3 * Make programs use Unix-domain sockets instead of IP
5 * (c) 2008 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of the preload-hacks package.
12 * Preload-hacks are free software; you can redistribute it and/or modify
13 * them under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or (at
15 * your option) any later version.
17 * Preload-hacks are distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
22 * You should have received a copy of the GNU General Public License along
23 * with preload-hacks; if not, write to the Free Software Foundation, Inc.,
24 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
32 /*----- Header files ------------------------------------------------------*/
48 #include <sys/ioctl.h>
49 #include <sys/socket.h>
53 #include <netinet/in.h>
54 #include <arpa/inet.h>
55 #include <netinet/tcp.h>
56 #include <netinet/udp.h>
60 /*----- Data structures ---------------------------------------------------*/
62 enum { UNUSED, STALE, USED }; /* Unix socket status values */
63 enum { WANT_FRESH, WANT_EXISTING }; /* Socket address dispositions */
64 enum { DENY, ALLOW }; /* ACL verdicts */
66 static int address_families[] = { AF_INET, AF_INET6, -1 };
70 /* Address representations. */
71 typedef union ipaddr {
76 /* Convenient socket address hacking. */
77 typedef union address {
79 struct sockaddr_in sin;
80 struct sockaddr_in6 sin6;
83 /* Access control list nodes */
84 typedef struct aclnode {
88 ipaddr minaddr, maxaddr;
89 unsigned short minport, maxport;
92 /* A type for an address range */
93 typedef struct addrrange {
96 struct { int af; ipaddr min, max; } range;
99 enum { EMPTY, ANY, LOCAL, RANGE };
101 /* Local address records */
102 typedef struct full_ipaddr {
106 #define MAX_LOCAL_IPADDRS 64
107 static full_ipaddr local_ipaddrs[MAX_LOCAL_IPADDRS];
108 static int n_local_ipaddrs;
110 /* General configuration */
112 static char *sockdir = 0;
113 static int debug = 0;
114 static unsigned minautoport = 16384, maxautoport = 65536;
116 /* Access control lists */
117 static aclnode *bind_real, **bind_tail = &bind_real;
118 static aclnode *connect_real, **connect_tail = &connect_real;
120 /*----- Import the real versions of functions -----------------------------*/
122 /* The list of functions to immport. */
124 _(socket, int, (int, int, int)) \
125 _(socketpair, int, (int, int, int, int *)) \
126 _(connect, int, (int, const struct sockaddr *, socklen_t)) \
127 _(bind, int, (int, const struct sockaddr *, socklen_t)) \
128 _(accept, int, (int, struct sockaddr *, socklen_t *)) \
129 _(getsockname, int, (int, struct sockaddr *, socklen_t *)) \
130 _(getpeername, int, (int, struct sockaddr *, socklen_t *)) \
131 _(getsockopt, int, (int, int, int, void *, socklen_t *)) \
132 _(setsockopt, int, (int, int, int, const void *, socklen_t)) \
133 _(sendto, ssize_t, (int, const void *buf, size_t, int, \
134 const struct sockaddr *to, socklen_t tolen)) \
135 _(recvfrom, ssize_t, (int, void *buf, size_t, int, \
136 struct sockaddr *from, socklen_t *fromlen)) \
137 _(sendmsg, ssize_t, (int, const struct msghdr *, int)) \
138 _(recvmsg, ssize_t, (int, struct msghdr *, int)) \
139 _(ioctl, int, (int, unsigned long, ...))
141 /* Function pointers to set up. */
142 #define DECL(imp, ret, args) static ret (*real_##imp) args;
146 /* Import the system calls. */
147 static void import(void)
149 #define IMPORT(imp, ret, args) \
150 real_##imp = (ret (*)args)dlsym(RTLD_NEXT, #imp);
155 /*----- Utilities ---------------------------------------------------------*/
157 /* Socket address casts */
158 #define SA(sa) ((struct sockaddr *)(sa))
159 #define SIN(sa) ((struct sockaddr_in *)(sa))
160 #define SIN6(sa) ((struct sockaddr_in6 *)(sa))
161 #define SUN(sa) ((struct sockaddr_un *)(sa))
164 #define UC(ch) ((unsigned char)(ch))
166 /* Memory allocation */
167 #define NEW(x) ((x) = xmalloc(sizeof(*x)))
168 #define NEWV(x, n) ((x) = xmalloc(sizeof(*x) * (n)))
172 # define D(body) { if (debug) { body } }
173 # define Dpid pid_t pid = debug ? getpid() : -1
179 /* Preservation of error status */
180 #define PRESERVING_ERRNO(body) do { \
181 int _err = errno; { body } errno = _err; \
184 /* Allocate N bytes of memory; abort on failure. */
185 static void *xmalloc(size_t n)
189 if ((p = malloc(n)) == 0) { perror("malloc"); exit(127); }
193 /* Allocate a copy of the null-terminated string P; abort on failure. */
194 static char *xstrdup(const char *p)
196 size_t n = strlen(p) + 1;
197 char *q = xmalloc(n);
202 /*----- Address-type hacking ----------------------------------------------*/
204 /* If M is a simple mask, i.e., consists of a sequence of zero bits followed
205 * by a sequence of one bits, then return the length of the latter sequence
206 * (which may be zero); otherwise return -1.
208 static int simple_mask_length(unsigned long m)
212 while (m & 1) { n++; m >>= 1; }
216 /* Answer whether AF is an interesting address family. */
217 static int family_known_p(int af)
228 /* Return the socket address length for address family AF. */
229 static socklen_t family_socklen(int af)
232 case AF_INET: return (sizeof(struct sockaddr_in));
233 case AF_INET6: return (sizeof(struct sockaddr_in6));
238 /* Return the width of addresses of kind AF. */
239 static int address_width(int af)
242 case AF_INET: return 32;
243 case AF_INET6: return 128;
248 /* If addresses A and B share a common prefix then return its length;
249 * otherwise return -1.
251 static int common_prefix_length(int af, const ipaddr *a, const ipaddr *b)
255 unsigned long aa = ntohl(a->v4.s_addr), bb = ntohl(b->v4.s_addr);
256 unsigned long m = aa^bb;
257 if ((aa&m) == 0 && (bb&m) == m) return (32 - simple_mask_length(m));
261 const uint8_t *aa = a->v6.s6_addr, *bb = b->v6.s6_addr;
266 for (i = 0; i < 16 && aa[i] == bb[i]; i++);
270 if ((aa[i]&m) != 0 || (bb[i]&m) != m) return (-1);
271 n += 8 - simple_mask_length(m);
272 for (i++; i < 16; i++)
273 if (aa[i] || bb[i] != 0xff) return (-1);
282 /* Extract the port number (in host byte-order) from SA. */
283 static int port_from_sockaddr(const struct sockaddr *sa)
285 switch (sa->sa_family) {
286 case AF_INET: return (ntohs(SIN(sa)->sin_port));
287 case AF_INET6: return (ntohs(SIN6(sa)->sin6_port));
292 /* Store the port number PORT (in host byte-order) in SA. */
293 static void port_to_sockaddr(struct sockaddr *sa, int port)
295 switch (sa->sa_family) {
296 case AF_INET: SIN(sa)->sin_port = htons(port); break;
297 case AF_INET6: SIN6(sa)->sin6_port = htons(port); break;
302 /* Extract the address part from SA and store it in A. */
303 static void ipaddr_from_sockaddr(ipaddr *a, const struct sockaddr *sa)
305 switch (sa->sa_family) {
306 case AF_INET: a->v4 = SIN(sa)->sin_addr; break;
307 case AF_INET6: a->v6 = SIN6(sa)->sin6_addr; break;
312 /* Copy a whole socket address about. */
313 static void copy_sockaddr(struct sockaddr *sa_dst,
314 const struct sockaddr *sa_src)
315 { memcpy(sa_dst, sa_src, family_socklen(sa_src->sa_family)); }
317 /* Answer whether two addresses are equal. */
318 static int ipaddr_equal_p(int af, const ipaddr *a, const ipaddr *b)
321 case AF_INET: return (a->v4.s_addr == b->v4.s_addr);
322 case AF_INET6: return (memcmp(a->v6.s6_addr, b->v6.s6_addr, 16) == 0);
327 /* Answer whether the address part of SA is between A and B (inclusive). We
328 * assume that SA has the correct address family.
330 static int sockaddr_in_range_p(const struct sockaddr *sa,
331 const ipaddr *a, const ipaddr *b)
333 switch (sa->sa_family) {
335 unsigned long addr = ntohl(SIN(sa)->sin_addr.s_addr);
336 return (ntohl(a->v4.s_addr) <= addr &&
337 addr <= ntohl(b->v4.s_addr));
340 const uint8_t *ss = SIN6(sa)->sin6_addr.s6_addr;
341 const uint8_t *aa = a->v6.s6_addr, *bb = b->v6.s6_addr;
345 for (i = 0; h && l && i < 16; i++, ss++, aa++, bb++) {
346 if (*ss < *aa || *bb < *ss) return (0);
347 if (*aa < *ss) l = 0;
348 if (*ss < *bb) h = 0;
357 /* Fill in SA with the appropriate wildcard address. */
358 static void wildcard_address(int af, struct sockaddr *sa)
362 struct sockaddr_in *sin = SIN(sa);
363 memset(sin, 0, sizeof(*sin));
364 sin->sin_family = AF_INET;
366 sin->sin_addr.s_addr = INADDR_ANY;
369 struct sockaddr_in6 *sin6 = SIN6(sa);
370 memset(sin6, 0, sizeof(*sin6));
371 sin6->sin6_family = AF_INET6;
373 sin6->sin6_addr = in6addr_any;
374 sin6->sin6_scope_id = 0;
375 sin6->sin6_flowinfo = 0;
382 /* Mask the address A, forcing all but the top PLEN bits to zero or one
383 * according to HIGHP.
385 static void mask_address(int af, ipaddr *a, int plen, int highp)
389 unsigned long addr = ntohl(a->v4.s_addr);
390 unsigned long mask = plen ? ~0ul << (32 - plen) : 0;
392 if (highp) addr |= ~mask;
393 a->v4.s_addr = htonl(addr & 0xffffffff);
397 unsigned m = (0xff << (8 - plen%8)) & 0xff;
398 unsigned s = highp ? 0xff : 0;
400 a->v6.s6_addr[i] = (a->v6.s6_addr[i] & m) | (s & ~m);
403 for (; i < 16; i++) a->v6.s6_addr[i] = s;
410 /* Write a presentation form of SA to BUF, a buffer of length SZ. LEN is the
411 * address length; if it's zero, look it up based on the address family.
412 * Return a pointer to the string (which might, in an emergency, be a static
413 * string rather than your buffer).
415 static char *present_sockaddr(const struct sockaddr *sa, socklen_t len,
416 char *buf, size_t sz)
418 #define WANT(n_) do { if (sz < (n_)) goto nospace; } while (0)
419 #define PUTC(c_) do { *buf++ = (c_); sz--; } while (0)
421 if (!sa) return "<null-address>";
422 if (!sz) return "<no-space-in-buffer>";
423 if (!len) len = family_socklen(sa->sa_family);
425 switch (sa->sa_family) {
427 struct sockaddr_un *sun = SUN(sa);
428 char *p = sun->sun_path;
429 size_t n = len - offsetof(struct sockaddr_un, sun_path);
437 case 0: WANT(2); PUTC('\\'); PUTC('0'); break;
438 case '\a': WANT(2); PUTC('\\'); PUTC('a'); break;
439 case '\n': WANT(2); PUTC('\\'); PUTC('n'); break;
440 case '\r': WANT(2); PUTC('\\'); PUTC('r'); break;
441 case '\t': WANT(2); PUTC('\\'); PUTC('t'); break;
442 case '\v': WANT(2); PUTC('\\'); PUTC('v'); break;
443 case '\\': WANT(2); PUTC('\\'); PUTC('\\'); break;
445 if (*p > ' ' && *p <= '~')
446 { WANT(1); PUTC(*p); }
448 WANT(4); PUTC('\\'); PUTC('x');
449 PUTC((*p >> 4)&0xf); PUTC((*p >> 0)&0xf);
456 if (*p != '/') { WANT(2); PUTC('.'); PUTC('/'); }
457 while (n && *p) { WANT(1); PUTC(*p); p++; n--; }
461 case AF_INET: case AF_INET6: {
462 char addrbuf[NI_MAXHOST], portbuf[NI_MAXSERV];
463 int err = getnameinfo(sa, len,
464 addrbuf, sizeof(addrbuf),
465 portbuf, sizeof(portbuf),
466 NI_NUMERICHOST | NI_NUMERICSERV);
468 snprintf(buf, sz, strchr(addrbuf, ':') ? "[%s]:%s" : "%s:%s",
472 snprintf(buf, sz, "<unknown-address-family %d>", sa->sa_family);
482 /* Guess the family of a textual socket address. */
483 static int guess_address_family(const char *p)
484 { return (strchr(p, ':') ? AF_INET6 : AF_INET); }
486 /* Parse a socket address P and write the result to SA. */
487 static int parse_sockaddr(struct sockaddr *sa, const char *p)
491 struct addrinfo *ai, ai_hint = { 0 };
493 if (strlen(p) >= sizeof(buf) - 1) return (-1);
494 strcpy(buf, p); p = buf;
496 if ((q = strchr(p, ':')) == 0) return (-1);
500 if ((q = strchr(p, ']')) == 0) return (-1);
502 if (*q != ':') return (-1);
506 ai_hint.ai_family = AF_UNSPEC;
507 ai_hint.ai_socktype = SOCK_DGRAM;
508 ai_hint.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
509 if (getaddrinfo(p, q, &ai_hint, &ai)) return (-1);
510 memcpy(sa, ai->ai_addr, ai->ai_addrlen);
515 /*----- Access control lists ----------------------------------------------*/
519 static void dump_addrrange(int af, const ipaddr *min, const ipaddr *max)
525 plen = common_prefix_length(af, min, max);
526 p = inet_ntop(af, min, buf, sizeof(buf));
527 fprintf(stderr, strchr(p, ':') ? "[%s]" : "%s", p);
529 p = inet_ntop(af, &max, buf, sizeof(buf));
530 fprintf(stderr, strchr(p, ':') ? "-[%s]" : "-%s", p);
531 } else if (plen < address_width(af))
532 fprintf(stderr, "/%d", plen);
535 /* Write to standard error a description of the ACL node A. */
536 static void dump_aclnode(const aclnode *a)
538 fprintf(stderr, "noip(%d): %c ", getpid(), a->act ? '+' : '-');
539 dump_addrrange(a->af, &a->minaddr, &a->maxaddr);
540 if (a->minport != 0 || a->maxport != 0xffff) {
541 fprintf(stderr, ":%u", (unsigned)a->minport);
542 if (a->minport != a->maxport)
543 fprintf(stderr, "-%u", (unsigned)a->maxport);
548 static void dump_acl(const aclnode *a)
552 for (; a; a = a->next) {
556 fprintf(stderr, "noip(%d): [default policy: %s]\n", getpid(),
557 act == ALLOW ? "DENY" : "ALLOW");
562 /* Returns nonzero if the ACL A allows the socket address SA. */
563 static int acl_allows_p(const aclnode *a, const struct sockaddr *sa)
565 unsigned short port = port_from_sockaddr(sa);
569 D({ char buf[ADDRBUFSZ];
570 fprintf(stderr, "noip(%d): check %s\n", pid,
571 present_sockaddr(sa, 0, buf, sizeof(buf))); })
572 for (; a; a = a->next) {
573 D( dump_aclnode(a); )
574 if (sockaddr_in_range_p(sa, &a->minaddr, &a->maxaddr) &&
575 a->minport <= port && port <= a->maxport) {
576 D( fprintf(stderr, "noip(%d): aha! %s\n", pid,
577 a->act ? "ALLOW" : "DENY"); )
582 D( fprintf(stderr, "noip(%d): nothing found: %s\n", pid,
583 act ? "DENY" : "ALLOW"); )
587 /*----- Socket address conversion -----------------------------------------*/
589 /* Return a uniformly distributed integer between MIN and MAX inclusive. */
590 static unsigned randrange(unsigned min, unsigned max)
594 /* It's so nice not to have to care about the quality of the generator
598 for (mask = 1; mask < max; mask = (mask << 1) | 1)
600 do i = rand() & mask; while (i > max);
604 /* Return the status of Unix-domain socket address SUN. Returns: UNUSED if
605 * the socket doesn't exist; USED if the path refers to an active socket, or
606 * isn't really a socket at all, or we can't tell without a careful search
607 * and QUICKP is set; or STALE if the file refers to a socket which isn't
608 * being used any more.
610 static int unix_socket_status(struct sockaddr_un *sun, int quickp)
618 if (stat(sun->sun_path, &st))
619 return (errno == ENOENT ? UNUSED : USED);
620 if (!S_ISSOCK(st.st_mode) || quickp)
623 if ((fp = fopen("/proc/net/unix", "r")) == 0)
625 if (!fgets(buf, sizeof(buf), fp)) goto done; /* skip header */
626 len = strlen(sun->sun_path);
627 while (fgets(buf, sizeof(buf), fp)) {
629 if (n >= len + 2 && buf[n - len - 2] == ' ' && buf[n - 1] == '\n' &&
630 memcmp(buf + n - len - 1, sun->sun_path, len) == 0)
641 /* Convert the IP address SA to a Unix-domain address SUN. Fail if the
642 * address seems already taken. If DESPARATEP then try cleaning up stale old
645 static int encode_unused_inet_addr(struct sockaddr *sa,
646 struct sockaddr_un *sun,
650 struct sockaddr_un wsun;
654 snprintf(sun->sun_path, sizeof(sun->sun_path), "%s/%s", sockdir,
655 present_sockaddr(sa, 0, buf, sizeof(buf)));
656 if ((rc = unix_socket_status(sun, !desperatep)) == USED) return (-1);
657 else if (rc == STALE) unlink(sun->sun_path);
659 wildcard_address(sa->sa_family, &waddr.sa);
660 port_to_sockaddr(&waddr.sa, port_from_sockaddr(sa));
661 snprintf(wsun.sun_path, sizeof(wsun.sun_path), "%s/%s", sockdir,
662 present_sockaddr(&waddr.sa, 0, buf, sizeof(buf)));
663 if ((rc = unix_socket_status(&wsun, !desperatep)) == USED) return (-1);
664 else if (rc == STALE) unlink(wsun.sun_path);
669 /* Encode the Internet address SA as a Unix-domain address SUN. If WANT is
670 * WANT_FRESH, and SA's port number is zero, then we pick an arbitrary local
671 * port. Otherwise we pick the port given. There's an unpleasant hack to
672 * find servers bound to local wildcard addresses. Returns zero on success;
675 static int encode_inet_addr(struct sockaddr_un *sun,
676 const struct sockaddr *sa,
685 D( fprintf(stderr, "noip(%d): encode %s (%s)", getpid(),
686 present_sockaddr(sa, 0, buf, sizeof(buf)),
687 want == WANT_EXISTING ? "EXISTING" : "FRESH"); )
688 sun->sun_family = AF_UNIX;
689 if (port_from_sockaddr(sa) || want == WANT_EXISTING) {
690 snprintf(sun->sun_path, sizeof(sun->sun_path), "%s/%s", sockdir,
691 present_sockaddr(sa, 0, buf, sizeof(buf)));
692 rc = unix_socket_status(sun, 0);
693 if (rc == STALE) unlink(sun->sun_path);
694 if (rc != USED && want == WANT_EXISTING) {
695 wildcard_address(sa->sa_family, &addr.sa);
696 port_to_sockaddr(&addr.sa, port_from_sockaddr(sa));
697 snprintf(sun->sun_path, sizeof(sun->sun_path), "%s/%s", sockdir,
698 present_sockaddr(&addr.sa, 0, buf, sizeof(buf)));
699 if (unix_socket_status(sun, 0) == STALE) unlink(sun->sun_path);
702 copy_sockaddr(&addr.sa, sa);
703 for (i = 0; i < 10; i++) {
704 port_to_sockaddr(&addr.sa, randrange(minautoport, maxautoport));
705 if (!encode_unused_inet_addr(&addr.sa, sun, 0)) goto found;
707 for (desperatep = 0; desperatep < 2; desperatep++) {
708 for (i = minautoport; i <= maxautoport; i++) {
709 port_to_sockaddr(&addr.sa, i);
710 if (!encode_unused_inet_addr(&addr.sa, sun, 0)) goto found;
714 D( fprintf(stderr, " -- can't resolve\n"); )
718 D( fprintf(stderr, " -> `%s'\n", sun->sun_path); )
722 /* Decode the Unix address SUN to an Internet address SIN. If AF_HINT is
723 * nonzero, an empty address (indicative of an unbound Unix-domain socket) is
724 * translated to a wildcard Internet address of the appropriate family.
725 * Returns zero on success; -1 on failure (e.g., it wasn't one of our
728 static int decode_inet_addr(struct sockaddr *sa, int af_hint,
729 const struct sockaddr_un *sun,
733 size_t n = strlen(sockdir), nn;
736 if (!sa) sa = &addr.sa;
737 if (sun->sun_family != AF_UNIX) return (-1);
738 if (len > sizeof(*sun)) return (-1);
739 ((char *)sun)[len] = 0;
740 nn = strlen(sun->sun_path);
741 D( fprintf(stderr, "noip(%d): decode `%s'", getpid(), sun->sun_path); )
742 if (af_hint && !sun->sun_path[0]) {
743 wildcard_address(af_hint, sa);
744 D( fprintf(stderr, " -- unbound socket\n"); )
747 if (nn < n + 1 || nn - n >= sizeof(buf) || sun->sun_path[n] != '/' ||
748 memcmp(sun->sun_path, sockdir, n) != 0) {
749 D( fprintf(stderr, " -- not one of ours\n"); )
752 if (parse_sockaddr(sa, sun->sun_path + n + 1)) return (-1);
753 D( fprintf(stderr, " -> %s\n",
754 present_sockaddr(sa, 0, buf, sizeof(buf))); )
758 /* SK is (or at least might be) a Unix-domain socket we created when an
759 * Internet socket was asked for. We've decided it should be an Internet
760 * socket after all, with family AF_HINT, so convert it. If TMP is not null,
761 * then don't replace the existing descriptor: store the new socket in *TMP
764 static int fixup_real_ip_socket(int sk, int af_hint, int *tmp)
769 struct sockaddr_un sun;
782 _(LINGER, struct linger) \
785 _(RCVTIMEO, struct timeval) \
786 _(SNDTIMEO, struct timeval)
789 if (real_getsockname(sk, SA(&sun), &len))
791 if (decode_inet_addr(&addr.sa, af_hint, &sun, len))
792 return (0); /* Not one of ours */
794 if (real_getsockopt(sk, SOL_SOCKET, SO_TYPE, &type, &len) < 0 ||
795 (nsk = real_socket(addr.sa.sa_family, type, 0)) < 0)
797 #define FIX(opt, ty) do { \
800 if (real_getsockopt(sk, SOL_SOCKET, SO_##opt, &ov_, &len) < 0 || \
801 real_setsockopt(nsk, SOL_SOCKET, SO_##opt, &ov_, len)) { \
811 if ((f = fcntl(sk, F_GETFL)) < 0 ||
812 (fd = fcntl(sk, F_GETFD)) < 0 ||
813 fcntl(nsk, F_SETFL, f) < 0 ||
818 unlink(sun.sun_path);
820 if (fcntl(sk, F_SETFD, fd) < 0) {
821 perror("noip: fixup_real_ip_socket F_SETFD");
828 /* The socket SK is about to be used to communicate with the remote address
829 * SA. Assign it a local address so that getpeername(2) does something
832 static int do_implicit_bind(int sk, const struct sockaddr **sa,
833 socklen_t *len, struct sockaddr_un *sun)
836 socklen_t mylen = sizeof(*sun);
838 if (acl_allows_p(connect_real, *sa)) {
839 if (fixup_real_ip_socket(sk, (*sa)->sa_family, 0)) return (-1);
841 if (real_getsockname(sk, SA(sun), &mylen) < 0) return (-1);
842 if (sun->sun_family == AF_UNIX) {
843 if (mylen < sizeof(*sun)) ((char *)sun)[mylen] = 0;
844 if (!sun->sun_path[0]) {
845 wildcard_address((*sa)->sa_family, &addr.sa);
846 encode_inet_addr(sun, &addr.sa, WANT_FRESH);
847 if (real_bind(sk, SA(sun), SUN_LEN(sun))) return (-1);
849 encode_inet_addr(sun, *sa, WANT_EXISTING);
857 /* We found the real address SA, with length LEN; if it's a Unix-domain
858 * address corresponding to a fake socket, convert it to cover up the
859 * deception. Whatever happens, put the result at FAKE and store its length
862 static void return_fake_name(struct sockaddr *sa, socklen_t len,
863 struct sockaddr *fake, socklen_t *fakelen)
868 if (sa->sa_family == AF_UNIX &&
869 !decode_inet_addr(&addr.sa, 0, SUN(sa), len)) {
871 len = family_socklen(addr.sa.sa_family);
874 if (len > *fakelen) len = *fakelen;
875 if (len > 0) memcpy(fake, sa, len);
879 /*----- Configuration -----------------------------------------------------*/
881 /* Return the process owner's home directory. */
882 static char *home(void)
887 if (getuid() == uid &&
888 (p = getenv("HOME")) != 0)
890 else if ((pw = getpwuid(uid)) != 0)
896 /* Return a good temporary directory to use. */
897 static char *tmpdir(void)
901 if ((p = getenv("TMPDIR")) != 0) return (p);
902 else if ((p = getenv("TMP")) != 0) return (p);
903 else return ("/tmp");
906 /* Return the user's name, or at least something distinctive. */
907 static char *user(void)
913 if ((p = getenv("USER")) != 0) return (p);
914 else if ((p = getenv("LOGNAME")) != 0) return (p);
915 else if ((pw = getpwuid(uid)) != 0) return (pw->pw_name);
917 snprintf(buf, sizeof(buf), "uid-%lu", (unsigned long)uid);
922 /* Skip P over space characters. */
923 #define SKIPSPC do { while (*p && isspace(UC(*p))) p++; } while (0)
925 /* Set Q to point to the next word following P, null-terminate it, and step P
927 #define NEXTWORD(q) do { \
930 while (*p && !isspace(UC(*p))) p++; \
934 /* Set Q to point to the next dotted-quad address, store the ending delimiter
935 * in DEL, null-terminate it, and step P past it. */
936 static void parse_nextaddr(char **pp, char **qq, int *del)
944 p += strcspn(p, "]");
949 while (*p && (*p == '.' || isdigit(UC(*p)))) p++;
956 /* Set Q to point to the next decimal number, store the ending delimiter in
957 * DEL, null-terminate it, and step P past it. */
958 #define NEXTNUMBER(q, del) do { \
961 while (*p && isdigit(UC(*p))) p++; \
966 /* Push the character DEL back so we scan it again, unless it's zero
968 #define RESCAN(del) do { if (del) *--p = del; } while (0)
970 /* Evaluate true if P is pointing to the word KW (and not some longer string
971 * of which KW is a prefix). */
973 #define KWMATCHP(kw) (strncmp(p, kw, sizeof(kw) - 1) == 0 && \
974 !isalnum(UC(p[sizeof(kw) - 1])) && \
975 (p += sizeof(kw) - 1))
977 /* Parse a port list, starting at *PP. Port lists have the form
978 * [:LOW[-HIGH]]: if omitted, all ports are included; if HIGH is omitted,
979 * it's as if HIGH = LOW. Store LOW in *MIN, HIGH in *MAX and set *PP to the
980 * rest of the string.
982 static void parse_ports(char **pp, unsigned short *min, unsigned short *max)
989 { *min = 0; *max = 0xffff; }
992 NEXTNUMBER(q, del); *min = strtoul(q, 0, 0); RESCAN(del);
995 { p++; NEXTNUMBER(q, del); *max = strtoul(q, 0, 0); RESCAN(del); }
1002 /* Parse an address range designator starting at PP and store a
1003 * representation of it in R. An address range designator has the form:
1005 * any | local | ADDR | ADDR - ADDR | ADDR/ADDR | ADDR/INT
1007 static int parse_addrrange(char **pp, addrrange *r)
1015 if (KWMATCHP("any")) r->type = ANY;
1016 else if (KWMATCHP("local")) r->type = LOCAL;
1018 parse_nextaddr(&p, &q, &del);
1019 af = guess_address_family(q);
1020 if (inet_pton(af, q, &r->u.range.min) <= 0) goto bad;
1025 parse_nextaddr(&p, &q, &del);
1026 if (inet_pton(af, q, &r->u.range.max) <= 0) goto bad;
1028 } else if (*p == '/') {
1031 n = strtoul(q, 0, 0);
1032 r->u.range.max = r->u.range.min;
1033 mask_address(af, &r->u.range.min, n, 0);
1034 mask_address(af, &r->u.range.max, n, 1);
1037 r->u.range.max = r->u.range.min;
1048 /* Call FUNC on each individual address range in R. */
1049 static void foreach_addrrange(const addrrange *r,
1050 void (*func)(int af,
1056 ipaddr minaddr, maxaddr;
1063 for (i = 0; address_families[i] >= 0; i++) {
1064 af = address_families[i];
1065 memset(&minaddr, 0, sizeof(minaddr));
1066 maxaddr = minaddr; mask_address(af, &maxaddr, 0, 1);
1067 func(af, &minaddr, &maxaddr, p);
1071 for (i = 0; address_families[i] >= 0; i++) {
1072 af = address_families[i];
1073 memset(&minaddr, 0, sizeof(minaddr));
1074 maxaddr = minaddr; mask_address(af, &maxaddr, 0, 1);
1075 func(af, &minaddr, &minaddr, p);
1076 func(af, &maxaddr, &maxaddr, p);
1078 for (i = 0; i < n_local_ipaddrs; i++) {
1079 func(local_ipaddrs[i].af,
1080 &local_ipaddrs[i].addr, &local_ipaddrs[i].addr,
1085 func(r->u.range.af, &r->u.range.min, &r->u.range.max, p);
1092 struct add_aclnode_ctx {
1094 unsigned short minport, maxport;
1098 static void add_aclnode(int af, const ipaddr *min, const ipaddr *max,
1101 struct add_aclnode_ctx *ctx = p;
1107 a->minaddr = *min; a->maxaddr = *max;
1108 a->minport = ctx->minport; a->maxport = ctx->maxport;
1109 **ctx->tail = a; *ctx->tail = &a->next;
1112 /* Parse an ACL line. *PP points to the end of the line; *TAIL points to
1113 * the list tail (i.e., the final link in the list). An ACL entry has the
1114 * form +|- ADDR-RANGE PORTS
1115 * where PORTS is parsed by parse_ports above; an ACL line consists of a
1116 * comma-separated sequence of entries..
1118 static void parse_acl_line(char **pp, aclnode ***tail)
1120 struct add_aclnode_ctx ctx;
1127 if (*p == '+') ctx.act = ALLOW;
1128 else if (*p == '-') ctx.act = DENY;
1132 if (parse_addrrange(&p, &r)) goto bad;
1133 parse_ports(&p, &ctx.minport, &ctx.maxport);
1134 foreach_addrrange(&r, add_aclnode, &ctx);
1136 if (*p != ',') break;
1144 D( fprintf(stderr, "noip(%d): bad acl spec (ignored)\n", getpid()); )
1148 /* Parse an ACL from an environment variable VAR, attaching it to the list
1151 static void parse_acl_env(const char *var, aclnode ***tail)
1155 if ((p = getenv(var)) != 0) {
1157 parse_acl_line(&q, tail);
1162 /* Parse the autoports configuration directive. Syntax is MIN - MAX. */
1163 static void parse_autoports(char **pp)
1170 NEXTNUMBER(q, del); x = strtoul(q, 0, 0); RESCAN(del);
1172 if (*p != '-') goto bad; p++;
1173 NEXTNUMBER(q, del); y = strtoul(q, 0, 0); RESCAN(del);
1174 minautoport = x; maxautoport = y;
1175 SKIPSPC; if (*p) goto bad;
1180 D( fprintf(stderr, "noip(%d): bad port range (ignored)\n", getpid()); )
1184 /* Read the configuration from the config file and environment. */
1185 static void readconfig(void)
1193 parse_acl_env("NOIP_REALBIND_BEFORE", &bind_tail);
1194 parse_acl_env("NOIP_REALCONNECT_BEFORE", &connect_tail);
1195 if ((p = getenv("NOIP_AUTOPORTS")) != 0) {
1197 parse_autoports(&q);
1200 if ((p = getenv("NOIP_CONFIG")) == 0)
1201 snprintf(p = buf, sizeof(buf), "%s/.noip", home());
1202 D( fprintf(stderr, "noip(%d): config file: %s\n", pid, p); )
1204 if ((fp = fopen(p, "r")) == 0) {
1205 D( fprintf(stderr, "noip(%d): couldn't read config: %s\n",
1206 pid, strerror(errno)); )
1209 while (fgets(buf, sizeof(buf), fp)) {
1214 if (!*p || *p == '#') continue;
1215 while (n && isspace(UC(buf[n - 1]))) n--;
1220 if (strcmp(cmd, "socketdir") == 0)
1221 sockdir = xstrdup(p);
1222 else if (strcmp(cmd, "realbind") == 0)
1223 parse_acl_line(&p, &bind_tail);
1224 else if (strcmp(cmd, "realconnect") == 0)
1225 parse_acl_line(&p, &connect_tail);
1226 else if (strcmp(cmd, "autoports") == 0)
1227 parse_autoports(&p);
1228 else if (strcmp(cmd, "debug") == 0)
1229 debug = *p ? atoi(p) : 1;
1231 D( fprintf(stderr, "noip: bad config command %s\n", cmd); )
1236 parse_acl_env("NOIP_REALBIND", &bind_tail);
1237 parse_acl_env("NOIP_REALCONNECT", &connect_tail);
1238 parse_acl_env("NOIP_REALBIND_AFTER", &bind_tail);
1239 parse_acl_env("NOIP_REALCONNECT_AFTER", &connect_tail);
1242 if (!sockdir) sockdir = getenv("NOIP_SOCKETDIR");
1244 snprintf(buf, sizeof(buf), "%s/noip-%s", tmpdir(), user());
1245 sockdir = xstrdup(buf);
1247 D( fprintf(stderr, "noip(%d): socketdir: %s\n", pid, sockdir);
1248 fprintf(stderr, "noip(%d): autoports: %u-%u\n",
1249 pid, minautoport, maxautoport);
1250 fprintf(stderr, "noip(%d): realbind acl:\n", pid);
1251 dump_acl(bind_real);
1252 fprintf(stderr, "noip(%d): realconnect acl:\n", pid);
1253 dump_acl(connect_real); )
1256 /*----- Overridden system calls -------------------------------------------*/
1258 static void dump_syserr(long rc)
1259 { fprintf(stderr, " => %ld (E%d)\n", rc, errno); }
1261 static void dump_sysresult(long rc)
1263 if (rc < 0) dump_syserr(rc);
1264 else fprintf(stderr, " => %ld\n", rc);
1267 static void dump_addrresult(long rc, const struct sockaddr *sa,
1270 char addrbuf[ADDRBUFSZ];
1272 if (rc < 0) dump_syserr(rc);
1274 fprintf(stderr, " => %ld [%s]\n", rc,
1275 present_sockaddr(sa, len, addrbuf, sizeof(addrbuf)));
1279 int socket(int pf, int ty, int proto)
1283 D( fprintf(stderr, "noip(%d): SOCKET pf=%d, type=%d, proto=%d",
1284 getpid(), pf, ty, proto); )
1288 if (!family_known_p(pf)) {
1289 D( fprintf(stderr, " -> unknown; refuse\n"); )
1290 errno = EAFNOSUPPORT;
1293 D( fprintf(stderr, " -> inet; substitute"); )
1301 D( fprintf(stderr, " -> safe; permit"); )
1304 sk = real_socket(pf, ty, proto);
1305 D( dump_sysresult(sk); )
1309 int socketpair(int pf, int ty, int proto, int *sk)
1313 D( fprintf(stderr, "noip(%d): SOCKETPAIR pf=%d, type=%d, proto=%d",
1314 getpid(), pf, ty, proto); )
1315 if (!family_known_p(pf))
1316 D( fprintf(stderr, " -> unknown; permit"); )
1318 D( fprintf(stderr, " -> inet; substitute"); )
1322 rc = real_socketpair(pf, ty, proto, sk);
1323 D( if (rc < 0) dump_syserr(rc);
1324 else fprintf(stderr, " => %d (%d, %d)\n", rc, sk[0], sk[1]); )
1328 int bind(int sk, const struct sockaddr *sa, socklen_t len)
1330 struct sockaddr_un sun;
1334 D({ char buf[ADDRBUFSZ];
1335 fprintf(stderr, "noip(%d): BIND sk=%d, sa[%d]=%s", pid,
1336 sk, len, present_sockaddr(sa, len, buf, sizeof(buf))); })
1338 if (!family_known_p(sa->sa_family))
1339 D( fprintf(stderr, " -> unknown af; pass through"); )
1341 D( fprintf(stderr, " -> checking...\n"); )
1343 if (acl_allows_p(bind_real, sa)) {
1344 if (fixup_real_ip_socket(sk, sa->sa_family, 0))
1347 encode_inet_addr(&sun, sa, WANT_FRESH);
1349 len = SUN_LEN(&sun);
1352 D( fprintf(stderr, "noip(%d): BIND ...", pid); )
1354 rc = real_bind(sk, sa, len);
1355 D( dump_sysresult(rc); )
1359 int connect(int sk, const struct sockaddr *sa, socklen_t len)
1361 struct sockaddr_un sun;
1365 D({ char buf[ADDRBUFSZ];
1366 fprintf(stderr, "noip(%d): CONNECT sk=%d, sa[%d]=%s", pid,
1367 sk, len, present_sockaddr(sa, len, buf, sizeof(buf))); })
1369 if (!family_known_p(sa->sa_family)) {
1370 D( fprintf(stderr, " -> unknown af; pass through"); )
1371 rc = real_connect(sk, sa, len);
1373 D( fprintf(stderr, " -> checking...\n"); )
1375 do_implicit_bind(sk, &sa, &len, &sun);
1377 D( fprintf(stderr, "noip(%d): CONNECT ...", pid); )
1378 rc = real_connect(sk, sa, len);
1381 case ENOENT: errno = ECONNREFUSED; break;
1385 D( dump_sysresult(rc); )
1389 ssize_t sendto(int sk, const void *buf, size_t len, int flags,
1390 const struct sockaddr *to, socklen_t tolen)
1392 struct sockaddr_un sun;
1396 D({ char addrbuf[ADDRBUFSZ];
1397 fprintf(stderr, "noip(%d): SENDTO sk=%d, len=%lu, flags=%d, to[%d]=%s",
1398 pid, sk, (unsigned long)len, flags, tolen,
1399 present_sockaddr(to, tolen, addrbuf, sizeof(addrbuf))); })
1402 D( fprintf(stderr, " -> null address; leaving"); )
1403 else if (!family_known_p(to->sa_family))
1404 D( fprintf(stderr, " -> unknown af; pass through"); )
1406 D( fprintf(stderr, " -> checking...\n"); )
1408 do_implicit_bind(sk, &to, &tolen, &sun);
1410 D( fprintf(stderr, "noip(%d): SENDTO ...", pid); )
1412 n = real_sendto(sk, buf, len, flags, to, tolen);
1413 D( dump_sysresult(n); )
1417 ssize_t recvfrom(int sk, void *buf, size_t len, int flags,
1418 struct sockaddr *from, socklen_t *fromlen)
1421 socklen_t mylen = sizeof(sabuf);
1425 D( fprintf(stderr, "noip(%d): RECVFROM sk=%d, len=%lu, flags=%d",
1426 pid, sk, (unsigned long)len, flags); )
1429 D( fprintf(stderr, " -> null addr; pass through"); )
1430 n = real_recvfrom(sk, buf, len, flags, 0, 0);
1433 n = real_recvfrom(sk, buf, len, flags, SA(sabuf), &mylen);
1435 D( fprintf(stderr, " -> converting...\n"); )
1436 return_fake_name(SA(sabuf), mylen, from, fromlen);
1437 D( fprintf(stderr, "noip(%d): ... RECVFROM", pid); )
1441 D( dump_addrresult(n, from, fromlen ? *fromlen : 0); )
1445 ssize_t sendmsg(int sk, const struct msghdr *msg, int flags)
1447 struct sockaddr_un sun;
1448 const struct sockaddr *sa = SA(msg->msg_name);
1449 struct msghdr mymsg;
1453 D({ char addrbuf[ADDRBUFSZ];
1454 fprintf(stderr, "noip(%d): SENDMSG sk=%d, "
1455 "msg_flags=%d, msg_name[%d]=%s, ...",
1456 pid, sk, msg->msg_flags, msg->msg_namelen,
1457 present_sockaddr(sa, msg->msg_namelen,
1458 addrbuf, sizeof(addrbuf))); })
1461 D( fprintf(stderr, " -> null address; leaving"); )
1462 else if (!family_known_p(sa->sa_family))
1463 D( fprintf(stderr, " -> unknown af; pass through"); )
1465 D( fprintf(stderr, " -> checking...\n"); )
1468 do_implicit_bind(sk, &sa, &mymsg.msg_namelen, &sun);
1469 mymsg.msg_name = SA(sa);
1472 D( fprintf(stderr, "noip(%d): SENDMSG ...", pid); )
1474 n = real_sendmsg(sk, msg, flags);
1475 D( dump_sysresult(n); )
1479 ssize_t recvmsg(int sk, struct msghdr *msg, int flags)
1482 struct sockaddr *sa = SA(msg->msg_name);
1483 socklen_t len = msg->msg_namelen;
1487 D( fprintf(stderr, "noip(%d): RECVMSG sk=%d msg_flags=%d, ...",
1488 pid, sk, msg->msg_flags); )
1490 if (!msg->msg_name) {
1491 D( fprintf(stderr, " -> null addr; pass through"); )
1492 return (real_recvmsg(sk, msg, flags));
1495 msg->msg_name = sabuf;
1496 msg->msg_namelen = sizeof(sabuf);
1497 n = real_recvmsg(sk, msg, flags);
1499 D( fprintf(stderr, " -> converting...\n"); )
1500 return_fake_name(SA(sabuf), msg->msg_namelen, sa, &len);
1501 D( fprintf(stderr, "noip(%d): ... RECVMSG", pid); )
1504 msg->msg_namelen = len;
1507 D( dump_addrresult(n, sa, len); )
1511 int accept(int sk, struct sockaddr *sa, socklen_t *len)
1514 socklen_t mylen = sizeof(sabuf);
1518 D( fprintf(stderr, "noip(%d): ACCEPT sk=%d", pid, sk); )
1520 nsk = real_accept(sk, SA(sabuf), &mylen);
1521 if (nsk < 0) /* failed */;
1522 else if (!sa) D( fprintf(stderr, " -> address not wanted"); )
1524 D( fprintf(stderr, " -> converting...\n"); )
1525 return_fake_name(SA(sabuf), mylen, sa, len);
1526 D( fprintf(stderr, "noip(%d): ... ACCEPT", pid); )
1528 D( dump_addrresult(nsk, sa, len ? *len : 0); )
1532 int getsockname(int sk, struct sockaddr *sa, socklen_t *len)
1537 D( fprintf(stderr, "noip(%d): GETSOCKNAME sk=%d", pid, sk); )
1540 socklen_t mylen = sizeof(sabuf);
1541 rc = real_getsockname(sk, SA(sabuf), &mylen);
1543 D( fprintf(stderr, " -> converting...\n"); )
1544 return_fake_name(SA(sabuf), mylen, sa, len);
1545 D( fprintf(stderr, "noip(%d): ... GETSOCKNAME", pid); )
1548 D( dump_addrresult(rc, sa, *len); )
1552 int getpeername(int sk, struct sockaddr *sa, socklen_t *len)
1557 D( fprintf(stderr, "noip(%d): GETPEERNAME sk=%d", pid, sk); )
1560 socklen_t mylen = sizeof(sabuf);
1561 rc = real_getpeername(sk, SA(sabuf), &mylen);
1563 D( fprintf(stderr, " -> converting...\n"); )
1564 return_fake_name(SA(sabuf), mylen, sa, len);
1565 D( fprintf(stderr, "noip(%d): ... GETPEERNAME", pid); )
1568 D( dump_addrresult(rc, sa, *len); )
1572 int getsockopt(int sk, int lev, int opt, void *p, socklen_t *len)
1582 return (real_getsockopt(sk, lev, opt, p, len));
1585 int setsockopt(int sk, int lev, int opt, const void *p, socklen_t len)
1594 case SO_BINDTODEVICE:
1595 case SO_ATTACH_FILTER:
1596 case SO_DETACH_FILTER:
1599 return (real_setsockopt(sk, lev, opt, p, len));
1602 int ioctl(int fd, unsigned long op, ...)
1610 arg = va_arg(ap, void *);
1614 case SIOCGIFBRDADDR:
1615 case SIOCGIFDSTADDR:
1616 case SIOCGIFNETMASK:
1618 if (fixup_real_ip_socket(fd, AF_INET, &sk)) goto real;
1620 rc = real_ioctl(sk, op, arg);
1621 PRESERVING_ERRNO({ close(sk); });
1625 rc = real_ioctl(fd, op, arg);
1632 /*----- Initialization ----------------------------------------------------*/
1634 /* Clean up the socket directory, deleting stale sockets. */
1635 static void cleanup_sockdir(void)
1640 struct sockaddr_un sun;
1644 if ((dir = opendir(sockdir)) == 0) return;
1645 sun.sun_family = AF_UNIX;
1646 while ((d = readdir(dir)) != 0) {
1647 if (d->d_name[0] == '.') continue;
1648 snprintf(sun.sun_path, sizeof(sun.sun_path),
1649 "%s/%s", sockdir, d->d_name);
1650 if (decode_inet_addr(&addr.sa, 0, &sun, SUN_LEN(&sun)) ||
1651 stat(sun.sun_path, &st) ||
1652 !S_ISSOCK(st.st_mode)) {
1653 D( fprintf(stderr, "noip(%d): ignoring unknown socketdir entry `%s'\n",
1654 pid, sun.sun_path); )
1657 if (unix_socket_status(&sun, 0) == STALE) {
1658 D( fprintf(stderr, "noip(%d): clearing away stale socket %s\n",
1660 unlink(sun.sun_path);
1666 /* Find the addresses attached to local network interfaces, and remember them
1669 static void get_local_ipaddrs(void)
1671 struct ifaddrs *ifa_head, *ifa;
1676 D( fprintf(stderr, "noip(%d): fetching local addresses...\n", pid); )
1677 if (getifaddrs(&ifa_head)) { perror("getifaddrs"); return; }
1678 for (n_local_ipaddrs = 0, ifa = ifa_head;
1679 n_local_ipaddrs < MAX_LOCAL_IPADDRS && ifa;
1680 ifa = ifa->ifa_next) {
1681 if (!ifa->ifa_addr || !family_known_p(ifa->ifa_addr->sa_family))
1683 ipaddr_from_sockaddr(&a, ifa->ifa_addr);
1684 D({ char buf[ADDRBUFSZ];
1685 fprintf(stderr, "noip(%d): local addr %s = %s", pid,
1687 inet_ntop(ifa->ifa_addr->sa_family, &a,
1688 buf, sizeof(buf))); })
1689 for (i = 0; i < n_local_ipaddrs; i++) {
1690 if (ifa->ifa_addr->sa_family == local_ipaddrs[i].af &&
1691 ipaddr_equal_p(local_ipaddrs[i].af, &a, &local_ipaddrs[i].addr)) {
1692 D( fprintf(stderr, " (duplicate)\n"); )
1696 D( fprintf(stderr, "\n"); )
1697 local_ipaddrs[n_local_ipaddrs].af = ifa->ifa_addr->sa_family;
1698 local_ipaddrs[n_local_ipaddrs].addr = a;
1702 freeifaddrs(ifa_head);
1705 /* Print the given message to standard error. Avoids stdio. */
1706 static void printerr(const char *p)
1707 { if (write(STDERR_FILENO, p, strlen(p))) ; }
1709 /* Create the socket directory, being careful about permissions. */
1710 static void create_sockdir(void)
1714 if (lstat(sockdir, &st)) {
1715 if (errno == ENOENT) {
1716 if (mkdir(sockdir, 0700)) {
1717 perror("noip: creating socketdir");
1720 if (!lstat(sockdir, &st))
1723 perror("noip: checking socketdir");
1727 if (!S_ISDIR(st.st_mode)) {
1728 printerr("noip: bad socketdir: not a directory\n");
1731 if (st.st_uid != uid) {
1732 printerr("noip: bad socketdir: not owner\n");
1735 if (st.st_mode & 077) {
1736 printerr("noip: bad socketdir: not private\n");
1741 /* Initialization function. */
1742 static void setup(void) __attribute__((constructor));
1743 static void setup(void)
1750 if ((p = getenv("NOIP_DEBUG")) && atoi(p))
1752 get_local_ipaddrs();
1759 /*----- That's all, folks -------------------------------------------------*/
~mdw / preload-hacks / blob