diff --git a/pkg/rand/BUILD b/pkg/rand/BUILD index 12e6cf25a..97b9ba3ff 100644 --- a/pkg/rand/BUILD +++ b/pkg/rand/BUILD @@ -4,7 +4,10 @@ load("//tools/go_stateify:defs.bzl", "go_library") go_library( name = "rand", - srcs = ["rand.go"], + srcs = [ + "rand.go", + "rand_linux.go", + ], importpath = "gvisor.googlesource.com/gvisor/pkg/rand", visibility = ["//:sandbox"], deps = ["@org_golang_x_sys//unix:go_default_library"], diff --git a/pkg/rand/rand.go b/pkg/rand/rand.go index 37ac07620..e81f0f5db 100644 --- a/pkg/rand/rand.go +++ b/pkg/rand/rand.go @@ -12,28 +12,18 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build !linux + // Package rand implements a cryptographically secure pseudorandom number // generator. package rand -import ( - "io" - - "golang.org/x/sys/unix" -) - -// reader implements an io.Reader that returns pseudorandom bytes. -type reader struct{} - -// Read implements io.Reader.Read. -func (reader) Read(p []byte) (int, error) { - return unix.Getrandom(p, 0) -} +import "crypto/rand" // Reader is the default reader. -var Reader io.Reader = reader{} +var Reader = rand.Reader -// Read reads from the default reader. +// Read implements io.Reader.Read. func Read(b []byte) (int, error) { - return io.ReadFull(Reader, b) + return rand.Read(b) } diff --git a/pkg/rand/rand_linux.go b/pkg/rand/rand_linux.go new file mode 100644 index 000000000..37ac07620 --- /dev/null +++ b/pkg/rand/rand_linux.go @@ -0,0 +1,39 @@ +// Copyright 2018 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package rand implements a cryptographically secure pseudorandom number +// generator. +package rand + +import ( + "io" + + "golang.org/x/sys/unix" +) + +// reader implements an io.Reader that returns pseudorandom bytes. +type reader struct{} + +// Read implements io.Reader.Read. +func (reader) Read(p []byte) (int, error) { + return unix.Getrandom(p, 0) +} + +// Reader is the default reader. +var Reader io.Reader = reader{} + +// Read reads from the default reader. +func Read(b []byte) (int, error) { + return io.ReadFull(Reader, b) +} diff --git a/pkg/tcpip/link/fdbased/endpoint.go b/pkg/tcpip/link/fdbased/endpoint.go index 152d8f0b2..449acdfdd 100644 --- a/pkg/tcpip/link/fdbased/endpoint.go +++ b/pkg/tcpip/link/fdbased/endpoint.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build linux + // Package fdbased provides the implemention of data-link layer endpoints // backed by boundary-preserving file descriptors (e.g., TUN devices, // seqpacket/datagram sockets). diff --git a/pkg/tcpip/link/fdbased/endpoint_test.go b/pkg/tcpip/link/fdbased/endpoint_test.go index e05e3aebd..89e791543 100644 --- a/pkg/tcpip/link/fdbased/endpoint_test.go +++ b/pkg/tcpip/link/fdbased/endpoint_test.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build linux + package fdbased import ( diff --git a/pkg/tcpip/link/sharedmem/rx.go b/pkg/tcpip/link/sharedmem/rx.go index 4c9aa3f64..b8e39eca1 100644 --- a/pkg/tcpip/link/sharedmem/rx.go +++ b/pkg/tcpip/link/sharedmem/rx.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build linux + package sharedmem import ( diff --git a/pkg/tcpip/link/sharedmem/sharedmem.go b/pkg/tcpip/link/sharedmem/sharedmem.go index eabf35bd3..824cab093 100644 --- a/pkg/tcpip/link/sharedmem/sharedmem.go +++ b/pkg/tcpip/link/sharedmem/sharedmem.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build linux + // Package sharedmem provides the implemention of data-link layer endpoints // backed by shared memory. // diff --git a/pkg/tcpip/link/sharedmem/sharedmem_test.go b/pkg/tcpip/link/sharedmem/sharedmem_test.go index 7bd8db6a4..1e229279a 100644 --- a/pkg/tcpip/link/sharedmem/sharedmem_test.go +++ b/pkg/tcpip/link/sharedmem/sharedmem_test.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build linux + package sharedmem import ( diff --git a/pkg/tcpip/link/tun/tun_unsafe.go b/pkg/tcpip/link/tun/tun_unsafe.go index d3d68b569..1dec41982 100644 --- a/pkg/tcpip/link/tun/tun_unsafe.go +++ b/pkg/tcpip/link/tun/tun_unsafe.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build linux + // Package tun contains methods to open TAP and TUN devices. package tun diff --git a/pkg/tcpip/sample/tun_tcp_connect/main.go b/pkg/tcpip/sample/tun_tcp_connect/main.go index 3030e84a7..d029193fb 100644 --- a/pkg/tcpip/sample/tun_tcp_connect/main.go +++ b/pkg/tcpip/sample/tun_tcp_connect/main.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build linux + // This sample creates a stack with TCP and IPv4 protocols on top of a TUN // device, and connects to a peer. Similar to "nc
". While the // sample is running, attempts to connect to its IPv4 address will result in diff --git a/pkg/tcpip/sample/tun_tcp_echo/main.go b/pkg/tcpip/sample/tun_tcp_echo/main.go index 9cced35eb..a4b28a7a3 100644 --- a/pkg/tcpip/sample/tun_tcp_echo/main.go +++ b/pkg/tcpip/sample/tun_tcp_echo/main.go @@ -12,6 +12,8 @@ // See the License for the specific language governing permissions and // limitations under the License. +// +build linux + // This sample creates a stack with TCP and IPv4 protocols on top of a TUN // device, and listens on a port. Data received by the server in the accepted // connections is echoed back to the clients.