Commit | Line | Data |
---|---|---|
9d3a4132 SE |
1 | /* When dealing with SLIP (to a pty, or ipif) we have separate rx, tx |
2 | and client buffers. When receiving we may read() any amount, not | |
3 | just whole packets. When transmitting we need to bytestuff anyway, | |
4 | and may be part-way through receiving. */ | |
5 | ||
6 | #include "secnet.h" | |
7 | #include "util.h" | |
8 | #include "netlink.h" | |
9 | #include <stdio.h> | |
10 | #include <string.h> | |
11 | #include <unistd.h> | |
12 | ||
13 | #define SLIP_END 192 | |
14 | #define SLIP_ESC 219 | |
15 | #define SLIP_ESCEND 220 | |
16 | #define SLIP_ESCESC 221 | |
17 | ||
18 | /* Connection to the kernel through userv-ipif */ | |
19 | ||
20 | struct userv { | |
21 | struct netlink nl; | |
22 | int txfd; /* We transmit to userv */ | |
23 | int rxfd; /* We receive from userv */ | |
24 | string_t userv_path; | |
25 | string_t service_user; | |
26 | string_t service_name; | |
27 | uint32_t txbuflen; | |
28 | struct buffer_if *buff; /* We unstuff received packets into here | |
29 | and send them to the site code. */ | |
30 | bool_t pending_esc; | |
31 | netlink_deliver_fn *netlink_to_tunnel; | |
b2a56f7c | 32 | uint32_t local_address; /* host interface address */ |
9d3a4132 SE |
33 | }; |
34 | ||
35 | static int userv_beforepoll(void *sst, struct pollfd *fds, int *nfds_io, | |
36 | int *timeout_io, const struct timeval *tv_now, | |
37 | uint64_t *now) | |
38 | { | |
39 | struct userv *st=sst; | |
40 | *nfds_io=2; | |
41 | fds[0].fd=st->txfd; | |
42 | fds[0].events=POLLERR; /* Might want to pick up POLLOUT sometime */ | |
43 | fds[1].fd=st->rxfd; | |
44 | fds[1].events=POLLIN|POLLERR|POLLHUP; | |
45 | return 0; | |
46 | } | |
47 | ||
48 | static void userv_afterpoll(void *sst, struct pollfd *fds, int nfds, | |
49 | const struct timeval *tv_now, uint64_t *now) | |
50 | { | |
51 | struct userv *st=sst; | |
52 | uint8_t rxbuf[DEFAULT_BUFSIZE]; | |
53 | int l,i; | |
54 | ||
55 | if (fds[1].revents&POLLERR) { | |
56 | Message(M_ERROR,"%s: userv_afterpoll: hup!\n",st->nl.name); | |
57 | } | |
58 | if (fds[1].revents&POLLIN) { | |
59 | l=read(st->rxfd,rxbuf,DEFAULT_BUFSIZE); | |
60 | if (l<0) { | |
61 | fatal_perror("%s: userv_afterpoll: read(rxfd)",st->nl.name); | |
62 | } | |
63 | if (l==0) { | |
64 | fatal("%s: userv_afterpoll: read(rxfd)=0; userv gone away?\n", | |
65 | st->nl.name); | |
66 | } | |
67 | /* XXX really crude unstuff code */ | |
68 | /* XXX check for buffer overflow */ | |
69 | BUF_ASSERT_USED(st->buff); | |
70 | for (i=0; i<l; i++) { | |
71 | if (st->pending_esc) { | |
72 | st->pending_esc=False; | |
73 | switch(rxbuf[i]) { | |
74 | case SLIP_ESCEND: | |
75 | *(uint8_t *)buf_append(st->buff,1)=SLIP_END; | |
76 | break; | |
77 | case SLIP_ESCESC: | |
78 | *(uint8_t *)buf_append(st->buff,1)=SLIP_ESC; | |
79 | break; | |
80 | default: | |
81 | fatal("userv_afterpoll: bad SLIP escape character\n"); | |
82 | } | |
83 | } else { | |
84 | switch (rxbuf[i]) { | |
85 | case SLIP_END: | |
86 | if (st->buff->size>0) { | |
87 | st->netlink_to_tunnel(&st->nl,NULL, | |
88 | st->buff); | |
89 | BUF_ALLOC(st->buff,"userv_afterpoll"); | |
90 | } | |
91 | buffer_init(st->buff,st->nl.max_start_pad); | |
92 | break; | |
93 | case SLIP_ESC: | |
94 | st->pending_esc=True; | |
95 | break; | |
96 | default: | |
97 | *(uint8_t *)buf_append(st->buff,1)=rxbuf[i]; | |
98 | break; | |
99 | } | |
100 | } | |
101 | } | |
102 | } | |
103 | } | |
104 | ||
105 | /* Send buf to the kernel. Free buf before returning. */ | |
106 | static void userv_deliver_to_kernel(void *sst, void *cid, | |
107 | struct buffer_if *buf) | |
108 | { | |
109 | struct userv *st=sst; | |
110 | uint8_t txbuf[DEFAULT_BUFSIZE]; | |
111 | uint8_t *i; | |
112 | uint32_t j; | |
113 | ||
114 | BUF_ASSERT_USED(buf); | |
115 | ||
116 | /* Spit the packet at userv-ipif: SLIP start marker, then | |
117 | bytestuff the packet, then SLIP end marker */ | |
118 | /* XXX crunchy bytestuff code */ | |
119 | j=0; | |
120 | txbuf[j++]=SLIP_END; | |
121 | for (i=buf->start; i<(buf->start+buf->size); i++) { | |
122 | switch (*i) { | |
123 | case SLIP_END: | |
124 | txbuf[j++]=SLIP_ESC; | |
125 | txbuf[j++]=SLIP_ESCEND; | |
126 | break; | |
127 | case SLIP_ESC: | |
128 | txbuf[j++]=SLIP_ESC; | |
129 | txbuf[j++]=SLIP_ESCESC; | |
130 | break; | |
131 | default: | |
132 | txbuf[j++]=*i; | |
133 | break; | |
134 | } | |
135 | } | |
136 | txbuf[j++]=SLIP_END; | |
137 | if (write(st->txfd,txbuf,j)<0) { | |
138 | fatal_perror("userv_deliver_to_kernel: write()"); | |
139 | } | |
140 | BUF_FREE(buf); | |
141 | } | |
142 | ||
143 | static void userv_phase_hook(void *sst, uint32_t newphase) | |
144 | { | |
145 | struct userv *st=sst; | |
146 | pid_t child; | |
147 | int c_stdin[2]; | |
148 | int c_stdout[2]; | |
149 | string_t addrs; | |
150 | string_t nets; | |
151 | string_t s; | |
152 | struct netlink_route *r; | |
153 | int i; | |
154 | ||
155 | /* This is where we actually invoke userv - all the networks we'll | |
156 | be using should already have been registered. */ | |
157 | ||
158 | addrs=safe_malloc(512,"userv_phase_hook:addrs"); | |
b2a56f7c | 159 | snprintf(addrs,512,"%s,%s,%d,slip",ipaddr_to_string(st->local_address), |
9d3a4132 SE |
160 | ipaddr_to_string(st->nl.secnet_address),st->nl.mtu); |
161 | ||
162 | nets=safe_malloc(1024,"userv_phase_hook:nets"); | |
163 | *nets=0; | |
164 | r=st->nl.routes; | |
165 | for (i=0; i<st->nl.n_routes; i++) { | |
166 | if (r[i].up) { | |
167 | r[i].kup=True; | |
168 | s=subnet_to_string(&r[i].net); | |
169 | strcat(nets,s); | |
170 | strcat(nets,","); | |
171 | free(s); | |
172 | } | |
173 | } | |
174 | nets[strlen(nets)-1]=0; | |
175 | ||
176 | Message(M_INFO,"%s: about to invoke: %s %s %s %s %s\n",st->nl.name, | |
177 | st->userv_path,st->service_user,st->service_name,addrs,nets); | |
178 | ||
179 | /* Allocate buffer, plus space for padding. Make sure we end up | |
180 | with the start of the packet well-aligned. */ | |
181 | /* ALIGN(st->max_start_pad,16); */ | |
182 | /* ALIGN(st->max_end_pad,16); */ | |
183 | ||
184 | st->pending_esc=False; | |
185 | ||
186 | /* Invoke userv */ | |
187 | if (pipe(c_stdin)!=0) { | |
188 | fatal_perror("userv_phase_hook: pipe(c_stdin)"); | |
189 | } | |
190 | if (pipe(c_stdout)!=0) { | |
191 | fatal_perror("userv_phase_hook: pipe(c_stdout)"); | |
192 | } | |
193 | st->txfd=c_stdin[1]; | |
194 | st->rxfd=c_stdout[0]; | |
195 | ||
196 | child=fork(); | |
197 | if (child==-1) { | |
198 | fatal_perror("userv_phase_hook: fork()"); | |
199 | } | |
200 | if (child==0) { | |
201 | char **argv; | |
202 | ||
203 | /* We are the child. Modify our stdin and stdout, then exec userv */ | |
204 | dup2(c_stdin[0],0); | |
205 | dup2(c_stdout[1],1); | |
206 | close(c_stdin[1]); | |
207 | close(c_stdout[0]); | |
208 | ||
209 | /* The arguments are: | |
210 | userv | |
211 | service-user | |
212 | service-name | |
213 | local-addr,secnet-addr,mtu,protocol | |
214 | route1,route2,... */ | |
215 | argv=malloc(sizeof(*argv)*6); | |
216 | argv[0]=st->userv_path; | |
217 | argv[1]=st->service_user; | |
218 | argv[2]=st->service_name; | |
219 | argv[3]=addrs; | |
220 | argv[4]=nets; | |
221 | argv[5]=NULL; | |
222 | execvp(st->userv_path,argv); | |
223 | perror("netlink-userv-ipif: execvp"); | |
224 | ||
225 | exit(1); | |
226 | } | |
227 | /* We are the parent... */ | |
228 | ||
229 | /* Register for poll() */ | |
230 | register_for_poll(st, userv_beforepoll, userv_afterpoll, 2, st->nl.name); | |
231 | } | |
232 | ||
233 | static list_t *userv_apply(closure_t *self, struct cloc loc, dict_t *context, | |
234 | list_t *args) | |
235 | { | |
236 | struct userv *st; | |
237 | item_t *item; | |
238 | dict_t *dict; | |
239 | ||
240 | st=safe_malloc(sizeof(*st),"userv_apply"); | |
241 | ||
242 | /* First parameter must be a dict */ | |
243 | item=list_elem(args,0); | |
244 | if (!item || item->type!=t_dict) | |
245 | cfgfatal(loc,"userv-ipif","parameter must be a dictionary\n"); | |
246 | ||
247 | dict=item->data.dict; | |
248 | ||
249 | st->netlink_to_tunnel= | |
250 | netlink_init(&st->nl,st,loc,dict, | |
251 | "netlink-userv-ipif",NULL,userv_deliver_to_kernel); | |
252 | ||
253 | st->userv_path=dict_read_string(dict,"userv-path",False,"userv-netlink", | |
254 | loc); | |
255 | st->service_user=dict_read_string(dict,"service-user",False, | |
256 | "userv-netlink",loc); | |
257 | st->service_name=dict_read_string(dict,"service-name",False, | |
258 | "userv-netlink",loc); | |
259 | if (!st->userv_path) st->userv_path="userv"; | |
260 | if (!st->service_user) st->service_user="root"; | |
261 | if (!st->service_name) st->service_name="ipif"; | |
262 | st->buff=find_cl_if(dict,"buffer",CL_BUFFER,True,"userv-netlink",loc); | |
b2a56f7c SE |
263 | st->local_address=string_to_ipaddr( |
264 | dict_find_item(dict,"local-address", True, "netlink", loc),"netlink"); | |
9d3a4132 SE |
265 | BUF_ALLOC(st->buff,"netlink:userv_apply"); |
266 | ||
267 | st->rxfd=-1; st->txfd=-1; | |
268 | add_hook(PHASE_DROPPRIV,userv_phase_hook,st); | |
269 | ||
270 | return new_closure(&st->nl.cl); | |
271 | } | |
272 | ||
273 | init_module slip_module; | |
274 | void slip_module(dict_t *dict) | |
275 | { | |
276 | add_closure(dict,"userv-ipif",userv_apply); | |
277 | #if 0 | |
278 | /* TODO */ | |
279 | add_closure(dict,"pty-slip",ptyslip_apply); | |
280 | add_closure(dict,"slipd",slipd_apply); | |
281 | #endif /* 0 */ | |
282 | } |