X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=slip.c;h=d8b32d8dbda79b5ad8ad4432be2adb4d3a166a10;hp=60152c9a984deea96a8839e89d6222fd346660a4;hb=b85840f2aed63305094eca734f157a0f73d91273;hpb=794f2398b8fe84bf398bb10d6eeca6fe6737f65f

diff --git a/slip.c b/slip.c
index 60152c9..d8b32d8 100644
--- a/slip.c
+++ b/slip.c
@@ -7,6 +7,7 @@
 #include "util.h"
 #include "netlink.h"
 #include "process.h"
+#include "unaligned.h"
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
@@ -23,8 +24,9 @@ struct slip {
     struct buffer_if *buff; /* We unstuff received packets into here
 			       and send them to the netlink code. */
     bool_t pending_esc;
+    bool_t ignoring_packet; /* If this packet was corrupt or overlong,
+			       we ignore everything up to the next END */
     netlink_deliver_fn *netlink_to_tunnel;
-    uint32_t local_address;
 };
 
 /* Generic SLIP mangling code */
@@ -33,11 +35,11 @@ static void slip_stuff(struct slip *st, struct buffer_if *buf, int fd)
 {
     uint8_t txbuf[DEFAULT_BUFSIZE];
     uint8_t *i;
-    uint32_t j=0;
+    int32_t j=0;
 
     BUF_ASSERT_USED(buf);
 
-    /* XXX crunchy bytestuff code */
+    /* There's probably a much more efficient way of implementing this */
     txbuf[j++]=SLIP_END;
     for (i=buf->start; i<(buf->start+buf->size); i++) {
 	switch (*i) {
@@ -71,53 +73,82 @@ static void slip_unstuff(struct slip *st, uint8_t *buf, uint32_t l)
 {
     uint32_t i;
 
-    /* XXX really crude unstuff code */
-    /* XXX check for buffer overflow */
     BUF_ASSERT_USED(st->buff);
     for (i=0; i<l; i++) {
+	int outputchr;
+	enum { OUTPUT_END = 256, OUTPUT_NOTHING = 257 };
+
+	if (!st->buff->size)
+	    buffer_init(st->buff,calculate_max_start_pad());
+
 	if (st->pending_esc) {
 	    st->pending_esc=False;
 	    switch(buf[i]) {
 	    case SLIP_ESCEND:
-		*(uint8_t *)buf_append(st->buff,1)=SLIP_END;
+		outputchr=SLIP_END;
 		break;
 	    case SLIP_ESCESC:
-		*(uint8_t *)buf_append(st->buff,1)=SLIP_ESC;
+		outputchr=SLIP_ESC;
 		break;
 	    default:
-		fatal("userv_afterpoll: bad SLIP escape character\n");
+		if (!st->ignoring_packet) {
+		    Message(M_WARNING, "userv_afterpoll: bad SLIP escape"
+			    " character, dropping packet\n");
+		}
+		st->ignoring_packet=True;
+		outputchr=OUTPUT_NOTHING;
+		break;
 	    }
 	} else {
 	    switch (buf[i]) {
 	    case SLIP_END:
-		if (st->buff->size>0) {
-		    st->netlink_to_tunnel(&st->nl,st->buff);
-		    BUF_ALLOC(st->buff,"userv_afterpoll");
-		}
-		buffer_init(st->buff,st->nl.max_start_pad);
+		outputchr=OUTPUT_END;
 		break;
 	    case SLIP_ESC:
 		st->pending_esc=True;
+		outputchr=OUTPUT_NOTHING;
 		break;
 	    default:
-		*(uint8_t *)buf_append(st->buff,1)=buf[i];
+		outputchr=buf[i];
 		break;
 	    }
 	}
+
+	if (st->ignoring_packet) {
+	    if (outputchr == OUTPUT_END) {
+		st->ignoring_packet=False;
+		st->buff->size=0;
+	    }
+	} else {
+	    if (outputchr == OUTPUT_END) {
+		if (st->buff->size>0) {
+		    st->netlink_to_tunnel(&st->nl,st->buff);
+		    BUF_ALLOC(st->buff,"userv_afterpoll");
+		}
+		st->buff->size=0;
+	    } else if (outputchr != OUTPUT_NOTHING) {
+		if (buf_remaining_space(st->buff)) {
+		    buf_append_uint8(st->buff,outputchr);
+		} else {
+		    Message(M_WARNING, "userv_afterpoll: dropping overlong"
+			    " SLIP packet\n");
+		    st->ignoring_packet=True;
+		}
+	    }
+	}
     }
 }
 
 static void slip_init(struct slip *st, struct cloc loc, dict_t *dict,
-		      string_t name, netlink_deliver_fn *to_host)
+		      cstring_t name, netlink_deliver_fn *to_host)
 {
     st->netlink_to_tunnel=
 	netlink_init(&st->nl,st,loc,dict,
 		     "netlink-userv-ipif",NULL,to_host);
     st->buff=find_cl_if(dict,"buffer",CL_BUFFER,True,"name",loc);
-    st->local_address=string_item_to_ipaddr(
-	dict_find_item(dict,"local-address", True, name, loc),"netlink");
     BUF_ALLOC(st->buff,"slip_init");
     st->pending_esc=False;
+    st->ignoring_packet=False;
 }
 
 /* Connection to the kernel through userv-ipif */
@@ -126,33 +157,31 @@ struct userv {
     struct slip slip;
     int txfd; /* We transmit to userv */
     int rxfd; /* We receive from userv */
-    string_t userv_path;
-    string_t service_user;
-    string_t service_name;
+    cstring_t userv_path;
+    cstring_t service_user;
+    cstring_t service_name;
     pid_t pid;
     bool_t expecting_userv_exit;
 };
 
 static int userv_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
-			    int *timeout_io, const struct timeval *tv_now,
-			    uint64_t *now)
+			    int *timeout_io)
 {
     struct userv *st=sst;
 
     if (st->rxfd!=-1) {
 	*nfds_io=2;
 	fds[0].fd=st->txfd;
-	fds[0].events=POLLERR; /* Might want to pick up POLLOUT sometime */
+	fds[0].events=0; /* Might want to pick up POLLOUT sometime */
 	fds[1].fd=st->rxfd;
-	fds[1].events=POLLIN|POLLERR|POLLHUP;
+	fds[1].events=POLLIN;
     } else {
 	*nfds_io=0;
     }
     return 0;
 }
 
-static void userv_afterpoll(void *sst, struct pollfd *fds, int nfds,
-			    const struct timeval *tv_now, uint64_t *now)
+static void userv_afterpoll(void *sst, struct pollfd *fds, int nfds)
 {
     struct userv *st=sst;
     uint8_t rxbuf[DEFAULT_BUFSIZE];
@@ -170,7 +199,7 @@ static void userv_afterpoll(void *sst, struct pollfd *fds, int nfds,
 		fatal_perror("%s: userv_afterpoll: read(rxfd)",
 			     st->slip.nl.name);
 	} else if (l==0) {
-	    fatal("%s: userv_afterpoll: read(rxfd)=0; userv gone away?\n",
+	    fatal("%s: userv_afterpoll: read(rxfd)=0; userv gone away?",
 		  st->slip.nl.name);
 	} else slip_unstuff(&st->slip,rxbuf,l);
     }
@@ -181,6 +210,14 @@ static void userv_deliver_to_kernel(void *sst, struct buffer_if *buf)
 {
     struct userv *st=sst;
 
+    if (buf->size > st->slip.nl.mtu) {
+	Message(M_ERR,"%s: packet of size %"PRIu32" exceeds mtu %"PRIu32":"
+		" cannot be injected into kernel, dropped\n",
+		st->slip.nl.name, buf->size, st->slip.nl.mtu);
+	BUF_FREE(buf);
+	return;
+    }
+
     slip_stuff(&st->slip,buf,st->txfd);
 }
 
@@ -195,13 +232,14 @@ static void userv_userv_callback(void *sst, pid_t pid, int status)
     }
     if (!st->expecting_userv_exit) {
 	if (WIFEXITED(status)) {
-	    fatal("%s: userv exited unexpectedly with status %d\n",
+	    fatal("%s: userv exited unexpectedly with status %d",
 		  st->slip.nl.name,WEXITSTATUS(status));
 	} else if (WIFSIGNALED(status)) {
-	    fatal("%s: userv exited unexpectedly: uncaught signal %d\n",
+	    fatal("%s: userv exited unexpectedly: uncaught signal %d",
 		  st->slip.nl.name,WTERMSIG(status));
 	} else {
-	    fatal("%s: userv stopped unexpectedly\n");
+	    fatal("%s: userv stopped unexpectedly",
+		  st->slip.nl.name);
 	}
     }
     Message(M_WARNING,"%s: userv subprocess died with status %d\n",
@@ -210,8 +248,8 @@ static void userv_userv_callback(void *sst, pid_t pid, int status)
 }
 
 struct userv_entry_rec {
-    string_t path;
-    char **argv;
+    cstring_t path;
+    const char **argv;
     int in;
     int out;
     /* XXX perhaps we should collect and log stderr? */
@@ -224,61 +262,57 @@ static void userv_entry(void *sst)
     dup2(st->in,0);
     dup2(st->out,1);
 
-    /* XXX close all other fds */
     setsid();
-    execvp(st->path,st->argv);
+    /* XXX We really should strdup() all of argv[] but because we'll just
+       exit anyway if execvp() fails it doesn't seem worth bothering. */
+    execvp(st->path,(char *const*)st->argv);
     perror("userv-entry: execvp()");
     exit(1);
 }
 
 static void userv_invoke_userv(struct userv *st)
 {
-    struct userv_entry_rec *er;
+    struct userv_entry_rec er[1];
     int c_stdin[2];
     int c_stdout[2];
-    string_t addrs;
     string_t nets;
     string_t s;
-    struct netlink_route *r;
-    struct ipset *isnets;
+    struct netlink_client *r;
+    struct ipset *allnets;
     struct subnet_list *snets;
-    int i;
+    int i, nread;
     uint8_t confirm;
 
     if (st->pid) {
-	fatal("userv_invoke_userv: already running\n");
+	fatal("userv_invoke_userv: already running");
     }
 
     /* This is where we actually invoke userv - all the networks we'll
        be using should already have been registered. */
 
-    addrs=safe_malloc(512,"userv_invoke_userv:addrs");
-    snprintf(addrs,512,"%s,%s,%d,slip",
-	     ipaddr_to_string(st->slip.local_address),
+    char addrs[512];
+    snprintf(addrs,sizeof(addrs),"%s,%s,%d,slip",
+	     ipaddr_to_string(st->slip.nl.local_address),
 	     ipaddr_to_string(st->slip.nl.secnet_address),st->slip.nl.mtu);
 
-    r=st->slip.nl.routes;
-    isnets=ipset_new();
-    for (i=0; i<st->slip.nl.n_routes; i++) {
-	if (r[i].up) {
-	    struct ipset *sn,*nis;
-	    r[i].kup=True;
-	    sn=ipset_from_subnet(r[i].net);
-	    nis=ipset_union(isnets,sn);
-	    ipset_free(sn);
-	    ipset_free(isnets);
-	    isnets=nis;
+    allnets=ipset_new();
+    for (r=st->slip.nl.clients; r; r=r->next) {
+	if (r->link_quality > LINK_QUALITY_UNUSED) {
+	    struct ipset *nan;
+	    r->kup=True;
+	    nan=ipset_union(allnets,r->networks);
+	    ipset_free(allnets);
+	    allnets=nan;
 	}
     }
-    snets=ipset_to_subnet_list(isnets);
-    ipset_free(isnets);
+    snets=ipset_to_subnet_list(allnets);
+    ipset_free(allnets);
     nets=safe_malloc(20*snets->entries,"userv_invoke_userv:nets");
     *nets=0;
     for (i=0; i<snets->entries; i++) {
 	s=subnet_to_string(snets->list[i]);
 	strcat(nets,s);
 	strcat(nets,",");
-	free(s);
     }
     nets[strlen(nets)-1]=0;
     subnet_list_free(snets);
@@ -289,17 +323,11 @@ static void userv_invoke_userv(struct userv *st)
     st->slip.pending_esc=False;
 
     /* Invoke userv */
-    if (pipe(c_stdin)!=0) {
-	fatal_perror("userv_invoke_userv: pipe(c_stdin)");
-    }
-    if (pipe(c_stdout)!=0) {
-	fatal_perror("userv_invoke_userv: pipe(c_stdout)");
-    }
+    pipe_cloexec(c_stdin);
+    pipe_cloexec(c_stdout);
     st->txfd=c_stdin[1];
     st->rxfd=c_stdout[0];
 
-    er=safe_malloc(sizeof(*r),"userv_invoke_userv: er");
-
     er->in=c_stdin[0];
     er->out=c_stdout[1];
     /* The arguments are:
@@ -308,7 +336,8 @@ static void userv_invoke_userv(struct userv *st)
        service-name
        local-addr,secnet-addr,mtu,protocol
        route1,route2,... */
-    er->argv=safe_malloc(sizeof(*er->argv)*6,"userv_invoke_userv:argv");
+    const char *er_argv[6];
+    er->argv=er_argv;
     er->argv[0]=st->userv_path;
     er->argv[1]=st->service_user;
     er->argv[2]=st->service_name;
@@ -321,30 +350,29 @@ static void userv_invoke_userv(struct userv *st)
 			er, st, st->slip.nl.name);
     close(er->in);
     close(er->out);
-    free(er->argv);
-    free(er);
-    free(addrs);
     free(nets);
     Message(M_INFO,"%s: userv-ipif pid is %d\n",st->slip.nl.name,st->pid);
     /* Read a single character from the pipe to confirm userv-ipif is
        running. If we get a SIGCHLD at this point then we'll get EINTR. */
-    if (read(st->rxfd,&confirm,1)!=1) {
+    if ((nread=read(st->rxfd,&confirm,1))!=1) {
 	if (errno==EINTR) {
 	    Message(M_WARNING,"%s: read of confirmation byte was "
 		    "interrupted\n",st->slip.nl.name);
 	} else {
-	    fatal_perror("%s: read() of confirmation byte",st->slip.nl.name);
+	    if (nread<0) {
+		fatal_perror("%s: error reading confirmation byte",
+			     st->slip.nl.name);
+	    } else {
+		fatal("%s: unexpected EOF instead of confirmation byte"
+		      " - userv ipif failed?", st->slip.nl.name);
+	    }
 	}
     } else {
 	if (confirm!=SLIP_END) {
-	    fatal("%s: bad confirmation byte %d from userv-ipif\n",
+	    fatal("%s: bad confirmation byte %d from userv-ipif",
 		  st->slip.nl.name,confirm);
 	}
     }
-    /* Mark rxfd non-blocking */
-    if (fcntl(st->rxfd, F_SETFL, fcntl(st->rxfd, F_GETFL)|O_NONBLOCK)==-1) {
-	fatal_perror("%s: fcntl(O_NONBLOCK)",st->slip.nl.name);
-    }
 }
 
 static void userv_kill_userv(struct userv *st)
@@ -408,13 +436,7 @@ static list_t *userv_apply(closure_t *self, struct cloc loc, dict_t *context,
     return new_closure(&st->slip.nl.cl);
 }
 
-init_module slip_module;
 void slip_module(dict_t *dict)
 {
     add_closure(dict,"userv-ipif",userv_apply);
-#if 0
-    /* TODO */
-    add_closure(dict,"pty-slip",ptyslip_apply);
-    add_closure(dict,"slipd",slipd_apply);
-#endif /* 0 */
 }