1 /* UDP send/receive module for secnet */
3 /* This module enables sites to communicate by sending UDP
4 * packets. When an instance of the module is created we can
5 * optionally bind to a particular local IP address (not implemented
8 * Packets are offered to registered receivers in turn. Once one
9 * accepts it, it isn't offered to any more. */
17 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
23 #include "unaligned.h"
26 #include "comm-common.h"
28 static beforepoll_fn udp_beforepoll;
29 static afterpoll_fn udp_afterpoll;
30 static comm_sendmsg_fn udp_sendmsg;
32 #define UDP_MAX_SOCKETS 3 /* 2 ought to do really */
42 struct udpsock socks[UDP_MAX_SOCKETS];
48 static const char *udp_addr_to_string(void *commst, const struct comm_addr *ca)
50 struct udp *st=commst;
51 struct udp *socks=st; /* for now */
52 static char sbuf[100];
53 int ix=ca->ix>=0 ? ca->ix : 0;
55 assert(ix>=0 && ix<socks->n_socks);
56 snprintf(sbuf, sizeof(sbuf), "udp:%d:%s-%s",
58 iaddr_to_string(&socks->socks[ix].addr),
59 iaddr_to_string(&ca->ia));
63 static int udp_beforepoll(void *state, struct pollfd *fds, int *nfds_io,
68 struct udp *socks=st; /* for now */
69 BEFOREPOLL_WANT_FDS(socks->n_socks);
70 for (i=0; i<socks->n_socks; i++) {
71 fds[i].fd=socks->socks[i].fd;
77 static void udp_afterpoll(void *state, struct pollfd *fds, int nfds)
80 struct commcommon *cc=&st->cc;
81 struct udp *socks=st; /* for now */
82 struct udp *uc=st; /* for now */
89 for (i=0; i<st->n_socks; i++) {
90 if (i>=nfds) continue;
91 if (!(fds[i].revents & POLLIN)) continue;
92 assert(fds[i].fd == socks->socks[i].fd);
93 int fd=socks->socks[i].fd;
97 BUF_ASSERT_FREE(cc->rbuf);
98 BUF_ALLOC(cc->rbuf,"udp_afterpoll");
99 buffer_init(cc->rbuf,calculate_max_start_pad());
100 rv=recvfrom(fd, cc->rbuf->start,
101 buf_remaining_space(cc->rbuf),
102 0, (struct sockaddr *)&from, &fromlen);
106 /* Check that the packet came from our poxy server;
107 we shouldn't be contacted directly by anybody else
108 (since they can trivially forge source addresses) */
109 if (!iaddr_equal(&from,&uc->proxy)) {
110 Message(M_INFO,"udp: received packet that's not "
115 /* proxy protocol supports ipv4 transport only */
117 from.sa.sa_family=AF_INET;
118 memcpy(&from.sin.sin_addr,buf_unprepend(cc->rbuf,4),4);
119 buf_unprepend(cc->rbuf,2);
120 memcpy(&from.sin.sin_port,buf_unprepend(cc->rbuf,2),2);
127 done=comm_notify(&cc->notify, cc->rbuf, &ca);
130 if (cc->rbuf->size>12 /* prevents traffic amplification */
131 && ((msgtype=get_uint32(cc->rbuf->start+8))
133 uint32_t source,dest;
134 /* Manufacture and send NAK packet */
135 source=get_uint32(cc->rbuf->start); /* Us */
136 dest=get_uint32(cc->rbuf->start+4); /* Them */
137 send_nak(&ca,source,dest,msgtype,cc->rbuf,"unwanted");
141 BUF_ASSERT_FREE(cc->rbuf);
149 static bool_t udp_sendmsg(void *commst, struct buffer_if *buf,
150 const struct comm_addr *dest)
152 struct udp *st=commst;
153 struct udp *uc=st; /* for now */
154 struct udp *socks=st; /* for now */
158 sa=buf_prepend(buf,8);
159 if (dest->ia.sa.sa_family != AF_INET) {
161 "udp: proxy means dropping outgoing non-IPv4 packet to %s\n",
162 iaddr_to_string(&dest->ia));
165 memcpy(sa,&dest->ia.sin.sin_addr,4);
167 memcpy(sa+6,&dest->ia.sin.sin_port,2);
168 sendto(socks->socks[0].fd,sa,buf->size+8,0,(struct sockaddr *)&uc->proxy,
170 buf_unprepend(buf,8);
173 bool_t allunsupported=True;
174 for (i=0; i<socks->n_socks; i++) {
175 if (dest->ia.sa.sa_family != socks->socks[i].addr.sa.sa_family)
176 /* no point even trying */
178 r=sendto(socks->socks[i].fd, buf->start, buf->size, 0,
179 &dest->ia.sa, iaddr_socklen(&dest->ia));
181 if (!(errno==EAFNOSUPPORT || errno==ENETUNREACH))
182 /* who knows what that error means? */
183 allunsupported=False;
185 return !allunsupported; /* see doc for comm_sendmsg_fn in secnet.h */
191 static void udp_make_socket(struct udp *st, struct udpsock *us)
193 const union iaddr *addr=&us->addr;
194 struct commcommon *cc=&st->cc; /* for now */
195 struct udp *uc=st; /* for now */
196 us->fd=socket(addr->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
198 fatal_perror("udp (%s:%d): socket",cc->loc.file,cc->loc.line);
200 if (fcntl(us->fd, F_SETFL, fcntl(us->fd, F_GETFL)|O_NONBLOCK)==-1) {
201 fatal_perror("udp (%s:%d): fcntl(set O_NONBLOCK)",
202 cc->loc.file,cc->loc.line);
206 if (addr->sa.sa_family==AF_INET6) {
209 socklen_t optlen=sizeof(optval);
210 r=setsockopt(us->fd,IPPROTO_IPV6,IPV6_V6ONLY,&optval,optlen);
211 if (r) fatal_perror("udp (%s:%d): setsockopt(,IPV6_V6ONLY,&1,)",
212 cc->loc.file,cc->loc.line);
220 /* XXX this fork() and waitpid() business needs to be hidden
221 in some system-specific library functions. */
224 fatal_perror("udp_phase_hook: fork() for authbind");
227 char *argv[5], addrstr[33], portstr[5];
230 switch (addr->sa.sa_family) {
232 sprintf(addrstr,"%08lX",(long)addr->sin.sin_addr.s_addr);
233 port=addr->sin.sin_port;
240 sprintf(addrstr+i*2,"%02X",addr->sin6.sin6_addr.s6_addr[i]);
241 port=addr->sin6.sin6_port;
245 #endif /*CONFIG_IPV6*/
247 fatal("udp (%s:%d): unsupported address family for authbind",
248 cc->loc.file,cc->loc.line);
250 sprintf(portstr,"%04X",port);
251 argv[0]=uc->authbind;
254 argv[3]=(char*)addrfam;
257 execvp(uc->authbind,argv);
260 while (waitpid(c,&status,0)==-1) {
261 if (errno==EINTR) continue;
262 fatal_perror("udp (%s:%d): authbind",cc->loc.file,cc->loc.line);
264 if (WIFSIGNALED(status)) {
265 fatal("udp (%s:%d): authbind died on signal %d",cc->loc.file,
266 cc->loc.line, WTERMSIG(status));
268 if (WIFEXITED(status) && WEXITSTATUS(status)!=0) {
269 fatal("udp (%s:%d): authbind died with status %d",cc->loc.file,
270 cc->loc.line, WEXITSTATUS(status));
273 if (bind(us->fd, &addr->sa, iaddr_socklen(addr))!=0) {
274 fatal_perror("udp (%s:%d): bind",cc->loc.file,cc->loc.line);
279 static void udp_phase_hook(void *sst, uint32_t new_phase)
282 struct udp *socks=st; /* for now */
284 for (i=0; i<socks->n_socks; i++)
285 udp_make_socket(st,&socks->socks[i]);
287 register_for_poll(st,udp_beforepoll,udp_afterpoll,"udp");
290 static list_t *udp_apply(closure_t *self, struct cloc loc, dict_t *context,
301 COMM_APPLY(st,&st->cc,udp_,"udp",loc);
302 struct commcommon *cc=&st->cc; /* for now */
303 struct udp *uc=st; /* for now */
304 struct udp *socks=st; /* for now */
307 item=list_elem(args,0);
308 if (!item || item->type!=t_dict) {
309 cfgfatal(cc->loc,"udp","first argument must be a dictionary\n");
313 int port=dict_read_number(d,"port",True,"udp",cc->loc,0);
315 union iaddr defaultaddrs[] = {
317 { .sin6 = { .sin6_family=AF_INET6,
318 .sin6_port=htons(port),
319 .sin6_addr=IN6ADDR_ANY_INIT } },
321 { .sin = { .sin_family=AF_INET,
322 .sin_port=htons(port),
323 .sin_addr= { .s_addr=INADDR_ANY } } }
326 caddrl=dict_lookup(d,"address");
327 socks->n_socks=caddrl ? list_length(caddrl) : (int)ARRAY_SIZE(defaultaddrs);
328 if (socks->n_socks<=0 || socks->n_socks>UDP_MAX_SOCKETS)
329 cfgfatal(cc->loc,"udp","`address' must be 1..%d addresses",
332 for (i=0; i<socks->n_socks; i++) {
333 struct udpsock *us=&socks->socks[i];
335 if (!list_length(caddrl)) {
336 us->addr=defaultaddrs[i];
338 text2iaddr(list_elem(caddrl,i),port,
344 cc->rbuf=find_cl_if(d,"buffer",CL_BUFFER,True,"udp",cc->loc);
345 uc->authbind=dict_read_string(d,"authbind",False,"udp",cc->loc);
346 l=dict_lookup(d,"proxy");
350 uc->proxy.sa.sa_family=AF_INET;
352 if (!item || item->type!=t_string) {
353 cfgfatal(cc->loc,"udp","proxy must supply ""addr"",port\n");
355 a=string_item_to_ipaddr(item,"proxy");
356 uc->proxy.sin.sin_addr.s_addr=htonl(a);
358 if (!item || item->type!=t_number) {
359 cfgfatal(cc->loc,"udp","proxy must supply ""addr"",port\n");
361 uc->proxy.sin.sin_port=htons(item->data.number);
364 update_max_start_pad(&comm_max_start_pad, uc->use_proxy ? 8 : 0);
366 add_hook(PHASE_GETRESOURCES,udp_phase_hook,st);
368 return new_closure(&cc->cl);
371 void udp_module(dict_t *dict)
373 add_closure(dict,"udp",udp_apply);