[userv-utils] / ipif / udptunnel

#!/usr/bin/perl
# Simple tunnel for userv-ipif tunnels.
#
# usage:
#  udptunnel
#        [ -l[<local-command/arg>] ... .
#          -e<encryption-mech>[/<encryption-parameter>...]
#          ...
#        ]
#            <public-local-addr>,<public-local-port>
#            <public-remote-addr>,<public-remote-port>
#            <private-local-addr>,<private-remote-addr>,<mtu>,<proto>
#            <keepalive>,<timeout>
#            <extra-local-nets> <extra-remote-nets>
#          [ <remote-command> [<remote-args> ...] ]
#
#
# <..-addr> may also be hostname
#
# <local-public-port> may be number or `print' or `silent'
#
# <remote-public-port> may number or `command', in which case
# <remote-command> must be specified and should run udptunnel at the
# remote end; it will be invoked as
#    <remote-command> <public-remote-addr>,print
#                     <public-local-addr>,<public-local-port>
#                     <private-remote-addr>,<private-local-addr>,<mtu>,<proto>
#                     <keepalive>,<timeout>
#                     <extra-remote-nets> <extra-local-nets>
#
# udptunnel will userv ipif locally, as
#    userv root ipif <private-local-addr>,<private-remote-addr>,<mtu>,<proto>
#                    <extra-local-nets>
# or, if -l was given, userv root ipif is replaced with the argument(s) to
# successive -l options.

# Copyright (C) 1999 Ian Jackson
#
# This is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with userv-utils; if not, write to the Free Software
# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# $Id$

use Socket;
use POSIX;
use Fcntl;

$progname= $0; $progname =~ s,.*/,,;
$|=1;

chomp($hostname= `uname -n`);
$? and die "$progname: cannot get hostname (uname failed with code $?)\n";

sub quit ($) { die "$progname - $hostname: fatal error: $_[0]\n"; }
sub debug ($) { print "$progname - $hostname: debug: $_[0]\n"; }
sub fail ($) { quit("unexpected system call failure: $_[0]: $!\n"); }
sub warning ($) { warn "$progname - $hostname: $_[0]\n"; }

sub eat_addr_port ($) {
    my ($x) = @_;
    @ARGV or quit("<addr>,<port> missing");
    $_= shift(@ARGV);
    $_ =~ m/^([^,]+)\,(\d+|$x)$/ or quit("$_: <host/addr>,<port> bad syntax");
    return ($1,$2);
}
sub conv_host_addr ($) {
    my ($s,$r) = @_;
    defined($r= inet_aton($s)) or quit("$s: cannot convert to address");
    return $r;
}
sub conv_port_number ($) {
    my ($s,$r) = @_;
    if ($s =~ m/\d/) {
	$r= $s+0;
	$r>0 && $r<65536 or quit("$s: port out of range");
    } else {
	$r= 0;
    }
    return $r;
}
sub show_addr_port ($) {
    my ($s,@s) = @_;
    @s= unpack_sockaddr_in($s);
    return inet_ntoa($s[1]).','.$s[0];
}

@lcmd= ();

while ($ARGV[0] =~ m/^-/) {
    $_= shift @ARGV;
    last if $_ eq '--';
    if (s/^-l//) {
	push @lcmd,$_ if length;
	while (@ARGV && ($_= shift @ARGV) ne '.') { push @lcmd, $_; }
    } else {
	quit("unknown option \`$_'");
    }
}

($las,$lps)= eat_addr_port('print|silent');
$la= conv_host_addr($las);
$lp= conv_port_number($lps);
$ls= pack_sockaddr_in $lp,$la;

($ras,$rps)= eat_addr_port('command');
$rp= conv_port_number($rps);
$ra= $rps eq 'command' ? '' : conv_host_addr($ras);

$_= shift @ARGV;
m/^([.0-9]+),([.0-9]+),(\d+),(slip|cslip)$/
    or quit("lvaddr,rvaddr,mtu,proto missing or bad syntax or proto not [c]slip");
($lva,$rva,$mtu,$proto) = ($1,$2,$3,$4);

$_= shift @ARGV;
m/^(\d+),(\d+)$/ or quit("keepalive,timeout missing or bad syntax");
($keepalive,$timeout)= ($1,$2);
$keepalive && ($timeout > $keepalive*2) or quit("timeout must be < 2*keepalive")
    if $timeout;

$lepn= shift @ARGV;
$repn= shift @ARGV;

alarm($timeout);

defined($udp= getprotobyname('udp')) or fail("getprotobyname udp");

socket(L,PF_INET,SOCK_DGRAM,$udp) or fail("socket");
bind(L,$ls) or quit("bind failed: $!");
defined($ls= getsockname(L)) or fail("getsockname");
$lsp= show_addr_port($ls);

if ($rps eq 'command') {
    quit("when using ,command for remote, must supply command") unless @ARGV;
    @rcmd= (@ARGV, "$ras,print", "$lsp", "$rva,$lva,$mtu,$proto",
	    "$keepalive,$timeout", $repn, $lepn);
    debug("remote command @rcmd");
    defined($c= open C,"-|") or fail("fork for remote");
    if (!$c) {
	exec @rcmd; die "$progname: error: failed to execute $rcmd[0]: $!\n";
    }
    $_= <C>;
    if (!length) {
	close C;
	quit($? ? "remote command failed (code $?)" : "no details received from remote");
    }
    chomp;
    m/^([.0-9]+)\,(\d+)$/ or quit("invalid details from remote end ($_)");
    ($ras,$rps) = ($1,$2);
    $ra= conv_host_addr($ras);
    $rp= conv_port_number($rps);
    defined($c2= fork) or fail("fork for cat");
    if (!$c2) {
	open(STDIN,"<&C") or fail("redirect remote pipe to stdin");
	close C;
	exec "cat"; fail("execute cat");
    }
} else {
    quit("when not using ,command for remote, must not supply command") if @ARGV;
}

$rs= pack_sockaddr_in $rp,$ra;
$rsp= show_addr_port($rs);

if ($lps eq 'print') { print($lsp,"\n") or quit("write port to stdout: $!"); }

@lcmd= qw(userv root ipif) unless @lcmd;

debug("using remote $rsp local $lsp");
push @lcmd, ("$lva,$rva,$mtu,$proto",$lepn);
debug("local command @lcmd");

pipe(UR,UW) or fail("up pipe");
pipe(DR,DW) or fail("down pipe");

defined($c3= fork) or fail("fork for ipif");
if (!$c3) {
    close UR; close DW;
    open(STDIN,"<&DR") or fail("reopen stdin for packets");
    open(STDOUT,">&UW") or fail("reopen stdout for packets");
    exec @lcmd;
    quit("cannot execute $lcmd[0]: $!");
}
close UW;
close DR;

$upyet= 0;
$downyet= 0;

$wantreadfds='';
vec($wantreadfds,fileno(UR),1)= 1;
vec($wantreadfds,fileno(L),1)= 1;

sub nonblock ($) {
    my ($fh,$fl) = @_;
    ($fl= fcntl($fh,F_GETFL,0)) or fail("nonblock F_GETFL");
    $fl |= O_NONBLOCK;
    fcntl($fh, F_SETFL, $fl) or fail("nonblock F_SETFL");
}

nonblock('UR');
nonblock('L');

$upbuf= '';

sub now () { my ($v); defined($v= time) or fail("get time"); return $v; }
if ($keepalive) { $nextsendka= now(); }

for (;;) {
    if ($keepalive) {
	$now= now();
	$thistimeout= $nextsendka-$now;
	if ($thistimeout < 0) {
	    defined(send L,"\300",0,$rs)
		or warning("transmit keepalive error: $!");
	    $nextsendka= $now+$keepalive;
	    $thistimeout= $keepalive;
	}
    } else {
	$thistimeout= undef;
    }
    select($readfds=$wantreadfds,'','',$thistimeout);
    for (;;) {
	if (!defined($r= sysread(UR,$upbuf,$mtu*2+3,length($upbuf)))) {
	    $! == EAGAIN || warning("tunnel endpoint read error: $!");
	    last;
	}
	if (!$r) {
	    quit "tunnel endpoint closed by system";
	}
	while (($p= index($upbuf,"\300")) >= 0) {
	    if ($p && !defined(send L,substr($upbuf,0,$p),0,$rs)) {
		warning("transmit error: $!");
	    } else {
		if (!$upyet) {
		    $upyet= 1;
		    debug($downyet ? "tunnel open at this end" : "transmitting");
		}
		if ($keepalive) { $nextsendka= now()+$keepalive; }
	    }
	    $upbuf= substr($upbuf,$p+1);
	}
    }
    while (defined($rs_from= recv L,$downbuf,$mtu*2+3,0)) {
	$rsp_from= show_addr_port($rs_from);
	if ($rsp_from ne $rsp) {
	    warning("got packet from incorrect peer $rsp_from");
	    next;
	}
	$downbuf= "\300".$downbuf."\300";
	if (!defined($r= syswrite(DW,$downbuf,length $downbuf))) {
	    warning("tunnel endpoint write error: $!");
	} elsif ($r != length $downbuf) {
	    warning("tunnel endpoint wrong write length");
	} else {
	    if (!$downyet) {
		$downyet= 1;
		debug($upyet ? "tunnel open at this end" : "receiving");
	    }
	    alarm($timeout) if $timeout;
	}
    }
    if ($! == ECONNREFUSED) { quit("tunnel closed at remote end"); }
    $! == EAGAIN || warning("receive error: $!");
}
Commit	Line	Data
46ab1c83	1	#!/usr/bin/perl
	2	# Simple tunnel for userv-ipif tunnels.
	3	#
	4	# usage:
	5	# udptunnel
1fb3cba0	6	# [ -l[<local-command/arg>] ... .
	7	# -e<encryption-mech>[/<encryption-parameter>...]
	8	# ...
	9	# ]
	10	# <public-local-addr>,<public-local-port>
	11	# <public-remote-addr>,<public-remote-port>
46ab1c83	12	# <private-local-addr>,<private-remote-addr>,<mtu>,<proto>
	13	# <keepalive>,<timeout>
	14	# <extra-local-nets> <extra-remote-nets>
	15	# [ <remote-command> [<remote-args> ...] ]
	16	#
1fb3cba0	17	#
	18	# <..-addr> may also be hostname
	19	#
46ab1c83	20	# <local-public-port> may be number or `print' or `silent'
	21	#
	22	# <remote-public-port> may number or `command', in which case
	23	# <remote-command> must be specified and should run udptunnel at the
	24	# remote end; it will be invoked as
1fb3cba0	25	# <remote-command> <public-remote-addr>,print
46ab1c83	26	# <public-local-addr>,<public-local-port>
46ab1c83	27	# <private-remote-addr>,<private-local-addr>,<mtu>,<proto>
217afbe6	28	# <keepalive>,<timeout>
217afbe6	29	# <extra-remote-nets> <extra-local-nets>
46ab1c83	30	#
46ab1c83	31	# udptunnel will userv ipif locally, as
217afbe6	32	# userv root ipif <private-local-addr>,<private-remote-addr>,<mtu>,<proto>
217afbe6	33	# <extra-local-nets>
049f3484	34	# or, if -l was given, userv root ipif is replaced with the argument(s) to
049f3484	35	# successive -l options.
46ab1c83	36
caa68336	37	# Copyright (C) 1999 Ian Jackson
	38	#
	39	# This is free software; you can redistribute it and/or modify it
	40	# under the terms of the GNU General Public License as published by
	41	# the Free Software Foundation; either version 2 of the License, or
	42	# (at your option) any later version.
	43	#
	44	# This program is distributed in the hope that it will be useful, but
	45	# WITHOUT ANY WARRANTY; without even the implied warranty of
	46	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	47	# General Public License for more details.
	48	#
	49	# You should have received a copy of the GNU General Public License
	50	# along with userv-utils; if not, write to the Free Software
	51	# Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	52	#
	53	# $Id$
	54
46ab1c83	55	use Socket;
	56	use POSIX;
	57	use Fcntl;
	58
	59	$progname= $0; $progname =~ s,.*/,,;
	60	$\|=1;
	61
	62	chomp($hostname= `uname -n`);
	63	$? and die "$progname: cannot get hostname (uname failed with code $?)\n";
	64
	65	sub quit ($) { die "$progname - $hostname: fatal error: $_[0]\n"; }
	66	sub debug ($) { print "$progname - $hostname: debug: $_[0]\n"; }
	67	sub fail ($) { quit("unexpected system call failure: $_[0]: $!\n"); }
	68	sub warning ($) { warn "$progname - $hostname: $_[0]\n"; }
	69
	70	sub eat_addr_port ($) {
	71	my ($x) = @_;
1fb3cba0	72	@ARGV or quit("<addr>,<port> missing");
46ab1c83	73	$_= shift(@ARGV);
	74	$_ =~ m/^([^,]+)\,(\d+\|$x)$/ or quit("$_: <host/addr>,<port> bad syntax");
	75	return ($1,$2);
	76	}
	77	sub conv_host_addr ($) {
	78	my ($s,$r) = @_;
	79	defined($r= inet_aton($s)) or quit("$s: cannot convert to address");
	80	return $r;
	81	}
217afbe6	82	sub conv_port_number ($) {
46ab1c83	83	my ($s,$r) = @_;
	84	if ($s =~ m/\d/) {
	85	$r= $s+0;
	86	$r>0 && $r<65536 or quit("$s: port out of range");
	87	} else {
	88	$r= 0;
	89	}
	90	return $r;
	91	}
	92	sub show_addr_port ($) {
	93	my ($s,@s) = @_;
	94	@s= unpack_sockaddr_in($s);
	95	return inet_ntoa($s[1]).','.$s[0];
	96	}
	97
abe75cda	98	@lcmd= ();
	99
	100	while ($ARGV[0] =~ m/^-/) {
	101	$_= shift @ARGV;
	102	last if $_ eq '--';
	103	if (s/^-l//) {
	104	push @lcmd,$_ if length;
1fb3cba0	105	while (@ARGV && ($_= shift @ARGV) ne '.') { push @lcmd, $_; }
abe75cda	106	} else {
	107	quit("unknown option \`$_'");
	108	}
	109	}
	110
46ab1c83	111	($las,$lps)= eat_addr_port('print\|silent');
	112	$la= conv_host_addr($las);
	113	$lp= conv_port_number($lps);
	114	$ls= pack_sockaddr_in $lp,$la;
	115
	116	($ras,$rps)= eat_addr_port('command');
	117	$rp= conv_port_number($rps);
	118	$ra= $rps eq 'command' ? '' : conv_host_addr($ras);
	119
	120	$_= shift @ARGV;
	121	m/^([.0-9]+),([.0-9]+),(\d+),(slip\|cslip)$/
	122	or quit("lvaddr,rvaddr,mtu,proto missing or bad syntax or proto not [c]slip");
217afbe6	123	($lva,$rva,$mtu,$proto) = ($1,$2,$3,$4);
46ab1c83	124
46ab1c83	125	$_= shift @ARGV;
217afbe6	126	m/^(\d+),(\d+)$/ or quit("keepalive,timeout missing or bad syntax");
217afbe6	127	($keepalive,$timeout)= ($1,$2);
46ab1c83	128	$keepalive && ($timeout > $keepalive2) or quit("timeout must be < 2keepalive")
	129	if $timeout;
	130
	131	$lepn= shift @ARGV;
	132	$repn= shift @ARGV;
	133
	134	alarm($timeout);
	135
	136	defined($udp= getprotobyname('udp')) or fail("getprotobyname udp");
	137
	138	socket(L,PF_INET,SOCK_DGRAM,$udp) or fail("socket");
	139	bind(L,$ls) or quit("bind failed: $!");
	140	defined($ls= getsockname(L)) or fail("getsockname");
	141	$lsp= show_addr_port($ls);
	142
	143	if ($rps eq 'command') {
46ab1c83	144	quit("when using ,command for remote, must supply command") unless @ARGV;
217afbe6	145	@rcmd= (@ARGV, "$ras,print", "$lsp", "$rva,$lva,$mtu,$proto",
	146	"$keepalive,$timeout", $repn, $lepn);
	147	debug("remote command @rcmd");
46ab1c83	148	defined($c= open C,"-\|") or fail("fork for remote");
46ab1c83	149	if (!$c) {
217afbe6	150	exec @rcmd; die "$progname: error: failed to execute $rcmd[0]: $!\n";
46ab1c83	151	}
	152	$_= <C>;
	153	if (!length) {
	154	close C;
	155	quit($? ? "remote command failed (code $?)" : "no details received from remote");
	156	}
	157	chomp;
	158	m/^([.0-9]+)\,(\d+)$/ or quit("invalid details from remote end ($_)");
	159	($ras,$rps) = ($1,$2);
	160	$ra= conv_host_addr($ras);
217afbe6	161	$rp= conv_port_number($rps);
46ab1c83	162	defined($c2= fork) or fail("fork for cat");
46ab1c83	163	if (!$c2) {
217afbe6	164	open(STDIN,"<&C") or fail("redirect remote pipe to stdin");
46ab1c83	165	close C;
	166	exec "cat"; fail("execute cat");
	167	}
	168	} else {
	169	quit("when not using ,command for remote, must not supply command") if @ARGV;
	170	}
	171
	172	$rs= pack_sockaddr_in $rp,$ra;
	173	$rsp= show_addr_port($rs);
	174
217afbe6	175	if ($lps eq 'print') { print($lsp,"\n") or quit("write port to stdout: $!"); }
46ab1c83	176
abe75cda	177	@lcmd= qw(userv root ipif) unless @lcmd;
abe75cda	178
217afbe6	179	debug("using remote $rsp local $lsp");
abe75cda	180	push @lcmd, ("$lva,$rva,$mtu,$proto",$lepn);
abe75cda	181	debug("local command @lcmd");
46ab1c83	182
	183	pipe(UR,UW) or fail("up pipe");
	184	pipe(DR,DW) or fail("down pipe");
	185
	186	defined($c3= fork) or fail("fork for ipif");
	187	if (!$c3) {
	188	close UR; close DW;
217afbe6	189	open(STDIN,"<&DR") or fail("reopen stdin for packets");
217afbe6	190	open(STDOUT,">&UW") or fail("reopen stdout for packets");
abe75cda	191	exec @lcmd;
abe75cda	192	quit("cannot execute $lcmd[0]: $!");
46ab1c83	193	}
	194	close UW;
	195	close DR;
	196
	197	$upyet= 0;
	198	$downyet= 0;
	199
	200	$wantreadfds='';
217afbe6	201	vec($wantreadfds,fileno(UR),1)= 1;
217afbe6	202	vec($wantreadfds,fileno(L),1)= 1;
46ab1c83	203
	204	sub nonblock ($) {
	205	my ($fh,$fl) = @_;
	206	($fl= fcntl($fh,F_GETFL,0)) or fail("nonblock F_GETFL");
	207	$fl \|= O_NONBLOCK;
	208	fcntl($fh, F_SETFL, $fl) or fail("nonblock F_SETFL");
	209	}
	210
	211	nonblock('UR');
	212	nonblock('L');
	213
	214	$upbuf= '';
	215
217afbe6	216	sub now () { my ($v); defined($v= time) or fail("get time"); return $v; }
	217	if ($keepalive) { $nextsendka= now(); }
	218
46ab1c83	219	for (;;) {
217afbe6	220	if ($keepalive) {
217afbe6	221	$now= now();
198680ad	222	$thistimeout= $nextsendka-$now;
198680ad	223	if ($thistimeout < 0) {
217afbe6	224	defined(send L,"\300",0,$rs)
	225	or warning("transmit keepalive error: $!");
	226	$nextsendka= $now+$keepalive;
198680ad	227	$thistimeout= $keepalive;
217afbe6	228	}
217afbe6	229	} else {
198680ad	230	$thistimeout= undef;
217afbe6	231	}
198680ad	232	select($readfds=$wantreadfds,'','',$thistimeout);
46ab1c83	233	for (;;) {
	234	if (!defined($r= sysread(UR,$upbuf,$mtu*2+3,length($upbuf)))) {
	235	$! == EAGAIN \|\| warning("tunnel endpoint read error: $!");
	236	last;
	237	}
	238	if (!$r) {
	239	quit "tunnel endpoint closed by system";
	240	}
	241	while (($p= index($upbuf,"\300")) >= 0) {
1d1209a4	242	if ($p && !defined(send L,substr($upbuf,0,$p),0,$rs)) {
217afbe6	243	warning("transmit error: $!");
198680ad	244	} else {
	245	if (!$upyet) {
	246	$upyet= 1;
	247	debug($downyet ? "tunnel open at this end" : "transmitting");
	248	}
	249	if ($keepalive) { $nextsendka= now()+$keepalive; }
46ab1c83	250	}
198680ad	251	$upbuf= substr($upbuf,$p+1);
46ab1c83	252	}
	253	}
	254	while (defined($rs_from= recv L,$downbuf,$mtu*2+3,0)) {
	255	$rsp_from= show_addr_port($rs_from);
	256	if ($rsp_from ne $rsp) {
	257	warning("got packet from incorrect peer $rsp_from");
217afbe6	258	next;
46ab1c83	259	}
1d1209a4	260	$downbuf= "\300".$downbuf."\300";
46ab1c83	261	if (!defined($r= syswrite(DW,$downbuf,length $downbuf))) {
46ab1c83	262	warning("tunnel endpoint write error: $!");
217afbe6	263	} elsif ($r != length $downbuf) {
46ab1c83	264	warning("tunnel endpoint wrong write length");
46ab1c83	265	} else {
217afbe6	266	if (!$downyet) {
217afbe6	267	$downyet= 1;
198680ad	268	debug($upyet ? "tunnel open at this end" : "receiving");
217afbe6	269	}
217afbe6	270	alarm($timeout) if $timeout;
46ab1c83	271	}
46ab1c83	272	}
40f75550	273	if ($! == ECONNREFUSED) { quit("tunnel closed at remote end"); }
46ab1c83	274	$! == EAGAIN \|\| warning("receive error: $!");
46ab1c83	275	}