* BSD 3-Clause License
*
* Copyright (c) 2005-2008, Jelmer Vernooij <jelmer@samba.org>
- * Copyright (c) 2006-2018, Stefan Metzmacher <metze@samba.org>
- * Copyright (c) 2013-2018, Andreas Schneider <asn@samba.org>
+ * Copyright (c) 2006-2021, Stefan Metzmacher <metze@samba.org>
+ * Copyright (c) 2013-2021, Andreas Schneider <asn@samba.org>
* Copyright (c) 2014-2017, Michael Adam <obnox@samba.org>
* Copyright (c) 2016-2018, Anoop C S <anoopcs@redhat.com>
* All rights reserved.
#endif
#include <pthread.h>
+#include "socket_wrapper.h"
+
enum swrap_dbglvl_e {
SWRAP_LOG_ERROR = 0,
SWRAP_LOG_WARN,
/* Add new global locks here please */
# define SWRAP_REINIT_ALL do { \
- size_t __i; \
int ret; \
ret = socket_wrapper_init_mutex(&sockets_mutex); \
if (ret != 0) exit(-1); \
if (ret != 0) exit(-1); \
ret = socket_wrapper_init_mutex(&first_free_mutex); \
if (ret != 0) exit(-1); \
- for (__i = 0; (sockets != NULL) && __i < socket_info_max; __i++) { \
- ret = socket_wrapper_init_mutex(&sockets[__i].meta.mutex); \
- if (ret != 0) exit(-1); \
- } \
+ ret = socket_wrapper_init_mutex(&sockets_si_global); \
+ if (ret != 0) exit(-1); \
ret = socket_wrapper_init_mutex(&autobind_start_mutex); \
if (ret != 0) exit(-1); \
ret = socket_wrapper_init_mutex(&pcap_dump_mutex); \
} while(0)
# define SWRAP_LOCK_ALL do { \
- size_t __i; \
swrap_mutex_lock(&sockets_mutex); \
swrap_mutex_lock(&socket_reset_mutex); \
swrap_mutex_lock(&first_free_mutex); \
- for (__i = 0; (sockets != NULL) && __i < socket_info_max; __i++) { \
- swrap_mutex_lock(&sockets[__i].meta.mutex); \
- } \
+ swrap_mutex_lock(&sockets_si_global); \
swrap_mutex_lock(&autobind_start_mutex); \
swrap_mutex_lock(&pcap_dump_mutex); \
swrap_mutex_lock(&mtu_update_mutex); \
} while(0)
# define SWRAP_UNLOCK_ALL do { \
- size_t __s; \
swrap_mutex_unlock(&mtu_update_mutex); \
swrap_mutex_unlock(&pcap_dump_mutex); \
swrap_mutex_unlock(&autobind_start_mutex); \
- for (__s = 0; (sockets != NULL) && __s < socket_info_max; __s++) { \
- size_t __i = (socket_info_max - 1) - __s; \
- swrap_mutex_unlock(&sockets[__i].meta.mutex); \
- } \
+ swrap_mutex_unlock(&sockets_si_global); \
swrap_mutex_unlock(&first_free_mutex); \
swrap_mutex_unlock(&socket_reset_mutex); \
swrap_mutex_unlock(&sockets_mutex); \
#define SWRAP_LOCK_SI(si) do { \
struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si); \
- swrap_mutex_lock(&sic->meta.mutex); \
+ if (sic != NULL) { \
+ swrap_mutex_lock(&sockets_si_global); \
+ } else { \
+ abort(); \
+ } \
} while(0)
#define SWRAP_UNLOCK_SI(si) do { \
struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si); \
- swrap_mutex_unlock(&sic->meta.mutex); \
+ if (sic != NULL) { \
+ swrap_mutex_unlock(&sockets_si_global); \
+ } else { \
+ abort(); \
+ } \
} while(0)
#if defined(HAVE_GETTIMEOFDAY_TZ) || defined(HAVE_GETTIMEOFDAY_TZ_VOID)
{
unsigned int refcount;
int next_free;
- pthread_mutex_t mutex;
+ /*
+ * As long as we don't use shared memory
+ * for the sockets array, we use
+ * sockets_si_global as a single mutex.
+ *
+ * pthread_mutex_t mutex;
+ */
};
struct socket_info_container
/* Mutex to guard the initialization of array of socket_info structures */
static pthread_mutex_t sockets_mutex = PTHREAD_MUTEX_INITIALIZER;
-/* Mutex to guard the socket reset in swrap_close() and swrap_remove_stale() */
+/* Mutex to guard the socket reset in swrap_remove_wrapper() */
static pthread_mutex_t socket_reset_mutex = PTHREAD_MUTEX_INITIALIZER;
/* Mutex to synchronize access to first free index in socket_info array */
static pthread_mutex_t first_free_mutex = PTHREAD_MUTEX_INITIALIZER;
+/*
+ * Mutex to synchronize access to to socket_info structures
+ * We use a single global mutex in order to avoid leaking
+ * ~ 38M copy on write memory per fork.
+ * max_sockets=65535 * sizeof(struct socket_info_container)=592 = 38796720
+ */
+static pthread_mutex_t sockets_si_global = PTHREAD_MUTEX_INITIALIZER;
+
/* Mutex to synchronize access to packet capture dump file */
static pthread_mutex_t pcap_dump_mutex = PTHREAD_MUTEX_INITIALIZER;
/* Function prototypes */
-bool socket_wrapper_enabled(void);
-
#if ! defined(HAVE_CONSTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_INIT)
/* xlC and other oldschool compilers support (only) this */
#pragma init (swrap_constructor)
if (ret != 0) {
SWRAP_LOG(SWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't lock pthread mutex(%s) - %s",
getpid(), getppid(), caller, line, name, strerror(ret));
+ abort();
}
}
if (ret != 0) {
SWRAP_LOG(SWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't unlock pthread mutex(%s) - %s",
getpid(), getppid(), caller, line, name, strerror(ret));
+ abort();
}
}
}
swrap_mutex_lock(&first_free_mutex);
+ swrap_mutex_lock(&sockets_si_global);
first_free = 0;
for (i = 0; i < max_sockets; i++) {
swrap_set_next_free(&sockets[i].info, i+1);
- sockets[i].meta.mutex = (pthread_mutex_t)PTHREAD_MUTEX_INITIALIZER;
- }
-
- for (i = 0; i < max_sockets; i++) {
- ret = socket_wrapper_init_mutex(&sockets[i].meta.mutex);
- if (ret != 0) {
- SWRAP_LOG(SWRAP_LOG_ERROR,
- "Failed to initialize pthread mutex i=%zu", i);
- goto done;
- }
}
/* mark the end of the free list */
swrap_set_next_free(&sockets[max_sockets-1].info, -1);
-done:
+ swrap_mutex_unlock(&sockets_si_global);
swrap_mutex_unlock(&first_free_mutex);
swrap_mutex_unlock(&sockets_mutex);
if (ret != 0) {
type = u_type;
iface = (addr & 0x000000FF);
} else {
+ char str[256] = {0,};
+ inet_ntop(inaddr->sa_family,
+ &in->sin_addr,
+ str, sizeof(str));
+ SWRAP_LOG(SWRAP_LOG_WARN,
+ "str[%s] prt[%u]",
+ str, (unsigned)prt);
errno = ENETUNREACH;
return -1;
}
if (IN6_ARE_ADDR_EQUAL(&cmp1, &cmp2)) {
iface = in->sin6_addr.s6_addr[15];
} else {
+ char str[256] = {0,};
+ inet_ntop(inaddr->sa_family,
+ &in->sin6_addr,
+ str, sizeof(str));
+ SWRAP_LOG(SWRAP_LOG_WARN,
+ "str[%s] prt[%u]",
+ str, (unsigned)prt);
errno = ENETUNREACH;
return -1;
}
}
#endif
-static void swrap_remove_stale(int fd)
-{
- struct socket_info *si;
- int si_index;
-
- SWRAP_LOG(SWRAP_LOG_TRACE, "remove stale wrapper for %d", fd);
-
- swrap_mutex_lock(&socket_reset_mutex);
-
- si_index = find_socket_info_index(fd);
- if (si_index == -1) {
- swrap_mutex_unlock(&socket_reset_mutex);
- return;
- }
-
- reset_socket_info_index(fd);
-
- si = swrap_get_socket_info(si_index);
-
- swrap_mutex_lock(&first_free_mutex);
- SWRAP_LOCK_SI(si);
-
- swrap_dec_refcount(si);
-
- if (swrap_get_refcount(si) > 0) {
- goto out;
- }
-
- if (si->un_addr.sun_path[0] != '\0') {
- unlink(si->un_addr.sun_path);
- }
-
- swrap_set_next_free(si, first_free);
- first_free = si_index;
-
-out:
- SWRAP_UNLOCK_SI(si);
- swrap_mutex_unlock(&first_free_mutex);
- swrap_mutex_unlock(&socket_reset_mutex);
-}
+static void swrap_remove_stale(int fd);
static int sockaddr_convert_to_un(struct socket_info *si,
const struct sockaddr *in_addr,
file_hdr.frame_max_len = SWRAP_FRAME_LENGTH_MAX;
file_hdr.link_type = 0x0065; /* 101 RAW IP */
- if (write(fd, &file_hdr, sizeof(file_hdr)) != sizeof(file_hdr)) {
+ if (libc_write(fd, &file_hdr, sizeof(file_hdr)) != sizeof(file_hdr)) {
libc_close(fd);
fd = -1;
}
fd = swrap_pcap_get_fd(file_name);
if (fd != -1) {
- if (write(fd, packet, packet_len) != (ssize_t)packet_len) {
+ if (libc_write(fd, packet, packet_len) != (ssize_t)packet_len) {
free(packet);
goto done;
}
ret = libc_accept(s, &un_addr.sa.s, &un_addr.sa_socklen);
#endif
if (ret == -1) {
- if (errno == ENOTSOCK) {
+ int saved_errno = errno;
+ if (saved_errno == ENOTSOCK) {
/* Remove stale fds */
swrap_remove_stale(s);
}
+ errno = saved_errno;
return ret;
}
/* Check if we have a stale fd and remove it */
swrap_remove_stale(fd);
+ if (un_addr.sa.un.sun_path[0] == '\0') {
+ /*
+ * FreeBSD seems to have a problem where
+ * accept4() on the unix socket doesn't
+ * ECONNABORTED for already disconnected connections.
+ *
+ * Let's try libc_getpeername() to get the peer address
+ * as a fallback, but it'll likely return ENOTCONN,
+ * which we have to map to ECONNABORTED.
+ */
+ un_addr.sa_socklen = sizeof(struct sockaddr_un),
+ ret = libc_getpeername(fd, &un_addr.sa.s, &un_addr.sa_socklen);
+ if (ret == -1) {
+ int saved_errno = errno;
+ libc_close(fd);
+ if (saved_errno == ENOTCONN) {
+ /*
+ * If the connection is already disconnected
+ * we should return ECONNABORTED.
+ */
+ saved_errno = ECONNABORTED;
+ }
+ errno = saved_errno;
+ return ret;
+ }
+ }
+
+ ret = libc_getsockname(fd,
+ &un_my_addr.sa.s,
+ &un_my_addr.sa_socklen);
+ if (ret == -1) {
+ int saved_errno = errno;
+ libc_close(fd);
+ if (saved_errno == ENOTCONN) {
+ /*
+ * If the connection is already disconnected
+ * we should return ECONNABORTED.
+ */
+ saved_errno = ECONNABORTED;
+ }
+ errno = saved_errno;
+ return ret;
+ }
+
SWRAP_LOCK_SI(parent_si);
ret = sockaddr_convert_from_un(parent_si,
&in_addr.sa.s,
&in_addr.sa_socklen);
if (ret == -1) {
+ int saved_errno = errno;
SWRAP_UNLOCK_SI(parent_si);
libc_close(fd);
+ errno = saved_errno;
return ret;
}
*addrlen = in_addr.sa_socklen;
}
- ret = libc_getsockname(fd,
- &un_my_addr.sa.s,
- &un_my_addr.sa_socklen);
- if (ret == -1) {
- libc_close(fd);
- return ret;
- }
-
ret = sockaddr_convert_from_un(child_si,
&un_my_addr.sa.un,
un_my_addr.sa_socklen,
&in_my_addr.sa.s,
&in_my_addr.sa_socklen);
if (ret == -1) {
+ int saved_errno = errno;
libc_close(fd);
+ errno = saved_errno;
return ret;
}
*new_cmsg = *cmsg;
__fds_out.p = CMSG_DATA(new_cmsg);
fds_out = __fds_out.fds;
- memcpy(fds_out, fds_in, size_fds_out);
+ memcpy(fds_out, fds_in, size_fds_in);
new_cmsg->cmsg_len = cmsg->cmsg_len;
for (i = 0; i < num_fds_in; i++) {
return -1;
}
- sret = write(pipefd[1], &info, sizeof(info));
+ sret = libc_write(pipefd[1], &info, sizeof(info));
if (sret != sizeof(info)) {
int saved_errno = errno;
if (sret != -1) {
}
static int swrap_recvmsg_before_unix(struct msghdr *msg_in,
- struct msghdr *msg_tmp)
+ struct msghdr *msg_tmp,
+ uint8_t **tmp_control)
{
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ const size_t cm_extra_space = CMSG_SPACE(sizeof(int));
+ uint8_t *cm_data = NULL;
+ size_t cm_data_space = 0;
+
+ *msg_tmp = *msg_in;
+ *tmp_control = NULL;
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_in->msg_controllen=%zu",
+ (size_t)msg_in->msg_controllen);
+
+ /* Nothing to do */
+ if (msg_in->msg_controllen == 0 || msg_in->msg_control == NULL) {
+ return 0;
+ }
+
+ /*
+ * We need to give the kernel a bit more space in order
+ * recv the pipe fd, added by swrap_sendmsg_before_unix()).
+ * swrap_recvmsg_after_unix() will hide it again.
+ */
+ cm_data_space = msg_in->msg_controllen;
+ if (cm_data_space < (INT32_MAX - cm_extra_space)) {
+ cm_data_space += cm_extra_space;
+ }
+ cm_data = calloc(1, cm_data_space);
+ if (cm_data == NULL) {
+ return -1;
+ }
+
+ msg_tmp->msg_controllen = cm_data_space;
+ msg_tmp->msg_control = cm_data;
+ *tmp_control = cm_data;
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_tmp->msg_controllen=%zu",
+ (size_t)msg_tmp->msg_controllen);
+ return 0;
+#else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
*msg_tmp = *msg_in;
+ *tmp_control = NULL;
return 0;
+#endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
}
static ssize_t swrap_recvmsg_after_unix(struct msghdr *msg_tmp,
+ uint8_t **tmp_control,
struct msghdr *msg_out,
ssize_t ret)
{
size_t cm_data_space = 0;
int rc = -1;
+ if (ret < 0) {
+ int saved_errno = errno;
+ SWRAP_LOG(SWRAP_LOG_TRACE, "ret=%zd - %d - %s", ret,
+ saved_errno, strerror(saved_errno));
+ SAFE_FREE(*tmp_control);
+ /* msg_out should not be touched on error */
+ errno = saved_errno;
+ return ret;
+ }
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_tmp->msg_controllen=%zu",
+ (size_t)msg_tmp->msg_controllen);
+
/* Nothing to do */
if (msg_tmp->msg_controllen == 0 || msg_tmp->msg_control == NULL) {
- goto done;
+ int saved_errno = errno;
+ *msg_out = *msg_tmp;
+ SAFE_FREE(*tmp_control);
+ errno = saved_errno;
+ return ret;
}
for (cmsg = CMSG_FIRSTHDR(msg_tmp);
if (rc < 0) {
int saved_errno = errno;
SAFE_FREE(cm_data);
+ SAFE_FREE(*tmp_control);
errno = saved_errno;
return rc;
}
}
/*
- * msg_tmp->msg_control is still the buffer of the caller.
+ * msg_tmp->msg_control (*tmp_control) was created by
+ * swrap_recvmsg_before_unix() and msg_out->msg_control
+ * is still the buffer of the caller.
*/
- memcpy(msg_tmp->msg_control, cm_data, cm_data_space);
- msg_tmp->msg_controllen = cm_data_space;
+ msg_tmp->msg_control = msg_out->msg_control;
+ msg_tmp->msg_controllen = msg_out->msg_controllen;
+ *msg_out = *msg_tmp;
+
+ cm_data_space = MIN(cm_data_space, msg_out->msg_controllen);
+ memcpy(msg_out->msg_control, cm_data, cm_data_space);
+ msg_out->msg_controllen = cm_data_space;
SAFE_FREE(cm_data);
-done:
-#endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ SAFE_FREE(*tmp_control);
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_out->msg_controllen=%zu",
+ (size_t)msg_out->msg_controllen);
+ return ret;
+#else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ int saved_errno = errno;
*msg_out = *msg_tmp;
+ SAFE_FREE(*tmp_control);
+ errno = saved_errno;
return ret;
+#endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
}
static ssize_t swrap_sendmsg_before(int fd,
si = find_socket_info(s);
if (si == NULL) {
- rc = swrap_recvmsg_before_unix(omsg, &msg);
+ uint8_t *tmp_control = NULL;
+ rc = swrap_recvmsg_before_unix(omsg, &msg, &tmp_control);
if (rc < 0) {
return rc;
}
ret = libc_recvmsg(s, &msg, flags);
- return swrap_recvmsg_after_unix(&msg, omsg, ret);
+ return swrap_recvmsg_after_unix(&msg, &tmp_control, omsg, ret);
}
tmp.iov_base = NULL;
* CLOSE
***************************/
-static int swrap_close(int fd)
+static int swrap_remove_wrapper(const char *__func_name,
+ int (*__close_fd_fn)(int fd),
+ int fd)
{
struct socket_info *si = NULL;
int si_index;
+ int ret_errno = errno;
int ret;
swrap_mutex_lock(&socket_reset_mutex);
si_index = find_socket_info_index(fd);
if (si_index == -1) {
swrap_mutex_unlock(&socket_reset_mutex);
- return libc_close(fd);
+ return __close_fd_fn(fd);
}
- SWRAP_LOG(SWRAP_LOG_TRACE, "Close wrapper for fd=%d", fd);
+ swrap_log(SWRAP_LOG_TRACE, __func_name, "Remove wrapper for fd=%d", fd);
reset_socket_info_index(fd);
si = swrap_get_socket_info(si_index);
swrap_mutex_lock(&first_free_mutex);
SWRAP_LOCK_SI(si);
- ret = libc_close(fd);
+ ret = __close_fd_fn(fd);
+ if (ret == -1) {
+ ret_errno = errno;
+ }
swrap_dec_refcount(si);
swrap_mutex_unlock(&first_free_mutex);
swrap_mutex_unlock(&socket_reset_mutex);
+ errno = ret_errno;
return ret;
}
+static int swrap_noop_close(int fd)
+{
+ (void)fd; /* unused */
+ return 0;
+}
+
+static void swrap_remove_stale(int fd)
+{
+ swrap_remove_wrapper(__func__, swrap_noop_close, fd);
+}
+
+static int swrap_close(int fd)
+{
+ return swrap_remove_wrapper(__func__, libc_close, fd);
+}
+
int close(int fd)
{
return swrap_close(fd);