search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix lookup in udp
[netsniff-ng.git] / src / ct_server.c
blobd03ab4e165fde4e378b6675173204c171a72c90f
1 /*
2 * curvetun - the cipherspace wormhole creator
3 * Part of the netsniff-ng project
4 * By Daniel Borkmann <daniel@netsniff-ng.org>
5 * Copyright 2011 Daniel Borkmann <daniel@netsniff-ng.org>,
6 * Subject to the GPL.
7 */
8
9 #define _GNU_SOURCE
10 #include <stdio.h>
11 #include <stdlib.h>
12 #include <fcntl.h>
13 #include <errno.h>
14 #include <string.h>
15 #include <unistd.h>
16 #include <pthread.h>
17 #include <syslog.h>
18 #include <signal.h>
19 #include <netdb.h>
20 #include <stdint.h>
21 #include <netinet/in.h>
22 #include <netinet/tcp.h>
23 #include <netinet/udp.h>
24 #include <sys/poll.h>
25 #include <sys/types.h>
26 #include <sys/socket.h>
27 #include <sys/wait.h>
28 #include <sys/epoll.h>
29 #include <arpa/inet.h>
30
31 #include "die.h"
32 #include "netdev.h"
33 #include "write_or_die.h"
34 #include "psched.h"
35 #include "xmalloc.h"
36 #include "curvetun.h"
37 #include "compiler.h"
38 #include "deflate.h"
39 #include "cpusched.h"
40 #include "trie.h"
41
42 struct parent_info {
43 int efd;
44 int refd;
45 int tunfd;
46 int ipv4;
47 int udp;
48 };
49
50 struct worker_struct {
51 pthread_t trid;
52 int efd[2];
53 unsigned int cpu;
54 struct parent_info parent;
55 int (*handler)(int fd, const struct worker_struct *ws,
56 char *buff, size_t len);
57 };
58
59 static struct worker_struct *threadpool = NULL;
60
61 extern sig_atomic_t sigint;
62
63 static int handler_udp_tun_to_net(int fd, const struct worker_struct *ws,
64 char *buff, size_t len) __pure;
65 static int handler_udp_net_to_tun(int fd, const struct worker_struct *ws,
66 char *buff, size_t len) __pure;
67 static int handler_udp(int fd, const struct worker_struct *ws,
68 char *buff, size_t len) __pure;
69 static int handler_tcp_tun_to_net(int fd, const struct worker_struct *ws,
70 char *buff, size_t len) __pure;
71 static int handler_tcp_net_to_tun(int fd, const struct worker_struct *ws,
72 char *buff, size_t len) __pure;
73 static int handler_tcp(int fd, const struct worker_struct *ws,
74 char *buff, size_t len) __pure;
75 static void *worker(void *self) __pure;
76
77 static int handler_udp_tun_to_net(int fd, const struct worker_struct *ws,
78 char *buff, size_t len)
79 {
80 int dfd, state, keep = 1;
81 char *pbuff;
82 ssize_t rlen, err, plen;
83 struct ct_proto *hdr;
84 struct sockaddr_storage naddr;
85 socklen_t nlen;
86
87 errno = 0;
88 while ((rlen = read(fd, buff + sizeof(struct ct_proto),
89 len - sizeof(struct ct_proto))) > 0) {
90 dfd = -1;
91 nlen = 0;
92 memset(&naddr, 0, sizeof(naddr));
93
94 hdr = (struct ct_proto *) buff;
95 hdr->canary = htons(CANARY);
96 hdr->flags = 0;
97
98 trie_addr_lookup(buff + sizeof(struct ct_proto),
99 rlen - sizeof(struct ct_proto),
100 ws->parent.ipv4, &dfd, &naddr,
101 (size_t *) &nlen);
102
103 if (dfd < 0 || nlen == 0) {
104 syslog(LOG_INFO, "CPU%u: UDP tunnel lookup failed: "
105 "unknown destination\n", ws->cpu);
106 continue;
107 }
108
109 plen = z_deflate(buff + sizeof(struct ct_proto),
110 rlen - sizeof(struct ct_proto), &pbuff);
111 if (plen < 0) {
112 syslog(LOG_ERR, "CPU%u: UDP tunnel deflate error: %s\n",
113 ws->cpu, strerror(errno));
114 continue;
115 }
116
117 hdr->payload = htons((uint16_t) plen);
118
119 state = 1;
120 setsockopt(dfd, IPPROTO_UDP, UDP_CORK, &state, sizeof(state));
121
122 err = sendto(dfd, hdr, sizeof(struct ct_proto), 0,
123 (struct sockaddr *) &naddr, nlen);
124 if (err < 0)
125 syslog(LOG_ERR, "CPU%u: UDP tunnel write error: %s\n",
126 ws->cpu, strerror(errno));
127
128 err = sendto(dfd, pbuff, plen, 0, (struct sockaddr *) &naddr,
129 nlen);
130 if (err < 0)
131 syslog(LOG_ERR, "CPU%u: UDP tunnel write error: %s\n",
132 ws->cpu, strerror(errno));
133
134 state = 0;
135 setsockopt(dfd, IPPROTO_UDP, UDP_CORK, &state, sizeof(state));
136
137 errno = 0;
138 }
139
140 if (rlen < 0 && errno != EAGAIN)
141 syslog(LOG_ERR, "CPU%u: UDP tunnel read error: %s\n",
142 ws->cpu, strerror(errno));
143
144 return keep;
145 }
146
147 static void handler_udp_notify_close(int fd, struct sockaddr_storage *addr,
148 socklen_t len)
149 {
150 ssize_t err;
151 struct ct_proto hdr;
152
153 memset(&hdr, 0, sizeof(hdr));
154 hdr.flags |= PROTO_FLAG_EXIT;
155 hdr.payload = 0;
156 hdr.canary = htons(CANARY);
157
158 err = sendto(fd, &hdr, sizeof(hdr), 0, (struct sockaddr *) addr, len);
159 }
160
161 static int handler_udp_net_to_tun(int fd, const struct worker_struct *ws,
162 char *buff, size_t len)
163 {
164 int keep = 1;
165 char *pbuff;
166 ssize_t rlen, err, plen;
167 struct ct_proto *hdr;
168 struct sockaddr_storage naddr;
169 socklen_t nlen;
170
171 nlen = sizeof(naddr);
172 memset(&naddr, 0, sizeof(naddr));
173
174 errno = 0;
175 while ((rlen = recvfrom(fd, buff, len, 0, (struct sockaddr *) &naddr,
176 &nlen)) > 0) {
177 hdr = (struct ct_proto *) buff;
178
179 if (unlikely(rlen < sizeof(struct ct_proto)))
180 goto close;
181 if (unlikely(rlen - sizeof(*hdr) != ntohs(hdr->payload)))
182 goto close;
183 if (unlikely(ntohs(hdr->canary) != CANARY))
184 goto close;
185 if (unlikely(ntohs(hdr->payload) == 0))
186 goto close;
187 if (hdr->flags & PROTO_FLAG_EXIT) {
188 close:
189 trie_addr_remove_addr(&naddr, nlen);
190 handler_udp_notify_close(fd, &naddr, nlen);
191 nlen = sizeof(naddr);
192 memset(&naddr, 0, sizeof(naddr));
193 continue;
194 }
195
196 plen = z_inflate(buff + sizeof(struct ct_proto),
197 rlen - sizeof(struct ct_proto), &pbuff);
198 if (plen < 0) {
199 syslog(LOG_ERR, "CPU%u: UDP net inflate error: %s\n",
200 ws->cpu, strerror(errno));
201 goto next;
202 }
203
204 err = trie_addr_maybe_update(pbuff, plen, ws->parent.ipv4,
205 fd, &naddr, nlen);
206 if (err) {
207 syslog(LOG_INFO, "CPU%u: Malicious packet dropped "
208 "from id %d\n", ws->cpu, fd);
209 continue;
210 }
211
212 err = write(ws->parent.tunfd, pbuff, plen);
213 if (err < 0)
214 syslog(LOG_ERR, "CPU%u: UDP net write error: %s\n",
215 ws->cpu, strerror(errno));
216
217 next:
218 nlen = sizeof(naddr);
219 memset(&naddr, 0, sizeof(naddr));
220 errno = 0;
221 }
222
223 if (rlen < 0 && errno != EAGAIN)
224 syslog(LOG_ERR, "CPU%u: UDP net read error: %s\n",
225 ws->cpu, strerror(errno));
226
227 return keep;
228 }
229
230 static int handler_udp(int fd, const struct worker_struct *ws,
231 char *buff, size_t len)
232 {
233 int ret = 0;
234 if (fd == ws->parent.tunfd)
235 ret = handler_udp_tun_to_net(fd, ws, buff, len);
236 else
237 ret = handler_udp_net_to_tun(fd, ws, buff, len);
238 return ret;
239 }
240
241 static int handler_tcp_tun_to_net(int fd, const struct worker_struct *ws,
242 char *buff, size_t len)
243 {
244 int dfd, state, keep = 1;
245 char *pbuff;
246 ssize_t rlen, err, plen;
247 struct ct_proto *hdr;
248 socklen_t nlen;
249
250 errno = 0;
251 while ((rlen = read(fd, buff + sizeof(struct ct_proto),
252 len - sizeof(struct ct_proto))) > 0) {
253 dfd = -1;
254
255 hdr = (struct ct_proto *) buff;
256 hdr->canary = htons(CANARY);
257 hdr->flags = 0;
258
259 trie_addr_lookup(buff + sizeof(struct ct_proto),
260 rlen - sizeof(struct ct_proto),
261 ws->parent.ipv4, &dfd, NULL,
262 (size_t *) &nlen);
263
264 if (dfd < 0) {
265 syslog(LOG_INFO, "CPU%u: TCP tunnel lookup failed: "
266 "unknown destination\n", ws->cpu);
267 continue;
268 }
269
270 plen = z_deflate(buff + sizeof(struct ct_proto),
271 rlen - sizeof(struct ct_proto), &pbuff);
272 if (plen < 0) {
273 syslog(LOG_ERR, "CPU%u: TCP tunnel deflate error: %s\n",
274 ws->cpu, strerror(errno));
275 continue;
276 }
277
278 hdr->payload = htons((uint16_t) plen);
279
280 state = 1;
281 setsockopt(dfd, IPPROTO_TCP, TCP_CORK, &state, sizeof(state));
282
283 err = write_exact(dfd, hdr, sizeof(struct ct_proto), 0);
284 if (err < 0)
285 syslog(LOG_ERR, "CPU%u: TCP tunnel write error: %s\n",
286 ws->cpu, strerror(errno));
287
288 err = write_exact(dfd, pbuff, plen, 0);
289 if (err < 0)
290 syslog(LOG_ERR, "CPU%u: TCP tunnel write error: %s\n",
291 ws->cpu, strerror(errno));
292
293 state = 0;
294 setsockopt(dfd, IPPROTO_TCP, TCP_CORK, &state, sizeof(state));
295
296 errno = 0;
297 }
298
299 if (rlen < 0 && errno != EAGAIN)
300 syslog(LOG_ERR, "CPU%u: TCP tunnel read error: %s\n",
301 ws->cpu, strerror(errno));
302
303 return keep;
304 }
305
306 ssize_t handler_tcp_read(int fd, char *buff, size_t len)
307 {
308 ssize_t rlen;
309 struct ct_proto *hdr = (struct ct_proto *) buff;
310
311 /* May exit on EAGAIN if 0 Byte read */
312 rlen = read_exact(fd, buff, sizeof(struct ct_proto), 1);
313 if (rlen < 0)
314 return rlen;
315
316 /* May not exit on EAGAIN if 0 Byte read */
317 rlen = read_exact(fd, buff + sizeof(struct ct_proto),
318 ntohs(hdr->payload), 0);
319 if (rlen < 0)
320 return rlen;
321
322 return sizeof(struct ct_proto) + rlen;
323 }
324
325 static void handler_tcp_notify_close(int fd)
326 {
327 ssize_t err;
328 struct ct_proto hdr;
329
330 memset(&hdr, 0, sizeof(hdr));
331 hdr.flags |= PROTO_FLAG_EXIT;
332 hdr.payload = 0;
333 hdr.canary = htons(CANARY);
334
335 err = write(fd, &hdr, sizeof(hdr));
336 }
337
338 static int handler_tcp_net_to_tun(int fd, const struct worker_struct *ws,
339 char *buff, size_t len)
340 {
341 int keep = 1, count = 0;
342 char *pbuff;
343 ssize_t rlen, err, plen;
344 struct ct_proto *hdr;
345 uint64_t fd64;
346
347 errno = 0;
348 while ((rlen = handler_tcp_read(fd, buff, len)) > 0) {
349 hdr = (struct ct_proto *) buff;
350
351 if (unlikely(rlen < sizeof(struct ct_proto)))
352 goto close;
353 if (unlikely(rlen - sizeof(*hdr) != ntohs(hdr->payload)))
354 goto close;
355 if (unlikely(ntohs(hdr->canary) != CANARY))
356 goto close;
357 if (unlikely(ntohs(hdr->payload) == 0))
358 goto close;
359 if (hdr->flags & PROTO_FLAG_EXIT) {
360 close:
361 fd64 = fd;
362 trie_addr_remove(fd);
363 handler_tcp_notify_close(fd);
364 rlen = write(ws->parent.efd, &fd64, sizeof(fd64));
365 if (rlen != sizeof(fd64))
366 syslog(LOG_ERR, "CPU%u: TCP event write error: %s\n",
367 ws->cpu, strerror(errno));
368 keep = 0;
369 return keep;
370 }
371
372 plen = z_inflate(buff + sizeof(struct ct_proto),
373 rlen - sizeof(struct ct_proto), &pbuff);
374 if (plen < 0) {
375 syslog(LOG_ERR, "CPU%u: TCP net inflate error: %s\n",
376 ws->cpu, strerror(errno));
377 continue;
378 }
379
380 err = trie_addr_maybe_update(pbuff, plen, ws->parent.ipv4,
381 fd, NULL, 0);
382 if (err) {
383 syslog(LOG_INFO, "CPU%u: Malicious packet dropped "
384 "from id %d\n", ws->cpu, fd);
385 continue;
386 }
387
388 err = write(ws->parent.tunfd, pbuff, plen);
389 if (err < 0)
390 syslog(LOG_ERR, "CPU%u: TCP net write error: %s\n",
391 ws->cpu, strerror(errno));
392
393 count++;
394 if (count == 10) {
395 err = write_exact(ws->efd[1], &fd, sizeof(fd), 1);
396 if (err != sizeof(fd))
397 syslog(LOG_ERR, "CPU%u: TCP net put fd back in "
398 "pipe error: %s\n", ws->cpu, strerror(errno));
399 return keep;
400 }
401
402 errno = 0;
403 }
404
405 if (rlen < 0 && errno != EAGAIN && errno != EBADF)
406 syslog(LOG_ERR, "CPU%u: TCP net read error: %s\n",
407 ws->cpu, strerror(errno));
408
409 return keep;
410 }
411
412 static int handler_tcp(int fd, const struct worker_struct *ws,
413 char *buff, size_t len)
414 {
415 int ret = 0;
416 if (fd == ws->parent.tunfd)
417 ret = handler_tcp_tun_to_net(fd, ws, buff, len);
418 else
419 ret = handler_tcp_net_to_tun(fd, ws, buff, len);
420 return ret;
421 }
422
423 static void *worker(void *self)
424 {
425 int fd, old_state;
426 ssize_t ret;
427 size_t blen = TUNBUFF_SIZ; //FIXME
428 const struct worker_struct *ws = self;
429 struct pollfd fds;
430 char *buff;
431
432 fds.fd = ws->efd[0];
433 fds.events = POLLIN;
434
435 buff = xmalloc(blen);
436 syslog(LOG_INFO, "curvetun thread on CPU%u up!\n", ws->cpu);
437 pthread_cleanup_push(xfree, buff);
438
439 while (likely(!sigint)) {
440 poll(&fds, 1, -1);
441 if ((fds.revents & POLLIN) != POLLIN)
442 continue;
443 pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &old_state);
444 while ((ret = read_exact(ws->efd[0], &fd, sizeof(fd), 1)) > 0) {
445 if (ret != sizeof(fd)) {
446 syslog(LOG_ERR, "CPU%u: Thread could not read "
447 "event descriptor!\n", ws->cpu);
448 sched_yield();
449 continue;
450 }
451
452 ret = ws->handler(fd, ws, buff, blen);
453 if (ret) {
454 ret = write_exact(ws->parent.refd, &fd, sizeof(fd), 1);
455 if (ret != sizeof(fd))
456 syslog(LOG_ERR, "CPU%u: Retriggering failed: "
457 "%s\n", ws->cpu, strerror(errno));
458 }
459 }
460 pthread_setcancelstate(old_state, NULL);
461 }
462
463 syslog(LOG_INFO, "curvetun thread on CPU%u down!\n", ws->cpu);
464 pthread_cleanup_pop(1);
465 pthread_exit((void *) ((long) ws->cpu));
466 }
467
468 static void thread_spawn_or_panic(unsigned int cpus, int efd, int refd,
469 int tunfd, int ipv4, int udp)
470 {
471 int i, ret;
472 cpu_set_t cpuset;
473 unsigned int threads;
474
475 threads = cpus * THREADS_PER_CPU;
476 for (i = 0; i < threads; ++i) {
477 CPU_ZERO(&cpuset);
478 threadpool[i].cpu = i % cpus;
479 CPU_SET(threadpool[i].cpu, &cpuset);
480
481 ret = pipe2(threadpool[i].efd, O_NONBLOCK);
482 if (ret < 0)
483 panic("Cannot create event socket!\n");
484
485 threadpool[i].parent.efd = efd;
486 threadpool[i].parent.refd = refd;
487 threadpool[i].parent.tunfd = tunfd;
488 threadpool[i].parent.ipv4 = ipv4;
489 threadpool[i].parent.udp = udp;
490 threadpool[i].handler = udp ? handler_udp : handler_tcp;
491
492 ret = pthread_create(&threadpool[i].trid, NULL,
493 worker, &threadpool[i]);
494 if (ret < 0)
495 panic("Thread creation failed!\n");
496
497 ret = pthread_setaffinity_np(threadpool[i].trid,
498 sizeof(cpu_set_t), &cpuset);
499 if (ret < 0)
500 panic("Thread CPU migration failed!\n");
501
502 pthread_detach(threadpool[i].trid);
503 }
504
505 sleep(1);
506 }
507
508 static void thread_finish(unsigned int cpus)
509 {
510 int i, ret;
511 unsigned int threads;
512
513 threads = cpus * THREADS_PER_CPU;
514 for (i = 0; i < threads; ++i) {
515 ret = pthread_join(threadpool[i].trid, NULL);
516 if (ret < 0)
517 continue;
518 close(threadpool[i].efd[0]);
519 close(threadpool[i].efd[1]);
520 }
521 }
522
523 int server_main(int port, int udp, int lnum)
524 {
525 int lfd = -1, kdpfd, nfds, nfd, curfds, efd[2], refd[2], tunfd;
526 int ipv4 = 0, i;
527 unsigned int cpus = 0, threads;
528 ssize_t ret;
529 struct epoll_event ev, *events;
530 struct addrinfo hints, *ahead, *ai;
531
532 openlog("curvetun", LOG_PID | LOG_CONS | LOG_NDELAY, LOG_DAEMON);
533 syslog(LOG_INFO, "curvetun server booting!\n");
534
535 ret = z_alloc_or_maybe_die(Z_DEFAULT_COMPRESSION);
536 if (ret < 0)
537 panic("Cannot init zLib!\n");
538
539 memset(&hints, 0, sizeof(hints));
540 hints.ai_family = PF_UNSPEC;
541 hints.ai_socktype = udp ? SOCK_DGRAM : SOCK_STREAM;
542 hints.ai_protocol = udp ? IPPROTO_UDP : IPPROTO_TCP;
543 hints.ai_flags = AI_PASSIVE;
544
545 ret = getaddrinfo(NULL, "6666", &hints, &ahead);
546 if (ret < 0)
547 panic("Cannot get address info!\n");
548
549 for (ai = ahead; ai != NULL && lfd < 0; ai = ai->ai_next) {
550 lfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
551 if (lfd < 0)
552 continue;
553 if (ai->ai_family == AF_INET6) {
554 int one = 1;
555 #ifdef IPV6_V6ONLY
556 ret = setsockopt(lfd, IPPROTO_IPV6, IPV6_V6ONLY,
557 &one, sizeof(one));
558 if (ret < 0) {
559 close(lfd);
560 lfd = -1;
561 continue;
562 }
563 #else
564 close(lfd);
565 lfd = -1;
566 continue;
567 #endif /* IPV6_V6ONLY */
568 }
569 set_reuseaddr(lfd);
570 ret = bind(lfd, ai->ai_addr, ai->ai_addrlen);
571 if (ret < 0) {
572 close(lfd);
573 lfd = -1;
574 continue;
575 }
576 if (!udp) {
577 ret = listen(lfd, 5);
578 if (ret < 0) {
579 close(lfd);
580 lfd = -1;
581 continue;
582 }
583 }
584 ipv4 = (ai->ai_family == AF_INET6 ? 0 :
585 (ai->ai_family == AF_INET ? 1 : -1));
586 syslog(LOG_INFO, "curvetun on IPv%d via %s!\n",
587 ipv4 ? 4 : 6, udp ? "UDP" : "TCP");
588 }
589
590 freeaddrinfo(ahead);
591 if (lfd < 0 || ipv4 < 0)
592 panic("Cannot create socket!\n");
593
594 tunfd = tun_open_or_die(DEVNAME_SERVER);
595
596 ret = pipe2(efd, O_NONBLOCK);
597 if (ret < 0)
598 panic("Cannot create parent event fd!\n");
599
600 ret = pipe2(refd, O_NONBLOCK);
601 if (ret < 0)
602 panic("Cannot create parent (r)event fd!\n");
603
604 set_nonblocking(lfd);
605
606 events = xzmalloc(MAX_EPOLL_SIZE * sizeof(*events));
607 for (i = 0; i < MAX_EPOLL_SIZE; ++i)
608 events[i].data.fd = -1;
609
610 kdpfd = epoll_create(MAX_EPOLL_SIZE);
611 if (kdpfd < 0)
612 panic("Cannot create socket!\n");
613
614 memset(&ev, 0, sizeof(ev));
615 ev.events = udp ? EPOLLIN | EPOLLET | EPOLLONESHOT : EPOLLIN;
616 ev.data.fd = lfd;
617 ret = epoll_ctl(kdpfd, EPOLL_CTL_ADD, lfd, &ev);
618 if (ret < 0)
619 panic("Cannot add socket for epoll!\n");
620
621 memset(&ev, 0, sizeof(ev));
622 ev.events = EPOLLIN;
623 ev.data.fd = efd[0];
624 ret = epoll_ctl(kdpfd, EPOLL_CTL_ADD, efd[0], &ev);
625 if (ret < 0)
626 panic("Cannot add socket for events!\n");
627
628 memset(&ev, 0, sizeof(ev));
629 ev.events = EPOLLIN;
630 ev.data.fd = refd[0];
631 ret = epoll_ctl(kdpfd, EPOLL_CTL_ADD, refd[0], &ev);
632 if (ret < 0)
633 panic("Cannot add socket for (r)events!\n");
634
635 memset(&ev, 0, sizeof(ev));
636 ev.events = EPOLLIN | EPOLLET | EPOLLONESHOT;
637 ev.data.fd = tunfd;
638 ret = epoll_ctl(kdpfd, EPOLL_CTL_ADD, tunfd, &ev);
639 if (ret < 0)
640 panic("Cannot add socket for tundev!\n");
641
642 curfds = 4;
643
644 trie_init();
645
646 cpus = get_number_cpus_online();
647 threads = cpus * THREADS_PER_CPU;
648 if (!((threads != 0) && ((threads & (threads - 1)) == 0)))
649 panic("thread number not power of two!\n");
650 threadpool = xzmalloc(sizeof(*threadpool) * threads);
651 thread_spawn_or_panic(cpus, efd[1], refd[1], tunfd, ipv4, udp);
652
653 init_cpusched(threads, MAX_EPOLL_SIZE);
654 register_socket(tunfd);
655 register_socket(lfd);
656
657 syslog(LOG_INFO, "tunnel id: %d, listener id: %d\n", tunfd, lfd);
658 syslog(LOG_INFO, "curvetun up and running!\n");
659
660 while (likely(!sigint)) {
661 nfds = epoll_wait(kdpfd, events, curfds, -1);
662 if (nfds < 0) {
663 syslog(LOG_ERR, "epoll_wait error: %s\n",
664 strerror(errno));
665 break;
666 }
667
668 for (i = 0; i < nfds; ++i) {
669 if (unlikely(events[i].data.fd < 0))
670 continue;
671 if (events[i].data.fd == lfd && !udp) {
672 int one, ncpu;
673 char hbuff[256], sbuff[256];
674 struct sockaddr_storage taddr;
675 socklen_t tlen;
676
677 tlen = sizeof(taddr);
678 nfd = accept(lfd, (struct sockaddr *) &taddr,
679 &tlen);
680 if (nfd < 0) {
681 syslog(LOG_ERR, "accept error: %s\n",
682 strerror(errno));
683 continue;
684 }
685
686 if (curfds + 1 > MAX_EPOLL_SIZE) {
687 close(nfd);
688 continue;
689 }
690
691 curfds++;
692 ncpu = register_socket(nfd);
693
694 memset(hbuff, 0, sizeof(hbuff));
695 memset(sbuff, 0, sizeof(sbuff));
696
697 getnameinfo((struct sockaddr *) &taddr, tlen,
698 hbuff, sizeof(hbuff),
699 sbuff, sizeof(sbuff),
700 NI_NUMERICHOST | NI_NUMERICSERV);
701
702 syslog(LOG_INFO, "New connection from %s:%s "
703 "with id %d on CPU%d, %d active!\n",
704 hbuff, sbuff, nfd, ncpu, curfds);
705
706 set_nonblocking(nfd);
707
708 one = 1;
709 setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE,
710 &one, sizeof(one));
711 one = 1;
712 setsockopt(nfd, IPPROTO_TCP, TCP_NODELAY,
713 &one, sizeof(one));
714
715 memset(&ev, 0, sizeof(ev));
716 ev.events = EPOLLIN | EPOLLET | EPOLLONESHOT;
717 ev.data.fd = nfd;
718 ret = epoll_ctl(kdpfd, EPOLL_CTL_ADD, nfd, &ev);
719 if (ret < 0) {
720 syslog(LOG_ERR, "Epoll ctl add error"
721 "on id %d: %s\n", nfd,
722 strerror(errno));
723 close(nfd);
724 curfds--;
725 continue;
726 }
727 } else if (events[i].data.fd == refd[0]) {
728 int fd_one;
729
730 ret = read_exact(refd[0], &fd_one, sizeof(fd_one), 1);
731 if (ret != sizeof(fd_one) || fd_one <= 0)
732 continue;
733
734 memset(&ev, 0, sizeof(ev));
735 ev.events = EPOLLIN | EPOLLET | EPOLLONESHOT;
736 ev.data.fd = fd_one;
737 ret = epoll_ctl(kdpfd, EPOLL_CTL_MOD, fd_one, &ev);
738 if (ret < 0) {
739 syslog(LOG_ERR, "Epoll ctl mod "
740 "error on id %d: %s\n",
741 fd_one, strerror(errno));
742 close(fd_one);
743 continue;
744 }
745 } else if (events[i].data.fd == efd[0]) {
746 int fd_del, test;
747
748 ret = read_exact(efd[0], &fd_del, sizeof(fd_del), 1);
749 if (ret != sizeof(fd_del) || fd_del <= 0)
750 continue;
751
752 ret = read(fd_del, &test, sizeof(test));
753 if (ret < 0 && errno == EBADF)
754 continue;
755
756 ret = epoll_ctl(kdpfd, EPOLL_CTL_DEL, fd_del, &ev);
757 if (ret < 0) {
758 syslog(LOG_ERR, "Epoll ctl del "
759 "error on id %d: %s\n",
760 fd_del, strerror(errno));
761 close(fd_del);
762 continue;
763 }
764 close(fd_del);
765 curfds--;
766 unregister_socket(fd_del);
767
768 syslog(LOG_INFO, "Closed connection with "
769 "id %d, %d active!\n",
770 fd_del, curfds);
771 } else {
772 int cpu, fd_work = events[i].data.fd;
773 cpu = socket_to_cpu(fd_work);
774
775 ret = write_exact(threadpool[cpu].efd[1],
776 &fd_work, sizeof(fd_work), 1);
777 if (ret != sizeof(fd_work))
778 syslog(LOG_ERR, "Write error on event "
779 "dispatch: %s\n", strerror(errno));
780 }
781 }
782 }
783
784 syslog(LOG_INFO, "curvetun prepare shut down!\n");
785
786 close(lfd);
787 close(efd[0]);
788 close(efd[1]);
789 close(refd[0]);
790 close(refd[1]);
791 close(tunfd);
792
793 thread_finish(cpus);
794 xfree(threadpool);
795 xfree(events);
796
797 unregister_socket(lfd);
798 unregister_socket(tunfd);
799 destroy_cpusched();
800 trie_cleanup();
801 z_free();
802
803 syslog(LOG_INFO, "curvetun shut down!\n");
804 closelog();
805
806 return 0;
807 }
808
netsniff-ng toolkit, the packet sniffing beast, staging tree