/*
- * Copyright (C) 2005-2007 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2005-2012 Andre Noll <maan@systemlinux.org>
*
* Licensed under the GPL v2. For licencing details see COPYING.
*/
/** \file net.c Networking-related helper functions. */
+/*
+ * Since glibc 2.8, the _GNU_SOURCE feature test macro must be defined in order
+ * to obtain the definition of the ucred structure.
+ */
+#define _GNU_SOURCE
+
#include <netdb.h>
+/* At least NetBSD needs these. */
+#ifndef AI_V4MAPPED
+#define AI_V4MAPPED 0
+#endif
+#ifndef AI_ALL
+#define AI_ALL 0
+#endif
+#ifndef AI_ADDRCONFIG
+#define AI_ADDRCONFIG 0
+#endif
+
+#include <regex.h>
+
#include "para.h"
#include "error.h"
#include "net.h"
#include "string.h"
+#include "list.h"
+#include "fd.h"
+/**
+ * Parse and validate IPv4 address/netmask string.
+ *
+ * \param cidr Address in CIDR notation
+ * \param addr Copy of the IPv4 address part of \a cidr
+ * \param addrlen Size of \a addr in bytes
+ * \param netmask Value of the netmask part in \a cidr or the
+ * default of 32 if not specified.
+ *
+ * \return Pointer to \a addr if succesful, NULL on error.
+ * \sa RFC 4632
+ */
+char *parse_cidr(const char *cidr,
+ char *addr, ssize_t addrlen,
+ int32_t *netmask)
+{
+ const char *o = cidr;
+ char *c = addr, *end = c + (addrlen - 1);
+
+ *netmask = 0x20;
+
+ if (cidr == NULL || addrlen < 1)
+ goto failed;
+
+ for (o = cidr; (*c = *o == '/'? '\0' : *o); c++, o++)
+ if (c == end)
+ goto failed;
+
+ if (*o == '/')
+ if (para_atoi32(++o, netmask) < 0 ||
+ *netmask < 0 || *netmask > 0x20)
+ goto failed;
+
+ if (is_valid_ipv4_address(addr))
+ return addr;
+failed:
+ *addr = '\0';
+ return NULL;
+}
-/** Information about one encrypted connection. */
-struct crypt_data {
- /** Function used to decrypt received data. */
- crypt_function *recv;
- /** Function used to encrypt data to be sent. */
- crypt_function *send;
- /**
- * Context-dependent data (crypt keys), passed verbatim to the above
- * crypt functions.
- */
- void *private_data;
-};
-/** Array holding per fd crypt data. */
-static struct crypt_data *crypt_data_array;
-/** Current size of the crypt data array. */
-static unsigned cda_size = 0;
/**
- * Activate encryption for one file descriptor.
+ * Match string as a candidate IPv4 address.
*
- * \param fd The file descriptor.
- * \param recv_f The function used for decrypting received data.
- * \param send_f The function used for encrypting before sending.
- * \param private_data User data supplied by the caller.
+ * \param address The string to match.
+ * \return True if \a address has "dot-quad" format.
*/
-void enable_crypt(int fd, crypt_function *recv_f, crypt_function *send_f,
- void *private_data)
-{
- if (fd + 1 > cda_size) {
- crypt_data_array = para_realloc(crypt_data_array,
- (fd + 1) * sizeof(struct crypt_data));
- memset(crypt_data_array + cda_size, 0,
- (fd + 1 - cda_size) * sizeof(struct crypt_data));
- cda_size = fd + 1;
- }
- crypt_data_array[fd].recv = recv_f;
- crypt_data_array[fd].send = send_f;
- crypt_data_array[fd].private_data = private_data;
- PARA_INFO_LOG("rc4 encryption activated for fd %d\n", fd);
+static bool is_v4_dot_quad(const char *address)
+{
+ bool result;
+ regex_t r;
+
+ assert(para_regcomp(&r, "^([0-9]+\\.){3}[0-9]+$",
+ REG_EXTENDED | REG_NOSUB) >= 0);
+ result = regexec(&r, address, 0, NULL, 0) == 0;
+ regfree(&r);
+ return result;
}
/**
- * Deactivate encryption for a given fd.
+ * Perform basic syntax checking on the host-part of an URL:
*
- * \param fd The file descriptor.
+ * - Since ':' is invalid in IPv4 addresses and DNS names, the
+ * presence of ':' causes interpretation as IPv6 address;
+ * - next the first-match-wins algorithm from RFC 3986 is applied;
+ * - else the string is considered as DNS name, to be resolved later.
*
- * This must be called if and only if \p fd was activated via enable_crypt().
+ * \param host The host string to check.
+ * \return True if \a host passes the syntax checks.
+ *
+ * \sa RFC 3986, 3.2.2; RFC 1123, 2.1; RFC 1034, 3.5
*/
-void disable_crypt(int fd)
+static bool host_string_ok(const char *host)
{
- if (cda_size < fd + 1)
- return;
- crypt_data_array[fd].recv = NULL;
- crypt_data_array[fd].send = NULL;
- crypt_data_array[fd].private_data = NULL;
+ if (host == NULL || *host == '\0')
+ return false;
+ if (strchr(host, ':') != NULL)
+ return is_valid_ipv6_address(host);
+ if (is_v4_dot_quad(host))
+ return is_valid_ipv4_address(host);
+ return true;
}
+/**
+ * Parse and validate URL string.
+ *
+ * The URL syntax is loosely based on RFC 3986, supporting one of
+ * - "["host"]"[:port] for native IPv6 addresses and
+ * - host[:port] for IPv4 hostnames and DNS names.
+ *
+ * Native IPv6 addresses must be enclosed in square brackets, since
+ * otherwise there is an ambiguity with the port separator `:'.
+ * The 'port' part is always considered to be a number; if absent,
+ * it is set to -1, to indicate that a default port is to be used.
+ *
+ * The following are valid examples:
+ * - 10.10.1.1
+ * - 10.10.1.2:8000
+ * - localhost
+ * - localhost:8001
+ * - [::1]:8000
+ * - [badc0de::1]
+ *
+ * \param url The URL string to take apart.
+ * \param host To return the copied host part of \a url.
+ * \param hostlen The maximum length of \a host.
+ * \param port To return the port number (if any) of \a url.
+ *
+ * \return Pointer to \a host, or NULL if failed.
+ * If NULL is returned, \a host and \a portnum are undefined. If no
+ * port number was present in \a url, \a portnum is set to -1.
+ *
+ * \sa RFC 3986, 3.2.2/3.2.3
+ */
+char *parse_url(const char *url,
+ char *host, ssize_t hostlen,
+ int32_t *port)
+{
+ const char *o = url;
+ char *c = host, *end = c + (hostlen - 1);
+
+ *port = -1;
+
+ if (o == NULL || hostlen < 1)
+ goto failed;
+
+ if (*o == '[') {
+ for (++o; (*c = *o == ']' ? '\0' : *o); c++, o++)
+ if (c == end)
+ goto failed;
+
+ if (*o++ != ']' || (*o != '\0' && *o != ':'))
+ goto failed;
+ } else {
+ for (; (*c = *o == ':'? '\0' : *o); c++, o++)
+ if (c == end)
+ goto failed;
+ }
+
+ if (*o == ':')
+ if (para_atoi32(++o, port) < 0 ||
+ *port < 0 || *port > 0xffff)
+ goto failed;
+
+ if (host_string_ok(host))
+ return host;
+failed:
+ *host = '\0';
+ return NULL;
+}
+
+/**
+ * Stringify port number, resolve into service name where defined.
+ * \param port 2-byte port number, in host-byte-order.
+ * \param transport Transport protocol name (e.g. "udp", "tcp"), or NULL.
+ * \return Pointer to static result buffer.
+ *
+ * \sa getservent(3), services(5), nsswitch.conf(5)
+ */
+const char *stringify_port(int port, const char *transport)
+{
+ static char service[NI_MAXSERV];
+
+ if (port < 0 || port > 0xFFFF) {
+ snprintf(service, sizeof(service), "undefined (%d)", port);
+ } else {
+ struct servent *se = getservbyport(htons(port), transport);
+
+ if (se == NULL)
+ snprintf(service, sizeof(service), "%u", port);
+ else
+ snprintf(service, sizeof(service), "%s", se->s_name);
+ }
+ return service;
+}
/**
* Determine the socket type for a given layer-4 protocol.
return "UNKNOWN PROTOCOL";
}
+/**
+ * Flowopts: Transport-layer independent encapsulation of socket options.
+ *
+ * These collect individual socket options into a queue, which is disposed of
+ * directly after makesock(). The 'pre_conn_opt' structure is for internal use
+ * only and should not be visible elsewhere.
+ *
+ * \sa setsockopt(2), makesock()
+ */
+struct pre_conn_opt {
+ int sock_level; /**< Second argument to setsockopt() */
+ int sock_option; /**< Third argument to setsockopt() */
+ char *opt_name; /**< Stringified \a sock_option */
+ void *opt_val; /**< Fourth argument to setsockopt() */
+ socklen_t opt_len; /**< Fifth argument to setsockopt() */
+
+ struct list_head node; /**< FIFO, as sockopt order matters. */
+};
+
+/** FIFO list of pre-connection socket options to be set */
+struct flowopts {
+ struct list_head sockopts;
+};
+
+struct flowopts *flowopt_new(void)
+{
+ struct flowopts *new = para_malloc(sizeof(*new));
+
+ INIT_LIST_HEAD(&new->sockopts);
+ return new;
+}
+
+/**
+ * Append new socket option to flowopt queue.
+ *
+ * \param fo The flowopt queue to append to.
+ * \param lev Level at which \a opt resides.
+ * \param opt New option to add.
+ * \param name Stringified name of \a opt.
+ * \param val The value to set \a opt to.
+ * \param len Length of \a val.
+ *
+ * \sa setsockopt(2)
+ */
+void flowopt_add(struct flowopts *fo, int lev, int opt,
+ const char *name, const void *val, int len)
+{
+ struct pre_conn_opt *new = para_malloc(sizeof(*new));
+
+ new->sock_option = opt;
+ new->sock_level = lev;
+ new->opt_name = para_strdup(name);
+
+ if (val == NULL) {
+ new->opt_val = NULL;
+ new->opt_len = 0;
+ } else {
+ new->opt_val = para_malloc(len);
+ new->opt_len = len;
+ memcpy(new->opt_val, val, len);
+ }
+
+ list_add_tail(&new->node, &fo->sockopts);
+}
+
+void flowopt_add_bool(struct flowopts *fo, int lev, int opt,
+ const char *optname, bool on_or_off)
+{
+ int on = on_or_off; /* kernel takes 'int' */
+
+ flowopt_add(fo, lev, opt, optname, &on, sizeof(on));
+}
+
+/** Set the entire bunch of pre-connection options at once. */
+static void flowopt_setopts(int sockfd, struct flowopts *fo)
+{
+ struct pre_conn_opt *pc;
+
+ if (fo == NULL)
+ return;
+
+ list_for_each_entry(pc, &fo->sockopts, node)
+ if (setsockopt(sockfd, pc->sock_level, pc->sock_option,
+ pc->opt_val, pc->opt_len) < 0) {
+ PARA_EMERG_LOG("Can not set %s socket option: %s",
+ pc->opt_name, strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+}
+
+static void flowopt_cleanup(struct flowopts *fo)
+{
+ struct pre_conn_opt *cur, *next;
+
+ if (fo == NULL)
+ return;
+
+ list_for_each_entry_safe(cur, next, &fo->sockopts, node) {
+ free(cur->opt_name);
+ free(cur->opt_val);
+ free(cur);
+ }
+ free(fo);
+}
+
/**
* Resolve IPv4/IPv6 address and create a ready-to-use active or passive socket.
*
- * @param l3type The layer-3 type (\p AF_INET, \p AF_INET6, \p AF_UNSPEC)
- * @param l4type The layer-4 type (\p IPPROTO_xxx).
- * @param passive Whether this is a passive (1) or active (0) socket/
- * @param host Remote or local hostname or IPv/6 address string.
- * @param port_number Decimal port number.
- *
- * This creates a ready-made IPv4/v6 socket structure after looking up the necessary
- * parameters. The interpretation of \a host depends on the value of \a passive:
- * - on a passive socket host is interpreted as an interface IPv4/6 address
- * (can be left NULL);
- * - on an active socket, \a host is the peer DNS name or IPv4/6 address to connect to;
- * - \a port_number is in either case the numeric port number (not service string).
- * Furthermore, bind(2) is called on passive sockets, and connect(2) on active sockets.
- * The algorithm tries all possible address combinations until it succeeds.
- *
- * \return This function returns 1 on success and \a -E_ADDRESS_LOOKUP when no matching
- * connection could be set up (with details in the error log).
- *
- * \sa ipv6(7), getaddrinfo(3), bind(2), connect(2)
+ * \param l4type The layer-4 type (\p IPPROTO_xxx).
+ * \param passive Whether this is a passive (1) or active (0) socket.
+ * \param host Remote or local hostname or IPv/6 address string.
+ * \param port_number Decimal port number.
+ * \param fo Socket options to be set before making the connection.
+ *
+ * This creates a ready-made IPv4/v6 socket structure after looking up the
+ * necessary parameters. The interpretation of \a host depends on the value of
+ * \a passive:
+ * - on a passive socket host is interpreted as an interface IPv4/6 address
+ * (can be left NULL);
+ * - on an active socket, \a host is the peer DNS name or IPv4/6 address
+ * to connect to;
+ * - \a port_number is in either case the numeric port number (not service
+ * string).
+ *
+ * Furthermore, bind(2) is called on passive sockets, and connect(2) on active
+ * sockets. The algorithm tries all possible address combinations until it
+ * succeeds. If \a fo is supplied, options are set and cleanup is performed.
+ *
+ * \return This function returns 1 on success and \a -E_ADDRESS_LOOKUP when no
+ * matching connection could be set up (with details in the error log).
+ *
+ * \sa ipv6(7), getaddrinfo(3), bind(2), connect(2).
*/
-int makesock(unsigned l3type, unsigned l4type, int passive,
- const char *host, unsigned short port_number)
+int makesock(unsigned l4type, bool passive,
+ const char *host, uint16_t port_number,
+ struct flowopts *fo)
{
- struct addrinfo *local = NULL, *src,
- *remote = NULL, *dst, hints;
- char *port = make_message("%u", port_number);
+ struct addrinfo *local = NULL, *src = NULL, *remote = NULL,
+ *dst = NULL, hints;
+ unsigned int l3type = AF_UNSPEC;
int rc, on = 1, sockfd = -1,
socktype = sock_type(l4type);
+ char port[6]; /* port number has at most 5 digits */
- /*
- * Set up address hint structure
- */
+ sprintf(port, "%u", port_number);
+ /* Set up address hint structure */
memset(&hints, 0, sizeof(hints));
hints.ai_family = l3type;
- /* getaddrinfo does not really work well with SOCK_DCCP */
- if (socktype == SOCK_DGRAM || socktype == SOCK_STREAM)
- hints.ai_socktype = socktype;
+ hints.ai_socktype = socktype;
+ /*
+ * getaddrinfo does not support SOCK_DCCP, so for the sake of lookup
+ * (and only then) pretend to be UDP.
+ */
+ if (l4type == IPPROTO_DCCP)
+ hints.ai_socktype = SOCK_DGRAM;
/* only use addresses available on the host */
hints.ai_flags = AI_ADDRCONFIG;
if (passive && host == NULL)
hints.ai_flags |= AI_PASSIVE;
- /*
- * Obtain local/remote address information
- */
+ /* Obtain local/remote address information */
if ((rc = getaddrinfo(host, port, &hints, passive ? &local : &remote))) {
PARA_ERROR_LOG("can not resolve %s address %s#%s: %s.\n",
layer4_name(l4type),
- host? : (passive? "[loopback]" : "[localhost]"),
+ host? host : (passive? "[loopback]" : "[localhost]"),
port, gai_strerror(rc));
- return -E_ADDRESS_LOOKUP;
+ rc = -E_ADDRESS_LOOKUP;
+ goto out;
}
- /*
- * Iterate over all src/dst combination, exhausting dst first
- */
+ /* Iterate over all src/dst combination, exhausting dst first */
for (src = local, dst = remote; src != NULL || dst != NULL; /* no op */ ) {
if (src && dst && src->ai_family == AF_INET
- && dst->ai_family == AF_INET6) /* v4 -> v6 is not possible */
- goto get_next_dst;
+ && dst->ai_family == AF_INET6)
+ goto get_next_dst; /* v4 -> v6 is not possible */
- sockfd = socket(src ? src->ai_family : dst->ai_family, socktype, l4type);
+ sockfd = socket(src ? src->ai_family : dst->ai_family,
+ socktype, l4type);
if (sockfd < 0)
goto get_next_dst;
/*
- * Set those options that need to be set before establishing the connection
+ * Reuse the address on passive sockets to avoid failure on
+ * restart (protocols using listen()) and when creating
+ * multiple listener instances (UDP multicast).
*/
- /* Reuse the address on passive (listening) sockets to avoid failure on restart */
- if (passive && setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) {
- PARA_ERROR_LOG("can not set SO_REUSEADDR: %s\n", strerror(errno));
- return -ERRNO_TO_PARA_ERROR(errno);
+ if (passive && setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR,
+ &on, sizeof(on)) == -1) {
+ rc = errno;
+ close(sockfd);
+ PARA_ERROR_LOG("can not set SO_REUSEADDR: %s\n",
+ strerror(rc));
+ rc = -ERRNO_TO_PARA_ERROR(rc);
+ break;
}
+ flowopt_setopts(sockfd, fo);
if (src) {
if (bind(sockfd, src->ai_addr, src->ai_addrlen) < 0) {
close(sockfd);
goto get_next_src;
}
- if (!dst)
- break; /* bind-only completed successfully */
+ if (!dst) /* bind-only completed successfully */
+ break;
}
if (dst && connect(sockfd, dst->ai_addr, dst->ai_addrlen) == 0)
- break; /* connection completed successfully */
+ break; /* connection completed successfully */
close(sockfd);
get_next_dst:
if (dst && (dst = dst->ai_next))
continue;
get_next_src:
- if (src && (src = src->ai_next))
- dst = remote; /* restart inner loop */
+ if (src && (src = src->ai_next)) /* restart inner loop */
+ dst = remote;
}
+out:
if (local)
freeaddrinfo(local);
if (remote)
freeaddrinfo(remote);
+ flowopt_cleanup(fo);
if (src == NULL && dst == NULL) {
- PARA_ERROR_LOG("can not create %s socket %s#%s.\n", layer4_name(l4type),
- host? : (passive? "[loopback]" : "[localhost]"), port);
- return -ERRNO_TO_PARA_ERROR(errno);
+ if (rc >= 0)
+ rc = -E_MAKESOCK;
+ PARA_ERROR_LOG("can not create %s socket %s#%s.\n",
+ layer4_name(l4type), host? host : (passive?
+ "[loopback]" : "[localhost]"), port);
+ return rc;
}
return sockfd;
}
/**
* Create a passive / listening socket.
- * \param l3type The network-layer type (\p AF_xxx)
- * \param l4type The transport-layer type (\p IPPROTO_xxx).
- * \param port The decimal port number to listen on.
*
- * \return Positive integer (socket descriptor) on success, negative value otherwise.
+ * \param l4type The transport-layer type (\p IPPROTO_xxx).
+ * \param port The decimal port number to listen on.
+ * \param fo Flowopts (if any) to set before starting to listen.
+ *
+ * \return Positive integer (socket descriptor) on success, negative value
+ * otherwise.
+ *
* \sa makesock(), ip(7), ipv6(7), bind(2), listen(2).
*/
-int para_listen(unsigned l3type, unsigned l4type, unsigned short port)
+int para_listen(unsigned l4type, uint16_t port, struct flowopts *fo)
{
- int ret, fd = makesock(l3type, l4type, 1, NULL, port);
+ int ret, fd = makesock(l4type, 1, NULL, port, fo);
if (fd > 0) {
ret = listen(fd, BACKLOG);
if (ret < 0) {
+ ret = errno;
close(fd);
- return -ERRNO_TO_PARA_ERROR(errno);
+ return -ERRNO_TO_PARA_ERROR(ret);
}
PARA_INFO_LOG("listening on %s port %u, fd %d\n",
- layer4_name(l4type), port, fd);
+ layer4_name(l4type), port, fd);
}
return fd;
}
/**
- * Print numeric host and port number (beware - uses static char).
- * \param sa The IPv4/IPv6 socket address to use.
- * \param len The length of \p sa.
- *
- * \sa getnameinfo(3)
+ * Determine IPv4/v6 socket address length.
+ * \param sa Container of IPv4 or IPv6 address.
+ * \return Address-family dependent address length.
*/
-char *host_and_port(struct sockaddr *sa, socklen_t len)
-{
- static char output[NI_MAXHOST + NI_MAXSERV + 2];
- char hbuf[NI_MAXHOST],
- sbuf[NI_MAXSERV];
- int ret;
-
- ret = getnameinfo(sa, len, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
- NI_NUMERICHOST | NI_NUMERICSERV);
- if (ret) {
- PARA_WARNING_LOG("hostname lookup error (%s).\n", gai_strerror(ret));
- sprintf(output, "(unknown)");
- } else {
- sprintf(output, "%s#%s", hbuf, sbuf);
- }
- return output;
+static socklen_t salen(const struct sockaddr *sa)
+{
+ assert(sa->sa_family == AF_INET || sa->sa_family == AF_INET6);
+
+ return sa->sa_family == AF_INET6
+ ? sizeof(struct sockaddr_in6)
+ : sizeof(struct sockaddr_in);
+}
+
+/** True if @ss holds a v6-mapped-v4 address (RFC 4291, 2.5.5.2) */
+static bool SS_IS_ADDR_V4MAPPED(const struct sockaddr_storage *ss)
+{
+ const struct sockaddr_in6 *ia6 = (const struct sockaddr_in6 *)ss;
+
+ return ss->ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&ia6->sin6_addr);
}
/**
- * Look up the local or remote side of a connected socket structure.
- * \param fd The socket descriptor of the connected socket.
- * \param getname Either \fn getsockname() for local, or \fn getpeername() for remote side.
+ * Process IPv4/v6 address, turn v6-mapped-v4 address into normal IPv4 address.
+ * \param ss Container of IPv4/6 address.
+ * \return Pointer to normalized address (may be static storage).
*
- * \return A static character string identifying hostname and port of the chosen side
- * \sa getsockname(2), getpeername(2)
+ * \sa RFC 3493
*/
-static char *__get_sock_name(int fd, int (*getname)(int, struct sockaddr*, socklen_t *))
+static const struct sockaddr *
+normalize_ip_address(const struct sockaddr_storage *ss)
{
- struct sockaddr_storage ss;
- socklen_t sslen = sizeof(ss);
+ assert(ss->ss_family == AF_INET || ss->ss_family == AF_INET6);
- if (getname(fd, (struct sockaddr *)&ss, &sslen) < 0) {
- static char *dont_know = "(don't know)";
- PARA_ERROR_LOG("can not determine address from fd %d: %s\n", fd, strerror(errno));
- return dont_know;
- }
+ if (SS_IS_ADDR_V4MAPPED(ss)) {
+ const struct sockaddr_in6 *ia6 = (const struct sockaddr_in6 *)ss;
+ static struct sockaddr_in ia;
- return host_and_port((struct sockaddr *)&ss, sslen);
+ ia.sin_family = AF_INET;
+ ia.sin_port = ia6->sin6_port;
+ memcpy(&ia.sin_addr.s_addr, &(ia6->sin6_addr.s6_addr[12]), 4);
+ return (const struct sockaddr *)&ia;
+ }
+ return (const struct sockaddr *)ss;
}
-char *local_name(int sockfd)
+/**
+ * Generic/fallback MTU values
+ *
+ * These are taken from RFC 1122, RFC 2460, and RFC 5405.
+ * - RFC 1122, 3.3.3 defines EMTU_S ("Effective MTU for sending") and recommends
+ * to use an EMTU_S size of of 576 bytes if the IPv4 path MTU is unknown;
+ * - RFC 2460, 5. requires a minimum IPv6 MTU of 1280 bytes;
+ * - RFC 5405, 3.2 recommends that if path MTU discovery is not done,
+ * UDP senders should use the respective minimum values of EMTU_S.
+ */
+static inline int generic_mtu(const int af_type)
{
- return __get_sock_name(sockfd, getsockname);
+ return af_type == AF_INET6 ? 1280 : 576;
}
-char *remote_name(int sockfd)
+/** Crude approximation of IP header overhead - neglecting options. */
+static inline int estimated_header_overhead(const int af_type)
{
- return __get_sock_name(sockfd, getpeername);
+ return af_type == AF_INET6 ? 40 : 20;
}
-/*
- * Send out a buffer, resend on short writes.
+/**
+ * Get the maximum transport-layer message size (MMS_S).
*
- * \param fd The file descriptor.
- * \param buf The buffer to be sent.
- * \param len The length of \a buf.
+ * \param sockfd The socket file descriptor.
*
- * \return Standard. In any case, the number of bytes actually sent is stored
- * in \a len.
+ * The socket must be connected. See RFC 1122, 3.3.3. If the protocol familiy
+ * could not be determined, \p AF_INET is assumed.
+ *
+ * \return The maximum message size of the address family type.
*/
-static int sendall(int fd, const char *buf, size_t *len)
+int generic_max_transport_msg_size(int sockfd)
{
- size_t total = *len;
-
- assert(total);
- *len = 0;
- while (*len < total) {
- int ret = send(fd, buf + *len, total - *len, 0);
- if (ret == -1)
- return -ERRNO_TO_PARA_ERROR(errno);
- *len += ret;
+ struct sockaddr_storage ss;
+ socklen_t sslen = sizeof(ss);
+ int af_type = AF_INET;
+
+ if (getpeername(sockfd, (struct sockaddr *)&ss, &sslen) < 0) {
+ PARA_ERROR_LOG("can not determine remote address type: %s\n",
+ strerror(errno));
+ } else if (!SS_IS_ADDR_V4MAPPED(&ss)) {
+ af_type = ss.ss_family;
}
- return 1;
+ return generic_mtu(af_type) - estimated_header_overhead(af_type);
}
/**
- * Encrypt and send a binary buffer.
+ * Look up the local or remote side of a connected socket structure.
*
- * \param fd The file descriptor.
- * \param buf The buffer to be encrypted and sent.
- * \param len The length of \a buf.
+ * \param fd The socket descriptor of the connected socket.
+ * \param getname Either \p getsockname() for local, or \p getpeername() for
+ * remote side.
*
- * Check if encryption is available. If yes, encrypt the given buffer. Send
- * out the buffer, encrypted or not, and try to resend the remaing part in case
- * of short writes.
+ * \return A static character string identifying hostname and port of the
+ * chosen side in numeric host:port format.
*
- * \return Standard.
+ * \sa getsockname(2), getpeername(2), parse_url(), getnameinfo(3),
+ * services(5), nsswitch.conf(5).
*/
-int send_bin_buffer(int fd, const char *buf, size_t len)
+static char *__get_sock_name(int fd, typeof(getsockname) getname)
{
+ struct sockaddr_storage ss;
+ const struct sockaddr *sa;
+ socklen_t sslen = sizeof(ss);
+ char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
+ static char output[sizeof(hbuf) + sizeof(sbuf) + 4];
int ret;
- crypt_function *cf = NULL;
-
- if (!len)
- PARA_CRIT_LOG("%s", "len == 0\n");
- if (fd + 1 <= cda_size)
- cf = crypt_data_array[fd].send;
- if (cf) {
- void *private = crypt_data_array[fd].private_data;
- /* RC4 may write more than len to the output buffer */
- unsigned char *outbuf = para_malloc(ROUND_UP(len, 8));
- (*cf)(len, (unsigned char *)buf, outbuf, private);
- ret = sendall(fd, (char *)outbuf, &len);
- free(outbuf);
- } else
- ret = sendall(fd, buf, &len);
- return ret;
+
+ if (getname(fd, (struct sockaddr *)&ss, &sslen) < 0) {
+ PARA_ERROR_LOG("can not determine address from fd %d: %s\n",
+ fd, strerror(errno));
+ snprintf(output, sizeof(output), "(unknown)");
+ return output;
+ }
+ sa = normalize_ip_address(&ss);
+ ret = getnameinfo(sa, salen(sa), hbuf, sizeof(hbuf), sbuf,
+ sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV);
+ if (ret) {
+ PARA_WARNING_LOG("hostname lookup error (%s).\n",
+ gai_strerror(ret));
+ snprintf(output, sizeof(output), "(lookup error)");
+ } else if (sa->sa_family == AF_INET6)
+ snprintf(output, sizeof(output), "[%s]:%s", hbuf, sbuf);
+ else
+ snprintf(output, sizeof(output), "%s:%s", hbuf, sbuf);
+ return output;
}
/**
- * Encrypt and send null terminated buffer.
+ * Look up the local side of a connected socket structure.
*
- * \param fd The file descriptor.
- * \param buf The null-terminated buffer to be send.
+ * \param sockfd The file descriptor of the socket.
*
- * This is equivalent to send_bin_buffer(fd, buf, strlen(buf)).
+ * \return A pointer to a static buffer containing hostname an port. This
+ * buffer must not be freed by the caller.
*
- * \return Standard.
+ * \sa remote_name().
*/
-int send_buffer(int fd, const char *buf)
+char *local_name(int sockfd)
{
- return send_bin_buffer(fd, buf, strlen(buf));
+ return __get_sock_name(sockfd, getsockname);
}
-
/**
- * Send and encrypt a buffer given by a format string.
+ * Look up the remote side of a connected socket structure.
*
- * \param fd The file descriptor.
- * \param fmt A format string.
+ * \param sockfd The file descriptor of the socket.
*
- * \return Standard.
+ * \return Analogous to the return value of \ref local_name() but for the
+ * remote side.
+ *
+ * \sa local_name().
*/
-__printf_2_3 int send_va_buffer(int fd, const char *fmt, ...)
+char *remote_name(int sockfd)
{
- char *msg;
- int ret;
+ return __get_sock_name(sockfd, getpeername);
+}
- PARA_VSPRINTF(fmt, msg);
- ret = send_buffer(fd, msg);
- free(msg);
- return ret;
+/**
+ * Extract IPv4 or IPv6-mapped-IPv4 address from sockaddr_storage.
+ * \param ss Container of IPv4/6 address
+ * \return Extracted IPv4 address (different from 0) or 0 if unsuccessful.
+ *
+ * \sa RFC 3493
+ */
+struct in_addr extract_v4_addr(const struct sockaddr_storage *ss)
+{
+ struct in_addr ia = {.s_addr = 0};
+ const struct sockaddr *sa = normalize_ip_address(ss);
+
+ if (sa->sa_family == AF_INET)
+ ia = ((struct sockaddr_in *)sa)->sin_addr;
+ return ia;
}
/**
- * Receive and decrypt.
+ * Receive data from a file descriptor.
*
* \param fd The file descriptor.
- * \param buf The buffer to write the decrypted data to.
+ * \param buf The buffer to write the data to.
* \param size The size of \a buf.
*
- * Receive at most \a size bytes from file descriptor \a fd. If encryption is
- * available, decrypt the received buffer.
+ * Receive at most \a size bytes from file descriptor \a fd.
*
- * \return The number of bytes received on success, negative on errors.
+ * \return The number of bytes received on success, negative on errors, zero if
+ * the peer has performed an orderly shutdown.
*
- * \sa recv(2)
+ * \sa recv(2).
*/
__must_check int recv_bin_buffer(int fd, char *buf, size_t size)
{
ssize_t n;
- crypt_function *cf = NULL;
-
- if (fd + 1 <= cda_size)
- cf = crypt_data_array[fd].recv;
- if (cf) {
- unsigned char *tmp = para_malloc(size);
- void *private = crypt_data_array[fd].private_data;
- n = recv(fd, tmp, size, 0);
- if (n > 0) {
- size_t numbytes = n;
- unsigned char *b = (unsigned char *)buf;
- (*cf)(numbytes, tmp, b, private);
- }
- free(tmp);
- } else
- n = recv(fd, buf, size, 0);
+
+ n = recv(fd, buf, size, 0);
if (n == -1)
return -ERRNO_TO_PARA_ERROR(errno);
return n;
}
/**
- * Receive, decrypt and write terminating NULL byte.
+ * Receive and write terminating NULL byte.
*
* \param fd The file descriptor.
- * \param buf The buffer to write the decrypted data to.
+ * \param buf The buffer to write the data to.
* \param size The size of \a buf.
*
- * Read and decrypt at most \a size - 1 bytes from file descriptor \a fd and
+ * Read at most \a size - 1 bytes from file descriptor \a fd and
* write a NULL byte at the end of the received data.
*
* \return The return value of the underlying call to \a recv_bin_buffer().
* Wrapper around the accept system call.
*
* \param fd The listening socket.
+ * \param rfds An optional fd_set pointer.
* \param addr Structure which is filled in with the address of the peer socket.
* \param size Should contain the size of the structure pointed to by \a addr.
+ * \param new_fd Result pointer.
*
- * Accept incoming connections on \a addr. Retry if interrupted.
+ * Accept incoming connections on \a addr, retry if interrupted. If \a rfds is
+ * not \p NULL, return 0 if \a fd is not set in \a rfds without calling accept().
*
- * \return The new file descriptor on success, negative on errors.
+ * \return Negative on errors, zero if no connections are present to be accepted,
+ * one otherwise.
*
* \sa accept(2).
*/
-int para_accept(int fd, void *addr, socklen_t size)
+int para_accept(int fd, fd_set *rfds, void *addr, socklen_t size, int *new_fd)
{
- int new_fd;
+ int ret;
+ if (rfds && !FD_ISSET(fd, rfds))
+ return 0;
do
- new_fd = accept(fd, (struct sockaddr *) addr, &size);
- while (new_fd < 0 && errno == EINTR);
- return new_fd < 0? -ERRNO_TO_PARA_ERROR(errno) : new_fd;
+ ret = accept(fd, (struct sockaddr *) addr, &size);
+ while (ret < 0 && errno == EINTR);
+
+ if (ret >= 0) {
+ *new_fd = ret;
+ return 1;
+ }
+ if (errno == EAGAIN || errno == EWOULDBLOCK)
+ return 0;
+ return -ERRNO_TO_PARA_ERROR(errno);
+}
+
+/**
+ * Probe the list of DCCP CCIDs configured on this host.
+ * \param ccid_array Pointer to return statically allocated array in.
+ * \return Number of elements returned in \a ccid_array or error.
+ *
+ * NB: This feature is only available on Linux > 2.6.30; on older kernels
+ * ENOPROTOOPT ("Protocol not available") will be returned.
+ */
+int dccp_available_ccids(uint8_t **ccid_array)
+{
+ static uint8_t ccids[DCCP_MAX_HOST_CCIDS];
+ socklen_t nccids = sizeof(ccids);
+ int ret, fd;
+
+ ret = fd = makesock(IPPROTO_DCCP, 1, NULL, 0, NULL);
+ if (ret < 0)
+ return ret;
+
+ if (getsockopt(fd, SOL_DCCP, DCCP_SOCKOPT_AVAILABLE_CCIDS,
+ ccids, &nccids) < 0) {
+ ret = errno;
+ close(fd);
+ PARA_ERROR_LOG("No DCCP_SOCKOPT_AVAILABLE_CCIDS: %s\n",
+ strerror(ret));
+ return -ERRNO_TO_PARA_ERROR(ret);
+ }
+
+ close(fd);
+ *ccid_array = ccids;
+ return nccids;
}
/**
- * prepare a structure for \p AF_UNIX socket addresses
+ * Prepare a structure for \p AF_UNIX socket addresses.
*
- * \param u pointer to the struct to be prepared
- * \param name the socket pathname
+ * \param u Pointer to the struct to be prepared.
+ * \param name The socket pathname.
*
* This just copies \a name to the sun_path component of \a u.
*
* This function creates a local socket for sequenced, reliable, two-way,
* connection-based byte streams.
*
- * \return The file descriptor, on success, negative on errors.
+ * \return The file descriptor of the connected socket on success, negative on
+ * errors.
*
- * \sa create_local_socket(), unix(7), connect(2)
+ * \sa create_local_socket(), unix(7), connect(2).
*/
-int create_remote_socket(const char *name)
+int connect_local_socket(const char *name)
{
struct sockaddr_un unix_addr;
int fd, ret;
+ PARA_DEBUG_LOG("connecting to %s\n", name);
ret = init_unix_addr(&unix_addr, name);
if (ret < 0)
return ret;
#ifndef HAVE_UCRED
ssize_t send_cred_buffer(int sock, char *buf)
{
- return send_buffer(sock, buf);
+ return write_buffer(sock, buf);
}
int recv_cred_buffer(int fd, char *buf, size_t size)
{
}
#else /* HAVE_UCRED */
/**
- * send NULL terminated buffer and Unix credentials of the current process
+ * Send \p NULL-terminated buffer and Unix credentials of the current process.
*
- * \param sock the socket file descriptor
- * \param buf the buffer to be sent
+ * \param sock The socket file descriptor.
+ * \param buf The buffer to be sent.
*
* \return On success, this call returns the number of characters sent. On
* error, \p -E_SENDMSG is returned.
*
- * \sa okir's Black Hats Manual
- * \sa sendmsg(2)
+ * \sa sendmsg(2), okir's Black Hats Manual.
*/
ssize_t send_cred_buffer(int sock, char *buf)
{
- char control[sizeof(struct cmsghdr) + 10];
+ char control[sizeof(struct cmsghdr) + sizeof(struct ucred)];
struct msghdr msg;
struct cmsghdr *cmsg;
static struct iovec iov;
}
/**
- * receive a buffer and the Unix credentials of the sending process
+ * Receive a buffer and the Unix credentials of the sending process.
*
- * \param fd the socket file descriptor
- * \param buf the buffer to store the message
- * \param size the size of \a buffer
+ * \param fd the socket file descriptor.
+ * \param buf the buffer to store the message.
+ * \param size the size of \a buffer.
*
* \return negative on errors, the user id on success.
*
- * \sa okir's Black Hats Manual
- * \sa recvmsg(2)
+ * \sa recvmsg(2), okir's Black Hats Manual.
*/
int recv_cred_buffer(int fd, char *buf, size_t size)
{
return result;
}
#endif /* HAVE_UCRED */
-
-/**
- * receive a buffer and check for a pattern
- *
- * \param fd the file descriptor to receive from
- * \param pattern the expected pattern
- * \param bufsize the size of the internal buffer
- *
- * \return Positive if \a pattern was received, negative otherwise.
- *
- * This function creates a buffer of size \a bufsize and tries
- * to receive at most \a bufsize bytes from file descriptor \a fd.
- * If at least \p strlen(\a pattern) bytes were received, the beginning of
- * the received buffer is compared with \a pattern, ignoring case.
- *
- * \sa recv_buffer()
- * \sa strncasecmp(3)
- */
-int recv_pattern(int fd, const char *pattern, size_t bufsize)
-{
- size_t len = strlen(pattern);
- char *buf = para_malloc(bufsize + 1);
- int ret = -E_RECV_PATTERN, n = recv_buffer(fd, buf, bufsize);
-
- if (n < len)
- goto out;
- if (strncasecmp(buf, pattern, len))
- goto out;
- ret = 1;
-out:
- if (ret < 0) {
- PARA_NOTICE_LOG("n = %d, did not receive pattern '%s'\n", n, pattern);
- if (n > 0)
- PARA_NOTICE_LOG("recvd: %s\n", buf);
- }
- free(buf);
- return ret;
-}