP_NONBLOCK = 0x10000
+ MAP_NORESERVE = 0x40
+ MAP_POPULATE = 0x8000
+ MAP_STACK = 0x20000
+ MAP_SYNC = 0x80000
+ MCL_CURRENT = 0x2000
+ MCL_FUTURE = 0x4000
+ MCL_ONFAULT = 0x8000
+ NFDBITS = 0x20
+ NL2 = 0x200
+ NL3 = 0x300
+ NLDLY = 0x300
+ NOFLSH = 0x80000000
+ NS_GET_NSTYPE = 0x2000b703
+ NS_GET_OWNER_UID = 0x2000b704
+ NS_GET_PARENT = 0x2000b702
+ NS_GET_USERNS = 0x2000b701
+ OLCUC = 0x4
+ ONLCR = 0x2
+ O_APPEND = 0x400
+ O_ASYNC = 0x2000
+ O_CLOEXEC = 0x80000
+ O_CREAT = 0x40
+ O_DIRECT = 0x20000
+ O_DIRECTORY = 0x4000
+ O_DSYNC = 0x1000
+ O_EXCL = 0x80
+ O_FSYNC = 0x101000
+ O_LARGEFILE = 0x10000
+ O_NDELAY = 0x800
+ O_NOATIME = 0x40000
+ O_NOCTTY = 0x100
+ O_NOFOLLOW = 0x8000
+ O_NONBLOCK = 0x800
+ O_PATH = 0x200000
+ O_RSYNC = 0x101000
+ O_SYNC = 0x101000
+ O_TMPFILE = 0x404000
+ O_TRUNC = 0x200
+ PARENB = 0x1000
+ PARODD = 0x2000
+ PENDIN = 0x20000000
+ PERF_EVENT_IOC_DISABLE = 0x20002401
+ PERF_EVENT_IOC_ENABLE = 0x20002400
+ PERF_EVENT_IOC_ID = 0x40042407
+ PERF_EVENT_IOC_MODIFY_ATTRIBUTES = 0x8004240b
+ PERF_EVENT_IOC_PAUSE_OUTPUT = 0x80042409
+ PERF_EVENT_IOC_PERIOD = 0x80082404
+ PERF_EVENT_IOC_QUERY_BPF = 0xc004240a
+ PERF_EVENT_IOC_REFRESH = 0x20002402
+ PERF_EVENT_IOC_RESET = 0x20002403
+ PERF_EVENT_IOC_SET_BPF = 0x80042408
+ PERF_EVENT_IOC_SET_FILTER = 0x80042406
+ PERF_EVENT_IOC_SET_OUTPUT = 0x20002405
+ PPPIOCATTACH = 0x8004743d
+ PPPIOCATTCHAN = 0x80047438
+ PPPIOCBRIDGECHAN = 0x80047435
+ PPPIOCCONNECT = 0x8004743a
+ PPPIOCDETACH = 0x8004743c
+ PPPIOCDISCONN = 0x20007439
+ PPPIOCGASYNCMAP = 0x40047458
+ PPPIOCGCHAN = 0x40047437
+ PPPIOCGDEBUG = 0x40047441
+ PPPIOCGFLAGS = 0x4004745a
+ PPPIOCGIDLE = 0x4008743f
+ PPPIOCGIDLE32 = 0x4008743f
+ PPPIOCGIDLE64 = 0x4010743f
+ PPPIOCGL2TPSTATS = 0x40487436
+ PPPIOCGMRU = 0x40047453
+ PPPIOCGRASYNCMAP = 0x40047455
+ PPPIOCGUNIT = 0x40047456
+ PPPIOCGXASYNCMAP = 0x40207450
+ PPPIOCSACTIVE = 0x80087446
+ PPPIOCSASYNCMAP = 0x80047457
+ PPPIOCSCOMPRESS = 0x800c744d
+ PPPIOCSDEBUG = 0x80047440
+ PPPIOCSFLAGS = 0x80047459
+ PPPIOCSMAXCID = 0x80047451
+ PPPIOCSMRRU = 0x8004743b
+ PPPIOCSMRU = 0x80047452
+ PPPIOCSNPMODE = 0x8008744b
+ PPPIOCSPASS = 0x80087447
+ PPPIOCSRASYNCMAP = 0x80047454
+ PPPIOCSXASYNCMAP = 0x8020744f
+ PPPIOCUNBRIDGECHAN = 0x20007434
+ PPPIOCXFERUNIT = 0x2000744e
+ PROT_SAO = 0x10
+ PR_SET_PTRACER_ANY = 0xffffffff
+ PTRACE_GETEVRREGS = 0x14
+ PTRACE_GETFPREGS = 0xe
+ PTRACE_GETREGS64 = 0x16
+ PTRACE_GETVRREGS = 0x12
+ PTRACE_GETVSRREGS = 0x1b
+ PTRACE_GET_DEBUGREG = 0x19
+ PTRACE_SETEVRREGS = 0x15
+ PTRACE_SETFPREGS = 0xf
+ PTRACE_SETREGS64 = 0x17
+ PTRACE_SETVRREGS = 0x13
+ PTRACE_SETVSRREGS = 0x1c
+ PTRACE_SET_DEBUGREG = 0x1a
+ PTRACE_SINGLEBLOCK = 0x100
+ PTRACE_SYSEMU = 0x1d
+ PTRACE_SYSEMU_SINGLESTEP = 0x1e
+ PT_CCR = 0x26
+ PT_CTR = 0x23
+ PT_DAR = 0x29
+ PT_DSCR = 0x2c
+ PT_DSISR = 0x2a
+ PT_FPR0 = 0x30
+ PT_FPR31 = 0x6e
+ PT_FPSCR = 0x71
+ PT_LNK = 0x24
+ PT_MQ = 0x27
+ PT_MSR = 0x21
+ PT_NIP = 0x20
+ PT_ORIG_R3 = 0x22
+ PT_R0 = 0x0
+ PT_R1 = 0x1
+ PT_R10 = 0xa
+ PT_R11 = 0xb
+ PT_R12 = 0xc
+ PT_R13 = 0xd
+ PT_R14 = 0xe
+ PT_R15 = 0xf
+ PT_R16 = 0x10
+ PT_R17 = 0x11
+ PT_R18 = 0x12
+ PT_R19 = 0x13
+ PT_R2 = 0x2
+ PT_R20 = 0x14
+ PT_R21 = 0x15
+ PT_R22 = 0x16
+ PT_R23 = 0x17
+ PT_R24 = 0x18
+ PT_R25 = 0x19
+ PT_R26 = 0x1a
+ PT_R27 = 0x1b
+ PT_R28 = 0x1c
+ PT_R29 = 0x1d
+ PT_R3 = 0x3
+ PT_R30 = 0x1e
+ PT_R31 = 0x1f
+ PT_R4 = 0x4
+ PT_R5 = 0x5
+ PT_R6 = 0x6
+ PT_R7 = 0x7
+ PT_R8 = 0x8
+ PT_R9 = 0x9
+ PT_REGS_COUNT = 0x2c
+ PT_RESULT = 0x2b
+ PT_TRAP = 0x28
+ PT_XER = 0x25
+ RLIMIT_AS = 0x9
+ RLIMIT_MEMLOCK = 0x8
+ RLIMIT_NOFILE = 0x7
+ RLIMIT_NPROC = 0x6
+ RLIMIT_RSS = 0x5
+ RNDADDENTROPY = 0x80085203
+ RNDADDTOENTCNT = 0x80045201
+ RNDCLEARPOOL = 0x20005206
+ RNDGETENTCNT = 0x40045200
+ RNDGETPOOL = 0x40085202
+ RNDRESEEDCRNG = 0x20005207
+ RNDZAPENTCNT = 0x20005204
+ RTC_AIE_OFF = 0x20007002
+ RTC_AIE_ON = 0x20007001
+ RTC_ALM_READ = 0x40247008
+ RTC_ALM_SET = 0x80247007
+ RTC_EPOCH_READ = 0x4004700d
+ RTC_EPOCH_SET = 0x8004700e
+ RTC_IRQP_READ = 0x4004700b
+ RTC_IRQP_SET = 0x8004700c
+ RTC_PIE_OFF = 0x20007006
+ RTC_PIE_ON = 0x20007005
+ RTC_PLL_GET = 0x401c7011
+ RTC_PLL_SET = 0x801c7012
+ RTC_RD_TIME = 0x40247009
+ RTC_SET_TIME = 0x8024700a
+ RTC_UIE_OFF = 0x20007004
+ RTC_UIE_ON = 0x20007003
+ RTC_VL_CLR = 0x20007014
+ RTC_VL_READ = 0x40047013
+ RTC_WIE_OFF = 0x20007010
+ RTC_WIE_ON = 0x2000700f
+ RTC_WKALM_RD = 0x40287010
+ RTC_WKALM_SET = 0x8028700f
+ SCM_TIMESTAMPING = 0x25
+ SCM_TIMESTAMPING_OPT_STATS = 0x36
+ SCM_TIMESTAMPING_PKTINFO = 0x3a
+ SCM_TIMESTAMPNS = 0x23
+ SCM_TXTIME = 0x3d
+ SCM_WIFI_STATUS = 0x29
+ SFD_CLOEXEC = 0x80000
+ SFD_NONBLOCK = 0x800
+ SIOCATMARK = 0x8905
+ SIOCGPGRP = 0x8904
+ SIOCGSTAMPNS_NEW = 0x40108907
+ SIOCGSTAMP_NEW = 0x40108906
+ SIOCINQ = 0x4004667f
+ SIOCOUTQ = 0x40047473
+ SIOCSPGRP = 0x8902
+ SOCK_CLOEXEC = 0x80000
+ SOCK_DGRAM = 0x2
+ SOCK_NONBLOCK = 0x800
+ SOCK_STREAM = 0x1
+ SOL_SOCKET = 0x1
+ SO_ACCEPTCONN = 0x1e
+ SO_ATTACH_BPF = 0x32
+ SO_ATTACH_REUSEPORT_CBPF = 0x33
+ SO_ATTACH_REUSEPORT_EBPF = 0x34
+ SO_BINDTODEVICE = 0x19
+ SO_BINDTOIFINDEX = 0x3e
+ SO_BPF_EXTENSIONS = 0x30
+ SO_BROADCAST = 0x6
+ SO_BSDCOMPAT = 0xe
+ SO_BUSY_POLL = 0x2e
+ SO_BUSY_POLL_BUDGET = 0x46
+ SO_CNX_ADVICE = 0x35
+ SO_COOKIE = 0x39
+ SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DOMAIN = 0x27
+ SO_DONTROUTE = 0x5
+ SO_ERROR = 0x4
+ SO_INCOMING_CPU = 0x31
+ SO_INCOMING_NAPI_ID = 0x38
+ SO_KEEPALIVE = 0x9
+ SO_LINGER = 0xd
+ SO_LOCK_FILTER = 0x2c
+ SO_MARK = 0x24
+ SO_MAX_PACING_RATE = 0x2f
+ SO_MEMINFO = 0x37
+ SO_NOFCS = 0x2b
+ SO_OOBINLINE = 0xa
+ SO_PASSCRED = 0x14
+ SO_PASSSEC = 0x22
+ SO_PEEK_OFF = 0x2a
+ SO_PEERCRED = 0x15
+ SO_PEERGROUPS = 0x3b
+ SO_PEERSEC = 0x1f
+ SO_PREFER_BUSY_POLL = 0x45
+ SO_PROTOCOL = 0x26
+ SO_RCVBUF = 0x8
+ SO_RCVBUFFORCE = 0x21
+ SO_RCVLOWAT = 0x10
+ SO_RCVTIMEO = 0x12
+ SO_RCVTIMEO_NEW = 0x42
+ SO_RCVTIMEO_OLD = 0x12
+ SO_REUSEADDR = 0x2
+ SO_REUSEPORT = 0xf
+ SO_RXQ_OVFL = 0x28
+ SO_SECURITY_AUTHENTICATION = 0x16
+ SO_SECURITY_ENCRYPTION_NETWORK = 0x18
+ SO_SECURITY_ENCRYPTION_TRANSPORT = 0x17
+ SO_SELECT_ERR_QUEUE = 0x2d
+ SO_SNDBUF = 0x7
+ SO_SNDBUFFORCE = 0x20
+ SO_SNDLOWAT = 0x11
+ SO_SNDTIMEO = 0x13
+ SO_SNDTIMEO_NEW = 0x43
+ SO_SNDTIMEO_OLD = 0x13
+ SO_TIMESTAMPING = 0x25
+ SO_TIMESTAMPING_NEW = 0x41
+ SO_TIMESTAMPING_OLD = 0x25
+ SO_TIMESTAMPNS = 0x23
+ SO_TIMESTAMPNS_NEW = 0x40
+ SO_TIMESTAMPNS_OLD = 0x23
+ SO_TIMESTAMP_NEW = 0x3f
+ SO_TXTIME = 0x3d
+ SO_TYPE = 0x3
+ SO_WIFI_STATUS = 0x29
+ SO_ZEROCOPY = 0x3c
+ TAB1 = 0x400
+ TAB2 = 0x800
+ TAB3 = 0xc00
+ TABDLY = 0xc00
+ TCFLSH = 0x2000741f
+ TCGETA = 0x40147417
+ TCGETS = 0x402c7413
+ TCSAFLUSH = 0x2
+ TCSBRK = 0x2000741d
+ TCSBRKP = 0x5425
+ TCSETA = 0x80147418
+ TCSETAF = 0x8014741c
+ TCSETAW = 0x80147419
+ TCSETS = 0x802c7414
+ TCSETSF = 0x802c7416
+ TCSETSW = 0x802c7415
+ TCXONC = 0x2000741e
+ TFD_CLOEXEC = 0x80000
+ TFD_NONBLOCK = 0x800
+ TIOCCBRK = 0x5428
+ TIOCCONS = 0x541d
+ TIOCEXCL = 0x540c
+ TIOCGDEV = 0x40045432
+ TIOCGETC = 0x40067412
+ TIOCGETD = 0x5424
+ TIOCGETP = 0x40067408
+ TIOCGEXCL = 0x40045440
+ TIOCGICOUNT = 0x545d
+ TIOCGISO7816 = 0x40285442
+ TIOCGLCKTRMIOS = 0x5456
+ TIOCGLTC = 0x40067474
+ TIOCGPGRP = 0x40047477
+ TIOCGPKT = 0x40045438
+ TIOCGPTLCK = 0x40045439
+ TIOCGPTN = 0x40045430
+ TIOCGPTPEER = 0x20005441
+ TIOCGRS485 = 0x542e
+ TIOCGSERIAL = 0x541e
+ TIOCGSID = 0x5429
+ TIOCGSOFTCAR = 0x5419
+ TIOCGWINSZ = 0x40087468
+ TIOCINQ = 0x4004667f
+ TIOCLINUX = 0x541c
+ TIOCMBIC = 0x5417
+ TIOCMBIS = 0x5416
+ TIOCMGET = 0x5415
+ TIOCMIWAIT = 0x545c
+ TIOCMSET = 0x5418
+ TIOCM_CAR = 0x40
+ TIOCM_CD = 0x40
+ TIOCM_CTS = 0x20
+ TIOCM_DSR = 0x100
+ TIOCM_LOOP = 0x8000
+ TIOCM_OUT1 = 0x2000
+ TIOCM_OUT2 = 0x4000
+ TIOCM_RI = 0x80
+ TIOCM_RNG = 0x80
+ TIOCM_SR = 0x10
+ TIOCM_ST = 0x8
+ TIOCNOTTY = 0x5422
+ TIOCNXCL = 0x540d
+ TIOCOUTQ = 0x40047473
+ TIOCPKT = 0x5420
+ TIOCSBRK = 0x5427
+ TIOCSCTTY = 0x540e
+ TIOCSERCONFIG = 0x5453
+ TIOCSERGETLSR = 0x5459
+ TIOCSERGETMULTI = 0x545a
+ TIOCSERGSTRUCT = 0x5458
+ TIOCSERGWILD = 0x5454
+ TIOCSERSETMULTI = 0x545b
+ TIOCSERSWILD = 0x5455
+ TIOCSER_TEMT = 0x1
+ TIOCSETC = 0x80067411
+ TIOCSETD = 0x5423
+ TIOCSETN = 0x8006740a
+ TIOCSETP = 0x80067409
+ TIOCSIG = 0x80045436
+ TIOCSISO7816 = 0xc0285443
+ TIOCSLCKTRMIOS = 0x5457
+ TIOCSLTC = 0x80067475
+ TIOCSPGRP = 0x80047476
+ TIOCSPTLCK = 0x80045431
+ TIOCSRS485 = 0x542f
+ TIOCSSERIAL = 0x541f
+ TIOCSSOFTCAR = 0x541a
+ TIOCSTART = 0x2000746e
+ TIOCSTI = 0x5412
+ TIOCSTOP = 0x2000746f
+ TIOCSWINSZ = 0x80087467
+ TIOCVHANGUP = 0x5437
+ TOSTOP = 0x400000
+ TUNATTACHFILTER = 0x800854d5
+ TUNDETACHFILTER = 0x800854d6
+ TUNGETDEVNETNS = 0x200054e3
+ TUNGETFEATURES = 0x400454cf
+ TUNGETFILTER = 0x400854db
+ TUNGETIFF = 0x400454d2
+ TUNGETSNDBUF = 0x400454d3
+ TUNGETVNETBE = 0x400454df
+ TUNGETVNETHDRSZ = 0x400454d7
+ TUNGETVNETLE = 0x400454dd
+ TUNSETCARRIER = 0x800454e2
+ TUNSETDEBUG = 0x800454c9
+ TUNSETFILTEREBPF = 0x400454e1
+ TUNSETGROUP = 0x800454ce
+ TUNSETIFF = 0x800454ca
+ TUNSETIFINDEX = 0x800454da
+ TUNSETLINK = 0x800454cd
+ TUNSETNOCSUM = 0x800454c8
+ TUNSETOFFLOAD = 0x800454d0
+ TUNSETOWNER = 0x800454cc
+ TUNSETPERSIST = 0x800454cb
+ TUNSETQUEUE = 0x800454d9
+ TUNSETSNDBUF = 0x800454d4
+ TUNSETSTEERINGEBPF = 0x400454e0
+ TUNSETTXFILTER = 0x800454d1
+ TUNSETVNETBE = 0x800454de
+ TUNSETVNETHDRSZ = 0x800454d8
+ TUNSETVNETLE = 0x800454dc
+ UBI_IOCATT = 0x80186f40
+ UBI_IOCDET = 0x80046f41
+ UBI_IOCEBCH = 0x80044f02
+ UBI_IOCEBER = 0x80044f01
+ UBI_IOCEBISMAP = 0x40044f05
+ UBI_IOCEBMAP = 0x80084f03
+ UBI_IOCEBUNMAP = 0x80044f04
+ UBI_IOCMKVOL = 0x80986f00
+ UBI_IOCRMVOL = 0x80046f01
+ UBI_IOCRNVOL = 0x91106f03
+ UBI_IOCRPEB = 0x80046f04
+ UBI_IOCRSVOL = 0x800c6f02
+ UBI_IOCSETVOLPROP = 0x80104f06
+ UBI_IOCSPEB = 0x80046f05
+ UBI_IOCVOLCRBLK = 0x80804f07
+ UBI_IOCVOLRMBLK = 0x20004f08
+ UBI_IOCVOLUP = 0x80084f00
+ VDISCARD = 0x10
+ VEOF = 0x4
+ VEOL = 0x6
+ VEOL2 = 0x8
+ VMIN = 0x5
+ VREPRINT = 0xb
+ VSTART = 0xd
+ VSTOP = 0xe
+ VSUSP = 0xc
+ VSWTC = 0x9
+ VT1 = 0x10000
+ VTDLY = 0x10000
+ VTIME = 0x7
+ VWERASE = 0xa
+ WDIOC_GETBOOTSTATUS = 0x40045702
+ WDIOC_GETPRETIMEOUT = 0x40045709
+ WDIOC_GETSTATUS = 0x40045701
+ WDIOC_GETSUPPORT = 0x40285700
+ WDIOC_GETTEMP = 0x40045703
+ WDIOC_GETTIMELEFT = 0x4004570a
+ WDIOC_GETTIMEOUT = 0x40045707
+ WDIOC_KEEPALIVE = 0x40045705
+ WDIOC_SETOPTIONS = 0x40045704
+ WORDSIZE = 0x20
+ XCASE = 0x4000
+ XTABS = 0xc00
+ _HIDIOCGRAWNAME = 0x40804804
+ _HIDIOCGRAWPHYS = 0x40404805
+ _HIDIOCGRAWUNIQ = 0x40404808
+)
+
+// Errors
+const (
+ EADDRINUSE = syscall.Errno(0x62)
+ EADDRNOTAVAIL = syscall.Errno(0x63)
+ EADV = syscall.Errno(0x44)
+ EAFNOSUPPORT = syscall.Errno(0x61)
+ EALREADY = syscall.Errno(0x72)
+ EBADE = syscall.Errno(0x34)
+ EBADFD = syscall.Errno(0x4d)
+ EBADMSG = syscall.Errno(0x4a)
+ EBADR = syscall.Errno(0x35)
+ EBADRQC = syscall.Errno(0x38)
+ EBADSLT = syscall.Errno(0x39)
+ EBFONT = syscall.Errno(0x3b)
+ ECANCELED = syscall.Errno(0x7d)
+ ECHRNG = syscall.Errno(0x2c)
+ ECOMM = syscall.Errno(0x46)
+ ECONNABORTED = syscall.Errno(0x67)
+ ECONNREFUSED = syscall.Errno(0x6f)
+ ECONNRESET = syscall.Errno(0x68)
+ EDEADLK = syscall.Errno(0x23)
+ EDEADLOCK = syscall.Errno(0x3a)
+ EDESTADDRREQ = syscall.Errno(0x59)
+ EDOTDOT = syscall.Errno(0x49)
+ EDQUOT = syscall.Errno(0x7a)
+ EHOSTDOWN = syscall.Errno(0x70)
+ EHOSTUNREACH = syscall.Errno(0x71)
+ EHWPOISON = syscall.Errno(0x85)
+ EIDRM = syscall.Errno(0x2b)
+ EILSEQ = syscall.Errno(0x54)
+ EINPROGRESS = syscall.Errno(0x73)
+ EISCONN = syscall.Errno(0x6a)
+ EISNAM = syscall.Errno(0x78)
+ EKEYEXPIRED = syscall.Errno(0x7f)
+ EKEYREJECTED = syscall.Errno(0x81)
+ EKEYREVOKED = syscall.Errno(0x80)
+ EL2HLT = syscall.Errno(0x33)
+ EL2NSYNC = syscall.Errno(0x2d)
+ EL3HLT = syscall.Errno(0x2e)
+ EL3RST = syscall.Errno(0x2f)
+ ELIBACC = syscall.Errno(0x4f)
+ ELIBBAD = syscall.Errno(0x50)
+ ELIBEXEC = syscall.Errno(0x53)
+ ELIBMAX = syscall.Errno(0x52)
+ ELIBSCN = syscall.Errno(0x51)
+ ELNRNG = syscall.Errno(0x30)
+ ELOOP = syscall.Errno(0x28)
+ EMEDIUMTYPE = syscall.Errno(0x7c)
+ EMSGSIZE = syscall.Errno(0x5a)
+ EMULTIHOP = syscall.Errno(0x48)
+ ENAMETOOLONG = syscall.Errno(0x24)
+ ENAVAIL = syscall.Errno(0x77)
+ ENETDOWN = syscall.Errno(0x64)
+ ENETRESET = syscall.Errno(0x66)
+ ENETUNREACH = syscall.Errno(0x65)
+ ENOANO = syscall.Errno(0x37)
+ ENOBUFS = syscall.Errno(0x69)
+ ENOCSI = syscall.Errno(0x32)
+ ENODATA = syscall.Errno(0x3d)
+ ENOKEY = syscall.Errno(0x7e)
+ ENOLCK = syscall.Errno(0x25)
+ ENOLINK = syscall.Errno(0x43)
+ ENOMEDIUM = syscall.Errno(0x7b)
+ ENOMSG = syscall.Errno(0x2a)
+ ENONET = syscall.Errno(0x40)
+ ENOPKG = syscall.Errno(0x41)
+ ENOPROTOOPT = syscall.Errno(0x5c)
+ ENOSR = syscall.Errno(0x3f)
+ ENOSTR = syscall.Errno(0x3c)
+ ENOSYS = syscall.Errno(0x26)
+ ENOTCONN = syscall.Errno(0x6b)
+ ENOTEMPTY = syscall.Errno(0x27)
+ ENOTNAM = syscall.Errno(0x76)
+ ENOTRECOVERABLE = syscall.Errno(0x83)
+ ENOTSOCK = syscall.Errno(0x58)
+ ENOTSUP = syscall.Errno(0x5f)
+ ENOTUNIQ = syscall.Errno(0x4c)
+ EOPNOTSUPP = syscall.Errno(0x5f)
+ EOVERFLOW = syscall.Errno(0x4b)
+ EOWNERDEAD = syscall.Errno(0x82)
+ EPFNOSUPPORT = syscall.Errno(0x60)
+ EPROTO = syscall.Errno(0x47)
+ EPROTONOSUPPORT = syscall.Errno(0x5d)
+ EPROTOTYPE = syscall.Errno(0x5b)
+ EREMCHG = syscall.Errno(0x4e)
+ EREMOTE = syscall.Errno(0x42)
+ EREMOTEIO = syscall.Errno(0x79)
+ ERESTART = syscall.Errno(0x55)
+ ERFKILL = syscall.Errno(0x84)
+ ESHUTDOWN = syscall.Errno(0x6c)
+ ESOCKTNOSUPPORT = syscall.Errno(0x5e)
+ ESRMNT = syscall.Errno(0x45)
+ ESTALE = syscall.Errno(0x74)
+ ESTRPIPE = syscall.Errno(0x56)
+ ETIME = syscall.Errno(0x3e)
+ ETIMEDOUT = syscall.Errno(0x6e)
+ ETOOMANYREFS = syscall.Errno(0x6d)
+ EUCLEAN = syscall.Errno(0x75)
+ EUNATCH = syscall.Errno(0x31)
+ EUSERS = syscall.Errno(0x57)
+ EXFULL = syscall.Errno(0x36)
+)
+
+// Signals
+const (
+ SIGBUS = syscall.Signal(0x7)
+ SIGCHLD = syscall.Signal(0x11)
+ SIGCLD = syscall.Signal(0x11)
+ SIGCONT = syscall.Signal(0x12)
+ SIGIO = syscall.Signal(0x1d)
+ SIGPOLL = syscall.Signal(0x1d)
+ SIGPROF = syscall.Signal(0x1b)
+ SIGPWR = syscall.Signal(0x1e)
+ SIGSTKFLT = syscall.Signal(0x10)
+ SIGSTOP = syscall.Signal(0x13)
+ SIGSYS = syscall.Signal(0x1f)
+ SIGTSTP = syscall.Signal(0x14)
+ SIGTTIN = syscall.Signal(0x15)
+ SIGTTOU = syscall.Signal(0x16)
+ SIGURG = syscall.Signal(0x17)
+ SIGUSR1 = syscall.Signal(0xa)
+ SIGUSR2 = syscall.Signal(0xc)
+ SIGVTALRM = syscall.Signal(0x1a)
+ SIGWINCH = syscall.Signal(0x1c)
+ SIGXCPU = syscall.Signal(0x18)
+ SIGXFSZ = syscall.Signal(0x19)
+)
+
+// Error table
+var errorList = [...]struct {
+ num syscall.Errno
+ name string
+ desc string
+}{
+ {1, "EPERM", "operation not permitted"},
+ {2, "ENOENT", "no such file or directory"},
+ {3, "ESRCH", "no such process"},
+ {4, "EINTR", "interrupted system call"},
+ {5, "EIO", "input/output error"},
+ {6, "ENXIO", "no such device or address"},
+ {7, "E2BIG", "argument list too long"},
+ {8, "ENOEXEC", "exec format error"},
+ {9, "EBADF", "bad file descriptor"},
+ {10, "ECHILD", "no child processes"},
+ {11, "EAGAIN", "resource temporarily unavailable"},
+ {12, "ENOMEM", "cannot allocate memory"},
+ {13, "EACCES", "permission denied"},
+ {14, "EFAULT", "bad address"},
+ {15, "ENOTBLK", "block device required"},
+ {16, "EBUSY", "device or resource busy"},
+ {17, "EEXIST", "file exists"},
+ {18, "EXDEV", "invalid cross-device link"},
+ {19, "ENODEV", "no such device"},
+ {20, "ENOTDIR", "not a directory"},
+ {21, "EISDIR", "is a directory"},
+ {22, "EINVAL", "invalid argument"},
+ {23, "ENFILE", "too many open files in system"},
+ {24, "EMFILE", "too many open files"},
+ {25, "ENOTTY", "inappropriate ioctl for device"},
+ {26, "ETXTBSY", "text file busy"},
+ {27, "EFBIG", "file too large"},
+ {28, "ENOSPC", "no space left on device"},
+ {29, "ESPIPE", "illegal seek"},
+ {30, "EROFS", "read-only file system"},
+ {31, "EMLINK", "too many links"},
+ {32, "EPIPE", "broken pipe"},
+ {33, "EDOM", "numerical argument out of domain"},
+ {34, "ERANGE", "numerical result out of range"},
+ {35, "EDEADLK", "resource deadlock avoided"},
+ {36, "ENAMETOOLONG", "file name too long"},
+ {37, "ENOLCK", "no locks available"},
+ {38, "ENOSYS", "function not implemented"},
+ {39, "ENOTEMPTY", "directory not empty"},
+ {40, "ELOOP", "too many levels of symbolic links"},
+ {42, "ENOMSG", "no message of desired type"},
+ {43, "EIDRM", "identifier removed"},
+ {44, "ECHRNG", "channel number out of range"},
+ {45, "EL2NSYNC", "level 2 not synchronized"},
+ {46, "EL3HLT", "level 3 halted"},
+ {47, "EL3RST", "level 3 reset"},
+ {48, "ELNRNG", "link number out of range"},
+ {49, "EUNATCH", "protocol driver not attached"},
+ {50, "ENOCSI", "no CSI structure available"},
+ {51, "EL2HLT", "level 2 halted"},
+ {52, "EBADE", "invalid exchange"},
+ {53, "EBADR", "invalid request descriptor"},
+ {54, "EXFULL", "exchange full"},
+ {55, "ENOANO", "no anode"},
+ {56, "EBADRQC", "invalid request code"},
+ {57, "EBADSLT", "invalid slot"},
+ {58, "EDEADLOCK", "file locking deadlock error"},
+ {59, "EBFONT", "bad font file format"},
+ {60, "ENOSTR", "device not a stream"},
+ {61, "ENODATA", "no data available"},
+ {62, "ETIME", "timer expired"},
+ {63, "ENOSR", "out of streams resources"},
+ {64, "ENONET", "machine is not on the network"},
+ {65, "ENOPKG", "package not installed"},
+ {66, "EREMOTE", "object is remote"},
+ {67, "ENOLINK", "link has been severed"},
+ {68, "EADV", "advertise error"},
+ {69, "ESRMNT", "srmount error"},
+ {70, "ECOMM", "communication error on send"},
+ {71, "EPROTO", "protocol error"},
+ {72, "EMULTIHOP", "multihop attempted"},
+ {73, "EDOTDOT", "RFS specific error"},
+ {74, "EBADMSG", "bad message"},
+ {75, "EOVERFLOW", "value too large for defined data type"},
+ {76, "ENOTUNIQ", "name not unique on network"},
+ {77, "EBADFD", "file descriptor in bad state"},
+ {78, "EREMCHG", "remote address changed"},
+ {79, "ELIBACC", "can not access a needed shared library"},
+ {80, "ELIBBAD", "accessing a corrupted shared library"},
+ {81, "ELIBSCN", ".lib section in a.out corrupted"},
+ {82, "ELIBMAX", "attempting to link in too many shared libraries"},
+ {83, "ELIBEXEC", "cannot exec a shared library directly"},
+ {84, "EILSEQ", "invalid or incomplete multibyte or wide character"},
+ {85, "ERESTART", "interrupted system call should be restarted"},
+ {86, "ESTRPIPE", "streams pipe error"},
+ {87, "EUSERS", "too many users"},
+ {88, "ENOTSOCK", "socket operation on non-socket"},
+ {89, "EDESTADDRREQ", "destination address required"},
+ {90, "EMSGSIZE", "message too long"},
+ {91, "EPROTOTYPE", "protocol wrong type for socket"},
+ {92, "ENOPROTOOPT", "protocol not available"},
+ {93, "EPROTONOSUPPORT", "protocol not supported"},
+ {94, "ESOCKTNOSUPPORT", "socket type not supported"},
+ {95, "ENOTSUP", "operation not supported"},
+ {96, "EPFNOSUPPORT", "protocol family not supported"},
+ {97, "EAFNOSUPPORT", "address family not supported by protocol"},
+ {98, "EADDRINUSE", "address already in use"},
+ {99, "EADDRNOTAVAIL", "cannot assign requested address"},
+ {100, "ENETDOWN", "network is down"},
+ {101, "ENETUNREACH", "network is unreachable"},
+ {102, "ENETRESET", "network dropped connection on reset"},
+ {103, "ECONNABORTED", "software caused connection abort"},
+ {104, "ECONNRESET", "connection reset by peer"},
+ {105, "ENOBUFS", "no buffer space available"},
+ {106, "EISCONN", "transport endpoint is already connected"},
+ {107, "ENOTCONN", "transport endpoint is not connected"},
+ {108, "ESHUTDOWN", "cannot send after transport endpoint shutdown"},
+ {109, "ETOOMANYREFS", "too many references: cannot splice"},
+ {110, "ETIMEDOUT", "connection timed out"},
+ {111, "ECONNREFUSED", "connection refused"},
+ {112, "EHOSTDOWN", "host is down"},
+ {113, "EHOSTUNREACH", "no route to host"},
+ {114, "EALREADY", "operation already in progress"},
+ {115, "EINPROGRESS", "operation now in progress"},
+ {116, "ESTALE", "stale file handle"},
+ {117, "EUCLEAN", "structure needs cleaning"},
+ {118, "ENOTNAM", "not a XENIX named type file"},
+ {119, "ENAVAIL", "no XENIX semaphores available"},
+ {120, "EISNAM", "is a named type file"},
+ {121, "EREMOTEIO", "remote I/O error"},
+ {122, "EDQUOT", "disk quota exceeded"},
+ {123, "ENOMEDIUM", "no medium found"},
+ {124, "EMEDIUMTYPE", "wrong medium type"},
+ {125, "ECANCELED", "operation canceled"},
+ {126, "ENOKEY", "required key not available"},
+ {127, "EKEYEXPIRED", "key has expired"},
+ {128, "EKEYREVOKED", "key has been revoked"},
+ {129, "EKEYREJECTED", "key was rejected by service"},
+ {130, "EOWNERDEAD", "owner died"},
+ {131, "ENOTRECOVERABLE", "state not recoverable"},
+ {132, "ERFKILL", "operation not possible due to RF-kill"},
+ {133, "EHWPOISON", "memory page has hardware error"},
+}
+
+// Signal table
+var signalList = [...]struct {
+ num syscall.Signal
+ name string
+ desc string
+}{
+ {1, "SIGHUP", "hangup"},
+ {2, "SIGINT", "interrupt"},
+ {3, "SIGQUIT", "quit"},
+ {4, "SIGILL", "illegal instruction"},
+ {5, "SIGTRAP", "trace/breakpoint trap"},
+ {6, "SIGABRT", "aborted"},
+ {7, "SIGBUS", "bus error"},
+ {8, "SIGFPE", "floating point exception"},
+ {9, "SIGKILL", "killed"},
+ {10, "SIGUSR1", "user defined signal 1"},
+ {11, "SIGSEGV", "segmentation fault"},
+ {12, "SIGUSR2", "user defined signal 2"},
+ {13, "SIGPIPE", "broken pipe"},
+ {14, "SIGALRM", "alarm clock"},
+ {15, "SIGTERM", "terminated"},
+ {16, "SIGSTKFLT", "stack fault"},
+ {17, "SIGCHLD", "child exited"},
+ {18, "SIGCONT", "continued"},
+ {19, "SIGSTOP", "stopped (signal)"},
+ {20, "SIGTSTP", "stopped"},
+ {21, "SIGTTIN", "stopped (tty input)"},
+ {22, "SIGTTOU", "stopped (tty output)"},
+ {23, "SIGURG", "urgent I/O condition"},
+ {24, "SIGXCPU", "CPU time limit exceeded"},
+ {25, "SIGXFSZ", "file size limit exceeded"},
+ {26, "SIGVTALRM", "virtual timer expired"},
+ {27, "SIGPROF", "profiling timer expired"},
+ {28, "SIGWINCH", "window changed"},
+ {29, "SIGIO", "I/O possible"},
+ {30, "SIGPWR", "power failure"},
+ {31, "SIGSYS", "bad system call"},
+}
HUPCL = 0x400
IBSHIFT = 0x10
ICANON = 0x2
+ ICMP6_FILTER = 0x1
ICRNL = 0x100
IEXTEN = 0x8000
IFF_ADDRCONF = 0x80000
IP_RECVPKTINFO = 0x1a
IP_RECVRETOPTS = 0x6
IP_RECVSLLA = 0xa
+ IP_RECVTOS = 0xc
IP_RECVTTL = 0xb
IP_RETOPTS = 0x8
IP_REUSEADDR = 0x104
O_APPEND = 0x8
O_CLOEXEC = 0x800000
O_CREAT = 0x100
+ O_DIRECT = 0x2000000
O_DIRECTORY = 0x1000000
O_DSYNC = 0x40
O_EXCL = 0x400
MAP_PRIVATE = 0x1 // changes are private
MAP_SHARED = 0x2 // changes are shared
MAP_FIXED = 0x4 // place exactly
+ MCAST_JOIN_GROUP = 40
+ MCAST_LEAVE_GROUP = 41
+ MCAST_JOIN_SOURCE_GROUP = 42
+ MCAST_LEAVE_SOURCE_GROUP = 43
+ MCAST_BLOCK_SOURCE = 44
+ MCAST_UNBLOCK_SOURCE = 45
MS_SYNC = 0x1 // msync - synchronous writes
MS_ASYNC = 0x2 // asynchronous writes
MS_INVALIDATE = 0x4 // invalidate mappings
--- /dev/null
+// go run mksyscall.go -b32 -tags linux,ppc syscall_linux.go syscall_linux_ppc.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build linux && ppc
+// +build linux,ppc
+
+package unix
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+var _ syscall.Errno
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname *byte) (err error) {
+ _, _, e1 := Syscall6(SYS_FANOTIFY_MARK, uintptr(fd), uintptr(flags), uintptr(mask>>32), uintptr(mask), uintptr(dirFd), uintptr(unsafe.Pointer(pathname)))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fallocate(fd int, mode uint32, off int64, len int64) (err error) {
+ _, _, e1 := Syscall6(SYS_FALLOCATE, uintptr(fd), uintptr(mode), uintptr(off>>32), uintptr(off), uintptr(len>>32), uintptr(len))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Tee(rfd int, wfd int, len int, flags int) (n int64, err error) {
+ r0, r1, e1 := Syscall6(SYS_TEE, uintptr(rfd), uintptr(wfd), uintptr(len), uintptr(flags), 0, 0)
+ n = int64(int64(r0)<<32 | int64(r1))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func dup2(oldfd int, newfd int) (err error) {
+ _, _, e1 := Syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollCreate(size int) (fd int, err error) {
+ r0, _, e1 := RawSyscall(SYS_EPOLL_CREATE, uintptr(size), 0, 0)
+ fd = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(events) > 0 {
+ _p0 = unsafe.Pointer(&events[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ r0, _, e1 := Syscall6(SYS_EPOLL_WAIT, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), 0, 0)
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+ _, _, e1 := Syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstat(fd int, stat *Stat_t) (err error) {
+ _, _, e1 := Syscall(SYS_FSTAT64, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall6(SYS_FSTATAT64, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ftruncate(fd int, length int64) (err error) {
+ _, _, e1 := Syscall(SYS_FTRUNCATE64, uintptr(fd), uintptr(length>>32), uintptr(length))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+ r0, _ := RawSyscallNoError(SYS_GETEGID, 0, 0, 0)
+ egid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+ r0, _ := RawSyscallNoError(SYS_GETEUID, 0, 0, 0)
+ euid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+ r0, _ := RawSyscallNoError(SYS_GETGID, 0, 0, 0)
+ gid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+ r0, _ := RawSyscallNoError(SYS_GETUID, 0, 0, 0)
+ uid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func InotifyInit() (fd int, err error) {
+ r0, _, e1 := RawSyscall(SYS_INOTIFY_INIT, 0, 0, 0)
+ fd = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ioperm(from int, num int, on int) (err error) {
+ _, _, e1 := Syscall(SYS_IOPERM, uintptr(from), uintptr(num), uintptr(on))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Iopl(level int) (err error) {
+ _, _, e1 := Syscall(SYS_IOPL, uintptr(level), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall(SYS_LCHOWN, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+ _, _, e1 := Syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lstat(path string, stat *Stat_t) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall(SYS_LSTAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pause() (err error) {
+ _, _, e1 := Syscall(SYS_PAUSE, 0, 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(p) > 0 {
+ _p0 = unsafe.Pointer(&p[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ r0, _, e1 := Syscall6(SYS_PREAD64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset>>32), uintptr(offset), 0)
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(p) > 0 {
+ _p0 = unsafe.Pointer(&p[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ r0, _, e1 := Syscall6(SYS_PWRITE64, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset>>32), uintptr(offset), 0)
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(oldpath)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(newpath)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall6(SYS_RENAMEAT, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nfd int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (n int, err error) {
+ r0, _, e1 := Syscall6(SYS__NEWSELECT, uintptr(nfd), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+ r0, _, e1 := Syscall6(SYS_SENDFILE64, uintptr(outfd), uintptr(infd), uintptr(unsafe.Pointer(offset)), uintptr(count), 0, 0)
+ written = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsgid(gid int) (prev int, err error) {
+ r0, _, e1 := Syscall(SYS_SETFSGID, uintptr(gid), 0, 0)
+ prev = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setfsuid(uid int) (prev int, err error) {
+ r0, _, e1 := Syscall(SYS_SETFSUID, uintptr(uid), 0, 0)
+ prev = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setregid(rgid int, egid int) (err error) {
+ _, _, e1 := RawSyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresgid(rgid int, egid int, sgid int) (err error) {
+ _, _, e1 := RawSyscall(SYS_SETRESGID, uintptr(rgid), uintptr(egid), uintptr(sgid))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setresuid(ruid int, euid int, suid int) (err error) {
+ _, _, e1 := RawSyscall(SYS_SETRESUID, uintptr(ruid), uintptr(euid), uintptr(suid))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Setreuid(ruid int, euid int) (err error) {
+ _, _, e1 := RawSyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Shutdown(fd int, how int) (err error) {
+ _, _, e1 := Syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Splice(rfd int, roff *int64, wfd int, woff *int64, len int, flags int) (n int, err error) {
+ r0, _, e1 := Syscall6(SYS_SPLICE, uintptr(rfd), uintptr(unsafe.Pointer(roff)), uintptr(wfd), uintptr(unsafe.Pointer(woff)), uintptr(len), uintptr(flags))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Stat(path string, stat *Stat_t) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall(SYS_STAT64, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Truncate(path string, length int64) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall(SYS_TRUNCATE64, uintptr(unsafe.Pointer(_p0)), uintptr(length>>32), uintptr(length))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Ustat(dev int, ubuf *Ustat_t) (err error) {
+ _, _, e1 := Syscall(SYS_USTAT, uintptr(dev), uintptr(unsafe.Pointer(ubuf)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
+ r0, _, e1 := Syscall(SYS_ACCEPT, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+ fd = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+ r0, _, e1 := Syscall6(SYS_ACCEPT4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags), 0, 0)
+ fd = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+ _, _, e1 := Syscall(SYS_BIND, uintptr(s), uintptr(addr), uintptr(addrlen))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
+ _, _, e1 := Syscall(SYS_CONNECT, uintptr(s), uintptr(addr), uintptr(addrlen))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getgroups(n int, list *_Gid_t) (nn int, err error) {
+ r0, _, e1 := RawSyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+ nn = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setgroups(n int, list *_Gid_t) (err error) {
+ _, _, e1 := RawSyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
+ _, _, e1 := Syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
+ _, _, e1 := Syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socket(domain int, typ int, proto int) (fd int, err error) {
+ r0, _, e1 := RawSyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+ fd = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
+ _, _, e1 := RawSyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+ _, _, e1 := RawSyscall(SYS_GETPEERNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
+ _, _, e1 := RawSyscall(SYS_GETSOCKNAME, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(p) > 0 {
+ _p0 = unsafe.Pointer(&p[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ r0, _, e1 := Syscall6(SYS_RECVFROM, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) {
+ var _p0 unsafe.Pointer
+ if len(buf) > 0 {
+ _p0 = unsafe.Pointer(&buf[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ _, _, e1 := Syscall6(SYS_SENDTO, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+ r0, _, e1 := Syscall(SYS_RECVMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
+ r0, _, e1 := Syscall(SYS_SENDMSG, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func futimesat(dirfd int, path string, times *[2]Timeval) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall(SYS_FUTIMESAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gettimeofday(tv *Timeval) (err error) {
+ _, _, e1 := RawSyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Time(t *Time_t) (tt Time_t, err error) {
+ r0, _, e1 := RawSyscall(SYS_TIME, uintptr(unsafe.Pointer(t)), 0, 0)
+ tt = Time_t(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Utime(path string, buf *Utimbuf) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall(SYS_UTIME, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func utimes(path string, times *[2]Timeval) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall(SYS_UTIMES, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(times)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mmap2(addr uintptr, length uintptr, prot int, flags int, fd int, pageOffset uintptr) (xaddr uintptr, err error) {
+ r0, _, e1 := Syscall6(SYS_MMAP2, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flags), uintptr(fd), uintptr(pageOffset))
+ xaddr = uintptr(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrlimit(resource int, rlim *rlimit32) (err error) {
+ _, _, e1 := RawSyscall(SYS_UGETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func setrlimit(resource int, rlim *rlimit32) (err error) {
+ _, _, e1 := RawSyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pipe(p *[2]_C_int) (err error) {
+ _, _, e1 := RawSyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func poll(fds *PollFd, nfds int, timeout int) (n int, err error) {
+ r0, _, e1 := Syscall(SYS_POLL, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(timeout))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func syncFileRange2(fd int, flags int, off int64, n int64) (err error) {
+ _, _, e1 := Syscall6(SYS_SYNC_FILE_RANGE2, uintptr(fd), uintptr(flags), uintptr(off>>32), uintptr(off), uintptr(n>>32), uintptr(n))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func kexecFileLoad(kernelFd int, initrdFd int, cmdlineLen int, cmdline string, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(cmdline)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall6(SYS_KEXEC_FILE_LOAD, uintptr(kernelFd), uintptr(initrdFd), uintptr(cmdlineLen), uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
--- /dev/null
+// go run linux/mksysnum.go -Wall -Werror -static -I/tmp/include /tmp/include/asm/unistd.h
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && linux
+// +build ppc,linux
+
+package unix
+
+const (
+ SYS_RESTART_SYSCALL = 0
+ SYS_EXIT = 1
+ SYS_FORK = 2
+ SYS_READ = 3
+ SYS_WRITE = 4
+ SYS_OPEN = 5
+ SYS_CLOSE = 6
+ SYS_WAITPID = 7
+ SYS_CREAT = 8
+ SYS_LINK = 9
+ SYS_UNLINK = 10
+ SYS_EXECVE = 11
+ SYS_CHDIR = 12
+ SYS_TIME = 13
+ SYS_MKNOD = 14
+ SYS_CHMOD = 15
+ SYS_LCHOWN = 16
+ SYS_BREAK = 17
+ SYS_OLDSTAT = 18
+ SYS_LSEEK = 19
+ SYS_GETPID = 20
+ SYS_MOUNT = 21
+ SYS_UMOUNT = 22
+ SYS_SETUID = 23
+ SYS_GETUID = 24
+ SYS_STIME = 25
+ SYS_PTRACE = 26
+ SYS_ALARM = 27
+ SYS_OLDFSTAT = 28
+ SYS_PAUSE = 29
+ SYS_UTIME = 30
+ SYS_STTY = 31
+ SYS_GTTY = 32
+ SYS_ACCESS = 33
+ SYS_NICE = 34
+ SYS_FTIME = 35
+ SYS_SYNC = 36
+ SYS_KILL = 37
+ SYS_RENAME = 38
+ SYS_MKDIR = 39
+ SYS_RMDIR = 40
+ SYS_DUP = 41
+ SYS_PIPE = 42
+ SYS_TIMES = 43
+ SYS_PROF = 44
+ SYS_BRK = 45
+ SYS_SETGID = 46
+ SYS_GETGID = 47
+ SYS_SIGNAL = 48
+ SYS_GETEUID = 49
+ SYS_GETEGID = 50
+ SYS_ACCT = 51
+ SYS_UMOUNT2 = 52
+ SYS_LOCK = 53
+ SYS_IOCTL = 54
+ SYS_FCNTL = 55
+ SYS_MPX = 56
+ SYS_SETPGID = 57
+ SYS_ULIMIT = 58
+ SYS_OLDOLDUNAME = 59
+ SYS_UMASK = 60
+ SYS_CHROOT = 61
+ SYS_USTAT = 62
+ SYS_DUP2 = 63
+ SYS_GETPPID = 64
+ SYS_GETPGRP = 65
+ SYS_SETSID = 66
+ SYS_SIGACTION = 67
+ SYS_SGETMASK = 68
+ SYS_SSETMASK = 69
+ SYS_SETREUID = 70
+ SYS_SETREGID = 71
+ SYS_SIGSUSPEND = 72
+ SYS_SIGPENDING = 73
+ SYS_SETHOSTNAME = 74
+ SYS_SETRLIMIT = 75
+ SYS_GETRLIMIT = 76
+ SYS_GETRUSAGE = 77
+ SYS_GETTIMEOFDAY = 78
+ SYS_SETTIMEOFDAY = 79
+ SYS_GETGROUPS = 80
+ SYS_SETGROUPS = 81
+ SYS_SELECT = 82
+ SYS_SYMLINK = 83
+ SYS_OLDLSTAT = 84
+ SYS_READLINK = 85
+ SYS_USELIB = 86
+ SYS_SWAPON = 87
+ SYS_REBOOT = 88
+ SYS_READDIR = 89
+ SYS_MMAP = 90
+ SYS_MUNMAP = 91
+ SYS_TRUNCATE = 92
+ SYS_FTRUNCATE = 93
+ SYS_FCHMOD = 94
+ SYS_FCHOWN = 95
+ SYS_GETPRIORITY = 96
+ SYS_SETPRIORITY = 97
+ SYS_PROFIL = 98
+ SYS_STATFS = 99
+ SYS_FSTATFS = 100
+ SYS_IOPERM = 101
+ SYS_SOCKETCALL = 102
+ SYS_SYSLOG = 103
+ SYS_SETITIMER = 104
+ SYS_GETITIMER = 105
+ SYS_STAT = 106
+ SYS_LSTAT = 107
+ SYS_FSTAT = 108
+ SYS_OLDUNAME = 109
+ SYS_IOPL = 110
+ SYS_VHANGUP = 111
+ SYS_IDLE = 112
+ SYS_VM86 = 113
+ SYS_WAIT4 = 114
+ SYS_SWAPOFF = 115
+ SYS_SYSINFO = 116
+ SYS_IPC = 117
+ SYS_FSYNC = 118
+ SYS_SIGRETURN = 119
+ SYS_CLONE = 120
+ SYS_SETDOMAINNAME = 121
+ SYS_UNAME = 122
+ SYS_MODIFY_LDT = 123
+ SYS_ADJTIMEX = 124
+ SYS_MPROTECT = 125
+ SYS_SIGPROCMASK = 126
+ SYS_CREATE_MODULE = 127
+ SYS_INIT_MODULE = 128
+ SYS_DELETE_MODULE = 129
+ SYS_GET_KERNEL_SYMS = 130
+ SYS_QUOTACTL = 131
+ SYS_GETPGID = 132
+ SYS_FCHDIR = 133
+ SYS_BDFLUSH = 134
+ SYS_SYSFS = 135
+ SYS_PERSONALITY = 136
+ SYS_AFS_SYSCALL = 137
+ SYS_SETFSUID = 138
+ SYS_SETFSGID = 139
+ SYS__LLSEEK = 140
+ SYS_GETDENTS = 141
+ SYS__NEWSELECT = 142
+ SYS_FLOCK = 143
+ SYS_MSYNC = 144
+ SYS_READV = 145
+ SYS_WRITEV = 146
+ SYS_GETSID = 147
+ SYS_FDATASYNC = 148
+ SYS__SYSCTL = 149
+ SYS_MLOCK = 150
+ SYS_MUNLOCK = 151
+ SYS_MLOCKALL = 152
+ SYS_MUNLOCKALL = 153
+ SYS_SCHED_SETPARAM = 154
+ SYS_SCHED_GETPARAM = 155
+ SYS_SCHED_SETSCHEDULER = 156
+ SYS_SCHED_GETSCHEDULER = 157
+ SYS_SCHED_YIELD = 158
+ SYS_SCHED_GET_PRIORITY_MAX = 159
+ SYS_SCHED_GET_PRIORITY_MIN = 160
+ SYS_SCHED_RR_GET_INTERVAL = 161
+ SYS_NANOSLEEP = 162
+ SYS_MREMAP = 163
+ SYS_SETRESUID = 164
+ SYS_GETRESUID = 165
+ SYS_QUERY_MODULE = 166
+ SYS_POLL = 167
+ SYS_NFSSERVCTL = 168
+ SYS_SETRESGID = 169
+ SYS_GETRESGID = 170
+ SYS_PRCTL = 171
+ SYS_RT_SIGRETURN = 172
+ SYS_RT_SIGACTION = 173
+ SYS_RT_SIGPROCMASK = 174
+ SYS_RT_SIGPENDING = 175
+ SYS_RT_SIGTIMEDWAIT = 176
+ SYS_RT_SIGQUEUEINFO = 177
+ SYS_RT_SIGSUSPEND = 178
+ SYS_PREAD64 = 179
+ SYS_PWRITE64 = 180
+ SYS_CHOWN = 181
+ SYS_GETCWD = 182
+ SYS_CAPGET = 183
+ SYS_CAPSET = 184
+ SYS_SIGALTSTACK = 185
+ SYS_SENDFILE = 186
+ SYS_GETPMSG = 187
+ SYS_PUTPMSG = 188
+ SYS_VFORK = 189
+ SYS_UGETRLIMIT = 190
+ SYS_READAHEAD = 191
+ SYS_MMAP2 = 192
+ SYS_TRUNCATE64 = 193
+ SYS_FTRUNCATE64 = 194
+ SYS_STAT64 = 195
+ SYS_LSTAT64 = 196
+ SYS_FSTAT64 = 197
+ SYS_PCICONFIG_READ = 198
+ SYS_PCICONFIG_WRITE = 199
+ SYS_PCICONFIG_IOBASE = 200
+ SYS_MULTIPLEXER = 201
+ SYS_GETDENTS64 = 202
+ SYS_PIVOT_ROOT = 203
+ SYS_FCNTL64 = 204
+ SYS_MADVISE = 205
+ SYS_MINCORE = 206
+ SYS_GETTID = 207
+ SYS_TKILL = 208
+ SYS_SETXATTR = 209
+ SYS_LSETXATTR = 210
+ SYS_FSETXATTR = 211
+ SYS_GETXATTR = 212
+ SYS_LGETXATTR = 213
+ SYS_FGETXATTR = 214
+ SYS_LISTXATTR = 215
+ SYS_LLISTXATTR = 216
+ SYS_FLISTXATTR = 217
+ SYS_REMOVEXATTR = 218
+ SYS_LREMOVEXATTR = 219
+ SYS_FREMOVEXATTR = 220
+ SYS_FUTEX = 221
+ SYS_SCHED_SETAFFINITY = 222
+ SYS_SCHED_GETAFFINITY = 223
+ SYS_TUXCALL = 225
+ SYS_SENDFILE64 = 226
+ SYS_IO_SETUP = 227
+ SYS_IO_DESTROY = 228
+ SYS_IO_GETEVENTS = 229
+ SYS_IO_SUBMIT = 230
+ SYS_IO_CANCEL = 231
+ SYS_SET_TID_ADDRESS = 232
+ SYS_FADVISE64 = 233
+ SYS_EXIT_GROUP = 234
+ SYS_LOOKUP_DCOOKIE = 235
+ SYS_EPOLL_CREATE = 236
+ SYS_EPOLL_CTL = 237
+ SYS_EPOLL_WAIT = 238
+ SYS_REMAP_FILE_PAGES = 239
+ SYS_TIMER_CREATE = 240
+ SYS_TIMER_SETTIME = 241
+ SYS_TIMER_GETTIME = 242
+ SYS_TIMER_GETOVERRUN = 243
+ SYS_TIMER_DELETE = 244
+ SYS_CLOCK_SETTIME = 245
+ SYS_CLOCK_GETTIME = 246
+ SYS_CLOCK_GETRES = 247
+ SYS_CLOCK_NANOSLEEP = 248
+ SYS_SWAPCONTEXT = 249
+ SYS_TGKILL = 250
+ SYS_UTIMES = 251
+ SYS_STATFS64 = 252
+ SYS_FSTATFS64 = 253
+ SYS_FADVISE64_64 = 254
+ SYS_RTAS = 255
+ SYS_SYS_DEBUG_SETCONTEXT = 256
+ SYS_MIGRATE_PAGES = 258
+ SYS_MBIND = 259
+ SYS_GET_MEMPOLICY = 260
+ SYS_SET_MEMPOLICY = 261
+ SYS_MQ_OPEN = 262
+ SYS_MQ_UNLINK = 263
+ SYS_MQ_TIMEDSEND = 264
+ SYS_MQ_TIMEDRECEIVE = 265
+ SYS_MQ_NOTIFY = 266
+ SYS_MQ_GETSETATTR = 267
+ SYS_KEXEC_LOAD = 268
+ SYS_ADD_KEY = 269
+ SYS_REQUEST_KEY = 270
+ SYS_KEYCTL = 271
+ SYS_WAITID = 272
+ SYS_IOPRIO_SET = 273
+ SYS_IOPRIO_GET = 274
+ SYS_INOTIFY_INIT = 275
+ SYS_INOTIFY_ADD_WATCH = 276
+ SYS_INOTIFY_RM_WATCH = 277
+ SYS_SPU_RUN = 278
+ SYS_SPU_CREATE = 279
+ SYS_PSELECT6 = 280
+ SYS_PPOLL = 281
+ SYS_UNSHARE = 282
+ SYS_SPLICE = 283
+ SYS_TEE = 284
+ SYS_VMSPLICE = 285
+ SYS_OPENAT = 286
+ SYS_MKDIRAT = 287
+ SYS_MKNODAT = 288
+ SYS_FCHOWNAT = 289
+ SYS_FUTIMESAT = 290
+ SYS_FSTATAT64 = 291
+ SYS_UNLINKAT = 292
+ SYS_RENAMEAT = 293
+ SYS_LINKAT = 294
+ SYS_SYMLINKAT = 295
+ SYS_READLINKAT = 296
+ SYS_FCHMODAT = 297
+ SYS_FACCESSAT = 298
+ SYS_GET_ROBUST_LIST = 299
+ SYS_SET_ROBUST_LIST = 300
+ SYS_MOVE_PAGES = 301
+ SYS_GETCPU = 302
+ SYS_EPOLL_PWAIT = 303
+ SYS_UTIMENSAT = 304
+ SYS_SIGNALFD = 305
+ SYS_TIMERFD_CREATE = 306
+ SYS_EVENTFD = 307
+ SYS_SYNC_FILE_RANGE2 = 308
+ SYS_FALLOCATE = 309
+ SYS_SUBPAGE_PROT = 310
+ SYS_TIMERFD_SETTIME = 311
+ SYS_TIMERFD_GETTIME = 312
+ SYS_SIGNALFD4 = 313
+ SYS_EVENTFD2 = 314
+ SYS_EPOLL_CREATE1 = 315
+ SYS_DUP3 = 316
+ SYS_PIPE2 = 317
+ SYS_INOTIFY_INIT1 = 318
+ SYS_PERF_EVENT_OPEN = 319
+ SYS_PREADV = 320
+ SYS_PWRITEV = 321
+ SYS_RT_TGSIGQUEUEINFO = 322
+ SYS_FANOTIFY_INIT = 323
+ SYS_FANOTIFY_MARK = 324
+ SYS_PRLIMIT64 = 325
+ SYS_SOCKET = 326
+ SYS_BIND = 327
+ SYS_CONNECT = 328
+ SYS_LISTEN = 329
+ SYS_ACCEPT = 330
+ SYS_GETSOCKNAME = 331
+ SYS_GETPEERNAME = 332
+ SYS_SOCKETPAIR = 333
+ SYS_SEND = 334
+ SYS_SENDTO = 335
+ SYS_RECV = 336
+ SYS_RECVFROM = 337
+ SYS_SHUTDOWN = 338
+ SYS_SETSOCKOPT = 339
+ SYS_GETSOCKOPT = 340
+ SYS_SENDMSG = 341
+ SYS_RECVMSG = 342
+ SYS_RECVMMSG = 343
+ SYS_ACCEPT4 = 344
+ SYS_NAME_TO_HANDLE_AT = 345
+ SYS_OPEN_BY_HANDLE_AT = 346
+ SYS_CLOCK_ADJTIME = 347
+ SYS_SYNCFS = 348
+ SYS_SENDMMSG = 349
+ SYS_SETNS = 350
+ SYS_PROCESS_VM_READV = 351
+ SYS_PROCESS_VM_WRITEV = 352
+ SYS_FINIT_MODULE = 353
+ SYS_KCMP = 354
+ SYS_SCHED_SETATTR = 355
+ SYS_SCHED_GETATTR = 356
+ SYS_RENAMEAT2 = 357
+ SYS_SECCOMP = 358
+ SYS_GETRANDOM = 359
+ SYS_MEMFD_CREATE = 360
+ SYS_BPF = 361
+ SYS_EXECVEAT = 362
+ SYS_SWITCH_ENDIAN = 363
+ SYS_USERFAULTFD = 364
+ SYS_MEMBARRIER = 365
+ SYS_MLOCK2 = 378
+ SYS_COPY_FILE_RANGE = 379
+ SYS_PREADV2 = 380
+ SYS_PWRITEV2 = 381
+ SYS_KEXEC_FILE_LOAD = 382
+ SYS_STATX = 383
+ SYS_PKEY_ALLOC = 384
+ SYS_PKEY_FREE = 385
+ SYS_PKEY_MPROTECT = 386
+ SYS_RSEQ = 387
+ SYS_IO_PGETEVENTS = 388
+ SYS_SEMGET = 393
+ SYS_SEMCTL = 394
+ SYS_SHMGET = 395
+ SYS_SHMCTL = 396
+ SYS_SHMAT = 397
+ SYS_SHMDT = 398
+ SYS_MSGGET = 399
+ SYS_MSGSND = 400
+ SYS_MSGRCV = 401
+ SYS_MSGCTL = 402
+ SYS_CLOCK_GETTIME64 = 403
+ SYS_CLOCK_SETTIME64 = 404
+ SYS_CLOCK_ADJTIME64 = 405
+ SYS_CLOCK_GETRES_TIME64 = 406
+ SYS_CLOCK_NANOSLEEP_TIME64 = 407
+ SYS_TIMER_GETTIME64 = 408
+ SYS_TIMER_SETTIME64 = 409
+ SYS_TIMERFD_GETTIME64 = 410
+ SYS_TIMERFD_SETTIME64 = 411
+ SYS_UTIMENSAT_TIME64 = 412
+ SYS_PSELECT6_TIME64 = 413
+ SYS_PPOLL_TIME64 = 414
+ SYS_IO_PGETEVENTS_TIME64 = 416
+ SYS_RECVMMSG_TIME64 = 417
+ SYS_MQ_TIMEDSEND_TIME64 = 418
+ SYS_MQ_TIMEDRECEIVE_TIME64 = 419
+ SYS_SEMTIMEDOP_TIME64 = 420
+ SYS_RT_SIGTIMEDWAIT_TIME64 = 421
+ SYS_FUTEX_TIME64 = 422
+ SYS_SCHED_RR_GET_INTERVAL_TIME64 = 423
+ SYS_PIDFD_SEND_SIGNAL = 424
+ SYS_IO_URING_SETUP = 425
+ SYS_IO_URING_ENTER = 426
+ SYS_IO_URING_REGISTER = 427
+ SYS_OPEN_TREE = 428
+ SYS_MOVE_MOUNT = 429
+ SYS_FSOPEN = 430
+ SYS_FSCONFIG = 431
+ SYS_FSMOUNT = 432
+ SYS_FSPICK = 433
+ SYS_PIDFD_OPEN = 434
+ SYS_CLONE3 = 435
+ SYS_CLOSE_RANGE = 436
+ SYS_OPENAT2 = 437
+ SYS_PIDFD_GETFD = 438
+ SYS_FACCESSAT2 = 439
+ SYS_PROCESS_MADVISE = 440
+ SYS_EPOLL_PWAIT2 = 441
+)
ETHTOOL_A_TUNNEL_INFO_MAX = 0x2
)
+type EthtoolDrvinfo struct {
+ Cmd uint32
+ Driver [32]byte
+ Version [32]byte
+ Fw_version [32]byte
+ Bus_info [32]byte
+ Erom_version [32]byte
+ Reserved2 [12]byte
+ N_priv_flags uint32
+ N_stats uint32
+ Testinfo_len uint32
+ Eedump_len uint32
+ Regdump_len uint32
+}
+
type (
HIDRawReportDescriptor struct {
Size uint32
--- /dev/null
+// cgo -godefs -- -Wall -Werror -static -I/tmp/include /build/linux/types.go | go run mkpost.go
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build ppc && linux
+// +build ppc,linux
+
+package unix
+
+const (
+ SizeofPtr = 0x4
+ SizeofLong = 0x4
+)
+
+type (
+ _C_long int32
+)
+
+type Timespec struct {
+ Sec int32
+ Nsec int32
+}
+
+type Timeval struct {
+ Sec int32
+ Usec int32
+}
+
+type Timex struct {
+ Modes uint32
+ Offset int32
+ Freq int32
+ Maxerror int32
+ Esterror int32
+ Status int32
+ Constant int32
+ Precision int32
+ Tolerance int32
+ Time Timeval
+ Tick int32
+ Ppsfreq int32
+ Jitter int32
+ Shift int32
+ Stabil int32
+ Jitcnt int32
+ Calcnt int32
+ Errcnt int32
+ Stbcnt int32
+ Tai int32
+ _ [44]byte
+}
+
+type Time_t int32
+
+type Tms struct {
+ Utime int32
+ Stime int32
+ Cutime int32
+ Cstime int32
+}
+
+type Utimbuf struct {
+ Actime int32
+ Modtime int32
+}
+
+type Rusage struct {
+ Utime Timeval
+ Stime Timeval
+ Maxrss int32
+ Ixrss int32
+ Idrss int32
+ Isrss int32
+ Minflt int32
+ Majflt int32
+ Nswap int32
+ Inblock int32
+ Oublock int32
+ Msgsnd int32
+ Msgrcv int32
+ Nsignals int32
+ Nvcsw int32
+ Nivcsw int32
+}
+
+type Stat_t struct {
+ Dev uint64
+ Ino uint64
+ Mode uint32
+ Nlink uint32
+ Uid uint32
+ Gid uint32
+ Rdev uint64
+ _ uint16
+ _ [4]byte
+ Size int64
+ Blksize int32
+ _ [4]byte
+ Blocks int64
+ Atim Timespec
+ Mtim Timespec
+ Ctim Timespec
+ _ uint32
+ _ uint32
+}
+
+type Dirent struct {
+ Ino uint64
+ Off int64
+ Reclen uint16
+ Type uint8
+ Name [256]uint8
+ _ [5]byte
+}
+
+type Flock_t struct {
+ Type int16
+ Whence int16
+ _ [4]byte
+ Start int64
+ Len int64
+ Pid int32
+ _ [4]byte
+}
+
+type DmNameList struct {
+ Dev uint64
+ Next uint32
+ Name [0]byte
+ _ [4]byte
+}
+
+const (
+ FADV_DONTNEED = 0x4
+ FADV_NOREUSE = 0x5
+)
+
+type RawSockaddr struct {
+ Family uint16
+ Data [14]uint8
+}
+
+type RawSockaddrAny struct {
+ Addr RawSockaddr
+ Pad [96]uint8
+}
+
+type Iovec struct {
+ Base *byte
+ Len uint32
+}
+
+type Msghdr struct {
+ Name *byte
+ Namelen uint32
+ Iov *Iovec
+ Iovlen uint32
+ Control *byte
+ Controllen uint32
+ Flags int32
+}
+
+type Cmsghdr struct {
+ Len uint32
+ Level int32
+ Type int32
+}
+
+const (
+ SizeofIovec = 0x8
+ SizeofMsghdr = 0x1c
+ SizeofCmsghdr = 0xc
+)
+
+const (
+ SizeofSockFprog = 0x8
+)
+
+type PtraceRegs struct {
+ Gpr [32]uint32
+ Nip uint32
+ Msr uint32
+ Orig_gpr3 uint32
+ Ctr uint32
+ Link uint32
+ Xer uint32
+ Ccr uint32
+ Mq uint32
+ Trap uint32
+ Dar uint32
+ Dsisr uint32
+ Result uint32
+}
+
+type FdSet struct {
+ Bits [32]int32
+}
+
+type Sysinfo_t struct {
+ Uptime int32
+ Loads [3]uint32
+ Totalram uint32
+ Freeram uint32
+ Sharedram uint32
+ Bufferram uint32
+ Totalswap uint32
+ Freeswap uint32
+ Procs uint16
+ Pad uint16
+ Totalhigh uint32
+ Freehigh uint32
+ Unit uint32
+ _ [8]uint8
+}
+
+type Ustat_t struct {
+ Tfree int32
+ Tinode uint32
+ Fname [6]uint8
+ Fpack [6]uint8
+}
+
+type EpollEvent struct {
+ Events uint32
+ _ int32
+ Fd int32
+ Pad int32
+}
+
+const (
+ POLLRDHUP = 0x2000
+)
+
+type Sigset_t struct {
+ Val [32]uint32
+}
+
+const _C__NSIG = 0x41
+
+type Termios struct {
+ Iflag uint32
+ Oflag uint32
+ Cflag uint32
+ Lflag uint32
+ Cc [19]uint8
+ Line uint8
+ Ispeed uint32
+ Ospeed uint32
+}
+
+type Taskstats struct {
+ Version uint16
+ Ac_exitcode uint32
+ Ac_flag uint8
+ Ac_nice uint8
+ _ [4]byte
+ Cpu_count uint64
+ Cpu_delay_total uint64
+ Blkio_count uint64
+ Blkio_delay_total uint64
+ Swapin_count uint64
+ Swapin_delay_total uint64
+ Cpu_run_real_total uint64
+ Cpu_run_virtual_total uint64
+ Ac_comm [32]uint8
+ Ac_sched uint8
+ Ac_pad [3]uint8
+ _ [4]byte
+ Ac_uid uint32
+ Ac_gid uint32
+ Ac_pid uint32
+ Ac_ppid uint32
+ Ac_btime uint32
+ _ [4]byte
+ Ac_etime uint64
+ Ac_utime uint64
+ Ac_stime uint64
+ Ac_minflt uint64
+ Ac_majflt uint64
+ Coremem uint64
+ Virtmem uint64
+ Hiwater_rss uint64
+ Hiwater_vm uint64
+ Read_char uint64
+ Write_char uint64
+ Read_syscalls uint64
+ Write_syscalls uint64
+ Read_bytes uint64
+ Write_bytes uint64
+ Cancelled_write_bytes uint64
+ Nvcsw uint64
+ Nivcsw uint64
+ Ac_utimescaled uint64
+ Ac_stimescaled uint64
+ Cpu_scaled_run_real_total uint64
+ Freepages_count uint64
+ Freepages_delay_total uint64
+ Thrashing_count uint64
+ Thrashing_delay_total uint64
+ Ac_btime64 uint64
+}
+
+type cpuMask uint32
+
+const (
+ _NCPUBITS = 0x20
+)
+
+const (
+ CBitFieldMaskBit0 = 0x8000000000000000
+ CBitFieldMaskBit1 = 0x4000000000000000
+ CBitFieldMaskBit2 = 0x2000000000000000
+ CBitFieldMaskBit3 = 0x1000000000000000
+ CBitFieldMaskBit4 = 0x800000000000000
+ CBitFieldMaskBit5 = 0x400000000000000
+ CBitFieldMaskBit6 = 0x200000000000000
+ CBitFieldMaskBit7 = 0x100000000000000
+ CBitFieldMaskBit8 = 0x80000000000000
+ CBitFieldMaskBit9 = 0x40000000000000
+ CBitFieldMaskBit10 = 0x20000000000000
+ CBitFieldMaskBit11 = 0x10000000000000
+ CBitFieldMaskBit12 = 0x8000000000000
+ CBitFieldMaskBit13 = 0x4000000000000
+ CBitFieldMaskBit14 = 0x2000000000000
+ CBitFieldMaskBit15 = 0x1000000000000
+ CBitFieldMaskBit16 = 0x800000000000
+ CBitFieldMaskBit17 = 0x400000000000
+ CBitFieldMaskBit18 = 0x200000000000
+ CBitFieldMaskBit19 = 0x100000000000
+ CBitFieldMaskBit20 = 0x80000000000
+ CBitFieldMaskBit21 = 0x40000000000
+ CBitFieldMaskBit22 = 0x20000000000
+ CBitFieldMaskBit23 = 0x10000000000
+ CBitFieldMaskBit24 = 0x8000000000
+ CBitFieldMaskBit25 = 0x4000000000
+ CBitFieldMaskBit26 = 0x2000000000
+ CBitFieldMaskBit27 = 0x1000000000
+ CBitFieldMaskBit28 = 0x800000000
+ CBitFieldMaskBit29 = 0x400000000
+ CBitFieldMaskBit30 = 0x200000000
+ CBitFieldMaskBit31 = 0x100000000
+ CBitFieldMaskBit32 = 0x80000000
+ CBitFieldMaskBit33 = 0x40000000
+ CBitFieldMaskBit34 = 0x20000000
+ CBitFieldMaskBit35 = 0x10000000
+ CBitFieldMaskBit36 = 0x8000000
+ CBitFieldMaskBit37 = 0x4000000
+ CBitFieldMaskBit38 = 0x2000000
+ CBitFieldMaskBit39 = 0x1000000
+ CBitFieldMaskBit40 = 0x800000
+ CBitFieldMaskBit41 = 0x400000
+ CBitFieldMaskBit42 = 0x200000
+ CBitFieldMaskBit43 = 0x100000
+ CBitFieldMaskBit44 = 0x80000
+ CBitFieldMaskBit45 = 0x40000
+ CBitFieldMaskBit46 = 0x20000
+ CBitFieldMaskBit47 = 0x10000
+ CBitFieldMaskBit48 = 0x8000
+ CBitFieldMaskBit49 = 0x4000
+ CBitFieldMaskBit50 = 0x2000
+ CBitFieldMaskBit51 = 0x1000
+ CBitFieldMaskBit52 = 0x800
+ CBitFieldMaskBit53 = 0x400
+ CBitFieldMaskBit54 = 0x200
+ CBitFieldMaskBit55 = 0x100
+ CBitFieldMaskBit56 = 0x80
+ CBitFieldMaskBit57 = 0x40
+ CBitFieldMaskBit58 = 0x20
+ CBitFieldMaskBit59 = 0x10
+ CBitFieldMaskBit60 = 0x8
+ CBitFieldMaskBit61 = 0x4
+ CBitFieldMaskBit62 = 0x2
+ CBitFieldMaskBit63 = 0x1
+)
+
+type SockaddrStorage struct {
+ Family uint16
+ _ [122]uint8
+ _ uint32
+}
+
+type HDGeometry struct {
+ Heads uint8
+ Sectors uint8
+ Cylinders uint16
+ Start uint32
+}
+
+type Statfs_t struct {
+ Type int32
+ Bsize int32
+ Blocks uint64
+ Bfree uint64
+ Bavail uint64
+ Files uint64
+ Ffree uint64
+ Fsid Fsid
+ Namelen int32
+ Frsize int32
+ Flags int32
+ Spare [4]int32
+ _ [4]byte
+}
+
+type TpacketHdr struct {
+ Status uint32
+ Len uint32
+ Snaplen uint32
+ Mac uint16
+ Net uint16
+ Sec uint32
+ Usec uint32
+}
+
+const (
+ SizeofTpacketHdr = 0x18
+)
+
+type RTCPLLInfo struct {
+ Ctrl int32
+ Value int32
+ Max int32
+ Min int32
+ Posmult int32
+ Negmult int32
+ Clock int32
+}
+
+type BlkpgPartition struct {
+ Start int64
+ Length int64
+ Pno int32
+ Devname [64]uint8
+ Volname [64]uint8
+ _ [4]byte
+}
+
+const (
+ BLKPG = 0x20001269
+)
+
+type XDPUmemReg struct {
+ Addr uint64
+ Len uint64
+ Size uint32
+ Headroom uint32
+ Flags uint32
+ _ [4]byte
+}
+
+type CryptoUserAlg struct {
+ Name [64]uint8
+ Driver_name [64]uint8
+ Module_name [64]uint8
+ Type uint32
+ Mask uint32
+ Refcnt uint32
+ Flags uint32
+}
+
+type CryptoStatAEAD struct {
+ Type [64]uint8
+ Encrypt_cnt uint64
+ Encrypt_tlen uint64
+ Decrypt_cnt uint64
+ Decrypt_tlen uint64
+ Err_cnt uint64
+}
+
+type CryptoStatAKCipher struct {
+ Type [64]uint8
+ Encrypt_cnt uint64
+ Encrypt_tlen uint64
+ Decrypt_cnt uint64
+ Decrypt_tlen uint64
+ Verify_cnt uint64
+ Sign_cnt uint64
+ Err_cnt uint64
+}
+
+type CryptoStatCipher struct {
+ Type [64]uint8
+ Encrypt_cnt uint64
+ Encrypt_tlen uint64
+ Decrypt_cnt uint64
+ Decrypt_tlen uint64
+ Err_cnt uint64
+}
+
+type CryptoStatCompress struct {
+ Type [64]uint8
+ Compress_cnt uint64
+ Compress_tlen uint64
+ Decompress_cnt uint64
+ Decompress_tlen uint64
+ Err_cnt uint64
+}
+
+type CryptoStatHash struct {
+ Type [64]uint8
+ Hash_cnt uint64
+ Hash_tlen uint64
+ Err_cnt uint64
+}
+
+type CryptoStatKPP struct {
+ Type [64]uint8
+ Setsecret_cnt uint64
+ Generate_public_key_cnt uint64
+ Compute_shared_secret_cnt uint64
+ Err_cnt uint64
+}
+
+type CryptoStatRNG struct {
+ Type [64]uint8
+ Generate_cnt uint64
+ Generate_tlen uint64
+ Seed_cnt uint64
+ Err_cnt uint64
+}
+
+type CryptoStatLarval struct {
+ Type [64]uint8
+}
+
+type CryptoReportLarval struct {
+ Type [64]uint8
+}
+
+type CryptoReportHash struct {
+ Type [64]uint8
+ Blocksize uint32
+ Digestsize uint32
+}
+
+type CryptoReportCipher struct {
+ Type [64]uint8
+ Blocksize uint32
+ Min_keysize uint32
+ Max_keysize uint32
+}
+
+type CryptoReportBlkCipher struct {
+ Type [64]uint8
+ Geniv [64]uint8
+ Blocksize uint32
+ Min_keysize uint32
+ Max_keysize uint32
+ Ivsize uint32
+}
+
+type CryptoReportAEAD struct {
+ Type [64]uint8
+ Geniv [64]uint8
+ Blocksize uint32
+ Maxauthsize uint32
+ Ivsize uint32
+}
+
+type CryptoReportComp struct {
+ Type [64]uint8
+}
+
+type CryptoReportRNG struct {
+ Type [64]uint8
+ Seedsize uint32
+}
+
+type CryptoReportAKCipher struct {
+ Type [64]uint8
+}
+
+type CryptoReportKPP struct {
+ Type [64]uint8
+}
+
+type CryptoReportAcomp struct {
+ Type [64]uint8
+}
+
+type LoopInfo struct {
+ Number int32
+ Device uint32
+ Inode uint32
+ Rdevice uint32
+ Offset int32
+ Encrypt_type int32
+ Encrypt_key_size int32
+ Flags int32
+ Name [64]uint8
+ Encrypt_key [32]uint8
+ Init [2]uint32
+ Reserved [4]uint8
+}
+
+type TIPCSubscr struct {
+ Seq TIPCServiceRange
+ Timeout uint32
+ Filter uint32
+ Handle [8]uint8
+}
+
+type TIPCSIOCLNReq struct {
+ Peer uint32
+ Id uint32
+ Linkname [68]uint8
+}
+
+type TIPCSIOCNodeIDReq struct {
+ Peer uint32
+ Id [16]uint8
+}
+
+type PPSKInfo struct {
+ Assert_sequence uint32
+ Clear_sequence uint32
+ Assert_tu PPSKTime
+ Clear_tu PPSKTime
+ Current_mode int32
+ _ [4]byte
+}
+
+const (
+ PPS_GETPARAMS = 0x400470a1
+ PPS_SETPARAMS = 0x800470a2
+ PPS_GETCAP = 0x400470a3
+ PPS_FETCH = 0xc00470a4
+)
}
func (selfRelativeSD *SECURITY_DESCRIPTOR) copySelfRelativeSecurityDescriptor() *SECURITY_DESCRIPTOR {
- sdLen := (int)(selfRelativeSD.Length())
+ sdLen := int(selfRelativeSD.Length())
+ const min = int(unsafe.Sizeof(SECURITY_DESCRIPTOR{}))
+ if sdLen < min {
+ sdLen = min
+ }
var src []byte
h := (*unsafeheader.Slice)(unsafe.Pointer(&src))
h.Len = sdLen
h.Cap = sdLen
- dst := make([]byte, sdLen)
+ const psize = int(unsafe.Sizeof(uintptr(0)))
+
+ var dst []byte
+ h = (*unsafeheader.Slice)(unsafe.Pointer(&dst))
+ alloc := make([]uintptr, (sdLen+psize-1)/psize)
+ h.Data = (*unsafeheader.Slice)(unsafe.Pointer(&alloc)).Data
+ h.Len = sdLen
+ h.Cap = sdLen
+
copy(dst, src)
return (*SECURITY_DESCRIPTOR)(unsafe.Pointer(&dst[0]))
}
// are of the allowed values defined for the Unicode locale extension ('u') in
// https://www.unicode.org/reports/tr35/#Unicode_Language_and_Locale_Identifiers.
// TypeForKey will traverse the inheritance chain to get the correct value.
+//
+// If there are multiple types associated with a key, only the first will be
+// returned. If there is no type associated with a key, it returns the empty
+// string.
func (t Tag) TypeForKey(key string) string {
- if start, end, _ := t.findTypeForKey(key); end != start {
- return t.str[start:end]
+ if _, start, end, _ := t.findTypeForKey(key); end != start {
+ s := t.str[start:end]
+ if p := strings.IndexByte(s, '-'); p >= 0 {
+ s = s[:p]
+ }
+ return s
}
return ""
}
// Remove the setting if value is "".
if value == "" {
- start, end, _ := t.findTypeForKey(key)
- if start != end {
- // Remove key tag and leading '-'.
- start -= 4
-
+ start, sep, end, _ := t.findTypeForKey(key)
+ if start != sep {
// Remove a possible empty extension.
- if (end == len(t.str) || t.str[end+2] == '-') && t.str[start-2] == '-' {
+ switch {
+ case t.str[start-2] != '-': // has previous elements.
+ case end == len(t.str), // end of string
+ end+2 < len(t.str) && t.str[end+2] == '-': // end of extension
start -= 2
}
if start == int(t.pVariant) && end == len(t.str) {
t.str = string(buf[:uStart+len(b)])
} else {
s := t.str
- start, end, hasExt := t.findTypeForKey(key)
- if start == end {
+ start, sep, end, hasExt := t.findTypeForKey(key)
+ if start == sep {
if hasExt {
b = b[2:]
}
- t.str = fmt.Sprintf("%s-%s%s", s[:start], b, s[end:])
+ t.str = fmt.Sprintf("%s-%s%s", s[:sep], b, s[end:])
} else {
- t.str = fmt.Sprintf("%s%s%s", s[:start], value, s[end:])
+ t.str = fmt.Sprintf("%s-%s%s", s[:start+3], value, s[end:])
}
}
return t, nil
// wasn't found. The hasExt return value reports whether an -u extension was present.
// Note: the extensions are typically very small and are likely to contain
// only one key-type pair.
-func (t Tag) findTypeForKey(key string) (start, end int, hasExt bool) {
+func (t Tag) findTypeForKey(key string) (start, sep, end int, hasExt bool) {
p := int(t.pExt)
if len(key) != 2 || p == len(t.str) || p == 0 {
- return p, p, false
+ return p, p, p, false
}
s := t.str
for p++; s[p] != 'u'; p++ {
if s[p] > 'u' {
p--
- return p, p, false
+ return p, p, p, false
}
if p = nextExtension(s, p); p == len(s) {
- return len(s), len(s), false
+ return len(s), len(s), len(s), false
}
}
// Proceed to the hyphen following the extension name.
// Iterate over keys until we get the end of a section.
for {
- // p points to the hyphen preceding the current token.
- if p3 := p + 3; s[p3] == '-' {
- // Found a key.
- // Check whether we just processed the key that was requested.
- if curKey == key {
- return start, p, true
- }
- // Set to the next key and continue scanning type tokens.
- curKey = s[p+1 : p3]
- if curKey > key {
- return p, p, true
- }
- // Start of the type token sequence.
- start = p + 4
- // A type is at least 3 characters long.
- p += 7 // 4 + 3
- } else {
- // Attribute or type, which is at least 3 characters long.
- p += 4
- }
- // p points past the third character of a type or attribute.
- max := p + 5 // maximum length of token plus hyphen.
- if len(s) < max {
- max = len(s)
+ end = p
+ for p++; p < len(s) && s[p] != '-'; p++ {
}
- for ; p < max && s[p] != '-'; p++ {
+ n := p - end - 1
+ if n <= 2 && curKey == key {
+ if sep < end {
+ sep++
+ }
+ return start, sep, end, true
}
- // Bail if we have exhausted all tokens or if the next token starts
- // a new extension.
- if p == len(s) || s[p+2] == '-' {
- if curKey == key {
- return start, p, true
+ switch n {
+ case 0, // invalid string
+ 1: // next extension
+ return end, end, end, true
+ case 2:
+ // next key
+ curKey = s[end+1 : p]
+ if curKey > key {
+ return end, end, end, true
}
- return p, p, true
+ start = end
+ sep = p
}
}
}
b = make([]byte, n)
copy(b, s.b[:oldStart])
} else {
- b = s.b[:n:n]
+ b = s.b[:n]
}
copy(b[end:], s.b[oldEnd:])
s.b = b
func parseExtension(scan *scanner) int {
start, end := scan.start, scan.end
switch scan.token[0] {
- case 'u':
+ case 'u': // https://www.ietf.org/rfc/rfc6067.txt
attrStart := end
scan.scan()
for last := []byte{}; len(scan.token) > 2; scan.scan() {
last = scan.token
end = scan.end
}
+ // Scan key-type sequences. A key is of length 2 and may be followed
+ // by 0 or more "type" subtags from 3 to the maximum of 8 letters.
var last, key []byte
for attrEnd := end; len(scan.token) == 2; last = key {
key = scan.token
- keyEnd := scan.end
- end = scan.acceptMinSize(3)
+ end = scan.end
+ for scan.scan(); end < scan.end && len(scan.token) > 2; scan.scan() {
+ end = scan.end
+ }
// TODO: check key value validity
- if keyEnd == end || bytes.Compare(key, last) != 1 {
+ if bytes.Compare(key, last) != 1 || scan.err != nil {
// We have an invalid key or the keys are not sorted.
// Start scanning keys from scratch and reorder.
p := attrEnd + 1
scan.next = p
keys := [][]byte{}
for scan.scan(); len(scan.token) == 2; {
- keyStart, keyEnd := scan.start, scan.end
- end = scan.acceptMinSize(3)
- if keyEnd != end {
- keys = append(keys, scan.b[keyStart:end])
- } else {
- scan.setError(ErrSyntax)
- end = keyStart
+ keyStart := scan.start
+ end = scan.end
+ for scan.scan(); end < scan.end && len(scan.token) > 2; scan.scan() {
+ end = scan.end
}
+ keys = append(keys, scan.b[keyStart:end])
}
sort.Stable(bytesSort{keys, 2})
if n := len(keys); n > 0 {
break
}
}
- case 't':
+ case 't': // https://www.ietf.org/rfc/rfc6497.txt
scan.scan()
if n := len(scan.token); n >= 2 && n <= 3 && isAlpha(scan.token[1]) {
_, end = parseTag(scan)
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !go1.2
// +build !go1.2
package language
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build go1.2
// +build go1.2
package language
// are of the allowed values defined for the Unicode locale extension ('u') in
// https://www.unicode.org/reports/tr35/#Unicode_Language_and_Locale_Identifiers.
// TypeForKey will traverse the inheritance chain to get the correct value.
+//
+// If there are multiple types associated with a key, only the first will be
+// returned. If there is no type associated with a key, it returns the empty
+// string.
func (t Tag) TypeForKey(key string) string {
if !compact.Tag(t).MayHaveExtensions() {
if key != "rg" && key != "va" {
_Zzzz = 251
)
-var regionToGroups = []uint8{ // 357 elements
+var regionToGroups = []uint8{ // 358 elements
// Entry 0 - 3F
0x00, 0x00, 0x00, 0x04, 0x04, 0x00, 0x00, 0x04,
0x00, 0x00, 0x00, 0x00, 0x04, 0x04, 0x04, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00,
-} // Size: 381 bytes
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+} // Size: 382 bytes
var paradigmLocales = [][3]uint16{ // 3 elements
0: [3]uint16{0x139, 0x0, 0x7b},
14: {lang: 0x529, script: 0x3c, group: 0x80, distance: 0x5},
} // Size: 114 bytes
-// Total table size 1471 bytes (1KiB); checksum: 4CB1CD46
+// Total table size 1472 bytes (1KiB); checksum: F86C669
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build go1.10
// +build go1.10
package bidirule
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build !go1.10
// +build !go1.10
package bidirule
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.10 && !go1.13
// +build go1.10,!go1.13
package bidi
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.13 && !go1.14
// +build go1.13,!go1.14
package bidi
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.14 && !go1.16
// +build go1.14,!go1.16
package bidi
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.16
// +build go1.16
package bidi
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build !go1.10
// +build !go1.10
package bidi
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.10 && !go1.13
// +build go1.10,!go1.13
package norm
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.13 && !go1.14
// +build go1.13,!go1.14
package norm
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.14 && !go1.16
// +build go1.14,!go1.16
package norm
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.16
// +build go1.16
package norm
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build !go1.10
// +build !go1.10
package norm
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.10 && !go1.13
// +build go1.10,!go1.13
package width
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.13 && !go1.14
// +build go1.13,!go1.14
package width
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.14 && !go1.16
// +build go1.14,!go1.16
package width
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build go1.16
// +build go1.16
package width
// Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+//go:build !go1.10
// +build !go1.10
package width
# github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
## explicit
github.com/bradfitz/gomemcache/memcache
-# github.com/caddyserver/certmagic v0.12.0
+# github.com/caddyserver/certmagic v0.13.0
## explicit
github.com/caddyserver/certmagic
# github.com/cespare/xxhash/v2 v2.1.1
github.com/lib/pq/oid
github.com/lib/pq/scram
# github.com/libdns/libdns v0.2.0
-## explicit
github.com/libdns/libdns
# github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
## explicit
github.com/mgechev/revive/lint
github.com/mgechev/revive/rule
# github.com/mholt/acmez v0.1.3
-## explicit
github.com/mholt/acmez
github.com/mholt/acmez/acme
# github.com/mholt/archiver/v3 v3.5.0
# github.com/microcosm-cc/bluemonday v1.0.7
## explicit
github.com/microcosm-cc/bluemonday
-# github.com/miekg/dns v1.1.40
+# github.com/miekg/dns v1.1.41
## explicit
github.com/miekg/dns
# github.com/minio/md5-simd v1.1.2
go.uber.org/zap/internal/color
go.uber.org/zap/internal/exit
go.uber.org/zap/zapcore
-# golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
+# golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
## explicit
golang.org/x/crypto/argon2
golang.org/x/crypto/bcrypt
# golang.org/x/mod v0.4.1
golang.org/x/mod/module
golang.org/x/mod/semver
-# golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+# golang.org/x/net v0.0.0-20210421230115-4e50805a0758
## explicit
golang.org/x/net/bpf
golang.org/x/net/context
golang.org/x/oauth2/internal
golang.org/x/oauth2/jws
golang.org/x/oauth2/jwt
-# golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44
+# golang.org/x/sys v0.0.0-20210421221651-33663a62ff08
## explicit
golang.org/x/sys/cpu
golang.org/x/sys/execabs
golang.org/x/sys/windows
golang.org/x/sys/windows/svc
golang.org/x/sys/windows/svc/debug
-# golang.org/x/text v0.3.5
+# golang.org/x/text v0.3.6
## explicit
golang.org/x/text/encoding
golang.org/x/text/encoding/charmap
projects / gitea.git / commitdiff