chiark / gitweb /
fds: Provide cloexec() and use it in udp.c and tun.c
[secnet.git] / udp.c
diff --git a/udp.c b/udp.c
index bbf8c64..bb82026 100644 (file)
--- a/udp.c
+++ b/udp.c
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include "util.h"
+#include "magic.h"
 #include "unaligned.h"
 #include "ipaddr.h"
+#include "magic.h"
 
 static beforepoll_fn udp_beforepoll;
 static afterpoll_fn udp_afterpoll;
@@ -101,8 +103,10 @@ static void udp_afterpoll(void *state, struct pollfd *fds, int nfds)
            fromlen=sizeof(from);
            BUF_ASSERT_FREE(st->rbuf);
            BUF_ALLOC(st->rbuf,"udp_afterpoll");
-           rv=recvfrom(st->fd, st->rbuf->start, st->rbuf->len, 0,
-                       (struct sockaddr *)&from, &fromlen);
+           buffer_init(st->rbuf,calculate_max_start_pad());
+           rv=recvfrom(st->fd, st->rbuf->start,
+                       buf_remaining_space(st->rbuf),
+                       0, (struct sockaddr *)&from, &fromlen);
            if (rv>0) {
                st->rbuf->size=rv;
                if (st->use_proxy) {
@@ -120,29 +124,28 @@ static void udp_afterpoll(void *state, struct pollfd *fds, int nfds)
                    buf_unprepend(st->rbuf,2);
                    memcpy(&from.sin_port,buf_unprepend(st->rbuf,2),2);
                }
+               struct comm_addr ca;
+               FILLZERO(ca);
+               ca.comm=&st->ops;
+               ca.sin=from;
                done=False;
                for (n=st->notify; n; n=n->next) {
-                   struct comm_addr ca;
-                   FILLZERO(ca);
-                   ca.comm=&st->ops;
-                   ca.sin=from;
                    if (n->fn(n->state, st->rbuf, &ca)) {
                        done=True;
                        break;
                    }
                }
                if (!done) {
-                   uint32_t source,dest;
-                   /* Manufacture and send NAK packet */
-                   source=get_uint32(st->rbuf->start); /* Us */
-                   dest=get_uint32(st->rbuf->start+4); /* Them */
-                   Message(M_INFO,"udp (port %d): sending NAK\n",st->port);
-                   buffer_init(st->rbuf,0);
-                   buf_append_uint32(st->rbuf,dest);
-                   buf_append_uint32(st->rbuf,source);
-                   buf_append_uint32(st->rbuf,0); /* NAK is msg type 0 */
-                   sendto(st->fd, st->rbuf->start, st->rbuf->size, 0,
-                          (struct sockaddr *)&from, sizeof(from));
+                   uint32_t msgtype;
+                   if (st->rbuf->size>12 /* prevents traffic amplification */
+                       && ((msgtype=get_uint32(st->rbuf->start+8))
+                           != LABEL_NAK)) {
+                       uint32_t source,dest;
+                       /* Manufacture and send NAK packet */
+                       source=get_uint32(st->rbuf->start); /* Us */
+                       dest=get_uint32(st->rbuf->start+4); /* Them */
+                       send_nak(&ca,source,dest,msgtype,st->rbuf,"unwanted");
+                   }
                    BUF_FREE(st->rbuf);
                }
                BUF_ASSERT_FREE(st->rbuf);
@@ -193,12 +196,13 @@ static bool_t udp_sendmsg(void *commst, struct buffer_if *buf,
     uint8_t *sa;
 
     if (st->use_proxy) {
-       sa=buf->start-8;
+       sa=buf_prepend(buf,8);
        memcpy(sa,&dest->sin.sin_addr,4);
        memset(sa+4,0,4);
        memcpy(sa+6,&dest->sin.sin_port,2);
        sendto(st->fd,sa,buf->size+8,0,(struct sockaddr *)&st->proxy,
               sizeof(st->proxy));
+       buf_unprepend(buf,8);
     } else {
        sendto(st->fd, buf->start, buf->size, 0,
               (struct sockaddr *)&dest->sin, sizeof(dest->sin));
@@ -220,10 +224,7 @@ static void udp_phase_hook(void *sst, uint32_t new_phase)
        fatal_perror("udp (%s:%d): fcntl(set O_NONBLOCK)",
                     st->loc.file,st->loc.line);
     }
-    if (fcntl(st->fd, F_SETFD, FD_CLOEXEC)==-1) {
-       fatal_perror("udp (%s:%d): fcntl(set FD_CLOEXEC)",
-                    st->loc.file,st->loc.line);
-    }
+    setcloexec(st->fd);
 
     FILLZERO(addr);
     addr.sin_family=AF_INET;
@@ -288,8 +289,6 @@ static list_t *udp_apply(closure_t *self, struct cloc loc, dict_t *context,
     st->cl.apply=NULL;
     st->cl.interface=&st->ops;
     st->ops.st=st;
-    st->ops.min_start_pad=0;
-    st->ops.min_end_pad=0;
     st->ops.request_notify=request_notify;
     st->ops.release_notify=release_notify;
     st->ops.sendmsg=udp_sendmsg;
@@ -324,9 +323,10 @@ static list_t *udp_apply(closure_t *self, struct cloc loc, dict_t *context,
            cfgfatal(st->loc,"udp","proxy must supply ""addr"",port\n");
        }
        st->proxy.sin_port=htons(i->data.number);
-       st->ops.min_start_pad=8;
     }
 
+    update_max_start_pad(&comm_max_start_pad, st->use_proxy ? 8 : 0);
+
     add_hook(PHASE_GETRESOURCES,udp_phase_hook,st);
 
     return new_closure(&st->cl);