X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=net.c;h=59b7f367fb2f119e338d9411f2060a71b39209fc;hp=ab6a98940b1e920eee7ee5e3f8f6b9bb33cf94b9;hb=60ef885705932a682097ad2b9f2379282d814e79;hpb=af2dd94bcaaaa8fbdc3301caf0acea97c07b9b93 diff --git a/net.c b/net.c index ab6a9894..59b7f367 100644 --- a/net.c +++ b/net.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2009 Andre Noll + * Copyright (C) 2005-2010 Andre Noll * * Licensed under the GPL v2. For licencing details see COPYING. */ @@ -27,71 +27,16 @@ #include #include +#include #include "para.h" #include "error.h" +#include "crypt.h" #include "net.h" #include "string.h" +#include "list.h" #include "fd.h" - -/** Information about one encrypted connection. */ -struct crypt_data { - /** Function used to decrypt received data. */ - crypt_function *recv; - /** Function used to encrypt data to be sent. */ - crypt_function *send; - /** - * Context-dependent data (crypt keys), passed verbatim to the above - * crypt functions. - */ - void *private_data; -}; -/** Array holding per fd crypt data. */ -static struct crypt_data *crypt_data_array; -/** Current size of the crypt data array. */ -static unsigned cda_size = 0; - -/** - * Activate encryption for one file descriptor. - * - * \param fd The file descriptor. - * \param recv_f The function used for decrypting received data. - * \param send_f The function used for encrypting before sending. - * \param private_data User data supplied by the caller. - */ -void enable_crypt(int fd, crypt_function *recv_f, crypt_function *send_f, - void *private_data) -{ - if (fd + 1 > cda_size) { - crypt_data_array = para_realloc(crypt_data_array, - (fd + 1) * sizeof(struct crypt_data)); - memset(crypt_data_array + cda_size, 0, - (fd + 1 - cda_size) * sizeof(struct crypt_data)); - cda_size = fd + 1; - } - crypt_data_array[fd].recv = recv_f; - crypt_data_array[fd].send = send_f; - crypt_data_array[fd].private_data = private_data; - PARA_INFO_LOG("rc4 encryption activated for fd %d\n", fd); -} - -/** - * Deactivate encryption for a given fd. - * - * \param fd The file descriptor. - * - * This must be called if and only if \p fd was activated via enable_crypt(). - */ -void disable_crypt(int fd) -{ - if (cda_size < fd + 1) - return; - crypt_data_array[fd].recv = NULL; - crypt_data_array[fd].send = NULL; - crypt_data_array[fd].private_data = NULL; -} - /** * Parse and validate IPv4 address/netmask string. * @@ -144,7 +89,8 @@ static bool is_v4_dot_quad(const char *address) bool result; regex_t r; - assert(!regcomp(&r, "^([0-9]+\\.){3}[0-9]+$", REG_EXTENDED|REG_NOSUB)); + assert(para_regcomp(&r, "^([0-9]+\\.){3}[0-9]+$", + REG_EXTENDED | REG_NOSUB) >= 0); result = regexec(&r, address, 0, NULL, 0) == 0; regfree(&r); return result; @@ -242,6 +188,31 @@ failed: return NULL; } +/** + * Stringify port number, resolve into service name where defined. + * \param port 2-byte port number, in host-byte-order. + * \param transport Transport protocol name (e.g. "udp", "tcp"), or NULL. + * \return Pointer to static result buffer. + * + * \sa getservent(3), services(5), nsswitch.conf(5) + */ +const char *stringify_port(int port, const char *transport) +{ + static char service[NI_MAXSERV]; + + if (port < 0 || port > 0xFFFF) { + snprintf(service, sizeof(service), "undefined (%d)", port); + } else { + struct servent *se = getservbyport(htons(port), transport); + + if (se == NULL) + snprintf(service, sizeof(service), "%u", port); + else + snprintf(service, sizeof(service), "%s", se->s_name); + } + return service; +} + /** * Determine the socket type for a given layer-4 protocol. * @@ -272,14 +243,119 @@ static const char *layer4_name(const unsigned l4type) return "UNKNOWN PROTOCOL"; } +/** + * Flowopts: Transport-layer independent encapsulation of socket options. + * + * These collect individual socket options into a queue, which is disposed of + * directly after makesock(). The 'pre_conn_opt' structure is for internal use + * only and should not be visible elsewhere. + * + * \sa setsockopt(2), makesock() + */ +struct pre_conn_opt { + int sock_level; /**< Second argument to setsockopt() */ + int sock_option; /**< Third argument to setsockopt() */ + char *opt_name; /**< Stringified \a sock_option */ + void *opt_val; /**< Fourth argument to setsockopt() */ + socklen_t opt_len; /**< Fifth argument to setsockopt() */ + + struct list_head node; /**< FIFO, as sockopt order matters. */ +}; + +/** FIFO list of pre-connection socket options to be set */ +struct flowopts { + struct list_head sockopts; +}; + +struct flowopts *flowopt_new(void) +{ + struct flowopts *new = para_malloc(sizeof(*new)); + + INIT_LIST_HEAD(&new->sockopts); + return new; +} + +/** + * Append new socket option to flowopt queue. + * + * \param fo The flowopt queue to append to. + * \param lev Level at which \a opt resides. + * \param opt New option to add. + * \param name Stringified name of \a opt. + * \param val The value to set \a opt to. + * \param len Length of \a val. + * + * \sa setsockopt(2) + */ +void flowopt_add(struct flowopts *fo, int lev, int opt, + char *name, const void *val, int len) +{ + struct pre_conn_opt *new = para_malloc(sizeof(*new)); + + new->sock_option = opt; + new->sock_level = lev; + new->opt_name = para_strdup(name); + + if (val == NULL) { + new->opt_val = NULL; + new->opt_len = 0; + } else { + new->opt_val = para_malloc(len); + new->opt_len = len; + memcpy(new->opt_val, val, len); + } + + list_add_tail(&new->node, &fo->sockopts); +} + +void flowopt_add_bool(struct flowopts *fo, int lev, int opt, + char *optname, bool on_or_off) +{ + int on = on_or_off; /* kernel takes 'int' */ + + flowopt_add(fo, lev, opt, optname, &on, sizeof(on)); +} + +/** Set the entire bunch of pre-connection options at once. */ +static void flowopt_setopts(int sockfd, struct flowopts *fo) +{ + struct pre_conn_opt *pc; + + if (fo == NULL) + return; + + list_for_each_entry(pc, &fo->sockopts, node) + if (setsockopt(sockfd, pc->sock_level, pc->sock_option, + pc->opt_val, pc->opt_len) < 0) { + PARA_EMERG_LOG("Can not set %s socket option: %s", + pc->opt_name, strerror(errno)); + exit(EXIT_FAILURE); + } +} + +static void flowopt_cleanup(struct flowopts *fo) +{ + struct pre_conn_opt *cur, *next; + + if (fo == NULL) + return; + + list_for_each_entry_safe(cur, next, &fo->sockopts, node) { + free(cur->opt_name); + free(cur->opt_val); + free(cur); + } + free(fo); +} + /** * Resolve IPv4/IPv6 address and create a ready-to-use active or passive socket. * - * \param l3type The layer-3 type (\p AF_INET, \p AF_INET6, \p AF_UNSPEC). * \param l4type The layer-4 type (\p IPPROTO_xxx). * \param passive Whether this is a passive (1) or active (0) socket. * \param host Remote or local hostname or IPv/6 address string. * \param port_number Decimal port number. + * \param fo Socket options to be set before making the connection. * * This creates a ready-made IPv4/v6 socket structure after looking up the * necessary parameters. The interpretation of \a host depends on the value of @@ -293,18 +369,20 @@ static const char *layer4_name(const unsigned l4type) * * Furthermore, bind(2) is called on passive sockets, and connect(2) on active * sockets. The algorithm tries all possible address combinations until it - * succeeds. + * succeeds. If \a fo is supplied, options are set and cleanup is performed. * * \return This function returns 1 on success and \a -E_ADDRESS_LOOKUP when no * matching connection could be set up (with details in the error log). * * \sa ipv6(7), getaddrinfo(3), bind(2), connect(2). */ -int makesock(unsigned l3type, unsigned l4type, int passive, - const char *host, unsigned short port_number) +int makesock(unsigned l4type, bool passive, + const char *host, uint16_t port_number, + struct flowopts *fo) { struct addrinfo *local = NULL, *src, *remote = NULL, *dst, hints; + unsigned int l3type = AF_UNSPEC; int rc, on = 1, sockfd = -1, socktype = sock_type(l4type); char port[6]; /* port number has at most 5 digits */ @@ -351,16 +429,19 @@ int makesock(unsigned l3type, unsigned l4type, int passive, goto get_next_dst; /* - * Set those options that need to be set before establishing - * the connection. Reuse the address on passive (listening) - * sockets to avoid failure on restart. + * Reuse the address on passive sockets to avoid failure on + * restart (protocols using listen()) and when creating + * multiple listener instances (UDP multicast). */ if (passive && setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, - &on, sizeof(on)) == -1) { + &on, sizeof(on)) == -1) { + rc = errno; + close(sockfd); PARA_ERROR_LOG("can not set SO_REUSEADDR: %s\n", - strerror(errno)); - return -ERRNO_TO_PARA_ERROR(errno); + strerror(rc)); + return -ERRNO_TO_PARA_ERROR(rc); } + flowopt_setopts(sockfd, fo); if (src) { if (bind(sockfd, src->ai_addr, src->ai_addrlen) < 0) { @@ -385,12 +466,14 @@ get_next_src: freeaddrinfo(local); if (remote) freeaddrinfo(remote); + flowopt_cleanup(fo); if (src == NULL && dst == NULL) { + rc = errno; PARA_ERROR_LOG("can not create %s socket %s#%s.\n", layer4_name(l4type), host? host : (passive? "[loopback]" : "[localhost]"), port); - return -ERRNO_TO_PARA_ERROR(errno); + return -ERRNO_TO_PARA_ERROR(rc); } return sockfd; } @@ -398,24 +481,25 @@ get_next_src: /** * Create a passive / listening socket. * - * \param l3type The network-layer type (\p AF_xxx). * \param l4type The transport-layer type (\p IPPROTO_xxx). * \param port The decimal port number to listen on. + * \param fo Flowopts (if any) to set before starting to listen. * * \return Positive integer (socket descriptor) on success, negative value * otherwise. * * \sa makesock(), ip(7), ipv6(7), bind(2), listen(2). */ -int para_listen(unsigned l3type, unsigned l4type, unsigned short port) +int para_listen(unsigned l4type, uint16_t port, struct flowopts *fo) { - int ret, fd = makesock(l3type, l4type, 1, NULL, port); + int ret, fd = makesock(l4type, 1, NULL, port, fo); if (fd > 0) { ret = listen(fd, BACKLOG); if (ret < 0) { + ret = errno; close(fd); - return -ERRNO_TO_PARA_ERROR(errno); + return -ERRNO_TO_PARA_ERROR(ret); } PARA_INFO_LOG("listening on %s port %u, fd %d\n", layer4_name(l4type), port, fd); @@ -423,28 +507,70 @@ int para_listen(unsigned l3type, unsigned l4type, unsigned short port) return fd; } +/** + * Determine IPv4/v6 socket address length. + * \param sa Container of IPv4 or IPv6 address. + * \return Address-family dependent address length. + */ +static socklen_t salen(const struct sockaddr *sa) +{ + assert(sa->sa_family == AF_INET || sa->sa_family == AF_INET6); + + return sa->sa_family == AF_INET6 + ? sizeof(struct sockaddr_in6) + : sizeof(struct sockaddr_in); +} + +/** + * Process IPv4/v6 address, turn v6-mapped-v4 address into normal IPv4 address. + * \param ss Container of IPv4/6 address. + * \return Pointer to normalized address (may be static storage). + * + * \sa RFC 3493 + */ +static const struct sockaddr * +normalize_ip_address(const struct sockaddr_storage *ss) +{ + const struct sockaddr_in6 *ia6 = (const struct sockaddr_in6 *)ss; + + assert(ss->ss_family == AF_INET || ss->ss_family == AF_INET6); + + if (ss->ss_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&ia6->sin6_addr)) { + static struct sockaddr_in ia; + + ia.sin_family = AF_INET; + ia.sin_port = ia6->sin6_port; + memcpy(&ia.sin_addr.s_addr, &(ia6->sin6_addr.s6_addr[12]), 4); + return (const struct sockaddr *)&ia; + } + return (const struct sockaddr *)ss; +} + /** * Print numeric host and port number (beware - uses static char). * * \param sa The IPv4/IPv6 socket address to use. - * \param len The length of \p sa. * - * \sa getnameinfo(3). + * \sa getnameinfo(3), services(5), nsswitch.conf(5) */ -static char *host_and_port(struct sockaddr *sa, socklen_t len) +static char *host_and_port(const struct sockaddr_storage *ss) { - static char output[NI_MAXHOST + NI_MAXSERV + 2]; + const struct sockaddr *sa = normalize_ip_address(ss); char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; + static char output[sizeof(hbuf) + sizeof(sbuf) + 2]; int ret; - ret = getnameinfo(sa, len, hbuf, sizeof(hbuf), sbuf, sizeof(sbuf), - NI_NUMERICHOST | NI_NUMERICSERV); - if (ret) { + ret = getnameinfo(sa, salen(sa), + hbuf, sizeof(hbuf), + sbuf, sizeof(sbuf), + NI_NUMERICHOST); + if (ret == 0) { + snprintf(output, sizeof(output), "%s#%s", hbuf, sbuf); + } else { + snprintf(output, sizeof(output), "(unknown)"); PARA_WARNING_LOG("hostname lookup error (%s).\n", - gai_strerror(ret)); - sprintf(output, "(unknown)"); - } else - sprintf(output, "%s#%s", hbuf, sbuf); + gai_strerror(ret)); + } return output; } @@ -472,7 +598,7 @@ static char *__get_sock_name(int fd, int (*getname)(int, struct sockaddr*, fd, strerror(errno)); return dont_know; } - return host_and_port((struct sockaddr *)&ss, sslen); + return host_and_port(&ss); } /** @@ -515,54 +641,34 @@ char *remote_name(int sockfd) struct in_addr extract_v4_addr(const struct sockaddr_storage *ss) { struct in_addr ia = {.s_addr = 0}; + const struct sockaddr *sa = normalize_ip_address(ss); - if (ss->ss_family == AF_INET) - ia.s_addr = ((struct sockaddr_in *)ss)->sin_addr.s_addr; - if (ss->ss_family == AF_INET6) { - const struct in6_addr v6_addr = ((struct sockaddr_in6 *)ss)->sin6_addr; - - if (IN6_IS_ADDR_V4MAPPED(&v6_addr)) - memcpy(&ia.s_addr, &(v6_addr.s6_addr[12]), 4); - } + if (sa->sa_family == AF_INET) + ia = ((struct sockaddr_in *)sa)->sin_addr; return ia; } /** - * Encrypt and send a binary buffer. + * Send a binary buffer. * * \param fd The file descriptor. - * \param buf The buffer to be encrypted and sent. + * \param buf The buffer to be sent. * \param len The length of \a buf. * - * Check if encryption is available. If yes, encrypt the given buffer. Send - * out the buffer, encrypted or not, and try to resend the remaining part in - * case of short writes. + * Send out the buffer and try to resend the remaining part in case of short + * writes. * * \return Standard. */ int send_bin_buffer(int fd, const char *buf, size_t len) { - int ret; - crypt_function *cf = NULL; - if (!len) PARA_CRIT_LOG("len == 0\n"); - if (fd + 1 <= cda_size) - cf = crypt_data_array[fd].send; - if (cf) { - void *private = crypt_data_array[fd].private_data; - /* RC4 may write more than len to the output buffer */ - unsigned char *outbuf = para_malloc(ROUND_UP(len, 8)); - (*cf)(len, (unsigned char *)buf, outbuf, private); - ret = write_all(fd, (char *)outbuf, &len); - free(outbuf); - } else - ret = write_all(fd, buf, &len); - return ret; + return write_all(fd, buf, &len); } /** - * Encrypt and send null terminated buffer. + * Send a \p NULL-terminated buffer. * * \param fd The file descriptor. * \param buf The null-terminated buffer to be send. @@ -576,9 +682,8 @@ int send_buffer(int fd, const char *buf) return send_bin_buffer(fd, buf, strlen(buf)); } - /** - * Send and encrypt a buffer given by a format string. + * Send a buffer given by a format string. * * \param fd The file descriptor. * \param fmt A format string. @@ -597,51 +702,37 @@ __printf_2_3 int send_va_buffer(int fd, const char *fmt, ...) } /** - * Receive and decrypt. + * Receive data from a file descriptor. * * \param fd The file descriptor. - * \param buf The buffer to write the decrypted data to. + * \param buf The buffer to write the data to. * \param size The size of \a buf. * - * Receive at most \a size bytes from file descriptor \a fd. If encryption is - * available, decrypt the received buffer. + * Receive at most \a size bytes from file descriptor \a fd. * - * \return The number of bytes received on success, negative on errors. + * \return The number of bytes received on success, negative on errors, zero if + * the peer has performed an orderly shutdown. * - * \sa recv(2) + * \sa recv(2). */ __must_check int recv_bin_buffer(int fd, char *buf, size_t size) { ssize_t n; - crypt_function *cf = NULL; - - if (fd + 1 <= cda_size) - cf = crypt_data_array[fd].recv; - if (cf) { - unsigned char *tmp = para_malloc(size); - void *private = crypt_data_array[fd].private_data; - n = recv(fd, tmp, size, 0); - if (n > 0) { - size_t numbytes = n; - unsigned char *b = (unsigned char *)buf; - (*cf)(numbytes, tmp, b, private); - } - free(tmp); - } else - n = recv(fd, buf, size, 0); + + n = recv(fd, buf, size, 0); if (n == -1) return -ERRNO_TO_PARA_ERROR(errno); return n; } /** - * Receive, decrypt and write terminating NULL byte. + * Receive and write terminating NULL byte. * * \param fd The file descriptor. - * \param buf The buffer to write the decrypted data to. + * \param buf The buffer to write the data to. * \param size The size of \a buf. * - * Read and decrypt at most \a size - 1 bytes from file descriptor \a fd and + * Read at most \a size - 1 bytes from file descriptor \a fd and * write a NULL byte at the end of the received data. * * \return The return value of the underlying call to \a recv_bin_buffer(). @@ -665,23 +756,68 @@ int recv_buffer(int fd, char *buf, size_t size) * Wrapper around the accept system call. * * \param fd The listening socket. + * \param rfds An optional fd_set pointer. * \param addr Structure which is filled in with the address of the peer socket. * \param size Should contain the size of the structure pointed to by \a addr. + * \param new_fd Result pointer. * - * Accept incoming connections on \a addr. Retry if interrupted. + * Accept incoming connections on \a addr, retry if interrupted. If \a rfds is + * not \p NULL, return 0 if \a fd is not set in \a rfds without calling accept(). * - * \return The new file descriptor on success, negative on errors. + * \return Negative on errors, zero if no connections are present to be accepted, + * one otherwise. * * \sa accept(2). */ -int para_accept(int fd, void *addr, socklen_t size) +int para_accept(int fd, fd_set *rfds, void *addr, socklen_t size, int *new_fd) { - int new_fd; + int ret; + if (rfds && !FD_ISSET(fd, rfds)) + return 0; do - new_fd = accept(fd, (struct sockaddr *) addr, &size); - while (new_fd < 0 && errno == EINTR); - return new_fd < 0? -ERRNO_TO_PARA_ERROR(errno) : new_fd; + ret = accept(fd, (struct sockaddr *) addr, &size); + while (ret < 0 && errno == EINTR); + + if (ret >= 0) { + *new_fd = ret; + return 1; + } + if (errno == EAGAIN || errno == EWOULDBLOCK) + return 0; + return -ERRNO_TO_PARA_ERROR(errno); +} + +/** + * Probe the list of DCCP CCIDs configured on this host. + * \param ccid_array Pointer to return statically allocated array in. + * \return Number of elements returned in \a ccid_array or error. + * + * NB: This feature is only available on Linux > 2.6.30; on older kernels + * ENOPROTOOPT ("Protocol not available") will be returned. + */ +int dccp_available_ccids(uint8_t **ccid_array) +{ + static uint8_t ccids[DCCP_MAX_HOST_CCIDS]; + socklen_t nccids = sizeof(ccids); + int ret, fd; + + ret = fd = makesock(IPPROTO_DCCP, 1, NULL, 0, NULL); + if (ret < 0) + return ret; + + if (getsockopt(fd, SOL_DCCP, DCCP_SOCKOPT_AVAILABLE_CCIDS, + ccids, &nccids) < 0) { + ret = errno; + close(fd); + PARA_ERROR_LOG("No DCCP_SOCKOPT_AVAILABLE_CCIDS: %s\n", + strerror(ret)); + return -ERRNO_TO_PARA_ERROR(ret); + } + + close(fd); + *ccid_array = ccids; + return nccids; } /** @@ -894,40 +1030,3 @@ int recv_cred_buffer(int fd, char *buf, size_t size) return result; } #endif /* HAVE_UCRED */ - -/** - * Receive a buffer and check for a pattern. - * - * \param fd The file descriptor to receive from. - * \param pattern The expected pattern. - * \param bufsize The size of the internal buffer. - * - * \return Positive if \a pattern was received, negative otherwise. - * - * This function tries to receive at most \a bufsize bytes from file descriptor - * \a fd. If at least \p strlen(\a pattern) bytes were received, the beginning - * of the received buffer is compared with \a pattern, ignoring case. - * - * \sa recv_buffer(), \sa strncasecmp(3). - */ -int recv_pattern(int fd, const char *pattern, size_t bufsize) -{ - size_t len = strlen(pattern); - char *buf = para_malloc(bufsize + 1); - int ret = -E_RECV_PATTERN, n = recv_buffer(fd, buf, bufsize + 1); - - if (n < len) - goto out; - if (strncasecmp(buf, pattern, len)) - goto out; - ret = 1; -out: - if (ret < 0) { - PARA_NOTICE_LOG("n = %d, did not receive pattern '%s'\n", n, - pattern); - if (n > 0) - PARA_NOTICE_LOG("recvd: %s\n", buf); - } - free(buf); - return ret; -}