Commit | Line | Data |
---|---|---|
9dcdc856 MW |
1 | /* -*-c-*- |
2 | * | |
bf4d9761 | 3 | * Discover the owner of a connection (Linux version) |
9dcdc856 MW |
4 | * |
5 | * (c) 2012 Straylight/Edgeware | |
6 | */ | |
7 | ||
8 | /*----- Licensing notice --------------------------------------------------* | |
9 | * | |
10 | * This file is part of Yet Another Ident Daemon (YAID). | |
11 | * | |
12 | * YAID is free software; you can redistribute it and/or modify | |
13 | * it under the terms of the GNU General Public License as published by | |
14 | * the Free Software Foundation; either version 2 of the License, or | |
15 | * (at your option) any later version. | |
16 | * | |
17 | * YAID is distributed in the hope that it will be useful, | |
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | * GNU General Public License for more details. | |
21 | * | |
22 | * You should have received a copy of the GNU General Public License | |
23 | * along with YAID; if not, write to the Free Software Foundation, | |
24 | * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
25 | */ | |
26 | ||
27 | /*----- Header files ------------------------------------------------------*/ | |
28 | ||
9da480be | 29 | #include "yaid.h" |
9dcdc856 | 30 | |
c3794524 MW |
31 | #include <linux/netlink.h> |
32 | #include <linux/rtnetlink.h> | |
33 | ||
9dcdc856 MW |
34 | /*----- Static variables --------------------------------------------------*/ |
35 | ||
c3794524 | 36 | static FILE *natfp; /* File handle for NAT table */ |
56e93c83 MW |
37 | static int randfd; /* File descriptor for random data */ |
38 | ||
39 | /*----- Miscellaneous system services -------------------------------------*/ | |
40 | ||
41 | /* Fill the buffer at P with SZ random bytes. The buffer will be moderately | |
42 | * large: this is intended to be a low-level interface, not a general-purpose | |
43 | * utility. | |
44 | */ | |
45 | void fill_random(void *p, size_t sz) | |
46 | { | |
47 | ssize_t n; | |
48 | ||
49 | n = read(randfd, p, sz); | |
429dcd8d MW |
50 | if (n < 0) fatal("error reading `/dev/urandom': %s", strerror(errno)); |
51 | else if (n < sz) fatal("unexpected short read from `/dev/urandom'"); | |
56e93c83 | 52 | } |
b093b41d MW |
53 | |
54 | /*----- Address-type operations -------------------------------------------*/ | |
55 | ||
bf4d9761 MW |
56 | struct addrops_sys { |
57 | const char *procfile; | |
2a9b8d4a | 58 | const char *nfl3name; |
bf4d9761 | 59 | int (*parseaddr)(char **, union addr *); |
9dcdc856 MW |
60 | }; |
61 | ||
3b1bed1d | 62 | #define PROCFILE_IPV4 "/proc/net/tcp" |
2a9b8d4a | 63 | #define NFL3NAME_IPV4 "ipv4" |
3b1bed1d | 64 | |
bf4d9761 | 65 | static int parseaddr_ipv4(char **pp, union addr *a) |
9da480be | 66 | { a->ipv4.s_addr = strtoul(*pp, pp, 16); return (0); } |
9dcdc856 | 67 | |
3b1bed1d | 68 | #define PROCFILE_IPV6 "/proc/net/tcp6" |
2a9b8d4a | 69 | #define NFL3NAME_IPV6 "ipv6" |
9dcdc856 | 70 | |
bf4d9761 | 71 | static int parseaddr_ipv6(char **pp, union addr *a) |
9da480be MW |
72 | { |
73 | int i, j; | |
74 | unsigned long y; | |
75 | char *p = *pp; | |
76 | unsigned x; | |
77 | ||
c3794524 | 78 | /* The format is byteswapped in a really annoying way. */ |
9da480be MW |
79 | for (i = 0; i < 4; i++) { |
80 | y = 0; | |
81 | for (j = 0; j < 8; j++) { | |
82 | if ('0' <= *p && *p <= '9') x = *p - '0'; | |
e9c4f66d MW |
83 | else if ('a' <= *p && *p <= 'f') x = *p - 'a' + 10; |
84 | else if ('A' <= *p && *p <= 'F') x = *p - 'A' + 10; | |
9da480be MW |
85 | else return (-1); |
86 | y = (y << 4) | x; | |
87 | p++; | |
88 | } | |
89 | a->ipv6.s6_addr32[i] = y; | |
90 | } | |
91 | *pp = p; | |
92 | return (0); | |
93 | } | |
94 | ||
3b1bed1d MW |
95 | #define DEFOPSYS(ty, TY) \ |
96 | const struct addrops_sys addrops_sys_##ty = { \ | |
2a9b8d4a | 97 | PROCFILE_##TY, NFL3NAME_##TY, parseaddr_##ty \ |
3b1bed1d MW |
98 | }; |
99 | ADDRTYPES(DEFOPSYS) | |
100 | #undef DEFOPSYS | |
9dcdc856 MW |
101 | |
102 | /*----- Main code ---------------------------------------------------------*/ | |
103 | ||
c3794524 MW |
104 | /* Store in A the default gateway address for the given address family. |
105 | * Return zero on success, or nonzero on error. | |
106 | */ | |
77fb54ff | 107 | static int get_default_gw(int af, union addr *a) |
9dcdc856 | 108 | { |
9da480be MW |
109 | int fd; |
110 | char buf[32768]; | |
111 | struct nlmsghdr *nlmsg; | |
112 | struct rtgenmsg *rtgen; | |
113 | const struct rtattr *rta; | |
114 | const struct rtmsg *rtm; | |
115 | ssize_t n, nn; | |
c63b1d0a | 116 | int rc = -1; |
9da480be MW |
117 | static unsigned long seq = 0x48b4aec4; |
118 | ||
c3794524 | 119 | /* Open a netlink socket for interrogating the kernel. */ |
9da480be | 120 | if ((fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE)) < 0) |
429dcd8d | 121 | fatal("failed to create netlink socket: %s", strerror(errno)); |
9da480be | 122 | |
c3794524 MW |
123 | /* We want to read the routing table. There doesn't seem to be a good way |
124 | * to do this without just crawling through the whole thing. | |
125 | */ | |
9da480be MW |
126 | nlmsg = (struct nlmsghdr *)buf; |
127 | assert(NLMSG_SPACE(sizeof(*rtgen)) < sizeof(buf)); | |
128 | nlmsg->nlmsg_len = NLMSG_LENGTH(sizeof(*rtgen)); | |
129 | nlmsg->nlmsg_type = RTM_GETROUTE; | |
130 | nlmsg->nlmsg_flags = NLM_F_REQUEST | NLM_F_ROOT; | |
131 | nlmsg->nlmsg_seq = ++seq; | |
132 | nlmsg->nlmsg_pid = 0; | |
133 | ||
134 | rtgen = (struct rtgenmsg *)NLMSG_DATA(nlmsg); | |
135 | rtgen->rtgen_family = af; | |
136 | ||
137 | if (write(fd, nlmsg, nlmsg->nlmsg_len) < 0) | |
429dcd8d | 138 | fatal("failed to send RTM_GETROUTE request: %s", strerror(errno)); |
9dcdc856 | 139 | |
c3794524 | 140 | /* Now we try to parse the answer. */ |
9da480be | 141 | for (;;) { |
c3794524 MW |
142 | |
143 | /* Not finished yet, so read another chunk of answer. */ | |
9da480be | 144 | if ((n = read(fd, buf, sizeof(buf))) < 0) |
429dcd8d | 145 | fatal("failed to read RTM_GETROUTE response: %s", strerror(errno)); |
c3794524 MW |
146 | |
147 | /* Start at the beginning of the response. */ | |
9da480be | 148 | nlmsg = (struct nlmsghdr *)buf; |
c3794524 MW |
149 | |
150 | /* Make sure this looks plausible. The precise rules don't appear to be | |
151 | * documented, so it seems advisable to fail messily if my understanding | |
152 | * is wrong. | |
153 | */ | |
9da480be MW |
154 | if (nlmsg->nlmsg_seq != seq) continue; |
155 | assert(nlmsg->nlmsg_flags & NLM_F_MULTI); | |
156 | ||
c3794524 | 157 | /* Work through all of the individual routes. */ |
9da480be MW |
158 | for (; NLMSG_OK(nlmsg, n); nlmsg = NLMSG_NEXT(nlmsg, n)) { |
159 | if (nlmsg->nlmsg_type == NLMSG_DONE) goto done; | |
160 | if (nlmsg->nlmsg_type != RTM_NEWROUTE) continue; | |
161 | rtm = (const struct rtmsg *)NLMSG_DATA(nlmsg); | |
162 | ||
c3794524 MW |
163 | /* If this record doesn't look interesting then skip it. */ |
164 | if (rtm->rtm_family != af || /* wrong address family */ | |
165 | rtm->rtm_dst_len > 0 || /* specific destination */ | |
166 | rtm->rtm_src_len > 0 || /* specific source */ | |
167 | rtm->rtm_type != RTN_UNICAST || /* not for unicast */ | |
168 | rtm->rtm_scope != RT_SCOPE_UNIVERSE || /* wrong scope */ | |
169 | rtm->rtm_tos != 0) /* specific type of service */ | |
9da480be | 170 | continue; |
9dcdc856 | 171 | |
c3794524 | 172 | /* Trundle through the attributes and find the gateway address. */ |
9da480be MW |
173 | for (rta = RTM_RTA(rtm), nn = RTM_PAYLOAD(nlmsg); |
174 | RTA_OK(rta, nn); rta = RTA_NEXT(rta, nn)) { | |
c3794524 MW |
175 | |
176 | /* Got one. We're all done. Except that we should carry on reading | |
177 | * to the end, or something bad will happen. | |
178 | */ | |
9da480be MW |
179 | if (rta->rta_type == RTA_GATEWAY) { |
180 | assert(RTA_PAYLOAD(rta) <= sizeof(*a)); | |
181 | memcpy(a, RTA_DATA(rta), RTA_PAYLOAD(rta)); | |
c63b1d0a | 182 | rc = 0; |
9da480be MW |
183 | } |
184 | } | |
185 | } | |
186 | } | |
9dcdc856 | 187 | |
9da480be MW |
188 | done: |
189 | close(fd); | |
190 | return (rc); | |
9dcdc856 MW |
191 | } |
192 | ||
b2f74a8a MW |
193 | /* Initially, PP points into a string containing whitespace-separated fields. |
194 | * Point P to the next field, null-terminate it, and advance PP so that we | |
195 | * can read the next field in the next call. | |
c3794524 | 196 | */ |
b2f74a8a MW |
197 | #define NEXTFIELD do { \ |
198 | for (p = pp; isspace((unsigned char)*p); p++); \ | |
199 | for (pp = p; *pp && !isspace((unsigned char)*pp); pp++); \ | |
200 | if (*pp) *pp++ = 0; \ | |
201 | } while (0) | |
202 | ||
203 | /* Search the `tcp' connection table for the address family AO, looking for a | |
204 | * connection between the addresses in QS. GWP is nonzero if the query's | |
205 | * remote address is our gateway and we shouldn't expect the remote address | |
206 | * in the system table to actually match it because of NAT. Return nonzero | |
207 | * if we have filled in Q conclusively; return zero if the caller should try | |
208 | * a different approach. | |
209 | */ | |
210 | static int search_tcp_file(struct query *q, int gwp, | |
211 | const struct addrops *ao, | |
212 | struct socket qs[NDIR]) | |
9dcdc856 | 213 | { |
9dcdc856 MW |
214 | FILE *fp = 0; |
215 | dstr d = DSTR_INIT; | |
216 | char *p, *pp; | |
b2f74a8a | 217 | struct socket s[NDIR]; |
9dcdc856 | 218 | int i; |
9dcdc856 MW |
219 | uid_t uid; |
220 | enum { LOC, REM, ST, UID, NFIELD }; | |
221 | int f, ff[NFIELD]; | |
b2f74a8a | 222 | int rc = 1; |
9da480be | 223 | |
c3794524 | 224 | /* Open the relevant TCP connection table. */ |
b2f74a8a | 225 | if ((fp = fopen(ao->sys->procfile, "r")) == 0) { |
9dcdc856 | 226 | logmsg(q, LOG_ERR, "failed to open `%s' for reading: %s", |
b2f74a8a | 227 | ao->sys->procfile, strerror(errno)); |
9dcdc856 MW |
228 | goto err_unk; |
229 | } | |
230 | ||
c3794524 | 231 | /* Read the header line from the file. */ |
9dcdc856 MW |
232 | if (dstr_putline(&d, fp) == EOF) { |
233 | logmsg(q, LOG_ERR, "failed to read header line from `%s': %s", | |
b2f74a8a | 234 | ao->sys->procfile, |
bf4d9761 | 235 | ferror(fp) ? strerror(errno) : "unexpected EOF"); |
9dcdc856 MW |
236 | goto err_unk; |
237 | } | |
238 | ||
c3794524 MW |
239 | /* Now scan the header line to identify which columns the various |
240 | * interesting fields are in. Store these in the map `ff'. Problems: | |
241 | * `tx_queue rx_queue' and `tr tm->when' are both really single columns in | |
242 | * disguise; and the remote address column has a different heading | |
243 | * depending on which address family we're using. Rather than dispatch, | |
244 | * just recognize both of them. | |
245 | */ | |
9dcdc856 MW |
246 | for (i = 0; i < NFIELD; i++) ff[i] = -1; |
247 | pp = d.buf; | |
248 | for (f = 0;; f++) { | |
249 | NEXTFIELD; if (!*p) break; | |
250 | if (strcmp(p, "local_address") == 0) | |
251 | ff[LOC] = f; | |
252 | else if (strcmp(p, "rem_address") == 0 || | |
253 | strcmp(p, "remote_address") == 0) | |
254 | ff[REM] = f; | |
255 | else if (strcmp(p, "uid") == 0) | |
256 | ff[UID] = f; | |
257 | else if (strcmp(p, "st") == 0) | |
258 | ff[ST] = f; | |
259 | else if (strcmp(p, "rx_queue") == 0 || | |
260 | strcmp(p, "tm->when") == 0) | |
261 | f--; | |
262 | } | |
c3794524 MW |
263 | |
264 | /* Make sure that we found all of the fields we actually want. */ | |
9dcdc856 MW |
265 | for (i = 0; i < NFIELD; i++) { |
266 | if (ff[i] < 0) { | |
267 | logmsg(q, LOG_ERR, "failed to find required fields in `%s'", | |
b2f74a8a | 268 | ao->sys->procfile); |
9dcdc856 MW |
269 | goto err_unk; |
270 | } | |
271 | } | |
272 | ||
c3794524 | 273 | /* Work through the lines in the file. */ |
9dcdc856 | 274 | for (;;) { |
c3794524 MW |
275 | |
276 | /* Read a line, and prepare to scan the fields. */ | |
9dcdc856 MW |
277 | DRESET(&d); |
278 | if (dstr_putline(&d, fp) == EOF) break; | |
279 | pp = d.buf; | |
280 | uid = -1; | |
c3794524 MW |
281 | |
282 | /* Work through the fields. If an address field fails to match then we | |
283 | * skip this record. If the state field isn't 1 (`ESTABLISHED') then | |
284 | * skip the record. If it's the UID, then remember it: if we get all the | |
285 | * way to the end then we've won. | |
286 | */ | |
9dcdc856 MW |
287 | for (f = 0;; f++) { |
288 | NEXTFIELD; if (!*p) break; | |
289 | if (f == ff[LOC]) { i = L; goto compare; } | |
290 | else if (f == ff[REM]) { i = R; goto compare; } | |
291 | else if (f == ff[UID]) uid = atoi(p); | |
292 | else if (f == ff[ST]) { | |
293 | if (strtol(p, 0, 16) != 1) goto next_row; | |
294 | } | |
295 | continue; | |
296 | ||
297 | compare: | |
c3794524 MW |
298 | /* Compare an address (in the current field) with the local or remote |
299 | * address in the query, as indicated by `i'. The address field looks | |
300 | * like `ADDR:PORT', where the ADDR is in some mad format which | |
301 | * `sys->parseaddr' knows how to unpick. If the remote address in the | |
302 | * query is our gateway then don't check the remote address in the | |
303 | * field (but do check the port number). | |
304 | */ | |
b2f74a8a | 305 | if (ao->sys->parseaddr(&p, &s[i].addr)) goto next_row; |
dd5e35da MW |
306 | if (*p != ':') break; |
307 | p++; | |
223e3e2b | 308 | s[i].port = strtoul(p, 0, 16); |
c3794524 | 309 | if ((i == R && gwp) ? |
b2f74a8a MW |
310 | qs[R].port != s[i].port : |
311 | !sockeq(ao, &qs[i], &s[i])) | |
9da480be | 312 | goto next_row; |
9dcdc856 | 313 | } |
c3794524 MW |
314 | |
315 | /* We got to the end, and everything matched. If we found a UID then | |
223e3e2b MW |
316 | * we're done. If the apparent remote address is our gateway then copy |
317 | * the true one into the query structure. | |
c3794524 | 318 | */ |
9dcdc856 | 319 | if (uid != -1) { |
9da480be MW |
320 | q->resp = R_UID; |
321 | q->u.uid = uid; | |
b2f74a8a | 322 | if (gwp) qs[R].addr = s[i].addr; |
9dcdc856 MW |
323 | goto done; |
324 | } | |
325 | next_row:; | |
326 | } | |
327 | ||
c3794524 | 328 | /* We got to the end of the file and didn't find anything. */ |
9dcdc856 | 329 | if (ferror(fp)) { |
b093b41d | 330 | logmsg(q, LOG_ERR, "failed to read connection table `%s': %s", |
b2f74a8a | 331 | ao->sys->procfile, strerror(errno)); |
9dcdc856 MW |
332 | goto err_unk; |
333 | } | |
b2f74a8a MW |
334 | rc = 0; |
335 | ||
336 | err_unk: | |
337 | /* Something went wrong and the protocol can't express what. We should | |
338 | * have logged what the problem actually was. | |
339 | */ | |
340 | q->resp = R_ERROR; | |
341 | q->u.error = E_UNKNOWN; | |
342 | ||
343 | done: | |
344 | /* All done. */ | |
345 | dstr_destroy(&d); | |
346 | if (fp) fclose(fp); | |
347 | return (rc); | |
348 | } | |
349 | ||
26750541 MW |
350 | /* Convert the IPv4 socket address IN into the equivalent IPv4-mapped IPv6 |
351 | * address OUT. | |
352 | */ | |
353 | static void map_v4(struct socket *out, const struct socket *in) | |
354 | { | |
355 | unsigned i; | |
356 | in_addr_t a4 = ntohl(in->addr.ipv4.s_addr); | |
357 | ||
358 | for (i = 0; i < 10; i++) out->addr.ipv6.s6_addr[i] = 0; | |
359 | for (i = 10; i < 12; i++) out->addr.ipv6.s6_addr[i] = 0xff; | |
360 | for (i = 0; i < 4; i++) out->addr.ipv6.s6_addr[15 - i] = (a4 >> 8*i)&0xff; | |
361 | out->port = in->port; | |
362 | } | |
363 | ||
364 | /* Convert the IPv4-mapped IPv6 socket address IN into the equivalent IPv4 | |
365 | * address OUT; return -1 if the IN address isn't actually IPv4-mapped. | |
366 | */ | |
367 | static int unmap_v4(struct socket *out, const struct socket *in) | |
368 | { | |
369 | unsigned i; | |
370 | in_addr_t a4 = 0; | |
371 | ||
372 | for (i = 0; i < 10; i++) if (in->addr.ipv6.s6_addr[i] != 0) return (-1); | |
373 | for (i = 10; i < 12; i++) if (in->addr.ipv6.s6_addr[i] != 0xff) return (-1); | |
374 | for (i = 0; i < 4; i++) a4 |= in->addr.ipv6.s6_addr[15 - i] << 8*i; | |
375 | out->addr.ipv4.s_addr = htonl(a4); | |
376 | out->port = in->port; | |
377 | return (0); | |
378 | } | |
379 | ||
b2f74a8a MW |
380 | /* Find out who is responsible for the connection described in the query Q. |
381 | * Write the answer to Q. Errors are logged and reported via the query | |
382 | * structure. | |
383 | */ | |
384 | void identify(struct query *q) | |
385 | { | |
386 | FILE *fp = 0; | |
387 | dstr d = DSTR_INIT; | |
388 | char *p, *pp; | |
389 | struct socket s[4]; | |
390 | int i; | |
391 | int gwp = 0; | |
392 | unsigned fl; | |
393 | #define F_SADDR 1u | |
394 | #define F_SPORT 2u | |
395 | #define F_DADDR 4u | |
396 | #define F_DPORT 8u | |
397 | #define F_ALL (F_SADDR | F_SPORT | F_DADDR | F_DPORT) | |
398 | #define F_ESTAB 16u | |
399 | ||
400 | /* If we have a default gateway, and it matches the remote address then | |
401 | * this may be a proxy connection from our NAT, so remember this, and don't | |
402 | * inspect the remote addresses in the TCP tables. | |
403 | */ | |
404 | if (!get_default_gw(q->ao->af, &s[0].addr) && | |
405 | q->ao->addreq(&s[0].addr, &q->s[R].addr)) | |
406 | gwp = 1; | |
407 | ||
408 | /* Search the main `tcp' table. */ | |
409 | if (search_tcp_file(q, gwp, q->ao, q->s)) goto done; | |
9dcdc856 | 410 | |
26750541 MW |
411 | /* Oh, dear. If this is IPv4, then the entry might actually be in the IPv6 |
412 | * table, with weird addresses. So we must try again. | |
413 | */ | |
414 | if (q->ao->af == AF_INET) { | |
415 | map_v4(&s[L], &q->s[L]); map_v4(&s[R], &q->s[R]); | |
416 | if (search_tcp_file(q, gwp, &addroptab[ADDR_IPV6], s)) { | |
417 | if (gwp && unmap_v4(&q->s[R], &s[R])) { | |
418 | logmsg(q, LOG_ERR, "can't unmap NATted destination address"); | |
419 | goto err_unk; | |
420 | } | |
421 | goto done; | |
422 | } | |
423 | } | |
424 | ||
c3794524 MW |
425 | /* If we opened the NAT table file, and we're using IPv4, then check to see |
426 | * whether we should proxy the connection. At least the addresses in this | |
427 | * file aren't crazy. | |
428 | */ | |
2a9b8d4a | 429 | if (natfp) { |
c3794524 MW |
430 | |
431 | /* Start again from the beginning. */ | |
b093b41d | 432 | rewind(natfp); |
9dcdc856 | 433 | |
c3794524 | 434 | /* Read a line at a time. */ |
9dcdc856 | 435 | for (;;) { |
c3794524 MW |
436 | |
437 | /* Read the line. */ | |
9dcdc856 | 438 | DRESET(&d); |
b093b41d | 439 | if (dstr_putline(&d, natfp) == EOF) break; |
9dcdc856 | 440 | pp = d.buf; |
2a9b8d4a | 441 | |
c3794524 | 442 | /* Check that this is for the right protocol. */ |
2a9b8d4a MW |
443 | NEXTFIELD; if (!*p) break; |
444 | if (strcmp(p, q->ao->sys->nfl3name)) continue; | |
445 | NEXTFIELD; if (!*p) break; | |
9dcdc856 MW |
446 | NEXTFIELD; if (!*p) break; |
447 | if (strcmp(p, "tcp") != 0) continue; | |
c3794524 MW |
448 | |
449 | /* Parse the other fields. Each line has two src/dst pairs, for the | |
450 | * outgoing and incoming directions. Depending on exactly what kind of | |
451 | * NAT is in use, either the outgoing source or the incoming | |
452 | * destination might be the client we're after. Collect all of the | |
453 | * addresses and sort out the mess later. | |
454 | */ | |
9dcdc856 MW |
455 | i = 0; |
456 | fl = 0; | |
457 | for (;;) { | |
458 | NEXTFIELD; if (!*p) break; | |
459 | if (strcmp(p, "ESTABLISHED") == 0) | |
460 | fl |= F_ESTAB; | |
461 | else if (strncmp(p, "src=", 4) == 0) { | |
2a9b8d4a | 462 | inet_pton(q->ao->af, p + 4, &s[i].addr); |
9dcdc856 MW |
463 | fl |= F_SADDR; |
464 | } else if (strncmp(p, "dst=", 4) == 0) { | |
2a9b8d4a | 465 | inet_pton(q->ao->af, p + 4, &s[i + 1].addr); |
9dcdc856 MW |
466 | fl |= F_DADDR; |
467 | } else if (strncmp(p, "sport=", 6) == 0) { | |
468 | s[i].port = atoi(p + 6); | |
469 | fl |= F_SPORT; | |
470 | } else if (strncmp(p, "dport=", 6) == 0) { | |
471 | s[i + 1].port = atoi(p + 6); | |
472 | fl |= F_DPORT; | |
473 | } | |
474 | if ((fl & F_ALL) == F_ALL) { | |
475 | fl &= ~F_ALL; | |
476 | if (i < 4) i += 2; | |
477 | else break; | |
478 | } | |
479 | } | |
480 | ||
2abfa393 | 481 | #ifdef DEBUG |
9dcdc856 | 482 | { |
c3794524 | 483 | /* Print the record we found. */ |
9dcdc856 MW |
484 | dstr dd = DSTR_INIT; |
485 | dstr_putf(&dd, "%sestab ", (fl & F_ESTAB) ? " " : "!"); | |
bf4d9761 | 486 | dputsock(&dd, q->ao, &s[0]); |
9dcdc856 | 487 | dstr_puts(&dd, "<->"); |
bf4d9761 | 488 | dputsock(&dd, q->ao, &s[1]); |
9dcdc856 | 489 | dstr_puts(&dd, " | "); |
bf4d9761 | 490 | dputsock(&dd, q->ao, &s[2]); |
9dcdc856 | 491 | dstr_puts(&dd, "<->"); |
bf4d9761 | 492 | dputsock(&dd, q->ao, &s[3]); |
9dcdc856 MW |
493 | printf("parsed: %s\n", dd.buf); |
494 | dstr_destroy(&dd); | |
495 | } | |
496 | #endif | |
497 | ||
c3794524 | 498 | /* If the connection isn't ESTABLISHED then skip it. */ |
9dcdc856 MW |
499 | if (!(fl & F_ESTAB)) continue; |
500 | ||
c3794524 MW |
501 | /* Now we try to piece together what's going on. One of these |
502 | * addresses will be us. So let's just try to find it. | |
503 | */ | |
9dcdc856 | 504 | for (i = 0; i < 4; i++) |
bf4d9761 | 505 | if (sockeq(q->ao, &s[i], &q->s[L])) goto found_local; |
9dcdc856 | 506 | continue; |
c3794524 | 507 | |
9dcdc856 | 508 | found_local: |
c3794524 MW |
509 | /* So address `i' is us. In that case, we expect the other address in |
510 | * the same direction, and the same address in the opposite direction, | |
511 | * to match each other and be the remote address in the query. | |
512 | */ | |
bf4d9761 MW |
513 | if (!sockeq(q->ao, &s[i^1], &s[i^2]) || |
514 | !sockeq(q->ao, &s[i^1], &q->s[R])) | |
9dcdc856 | 515 | continue; |
c3794524 | 516 | |
d817f2c3 MW |
517 | /* As a trap for the unwary, this file contains unhelpful entries which |
518 | * just mirror the source/destination addresses. If this is one of | |
519 | * those, we'll be stuck in a cycle talking to ourselves. | |
520 | */ | |
521 | if (sockeq(q->ao, &s[i], &s[i^3])) | |
522 | continue; | |
523 | ||
c3794524 MW |
524 | /* We win. The remaining address must be the client host. We should |
525 | * proxy this query. | |
526 | */ | |
9da480be MW |
527 | q->resp = R_NAT; |
528 | q->u.nat = s[i^3]; | |
9dcdc856 MW |
529 | goto done; |
530 | } | |
531 | ||
2a9b8d4a | 532 | /* Reached the end of the NAT file. */ |
b093b41d | 533 | if (ferror(natfp)) { |
2a9b8d4a | 534 | logmsg(q, LOG_ERR, "failed to read `/proc/net/nf_conntrack': %s", |
9dcdc856 MW |
535 | strerror(errno)); |
536 | goto err_unk; | |
537 | } | |
538 | } | |
539 | ||
c3794524 | 540 | /* We didn't find a match anywhere. How unfortunate. */ |
b093b41d | 541 | logmsg(q, LOG_NOTICE, "connection not found"); |
9da480be MW |
542 | q->resp = R_ERROR; |
543 | q->u.error = E_NOUSER; | |
9dcdc856 | 544 | goto done; |
c3794524 | 545 | |
9dcdc856 | 546 | err_unk: |
c3794524 MW |
547 | /* Something went wrong and the protocol can't express what. We should |
548 | * have logged what the problem actually was. | |
549 | */ | |
9da480be MW |
550 | q->resp = R_ERROR; |
551 | q->u.error = E_UNKNOWN; | |
c3794524 | 552 | |
9dcdc856 | 553 | done: |
c3794524 | 554 | /* All done. */ |
9dcdc856 | 555 | dstr_destroy(&d); |
60150b4c | 556 | if (fp) fclose(fp); |
9dcdc856 MW |
557 | } |
558 | ||
b2f74a8a MW |
559 | #undef NEXTFIELD |
560 | ||
c3794524 | 561 | /* Initialize the system-specific code. */ |
b093b41d MW |
562 | void init_sys(void) |
563 | { | |
af7ed5c7 | 564 | /* Open the NAT connection map. */ |
2a9b8d4a | 565 | if ((natfp = fopen("/proc/net/nf_conntrack", "r")) == 0 && |
b093b41d | 566 | errno != ENOENT) { |
2a9b8d4a | 567 | die(1, "failed to open `/proc/net/nf_conntrack' for reading: %s", |
b093b41d MW |
568 | strerror(errno)); |
569 | } | |
56e93c83 MW |
570 | |
571 | /* Open the random data source. */ | |
572 | if ((randfd = open("/dev/urandom", O_RDONLY)) < 0) { | |
573 | die(1, "failed to open `/dev/urandom' for reading: %s", | |
574 | strerror(errno)); | |
575 | } | |
b093b41d MW |
576 | } |
577 | ||
9dcdc856 | 578 | /*----- That's all, folks -------------------------------------------------*/ |