1 /* UDP send/receive module for secnet */
3 /* This module enables sites to communicate by sending UDP
4 * packets. When an instance of the module is created we can
5 * optionally bind to a particular local IP address (not implemented
8 * Packets are offered to registered receivers in turn. Once one
9 * accepts it, it isn't offered to any more. */
17 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
23 #include "unaligned.h"
26 #include "comm-common.h"
28 static beforepoll_fn udp_beforepoll;
29 static afterpoll_fn udp_afterpoll;
30 static comm_sendmsg_fn udp_sendmsg;
34 struct udpsocks socks;
37 static const char *udp_addr_to_string(void *commst, const struct comm_addr *ca)
39 struct udp *st=commst;
40 struct udpsocks *socks=&st->socks;
41 static char sbuf[100];
42 int ix=ca->ix>=0 ? ca->ix : 0;
44 assert(ix>=0 && ix<socks->n_socks);
45 snprintf(sbuf, sizeof(sbuf), "udp:%d:%s-%s",
47 iaddr_to_string(&socks->socks[ix].addr),
48 iaddr_to_string(&ca->ia));
52 int udp_socks_beforepoll(struct udpsocks *socks,
53 struct pollfd *fds, int *nfds_io,
57 BEFOREPOLL_WANT_FDS(socks->n_socks);
58 for (i=0; i<socks->n_socks; i++) {
59 fds[i].fd=socks->socks[i].fd;
65 static int udp_beforepoll(void *state, struct pollfd *fds, int *nfds_io,
69 return udp_socks_beforepoll(&st->socks,fds,nfds_io,timeout_io);
72 void udp_socks_afterpoll(struct udpcommon *uc, struct udpsocks *socks,
73 struct pollfd *fds, int nfds)
81 struct commcommon *cc=&uc->cc;
83 for (i=0; i<socks->n_socks; i++) {
84 if (i>=nfds) continue;
85 if (!(fds[i].revents & POLLIN)) continue;
86 assert(fds[i].fd == socks->socks[i].fd);
87 int fd=socks->socks[i].fd;
91 BUF_ASSERT_FREE(cc->rbuf);
92 BUF_ALLOC(cc->rbuf,"udp_afterpoll");
93 buffer_init(cc->rbuf,calculate_max_start_pad());
94 rv=recvfrom(fd, cc->rbuf->start,
95 buf_remaining_space(cc->rbuf),
96 0, (struct sockaddr *)&from, &fromlen);
100 /* Check that the packet came from our poxy server;
101 we shouldn't be contacted directly by anybody else
102 (since they can trivially forge source addresses) */
103 if (!iaddr_equal(&from,&uc->proxy)) {
104 Message(M_INFO,"udp: received packet that's not "
109 /* proxy protocol supports ipv4 transport only */
111 from.sa.sa_family=AF_INET;
112 memcpy(&from.sin.sin_addr,buf_unprepend(cc->rbuf,4),4);
113 buf_unprepend(cc->rbuf,2);
114 memcpy(&from.sin.sin_port,buf_unprepend(cc->rbuf,2),2);
121 done=comm_notify(&cc->notify, cc->rbuf, &ca);
124 if (cc->rbuf->size>12 /* prevents traffic amplification */
125 && ((msgtype=get_uint32(cc->rbuf->start+8))
127 uint32_t source,dest;
128 /* Manufacture and send NAK packet */
129 source=get_uint32(cc->rbuf->start); /* Us */
130 dest=get_uint32(cc->rbuf->start+4); /* Them */
131 send_nak(&ca,source,dest,msgtype,cc->rbuf,"unwanted");
135 BUF_ASSERT_FREE(cc->rbuf);
143 static void udp_afterpoll(void *state, struct pollfd *fds, int nfds)
145 struct udp *st=state;
146 return udp_socks_afterpoll(&st->uc,&st->socks,fds,nfds);
149 static bool_t udp_sendmsg(void *commst, struct buffer_if *buf,
150 const struct comm_addr *dest)
152 struct udp *st=commst;
153 struct udpcommon *uc=&st->uc;
154 struct udpsocks *socks=&st->socks;
158 sa=buf_prepend(buf,8);
159 if (dest->ia.sa.sa_family != AF_INET) {
161 "udp: proxy means dropping outgoing non-IPv4 packet to %s\n",
162 iaddr_to_string(&dest->ia));
165 memcpy(sa,&dest->ia.sin.sin_addr,4);
167 memcpy(sa+6,&dest->ia.sin.sin_port,2);
168 sendto(socks->socks[0].fd,sa,buf->size+8,0,(struct sockaddr *)&uc->proxy,
170 buf_unprepend(buf,8);
173 bool_t allunsupported=True;
174 for (i=0; i<socks->n_socks; i++) {
175 if (dest->ia.sa.sa_family != socks->socks[i].addr.sa.sa_family)
176 /* no point even trying */
178 r=sendto(socks->socks[i].fd, buf->start, buf->size, 0,
179 &dest->ia.sa, iaddr_socklen(&dest->ia));
181 if (!(errno==EAFNOSUPPORT || errno==ENETUNREACH))
182 /* who knows what that error means? */
183 allunsupported=False;
185 return !allunsupported; /* see doc for comm_sendmsg_fn in secnet.h */
191 static void udp_make_socket(struct udp *st, struct udpsock *us)
193 const union iaddr *addr=&us->addr;
194 struct udpcommon *uc=&st->uc;
195 struct commcommon *cc=&uc->cc;
197 us->fd=socket(addr->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP);
199 fatal_perror("udp (%s:%d): socket",cc->loc.file,cc->loc.line);
201 if (fcntl(us->fd, F_SETFL, fcntl(us->fd, F_GETFL)|O_NONBLOCK)==-1) {
202 fatal_perror("udp (%s:%d): fcntl(set O_NONBLOCK)",
203 cc->loc.file,cc->loc.line);
207 if (addr->sa.sa_family==AF_INET6) {
210 socklen_t optlen=sizeof(optval);
211 r=setsockopt(us->fd,IPPROTO_IPV6,IPV6_V6ONLY,&optval,optlen);
212 if (r) fatal_perror("udp (%s:%d): setsockopt(,IPV6_V6ONLY,&1,)",
213 cc->loc.file,cc->loc.line);
221 /* XXX this fork() and waitpid() business needs to be hidden
222 in some system-specific library functions. */
225 fatal_perror("udp_phase_hook: fork() for authbind");
228 char *argv[5], addrstr[33], portstr[5];
231 switch (addr->sa.sa_family) {
233 sprintf(addrstr,"%08lX",(long)addr->sin.sin_addr.s_addr);
234 port=addr->sin.sin_port;
241 sprintf(addrstr+i*2,"%02X",addr->sin6.sin6_addr.s6_addr[i]);
242 port=addr->sin6.sin6_port;
246 #endif /*CONFIG_IPV6*/
248 fatal("udp (%s:%d): unsupported address family for authbind",
249 cc->loc.file,cc->loc.line);
251 sprintf(portstr,"%04X",port);
252 argv[0]=uc->authbind;
255 argv[3]=(char*)addrfam;
258 execvp(uc->authbind,argv);
261 while (waitpid(c,&status,0)==-1) {
262 if (errno==EINTR) continue;
263 fatal_perror("udp (%s:%d): authbind",cc->loc.file,cc->loc.line);
265 if (WIFSIGNALED(status)) {
266 fatal("udp (%s:%d): authbind died on signal %d",cc->loc.file,
267 cc->loc.line, WTERMSIG(status));
269 if (WIFEXITED(status) && WEXITSTATUS(status)!=0) {
270 fatal("udp (%s:%d): authbind died with status %d",cc->loc.file,
271 cc->loc.line, WEXITSTATUS(status));
274 if (bind(us->fd, &addr->sa, iaddr_socklen(addr))!=0) {
275 fatal_perror("udp (%s:%d): bind",cc->loc.file,cc->loc.line);
280 static void udp_phase_hook(void *sst, uint32_t new_phase)
283 struct udpsocks *socks=&st->socks;
285 for (i=0; i<socks->n_socks; i++)
286 udp_make_socket(st,&socks->socks[i]);
288 register_for_poll(st,udp_beforepoll,udp_afterpoll,"udp");
291 static list_t *udp_apply(closure_t *self, struct cloc loc, dict_t *context,
300 COMM_APPLY(st,&st->uc.cc,udp_,"udp",loc);
301 COMM_APPLY_STANDARD(st,&st->uc.cc,"udp",args);
302 UDP_APPLY_STANDARD(st,&st->uc,"udp");
304 struct udpcommon *uc=&st->uc;
305 struct udpsocks *socks=&st->socks;
306 struct commcommon *cc=&uc->cc;
308 union iaddr defaultaddrs[] = {
310 { .sin6 = { .sin6_family=AF_INET6,
311 .sin6_port=htons(uc->port),
312 .sin6_addr=IN6ADDR_ANY_INIT } },
314 { .sin = { .sin_family=AF_INET,
315 .sin_port=htons(uc->port),
316 .sin_addr= { .s_addr=INADDR_ANY } } }
319 caddrl=dict_lookup(d,"address");
320 socks->n_socks=caddrl ? list_length(caddrl) : (int)ARRAY_SIZE(defaultaddrs);
321 if (socks->n_socks<=0 || socks->n_socks>UDP_MAX_SOCKETS)
322 cfgfatal(cc->loc,"udp","`address' must be 1..%d addresses",
325 for (i=0; i<socks->n_socks; i++) {
326 struct udpsock *us=&socks->socks[i];
328 if (!list_length(caddrl)) {
329 us->addr=defaultaddrs[i];
331 text2iaddr(list_elem(caddrl,i),uc->port,
337 uc->authbind=dict_read_string(d,"authbind",False,"udp",cc->loc);
338 l=dict_lookup(d,"proxy");
342 uc->proxy.sa.sa_family=AF_INET;
344 if (!item || item->type!=t_string) {
345 cfgfatal(cc->loc,"udp","proxy must supply ""addr"",port\n");
347 a=string_item_to_ipaddr(item,"proxy");
348 uc->proxy.sin.sin_addr.s_addr=htonl(a);
350 if (!item || item->type!=t_number) {
351 cfgfatal(cc->loc,"udp","proxy must supply ""addr"",port\n");
353 uc->proxy.sin.sin_port=htons(item->data.number);
356 update_max_start_pad(&comm_max_start_pad, uc->use_proxy ? 8 : 0);
358 add_hook(PHASE_GETRESOURCES,udp_phase_hook,st);
360 return new_closure(&cc->cl);
363 void udp_module(dict_t *dict)
365 add_closure(dict,"udp",udp_apply);