search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dropbear 2016.73
[tomato.git] / release / src / router / dropbear / netio.c
blob6c13a0067578d9c35679d0a45bc418aa28014d45
1 #include "netio.h"
2 #include "list.h"
3 #include "dbutil.h"
4 #include "session.h"
5 #include "debug.h"
6
7 struct dropbear_progress_connection {
8 struct addrinfo *res;
9 struct addrinfo *res_iter;
10
11 char *remotehost, *remoteport; /* For error reporting */
12
13 connect_callback cb;
14 void *cb_data;
15
16 struct Queue *writequeue; /* A queue of encrypted packets to send with TCP fastopen,
17 or NULL. */
18
19 int sock;
20
21 char* errstring;
22 };
23
24 /* Deallocate a progress connection. Removes from the pending list if iter!=NULL.
25 Does not close sockets */
26 static void remove_connect(struct dropbear_progress_connection *c, m_list_elem *iter) {
27 if (c->res) {
28 freeaddrinfo(c->res);
29 }
30 m_free(c->remotehost);
31 m_free(c->remoteport);
32 m_free(c->errstring);
33 m_free(c);
34
35 if (iter) {
36 list_remove(iter);
37 }
38 }
39
40 static void cancel_callback(int result, int sock, void* UNUSED(data), const char* UNUSED(errstring)) {
41 if (result == DROPBEAR_SUCCESS)
42 {
43 m_close(sock);
44 }
45 }
46
47 void cancel_connect(struct dropbear_progress_connection *c) {
48 c->cb = cancel_callback;
49 c->cb_data = NULL;
50 }
51
52 static void connect_try_next(struct dropbear_progress_connection *c) {
53 struct addrinfo *r;
54 int res = 0;
55 int fastopen = 0;
56 #ifdef DROPBEAR_CLIENT_TCP_FAST_OPEN
57 struct msghdr message;
58 #endif
59
60 for (r = c->res_iter; r; r = r->ai_next)
61 {
62 dropbear_assert(c->sock == -1);
63
64 c->sock = socket(c->res_iter->ai_family, c->res_iter->ai_socktype, c->res_iter->ai_protocol);
65 if (c->sock < 0) {
66 continue;
67 }
68
69 ses.maxfd = MAX(ses.maxfd, c->sock);
70 set_sock_nodelay(c->sock);
71 setnonblocking(c->sock);
72
73 #ifdef DROPBEAR_CLIENT_TCP_FAST_OPEN
74 fastopen = (c->writequeue != NULL);
75
76 if (fastopen) {
77 memset(&message, 0x0, sizeof(message));
78 message.msg_name = r->ai_addr;
79 message.msg_namelen = r->ai_addrlen;
80 /* 6 is arbitrary, enough to hold initial packets */
81 unsigned int iovlen = 6; /* Linux msg_iovlen is a size_t */
82 struct iovec iov[6];
83 packet_queue_to_iovec(c->writequeue, iov, &iovlen);
84 message.msg_iov = iov;
85 message.msg_iovlen = iovlen;
86 res = sendmsg(c->sock, &message, MSG_FASTOPEN);
87 /* Returns EINPROGRESS if FASTOPEN wasn't available */
88 if (res < 0) {
89 if (errno != EINPROGRESS) {
90 m_free(c->errstring);
91 c->errstring = m_strdup(strerror(errno));
92 /* Not entirely sure which kind of errors are normal - 2.6.32 seems to
93 return EPIPE for any (nonblocking?) sendmsg(). just fall back */
94 TRACE(("sendmsg tcp_fastopen failed, falling back. %s", strerror(errno)));
95 /* No kernel MSG_FASTOPEN support. Fall back below */
96 fastopen = 0;
97 /* Set to NULL to avoid trying again */
98 c->writequeue = NULL;
99 }
100 } else {
101 packet_queue_consume(c->writequeue, res);
102 }
103 }
104 #endif
105
106 /* Normal connect(), used as fallback for TCP fastopen too */
107 if (!fastopen) {
108 res = connect(c->sock, r->ai_addr, r->ai_addrlen);
109 }
110
111 if (res < 0 && errno != EINPROGRESS) {
112 /* failure */
113 m_free(c->errstring);
114 c->errstring = m_strdup(strerror(errno));
115 close(c->sock);
116 c->sock = -1;
117 continue;
118 } else {
119 /* new connection was successful, wait for it to complete */
120 break;
121 }
122 }
123
124 if (r) {
125 c->res_iter = r->ai_next;
126 } else {
127 c->res_iter = NULL;
128 }
129 }
130
131 /* Connect via TCP to a host. */
132 struct dropbear_progress_connection *connect_remote(const char* remotehost, const char* remoteport,
133 connect_callback cb, void* cb_data)
134 {
135 struct dropbear_progress_connection *c = NULL;
136 int err;
137 struct addrinfo hints;
138
139 c = m_malloc(sizeof(*c));
140 c->remotehost = m_strdup(remotehost);
141 c->remoteport = m_strdup(remoteport);
142 c->sock = -1;
143 c->cb = cb;
144 c->cb_data = cb_data;
145
146 list_append(&ses.conn_pending, c);
147
148 memset(&hints, 0, sizeof(hints));
149 hints.ai_socktype = SOCK_STREAM;
150 hints.ai_family = AF_UNSPEC;
151
152 err = getaddrinfo(remotehost, remoteport, &hints, &c->res);
153 if (err) {
154 int len;
155 len = 100 + strlen(gai_strerror(err));
156 c->errstring = (char*)m_malloc(len);
157 snprintf(c->errstring, len, "Error resolving '%s' port '%s'. %s",
158 remotehost, remoteport, gai_strerror(err));
159 TRACE(("Error resolving: %s", gai_strerror(err)))
160 } else {
161 c->res_iter = c->res;
162 }
163
164 return c;
165 }
166
167 void remove_connect_pending() {
168 while (ses.conn_pending.first) {
169 struct dropbear_progress_connection *c = ses.conn_pending.first->item;
170 remove_connect(c, ses.conn_pending.first);
171 }
172 }
173
174
175 void set_connect_fds(fd_set *writefd) {
176 m_list_elem *iter;
177 TRACE(("enter set_connect_fds"))
178 iter = ses.conn_pending.first;
179 while (iter) {
180 m_list_elem *next_iter = iter->next;
181 struct dropbear_progress_connection *c = iter->item;
182 /* Set one going */
183 while (c->res_iter && c->sock < 0) {
184 connect_try_next(c);
185 }
186 if (c->sock >= 0) {
187 FD_SET(c->sock, writefd);
188 } else {
189 /* Final failure */
190 if (!c->errstring) {
191 c->errstring = m_strdup("unexpected failure");
192 }
193 c->cb(DROPBEAR_FAILURE, -1, c->cb_data, c->errstring);
194 remove_connect(c, iter);
195 }
196 iter = next_iter;
197 }
198 }
199
200 void handle_connect_fds(fd_set *writefd) {
201 m_list_elem *iter;
202 TRACE(("enter handle_connect_fds"))
203 for (iter = ses.conn_pending.first; iter; iter = iter->next) {
204 int val;
205 socklen_t vallen = sizeof(val);
206 struct dropbear_progress_connection *c = iter->item;
207
208 if (c->sock < 0 || !FD_ISSET(c->sock, writefd)) {
209 continue;
210 }
211
212 TRACE(("handling %s port %s socket %d", c->remotehost, c->remoteport, c->sock));
213
214 if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &val, &vallen) != 0) {
215 TRACE(("handle_connect_fds getsockopt(%d) SO_ERROR failed: %s", c->sock, strerror(errno)))
216 /* This isn't expected to happen - Unix has surprises though, continue gracefully. */
217 m_close(c->sock);
218 c->sock = -1;
219 } else if (val != 0) {
220 /* Connect failed */
221 TRACE(("connect to %s port %s failed.", c->remotehost, c->remoteport))
222 m_close(c->sock);
223 c->sock = -1;
224
225 m_free(c->errstring);
226 c->errstring = m_strdup(strerror(val));
227 } else {
228 /* New connection has been established */
229 c->cb(DROPBEAR_SUCCESS, c->sock, c->cb_data, NULL);
230 remove_connect(c, iter);
231 TRACE(("leave handle_connect_fds - success"))
232 /* Must return here - remove_connect() invalidates iter */
233 return;
234 }
235 }
236 TRACE(("leave handle_connect_fds - end iter"))
237 }
238
239 void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue *writequeue) {
240 c->writequeue = writequeue;
241 }
242
243 void packet_queue_to_iovec(struct Queue *queue, struct iovec *iov, unsigned int *iov_count) {
244 struct Link *l;
245 unsigned int i;
246 int len;
247 buffer *writebuf;
248
249 #ifndef IOV_MAX
250 #define IOV_MAX UIO_MAXIOV
251 #endif
252
253 *iov_count = MIN(MIN(queue->count, IOV_MAX), *iov_count);
254
255 for (l = queue->head, i = 0; i < *iov_count; l = l->link, i++)
256 {
257 writebuf = (buffer*)l->item;
258 len = writebuf->len - 1 - writebuf->pos;
259 dropbear_assert(len > 0);
260 TRACE2(("write_packet writev #%d type %d len %d/%d", i, writebuf->data[writebuf->len-1],
261 len, writebuf->len-1))
262 iov[i].iov_base = buf_getptr(writebuf, len);
263 iov[i].iov_len = len;
264 }
265 }
266
267 void packet_queue_consume(struct Queue *queue, ssize_t written) {
268 buffer *writebuf;
269 int len;
270 while (written > 0) {
271 writebuf = (buffer*)examine(queue);
272 len = writebuf->len - 1 - writebuf->pos;
273 if (len > written) {
274 /* partial buffer write */
275 buf_incrpos(writebuf, written);
276 written = 0;
277 } else {
278 written -= len;
279 dequeue(queue);
280 buf_free(writebuf);
281 }
282 }
283 }
284
285 void set_sock_nodelay(int sock) {
286 int val;
287
288 /* disable nagle */
289 val = 1;
290 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val));
291 }
292
293 #ifdef DROPBEAR_SERVER_TCP_FAST_OPEN
294 void set_listen_fast_open(int sock) {
295 int qlen = MAX(MAX_UNAUTH_PER_IP, 5);
296 if (setsockopt(sock, SOL_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen)) != 0) {
297 TRACE(("set_listen_fast_open failed for socket %d: %s", sock, strerror(errno)))
298 }
299 }
300
301 #endif
302
303 void set_sock_priority(int sock, enum dropbear_prio prio) {
304
305 int rc;
306 #ifdef IPTOS_LOWDELAY
307 int iptos_val = 0;
308 #endif
309 #ifdef SO_PRIORITY
310 int so_prio_val = 0;
311 #endif
312
313
314 /* Don't log ENOTSOCK errors so that this can harmlessly be called
315 * on a client '-J' proxy pipe */
316
317 /* set the TOS bit for either ipv4 or ipv6 */
318 #ifdef IPTOS_LOWDELAY
319 if (prio == DROPBEAR_PRIO_LOWDELAY) {
320 iptos_val = IPTOS_LOWDELAY;
321 } else if (prio == DROPBEAR_PRIO_BULK) {
322 iptos_val = IPTOS_THROUGHPUT;
323 }
324 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
325 rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val));
326 if (rc < 0 && errno != ENOTSOCK) {
327 TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno)));
328 }
329 #endif
330 rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val));
331 if (rc < 0 && errno != ENOTSOCK) {
332 TRACE(("Couldn't set IP_TOS (%s)", strerror(errno)));
333 }
334 #endif
335
336 #ifdef SO_PRIORITY
337 if (prio == DROPBEAR_PRIO_LOWDELAY) {
338 so_prio_val = TC_PRIO_INTERACTIVE;
339 } else if (prio == DROPBEAR_PRIO_BULK) {
340 so_prio_val = TC_PRIO_BULK;
341 }
342 /* linux specific, sets QoS class. see tc-prio(8) */
343 rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val));
344 if (rc < 0 && errno != ENOTSOCK)
345 dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)",
346 strerror(errno));
347 #endif
348
349 }
350
351 /* Listen on address:port.
352 * Special cases are address of "" listening on everything,
353 * and address of NULL listening on localhost only.
354 * Returns the number of sockets bound on success, or -1 on failure. On
355 * failure, if errstring wasn't NULL, it'll be a newly malloced error
356 * string.*/
357 int dropbear_listen(const char* address, const char* port,
358 int *socks, unsigned int sockcount, char **errstring, int *maxfd) {
359
360 struct addrinfo hints, *res = NULL, *res0 = NULL;
361 int err;
362 unsigned int nsock;
363 struct linger linger;
364 int val;
365 int sock;
366
367 TRACE(("enter dropbear_listen"))
368
369 memset(&hints, 0, sizeof(hints));
370 hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */
371 hints.ai_socktype = SOCK_STREAM;
372
373 /* for calling getaddrinfo:
374 address == NULL and !AI_PASSIVE: local loopback
375 address == NULL and AI_PASSIVE: all interfaces
376 address != NULL: whatever the address says */
377 if (!address) {
378 TRACE(("dropbear_listen: local loopback"))
379 } else {
380 if (address[0] == '\0') {
381 TRACE(("dropbear_listen: all interfaces"))
382 address = NULL;
383 }
384 hints.ai_flags = AI_PASSIVE;
385 }
386 err = getaddrinfo(address, port, &hints, &res0);
387
388 if (err) {
389 if (errstring != NULL && *errstring == NULL) {
390 int len;
391 len = 20 + strlen(gai_strerror(err));
392 *errstring = (char*)m_malloc(len);
393 snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err));
394 }
395 if (res0) {
396 freeaddrinfo(res0);
397 res0 = NULL;
398 }
399 TRACE(("leave dropbear_listen: failed resolving"))
400 return -1;
401 }
402
403
404 nsock = 0;
405 for (res = res0; res != NULL && nsock < sockcount;
406 res = res->ai_next) {
407
408 /* Get a socket */
409 socks[nsock] = socket(res->ai_family, res->ai_socktype,
410 res->ai_protocol);
411
412 sock = socks[nsock]; /* For clarity */
413
414 if (sock < 0) {
415 err = errno;
416 TRACE(("socket() failed"))
417 continue;
418 }
419
420 /* Various useful socket options */
421 val = 1;
422 /* set to reuse, quick timeout */
423 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val));
424 linger.l_onoff = 1;
425 linger.l_linger = 5;
426 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger));
427
428 #if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
429 if (res->ai_family == AF_INET6) {
430 int on = 1;
431 if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
432 &on, sizeof(on)) == -1) {
433 dropbear_log(LOG_WARNING, "Couldn't set IPV6_V6ONLY");
434 }
435 }
436 #endif
437
438 set_sock_nodelay(sock);
439
440 if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
441 err = errno;
442 close(sock);
443 TRACE(("bind(%s) failed", port))
444 continue;
445 }
446
447 if (listen(sock, DROPBEAR_LISTEN_BACKLOG) < 0) {
448 err = errno;
449 close(sock);
450 TRACE(("listen() failed"))
451 continue;
452 }
453
454 *maxfd = MAX(*maxfd, sock);
455
456 nsock++;
457 }
458
459 if (res0) {
460 freeaddrinfo(res0);
461 res0 = NULL;
462 }
463
464 if (nsock == 0) {
465 if (errstring != NULL && *errstring == NULL) {
466 int len;
467 len = 20 + strlen(strerror(err));
468 *errstring = (char*)m_malloc(len);
469 snprintf(*errstring, len, "Error listening: %s", strerror(err));
470 }
471 TRACE(("leave dropbear_listen: failure, %s", strerror(err)))
472 return -1;
473 }
474
475 TRACE(("leave dropbear_listen: success, %d socks bound", nsock))
476 return nsock;
477 }
478
479 void get_socket_address(int fd, char **local_host, char **local_port,
480 char **remote_host, char **remote_port, int host_lookup)
481 {
482 struct sockaddr_storage addr;
483 socklen_t addrlen;
484
485 if (local_host || local_port) {
486 addrlen = sizeof(addr);
487 if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
488 dropbear_exit("Failed socket address: %s", strerror(errno));
489 }
490 getaddrstring(&addr, local_host, local_port, host_lookup);
491 }
492 if (remote_host || remote_port) {
493 addrlen = sizeof(addr);
494 if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
495 dropbear_exit("Failed socket address: %s", strerror(errno));
496 }
497 getaddrstring(&addr, remote_host, remote_port, host_lookup);
498 }
499 }
500
501 /* Return a string representation of the socket address passed. The return
502 * value is allocated with malloc() */
503 void getaddrstring(struct sockaddr_storage* addr,
504 char **ret_host, char **ret_port,
505 int host_lookup) {
506
507 char host[NI_MAXHOST+1], serv[NI_MAXSERV+1];
508 unsigned int len;
509 int ret;
510
511 int flags = NI_NUMERICSERV | NI_NUMERICHOST;
512
513 #ifndef DO_HOST_LOOKUP
514 host_lookup = 0;
515 #endif
516
517 if (host_lookup) {
518 flags = NI_NUMERICSERV;
519 }
520
521 len = sizeof(struct sockaddr_storage);
522 /* Some platforms such as Solaris 8 require that len is the length
523 * of the specific structure. Some older linux systems (glibc 2.1.3
524 * such as debian potato) have sockaddr_storage.__ss_family instead
525 * but we'll ignore them */
526 #ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY
527 if (addr->ss_family == AF_INET) {
528 len = sizeof(struct sockaddr_in);
529 }
530 #ifdef AF_INET6
531 if (addr->ss_family == AF_INET6) {
532 len = sizeof(struct sockaddr_in6);
533 }
534 #endif
535 #endif
536
537 ret = getnameinfo((struct sockaddr*)addr, len, host, sizeof(host)-1,
538 serv, sizeof(serv)-1, flags);
539
540 if (ret != 0) {
541 if (host_lookup) {
542 /* On some systems (Darwin does it) we get EINTR from getnameinfo
543 * somehow. Eew. So we'll just return the IP, since that doesn't seem
544 * to exhibit that behaviour. */
545 getaddrstring(addr, ret_host, ret_port, 0);
546 return;
547 } else {
548 /* if we can't do a numeric lookup, something's gone terribly wrong */
549 dropbear_exit("Failed lookup: %s", gai_strerror(ret));
550 }
551 }
552
553 if (ret_host) {
554 *ret_host = m_strdup(host);
555 }
556 if (ret_port) {
557 *ret_port = m_strdup(serv);
558 }
559 }
560
Tomato firmware and modifications.