~mdw / secnet / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Import release 0.1.2
[secnet] / slip.c
1 /* When dealing with SLIP (to a pty, or ipif) we have separate rx, tx
2 and client buffers. When receiving we may read() any amount, not
3 just whole packets. When transmitting we need to bytestuff anyway,
4 and may be part-way through receiving. */
5
6 #include "secnet.h"
7 #include "util.h"
8 #include "netlink.h"
9 #include <stdio.h>
10 #include <string.h>
11 #include <unistd.h>
12
13 #define SLIP_END 192
14 #define SLIP_ESC 219
15 #define SLIP_ESCEND 220
16 #define SLIP_ESCESC 221
17
18 /* Connection to the kernel through userv-ipif */
19
20 struct userv {
21 struct netlink nl;
22 int txfd; /* We transmit to userv */
23 int rxfd; /* We receive from userv */
24 string_t userv_path;
25 string_t service_user;
26 string_t service_name;
27 uint32_t txbuflen;
28 struct buffer_if *buff; /* We unstuff received packets into here
29 and send them to the site code. */
30 bool_t pending_esc;
31 netlink_deliver_fn *netlink_to_tunnel;
32 };
33
34 static int userv_beforepoll(void *sst, struct pollfd *fds, int *nfds_io,
35 int *timeout_io, const struct timeval *tv_now,
36 uint64_t *now)
37 {
38 struct userv *st=sst;
39 *nfds_io=2;
40 fds[0].fd=st->txfd;
41 fds[0].events=POLLERR; /* Might want to pick up POLLOUT sometime */
42 fds[1].fd=st->rxfd;
43 fds[1].events=POLLIN|POLLERR|POLLHUP;
44 return 0;
45 }
46
47 static void userv_afterpoll(void *sst, struct pollfd *fds, int nfds,
48 const struct timeval *tv_now, uint64_t *now)
49 {
50 struct userv *st=sst;
51 uint8_t rxbuf[DEFAULT_BUFSIZE];
52 int l,i;
53
54 if (fds[1].revents&POLLERR) {
55 Message(M_ERROR,"%s: userv_afterpoll: hup!\n",st->nl.name);
56 }
57 if (fds[1].revents&POLLIN) {
58 l=read(st->rxfd,rxbuf,DEFAULT_BUFSIZE);
59 if (l<0) {
60 fatal_perror("%s: userv_afterpoll: read(rxfd)",st->nl.name);
61 }
62 if (l==0) {
63 fatal("%s: userv_afterpoll: read(rxfd)=0; userv gone away?\n",
64 st->nl.name);
65 }
66 /* XXX really crude unstuff code */
67 /* XXX check for buffer overflow */
68 BUF_ASSERT_USED(st->buff);
69 for (i=0; i<l; i++) {
70 if (st->pending_esc) {
71 st->pending_esc=False;
72 switch(rxbuf[i]) {
73 case SLIP_ESCEND:
74 *(uint8_t *)buf_append(st->buff,1)=SLIP_END;
75 break;
76 case SLIP_ESCESC:
77 *(uint8_t *)buf_append(st->buff,1)=SLIP_ESC;
78 break;
79 default:
80 fatal("userv_afterpoll: bad SLIP escape character\n");
81 }
82 } else {
83 switch (rxbuf[i]) {
84 case SLIP_END:
85 if (st->buff->size>0) {
86 st->netlink_to_tunnel(&st->nl,NULL,
87 st->buff);
88 BUF_ALLOC(st->buff,"userv_afterpoll");
89 }
90 buffer_init(st->buff,st->nl.max_start_pad);
91 break;
92 case SLIP_ESC:
93 st->pending_esc=True;
94 break;
95 default:
96 *(uint8_t *)buf_append(st->buff,1)=rxbuf[i];
97 break;
98 }
99 }
100 }
101 }
102 }
103
104 /* Send buf to the kernel. Free buf before returning. */
105 static void userv_deliver_to_kernel(void *sst, void *cid,
106 struct buffer_if *buf)
107 {
108 struct userv *st=sst;
109 uint8_t txbuf[DEFAULT_BUFSIZE];
110 uint8_t *i;
111 uint32_t j;
112
113 BUF_ASSERT_USED(buf);
114
115 /* Spit the packet at userv-ipif: SLIP start marker, then
116 bytestuff the packet, then SLIP end marker */
117 /* XXX crunchy bytestuff code */
118 j=0;
119 txbuf[j++]=SLIP_END;
120 for (i=buf->start; i<(buf->start+buf->size); i++) {
121 switch (*i) {
122 case SLIP_END:
123 txbuf[j++]=SLIP_ESC;
124 txbuf[j++]=SLIP_ESCEND;
125 break;
126 case SLIP_ESC:
127 txbuf[j++]=SLIP_ESC;
128 txbuf[j++]=SLIP_ESCESC;
129 break;
130 default:
131 txbuf[j++]=*i;
132 break;
133 }
134 }
135 txbuf[j++]=SLIP_END;
136 if (write(st->txfd,txbuf,j)<0) {
137 fatal_perror("userv_deliver_to_kernel: write()");
138 }
139 BUF_FREE(buf);
140 }
141
142 static void userv_phase_hook(void *sst, uint32_t newphase)
143 {
144 struct userv *st=sst;
145 pid_t child;
146 int c_stdin[2];
147 int c_stdout[2];
148 string_t addrs;
149 string_t nets;
150 string_t s;
151 struct netlink_route *r;
152 int i;
153
154 /* This is where we actually invoke userv - all the networks we'll
155 be using should already have been registered. */
156
157 addrs=safe_malloc(512,"userv_phase_hook:addrs");
158 snprintf(addrs,512,"%s,%s,%d,slip",ipaddr_to_string(st->nl.local_address),
159 ipaddr_to_string(st->nl.secnet_address),st->nl.mtu);
160
161 nets=safe_malloc(1024,"userv_phase_hook:nets");
162 *nets=0;
163 r=st->nl.routes;
164 for (i=0; i<st->nl.n_routes; i++) {
165 if (r[i].up) {
166 r[i].kup=True;
167 s=subnet_to_string(&r[i].net);
168 strcat(nets,s);
169 strcat(nets,",");
170 free(s);
171 }
172 }
173 nets[strlen(nets)-1]=0;
174
175 Message(M_INFO,"%s: about to invoke: %s %s %s %s %s\n",st->nl.name,
176 st->userv_path,st->service_user,st->service_name,addrs,nets);
177
178 /* Allocate buffer, plus space for padding. Make sure we end up
179 with the start of the packet well-aligned. */
180 /* ALIGN(st->max_start_pad,16); */
181 /* ALIGN(st->max_end_pad,16); */
182
183 st->pending_esc=False;
184
185 /* Invoke userv */
186 if (pipe(c_stdin)!=0) {
187 fatal_perror("userv_phase_hook: pipe(c_stdin)");
188 }
189 if (pipe(c_stdout)!=0) {
190 fatal_perror("userv_phase_hook: pipe(c_stdout)");
191 }
192 st->txfd=c_stdin[1];
193 st->rxfd=c_stdout[0];
194
195 child=fork();
196 if (child==-1) {
197 fatal_perror("userv_phase_hook: fork()");
198 }
199 if (child==0) {
200 char **argv;
201
202 /* We are the child. Modify our stdin and stdout, then exec userv */
203 dup2(c_stdin[0],0);
204 dup2(c_stdout[1],1);
205 close(c_stdin[1]);
206 close(c_stdout[0]);
207
208 /* The arguments are:
209 userv
210 service-user
211 service-name
212 local-addr,secnet-addr,mtu,protocol
213 route1,route2,... */
214 argv=malloc(sizeof(*argv)*6);
215 argv[0]=st->userv_path;
216 argv[1]=st->service_user;
217 argv[2]=st->service_name;
218 argv[3]=addrs;
219 argv[4]=nets;
220 argv[5]=NULL;
221 execvp(st->userv_path,argv);
222 perror("netlink-userv-ipif: execvp");
223
224 exit(1);
225 }
226 /* We are the parent... */
227
228 /* Register for poll() */
229 register_for_poll(st, userv_beforepoll, userv_afterpoll, 2, st->nl.name);
230 }
231
232 static list_t *userv_apply(closure_t *self, struct cloc loc, dict_t *context,
233 list_t *args)
234 {
235 struct userv *st;
236 item_t *item;
237 dict_t *dict;
238
239 st=safe_malloc(sizeof(*st),"userv_apply");
240
241 /* First parameter must be a dict */
242 item=list_elem(args,0);
243 if (!item || item->type!=t_dict)
244 cfgfatal(loc,"userv-ipif","parameter must be a dictionary\n");
245
246 dict=item->data.dict;
247
248 st->netlink_to_tunnel=
249 netlink_init(&st->nl,st,loc,dict,
250 "netlink-userv-ipif",NULL,userv_deliver_to_kernel);
251
252 st->userv_path=dict_read_string(dict,"userv-path",False,"userv-netlink",
253 loc);
254 st->service_user=dict_read_string(dict,"service-user",False,
255 "userv-netlink",loc);
256 st->service_name=dict_read_string(dict,"service-name",False,
257 "userv-netlink",loc);
258 if (!st->userv_path) st->userv_path="userv";
259 if (!st->service_user) st->service_user="root";
260 if (!st->service_name) st->service_name="ipif";
261 st->buff=find_cl_if(dict,"buffer",CL_BUFFER,True,"userv-netlink",loc);
262 BUF_ALLOC(st->buff,"netlink:userv_apply");
263
264 st->rxfd=-1; st->txfd=-1;
265 add_hook(PHASE_DROPPRIV,userv_phase_hook,st);
266
267 return new_closure(&st->nl.cl);
268 }
269
270 init_module slip_module;
271 void slip_module(dict_t *dict)
272 {
273 add_closure(dict,"userv-ipif",userv_apply);
274 #if 0
275 /* TODO */
276 add_closure(dict,"pty-slip",ptyslip_apply);
277 add_closure(dict,"slipd",slipd_apply);
278 #endif /* 0 */
279 }
Secnet virtual private network: clone of http://www.chiark.greenend.org.uk/ucgi/~ian/git/secnet.git/