| * Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback Following the merging of https://github.com/gliderlabs/ssh/pull/143 we can now report connections to the ssh server that have failed before public key exchange has completed using the standard fail2ban message. This PR updates Gliderlabs SSH and adds a callback that will provide this logging. Signed-off-by: Andrew Thornton <art27@cantab.net> * move the callback to its own function to make the logging appear little nicer Signed-off-by: Andrew Thornton <art27@cantab.net> | ||
|---|---|---|
| .. | ||
| .gitignore | ||
| affinity_linux.go | ||
| aliases.go | ||
| asm_aix_ppc64.s | ||
| asm_bsd_386.s | ||
| asm_bsd_amd64.s | ||
| asm_bsd_arm.s | ||
| asm_bsd_arm64.s | ||
| asm_linux_386.s | ||
| asm_linux_amd64.s | ||
| asm_linux_arm.s | ||
| asm_linux_arm64.s | ||
| asm_linux_mips64x.s | ||
| asm_linux_mipsx.s | ||
| asm_linux_ppc64x.s | ||
| asm_linux_riscv64.s | ||
| asm_linux_s390x.s | ||
| asm_openbsd_mips64.s | ||
| asm_solaris_amd64.s | ||
| asm_zos_s390x.s | ||
| bluetooth_linux.go | ||
| cap_freebsd.go | ||
| constants.go | ||
| dev_aix_ppc.go | ||
| dev_aix_ppc64.go | ||
| dev_darwin.go | ||
| dev_dragonfly.go | ||
| dev_freebsd.go | ||
| dev_linux.go | ||
| dev_netbsd.go | ||
| dev_openbsd.go | ||
| dev_zos.go | ||
| dirent.go | ||
| endian_big.go | ||
| endian_little.go | ||
| env_unix.go | ||
| epoll_zos.go | ||
| errors_freebsd_386.go | ||
| errors_freebsd_amd64.go | ||
| errors_freebsd_arm.go | ||
| errors_freebsd_arm64.go | ||
| fcntl.go | ||
| fcntl_darwin.go | ||
| fcntl_linux_32bit.go | ||
| fdset.go | ||
| fstatfs_zos.go | ||
| gccgo.go | ||
| gccgo_c.c | ||
| gccgo_linux_amd64.go | ||
| ioctl.go | ||
| ioctl_linux.go | ||
| ioctl_zos.go | ||
| mkall.sh | ||
| mkerrors.sh | ||
| pagesize_unix.go | ||
| pledge_openbsd.go | ||
| ptrace_darwin.go | ||
| ptrace_ios.go | ||
| race.go | ||
| race0.go | ||
| readdirent_getdents.go | ||
| readdirent_getdirentries.go | ||
| README.md | ||
| sockcmsg_dragonfly.go | ||
| sockcmsg_linux.go | ||
| sockcmsg_unix.go | ||
| sockcmsg_unix_other.go | ||
| str.go | ||
| syscall.go | ||
| syscall_aix.go | ||
| syscall_aix_ppc.go | ||
| syscall_aix_ppc64.go | ||
| syscall_bsd.go | ||
| syscall_darwin.1_12.go | ||
| syscall_darwin.1_13.go | ||
| syscall_darwin.go | ||
| syscall_darwin_amd64.go | ||
| syscall_darwin_arm64.go | ||
| syscall_darwin_libSystem.go | ||
| syscall_dragonfly.go | ||
| syscall_dragonfly_amd64.go | ||
| syscall_freebsd.go | ||
| syscall_freebsd_386.go | ||
| syscall_freebsd_amd64.go | ||
| syscall_freebsd_arm.go | ||
| syscall_freebsd_arm64.go | ||
| syscall_illumos.go | ||
| syscall_linux.go | ||
| syscall_linux_386.go | ||
| syscall_linux_amd64.go | ||
| syscall_linux_amd64_gc.go | ||
| syscall_linux_arm.go | ||
| syscall_linux_arm64.go | ||
| syscall_linux_gc.go | ||
| syscall_linux_gc_386.go | ||
| syscall_linux_gc_arm.go | ||
| syscall_linux_gccgo_386.go | ||
| syscall_linux_gccgo_arm.go | ||
| syscall_linux_mips64x.go | ||
| syscall_linux_mipsx.go | ||
| syscall_linux_ppc.go | ||
| syscall_linux_ppc64x.go | ||
| syscall_linux_riscv64.go | ||
| syscall_linux_s390x.go | ||
| syscall_linux_sparc64.go | ||
| syscall_netbsd.go | ||
| syscall_netbsd_386.go | ||
| syscall_netbsd_amd64.go | ||
| syscall_netbsd_arm.go | ||
| syscall_netbsd_arm64.go | ||
| syscall_openbsd.go | ||
| syscall_openbsd_386.go | ||
| syscall_openbsd_amd64.go | ||
| syscall_openbsd_arm.go | ||
| syscall_openbsd_arm64.go | ||
| syscall_openbsd_mips64.go | ||
| syscall_solaris.go | ||
| syscall_solaris_amd64.go | ||
| syscall_unix.go | ||
| syscall_unix_gc.go | ||
| syscall_unix_gc_ppc64x.go | ||
| syscall_zos_s390x.go | ||
| timestruct.go | ||
| unveil_openbsd.go | ||
| xattr_bsd.go | ||
| zerrors_aix_ppc.go | ||
| zerrors_aix_ppc64.go | ||
| zerrors_darwin_amd64.go | ||
| zerrors_darwin_arm64.go | ||
| zerrors_dragonfly_amd64.go | ||
| zerrors_freebsd_386.go | ||
| zerrors_freebsd_amd64.go | ||
| zerrors_freebsd_arm.go | ||
| zerrors_freebsd_arm64.go | ||
| zerrors_linux.go | ||
| zerrors_linux_386.go | ||
| zerrors_linux_amd64.go | ||
| zerrors_linux_arm.go | ||
| zerrors_linux_arm64.go | ||
| zerrors_linux_mips.go | ||
| zerrors_linux_mips64.go | ||
| zerrors_linux_mips64le.go | ||
| zerrors_linux_mipsle.go | ||
| zerrors_linux_ppc.go | ||
| zerrors_linux_ppc64.go | ||
| zerrors_linux_ppc64le.go | ||
| zerrors_linux_riscv64.go | ||
| zerrors_linux_s390x.go | ||
| zerrors_linux_sparc64.go | ||
| zerrors_netbsd_386.go | ||
| zerrors_netbsd_amd64.go | ||
| zerrors_netbsd_arm.go | ||
| zerrors_netbsd_arm64.go | ||
| zerrors_openbsd_386.go | ||
| zerrors_openbsd_amd64.go | ||
| zerrors_openbsd_arm.go | ||
| zerrors_openbsd_arm64.go | ||
| zerrors_openbsd_mips64.go | ||
| zerrors_solaris_amd64.go | ||
| zerrors_zos_s390x.go | ||
| zptrace_armnn_linux.go | ||
| zptrace_linux_arm64.go | ||
| zptrace_mipsnn_linux.go | ||
| zptrace_mipsnnle_linux.go | ||
| zptrace_x86_linux.go | ||
| zsyscall_aix_ppc.go | ||
| zsyscall_aix_ppc64.go | ||
| zsyscall_aix_ppc64_gc.go | ||
| zsyscall_aix_ppc64_gccgo.go | ||
| zsyscall_darwin_amd64.1_13.go | ||
| zsyscall_darwin_amd64.1_13.s | ||
| zsyscall_darwin_amd64.go | ||
| zsyscall_darwin_amd64.s | ||
| zsyscall_darwin_arm64.1_13.go | ||
| zsyscall_darwin_arm64.1_13.s | ||
| zsyscall_darwin_arm64.go | ||
| zsyscall_darwin_arm64.s | ||
| zsyscall_dragonfly_amd64.go | ||
| zsyscall_freebsd_386.go | ||
| zsyscall_freebsd_amd64.go | ||
| zsyscall_freebsd_arm.go | ||
| zsyscall_freebsd_arm64.go | ||
| zsyscall_illumos_amd64.go | ||
| zsyscall_linux.go | ||
| zsyscall_linux_386.go | ||
| zsyscall_linux_amd64.go | ||
| zsyscall_linux_arm.go | ||
| zsyscall_linux_arm64.go | ||
| zsyscall_linux_mips.go | ||
| zsyscall_linux_mips64.go | ||
| zsyscall_linux_mips64le.go | ||
| zsyscall_linux_mipsle.go | ||
| zsyscall_linux_ppc.go | ||
| zsyscall_linux_ppc64.go | ||
| zsyscall_linux_ppc64le.go | ||
| zsyscall_linux_riscv64.go | ||
| zsyscall_linux_s390x.go | ||
| zsyscall_linux_sparc64.go | ||
| zsyscall_netbsd_386.go | ||
| zsyscall_netbsd_amd64.go | ||
| zsyscall_netbsd_arm.go | ||
| zsyscall_netbsd_arm64.go | ||
| zsyscall_openbsd_386.go | ||
| zsyscall_openbsd_amd64.go | ||
| zsyscall_openbsd_arm.go | ||
| zsyscall_openbsd_arm64.go | ||
| zsyscall_openbsd_mips64.go | ||
| zsyscall_solaris_amd64.go | ||
| zsyscall_zos_s390x.go | ||
| zsysctl_openbsd_386.go | ||
| zsysctl_openbsd_amd64.go | ||
| zsysctl_openbsd_arm.go | ||
| zsysctl_openbsd_arm64.go | ||
| zsysctl_openbsd_mips64.go | ||
| zsysnum_darwin_amd64.go | ||
| zsysnum_darwin_arm64.go | ||
| zsysnum_dragonfly_amd64.go | ||
| zsysnum_freebsd_386.go | ||
| zsysnum_freebsd_amd64.go | ||
| zsysnum_freebsd_arm.go | ||
| zsysnum_freebsd_arm64.go | ||
| zsysnum_linux_386.go | ||
| zsysnum_linux_amd64.go | ||
| zsysnum_linux_arm.go | ||
| zsysnum_linux_arm64.go | ||
| zsysnum_linux_mips.go | ||
| zsysnum_linux_mips64.go | ||
| zsysnum_linux_mips64le.go | ||
| zsysnum_linux_mipsle.go | ||
| zsysnum_linux_ppc.go | ||
| zsysnum_linux_ppc64.go | ||
| zsysnum_linux_ppc64le.go | ||
| zsysnum_linux_riscv64.go | ||
| zsysnum_linux_s390x.go | ||
| zsysnum_linux_sparc64.go | ||
| zsysnum_netbsd_386.go | ||
| zsysnum_netbsd_amd64.go | ||
| zsysnum_netbsd_arm.go | ||
| zsysnum_netbsd_arm64.go | ||
| zsysnum_openbsd_386.go | ||
| zsysnum_openbsd_amd64.go | ||
| zsysnum_openbsd_arm.go | ||
| zsysnum_openbsd_arm64.go | ||
| zsysnum_openbsd_mips64.go | ||
| zsysnum_zos_s390x.go | ||
| ztypes_aix_ppc.go | ||
| ztypes_aix_ppc64.go | ||
| ztypes_darwin_amd64.go | ||
| ztypes_darwin_arm64.go | ||
| ztypes_dragonfly_amd64.go | ||
| ztypes_freebsd_386.go | ||
| ztypes_freebsd_amd64.go | ||
| ztypes_freebsd_arm.go | ||
| ztypes_freebsd_arm64.go | ||
| ztypes_illumos_amd64.go | ||
| ztypes_linux.go | ||
| ztypes_linux_386.go | ||
| ztypes_linux_amd64.go | ||
| ztypes_linux_arm.go | ||
| ztypes_linux_arm64.go | ||
| ztypes_linux_mips.go | ||
| ztypes_linux_mips64.go | ||
| ztypes_linux_mips64le.go | ||
| ztypes_linux_mipsle.go | ||
| ztypes_linux_ppc.go | ||
| ztypes_linux_ppc64.go | ||
| ztypes_linux_ppc64le.go | ||
| ztypes_linux_riscv64.go | ||
| ztypes_linux_s390x.go | ||
| ztypes_linux_sparc64.go | ||
| ztypes_netbsd_386.go | ||
| ztypes_netbsd_amd64.go | ||
| ztypes_netbsd_arm.go | ||
| ztypes_netbsd_arm64.go | ||
| ztypes_openbsd_386.go | ||
| ztypes_openbsd_amd64.go | ||
| ztypes_openbsd_arm.go | ||
| ztypes_openbsd_arm64.go | ||
| ztypes_openbsd_mips64.go | ||
| ztypes_solaris_amd64.go | ||
| ztypes_zos_s390x.go | ||
Building sys/unix
The sys/unix package provides access to the raw system call interface of the underlying operating system. See: https://godoc.org/golang.org/x/sys/unix
Porting Go to a new architecture/OS combination or adding syscalls, types, or constants to an existing architecture/OS pair requires some manual effort; however, there are tools that automate much of the process.
Build Systems
There are currently two ways we generate the necessary files. We are currently migrating the build system to use containers so the builds are reproducible. This is being done on an OS-by-OS basis. Please update this documentation as components of the build system change.
Old Build System (currently for GOOS != "linux")
The old build system generates the Go files based on the C header files present on your system. This means that files for a given GOOS/GOARCH pair must be generated on a system with that OS and architecture. This also means that the generated code can differ from system to system, based on differences in the header files.
To avoid this, if you are using the old build system, only generate the Go files on an installation with unmodified header files. It is also important to keep track of which version of the OS the files were generated from (ex. Darwin 14 vs Darwin 15). This makes it easier to track the progress of changes and have each OS upgrade correspond to a single change.
To build the files for your current OS and architecture, make sure GOOS and
GOARCH are set correctly and run mkall.sh. This will generate the files for
your specific system. Running mkall.sh -n shows the commands that will be run.
Requirements: bash, go
New Build System (currently for GOOS == "linux")
The new build system uses a Docker container to generate the go files directly from source checkouts of the kernel and various system libraries. This means that on any platform that supports Docker, all the files using the new build system can be generated at once, and generated files will not change based on what the person running the scripts has installed on their computer.
The OS specific files for the new build system are located in the ${GOOS}
directory, and the build is coordinated by the ${GOOS}/mkall.go program. When
the kernel or system library updates, modify the Dockerfile at
${GOOS}/Dockerfile to checkout the new release of the source.
To build all the files under the new build system, you must be on an amd64/Linux
system and have your GOOS and GOARCH set accordingly. Running mkall.sh will
then generate all of the files for all of the GOOS/GOARCH pairs in the new build
system. Running mkall.sh -n shows the commands that will be run.
Requirements: bash, go, docker
Component files
This section describes the various files used in the code generation process. It also contains instructions on how to modify these files to add a new architecture/OS or to add additional syscalls, types, or constants. Note that if you are using the new build system, the scripts/programs cannot be called normally. They must be called from within the docker container.
asm files
The hand-written assembly file at asm_${GOOS}_${GOARCH}.s implements system
call dispatch. There are three entry points:
  func Syscall(trap, a1, a2, a3 uintptr) (r1, r2, err uintptr)
  func Syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2, err uintptr)
  func RawSyscall(trap, a1, a2, a3 uintptr) (r1, r2, err uintptr)
The first and second are the standard ones; they differ only in how many arguments can be passed to the kernel. The third is for low-level use by the ForkExec wrapper. Unlike the first two, it does not call into the scheduler to let it know that a system call is running.
When porting Go to a new architecture/OS, this file must be implemented for each GOOS/GOARCH pair.
mksysnum
Mksysnum is a Go program located at ${GOOS}/mksysnum.go (or mksysnum_${GOOS}.go
for the old system). This program takes in a list of header files containing the
syscall number declarations and parses them to produce the corresponding list of
Go numeric constants. See zsysnum_${GOOS}_${GOARCH}.go for the generated
constants.
Adding new syscall numbers is mostly done by running the build on a sufficiently new installation of the target OS (or updating the source checkouts for the new build system). However, depending on the OS, you may need to update the parsing in mksysnum.
mksyscall.go
The syscall.go, syscall_${GOOS}.go, syscall_${GOOS}_${GOARCH}.go are
hand-written Go files which implement system calls (for unix, the specific OS,
or the specific OS/Architecture pair respectively) that need special handling
and list //sys comments giving prototypes for ones that can be generated.
The mksyscall.go program takes the //sys and //sysnb comments and converts
them into syscalls. This requires the name of the prototype in the comment to
match a syscall number in the zsysnum_${GOOS}_${GOARCH}.go file. The function
prototype can be exported (capitalized) or not.
Adding a new syscall often just requires adding a new //sys function prototype
with the desired arguments and a capitalized name so it is exported. However, if
you want the interface to the syscall to be different, often one will make an
unexported //sys prototype, and then write a custom wrapper in
syscall_${GOOS}.go.
types files
For each OS, there is a hand-written Go file at ${GOOS}/types.go (or
types_${GOOS}.go on the old system). This file includes standard C headers and
creates Go type aliases to the corresponding C types. The file is then fed
through godef to get the Go compatible definitions. Finally, the generated code
is fed though mkpost.go to format the code correctly and remove any hidden or
private identifiers. This cleaned-up code is written to
ztypes_${GOOS}_${GOARCH}.go.
The hardest part about preparing this file is figuring out which headers to
include and which symbols need to be #defined to get the actual data
structures that pass through to the kernel system calls. Some C libraries
preset alternate versions for binary compatibility and translate them on the
way in and out of system calls, but there is almost always a #define that can
get the real ones.
See types_darwin.go and linux/types.go for examples.
To add a new type, add in the necessary include statement at the top of the
file (if it is not already there) and add in a type alias line. Note that if
your type is significantly different on different architectures, you may need
some #if/#elif macros in your include statements.
mkerrors.sh
This script is used to generate the system's various constants. This doesn't
just include the error numbers and error strings, but also the signal numbers
and a wide variety of miscellaneous constants. The constants come from the list
of include files in the includes_${uname} variable. A regex then picks out
the desired #define statements, and generates the corresponding Go constants.
The error numbers and strings are generated from #include <errno.h>, and the
signal numbers and strings are generated from #include <signal.h>. All of
these constants are written to zerrors_${GOOS}_${GOARCH}.go via a C program,
_errors.c, which prints out all the constants.
To add a constant, add the header that includes it to the appropriate variable. Then, edit the regex (if necessary) to match the desired constant. Avoid making the regex too broad to avoid matching unintended constants.
mkmerge.go
This program is used to extract duplicate const, func, and type declarations from the generated architecture-specific files listed below, and merge these into a common file for each OS.
The merge is performed in the following steps:
- Construct the set of common code that is idential in all architecture-specific files.
- Write this common code to the merged file.
- Remove the common code from all architecture-specific files.
Generated files
zerrors_${GOOS}_${GOARCH}.go
A file containing all of the system's generated error numbers, error strings,
signal numbers, and constants. Generated by mkerrors.sh (see above).
zsyscall_${GOOS}_${GOARCH}.go
A file containing all the generated syscalls for a specific GOOS and GOARCH.
Generated by mksyscall.go (see above).
zsysnum_${GOOS}_${GOARCH}.go
A list of numeric constants for all the syscall number of the specific GOOS and GOARCH. Generated by mksysnum (see above).
ztypes_${GOOS}_${GOARCH}.go
A file containing Go types for passing into (or returning from) syscalls. Generated by godefs and the types file (see above).