2 * Copyright (C) 2005-2007 Andre Noll <maan@systemlinux.org>
4 * Licensed under the GPL v2. For licencing details see COPYING.
7 /** \file net.c Networking-related helper functions. */
17 /** Information about one encrypted connection. */
19 /** Function used to decrypt received data. */
21 /** Function used to encrypt data to be sent. */
24 * Context-dependent data (crypt keys), passed verbatim to the above
29 /** Array holding per fd crypt data. */
30 static struct crypt_data *crypt_data_array;
31 /** Current size of the crypt data array. */
32 static unsigned cda_size = 0;
35 * Activate encryption for one file descriptor.
37 * \param fd The file descriptor.
38 * \param recv_f The function used for decrypting received data.
39 * \param send_f The function used for encrypting before sending.
40 * \param private_data User data supplied by the caller.
42 void enable_crypt(int fd, crypt_function *recv_f, crypt_function *send_f,
45 if (fd + 1 > cda_size) {
46 crypt_data_array = para_realloc(crypt_data_array,
47 (fd + 1) * sizeof(struct crypt_data));
48 memset(crypt_data_array + cda_size, 0,
49 (fd + 1 - cda_size) * sizeof(struct crypt_data));
52 crypt_data_array[fd].recv = recv_f;
53 crypt_data_array[fd].send = send_f;
54 crypt_data_array[fd].private_data = private_data;
55 PARA_INFO_LOG("rc4 encryption activated for fd %d\n", fd);
59 * Deactivate encryption for a given fd.
61 * \param fd The file descriptor.
63 * This must be called if and only if \p fd was activated via enable_crypt().
65 void disable_crypt(int fd)
67 if (cda_size < fd + 1)
69 crypt_data_array[fd].recv = NULL;
70 crypt_data_array[fd].send = NULL;
71 crypt_data_array[fd].private_data = NULL;
76 * Initialize a struct sockaddr_in.
78 * \param addr A pointer to the struct to be initialized.
79 * \param port The port number to use.
80 * \param he The address to use.
82 * If \a he is null (server mode), \a addr->sin_addr is initialized with \p
83 * INADDR_ANY. Otherwise, the address given by \a he is copied to addr.
85 static void init_sockaddr(struct sockaddr_in *addr, int port, const struct hostent *he)
88 addr->sin_family = AF_INET;
89 /* short, network byte order */
90 addr->sin_port = htons(port);
92 addr->sin_addr = *((struct in_addr *)he->h_addr);
94 addr->sin_addr.s_addr = INADDR_ANY;
95 /* zero the rest of the struct */
96 memset(&addr->sin_zero, '\0', 8);
100 * Determine the socket type for a given layer-4 protocol.
102 * \param l4type The symbolic name of the transport-layer protocol.
104 * \sa ip(7), socket(2)
106 static inline int sock_type(const unsigned l4type)
109 case IPPROTO_UDP: return SOCK_DGRAM;
110 case IPPROTO_TCP: return SOCK_STREAM;
111 case IPPROTO_DCCP: return SOCK_DCCP;
113 return -1; /* not supported here */
117 * Pretty-print transport-layer name.
119 static const char *layer4_name(const unsigned l4type)
122 case IPPROTO_UDP: return "UDP";
123 case IPPROTO_TCP: return "TCP";
124 case IPPROTO_DCCP: return "DCCP";
126 return "UNKNOWN PROTOCOL";
130 * Resolve IPv4/IPv6 address and create a ready-to-use active or passive socket.
132 * @param l3type The layer-3 type (\p AF_INET, \p AF_INET6, \p AF_UNSPEC)
133 * @param l4type The layer-4 type (\p IPPROTO_xxx).
134 * @param passive Whether this is a passive (1) or active (0) socket/
135 * @param host Remote or local hostname or IPv/6 address string.
136 * @param port_number Decimal port number.
138 * This creates a ready-made IPv4/v6 socket structure after looking up the necessary
139 * parameters. The interpretation of \a host depends on the value of \a passive:
140 * - on a passive socket host is interpreted as an interface IPv4/6 address
141 * (can be left NULL);
142 * - on an active socket, \a host is the peer DNS name or IPv4/6 address to connect to;
143 * - \a port_number is in either case the numeric port number (not service string).
144 * Furthermore, bind(2) is called on passive sockets, and connect(2) on active sockets.
145 * The algorithm tries all possible address combinations until it succeeds.
147 * \return This function returns 1 on success and \a -E_ADDRESS_LOOKUP when no matching
148 * connection could be set up (with details in the error log).
150 * \sa ipv6(7), getaddrinfo(3), bind(2), connect(2)
152 int makesock(unsigned l3type, unsigned l4type, int passive,
153 const char *host, unsigned short port_number)
155 struct addrinfo *local = NULL, *src,
156 *remote = NULL, *dst, hints;
157 char *port = make_message("%u", port_number);
158 int rc, on = 1, sockfd = -1,
159 socktype = sock_type(l4type);
162 * Set up address hint structure
164 memset(&hints, 0, sizeof(hints));
165 hints.ai_family = l3type;
166 /* getaddrinfo does not really work well with SOCK_DCCP */
167 if (socktype == SOCK_DGRAM || socktype == SOCK_STREAM)
168 hints.ai_socktype = socktype;
170 /* only use addresses available on the host */
171 hints.ai_flags = AI_ADDRCONFIG;
172 if (l3type == AF_INET6)
173 /* use v4-mapped-v6 if no v6 addresses found */
174 hints.ai_flags |= AI_V4MAPPED | AI_ALL;
176 if (passive && host == NULL)
177 hints.ai_flags |= AI_PASSIVE;
180 * Obtain local/remote address information
182 if ((rc = getaddrinfo(host, port, &hints, passive ? &local : &remote))) {
183 PARA_ERROR_LOG("can not resolve %s address %s#%s: %s.\n",
185 host? : (passive? "[loopback]" : "[localhost]"),
186 port, gai_strerror(rc));
187 return -E_ADDRESS_LOOKUP;
191 * Iterate over all src/dst combination, exhausting dst first
193 for (src = local, dst = remote; src != NULL || dst != NULL; /* no op */ ) {
194 if (src && dst && src->ai_family == AF_INET
195 && dst->ai_family == AF_INET6) /* v4 -> v6 is not possible */
198 sockfd = socket(src ? src->ai_family : dst->ai_family, socktype, l4type);
203 * Set those options that need to be set before establishing the connection
205 /* Reuse the address on passive (listening) sockets to avoid failure on restart */
206 if (passive && setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) {
207 PARA_ERROR_LOG("can not set SO_REUSEADDR: %s\n", strerror(errno));
208 return -ERRNO_TO_PARA_ERROR(errno);
212 if (bind(sockfd, src->ai_addr, src->ai_addrlen) < 0) {
217 break; /* bind-only completed successfully */
220 if (dst && connect(sockfd, dst->ai_addr, dst->ai_addrlen) == 0)
221 break; /* connection completed successfully */
224 if (dst && (dst = dst->ai_next))
227 if (src && (src = src->ai_next))
228 dst = remote; /* restart inner loop */
233 freeaddrinfo(remote);
235 if (src == NULL && dst == NULL) {
236 PARA_ERROR_LOG("can not create %s socket %s#%s.\n", layer4_name(l4type),
237 host? : (passive? "[loopback]" : "[localhost]"), port);
238 return -ERRNO_TO_PARA_ERROR(errno);
244 * Create a passive / listening socket.
245 * \param l3type The network-layer type (\p AF_xxx)
246 * \param l4type The transport-layer type (\p IPPROTO_xxx).
247 * \param port The decimal port number to listen on.
249 * \return Positive integer (socket descriptor) on success, negative value otherwise.
250 * \sa makesock(), ip(7), ipv6(7), bind(2), listen(2).
252 int para_listen(unsigned l3type, unsigned l4type, unsigned short port)
254 int ret, fd = makesock(l3type, l4type, 1, NULL, port);
257 ret = listen(fd, BACKLOG);
260 return -ERRNO_TO_PARA_ERROR(errno);
262 PARA_INFO_LOG("listening on %s port %u, fd %d\n",
263 layer4_name(l4type), port, fd);
269 * Send out a buffer, resend on short writes.
271 * \param fd The file descriptor.
272 * \param buf The buffer to be sent.
273 * \param len The length of \a buf.
275 * \return Standard. In any case, the number of bytes actually sent is stored
278 static int sendall(int fd, const char *buf, size_t *len)
284 while (*len < total) {
285 int ret = send(fd, buf + *len, total - *len, 0);
287 return -ERRNO_TO_PARA_ERROR(errno);
294 * Encrypt and send a binary buffer.
296 * \param fd The file descriptor.
297 * \param buf The buffer to be encrypted and sent.
298 * \param len The length of \a buf.
300 * Check if encryption is available. If yes, encrypt the given buffer. Send
301 * out the buffer, encrypted or not, and try to resend the remaing part in case
306 int send_bin_buffer(int fd, const char *buf, size_t len)
309 crypt_function *cf = NULL;
312 PARA_CRIT_LOG("%s", "len == 0\n");
313 if (fd + 1 <= cda_size)
314 cf = crypt_data_array[fd].send;
316 void *private = crypt_data_array[fd].private_data;
317 /* RC4 may write more than len to the output buffer */
318 unsigned char *outbuf = para_malloc(ROUND_UP(len, 8));
319 (*cf)(len, (unsigned char *)buf, outbuf, private);
320 ret = sendall(fd, (char *)outbuf, &len);
323 ret = sendall(fd, buf, &len);
328 * Encrypt and send null terminated buffer.
330 * \param fd The file descriptor.
331 * \param buf The null-terminated buffer to be send.
333 * This is equivalent to send_bin_buffer(fd, buf, strlen(buf)).
337 int send_buffer(int fd, const char *buf)
339 return send_bin_buffer(fd, buf, strlen(buf));
344 * Send and encrypt a buffer given by a format string.
346 * \param fd The file descriptor.
347 * \param fmt A format string.
351 __printf_2_3 int send_va_buffer(int fd, const char *fmt, ...)
356 PARA_VSPRINTF(fmt, msg);
357 ret = send_buffer(fd, msg);
363 * Receive and decrypt.
365 * \param fd The file descriptor.
366 * \param buf The buffer to write the decrypted data to.
367 * \param size The size of \a buf.
369 * Receive at most \a size bytes from file descriptor \a fd. If encryption is
370 * available, decrypt the received buffer.
372 * \return The number of bytes received on success, negative on errors.
376 __must_check int recv_bin_buffer(int fd, char *buf, size_t size)
379 crypt_function *cf = NULL;
381 if (fd + 1 <= cda_size)
382 cf = crypt_data_array[fd].recv;
384 unsigned char *tmp = para_malloc(size);
385 void *private = crypt_data_array[fd].private_data;
386 n = recv(fd, tmp, size, 0);
389 unsigned char *b = (unsigned char *)buf;
390 (*cf)(numbytes, tmp, b, private);
394 n = recv(fd, buf, size, 0);
396 return -ERRNO_TO_PARA_ERROR(errno);
401 * Receive, decrypt and write terminating NULL byte.
403 * \param fd The file descriptor.
404 * \param buf The buffer to write the decrypted data to.
405 * \param size The size of \a buf.
407 * Read and decrypt at most \a size - 1 bytes from file descriptor \a fd and
408 * write a NULL byte at the end of the received data.
410 * \return The return value of the underlying call to \a recv_bin_buffer().
412 * \sa recv_bin_buffer()
414 int recv_buffer(int fd, char *buf, size_t size)
419 n = recv_bin_buffer(fd, buf, size - 1);
428 * Establish a tcp connection.
430 * \param host Hostname or IPv4 address.
431 * \param port The tcp port.
433 * \return Negative on errors, a valid file descriptor on success.
435 int tcp_connect(char *host, int port)
437 struct sockaddr_in addr;
441 PARA_INFO_LOG("getting host info of %s\n", host);
442 /* FIXME: gethostbyname() is obsolete */
443 he = gethostbyname(host);
445 return -ERRNO_TO_PARA_ERROR(h_errno);
446 init_sockaddr(&addr, port, he);
447 ret = get_stream_socket(AF_INET);
451 ret = PARA_CONNECT(fd, &addr);
459 * A wrapper around socket(2).
461 * \param domain The communication domain that selects the protocol family.
463 * Create an IPv4 socket for sequenced, reliable, two-way, connection-based
466 * \return The socket fd on success, negative on errors.
470 int get_stream_socket(int domain)
472 int fd = socket(domain, SOCK_STREAM, 0);
475 return -ERRNO_TO_PARA_ERROR(errno);
480 * Wrapper around the accept system call.
482 * \param fd The listening socket.
483 * \param addr Structure which is filled in with the address of the peer socket.
484 * \param size Should contain the size of the structure pointed to by \a addr.
486 * Accept incoming connections on \a addr. Retry if interrupted.
488 * \return The new file descriptor on success, negative on errors.
492 int para_accept(int fd, void *addr, socklen_t size)
497 new_fd = accept(fd, (struct sockaddr *) addr, &size);
498 while (new_fd < 0 && errno == EINTR);
499 return new_fd < 0? -ERRNO_TO_PARA_ERROR(errno) : new_fd;
503 * prepare a structure for \p AF_UNIX socket addresses
505 * \param u pointer to the struct to be prepared
506 * \param name the socket pathname
508 * This just copies \a name to the sun_path component of \a u.
510 * \return Positive on success, \p -E_NAME_TOO_LONG if \a name is longer
511 * than \p UNIX_PATH_MAX.
513 int init_unix_addr(struct sockaddr_un *u, const char *name)
515 if (strlen(name) >= UNIX_PATH_MAX)
516 return -E_NAME_TOO_LONG;
517 memset(u->sun_path, 0, UNIX_PATH_MAX);
518 u->sun_family = PF_UNIX;
519 strcpy(u->sun_path, name);
524 * Prepare, create, and bind a socket for local communication.
526 * \param name The socket pathname.
527 * \param unix_addr Pointer to the \p AF_UNIX socket structure.
528 * \param mode The desired mode of the socket.
530 * This functions creates a local socket for sequenced, reliable,
531 * two-way, connection-based byte streams.
533 * \return The file descriptor, on success, negative on errors.
539 int create_local_socket(const char *name, struct sockaddr_un *unix_addr,
544 ret = init_unix_addr(unix_addr, name);
547 ret = socket(PF_UNIX, SOCK_STREAM, 0);
549 return -ERRNO_TO_PARA_ERROR(errno);
551 ret = bind(fd, (struct sockaddr *) unix_addr, UNIX_PATH_MAX);
553 ret = -ERRNO_TO_PARA_ERROR(errno);
557 if (chmod(name, mode) < 0)
566 ssize_t send_cred_buffer(int sock, char *buf)
568 return send_buffer(sock, buf);
570 int recv_cred_buffer(int fd, char *buf, size_t size)
572 return recv_buffer(fd, buf, size) > 0? 1 : -E_RECVMSG;
574 #else /* HAVE_UCRED */
576 * send NULL terminated buffer and Unix credentials of the current process
578 * \param sock the socket file descriptor
579 * \param buf the buffer to be sent
581 * \return On success, this call returns the number of characters sent. On
582 * error, \p -E_SENDMSG is returned.
584 * \sa okir's Black Hats Manual
587 ssize_t send_cred_buffer(int sock, char *buf)
589 char control[sizeof(struct cmsghdr) + 10];
591 struct cmsghdr *cmsg;
592 static struct iovec iov;
598 iov.iov_len = strlen(buf);
602 /* compose the message */
603 memset(&msg, 0, sizeof(msg));
606 msg.msg_control = control;
607 msg.msg_controllen = sizeof(control);
608 /* attach the ucred struct */
609 cmsg = CMSG_FIRSTHDR(&msg);
610 cmsg->cmsg_level = SOL_SOCKET;
611 cmsg->cmsg_type = SCM_CREDENTIALS;
612 cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
613 *(struct ucred *)CMSG_DATA(cmsg) = c;
614 msg.msg_controllen = cmsg->cmsg_len;
615 ret = sendmsg(sock, &msg, 0);
621 static void dispose_fds(int *fds, unsigned num)
625 for (i = 0; i < num; i++)
630 * receive a buffer and the Unix credentials of the sending process
632 * \param fd the socket file descriptor
633 * \param buf the buffer to store the message
634 * \param size the size of \a buffer
636 * \return negative on errors, the user id on success.
638 * \sa okir's Black Hats Manual
641 int recv_cred_buffer(int fd, char *buf, size_t size)
645 struct cmsghdr *cmsg;
651 setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &yes, sizeof(int));
652 memset(&msg, 0, sizeof(msg));
653 memset(buf, 0, size);
658 msg.msg_control = control;
659 msg.msg_controllen = sizeof(control);
660 if (recvmsg(fd, &msg, 0) < 0)
662 result = -E_SCM_CREDENTIALS;
663 cmsg = CMSG_FIRSTHDR(&msg);
665 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type
666 == SCM_CREDENTIALS) {
667 memcpy(&cred, CMSG_DATA(cmsg), sizeof(struct ucred));
670 if (cmsg->cmsg_level == SOL_SOCKET
671 && cmsg->cmsg_type == SCM_RIGHTS) {
672 dispose_fds((int *) CMSG_DATA(cmsg),
673 (cmsg->cmsg_len - CMSG_LEN(0))
676 cmsg = CMSG_NXTHDR(&msg, cmsg);
680 #endif /* HAVE_UCRED */
683 * Create a tcp socket, bind it and listen on the given port.
685 * \param port The tcp port to listen on.
687 * \return The file descriptor of the created socket, negative on errors.
689 * \sa get_stream_socket()
694 int tcp_listen(int port)
696 struct sockaddr_in my_addr;
697 int fd, ret = get_stream_socket(AF_INET);
703 ret = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &ret, sizeof(int));
705 ret = -ERRNO_TO_PARA_ERROR(errno);
708 init_sockaddr(&my_addr, port, NULL);
709 ret = bind(fd, (struct sockaddr *)&my_addr, sizeof(struct sockaddr));
711 ret = -ERRNO_TO_PARA_ERROR(errno);
714 ret = listen(fd, BACKLOG);
716 ret = -ERRNO_TO_PARA_ERROR(errno);
719 PARA_INFO_LOG("listening on port %d, fd %d\n", port, fd);
727 * receive a buffer and check for a pattern
729 * \param fd the file descriptor to receive from
730 * \param pattern the expected pattern
731 * \param bufsize the size of the internal buffer
733 * \return Positive if \a pattern was received, negative otherwise.
735 * This function creates a buffer of size \a bufsize and tries
736 * to receive at most \a bufsize bytes from file descriptor \a fd.
737 * If at least \p strlen(\a pattern) bytes were received, the beginning of
738 * the received buffer is compared with \a pattern, ignoring case.
743 int recv_pattern(int fd, const char *pattern, size_t bufsize)
745 size_t len = strlen(pattern);
746 char *buf = para_malloc(bufsize + 1);
747 int ret = -E_RECV_PATTERN, n = recv_buffer(fd, buf, bufsize);
751 if (strncasecmp(buf, pattern, len))
756 PARA_NOTICE_LOG("n = %d, did not receive pattern '%s'\n", n, pattern);
758 PARA_NOTICE_LOG("recvd: %s\n", buf);