From 2ea68b0b3eb60d11aedb97124294fa424161e9dd Mon Sep 17 00:00:00 2001
From: David Scott <dave@recoil.org>
Date: Thu, 14 Apr 2016 14:40:24 +0100
Subject: [PATCH] proxy: add a vsock package based on vsudd

This package supports a more normal Go interface, in particular it has:

  // Listen returns a net.Listener which can accept connections on the given
  // vhan port.
  func Listen(port uint) (net.Listener, error)

Signed-off-by: David Scott <dave.scott@docker.com>
---
 alpine/packages/proxy/Dockerfile              |   4 +-
 .../vsock/include/uapi/linux/vm_sockets.h     | 161 ++++++++++++++++++
 alpine/packages/proxy/vendor/vsock/vsock.go   | 101 +++++++++++
 3 files changed, 265 insertions(+), 1 deletion(-)
 create mode 100644 alpine/packages/proxy/vendor/vsock/include/uapi/linux/vm_sockets.h
 create mode 100644 alpine/packages/proxy/vendor/vsock/vsock.go

diff --git a/alpine/packages/proxy/Dockerfile b/alpine/packages/proxy/Dockerfile
index d38c03bfe..dc06b22ca 100644
--- a/alpine/packages/proxy/Dockerfile
+++ b/alpine/packages/proxy/Dockerfile
@@ -1,5 +1,7 @@
 FROM golang:alpine
 
+RUN apk update && apk add alpine-sdk
+
 RUN mkdir -p /go/src/proxy
 WORKDIR /go/src/proxy
 
@@ -8,6 +10,6 @@ COPY ./ /go/src/proxy/
 ARG GOARCH
 ARG GOOS
 
-RUN go install
+RUN go install --ldflags '-extldflags "-fno-PIC"'
 
 RUN [ -f /go/bin/*/proxy ] && mv /go/bin/*/proxy /go/bin/ || true
diff --git a/alpine/packages/proxy/vendor/vsock/include/uapi/linux/vm_sockets.h b/alpine/packages/proxy/vendor/vsock/include/uapi/linux/vm_sockets.h
new file mode 100644
index 000000000..41934a185
--- /dev/null
+++ b/alpine/packages/proxy/vendor/vsock/include/uapi/linux/vm_sockets.h
@@ -0,0 +1,161 @@
+/*
+ * VMware vSockets Driver
+ *
+ * Copyright (C) 2007-2013 VMware, Inc. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation version 2 and no later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ */
+
+#ifndef _UAPI_VM_SOCKETS_H
+#define _UAPI_VM_SOCKETS_H
+
+#ifdef __KERNEL__
+#include <linux/socket.h>
+#else
+#define __kernel_sa_family_t sa_family_t
+#include <sys/socket.h>
+#endif
+
+/* Option name for STREAM socket buffer size.  Use as the option name in
+ * setsockopt(3) or getsockopt(3) to set or get an unsigned long long that
+ * specifies the size of the buffer underlying a vSockets STREAM socket.
+ * Value is clamped to the MIN and MAX.
+ */
+
+#define SO_VM_SOCKETS_BUFFER_SIZE 0
+
+/* Option name for STREAM socket minimum buffer size.  Use as the option name
+ * in setsockopt(3) or getsockopt(3) to set or get an unsigned long long that
+ * specifies the minimum size allowed for the buffer underlying a vSockets
+ * STREAM socket.
+ */
+
+#define SO_VM_SOCKETS_BUFFER_MIN_SIZE 1
+
+/* Option name for STREAM socket maximum buffer size.  Use as the option name
+ * in setsockopt(3) or getsockopt(3) to set or get an unsigned long long
+ * that specifies the maximum size allowed for the buffer underlying a
+ * vSockets STREAM socket.
+ */
+
+#define SO_VM_SOCKETS_BUFFER_MAX_SIZE 2
+
+/* Option name for socket peer's host-specific VM ID.  Use as the option name
+ * in getsockopt(3) to get a host-specific identifier for the peer endpoint's
+ * VM.  The identifier is a signed integer.
+ * Only available for hypervisor endpoints.
+ */
+
+#define SO_VM_SOCKETS_PEER_HOST_VM_ID 3
+
+/* Option name for determining if a socket is trusted.  Use as the option name
+ * in getsockopt(3) to determine if a socket is trusted.  The value is a
+ * signed integer.
+ */
+
+#define SO_VM_SOCKETS_TRUSTED 5
+
+/* Option name for STREAM socket connection timeout.  Use as the option name
+ * in setsockopt(3) or getsockopt(3) to set or get the connection
+ * timeout for a STREAM socket.
+ */
+
+#define SO_VM_SOCKETS_CONNECT_TIMEOUT 6
+
+/* Option name for using non-blocking send/receive.  Use as the option name
+ * for setsockopt(3) or getsockopt(3) to set or get the non-blocking
+ * transmit/receive flag for a STREAM socket.  This flag determines whether
+ * send() and recv() can be called in non-blocking contexts for the given
+ * socket.  The value is a signed integer.
+ *
+ * This option is only relevant to kernel endpoints, where descheduling the
+ * thread of execution is not allowed, for example, while holding a spinlock.
+ * It is not to be confused with conventional non-blocking socket operations.
+ *
+ * Only available for hypervisor endpoints.
+ */
+
+#define SO_VM_SOCKETS_NONBLOCK_TXRX 7
+
+/* The vSocket equivalent of INADDR_ANY.  This works for the svm_cid field of
+ * sockaddr_vm and indicates the context ID of the current endpoint.
+ */
+
+#define VMADDR_CID_ANY -1U
+
+/* Bind to any available port.  Works for the svm_port field of
+ * sockaddr_vm.
+ */
+
+#define VMADDR_PORT_ANY -1U
+
+/* Use this as the destination CID in an address when referring to the
+ * hypervisor.  VMCI relies on it being 0, but this would be useful for other
+ * transports too.
+ */
+
+#define VMADDR_CID_HYPERVISOR 0
+
+/* This CID is specific to VMCI and can be considered reserved (even VMCI
+ * doesn't use it anymore, it's a legacy value from an older release).
+ */
+
+#define VMADDR_CID_RESERVED 1
+
+/* Use this as the destination CID in an address when referring to the host
+ * (any process other than the hypervisor).  VMCI relies on it being 2, but
+ * this would be useful for other transports too.
+ */
+
+#define VMADDR_CID_HOST 2
+
+/* Invalid vSockets version. */
+
+#define VM_SOCKETS_INVALID_VERSION -1U
+
+/* The epoch (first) component of the vSockets version.  A single byte
+ * representing the epoch component of the vSockets version.
+ */
+
+#define VM_SOCKETS_VERSION_EPOCH(_v) (((_v) & 0xFF000000) >> 24)
+
+/* The major (second) component of the vSockets version.   A single byte
+ * representing the major component of the vSockets version.  Typically
+ * changes for every major release of a product.
+ */
+
+#define VM_SOCKETS_VERSION_MAJOR(_v) (((_v) & 0x00FF0000) >> 16)
+
+/* The minor (third) component of the vSockets version.  Two bytes representing
+ * the minor component of the vSockets version.
+ */
+
+#define VM_SOCKETS_VERSION_MINOR(_v) (((_v) & 0x0000FFFF))
+
+/* Address structure for vSockets.   The address family should be set to
+ * AF_VSOCK.  The structure members should all align on their natural
+ * boundaries without resorting to compiler packing directives.  The total size
+ * of this structure should be exactly the same as that of struct sockaddr.
+ */
+
+struct sockaddr_vm {
+	__kernel_sa_family_t svm_family;
+	unsigned short svm_reserved1;
+	unsigned int svm_port;
+	unsigned int svm_cid;
+	unsigned char svm_zero[sizeof(struct sockaddr) -
+			       sizeof(sa_family_t) -
+			       sizeof(unsigned short) -
+			       sizeof(unsigned int) - sizeof(unsigned int)];
+};
+
+#define IOCTL_VM_SOCKETS_GET_LOCAL_CID		_IO(7, 0xb9)
+
+#endif /* _UAPI_VM_SOCKETS_H */
diff --git a/alpine/packages/proxy/vendor/vsock/vsock.go b/alpine/packages/proxy/vendor/vsock/vsock.go
new file mode 100644
index 000000000..b17199125
--- /dev/null
+++ b/alpine/packages/proxy/vendor/vsock/vsock.go
@@ -0,0 +1,101 @@
+package vsock
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"os"
+	"syscall"
+)
+
+/* No way to teach net or syscall about vsock sockaddr, so go right to C */
+
+/*
+#include <sys/socket.h>
+#include "include/uapi/linux/vm_sockets.h"
+int bind_sockaddr_vm(int fd, const struct sockaddr_vm *sa_vm) {
+    return bind(fd, (const struct sockaddr*)sa_vm, sizeof(*sa_vm));
+}
+int connect_sockaddr_vm(int fd, const struct sockaddr_vm *sa_vm) {
+    return connect(fd, (const struct sockaddr*)sa_vm, sizeof(*sa_vm));
+}
+int accept_vm(int fd, struct sockaddr_vm *sa_vm, socklen_t *sa_vm_len) {
+    return accept4(fd, (struct sockaddr *)sa_vm, sa_vm_len, 0);
+}
+*/
+import "C"
+
+const (
+	AF_VSOCK            = 40
+	VSOCK_CID_ANY       = 4294967295 /* 2^32-1 */
+)
+
+// Listen returns a net.Listener which can accept connections on the given
+// vhan port.
+func Listen(port uint) (net.Listener, error) {
+	accept_fd, err := syscall.Socket(AF_VSOCK, syscall.SOCK_STREAM, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	sa := C.struct_sockaddr_vm{}
+	sa.svm_family = AF_VSOCK
+	sa.svm_port = C.uint(port)
+	sa.svm_cid = VSOCK_CID_ANY
+
+	if ret := C.bind_sockaddr_vm(C.int(accept_fd), &sa); ret != 0 {
+		return nil, errors.New(fmt.Sprintf("failed bind vsock connection to %08x.%08x, returned %d", sa.svm_cid, sa.svm_port, ret))
+	}
+
+	err = syscall.Listen(accept_fd, syscall.SOMAXCONN)
+	if err != nil {
+		return nil, err
+	}
+	return &vsockListener{accept_fd, port}, nil
+}
+
+type vsockListener struct {
+	accept_fd int
+	port      uint
+}
+
+func (v *vsockListener) Accept() (net.Conn, error) {
+	var accept_sa C.struct_sockaddr_vm
+	var accept_sa_len C.socklen_t
+
+	accept_sa_len = C.sizeof_struct_sockaddr_vm
+	fd, err := C.accept_vm(C.int(v.accept_fd), &accept_sa, &accept_sa_len)
+	if err != nil {
+		return nil, err
+	}
+	vsock := os.NewFile(uintptr(fd), fmt.Sprintf("vsock:%d", fd))
+	conn, err := net.FileConn(vsock)
+	if err != nil {
+		return nil, err
+	}
+	return conn, nil
+}
+
+func (v *vsockListener) Close() error {
+	return syscall.Close(v.accept_fd)
+}
+
+type vsockAddr struct {
+	network string
+	addr    string
+}
+
+func (a *vsockAddr) Network() string {
+	return a.network
+}
+
+func (a *vsockAddr) String() string {
+	return a.addr
+}
+
+func (v *vsockListener) Addr() net.Addr {
+	return &vsockAddr{
+		network: "vsock",
+		addr:    fmt.Sprintf("%08x", v.port),
+	}
+}