2011-03-14 18:21:22 +03:00
|
|
|
.\" $NetBSD: rumphijack.3,v 1.12 2011/03/14 15:21:22 pooka Exp $
|
2011-01-25 15:56:25 +03:00
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 2011 Antti Kantee. All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
.\"
|
2011-03-14 18:21:22 +03:00
|
|
|
.Dd March 14, 2011
|
2011-01-25 15:56:25 +03:00
|
|
|
.Dt RUMPHIJACK 3
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm rumphijack
|
|
|
|
.Nd System call hijack library
|
|
|
|
.Sh LIBRARY
|
|
|
|
used by
|
|
|
|
.Xr ld.so 1
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
The
|
|
|
|
.Xr ld.so 1
|
|
|
|
runtime linker can be instructed to load
|
|
|
|
.Nm
|
|
|
|
between the main object and other libraries.
|
|
|
|
This enables
|
|
|
|
.Nm
|
|
|
|
to capture and redirect system call requests to a rump kernel instead
|
|
|
|
of the host kernel.
|
|
|
|
.Pp
|
2011-02-16 22:46:42 +03:00
|
|
|
The behaviour of hijacked applications is affected by the following
|
|
|
|
environment variables:
|
|
|
|
.Bl -tag -width 12345
|
2011-02-18 15:22:46 +03:00
|
|
|
.It Ev RUMPHIJACK
|
|
|
|
If present, this variable specifies which system calls should be
|
|
|
|
hijacked.
|
|
|
|
The string is parsed as a comma-separated list of
|
|
|
|
.Dq name=value
|
|
|
|
tuples.
|
|
|
|
The possible lefthandside names are:
|
Add ``blanket''. It acts like path, except that the prefix does
_not_ get removed if the call goes to the rump namespace.
So, now it's possible to use e.g. tcpdump (and most other utilities
which hardcore a /dev pathname) on a rump kernel:
golem> setenv RUMPHIJACK blanket=/dev/bpf
golem> tcpdump -n -i virt0
tcpdump: WARNING: SIOCGIFADDR: virt0: Device not configured
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virt0, link-type EN10MB (Ethernet), capture size 96 bytes
21:55:38.925596 IP 192.168.2.101 > 204.152.190.12: ICMP echo request, id 47811, seq 0, length 64
21:55:39.095596 IP 204.152.190.12 > 192.168.2.101: ICMP echo reply, id 47811, seq 0, length 64
(if you additionally set socket=all in RUMPHIJACK, tcpdump doesn't
whine about the "not configured" interface)
2011-03-08 23:59:01 +03:00
|
|
|
.Bl -tag -width xxblanketxx
|
2011-02-18 15:22:46 +03:00
|
|
|
.It Dq path
|
|
|
|
Pathname-based system calls are hijacked if the path the system
|
|
|
|
call is directed to resides under
|
|
|
|
.Ar value .
|
2011-02-20 17:21:04 +03:00
|
|
|
In case of an absolute pathname argument, a literal prefix comparison is made.
|
2011-02-18 15:22:46 +03:00
|
|
|
In case of a relative pathname, the current working direct is
|
|
|
|
examined.
|
2011-02-20 17:21:04 +03:00
|
|
|
This also implies that neither
|
|
|
|
.Dq ..
|
|
|
|
nor symbolic links will cause the namespace to be switched.
|
Add ``blanket''. It acts like path, except that the prefix does
_not_ get removed if the call goes to the rump namespace.
So, now it's possible to use e.g. tcpdump (and most other utilities
which hardcore a /dev pathname) on a rump kernel:
golem> setenv RUMPHIJACK blanket=/dev/bpf
golem> tcpdump -n -i virt0
tcpdump: WARNING: SIOCGIFADDR: virt0: Device not configured
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virt0, link-type EN10MB (Ethernet), capture size 96 bytes
21:55:38.925596 IP 192.168.2.101 > 204.152.190.12: ICMP echo request, id 47811, seq 0, length 64
21:55:39.095596 IP 204.152.190.12 > 192.168.2.101: ICMP echo reply, id 47811, seq 0, length 64
(if you additionally set socket=all in RUMPHIJACK, tcpdump doesn't
whine about the "not configured" interface)
2011-03-08 23:59:01 +03:00
|
|
|
.It Dq blanket
|
|
|
|
A colon-separated list of rump path prefixes.
|
|
|
|
This acts almost like
|
|
|
|
.Dq path
|
|
|
|
with the difference that the prefix does not get removed when
|
|
|
|
passing the path to the rump kernel.
|
|
|
|
For example, if
|
|
|
|
.Dq path
|
|
|
|
is
|
|
|
|
.Pa /rump ,
|
|
|
|
accessing
|
|
|
|
.Pa /rump/dev/bpf
|
|
|
|
will cause
|
|
|
|
.Pa /dev/bpf
|
|
|
|
to be accessed in the rump kernel.
|
|
|
|
In contrast, if
|
|
|
|
.Dq blanket
|
|
|
|
contains
|
|
|
|
.Pa /dev/bpf ,
|
|
|
|
accessing
|
|
|
|
.Pa /dev/bpf
|
|
|
|
will cause an access to
|
|
|
|
.Pa /dev/bpf
|
|
|
|
in the rump kernel.
|
|
|
|
.Pp
|
|
|
|
In case the current working directory is changed to a blanketed
|
|
|
|
directory, the current working directory will still be reported
|
|
|
|
with the rump prefix, if available.
|
2011-03-09 00:02:22 +03:00
|
|
|
Note, though, that some shells cache the directory and may report
|
Add ``blanket''. It acts like path, except that the prefix does
_not_ get removed if the call goes to the rump namespace.
So, now it's possible to use e.g. tcpdump (and most other utilities
which hardcore a /dev pathname) on a rump kernel:
golem> setenv RUMPHIJACK blanket=/dev/bpf
golem> tcpdump -n -i virt0
tcpdump: WARNING: SIOCGIFADDR: virt0: Device not configured
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virt0, link-type EN10MB (Ethernet), capture size 96 bytes
21:55:38.925596 IP 192.168.2.101 > 204.152.190.12: ICMP echo request, id 47811, seq 0, length 64
21:55:39.095596 IP 204.152.190.12 > 192.168.2.101: ICMP echo reply, id 47811, seq 0, length 64
(if you additionally set socket=all in RUMPHIJACK, tcpdump doesn't
whine about the "not configured" interface)
2011-03-08 23:59:01 +03:00
|
|
|
something else.
|
|
|
|
In case no rump path prefix has been configured, the raw rump
|
|
|
|
directory is reported.
|
|
|
|
.Pp
|
|
|
|
It is recommended to supply blanketed pathnames as specific as
|
|
|
|
possible, i.e. use
|
|
|
|
.Pa /dev/bpf
|
|
|
|
instead of
|
|
|
|
.Pa /dev
|
|
|
|
unless necessary to do otherwise.
|
2011-03-09 02:51:23 +03:00
|
|
|
Also, note that the blanket prefix does not follow directory borders.
|
2011-03-09 00:09:18 +03:00
|
|
|
In other words, setting the blanket for
|
|
|
|
.Pa /dev/bpf
|
|
|
|
means it is set for
|
|
|
|
.Em all
|
|
|
|
pathnames with the given prefix, not just ones in
|
|
|
|
.Pa /dev .
|
2011-02-18 15:22:46 +03:00
|
|
|
.It Dq socket
|
|
|
|
The specifier
|
|
|
|
.Ar value
|
|
|
|
contains a colon-separated list of which protocol families should
|
|
|
|
be hijacked.
|
|
|
|
The special value
|
|
|
|
.Dq all
|
|
|
|
can be specified as the first element.
|
|
|
|
It indicates that all protocol families should be hijacked.
|
|
|
|
Some can then be disabled by prepending
|
|
|
|
.Dq no
|
|
|
|
to the name of the protocol family.
|
|
|
|
.Pp
|
|
|
|
For example,
|
|
|
|
.Dq inet:inet6
|
|
|
|
specifies that only
|
|
|
|
.Dv PF_INET
|
|
|
|
and
|
|
|
|
.Dv PF_INET6
|
|
|
|
sockets should be hijacked,
|
|
|
|
while
|
|
|
|
.Dq all:noinet
|
|
|
|
specifies that all protocol families except
|
|
|
|
.Dv PF_INET
|
|
|
|
should be hijacked.
|
2011-03-10 02:40:44 +03:00
|
|
|
.It Dq vfs
|
|
|
|
The specifier
|
|
|
|
.Ar value
|
|
|
|
contains a colon-separated list of which vfs-related system calls
|
|
|
|
should be hijacked.
|
|
|
|
These differ from the pathname-based file system syscalls in that
|
|
|
|
there is no pathname to make the selection based on.
|
|
|
|
Current possible values are
|
|
|
|
.Dq nfssvc ,
|
2011-03-10 11:53:04 +03:00
|
|
|
.Dq getvfsstat ,
|
2011-03-10 02:40:44 +03:00
|
|
|
and
|
2011-03-10 11:53:04 +03:00
|
|
|
.Dq fhcalls .
|
2011-03-10 02:40:44 +03:00
|
|
|
They indicate hijacking
|
|
|
|
.Fn nfssvc ,
|
2011-03-10 11:53:04 +03:00
|
|
|
.Fn getvfsstat ,
|
2011-03-10 02:40:44 +03:00
|
|
|
and all file handle calls, respectively.
|
|
|
|
The file handle calls include
|
|
|
|
.Fn fhopen ,
|
2011-03-10 11:53:04 +03:00
|
|
|
.Fn fhstat ,
|
2011-03-10 02:40:44 +03:00
|
|
|
and
|
|
|
|
.Fn fhstatvfs1 .
|
|
|
|
.Pp
|
|
|
|
It is also possible to use
|
|
|
|
.Dq all
|
|
|
|
and
|
|
|
|
.Dq no
|
|
|
|
in the same fashion as with the socket hijack specifier.
|
|
|
|
.It Dq sysctl
|
|
|
|
Direct the
|
|
|
|
.Fn __sysctl
|
|
|
|
backend of the
|
|
|
|
.Xr sysctl 3
|
|
|
|
facility to the rump kernel.
|
|
|
|
Acceptable values are
|
|
|
|
.Dq yes
|
|
|
|
and
|
|
|
|
.Dq no ,
|
|
|
|
meaning to call the rump or the host kernel, respectively.
|
2011-03-14 18:21:22 +03:00
|
|
|
.It Dq fdoff
|
|
|
|
Adjust the library's fd offset to the specified value.
|
|
|
|
All rump kernel descriptors have the offset added to them
|
|
|
|
before they are returned to the application.
|
|
|
|
This should be changed only if the application defines a low non-default
|
|
|
|
.Dv FD_SETSIZE
|
|
|
|
for
|
|
|
|
.Fn select
|
|
|
|
or if it opens a very large number of file descriptors.
|
|
|
|
The default value is 128.
|
2011-02-18 15:22:46 +03:00
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
If the environment variable is unset, the default value
|
|
|
|
.Qq path=/rump,socket=all:nolocal
|
|
|
|
is used.
|
|
|
|
The rationale for this is to have networked X clients work
|
|
|
|
out-of-the-box: X clients use local sockets to communicate with
|
|
|
|
the server, so local sockets must be used as a host service.
|
|
|
|
.Pp
|
|
|
|
An empty string as a value means no calls are hijacked.
|
|
|
|
.It Ev RUMPHIJACK_RETRYCONNECT
|
2011-02-16 22:46:42 +03:00
|
|
|
Change how
|
|
|
|
.Xr rumpclient 3
|
|
|
|
attempts to reconnect to the server in case the connection is lost.
|
|
|
|
Acceptable values are:
|
|
|
|
.Bl -tag -width xxinftimexx
|
|
|
|
.It Dq inftime
|
|
|
|
retry indefinitely
|
|
|
|
.It Dq once
|
|
|
|
retry once, when that connection fails, give up
|
|
|
|
.It Dq die
|
|
|
|
call
|
|
|
|
.Xr exit 3
|
|
|
|
if connection failure is detected
|
|
|
|
.It n
|
|
|
|
Attempt reconnect for n seconds.
|
|
|
|
The value 0 means reconnection is not attempted.
|
|
|
|
The value n must be a positive integer.
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
See
|
|
|
|
.Xr rumpclient 3
|
|
|
|
for more discussion.
|
|
|
|
.El
|
2011-01-25 15:56:25 +03:00
|
|
|
.Sh EXAMPLES
|
2011-02-16 22:46:42 +03:00
|
|
|
Use an alternate TCP/IP stack for firefox with a persistent server
|
|
|
|
connection:
|
2011-01-25 15:56:25 +03:00
|
|
|
.Bd -literal -offset indent
|
|
|
|
$ setenv RUMP_SERVER unix:///tmp/tcpip
|
|
|
|
$ setenv LD_PRELOAD /usr/lib/librumphijack.so
|
2011-02-16 22:46:42 +03:00
|
|
|
$ setenv RUMPHIJACK_RETRYCONNECT inftime
|
2011-01-25 15:56:25 +03:00
|
|
|
$ firefox
|
|
|
|
.Ed
|
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr ld.so 1 ,
|
|
|
|
.Xr rump_server 1 ,
|
|
|
|
.Xr rump 3 ,
|
2011-02-16 22:46:42 +03:00
|
|
|
.Xr rumpclient 3 ,
|
2011-01-25 17:05:42 +03:00
|
|
|
.Xr rump_sp 7
|