8000 (Lua version) Add experimental `syscall_overrides` config option by stevenengler · Pull Request #3375 · shadow/shadow · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

(Lua version) Add experimental syscall_overrides config option #3375

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

(Lua version) Add experimental syscall_overrides config option #3375

wants to merge 2 commits into from

Conversation

stevenengler
Copy link
Contributor
@stevenengler stevenengler commented Jul 24, 2024
edited
Loading

See #3280 and #3369.

This is a ~equivalent version of #3369 using Lua expressions instead of CEL expressions. This uses the "vendored" feature of mlua so that a system Lua interpreter doesn't need to be installed. I chose the "lua54" feature because 54 was the biggest number.

Unfortunately, I don't see a way to compile the expressions ahead of time, so they're compiled each time they're evaluated. (Compiled functions are non-send non-sync Function<'lua> where 'lua is the lifetime of the interpreter, which leads to issues.)

I wrote this PR without much thinking and without knowing anything about Lua, but it seems to work.

experimental.syscall_overrides

Default: {}
Type: Object

Override the behaviour of emulated syscalls.

A map of syscall numbers to lists of Lua expressions. For each syscall
number listed, a list of expressions will be evaluated before running Shadow's
syscall handler. If an expression returns a non-nil signed integer result, that
result will be used as the return value for the syscall. Otherwise if all
expressions return nil, Shadow will perform the syscall as usual.

The following variables are available in expressions:

  • args: Array of syscall arguments cast as integers.
  • host: The hostname of the current host.
  • process: The name of the current process.
  • pid: The pid of the current process.
  • tid: The tid of the current thread.

Example:

experimental:
  syscall_overrides:
    # SYS_SETSOCKOPT = 54, SOL_IP = 0, IP_BIND_ADDRESS_NO_PORT = 24, IP_TTL = 2
    54:
    - # setsockopt(_, SOL_IP, IP_BIND_ADDRESS_NO_PORT, ...) -> 0
      "(args[1] == 0 and args[2] == 24) and 0 or nil"
    - # setsockopt(_, SOL_IP, IP_TTL, ...) -> 0
      "(args[1] == 0 and args[2] == 2) and 0 or nil"

You must not modify global state or do anything weird within an expression. In
other words, there should be no side effects. The Lua interpreter may be reused.

To easily find the integer value for a given libc constant, you can search for
the constant name within the libc crate's documentation. For example to find
the integer value of SO_REUSEADDR, you can search for
SO_REUSEADDR at https://docs.rs/libc/latest/libc/.

@stevenengler stevenengler added this to the Support missing syscalls milestone Jul 24, 2024
@github-actions github-actions bot added Component: Main Composing the core Shadow executable Component: Build Build/install tools and dependencies Component: Documentation In-repository documentation, under docs/ labels Jul 24, 2024
@stevenengler stevenengler mentioned this pull request Jul 24, 2024
Draft
@stevenengler stevenengler changed the title (Lua version) Add experimental syscall_overrides config option (Lua version) Add experimental syscall_overrides config option Jul 24, 2024
@stevenengler
Added conversions from ProcessId/ThreadId to u32/u64
6255a8e
@stevenengler
Added the experimental syscall_overrides config option
b40e02f 
This allows users to override the behaviour of emulated syscalls using
Lua expressions.
@stevenengler stevenengler mentioned this pull request Nov 7, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@stevenengler stevenengler

Labels
Component: Build Build/install tools and dependencies Component: Documentation In-repository documentation, under docs/ Component: Main Composing the core Shadow executable
Projects
None yet
Milestone
Support missing syscalls
Development

Successfully merging this pull request may close these issues.
1 participant
@stevenengler
0