2 * Copyright (c) 2008 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * vknet [-cdU] [-b bridgeN] [-p socket_path] [-t tapN] [address/cidrbits]
38 * Create a named unix-domain socket which userland vkernels can open
39 * to gain access to a local network. All connections to the socket
40 * are bridged together and the local network can also be bridged onto
41 * a TAP interface by specifying the -t option.
46 static ioinfo_t
vknet_tap(const char *tapName
, const char *bridgeName
);
47 static int vknet_listener(const char *pathName
);
48 static void vknet_acceptor(int net_fd
);
49 static void *vknet_io(void *arg
);
50 static int vknet_connect(const char *pathName
);
51 static void vknet_monitor(int net_fd
);
52 static void usage(void) __dead2
;
53 static void writepid(void);
54 static void cleanup(int);
56 pthread_mutex_t BridgeMutex
;
58 static int DebugOpt
= 0;
59 static int SetAddrOpt
= 0;
60 static const char *pidfile
= "/var/run/vknetd.pid";
63 struct in_addr NetAddress
;
64 struct in_addr NetMask
;
67 main(int ac
, char **av
)
69 const char *pathName
= "/var/run/vknet";
70 const char *tapName
= "auto";
71 const char *bridgeName
= NULL
;
78 while ((c
= getopt(ac
, av
, "b:cdp:i:t:U")) != -1) {
111 * Ignore SIGPIPE to prevent write() races against disconnecting
112 * clients from killing vknetd. Should be inherited by all I/O
115 signal(SIGPIPE
, SIG_IGN
);
118 * Special connect/debug mode
121 net_fd
= vknet_connect(pathName
);
126 vknet_monitor(net_fd
);
131 * In secure mode (the default), a network address/mask must be
132 * specified. e.g. 10.1.0.0/16. Any traffic going out the TAP
133 * interface will be filtered.
135 * If non-secure mode the network address/mask is optional.
137 if (SecureOpt
|| SetAddrOpt
) {
142 if (ac
== 0 || strchr(av
[0], '/') == NULL
)
145 if (inet_pton(AF_INET
, strtok(str
, "/"), &NetAddress
) <= 0)
147 masklen
= strtoul(strtok(NULL
, "/"), NULL
, 10);
148 mask
= (1 << (32 - masklen
)) - 1;
149 NetMask
.s_addr
= htonl(~mask
);
153 * Normal operation, create the tap/bridge and listener. This
154 * part is not threaded.
158 if ((tap_info
= vknet_tap(tapName
, bridgeName
)) == NULL
) {
162 if ((net_fd
= vknet_listener(pathName
)) < 0) {
163 perror("listener: ");
168 * Now make us a demon and start the threads going.
175 signal(SIGINT
, cleanup
);
176 signal(SIGHUP
, cleanup
);
177 signal(SIGTERM
, cleanup
);
178 if (tap_info
&& tap_info
->fd
>= 0) {
180 ioctl(tap_info
->fd
, FIOSETOWN
, &pid
);
183 pthread_mutex_init(&BridgeMutex
, NULL
);
184 pthread_create(&dummy_td
, NULL
, vknet_io
, tap_info
);
185 vknet_acceptor(net_fd
);
190 #define TAPDEV_MINOR(x) ((int)((x) & 0xffff00ff))
193 vknet_tap(const char *tapName
, const char *bridgeName
)
196 struct ifaliasreq ifra
;
205 if (strcmp(tapName
, "auto") == 0) {
206 tap_fd
= open("/dev/tap", O_RDWR
);
207 } else if (strncmp(tapName
, "tap", 3) == 0) {
208 asprintf(&buf
, "/dev/%s", tapName
);
209 tap_fd
= open(buf
, O_RDWR
| O_NONBLOCK
);
212 tap_fd
= open(tapName
, O_RDWR
| O_NONBLOCK
);
218 * Figure out the tap unit number
220 if (fstat(tap_fd
, &st
) < 0) {
224 tap_unit
= TAPDEV_MINOR(st
.st_rdev
);
227 * Output the tap interface before detaching for any script
228 * that might be using vknetd.
230 printf("/dev/tap%d\n", tap_unit
);
236 fcntl(tap_fd
, F_SETFL
, 0);
237 bzero(&ifr
, sizeof(ifr
));
238 bzero(&ifra
, sizeof(ifra
));
239 snprintf(ifr
.ifr_name
, sizeof(ifr
.ifr_name
), "tap%d", tap_unit
);
240 snprintf(ifra
.ifra_name
, sizeof(ifra
.ifra_name
), "tap%d", tap_unit
);
242 s
= socket(AF_INET
, SOCK_DGRAM
, 0);
245 * Set the interface address if in Secure mode.
248 struct sockaddr_in
*in
;
250 in
= (void *)&ifra
.ifra_addr
;
251 in
->sin_family
= AF_INET
;
252 in
->sin_len
= sizeof(ifra
.ifra_addr
);
253 in
->sin_addr
= NetAddress
;
254 in
= (void *)&ifra
.ifra_mask
;
255 in
->sin_family
= AF_INET
;
256 in
->sin_len
= sizeof(ifra
.ifra_mask
);
257 in
->sin_addr
= NetMask
;
258 if (ioctl(s
, SIOCAIFADDR
, &ifra
) < 0) {
259 perror("Unable to set address on tap interface");
265 * Turn up the interface
268 if (ioctl(s
, SIOCGIFFLAGS
, &ifr
) >= 0) {
269 bzero(&ifr
, sizeof(ifr
));
270 snprintf(ifr
.ifr_name
, sizeof(ifr
.ifr_name
), "tap%d", tap_unit
);
271 ifr
.ifr_flags
|= flags
& 0xFFFF;
272 ifr
.ifr_flagshigh
|= flags
>> 16;
273 if (ioctl(s
, SIOCSIFFLAGS
, &ifr
) < 0) {
274 perror("Unable to set IFF_UP on tap interface");
284 * Create the bridge if necessary.
286 bzero(&ifr
, sizeof(ifr
));
287 snprintf(ifr
.ifr_name
, sizeof(ifr
.ifr_name
), "%s", bridgeName
);
288 if (ioctl(s
, SIOCIFCREATE
, &ifr
) < 0) {
289 if (errno
!= EEXIST
) {
290 perror("Unable to create bridge interface");
296 * Add the tap interface to the bridge
298 bzero(&ifbr
, sizeof(ifbr
));
299 snprintf(ifbr
.ifbr_ifsname
, sizeof(ifbr
.ifbr_ifsname
),
302 bzero(&ifd
, sizeof(ifd
));
303 snprintf(ifd
.ifd_name
, sizeof(ifd
.ifd_name
), "%s", bridgeName
);
304 ifd
.ifd_cmd
= BRDGADD
;
305 ifd
.ifd_len
= sizeof(ifbr
);
306 ifd
.ifd_data
= &ifbr
;
308 if (ioctl(s
, SIOCSDRVSPEC
, &ifd
) < 0) {
309 if (errno
!= EEXIST
) {
310 perror("Unable to add tap ifc to bridge!");
317 info
= malloc(sizeof(*info
));
318 bzero(info
, sizeof(*info
));
327 vknet_listener(const char *pathName
)
329 struct sockaddr_un sunx
;
336 * Group access to our named unix domain socket.
338 if ((grp
= getgrnam("vknet")) == NULL
) {
339 fprintf(stderr
, "The 'vknet' group must exist\n");
348 snprintf(sunx
.sun_path
, sizeof(sunx
.sun_path
), "%s", pathName
);
349 len
= offsetof(struct sockaddr_un
, sun_path
[strlen(sunx
.sun_path
)]);
350 ++len
; /* include nul */
351 sunx
.sun_family
= AF_UNIX
;
354 net_fd
= socket(AF_UNIX
, SOCK_SEQPACKET
, 0);
358 if (bind(net_fd
, (void *)&sunx
, len
) < 0) {
362 if (listen(net_fd
, 1024) < 0) {
366 if (chown(pathName
, (uid_t
)-1, gid
) < 0) {
370 if (chmod(pathName
, 0660) < 0) {
378 vknet_acceptor(int net_fd
)
380 struct sockaddr_un sunx
;
387 sunx_len
= sizeof(sunx
);
388 rfd
= accept(net_fd
, (void *)&sunx
, &sunx_len
);
391 info
= malloc(sizeof(*info
));
392 bzero(info
, sizeof(*info
));
395 pthread_create(&dummy_td
, NULL
, vknet_io
, info
);
400 * This I/O thread implements the core of the bridging code.
410 pthread_detach(pthread_self());
413 * Assign as a bridge slot using our thread id.
415 pthread_mutex_lock(&BridgeMutex
);
416 bridge
= bridge_add(info
);
417 pthread_mutex_unlock(&BridgeMutex
);
420 * Read packet loop. Writing is handled by the bridge code.
422 pkt
= malloc(MAXPKT
);
423 while ((bytes
= read(info
->fd
, pkt
, MAXPKT
)) > 0) {
424 pthread_mutex_lock(&BridgeMutex
);
425 bridge_packet(bridge
, pkt
, bytes
);
426 pthread_mutex_unlock(&BridgeMutex
);
432 pthread_mutex_lock(&BridgeMutex
);
434 pthread_mutex_unlock(&BridgeMutex
);
445 vknet_connect(const char *pathName
)
447 struct sockaddr_un sunx
;
451 snprintf(sunx
.sun_path
, sizeof(sunx
.sun_path
), "%s", pathName
);
452 len
= offsetof(struct sockaddr_un
, sun_path
[strlen(sunx
.sun_path
)]);
453 ++len
; /* include nul */
454 sunx
.sun_family
= AF_UNIX
;
457 net_fd
= socket(AF_UNIX
, SOCK_SEQPACKET
, 0);
460 if (connect(net_fd
, (void *)&sunx
, len
) < 0) {
468 vknet_monitor(int net_fd
)
474 pkt
= malloc(MAXPKT
);
475 while ((bytes
= read(net_fd
, pkt
, MAXPKT
)) > 0) {
476 printf("%02x:%02x:%02x:%02x:%02x:%02x <- "
477 "%02x:%02x:%02x:%02x:%02x:%02x",
478 pkt
[0], pkt
[1], pkt
[2], pkt
[3], pkt
[4], pkt
[5],
479 pkt
[6], pkt
[7], pkt
[8], pkt
[9], pkt
[10], pkt
[11]);
480 for (i
= 12; i
< bytes
; ++i
) {
481 if (((i
- 12) & 15) == 0) {
484 printf(" %02x", pkt
[i
]);
499 if ((pf
= fopen(pidfile
, "w+")) == NULL
)
500 errx(1, "Failed to create pidfile %s", pidfile
);
502 if ((fprintf(pf
, "%d\n", getpid())) < 1)
509 cleanup(int __unused sig
)
519 "usage: vknet [-cdU] [-b bridgeN] [-p socket_path]\n"
520 " [-i pidfile] [-t tapN] [address/cidrbits]\n"
522 "address/cidrbits must be specified in default secure mode.\n");