X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=blobdiff_plain;f=slip.c;h=e555f471218b710b12ecbe35a075ec0660533cd1;hp=5eb8dbdb1239e72698eb52d0f53d108af2e2f607;hb=ae5ae3bf5c5709938e3a2bb6203094ede8af45e6;hpb=3abd18e85781e00e2b7fc641f29c99e130238abf diff --git a/slip.c b/slip.c index 5eb8dbd..e555f47 100644 --- a/slip.c +++ b/slip.c @@ -27,11 +27,31 @@ struct slip { bool_t ignoring_packet; /* If this packet was corrupt or overlong, we ignore everything up to the next END */ netlink_deliver_fn *netlink_to_tunnel; - uint32_t local_address; }; /* Generic SLIP mangling code */ +static void slip_write(int fd, const uint8_t *p, size_t l) +{ + while (l) { + ssize_t written=write(fd,p,l); + if (written<0) { + if (errno==EINTR) { + continue; + } else if (iswouldblock(errno)) { + lg_perror(0,"slip",0,M_ERR,errno,"write() (packet(s) lost)"); + return; + } else { + fatal_perror("slip_stuff: write()"); + } + } + assert(written>0); + assert((size_t)written<=l); + p+=written; + l-=written; + } +} + static void slip_stuff(struct slip *st, struct buffer_if *buf, int fd) { uint8_t txbuf[DEFAULT_BUFSIZE]; @@ -57,16 +77,12 @@ static void slip_stuff(struct slip *st, struct buffer_if *buf, int fd) break; } if ((j+2)>DEFAULT_BUFSIZE) { - if (write(fd,txbuf,j)<0) { - fatal_perror("slip_stuff: write()"); - } + slip_write(fd,txbuf,j); j=0; } } txbuf[j++]=SLIP_END; - if (write(fd,txbuf,j)<0) { - fatal_perror("slip_stuff: write()"); - } + slip_write(fd,txbuf,j); BUF_FREE(buf); } @@ -79,6 +95,9 @@ static void slip_unstuff(struct slip *st, uint8_t *buf, uint32_t l) int outputchr; enum { OUTPUT_END = 256, OUTPUT_NOTHING = 257 }; + if (!st->buff->size) + buffer_init(st->buff,calculate_max_start_pad()); + if (st->pending_esc) { st->pending_esc=False; switch(buf[i]) { @@ -115,7 +134,7 @@ static void slip_unstuff(struct slip *st, uint8_t *buf, uint32_t l) if (st->ignoring_packet) { if (outputchr == OUTPUT_END) { st->ignoring_packet=False; - buffer_init(st->buff,calculate_max_start_pad()); + st->buff->size=0; } } else { if (outputchr == OUTPUT_END) { @@ -123,9 +142,9 @@ static void slip_unstuff(struct slip *st, uint8_t *buf, uint32_t l) st->netlink_to_tunnel(&st->nl,st->buff); BUF_ALLOC(st->buff,"userv_afterpoll"); } - buffer_init(st->buff,calculate_max_start_pad()); + st->buff->size=0; } else if (outputchr != OUTPUT_NOTHING) { - if (st->buff->size < st->buff->len) { + if (buf_remaining_space(st->buff)) { buf_append_uint8(st->buff,outputchr); } else { Message(M_WARNING, "userv_afterpoll: dropping overlong" @@ -144,8 +163,6 @@ static void slip_init(struct slip *st, struct cloc loc, dict_t *dict, netlink_init(&st->nl,st,loc,dict, "netlink-userv-ipif",NULL,to_host); st->buff=find_cl_if(dict,"buffer",CL_BUFFER,True,"name",loc); - st->local_address=string_item_to_ipaddr( - dict_find_item(dict,"local-address", True, name, loc),"netlink"); BUF_ALLOC(st->buff,"slip_init"); st->pending_esc=False; st->ignoring_packet=False; @@ -170,13 +187,13 @@ static int userv_beforepoll(void *sst, struct pollfd *fds, int *nfds_io, struct userv *st=sst; if (st->rxfd!=-1) { - *nfds_io=2; + BEFOREPOLL_WANT_FDS(2); fds[0].fd=st->txfd; fds[0].events=0; /* Might want to pick up POLLOUT sometime */ fds[1].fd=st->rxfd; fds[1].events=POLLIN; } else { - *nfds_io=0; + BEFOREPOLL_WANT_FDS(0); } return 0; } @@ -195,7 +212,7 @@ static void userv_afterpoll(void *sst, struct pollfd *fds, int nfds) if (fds[1].revents&POLLIN) { l=read(st->rxfd,rxbuf,DEFAULT_BUFSIZE); if (l<0) { - if (errno!=EINTR) + if (errno!=EINTR && !iswouldblock(errno)) fatal_perror("%s: userv_afterpoll: read(rxfd)", st->slip.nl.name); } else if (l==0) { @@ -210,6 +227,14 @@ static void userv_deliver_to_kernel(void *sst, struct buffer_if *buf) { struct userv *st=sst; + if (buf->size > st->slip.nl.mtu) { + Message(M_ERR,"%s: packet of size %"PRIu32" exceeds mtu %"PRIu32":" + " cannot be injected into kernel, dropped\n", + st->slip.nl.name, buf->size, st->slip.nl.mtu); + BUF_FREE(buf); + return; + } + slip_stuff(&st->slip,buf,st->txfd); } @@ -222,20 +247,13 @@ static void userv_userv_callback(void *sst, pid_t pid, int status) "(expected %d)\n",pid,st->pid); return; } - if (!st->expecting_userv_exit) { - if (WIFEXITED(status)) { - fatal("%s: userv exited unexpectedly with status %d", - st->slip.nl.name,WEXITSTATUS(status)); - } else if (WIFSIGNALED(status)) { - fatal("%s: userv exited unexpectedly: uncaught signal %d", - st->slip.nl.name,WTERMSIG(status)); - } else { - fatal("%s: userv stopped unexpectedly", - st->slip.nl.name); - } + if (!(st->expecting_userv_exit && + (!status || + (WIFSIGNALED(status) && WTERMSIG(status)==SIGTERM)))) { + lg_exitstatus(0,st->slip.nl.name,0, + st->expecting_userv_exit ? M_WARNING : M_FATAL, + status,"userv"); } - Message(M_WARNING,"%s: userv subprocess died with status %d\n", - st->slip.nl.name,WEXITSTATUS(status)); st->pid=0; } @@ -254,10 +272,7 @@ static void userv_entry(void *sst) dup2(st->in,0); dup2(st->out,1); - /* XXX close all other fds */ setsid(); - /* XXX We really should strdup() all of argv[] but because we'll just - exit anyway if execvp() fails it doesn't seem worth bothering. */ execvp(st->path,(char *const*)st->argv); perror("userv-entry: execvp()"); exit(1); @@ -265,10 +280,9 @@ static void userv_entry(void *sst) static void userv_invoke_userv(struct userv *st) { - struct userv_entry_rec *er; + struct userv_entry_rec er[1]; int c_stdin[2]; int c_stdout[2]; - string_t addrs; string_t nets; string_t s; struct netlink_client *r; @@ -284,9 +298,9 @@ static void userv_invoke_userv(struct userv *st) /* This is where we actually invoke userv - all the networks we'll be using should already have been registered. */ - addrs=safe_malloc(512,"userv_invoke_userv:addrs"); - snprintf(addrs,512,"%s,%s,%d,slip", - ipaddr_to_string(st->slip.local_address), + char addrs[512]; + snprintf(addrs,sizeof(addrs),"%s,%s,%d,slip", + ipaddr_to_string(st->slip.nl.local_address), ipaddr_to_string(st->slip.nl.secnet_address),st->slip.nl.mtu); allnets=ipset_new(); @@ -307,7 +321,6 @@ static void userv_invoke_userv(struct userv *st) s=subnet_to_string(snets->list[i]); strcat(nets,s); strcat(nets,","); - free(s); } nets[strlen(nets)-1]=0; subnet_list_free(snets); @@ -318,17 +331,11 @@ static void userv_invoke_userv(struct userv *st) st->slip.pending_esc=False; /* Invoke userv */ - if (pipe(c_stdin)!=0) { - fatal_perror("userv_invoke_userv: pipe(c_stdin)"); - } - if (pipe(c_stdout)!=0) { - fatal_perror("userv_invoke_userv: pipe(c_stdout)"); - } + pipe_cloexec(c_stdin); + pipe_cloexec(c_stdout); st->txfd=c_stdin[1]; st->rxfd=c_stdout[0]; - er=safe_malloc(sizeof(*r),"userv_invoke_userv: er"); - er->in=c_stdin[0]; er->out=c_stdout[1]; /* The arguments are: @@ -337,7 +344,8 @@ static void userv_invoke_userv(struct userv *st) service-name local-addr,secnet-addr,mtu,protocol route1,route2,... */ - er->argv=safe_malloc(sizeof(*er->argv)*6,"userv_invoke_userv:argv"); + const char *er_argv[6]; + er->argv=er_argv; er->argv[0]=st->userv_path; er->argv[1]=st->service_user; er->argv[2]=st->service_name; @@ -350,9 +358,6 @@ static void userv_invoke_userv(struct userv *st) er, st, st->slip.nl.name); close(er->in); close(er->out); - free(er->argv); - free(er); - free(addrs); free(nets); Message(M_INFO,"%s: userv-ipif pid is %d\n",st->slip.nl.name,st->pid); /* Read a single character from the pipe to confirm userv-ipif is @@ -376,6 +381,8 @@ static void userv_invoke_userv(struct userv *st) st->slip.nl.name,confirm); } } + setnonblock(st->txfd); + setnonblock(st->rxfd); } static void userv_kill_userv(struct userv *st) @@ -394,7 +401,7 @@ static void userv_phase_hook(void *sst, uint32_t newphase) if (newphase==PHASE_RUN) { userv_invoke_userv(st); /* Register for poll() */ - register_for_poll(st, userv_beforepoll, userv_afterpoll, 2, + register_for_poll(st, userv_beforepoll, userv_afterpoll, st->slip.nl.name); } if (newphase==PHASE_SHUTDOWN) {