b401a5cb39dd76a21d451548a91c87a90eacd398
2 * userv service (or standalone program) for per-user IP subranges.
4 * When invoked appropriately, it creates a point-to-point network
5 * interface with specified parameters. It arranges for packets sent out
6 * via that interface by the kernel to appear on its own stdout in SLIP or
7 * CSLIP encoding, and packets injected into its own stdin to be given to
8 * the kernel as if received on that interface. Optionally, additional
9 * routes can be set up to arrange for traffic for other address ranges to
10 * be routed through the new interface.
12 * This is the service program, which is invoked as root from userv (or may
13 * be invoked firectly).
15 * Its arguments are supposed to be, in order, as follows:
17 * The first two arguments are usually supplied by the userv
18 * configuration. See the file `ipif/ipif' in the source tree, which
19 * is installed in /etc/userv/services.d/ipif by `make install':
23 * Specifies address ranges and gids which own them. The default
24 * configuration supplies /etc/userv/ipif-networks, which is then read
25 * for a list of entries, one per line.
28 * Serves to separate the user-supplied and therefore untrusted
29 * arguments from the trusted first argument.
31 * The remaining arguments are supplied by the (untrusted) caller:
33 * <local-addr>,<peer-addr>,<mtu>[,[<proto>]]
35 * As for slattach. The only supported protocol is slip.
36 * Alternatively, set to `debug' to print debugging info and
37 * exit. <local-addr> is address of the interface to be created
38 * on the local system; <peer-addr> is the address of the
39 * point-to-point peer. They must be actual addresses (not
42 * <prefix>/<mask>,<prefix>/<mask>,...
44 * List of additional routes to add for this interface. routes will
45 * be set up on the local system arranging for packets for those
46 * networks to be sent via the created interface. <prefix> must be an
47 * IPv4 address, and mask must be an integer (dotted-quad masks are
48 * not supported). If no additional routes are to be set up, use `-'
49 * or supply an empty argument.
51 * Each <config> item - whether a line in a file such as
52 * /etc/userv/ipif-networks, or the single trusted argument supplied
53 * on the service program command line - is one of:
56 * ./<config-file-name>
57 * ../<config-file-name>
59 * Reads a file which contains lines which are each <config>
62 * <gid>,[=][-|+]<prefix>/<len>(-|+<prefix>/<len>...)[,<junk>]
64 * Indicates that <gid> may allocate addresses in the relevant address
65 * range (<junk> is ignored). <gid> must be numeric. To specify a
66 * single host address, you must specify a mask of /32. If `=' is
67 * specified then the specific subrange is only allowed for the local
68 * endpoint address, but not for remote addresses.
70 * More than one range may be given, with each range prefixed
71 * by + or -. In this case each address range in the rule will
72 * scanned in order, and the first range in the rule that matches
73 * any desired rule will count: if that first matching range is
74 * prefixed by `+' (or nothing) then the rule applies, if it
75 * is prefixed by `-' (or nothing matches), the rule does not.
78 * Means that anything is to be permitted. This should not appear in
79 * /etc/userv/ipif-networks, as that would permit any user on the
80 * system to create any interfaces with any addresses and routes
81 * attached. It is provided so that root can usefully invoke the ipif
82 * service program directly (not via userv), without needing to set up
83 * permissions in /etc/userv/ipif-networks.
87 * Comment. Blank lines are also ignored.
89 * NB: Permission is granted if _any_ config entry matches the request.
91 * The service program should be run from userv with no-disconnect-hup.
94 * This file is part of ipif, part of userv-utils
96 * Copyright 1996-2013 Ian Jackson <ijackson@chiark.greenend.org.uk>
97 * Copyright 1998 David Damerell <damerell@chiark.greenend.org.uk>
99 * Chancellor Masters and Scholars of the University of Cambridge
100 * Copyright 2010 Tony Finch <fanf@dotat.at>
102 * This is free software; you can redistribute it and/or modify it
103 * under the terms of the GNU General Public License as published by
104 * the Free Software Foundation; either version 3 of the License, or
105 * (at your option) any later version.
107 * This program is distributed in the hope that it will be useful, but
108 * WITHOUT ANY WARRANTY; without even the implied warranty of
109 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
110 * General Public License for more details.
112 * You should have received a copy of the GNU General Public License
113 * along with userv-utils; if not, see http://www.gnu.org/licenses/.
130 #include <sys/types.h>
131 #include <sys/wait.h>
132 #include <sys/stat.h>
134 #include <sys/types.h>
135 #include <sys/ioctl.h>
136 #include <sys/socket.h>
138 #include <sys/stat.h>
141 #include <linux/if.h>
142 #include <linux/if_tun.h>
145 #define MAXEXROUTES 50
148 static const unsigned long gidmaxval
= (unsigned long)((gid_t
)-2);
149 static const char *const protos_ok
[]= { "slip", 0 };
150 static const int signals
[]= { SIGHUP
, SIGINT
, SIGTERM
, 0 };
152 static const char *configstr
, *proto
;
153 static unsigned long localaddr
, peeraddr
, mtu
;
154 static int localpming
, peerpming
;
155 static int localallow
, peerallow
, allallow
;
156 static int nexroutes
;
157 static struct exroute
{
158 unsigned long prefix
, mask
;
160 char prefixtxt
[ATXTLEN
], masktxt
[ATXTLEN
];
161 } exroutes
[MAXEXROUTES
];
163 static char localtxt
[ATXTLEN
];
164 static char peertxt
[ATXTLEN
];
166 static struct pplace
{
167 struct pplace
*parent
;
168 const char *filename
;
177 static void terminate(int estatus
) {
182 static void fatal(const char *fmt
, ...)
183 __attribute__((format(printf
,1,2)));
184 static void fatal(const char *fmt
, ...) {
188 fputs("userv-ipif service: fatal error: ",stderr
);
189 vfprintf(stderr
, fmt
, al
);
194 static void sysfatal(const char *fmt
, ...)
195 __attribute__((format(printf
,1,2)));
196 static void sysfatal(const char *fmt
, ...) {
203 fputs("userv-ipif service: fatal system error: ",stderr
);
204 vfprintf(stderr
, fmt
, al
);
205 fprintf(stderr
,": %s\n", strerror(e
));
210 static void badusage(const char *fmt
, ...)
211 __attribute__((format(printf
,1,2)));
212 static void badusage(const char *fmt
, ...) {
218 "userv-ipif service: %s:%d: ",
219 cpplace
->filename
, cpplace
->lineno
);
221 fputs("userv-ipif service: invalid usage: ",stderr
);
224 vfprintf(stderr
, fmt
, al
);
228 for (cpp
=cpplace
->parent
; cpp
; cpp
=cpp
->parent
) {
230 "userv-ipif service: %s:%d: ... in file included from here\n",
231 cpp
->filename
, cpp
->lineno
);
237 static char *ip2txt(unsigned long addr
, char *buf
) {
238 sprintf(buf
, "%lu.%lu.%lu.%lu",
246 static unsigned long eat_number(const char **argp
, const char *what
,
247 unsigned long min
, unsigned long max
,
248 const char *endchars
, int *endchar_r
) {
249 /* If !endchars then the endchar must be a nul, otherwise it may be
250 * a nul (resulting in *argp set to 0) or something else (*argp set
251 * to point to after delim, *endchar_r set to delim).
252 * *endchar_r may be 0.
258 if (!*argp
) { badusage("missing number %s",what
); }
259 rv
= strtoul(*argp
,&ep
,0);
260 if ((endchar
= *ep
)) {
261 if (!endchars
) badusage("junk after number %s",what
);
262 if (!strchr(endchars
,endchar
))
263 badusage("invalid character or delimiter `%c' in or after number, %s:"
264 " expected %s (or none?)", endchar
,what
,endchars
);
269 if (endchar_r
) *endchar_r
= endchar
;
270 if (rv
< min
|| rv
> max
) badusage("number %s value %lu out of range %lu..%lu",
275 static int addrnet_overlap(unsigned long p1
, unsigned long m1
,
276 unsigned long p2
, unsigned long m2
) {
280 return (p1
& mask
) == (p2
& mask
);
283 static void addrnet_mustdiffer(const char *w1
, unsigned long p1
, unsigned long m1
,
284 const char *w2
, unsigned long p2
, unsigned long m2
) {
285 if (!addrnet_overlap(p1
,m1
,p2
,m2
)) return;
286 badusage("%s %08lx/%08lx overlaps/clashes with %s %08lx/%08lx",
290 static unsigned long eat_addr(const char **argp
, const char *what
,
291 const char *endchars
, int *endchar_r
) {
300 sprintf(whatbuf
,"%s byte #%d",what
,i
);
301 rv
|= eat_number(argp
,whatbuf
, 0,255, i
<3 ?
"." : endchars
, endchar_r
);
307 static void eat_prefixmask(const char **argp
, const char *what
,
308 const char *endchars
, int *endchar_r
,
309 unsigned long *prefix_r
, unsigned long *mask_r
, int *len_r
) {
310 /* mask_r and len_r may be 0 */
313 unsigned long prefix
, mask
;
315 prefix
= eat_addr(argp
,what
, "/",0);
316 sprintf(whatbuf
,"%s length",what
);
317 len
= eat_number(argp
,whatbuf
, 0,32, endchars
,endchar_r
);
319 mask
= len ?
(~0UL << (32-len
)) : 0UL;
320 if (prefix
& ~mask
) badusage("%s prefix %08lx not fully contained in mask %08lx",
323 if (mask_r
) *mask_r
= mask
;
324 if (len_r
) *len_r
= len
;
327 static char *eat_optionalstr(const char **argp
,
331 const char *start
= *argp
;
332 const char *comma
= strchr(start
, ',');
344 char *r
= malloc(len
+1);
345 if (!r
) sysfatal("malloc for command line string");
351 static int addrnet_isin(unsigned long prefix
, unsigned long mask
,
352 unsigned long mprefix
, unsigned long mmask
) {
353 return !(~mask
& mmask
) && (prefix
& mmask
) == mprefix
;
356 /* Totally hideous algorithm for parsing the config file lines.
357 * For each config file line, we first see if its gid applies. If not
358 * we skip it. Otherwise, we do
360 * which sets <foo>pming to 1
361 * for each range. <foo>pming may be 0 if we've determined that
362 * this line does not apply to <foo>.
364 * which calls permit_range_thing for each <foo>
365 * which checks to see if <foo> is inside the relevant
366 * range (for +) or overlaps it (for -) and updates
367 * <foo>allow and <foo>pming.
370 static void permit_begin(void) {
373 localpming
= peerpming
= 1;
374 for (i
=0; i
<nexroutes
; i
++) exroutes
[i
].pming
= 1;
377 static void permit_range_thing(unsigned long tprefix
, unsigned long tmask
,
378 const char *what
, int *tallow
, int *tpming
,
379 unsigned long pprefix
, unsigned long pmask
,
380 int plus
, int *any
) {
382 if (!addrnet_isin(tprefix
,tmask
, pprefix
,pmask
)) return;
383 if (*tpming
) *tallow
= 1;
385 if (!addrnet_overlap(tprefix
,tmask
, pprefix
,pmask
)) return;
388 if (!proto
) printf(" %c%s", plus?
'+':'-', what
);
392 static void permit_range(unsigned long prefix
, unsigned long mask
,
393 int plus
, int localonly
) {
397 assert(!(prefix
& ~mask
));
400 permit_range_thing(localaddr
,~0UL,"local", &localallow
,&localpming
,
401 prefix
,mask
, plus
,&any
);
404 permit_range_thing(peeraddr
,~0UL, "peer-addr", &peerallow
,&peerpming
,
405 prefix
,mask
, plus
,&any
);
406 for (i
=0; i
<nexroutes
; i
++) {
407 sprintf(idbuf
,"route#%d",i
);
408 permit_range_thing(exroutes
[i
].prefix
,exroutes
[i
].mask
, idbuf
,
409 &exroutes
[i
].allow
,&exroutes
[i
].pming
,
410 prefix
,mask
, plus
,&any
);
414 if (!any
) fputs(" nothing",stdout
);
417 static void pconfig(const char *configstr
, int truncated
);
419 static void pfile(const char *filename
) {
423 struct pplace npp
, *cpp
;
425 for (cpp
=cpplace
; cpp
; cpp
=cpp
->parent
) {
426 if (!strcmp(cpp
->filename
,filename
))
427 badusage("recursive configuration file `%s'",filename
);
430 file
= fopen(filename
,"r");
432 badusage("cannot open configuration file `%s': %s", filename
, strerror(errno
));
434 if (!proto
) printf("config file `%s':\n",filename
);
437 npp
.filename
= filename
;
441 while (fgets(buf
, sizeof(buf
), file
)) {
446 truncated
= (buf
[l
-1] != '\n');
447 while (l
>0 && isspace((unsigned char) buf
[l
-1])) l
--;
452 while ((c
= getc(file
)) != EOF
&& c
!= '\n');
456 pconfig(buf
,truncated
);
459 badusage("failed while reading configuration file: %s", strerror(errno
));
464 static void pconfig(const char *configstr
, int truncated
) {
465 unsigned long fgid
, tgid
, pprefix
, pmask
;
466 int plen
, localonly
, plus
, rangeix
, delim
;
471 switch (configstr
[0]) {
474 permit_range(0UL,0UL,1,0);
481 if (truncated
) badusage("filename too long (`%.100s...')",configstr
);
486 if (!isdigit((unsigned char)configstr
[0]))
487 badusage("unknown configuration directive");
489 fgid
= eat_number(&configstr
,"gid", 0,gidmaxval
, ",",0);
491 if (!proto
) printf(" %5lu", fgid
);
493 gidlist
= getenv("USERV_GID");
494 if (!gidlist
) fatal("USERV_GID not set");
497 if (!proto
) printf(" no matching gid\n");
500 tgid
= eat_number(&gidlist
,"userv-gid", 0,gidmaxval
, " ",0);
501 if (tgid
== fgid
) break;
504 if (configstr
[0] == '=') {
515 switch (configstr
[0]) {
516 case '-': plus
= 0; /* fall through */
517 case '+': configstr
++;
522 sprintf(whattxt
, "%s-prefix#%d",
523 plus ?
"permitted" : "notpermitted",
525 eat_prefixmask(&configstr
,whattxt
, ",+-",&delim
,
526 &pprefix
,&pmask
,&plen
);
527 if (!configstr
&& truncated
)
528 badusage("gid,prefix/len,... spec too long");
531 printf(" %c%s/%d:", plus?
'+':'-',ip2txt(pprefix
,ptxt
), plen
);
533 permit_range(pprefix
,pmask
,plus
,localonly
);
534 if (delim
==',') break;
536 plus
= delim
=='-' ?
0 : 1;
545 static void checkallow(int allow
, const char *what
,
546 const char *prefixtxt
, const char *masktxt
) {
548 fprintf(stderr
,"userv-ipif service: access denied for %s, %s/%s\n",
549 what
, prefixtxt
, masktxt
);
553 static void parseargs(int argc
, const char *const *argv
) {
554 unsigned long routeaddr
, routemask
;
556 const char *const *cprotop
;
558 char erwhatbuf
[100], erwhatbuf2
[100];
560 if (argc
< NARGS
+1) { badusage("too few arguments"); }
561 if (argc
> NARGS
+1) { badusage("too many arguments"); }
566 if (strcmp(carg
,"--")) badusage("separator argument `--' not found, got `%s'",carg
);
569 localaddr
= eat_addr(&carg
,"local-addr", ",",0);
570 peeraddr
= eat_addr(&carg
,"peer-addr", ",",0);
571 mtu
= eat_number(&carg
,"mtu", 576,65536, ",",0);
572 localallow
= peerallow
= 0;
574 char *protostr
= eat_optionalstr(&carg
,"protocol","slip");
575 if (!strcmp(protostr
,"debug")) {
578 for (cprotop
= protos_ok
;
579 (proto
= *cprotop
) && strcmp(proto
,protostr
);
581 if (!proto
) fatal("invalid protocol");
584 addrnet_mustdiffer("local-addr",localaddr
,~0UL, "peer-addr",peeraddr
,~0UL);
587 if (strcmp(carg
,"-")) {
591 if (nexroutes
== MAXEXROUTES
)
592 fatal("too many extra routes (only %d allowed)",MAXEXROUTES
);
593 sprintf(erwhatbuf
,"route#%d",nexroutes
);
595 eat_prefixmask(&carg
,erwhatbuf
, ",",0, &routeaddr
,&routemask
,0);
596 if (routemask
== ~0UL) {
597 addrnet_mustdiffer(erwhatbuf
,routeaddr
,routemask
, "local-addr",localaddr
,~0UL);
598 addrnet_mustdiffer(erwhatbuf
,routeaddr
,routemask
, "peer-addr",peeraddr
,~0UL);
600 for (i
=0; i
<nexroutes
; i
++) {
601 sprintf(erwhatbuf2
,"route#%d",i
);
602 addrnet_mustdiffer(erwhatbuf
,routeaddr
,routemask
,
603 erwhatbuf2
,exroutes
[i
].prefix
,exroutes
[i
].mask
);
605 exroutes
[nexroutes
].prefix
= routeaddr
;
606 exroutes
[nexroutes
].mask
= routemask
;
607 exroutes
[nexroutes
].allow
= 0;
608 ip2txt(routeaddr
,exroutes
[nexroutes
].prefixtxt
);
609 ip2txt(routemask
,exroutes
[nexroutes
].masktxt
);
613 ip2txt(localaddr
,localtxt
);
614 ip2txt(peeraddr
,peertxt
);
617 static void checkpermit(void) {
622 checkallow(localallow
,"local-addr", localtxt
,"32");
623 checkallow(peerallow
,"peer-addr", peertxt
,"32");
624 for (i
=0; i
<nexroutes
; i
++) {
625 sprintf(erwhatbuf
, "route#%d", i
);
626 checkallow(exroutes
[i
].allow
, erwhatbuf
, exroutes
[i
].prefixtxt
, exroutes
[i
].masktxt
);
628 if (!allallow
) fatal("access denied");
631 static void dumpdebug(void) __attribute__((noreturn
));
632 static void dumpdebug(void) {
636 printf("protocol: debug\n"
637 "local: %08lx == %s\n"
638 "peer: %08lx == %s\n"
645 for (i
=0; i
<nexroutes
; i
++) {
646 sprintf(erwhatbuf
, "route#%d:", i
);
647 printf("%-9s %08lx/%08lx == %s/%s\n",
649 exroutes
[i
].prefix
, exroutes
[i
].mask
,
650 exroutes
[i
].prefixtxt
, exroutes
[i
].masktxt
);
652 if (ferror(stdout
) || fclose(stdout
)) sysfatal("flush stdout");
657 static int task(const char *desc
) {
662 if (pid
== (pid_t
)-1) sysfatal("fork for task");
666 pidr
= waitpid(pid
,&status
,0);
667 if (pidr
!=(pid_t
)-1) break;
668 if (errno
==EINTR
) continue;
669 sysfatal("waitpid for task");
673 if (WIFEXITED(status
)) {
674 if (WEXITSTATUS(status
))
675 fatal("userv-ipif service: %s exited with error exit status %d\n",
676 desc
, WEXITSTATUS(status
));
677 } else if (WIFSIGNALED(status
)) {
678 fatal("userv-ipif service: %s died due to signal %s%s\n",
679 desc
, strsignal(WTERMSIG(status
)),
680 WCOREDUMP(status
) ?
" (core dumped)" : "");
682 fatal("userv-ipif service: %s unexpectedly terminated"
683 " with unknown status code %d\n", desc
, status
);
689 static void createif(void) {
690 static const char ifnamepat
[]= "userv%d";
694 memset(&ifr
,0,sizeof(ifr
));
695 ifr
.ifr_flags
= IFF_TUN
| IFF_NO_PI
;
697 assert(sizeof(ifr
.ifr_name
) >= sizeof(ifnamepat
));
698 strcpy(ifr
.ifr_name
, ifnamepat
);
700 tunfd
= open("/dev/net/tun", O_RDWR
);
701 if (!tunfd
) sysfatal("open /dev/net/tun");
703 r
= fcntl(tunfd
, F_GETFD
);
704 if (r
==-1) sysfatal("fcntl(tunfd,F_GETFD)");
705 r
= fcntl(tunfd
, F_SETFD
, r
|FD_CLOEXEC
);
706 if (r
==-1) sysfatal("fcntl(tunfd,F_SETFD,|FD_CLOEXEC)");
708 r
= ioctl(tunfd
, TUNSETIFF
, (void*)&ifr
);
709 if (r
) sysfatal("ioctl TUNSETIFF");
711 /* ifr.ifr_name might not be null-terminated. crazy abi. */
712 ifname
= malloc(sizeof(ifr
.ifr_name
)+1);
713 if (!ifname
) sysfatal("malloc for interface name");
714 memcpy(ifname
, ifr
.ifr_name
, sizeof(ifr
.ifr_name
));
715 ifname
[sizeof(ifr
.ifr_name
)]= 0;
718 static void netconfigure(void) {
722 if (task("ifconfig")) {
723 sprintf(mtutxt
,"%lu",mtu
);
725 execlp("ifconfig", "ifconfig", ifname
, localtxt
,
726 "netmask","255.255.255.255", "pointopoint",peertxt
, "-broadcast",
727 "mtu",mtutxt
, "up", (char*)0);
728 sysfatal("cannot exec ifconfig");
731 for (i
=0; i
<nexroutes
; i
++) {
733 execlp("route","route", "add", "-net",exroutes
[i
].prefixtxt
,
734 "netmask",exroutes
[i
].masktxt
,
735 "gw",peertxt
, "dev",ifname
, (char*)0);
736 sysfatal("cannot exec route (for route)");
741 static void setnonblock(int fd
) {
743 r
= fcntl(fd
,F_GETFL
);
744 if (r
==-1) sysfatal("fcntl F_GETFL");
745 r
= fcntl(fd
,F_SETFL
, r
|O_NONBLOCK
);
746 if (r
==-1) sysfatal("fcntl F_SETFL O_NONBLOCK");
749 static void rx_packet(const uint8_t *packet
, int len
) {
753 int r
= write(tunfd
, packet
, len
);
755 if (errno
==EINTR
) continue;
756 if (errno
==EAGAIN
|| errno
==ENOMEM
) return; /* oh well */
757 sysfatal("error writing packet to tun (transmitting)");
764 static int output_waiting
, input_waiting
;
766 #define SLIP_END 0300
767 #define SLIP_ESC 0333
768 #define SLIP_ESC_END 0334
769 #define SLIP_ESC_ESC 0335
771 static void more_rx_data(uint8_t *input_buf
, uint8_t *output_buf
) {
772 /* we make slip_data never contain continuation of a packet */
773 /* input_buf is passed as a parameter since it's in copydata's stack frame */
775 static int output_len
;
777 uint8_t *op
= output_buf
+ output_len
;
778 const uint8_t *ip
= input_buf
+ scanned
;
779 const uint8_t *ip_end
= input_buf
+ input_waiting
;
783 if (ip
>=ip_end
) break;
786 rx_packet(output_buf
, op
-output_buf
);
788 eaten
= ip
- input_buf
;
792 if (ip
>=ip_end
) { /* rescan this when there's more */ ip
--; break; }
794 if (c
==SLIP_ESC_END
) c
=SLIP_END
;
795 else if (c
==SLIP_ESC_ESC
) c
=SLIP_ESC
;
796 else fatal("unexpected byte 0%o after SLIP_ESC",c
);
798 if (op
== output_buf
+mtu
)
799 fatal("SLIP packet exceeds mtu");
803 output_len
= op
- output_buf
;
804 scanned
= ip
- input_buf
;
806 input_waiting
-= eaten
;
807 memmove(input_buf
, input_buf
+eaten
, input_waiting
);
811 static void tx_packet(uint8_t *output_buf
, const uint8_t *ip
, int inlen
) {
812 /* output_buf is passed as a parameter since it's in copydata's stack frame */
813 assert(!output_waiting
);
814 uint8_t *op
= output_buf
;
819 if (c
==SLIP_END
) { *op
++= SLIP_ESC
; *op
++= SLIP_ESC_END
; }
820 else if (c
==SLIP_ESC
) { *op
++= SLIP_ESC
; *op
++= SLIP_ESC_ESC
; }
824 assert(op
<= output_buf
+ mtu
*2+2);
826 output_waiting
= op
- output_buf
;
829 static void copydata(void) __attribute__((noreturn
));
830 static void copydata(void) {
831 uint8_t output_buf
[mtu
*2+2];
832 uint8_t input_buf
[mtu
*2+2];
833 uint8_t rx_packet_buf
[mtu
];
837 struct pollfd polls
[3];
838 memset(polls
, 0, sizeof(polls
));
840 polls
[0].fd
= 0; polls
[0].events
= POLLIN
;
844 /* We don't do flow control on input packets; instead, we just throw
845 * away ones which the kernel doesn't accept. So we always poll for
848 * Output packets we buffer, so we poll only as appropriate for those.
851 /* Start by transmitting one END byte to say we're ready. */
852 output_buf
[0]= SLIP_END
;
856 if (output_waiting
) {
857 r
= write(1, output_buf
, output_waiting
);
859 if (errno
==EINTR
) continue;
861 sysfatal("error writing SLIP output (packets being received)");
865 memmove(output_buf
, output_buf
+r
, output_waiting
);
868 if (output_waiting
) {
869 polls
[1].events
|= POLLOUT
;
870 polls
[2].events
&= ~POLLIN
;
872 polls
[1].events
&= ~POLLOUT
;
873 polls
[2].events
|= POLLIN
;
878 if (errno
==EINTR
) continue;
879 sysfatal("poll() failed");
881 assert(r
>0); /* we used an infinite timeout */
883 for (i
=0; i
<sizeof(polls
)/sizeof(polls
[0]); i
++)
884 if (polls
[i
].revents
& ~polls
[i
].events
)
885 fatal("unexpected revents 0x%x for fd=%d",
886 polls
[i
].revents
, polls
[i
].fd
);
888 if (polls
[0].events
& POLLIN
) {
889 int want
= sizeof(input_buf
) - input_waiting
;
890 if (want
<0) fatal("incoming packet necessarily exceeds MTU");
891 r
= read(0, input_buf
+ input_waiting
, want
);
894 assert(input_waiting
<= sizeof(input_buf
));
895 more_rx_data(input_buf
, rx_packet_buf
);
899 if (!(errno
==EINTR
|| errno
==EAGAIN
))
900 sysfatal("error reading input SLIP data (packets to transmit)");
904 /* We handle what would be (polls[1].events & POLLOUT) above,
905 * unconditionally. That eliminates the need to poll in the usual case */
907 if (polls
[2].events
& POLLIN
) {
908 uint8_t packet_buf
[mtu
];
909 r
= read(tunfd
, packet_buf
, mtu
);
911 tx_packet(output_buf
, packet_buf
, r
);
914 if (!(errno
==EAGAIN
|| errno
==EWOULDBLOCK
))
915 sysfatal("error reading packet (being transmitted) from tun");
921 int main(int argc
, const char *const *argv
) {
922 parseargs(argc
,argv
);
923 pconfig(configstr
,0);
925 if (!proto
) dumpdebug();