* BSD 3-Clause License
*
* Copyright (c) 2005-2008, Jelmer Vernooij <jelmer@samba.org>
- * Copyright (c) 2006-2018, Stefan Metzmacher <metze@samba.org>
- * Copyright (c) 2013-2018, Andreas Schneider <asn@samba.org>
+ * Copyright (c) 2006-2021, Stefan Metzmacher <metze@samba.org>
+ * Copyright (c) 2013-2021, Andreas Schneider <asn@samba.org>
* Copyright (c) 2014-2017, Michael Adam <obnox@samba.org>
* Copyright (c) 2016-2018, Anoop C S <anoopcs@redhat.com>
* All rights reserved.
#include <sys/types.h>
#include <sys/time.h>
#include <sys/stat.h>
+#ifdef HAVE_SYS_SYSCALL_H
+#include <sys/syscall.h>
+#endif
+#ifdef HAVE_SYSCALL_H
+#include <syscall.h>
+#endif
#include <sys/socket.h>
#include <sys/ioctl.h>
#ifdef HAVE_SYS_FILIO_H
#endif
#include <pthread.h>
+#include "socket_wrapper.h"
+
enum swrap_dbglvl_e {
SWRAP_LOG_ERROR = 0,
SWRAP_LOG_WARN,
/* Add new global locks here please */
# define SWRAP_REINIT_ALL do { \
- size_t __i; \
int ret; \
ret = socket_wrapper_init_mutex(&sockets_mutex); \
if (ret != 0) exit(-1); \
if (ret != 0) exit(-1); \
ret = socket_wrapper_init_mutex(&first_free_mutex); \
if (ret != 0) exit(-1); \
- for (__i = 0; (sockets != NULL) && __i < socket_info_max; __i++) { \
- ret = socket_wrapper_init_mutex(&sockets[__i].meta.mutex); \
- if (ret != 0) exit(-1); \
- } \
+ ret = socket_wrapper_init_mutex(&sockets_si_global); \
+ if (ret != 0) exit(-1); \
ret = socket_wrapper_init_mutex(&autobind_start_mutex); \
if (ret != 0) exit(-1); \
ret = socket_wrapper_init_mutex(&pcap_dump_mutex); \
} while(0)
# define SWRAP_LOCK_ALL do { \
- size_t __i; \
swrap_mutex_lock(&sockets_mutex); \
swrap_mutex_lock(&socket_reset_mutex); \
swrap_mutex_lock(&first_free_mutex); \
- for (__i = 0; (sockets != NULL) && __i < socket_info_max; __i++) { \
- swrap_mutex_lock(&sockets[__i].meta.mutex); \
- } \
+ swrap_mutex_lock(&sockets_si_global); \
swrap_mutex_lock(&autobind_start_mutex); \
swrap_mutex_lock(&pcap_dump_mutex); \
swrap_mutex_lock(&mtu_update_mutex); \
} while(0)
# define SWRAP_UNLOCK_ALL do { \
- size_t __s; \
swrap_mutex_unlock(&mtu_update_mutex); \
swrap_mutex_unlock(&pcap_dump_mutex); \
swrap_mutex_unlock(&autobind_start_mutex); \
- for (__s = 0; (sockets != NULL) && __s < socket_info_max; __s++) { \
- size_t __i = (socket_info_max - 1) - __s; \
- swrap_mutex_unlock(&sockets[__i].meta.mutex); \
- } \
+ swrap_mutex_unlock(&sockets_si_global); \
swrap_mutex_unlock(&first_free_mutex); \
swrap_mutex_unlock(&socket_reset_mutex); \
swrap_mutex_unlock(&sockets_mutex); \
#define SWRAP_LOCK_SI(si) do { \
struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si); \
- swrap_mutex_lock(&sic->meta.mutex); \
+ if (sic != NULL) { \
+ swrap_mutex_lock(&sockets_si_global); \
+ } else { \
+ abort(); \
+ } \
} while(0)
#define SWRAP_UNLOCK_SI(si) do { \
struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si); \
- swrap_mutex_unlock(&sic->meta.mutex); \
+ if (sic != NULL) { \
+ swrap_mutex_unlock(&sockets_si_global); \
+ } else { \
+ abort(); \
+ } \
} while(0)
#if defined(HAVE_GETTIMEOFDAY_TZ) || defined(HAVE_GETTIMEOFDAY_TZ_VOID)
struct socket_info
{
+ /*
+ * Remember to update swrap_unix_scm_right_magic
+ * on any change.
+ */
+
int family;
int type;
int protocol;
int pktinfo;
int tcp_nodelay;
int listening;
+ int fd_passed;
/* The unix path so we can unlink it on close() */
struct sockaddr_un un_addr;
{
unsigned int refcount;
int next_free;
- pthread_mutex_t mutex;
+ /*
+ * As long as we don't use shared memory
+ * for the sockets array, we use
+ * sockets_si_global as a single mutex.
+ *
+ * pthread_mutex_t mutex;
+ */
};
struct socket_info_container
/* Mutex to guard the initialization of array of socket_info structures */
static pthread_mutex_t sockets_mutex = PTHREAD_MUTEX_INITIALIZER;
-/* Mutex to guard the socket reset in swrap_close() and swrap_remove_stale() */
+/* Mutex to guard the socket reset in swrap_remove_wrapper() */
static pthread_mutex_t socket_reset_mutex = PTHREAD_MUTEX_INITIALIZER;
/* Mutex to synchronize access to first free index in socket_info array */
static pthread_mutex_t first_free_mutex = PTHREAD_MUTEX_INITIALIZER;
+/*
+ * Mutex to synchronize access to to socket_info structures
+ * We use a single global mutex in order to avoid leaking
+ * ~ 38M copy on write memory per fork.
+ * max_sockets=65535 * sizeof(struct socket_info_container)=592 = 38796720
+ */
+static pthread_mutex_t sockets_si_global = PTHREAD_MUTEX_INITIALIZER;
+
/* Mutex to synchronize access to packet capture dump file */
static pthread_mutex_t pcap_dump_mutex = PTHREAD_MUTEX_INITIALIZER;
/* Function prototypes */
-bool socket_wrapper_enabled(void);
-
#if ! defined(HAVE_CONSTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_INIT)
/* xlC and other oldschool compilers support (only) this */
#pragma init (swrap_constructor)
const struct sockaddr *addr,
socklen_t addrlen);
typedef int (*__libc_close)(int fd);
+#ifdef HAVE___CLOSE_NOCANCEL
+typedef int (*__libc___close_nocancel)(int fd);
+#endif
typedef int (*__libc_connect)(int sockfd,
const struct sockaddr *addr,
socklen_t addrlen);
#ifdef HAVE_OPEN64
typedef int (*__libc_open64)(const char *pathname, int flags, ...);
#endif /* HAVE_OPEN64 */
+#ifdef HAVE_OPENAT64
+typedef int (*__libc_openat64)(int dirfd, const char *pathname, int flags, ...);
+#endif /* HAVE_OPENAT64 */
typedef int (*__libc_openat)(int dirfd, const char *path, int flags, ...);
typedef int (*__libc_pipe)(int pipefd[2]);
typedef int (*__libc_read)(int fd, void *buf, size_t count);
struct sockaddr *src_addr,
socklen_t *addrlen);
typedef int (*__libc_recvmsg)(int sockfd, const struct msghdr *msg, int flags);
+#ifdef HAVE_RECVMMSG
+#if defined(HAVE_RECVMMSG_SSIZE_T_CONST_TIMEOUT)
+/* FreeBSD */
+typedef ssize_t (*__libc_recvmmsg)(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags, const struct timespec *timeout);
+#elif defined(HAVE_RECVMMSG_CONST_TIMEOUT)
+/* Linux legacy glibc < 2.21 */
+typedef int (*__libc_recvmmsg)(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, const struct timespec *timeout);
+#else
+/* Linux glibc >= 2.21 */
+typedef int (*__libc_recvmmsg)(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, struct timespec *timeout);
+#endif
+#endif /* HAVE_RECVMMSG */
typedef int (*__libc_send)(int sockfd, const void *buf, size_t len, int flags);
typedef int (*__libc_sendmsg)(int sockfd, const struct msghdr *msg, int flags);
+#ifdef HAVE_SENDMMSG
+#if defined(HAVE_SENDMMSG_SSIZE_T)
+/* FreeBSD */
+typedef ssize_t (*__libc_sendmmsg)(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags);
+#else
+/* Linux */
+typedef int (*__libc_sendmmsg)(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags);
+#endif
+#endif /* HAVE_SENDMMSG */
typedef int (*__libc_sendto)(int sockfd,
const void *buf,
size_t len,
#endif
typedef ssize_t (*__libc_write)(int fd, const void *buf, size_t count);
typedef ssize_t (*__libc_writev)(int fd, const struct iovec *iov, int iovcnt);
+#ifdef HAVE_SYSCALL
+typedef long int (*__libc_syscall)(long int sysno, ...);
+#endif
#define SWRAP_SYMBOL_ENTRY(i) \
union { \
#endif
SWRAP_SYMBOL_ENTRY(bind);
SWRAP_SYMBOL_ENTRY(close);
+#ifdef HAVE___CLOSE_NOCANCEL
+ SWRAP_SYMBOL_ENTRY(__close_nocancel);
+#endif
SWRAP_SYMBOL_ENTRY(connect);
SWRAP_SYMBOL_ENTRY(dup);
SWRAP_SYMBOL_ENTRY(dup2);
+#ifdef HAVE_FCNTL64
+ SWRAP_SYMBOL_ENTRY(fcntl64);
+#else
SWRAP_SYMBOL_ENTRY(fcntl);
+#endif
SWRAP_SYMBOL_ENTRY(fopen);
#ifdef HAVE_FOPEN64
SWRAP_SYMBOL_ENTRY(fopen64);
SWRAP_SYMBOL_ENTRY(open);
#ifdef HAVE_OPEN64
SWRAP_SYMBOL_ENTRY(open64);
+#endif
+#ifdef HAVE_OPENAT64
+ SWRAP_SYMBOL_ENTRY(openat64);
#endif
SWRAP_SYMBOL_ENTRY(openat);
SWRAP_SYMBOL_ENTRY(pipe);
SWRAP_SYMBOL_ENTRY(recv);
SWRAP_SYMBOL_ENTRY(recvfrom);
SWRAP_SYMBOL_ENTRY(recvmsg);
+#ifdef HAVE_RECVMMSG
+ SWRAP_SYMBOL_ENTRY(recvmmsg);
+#endif
SWRAP_SYMBOL_ENTRY(send);
SWRAP_SYMBOL_ENTRY(sendmsg);
+#ifdef HAVE_SENDMMSG
+ SWRAP_SYMBOL_ENTRY(sendmmsg);
+#endif
SWRAP_SYMBOL_ENTRY(sendto);
SWRAP_SYMBOL_ENTRY(setsockopt);
#ifdef HAVE_SIGNALFD
#endif
SWRAP_SYMBOL_ENTRY(write);
SWRAP_SYMBOL_ENTRY(writev);
+#ifdef HAVE_SYSCALL
+ SWRAP_SYMBOL_ENTRY(syscall);
+#endif
};
+#undef SWRAP_SYMBOL_ENTRY
+
+#define SWRAP_SYMBOL_ENTRY(i) \
+ union { \
+ __rtld_default_##i f; \
+ void *obj; \
+ } _rtld_default_##i
+
+#ifdef HAVE_SYSCALL
+typedef bool (*__rtld_default_uid_wrapper_syscall_valid)(long int sysno);
+typedef long int (*__rtld_default_uid_wrapper_syscall_va)(long int sysno, va_list va);
+#endif
+
+struct swrap_rtld_default_symbols {
+#ifdef HAVE_SYSCALL
+ SWRAP_SYMBOL_ENTRY(uid_wrapper_syscall_valid);
+ SWRAP_SYMBOL_ENTRY(uid_wrapper_syscall_va);
+#else
+ uint8_t dummy;
+#endif
+};
+#undef SWRAP_SYMBOL_ENTRY
struct swrap {
struct {
void *socket_handle;
struct swrap_libc_symbols symbols;
} libc;
+
+ struct {
+ struct swrap_rtld_default_symbols symbols;
+ } rtld_default;
};
static struct swrap swrap;
if (ret != 0) {
SWRAP_LOG(SWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't lock pthread mutex(%s) - %s",
getpid(), getppid(), caller, line, name, strerror(ret));
+ abort();
}
}
if (ret != 0) {
SWRAP_LOG(SWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't unlock pthread mutex(%s) - %s",
getpid(), getppid(), caller, line, name, strerror(ret));
+ abort();
}
}
#define swrap_bind_symbol_libsocket(sym_name) \
_swrap_bind_symbol_generic(SWRAP_LIBSOCKET, sym_name)
+#define swrap_bind_symbol_rtld_default_optional(sym_name) do { \
+ swrap.rtld_default.symbols._rtld_default_##sym_name.obj = \
+ dlsym(RTLD_DEFAULT, #sym_name); \
+} while(0);
+
static void swrap_bind_symbol_all(void);
/****************************************************************************
return swrap.libc.symbols._libc_close.f(fd);
}
+#ifdef HAVE___CLOSE_NOCANCEL
+static int libc___close_nocancel(int fd)
+{
+ swrap_bind_symbol_all();
+
+ return swrap.libc.symbols._libc___close_nocancel.f(fd);
+}
+#endif /* HAVE___CLOSE_NOCANCEL */
+
static int libc_connect(int sockfd,
const struct sockaddr *addr,
socklen_t addrlen)
arg = va_arg(ap, void *);
+ /*
+ * If fcntl64 exists then this is a system were fcntl is
+ * renamed (including when building this file), and so we must
+ * assume that the binary under test was built with
+ * -D_FILE_OFFSET_BITS=64 and pass on to fcntl64.
+ *
+ * If we are wrong, then fcntl is unwrapped, but while that is
+ * not ideal, is is also unlikely.
+ *
+ * In any case, it is always wrong to map fcntl64() to fcntl()
+ * as this will cause a thunk from struct flock -> flock64
+ * that the caller had already prepared for.
+ */
+#ifdef HAVE_FCNTL64
+ rc = swrap.libc.symbols._libc_fcntl64.f(fd, cmd, arg);
+#else
rc = swrap.libc.symbols._libc_fcntl.f(fd, cmd, arg);
+#endif
return rc;
}
}
#endif /* HAVE_FOPEN64 */
+static void swrap_inject_o_largefile(int *flags)
+{
+ (void)*flags; /* maybe unused */
+#if SIZE_MAX == 0xffffffffUL && defined(O_LARGEFILE)
+#ifdef O_PATH
+ if (((*flags) & O_PATH) == 0)
+#endif
+ {
+ *flags |= O_LARGEFILE;
+ }
+#endif
+}
+
static int libc_vopen(const char *pathname, int flags, va_list ap)
{
int mode = 0;
swrap_bind_symbol_all();
+ swrap_inject_o_largefile(&flags);
+
if (flags & O_CREAT) {
mode = va_arg(ap, int);
}
swrap_bind_symbol_all();
+ swrap_inject_o_largefile(&flags);
+
if (flags & O_CREAT) {
mode = va_arg(ap, int);
}
}
#endif /* HAVE_OPEN64 */
+#ifdef HAVE_OPENAT64
+static int
+libc_vopenat64(int dirfd, const char *pathname, int flags, va_list ap)
+{
+ int mode = 0;
+ int fd;
+
+ swrap_bind_symbol_all();
+
+ swrap_inject_o_largefile(&flags);
+
+ if (flags & O_CREAT) {
+ mode = va_arg(ap, int);
+ }
+ fd = swrap.libc.symbols._libc_openat64.f(dirfd,
+ pathname,
+ flags,
+ (mode_t)mode);
+
+ return fd;
+}
+#endif /* HAVE_OPENAT64 */
+
static int libc_vopenat(int dirfd, const char *path, int flags, va_list ap)
{
int mode = 0;
swrap_bind_symbol_all();
+ swrap_inject_o_largefile(&flags);
+
if (flags & O_CREAT) {
mode = va_arg(ap, int);
}
return swrap.libc.symbols._libc_recvmsg.f(sockfd, msg, flags);
}
+#ifdef HAVE_RECVMMSG
+#if defined(HAVE_RECVMMSG_SSIZE_T_CONST_TIMEOUT)
+/* FreeBSD */
+static ssize_t libc_recvmmsg(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags, const struct timespec *timeout)
+#elif defined(HAVE_RECVMMSG_CONST_TIMEOUT)
+/* Linux legacy glibc < 2.21 */
+static int libc_recvmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, const struct timespec *timeout)
+#else
+/* Linux glibc >= 2.21 */
+static int libc_recvmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, struct timespec *timeout)
+#endif
+{
+ swrap_bind_symbol_all();
+
+ return swrap.libc.symbols._libc_recvmmsg.f(sockfd, msgvec, vlen, flags, timeout);
+}
+#endif
+
static int libc_send(int sockfd, const void *buf, size_t len, int flags)
{
swrap_bind_symbol_all();
return swrap.libc.symbols._libc_sendmsg.f(sockfd, msg, flags);
}
+#ifdef HAVE_SENDMMSG
+#if defined(HAVE_SENDMMSG_SSIZE_T)
+/* FreeBSD */
+static ssize_t libc_sendmmsg(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags)
+#else
+/* Linux */
+static int libc_sendmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags)
+#endif
+{
+ swrap_bind_symbol_all();
+
+ return swrap.libc.symbols._libc_sendmmsg.f(sockfd, msgvec, vlen, flags);
+}
+#endif
+
static int libc_sendto(int sockfd,
const void *buf,
size_t len,
return swrap.libc.symbols._libc_writev.f(fd, iov, iovcnt);
}
+#ifdef HAVE_SYSCALL
+DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
+static long int libc_vsyscall(long int sysno, va_list va)
+{
+ long int args[8];
+ long int rc;
+ int i;
+
+ swrap_bind_symbol_all();
+
+ for (i = 0; i < 8; i++) {
+ args[i] = va_arg(va, long int);
+ }
+
+ rc = swrap.libc.symbols._libc_syscall.f(sysno,
+ args[0],
+ args[1],
+ args[2],
+ args[3],
+ args[4],
+ args[5],
+ args[6],
+ args[7]);
+
+ return rc;
+}
+
+static bool swrap_uwrap_syscall_valid(long int sysno)
+{
+ swrap_bind_symbol_all();
+
+ if (swrap.rtld_default.symbols._rtld_default_uid_wrapper_syscall_valid.f == NULL) {
+ return false;
+ }
+
+ return swrap.rtld_default.symbols._rtld_default_uid_wrapper_syscall_valid.f(
+ sysno);
+}
+
+DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
+static long int swrap_uwrap_syscall_va(long int sysno, va_list va)
+{
+ swrap_bind_symbol_all();
+
+ if (swrap.rtld_default.symbols._rtld_default_uid_wrapper_syscall_va.f == NULL) {
+ /*
+ * Fallback to libc, if uid_wrapper_syscall_va is not
+ * available.
+ */
+ return libc_vsyscall(sysno, va);
+ }
+
+ return swrap.rtld_default.symbols._rtld_default_uid_wrapper_syscall_va.f(
+ sysno,
+ va);
+}
+#endif /* HAVE_SYSCALL */
+
/* DO NOT call this function during library initialization! */
static void __swrap_bind_symbol_all_once(void)
{
#endif
swrap_bind_symbol_libsocket(bind);
swrap_bind_symbol_libc(close);
+#ifdef HAVE___CLOSE_NOCANCEL
+ swrap_bind_symbol_libc(__close_nocancel);
+#endif
swrap_bind_symbol_libsocket(connect);
swrap_bind_symbol_libc(dup);
swrap_bind_symbol_libc(dup2);
+#ifdef HAVE_FCNTL64
+ swrap_bind_symbol_libc(fcntl64);
+#else
swrap_bind_symbol_libc(fcntl);
+#endif
swrap_bind_symbol_libc(fopen);
#ifdef HAVE_FOPEN64
swrap_bind_symbol_libc(fopen64);
swrap_bind_symbol_libc(open);
#ifdef HAVE_OPEN64
swrap_bind_symbol_libc(open64);
+#endif
+#ifdef HAVE_OPENAT64
+ swrap_bind_symbol_libc(openat64);
#endif
swrap_bind_symbol_libc(openat);
swrap_bind_symbol_libsocket(pipe);
swrap_bind_symbol_libsocket(recv);
swrap_bind_symbol_libsocket(recvfrom);
swrap_bind_symbol_libsocket(recvmsg);
+#ifdef HAVE_RECVMMSG
+ swrap_bind_symbol_libsocket(recvmmsg);
+#endif
swrap_bind_symbol_libsocket(send);
swrap_bind_symbol_libsocket(sendmsg);
+#ifdef HAVE_SENDMMSG
+ swrap_bind_symbol_libsocket(sendmmsg);
+#endif
swrap_bind_symbol_libsocket(sendto);
swrap_bind_symbol_libsocket(setsockopt);
#ifdef HAVE_SIGNALFD
#endif
swrap_bind_symbol_libc(write);
swrap_bind_symbol_libsocket(writev);
+#ifdef HAVE_SYSCALL
+ swrap_bind_symbol_libc(syscall);
+ swrap_bind_symbol_rtld_default_optional(uid_wrapper_syscall_valid);
+ swrap_bind_symbol_rtld_default_optional(uid_wrapper_syscall_va);
+#endif
}
static void swrap_bind_symbol_all(void)
return 0;
}
+struct swrap_sockaddr_buf {
+ char str[128];
+};
+
+static const char *swrap_sockaddr_string(struct swrap_sockaddr_buf *buf,
+ const struct sockaddr *saddr)
+{
+ unsigned int port = 0;
+ char addr[64] = {0,};
+
+ switch (saddr->sa_family) {
+ case AF_INET: {
+ const struct sockaddr_in *in =
+ (const struct sockaddr_in *)(const void *)saddr;
+
+ port = ntohs(in->sin_port);
+
+ inet_ntop(saddr->sa_family,
+ &in->sin_addr,
+ addr, sizeof(addr));
+ break;
+ }
+#ifdef HAVE_IPV6
+ case AF_INET6: {
+ const struct sockaddr_in6 *in6 =
+ (const struct sockaddr_in6 *)(const void *)saddr;
+
+ port = ntohs(in6->sin6_port);
+
+ inet_ntop(saddr->sa_family,
+ &in6->sin6_addr,
+ addr, sizeof(addr));
+ break;
+ }
+#endif
+ default:
+ snprintf(addr, sizeof(addr),
+ "<Unknown address family %u>",
+ saddr->sa_family);
+ break;
+ }
+
+ snprintf(buf->str, sizeof(buf->str),
+ "addr[%s]/port[%u]",
+ addr, port);
+
+ return buf->str;
+}
+
static struct socket_info *swrap_get_socket_info(int si_index)
{
return (struct socket_info *)(&(sockets[si_index].info));
}
swrap_mutex_lock(&first_free_mutex);
+ swrap_mutex_lock(&sockets_si_global);
first_free = 0;
for (i = 0; i < max_sockets; i++) {
swrap_set_next_free(&sockets[i].info, i+1);
- sockets[i].meta.mutex = (pthread_mutex_t)PTHREAD_MUTEX_INITIALIZER;
- }
-
- for (i = 0; i < max_sockets; i++) {
- ret = socket_wrapper_init_mutex(&sockets[i].meta.mutex);
- if (ret != 0) {
- SWRAP_LOG(SWRAP_LOG_ERROR,
- "Failed to initialize pthread mutex i=%zu", i);
- goto done;
- }
}
/* mark the end of the free list */
swrap_set_next_free(&sockets[max_sockets-1].info, -1);
-done:
+ swrap_mutex_unlock(&sockets_si_global);
swrap_mutex_unlock(&first_free_mutex);
swrap_mutex_unlock(&sockets_mutex);
if (ret != 0) {
return socket_fds_idx[fd];
}
-static int swrap_add_socket_info(struct socket_info *si_input)
+static int swrap_add_socket_info(const struct socket_info *si_input)
{
struct socket_info *si = NULL;
int si_index = -1;
"trying to add %d",
socket_fds_max,
fd);
+ errno = EMFILE;
return -1;
}
if (p) p++; else p = un->sun_path;
if (sscanf(p, SOCKET_FORMAT, &type, &iface, &prt) != 3) {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "sun_path[%s] p[%s]",
+ un->sun_path, p);
errno = EINVAL;
return -1;
}
- SWRAP_LOG(SWRAP_LOG_TRACE, "type %c iface %u port %u",
- type, iface, prt);
-
if (iface == 0 || iface > MAX_WRAPPED_INTERFACES) {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "type %c iface %u port %u",
+ type, iface, prt);
errno = EINVAL;
return -1;
}
if (prt > 0xFFFF) {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "type %c iface %u port %u",
+ type, iface, prt);
errno = EINVAL;
return -1;
}
+ SWRAP_LOG(SWRAP_LOG_TRACE, "type %c iface %u port %u",
+ type, iface, prt);
+
switch(type) {
case SOCKET_TYPE_CHAR_TCP:
case SOCKET_TYPE_CHAR_UDP: {
struct sockaddr_in *in2 = (struct sockaddr_in *)(void *)in;
if ((*len) < sizeof(*in2)) {
- errno = EINVAL;
- return -1;
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "V4: *len(%zu) < sizeof(*in2)=%zu",
+ (size_t)*len, sizeof(*in2));
+ errno = EINVAL;
+ return -1;
}
memset(in2, 0, sizeof(*in2));
struct sockaddr_in6 *in2 = (struct sockaddr_in6 *)(void *)in;
if ((*len) < sizeof(*in2)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "V6: *len(%zu) < sizeof(*in2)=%zu",
+ (size_t)*len, sizeof(*in2));
+ SWRAP_LOG(SWRAP_LOG_ERROR, "LINE:%d", __LINE__);
errno = EINVAL;
return -1;
}
}
#endif
default:
+ SWRAP_LOG(SWRAP_LOG_ERROR, "type %c iface %u port %u",
+ type, iface, prt);
errno = EINVAL;
return -1;
}
type = u_type;
iface = (addr & 0x000000FF);
} else {
+ struct swrap_sockaddr_buf buf = {};
+ SWRAP_LOG(SWRAP_LOG_WARN,
+ "%s",
+ swrap_sockaddr_string(&buf, inaddr));
errno = ENETUNREACH;
return -1;
}
if (IN6_ARE_ADDR_EQUAL(&cmp1, &cmp2)) {
iface = in->sin6_addr.s6_addr[15];
} else {
+ struct swrap_sockaddr_buf buf = {};
+ SWRAP_LOG(SWRAP_LOG_WARN,
+ "%s",
+ swrap_sockaddr_string(&buf, inaddr));
errno = ENETUNREACH;
return -1;
}
}
#endif
-static void swrap_remove_stale(int fd)
-{
- struct socket_info *si;
- int si_index;
-
- SWRAP_LOG(SWRAP_LOG_TRACE, "remove stale wrapper for %d", fd);
-
- swrap_mutex_lock(&socket_reset_mutex);
-
- si_index = find_socket_info_index(fd);
- if (si_index == -1) {
- swrap_mutex_unlock(&socket_reset_mutex);
- return;
- }
-
- reset_socket_info_index(fd);
-
- si = swrap_get_socket_info(si_index);
-
- swrap_mutex_lock(&first_free_mutex);
- SWRAP_LOCK_SI(si);
-
- swrap_dec_refcount(si);
-
- if (swrap_get_refcount(si) > 0) {
- goto out;
- }
-
- if (si->un_addr.sun_path[0] != '\0') {
- unlink(si->un_addr.sun_path);
- }
-
- swrap_set_next_free(si, first_free);
- first_free = si_index;
-
-out:
- SWRAP_UNLOCK_SI(si);
- swrap_mutex_unlock(&first_free_mutex);
- swrap_mutex_unlock(&socket_reset_mutex);
-}
+static void swrap_remove_stale(int fd);
static int sockaddr_convert_to_un(struct socket_info *si,
const struct sockaddr *in_addr,
file_hdr.frame_max_len = SWRAP_FRAME_LENGTH_MAX;
file_hdr.link_type = 0x0065; /* 101 RAW IP */
- if (write(fd, &file_hdr, sizeof(file_hdr)) != sizeof(file_hdr)) {
- close(fd);
+ if (libc_write(fd, &file_hdr, sizeof(file_hdr)) != sizeof(file_hdr)) {
+ libc_close(fd);
fd = -1;
}
return fd;
fd = swrap_pcap_get_fd(file_name);
if (fd != -1) {
- if (write(fd, packet, packet_len) != (ssize_t)packet_len) {
+ if (libc_write(fd, packet, packet_len) != (ssize_t)packet_len) {
free(packet);
goto done;
}
ret = swrap_create_socket(si, fd);
if (ret == -1) {
+ int saved_errno = errno;
+ libc_close(fd);
+ errno = saved_errno;
return -1;
}
ret = libc_accept(s, &un_addr.sa.s, &un_addr.sa_socklen);
#endif
if (ret == -1) {
- if (errno == ENOTSOCK) {
+ int saved_errno = errno;
+ if (saved_errno == ENOTSOCK) {
/* Remove stale fds */
swrap_remove_stale(s);
}
+ errno = saved_errno;
return ret;
}
/* Check if we have a stale fd and remove it */
swrap_remove_stale(fd);
+ if (un_addr.sa.un.sun_path[0] == '\0') {
+ /*
+ * FreeBSD seems to have a problem where
+ * accept4() on the unix socket doesn't
+ * ECONNABORTED for already disconnected connections.
+ *
+ * Let's try libc_getpeername() to get the peer address
+ * as a fallback, but it'll likely return ENOTCONN,
+ * which we have to map to ECONNABORTED.
+ */
+ un_addr.sa_socklen = sizeof(struct sockaddr_un),
+ ret = libc_getpeername(fd, &un_addr.sa.s, &un_addr.sa_socklen);
+ if (ret == -1) {
+ int saved_errno = errno;
+ libc_close(fd);
+ if (saved_errno == ENOTCONN) {
+ /*
+ * If the connection is already disconnected
+ * we should return ECONNABORTED.
+ */
+ saved_errno = ECONNABORTED;
+ }
+ errno = saved_errno;
+ return ret;
+ }
+ }
+
+ ret = libc_getsockname(fd,
+ &un_my_addr.sa.s,
+ &un_my_addr.sa_socklen);
+ if (ret == -1) {
+ int saved_errno = errno;
+ libc_close(fd);
+ if (saved_errno == ENOTCONN) {
+ /*
+ * If the connection is already disconnected
+ * we should return ECONNABORTED.
+ */
+ saved_errno = ECONNABORTED;
+ }
+ errno = saved_errno;
+ return ret;
+ }
+
SWRAP_LOCK_SI(parent_si);
ret = sockaddr_convert_from_un(parent_si,
&in_addr.sa.s,
&in_addr.sa_socklen);
if (ret == -1) {
+ int saved_errno = errno;
SWRAP_UNLOCK_SI(parent_si);
- close(fd);
+ libc_close(fd);
+ errno = saved_errno;
return ret;
}
*addrlen = in_addr.sa_socklen;
}
- ret = libc_getsockname(fd,
- &un_my_addr.sa.s,
- &un_my_addr.sa_socklen);
- if (ret == -1) {
- close(fd);
- return ret;
- }
-
ret = sockaddr_convert_from_un(child_si,
&un_my_addr.sa.un,
un_my_addr.sa_socklen,
&in_my_addr.sa.s,
&in_my_addr.sa_socklen);
if (ret == -1) {
- close(fd);
+ int saved_errno = errno;
+ libc_close(fd);
+ errno = saved_errno;
return ret;
}
idx = swrap_create_socket(&new_si, fd);
if (idx == -1) {
- close (fd);
+ int saved_errno = errno;
+ libc_close(fd);
+ errno = saved_errno;
return -1;
}
char type;
int ret;
int port;
- struct stat st;
char *swrap_dir = NULL;
swrap_mutex_lock(&autobind_start_mutex);
type,
socket_wrapper_default_iface(),
port);
- if (stat(un_addr.sa.un.sun_path, &st) == 0) continue;
ret = libc_bind(fd, &un_addr.sa.s, un_addr.sa_socklen);
if (ret == -1) {
+ if (errno == EALREADY || errno == EADDRINUSE) {
+ continue;
+ }
goto done;
}
.sa_socklen = sizeof(struct sockaddr_un),
};
struct socket_info *si = find_socket_info(s);
+ struct swrap_sockaddr_buf buf = {};
int bcast = 0;
if (!si) {
}
SWRAP_LOG(SWRAP_LOG_TRACE,
- "connect() path=%s, fd=%d",
+ "connect(%s) path=%s, fd=%d",
+ swrap_sockaddr_string(&buf, serv_addr),
un_addr.sa.un.sun_path, s);
.sa_socklen = sizeof(struct sockaddr_un),
};
struct socket_info *si = find_socket_info(s);
+ struct swrap_sockaddr_buf buf = {};
+ int ret_errno = errno;
int bind_error = 0;
#if 0 /* FIXME */
bool in_use;
}
if (bind_error != 0) {
- errno = bind_error;
+ ret_errno = bind_error;
ret = -1;
goto out;
}
1,
&si->bcast);
if (ret == -1) {
+ ret_errno = errno;
goto out;
}
unlink(un_addr.sa.un.sun_path);
ret = libc_bind(s, &un_addr.sa.s, un_addr.sa_socklen);
+ if (ret == -1) {
+ ret_errno = errno;
+ }
SWRAP_LOG(SWRAP_LOG_TRACE,
- "bind() path=%s, fd=%d",
- un_addr.sa.un.sun_path, s);
+ "bind(%s) path=%s, fd=%d ret=%d ret_errno=%d",
+ swrap_sockaddr_string(&buf, myaddr),
+ un_addr.sa.un.sun_path, s, ret, ret_errno);
if (ret == 0) {
si->bound = 1;
out:
SWRAP_UNLOCK_SI(si);
-
+ errno = ret_errno;
return ret;
}
}
#endif /* HAVE_OPEN64 */
+/****************************************************************************
+ * OPENAT64
+ ***************************************************************************/
+
+#ifdef HAVE_OPENAT64
+static int
+swrap_vopenat64(int dirfd, const char *pathname, int flags, va_list ap)
+{
+ int ret;
+
+ ret = libc_vopenat64(dirfd, pathname, flags, ap);
+ if (ret != -1) {
+ /*
+ * There are methods for closing descriptors (libc-internal code
+ * paths, direct syscalls) which close descriptors in ways that
+ * we can't intercept, so try to recover when we notice that
+ * that's happened
+ */
+ swrap_remove_stale(ret);
+ }
+ return ret;
+}
+
+int openat64(int dirfd, const char *pathname, int flags, ...)
+{
+ va_list ap;
+ int fd;
+
+ va_start(ap, flags);
+ fd = swrap_vopenat64(dirfd, pathname, flags, ap);
+ va_end(ap);
+
+ return fd;
+}
+#endif /* HAVE_OPENAT64 */
+
/****************************************************************************
* OPENAT
***************************************************************************/
return rc;
}
-#endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
-
-static ssize_t swrap_sendmsg_before(int fd,
- struct socket_info *si,
- struct msghdr *msg,
- struct iovec *tmp_iov,
- struct sockaddr_un *tmp_un,
- const struct sockaddr_un **to_un,
- const struct sockaddr **to,
- int *bcast)
-{
- size_t i, len = 0;
- ssize_t ret = -1;
-
- if (to_un) {
- *to_un = NULL;
- }
- if (to) {
- *to = NULL;
- }
- if (bcast) {
- *bcast = 0;
- }
-
- SWRAP_LOCK_SI(si);
+static const uint64_t swrap_unix_scm_right_magic = 0x8e0e13f27c42fc36;
- switch (si->type) {
- case SOCK_STREAM: {
- unsigned long mtu;
+/*
+ * We only allow up to 6 fds at a time
+ * as that's more than enough for Samba
+ * and it means we can keep the logic simple
+ * and work with fixed size arrays.
+ *
+ * We also keep sizeof(struct swrap_unix_scm_rights)
+ * under PIPE_BUF (4096) in order to allow a non-blocking
+ * write into the pipe.
+ */
+#ifndef PIPE_BUF
+#define PIPE_BUF 4096
+#endif
+#define SWRAP_MAX_PASSED_FDS ((size_t)6)
+#define SWRAP_MAX_PASSED_SOCKET_INFO SWRAP_MAX_PASSED_FDS
+struct swrap_unix_scm_rights_payload {
+ uint8_t num_idxs;
+ int8_t idxs[SWRAP_MAX_PASSED_FDS];
+ struct socket_info infos[SWRAP_MAX_PASSED_SOCKET_INFO];
+};
+struct swrap_unix_scm_rights {
+ uint64_t magic;
+ char package_name[sizeof(SOCKET_WRAPPER_PACKAGE)];
+ char package_version[sizeof(SOCKET_WRAPPER_VERSION)];
+ uint32_t full_size;
+ uint32_t payload_size;
+ struct swrap_unix_scm_rights_payload payload;
+};
- if (!si->connected) {
- errno = ENOTCONN;
- goto out;
- }
+static void swrap_dec_fd_passed_array(size_t num, struct socket_info **array)
+{
+ int saved_errno = errno;
+ size_t i;
- if (msg->msg_iovlen == 0) {
- break;
+ for (i = 0; i < num; i++) {
+ struct socket_info *si = array[i];
+ if (si == NULL) {
+ continue;
}
- mtu = socket_wrapper_mtu();
- for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
- size_t nlen;
- nlen = len + msg->msg_iov[i].iov_len;
- if (nlen < len) {
- /* overflow */
- errno = EMSGSIZE;
- goto out;
- }
- if (nlen > mtu) {
- break;
- }
- }
- msg->msg_iovlen = i;
- if (msg->msg_iovlen == 0) {
- *tmp_iov = msg->msg_iov[0];
- tmp_iov->iov_len = MIN((size_t)tmp_iov->iov_len,
- (size_t)mtu);
- msg->msg_iov = tmp_iov;
- msg->msg_iovlen = 1;
+ SWRAP_LOCK_SI(si);
+ swrap_dec_refcount(si);
+ if (si->fd_passed > 0) {
+ si->fd_passed -= 1;
}
- break;
+ SWRAP_UNLOCK_SI(si);
+ array[i] = NULL;
}
- case SOCK_DGRAM:
- if (si->connected) {
- if (msg->msg_name != NULL) {
- /*
- * We are dealing with unix sockets and if we
- * are connected, we should only talk to the
- * connected unix path. Using the fd to send
- * to another server would be hard to achieve.
- */
- msg->msg_name = NULL;
- msg->msg_namelen = 0;
- }
- } else {
- const struct sockaddr *msg_name;
- msg_name = (const struct sockaddr *)msg->msg_name;
-
- if (msg_name == NULL) {
- errno = ENOTCONN;
- goto out;
- }
+ errno = saved_errno;
+}
- ret = sockaddr_convert_to_un(si, msg_name, msg->msg_namelen,
- tmp_un, 0, bcast);
- if (ret == -1) {
- goto out;
- }
-
- if (to_un) {
- *to_un = tmp_un;
- }
- if (to) {
- *to = msg_name;
- }
- msg->msg_name = tmp_un;
- msg->msg_namelen = sizeof(*tmp_un);
- }
+static void swrap_undo_si_idx_array(size_t num, int *array)
+{
+ int saved_errno = errno;
+ size_t i;
- if (si->bound == 0) {
- ret = swrap_auto_bind(fd, si, si->family);
- if (ret == -1) {
- SWRAP_UNLOCK_SI(si);
- if (errno == ENOTSOCK) {
- swrap_remove_stale(fd);
- ret = -ENOTSOCK;
- } else {
- SWRAP_LOG(SWRAP_LOG_ERROR, "swrap_sendmsg_before failed");
- }
- return ret;
- }
- }
+ swrap_mutex_lock(&first_free_mutex);
- if (!si->defer_connect) {
- break;
- }
+ for (i = 0; i < num; i++) {
+ struct socket_info *si = NULL;
- ret = sockaddr_convert_to_un(si,
- &si->peername.sa.s,
- si->peername.sa_socklen,
- tmp_un,
- 0,
- NULL);
- if (ret == -1) {
- goto out;
+ if (array[i] == -1) {
+ continue;
}
- ret = libc_connect(fd,
- (struct sockaddr *)(void *)tmp_un,
- sizeof(*tmp_un));
-
- /* to give better errors */
- if (ret == -1 && errno == ENOENT) {
- errno = EHOSTUNREACH;
+ si = swrap_get_socket_info(array[i]);
+ if (si == NULL) {
+ continue;
}
- if (ret == -1) {
- goto out;
- }
+ SWRAP_LOCK_SI(si);
+ swrap_dec_refcount(si);
+ SWRAP_UNLOCK_SI(si);
- si->defer_connect = 0;
- break;
- default:
- errno = EHOSTUNREACH;
- goto out;
+ swrap_set_next_free(si, first_free);
+ first_free = array[i];
+ array[i] = -1;
}
- ret = 0;
-out:
- SWRAP_UNLOCK_SI(si);
-
- return ret;
+ swrap_mutex_unlock(&first_free_mutex);
+ errno = saved_errno;
}
-static void swrap_sendmsg_after(int fd,
- struct socket_info *si,
- struct msghdr *msg,
- const struct sockaddr *to,
- ssize_t ret)
+static void swrap_close_fd_array(size_t num, const int *array)
{
int saved_errno = errno;
- size_t i, len = 0;
- uint8_t *buf;
- off_t ofs = 0;
- size_t avail = 0;
- size_t remain;
+ size_t i;
- /* to give better errors */
- if (ret == -1) {
- if (saved_errno == ENOENT) {
- saved_errno = EHOSTUNREACH;
- } else if (saved_errno == ENOTSOCK) {
- /* If the fd is not a socket, remove it */
- swrap_remove_stale(fd);
+ for (i = 0; i < num; i++) {
+ if (array[i] == -1) {
+ continue;
}
+ libc_close(array[i]);
}
- for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
- avail += msg->msg_iov[i].iov_len;
- }
+ errno = saved_errno;
+}
- if (ret == -1) {
- remain = MIN(80, avail);
- } else {
- remain = ret;
- }
+union __swrap_fds {
+ const uint8_t *p;
+ int *fds;
+};
- /* we capture it as one single packet */
- buf = (uint8_t *)malloc(remain);
- if (!buf) {
- /* we just not capture the packet */
- errno = saved_errno;
- return;
- }
+union __swrap_cmsghdr {
+ const uint8_t *p;
+ struct cmsghdr *cmsg;
+};
- for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
- size_t this_time = MIN(remain, (size_t)msg->msg_iov[i].iov_len);
- memcpy(buf + ofs,
- msg->msg_iov[i].iov_base,
- this_time);
- ofs += this_time;
- remain -= this_time;
- }
- len = ofs;
+static int swrap_sendmsg_unix_scm_rights(struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space,
+ int *scm_rights_pipe_fd)
+{
+ struct swrap_unix_scm_rights info;
+ struct swrap_unix_scm_rights_payload *payload = NULL;
+ int si_idx_array[SWRAP_MAX_PASSED_FDS];
+ struct socket_info *si_array[SWRAP_MAX_PASSED_FDS] = { NULL, };
+ size_t info_idx = 0;
+ size_t size_fds_in;
+ size_t num_fds_in;
+ union __swrap_fds __fds_in = { .p = NULL, };
+ const int *fds_in = NULL;
+ size_t num_fds_out;
+ size_t size_fds_out;
+ union __swrap_fds __fds_out = { .p = NULL, };
+ int *fds_out = NULL;
+ size_t cmsg_len;
+ size_t cmsg_space;
+ size_t new_cm_data_space;
+ union __swrap_cmsghdr __new_cmsg = { .p = NULL, };
+ struct cmsghdr *new_cmsg = NULL;
+ uint8_t *p = NULL;
+ size_t i;
+ int pipefd[2] = { -1, -1 };
+ int rc;
+ ssize_t sret;
- SWRAP_LOCK_SI(si);
+ /*
+ * We pass this a buffer to the kernel make sure any padding
+ * is also cleared.
+ */
+ ZERO_STRUCT(info);
+ info.magic = swrap_unix_scm_right_magic;
+ memcpy(info.package_name,
+ SOCKET_WRAPPER_PACKAGE,
+ sizeof(info.package_name));
+ memcpy(info.package_version,
+ SOCKET_WRAPPER_VERSION,
+ sizeof(info.package_version));
+ info.full_size = sizeof(info);
+ info.payload_size = sizeof(info.payload);
+ payload = &info.payload;
+
+ if (*scm_rights_pipe_fd != -1) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "Two SCM_RIGHTS headers are not supported by socket_wrapper");
+ errno = EINVAL;
+ return -1;
+ }
- switch (si->type) {
- case SOCK_STREAM:
- if (ret == -1) {
- swrap_pcap_dump_packet(si, NULL, SWRAP_SEND, buf, len);
- swrap_pcap_dump_packet(si, NULL, SWRAP_SEND_RST, NULL, 0);
- } else {
+ if (cmsg->cmsg_len < CMSG_LEN(0)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu < CMSG_LEN(0)=%zu",
+ (size_t)cmsg->cmsg_len,
+ CMSG_LEN(0));
+ errno = EINVAL;
+ return -1;
+ }
+ size_fds_in = cmsg->cmsg_len - CMSG_LEN(0);
+ if ((size_fds_in % sizeof(int)) != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu => (size_fds_in=%zu %% sizeof(int)=%zu) != 0",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ sizeof(int));
+ errno = EINVAL;
+ return -1;
+ }
+ num_fds_in = size_fds_in / sizeof(int);
+ if (num_fds_in > SWRAP_MAX_PASSED_FDS) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
+ "num_fds_in=%zu > "
+ "SWRAP_MAX_PASSED_FDS(%zu)",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ num_fds_in,
+ SWRAP_MAX_PASSED_FDS);
+ errno = EINVAL;
+ return -1;
+ }
+ if (num_fds_in == 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
+ "num_fds_in=%zu",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ num_fds_in);
+ errno = EINVAL;
+ return -1;
+ }
+ __fds_in.p = CMSG_DATA(cmsg);
+ fds_in = __fds_in.fds;
+ num_fds_out = num_fds_in + 1;
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "num_fds_in=%zu num_fds_out=%zu",
+ num_fds_in, num_fds_out);
+
+ size_fds_out = sizeof(int) * num_fds_out;
+ cmsg_len = CMSG_LEN(size_fds_out);
+ cmsg_space = CMSG_SPACE(size_fds_out);
+
+ new_cm_data_space = *cm_data_space + cmsg_space;
+
+ p = realloc((*cm_data), new_cm_data_space);
+ if (p == NULL) {
+ return -1;
+ }
+ (*cm_data) = p;
+ p = (*cm_data) + (*cm_data_space);
+ memset(p, 0, cmsg_space);
+ __new_cmsg.p = p;
+ new_cmsg = __new_cmsg.cmsg;
+ *new_cmsg = *cmsg;
+ __fds_out.p = CMSG_DATA(new_cmsg);
+ fds_out = __fds_out.fds;
+ memcpy(fds_out, fds_in, size_fds_in);
+ new_cmsg->cmsg_len = cmsg->cmsg_len;
+
+ for (i = 0; i < num_fds_in; i++) {
+ size_t j;
+
+ payload->idxs[i] = -1;
+ payload->num_idxs++;
+
+ si_idx_array[i] = find_socket_info_index(fds_in[i]);
+ if (si_idx_array[i] == -1) {
+ continue;
+ }
+
+ si_array[i] = swrap_get_socket_info(si_idx_array[i]);
+ if (si_array[i] == NULL) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "fds_in[%zu]=%d si_idx_array[%zu]=%d missing!",
+ i, fds_in[i], i, si_idx_array[i]);
+ errno = EINVAL;
+ return -1;
+ }
+
+ for (j = 0; j < i; j++) {
+ if (si_array[j] == si_array[i]) {
+ payload->idxs[i] = payload->idxs[j];
+ break;
+ }
+ }
+ if (payload->idxs[i] == -1) {
+ if (info_idx >= SWRAP_MAX_PASSED_SOCKET_INFO) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "fds_in[%zu]=%d,si_idx_array[%zu]=%d: "
+ "info_idx=%zu >= SWRAP_MAX_PASSED_FDS(%zu)!",
+ i, fds_in[i], i, si_idx_array[i],
+ info_idx,
+ SWRAP_MAX_PASSED_SOCKET_INFO);
+ errno = EINVAL;
+ return -1;
+ }
+ payload->idxs[i] = info_idx;
+ info_idx += 1;
+ continue;
+ }
+ }
+
+ for (i = 0; i < num_fds_in; i++) {
+ struct socket_info *si = si_array[i];
+
+ if (si == NULL) {
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fds_in[%zu]=%d not an inet socket",
+ i, fds_in[i]);
+ continue;
+ }
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fds_in[%zu]=%d si_idx_array[%zu]=%d "
+ "passing as info.idxs[%zu]=%d!",
+ i, fds_in[i],
+ i, si_idx_array[i],
+ i, payload->idxs[i]);
+
+ SWRAP_LOCK_SI(si);
+ si->fd_passed += 1;
+ payload->infos[payload->idxs[i]] = *si;
+ payload->infos[payload->idxs[i]].fd_passed = 0;
+ SWRAP_UNLOCK_SI(si);
+ }
+
+ rc = pipe(pipefd);
+ if (rc == -1) {
+ int saved_errno = errno;
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "pipe() failed - %d %s",
+ saved_errno,
+ strerror(saved_errno));
+ swrap_dec_fd_passed_array(num_fds_in, si_array);
+ errno = saved_errno;
+ return -1;
+ }
+
+ sret = libc_write(pipefd[1], &info, sizeof(info));
+ if (sret != sizeof(info)) {
+ int saved_errno = errno;
+ if (sret != -1) {
+ saved_errno = EINVAL;
+ }
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "write() failed - sret=%zd - %d %s",
+ sret, saved_errno,
+ strerror(saved_errno));
+ swrap_dec_fd_passed_array(num_fds_in, si_array);
+ libc_close(pipefd[1]);
+ libc_close(pipefd[0]);
+ errno = saved_errno;
+ return -1;
+ }
+ libc_close(pipefd[1]);
+
+ /*
+ * Add the pipe read end to the end of the passed fd array
+ */
+ fds_out[num_fds_in] = pipefd[0];
+ new_cmsg->cmsg_len = cmsg_len;
+
+ /* we're done ... */
+ *scm_rights_pipe_fd = pipefd[0];
+ *cm_data_space = new_cm_data_space;
+
+ return 0;
+}
+
+static int swrap_sendmsg_unix_sol_socket(struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space,
+ int *scm_rights_pipe_fd)
+{
+ int rc = -1;
+
+ switch (cmsg->cmsg_type) {
+ case SCM_RIGHTS:
+ rc = swrap_sendmsg_unix_scm_rights(cmsg,
+ cm_data,
+ cm_data_space,
+ scm_rights_pipe_fd);
+ break;
+ default:
+ rc = swrap_sendmsg_copy_cmsg(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ }
+
+ return rc;
+}
+
+static int swrap_recvmsg_unix_scm_rights(struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space)
+{
+ int scm_rights_pipe_fd = -1;
+ struct swrap_unix_scm_rights info;
+ struct swrap_unix_scm_rights_payload *payload = NULL;
+ int si_idx_array[SWRAP_MAX_PASSED_FDS];
+ size_t size_fds_in;
+ size_t num_fds_in;
+ union __swrap_fds __fds_in = { .p = NULL, };
+ const int *fds_in = NULL;
+ size_t num_fds_out;
+ size_t size_fds_out;
+ union __swrap_fds __fds_out = { .p = NULL, };
+ int *fds_out = NULL;
+ size_t cmsg_len;
+ size_t cmsg_space;
+ size_t new_cm_data_space;
+ union __swrap_cmsghdr __new_cmsg = { .p = NULL, };
+ struct cmsghdr *new_cmsg = NULL;
+ uint8_t *p = NULL;
+ ssize_t sret;
+ size_t i;
+ int cmp;
+
+ if (cmsg->cmsg_len < CMSG_LEN(0)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu < CMSG_LEN(0)=%zu",
+ (size_t)cmsg->cmsg_len,
+ CMSG_LEN(0));
+ errno = EINVAL;
+ return -1;
+ }
+ size_fds_in = cmsg->cmsg_len - CMSG_LEN(0);
+ if ((size_fds_in % sizeof(int)) != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu => (size_fds_in=%zu %% sizeof(int)=%zu) != 0",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ sizeof(int));
+ errno = EINVAL;
+ return -1;
+ }
+ num_fds_in = size_fds_in / sizeof(int);
+ if (num_fds_in > (SWRAP_MAX_PASSED_FDS + 1)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
+ "num_fds_in=%zu > SWRAP_MAX_PASSED_FDS+1(%zu)",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ num_fds_in,
+ SWRAP_MAX_PASSED_FDS+1);
+ errno = EINVAL;
+ return -1;
+ }
+ if (num_fds_in <= 1) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
+ "num_fds_in=%zu",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ num_fds_in);
+ errno = EINVAL;
+ return -1;
+ }
+ __fds_in.p = CMSG_DATA(cmsg);
+ fds_in = __fds_in.fds;
+ num_fds_out = num_fds_in - 1;
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "num_fds_in=%zu num_fds_out=%zu",
+ num_fds_in, num_fds_out);
+
+ for (i = 0; i < num_fds_in; i++) {
+ /* Check if we have a stale fd and remove it */
+ swrap_remove_stale(fds_in[i]);
+ }
+
+ scm_rights_pipe_fd = fds_in[num_fds_out];
+ size_fds_out = sizeof(int) * num_fds_out;
+ cmsg_len = CMSG_LEN(size_fds_out);
+ cmsg_space = CMSG_SPACE(size_fds_out);
+
+ new_cm_data_space = *cm_data_space + cmsg_space;
+
+ p = realloc((*cm_data), new_cm_data_space);
+ if (p == NULL) {
+ swrap_close_fd_array(num_fds_in, fds_in);
+ return -1;
+ }
+ (*cm_data) = p;
+ p = (*cm_data) + (*cm_data_space);
+ memset(p, 0, cmsg_space);
+ __new_cmsg.p = p;
+ new_cmsg = __new_cmsg.cmsg;
+ *new_cmsg = *cmsg;
+ __fds_out.p = CMSG_DATA(new_cmsg);
+ fds_out = __fds_out.fds;
+ memcpy(fds_out, fds_in, size_fds_out);
+ new_cmsg->cmsg_len = cmsg_len;
+
+ sret = read(scm_rights_pipe_fd, &info, sizeof(info));
+ if (sret != sizeof(info)) {
+ int saved_errno = errno;
+ if (sret != -1) {
+ saved_errno = EINVAL;
+ }
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "read() failed - sret=%zd - %d %s",
+ sret, saved_errno,
+ strerror(saved_errno));
+ swrap_close_fd_array(num_fds_in, fds_in);
+ errno = saved_errno;
+ return -1;
+ }
+ libc_close(scm_rights_pipe_fd);
+ payload = &info.payload;
+
+ if (info.magic != swrap_unix_scm_right_magic) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.magic=0x%llx != swrap_unix_scm_right_magic=0x%llx",
+ (unsigned long long)info.magic,
+ (unsigned long long)swrap_unix_scm_right_magic);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ cmp = memcmp(info.package_name,
+ SOCKET_WRAPPER_PACKAGE,
+ sizeof(info.package_name));
+ if (cmp != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.package_name='%.*s' != '%s'",
+ (int)sizeof(info.package_name),
+ info.package_name,
+ SOCKET_WRAPPER_PACKAGE);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ cmp = memcmp(info.package_version,
+ SOCKET_WRAPPER_VERSION,
+ sizeof(info.package_version));
+ if (cmp != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.package_version='%.*s' != '%s'",
+ (int)sizeof(info.package_version),
+ info.package_version,
+ SOCKET_WRAPPER_VERSION);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (info.full_size != sizeof(info)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.full_size=%zu != sizeof(info)=%zu",
+ (size_t)info.full_size,
+ sizeof(info));
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (info.payload_size != sizeof(info.payload)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.payload_size=%zu != sizeof(info.payload)=%zu",
+ (size_t)info.payload_size,
+ sizeof(info.payload));
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (payload->num_idxs != num_fds_out) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.num_idxs=%u != num_fds_out=%zu",
+ payload->num_idxs, num_fds_out);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ for (i = 0; i < num_fds_out; i++) {
+ size_t j;
+
+ si_idx_array[i] = -1;
+
+ if (payload->idxs[i] == -1) {
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fds_out[%zu]=%d not an inet socket",
+ i, fds_out[i]);
+ continue;
+ }
+
+ if (payload->idxs[i] < 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "fds_out[%zu]=%d info.idxs[%zu]=%d < 0!",
+ i, fds_out[i], i, payload->idxs[i]);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (payload->idxs[i] >= payload->num_idxs) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "fds_out[%zu]=%d info.idxs[%zu]=%d >= %u!",
+ i, fds_out[i], i, payload->idxs[i],
+ payload->num_idxs);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if ((size_t)fds_out[i] >= socket_fds_max) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ fds_out[i]);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EMFILE;
+ return -1;
+ }
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fds_in[%zu]=%d "
+ "received as info.idxs[%zu]=%d!",
+ i, fds_out[i],
+ i, payload->idxs[i]);
+
+ for (j = 0; j < i; j++) {
+ if (payload->idxs[j] == -1) {
+ continue;
+ }
+ if (payload->idxs[j] == payload->idxs[i]) {
+ si_idx_array[i] = si_idx_array[j];
+ }
+ }
+ if (si_idx_array[i] == -1) {
+ const struct socket_info *si = &payload->infos[payload->idxs[i]];
+
+ si_idx_array[i] = swrap_add_socket_info(si);
+ if (si_idx_array[i] == -1) {
+ int saved_errno = errno;
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ fds_out[i]);
+ swrap_undo_si_idx_array(i, si_idx_array);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = saved_errno;
+ return -1;
+ }
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "Imported %s socket for protocol %s, fd=%d",
+ si->family == AF_INET ? "IPv4" : "IPv6",
+ si->type == SOCK_DGRAM ? "UDP" : "TCP",
+ fds_out[i]);
+ }
+ }
+
+ for (i = 0; i < num_fds_out; i++) {
+ if (si_idx_array[i] == -1) {
+ continue;
+ }
+ set_socket_info_index(fds_out[i], si_idx_array[i]);
+ }
+
+ /* we're done ... */
+ *cm_data_space = new_cm_data_space;
+
+ return 0;
+}
+
+static int swrap_recvmsg_unix_sol_socket(struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space)
+{
+ int rc = -1;
+
+ switch (cmsg->cmsg_type) {
+ case SCM_RIGHTS:
+ rc = swrap_recvmsg_unix_scm_rights(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ default:
+ rc = swrap_sendmsg_copy_cmsg(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ }
+
+ return rc;
+}
+
+#endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+
+static int swrap_sendmsg_before_unix(const struct msghdr *_msg_in,
+ struct msghdr *msg_tmp,
+ int *scm_rights_pipe_fd)
+{
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ struct msghdr *msg_in = discard_const_p(struct msghdr, _msg_in);
+ struct cmsghdr *cmsg = NULL;
+ uint8_t *cm_data = NULL;
+ size_t cm_data_space = 0;
+ int rc = -1;
+
+ *msg_tmp = *msg_in;
+ *scm_rights_pipe_fd = -1;
+
+ /* Nothing to do */
+ if (msg_in->msg_controllen == 0 || msg_in->msg_control == NULL) {
+ return 0;
+ }
+
+ for (cmsg = CMSG_FIRSTHDR(msg_in);
+ cmsg != NULL;
+ cmsg = CMSG_NXTHDR(msg_in, cmsg)) {
+ switch (cmsg->cmsg_level) {
+ case SOL_SOCKET:
+ rc = swrap_sendmsg_unix_sol_socket(cmsg,
+ &cm_data,
+ &cm_data_space,
+ scm_rights_pipe_fd);
+ break;
+
+ default:
+ rc = swrap_sendmsg_copy_cmsg(cmsg,
+ &cm_data,
+ &cm_data_space);
+ break;
+ }
+ if (rc < 0) {
+ int saved_errno = errno;
+ SAFE_FREE(cm_data);
+ errno = saved_errno;
+ return rc;
+ }
+ }
+
+ msg_tmp->msg_controllen = cm_data_space;
+ msg_tmp->msg_control = cm_data;
+
+ return 0;
+#else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ *msg_tmp = *_msg_in;
+ return 0;
+#endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+}
+
+static ssize_t swrap_sendmsg_after_unix(struct msghdr *msg_tmp,
+ ssize_t ret,
+ int scm_rights_pipe_fd)
+{
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ int saved_errno = errno;
+ SAFE_FREE(msg_tmp->msg_control);
+ if (scm_rights_pipe_fd != -1) {
+ libc_close(scm_rights_pipe_fd);
+ }
+ errno = saved_errno;
+#endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ return ret;
+}
+
+static int swrap_recvmsg_before_unix(struct msghdr *msg_in,
+ struct msghdr *msg_tmp,
+ uint8_t **tmp_control)
+{
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ const size_t cm_extra_space = CMSG_SPACE(sizeof(int));
+ uint8_t *cm_data = NULL;
+ size_t cm_data_space = 0;
+
+ *msg_tmp = *msg_in;
+ *tmp_control = NULL;
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_in->msg_controllen=%zu",
+ (size_t)msg_in->msg_controllen);
+
+ /* Nothing to do */
+ if (msg_in->msg_controllen == 0 || msg_in->msg_control == NULL) {
+ return 0;
+ }
+
+ /*
+ * We need to give the kernel a bit more space in order
+ * recv the pipe fd, added by swrap_sendmsg_before_unix()).
+ * swrap_recvmsg_after_unix() will hide it again.
+ */
+ cm_data_space = msg_in->msg_controllen;
+ if (cm_data_space < (INT32_MAX - cm_extra_space)) {
+ cm_data_space += cm_extra_space;
+ }
+ cm_data = calloc(1, cm_data_space);
+ if (cm_data == NULL) {
+ return -1;
+ }
+
+ msg_tmp->msg_controllen = cm_data_space;
+ msg_tmp->msg_control = cm_data;
+ *tmp_control = cm_data;
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_tmp->msg_controllen=%zu",
+ (size_t)msg_tmp->msg_controllen);
+ return 0;
+#else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ *msg_tmp = *msg_in;
+ *tmp_control = NULL;
+ return 0;
+#endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+}
+
+static ssize_t swrap_recvmsg_after_unix(struct msghdr *msg_tmp,
+ uint8_t **tmp_control,
+ struct msghdr *msg_out,
+ ssize_t ret)
+{
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ struct cmsghdr *cmsg = NULL;
+ uint8_t *cm_data = NULL;
+ size_t cm_data_space = 0;
+ int rc = -1;
+
+ if (ret < 0) {
+ int saved_errno = errno;
+ SWRAP_LOG(SWRAP_LOG_TRACE, "ret=%zd - %d - %s", ret,
+ saved_errno, strerror(saved_errno));
+ SAFE_FREE(*tmp_control);
+ /* msg_out should not be touched on error */
+ errno = saved_errno;
+ return ret;
+ }
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_tmp->msg_controllen=%zu",
+ (size_t)msg_tmp->msg_controllen);
+
+ /* Nothing to do */
+ if (msg_tmp->msg_controllen == 0 || msg_tmp->msg_control == NULL) {
+ int saved_errno = errno;
+ *msg_out = *msg_tmp;
+ SAFE_FREE(*tmp_control);
+ errno = saved_errno;
+ return ret;
+ }
+
+ for (cmsg = CMSG_FIRSTHDR(msg_tmp);
+ cmsg != NULL;
+ cmsg = CMSG_NXTHDR(msg_tmp, cmsg)) {
+ switch (cmsg->cmsg_level) {
+ case SOL_SOCKET:
+ rc = swrap_recvmsg_unix_sol_socket(cmsg,
+ &cm_data,
+ &cm_data_space);
+ break;
+
+ default:
+ rc = swrap_sendmsg_copy_cmsg(cmsg,
+ &cm_data,
+ &cm_data_space);
+ break;
+ }
+ if (rc < 0) {
+ int saved_errno = errno;
+ SAFE_FREE(cm_data);
+ SAFE_FREE(*tmp_control);
+ errno = saved_errno;
+ return rc;
+ }
+ }
+
+ /*
+ * msg_tmp->msg_control (*tmp_control) was created by
+ * swrap_recvmsg_before_unix() and msg_out->msg_control
+ * is still the buffer of the caller.
+ */
+ msg_tmp->msg_control = msg_out->msg_control;
+ msg_tmp->msg_controllen = msg_out->msg_controllen;
+ *msg_out = *msg_tmp;
+
+ cm_data_space = MIN(cm_data_space, msg_out->msg_controllen);
+ memcpy(msg_out->msg_control, cm_data, cm_data_space);
+ msg_out->msg_controllen = cm_data_space;
+ SAFE_FREE(cm_data);
+ SAFE_FREE(*tmp_control);
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_out->msg_controllen=%zu",
+ (size_t)msg_out->msg_controllen);
+ return ret;
+#else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ int saved_errno = errno;
+ *msg_out = *msg_tmp;
+ SAFE_FREE(*tmp_control);
+ errno = saved_errno;
+ return ret;
+#endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+}
+
+static ssize_t swrap_sendmsg_before(int fd,
+ struct socket_info *si,
+ struct msghdr *msg,
+ struct iovec *tmp_iov,
+ struct sockaddr_un *tmp_un,
+ const struct sockaddr_un **to_un,
+ const struct sockaddr **to,
+ int *bcast)
+{
+ size_t i, len = 0;
+ ssize_t ret = -1;
+ struct swrap_sockaddr_buf buf = {};
+
+ if (to_un) {
+ *to_un = NULL;
+ }
+ if (to) {
+ *to = NULL;
+ }
+ if (bcast) {
+ *bcast = 0;
+ }
+
+ SWRAP_LOCK_SI(si);
+
+ switch (si->type) {
+ case SOCK_STREAM: {
+ unsigned long mtu;
+
+ if (!si->connected) {
+ errno = ENOTCONN;
+ goto out;
+ }
+
+ if (msg->msg_iovlen == 0) {
+ break;
+ }
+
+ mtu = socket_wrapper_mtu();
+ for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
+ size_t nlen;
+ nlen = len + msg->msg_iov[i].iov_len;
+ if (nlen < len) {
+ /* overflow */
+ errno = EMSGSIZE;
+ goto out;
+ }
+ if (nlen > mtu) {
+ break;
+ }
+ }
+ msg->msg_iovlen = i;
+ if (msg->msg_iovlen == 0) {
+ *tmp_iov = msg->msg_iov[0];
+ tmp_iov->iov_len = MIN((size_t)tmp_iov->iov_len,
+ (size_t)mtu);
+ msg->msg_iov = tmp_iov;
+ msg->msg_iovlen = 1;
+ }
+ break;
+ }
+ case SOCK_DGRAM:
+ if (si->connected) {
+ if (msg->msg_name != NULL) {
+ /*
+ * We are dealing with unix sockets and if we
+ * are connected, we should only talk to the
+ * connected unix path. Using the fd to send
+ * to another server would be hard to achieve.
+ */
+ msg->msg_name = NULL;
+ msg->msg_namelen = 0;
+ }
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "connected(%s) fd=%d",
+ swrap_sockaddr_string(&buf, &si->peername.sa.s),
+ fd);
+ } else {
+ const struct sockaddr *msg_name;
+ msg_name = (const struct sockaddr *)msg->msg_name;
+
+ if (msg_name == NULL) {
+ errno = ENOTCONN;
+ goto out;
+ }
+
+
+ ret = sockaddr_convert_to_un(si, msg_name, msg->msg_namelen,
+ tmp_un, 0, bcast);
+ if (ret == -1) {
+ goto out;
+ }
+
+ if (to_un) {
+ *to_un = tmp_un;
+ }
+ if (to) {
+ *to = msg_name;
+ }
+ msg->msg_name = tmp_un;
+ msg->msg_namelen = sizeof(*tmp_un);
+ }
+
+ if (si->bound == 0) {
+ ret = swrap_auto_bind(fd, si, si->family);
+ if (ret == -1) {
+ SWRAP_UNLOCK_SI(si);
+ if (errno == ENOTSOCK) {
+ swrap_remove_stale(fd);
+ ret = -ENOTSOCK;
+ } else {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "swrap_sendmsg_before failed");
+ }
+ return ret;
+ }
+ }
+
+ if (!si->defer_connect) {
+ break;
+ }
+
+ ret = sockaddr_convert_to_un(si,
+ &si->peername.sa.s,
+ si->peername.sa_socklen,
+ tmp_un,
+ 0,
+ NULL);
+ if (ret == -1) {
+ goto out;
+ }
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "deferred connect(%s) path=%s, fd=%d",
+ swrap_sockaddr_string(&buf, &si->peername.sa.s),
+ tmp_un->sun_path, fd);
+
+ ret = libc_connect(fd,
+ (struct sockaddr *)(void *)tmp_un,
+ sizeof(*tmp_un));
+
+ /* to give better errors */
+ if (ret == -1 && errno == ENOENT) {
+ errno = EHOSTUNREACH;
+ }
+
+ if (ret == -1) {
+ goto out;
+ }
+
+ si->defer_connect = 0;
+ break;
+ default:
+ errno = EHOSTUNREACH;
+ goto out;
+ }
+
+ ret = 0;
+out:
+ SWRAP_UNLOCK_SI(si);
+
+ return ret;
+}
+
+static void swrap_sendmsg_after(int fd,
+ struct socket_info *si,
+ struct msghdr *msg,
+ const struct sockaddr *to,
+ ssize_t ret)
+{
+ int saved_errno = errno;
+ size_t i, len = 0;
+ uint8_t *buf;
+ off_t ofs = 0;
+ size_t avail = 0;
+ size_t remain;
+
+ /* to give better errors */
+ if (ret == -1) {
+ if (saved_errno == ENOENT) {
+ saved_errno = EHOSTUNREACH;
+ } else if (saved_errno == ENOTSOCK) {
+ /* If the fd is not a socket, remove it */
+ swrap_remove_stale(fd);
+ }
+ }
+
+ for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
+ avail += msg->msg_iov[i].iov_len;
+ }
+
+ if (ret == -1) {
+ remain = MIN(80, avail);
+ } else {
+ remain = ret;
+ }
+
+ /* we capture it as one single packet */
+ buf = (uint8_t *)malloc(remain);
+ if (!buf) {
+ /* we just not capture the packet */
+ errno = saved_errno;
+ return;
+ }
+
+ for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
+ size_t this_time = MIN(remain, (size_t)msg->msg_iov[i].iov_len);
+ if (this_time > 0) {
+ memcpy(buf + ofs,
+ msg->msg_iov[i].iov_base,
+ this_time);
+ }
+ ofs += this_time;
+ remain -= this_time;
+ }
+ len = ofs;
+
+ SWRAP_LOCK_SI(si);
+
+ switch (si->type) {
+ case SOCK_STREAM:
+ if (ret == -1) {
+ swrap_pcap_dump_packet(si, NULL, SWRAP_SEND, buf, len);
+ swrap_pcap_dump_packet(si, NULL, SWRAP_SEND_RST, NULL, 0);
+ } else {
swrap_pcap_dump_packet(si, NULL, SWRAP_SEND, buf, len);
}
break;
si = find_socket_info(s);
if (si == NULL) {
- return libc_recvmsg(s, omsg, flags);
+ uint8_t *tmp_control = NULL;
+ rc = swrap_recvmsg_before_unix(omsg, &msg, &tmp_control);
+ if (rc < 0) {
+ return rc;
+ }
+ ret = libc_recvmsg(s, &msg, flags);
+ return swrap_recvmsg_after_unix(&msg, &tmp_control, omsg, ret);
}
tmp.iov_base = NULL;
return swrap_recvmsg(sockfd, msg, flags);
}
+/****************************************************************************
+ * RECVMMSG
+ ***************************************************************************/
+
+#ifdef HAVE_RECVMMSG
+#if defined(HAVE_RECVMMSG_SSIZE_T_CONST_TIMEOUT)
+/* FreeBSD */
+static ssize_t swrap_recvmmsg(int s, struct mmsghdr *omsgvec, size_t _vlen, int flags, const struct timespec *timeout)
+#elif defined(HAVE_RECVMMSG_CONST_TIMEOUT)
+/* Linux legacy glibc < 2.21 */
+static int swrap_recvmmsg(int s, struct mmsghdr *omsgvec, unsigned int _vlen, int flags, const struct timespec *timeout)
+#else
+/* Linux glibc >= 2.21 */
+static int swrap_recvmmsg(int s, struct mmsghdr *omsgvec, unsigned int _vlen, int flags, struct timespec *timeout)
+#endif
+{
+ struct socket_info *si = find_socket_info(s);
+#define __SWRAP_RECVMMSG_MAX_VLEN 16
+ struct mmsghdr msgvec[__SWRAP_RECVMMSG_MAX_VLEN] = {};
+ struct {
+ struct iovec iov;
+ struct swrap_address from_addr;
+ struct swrap_address convert_addr;
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ size_t msg_ctrllen_filled;
+ size_t msg_ctrllen_left;
+#endif
+ } tmp[__SWRAP_RECVMMSG_MAX_VLEN] = {};
+ int vlen;
+ int i;
+ int ret;
+ int rc;
+ int saved_errno;
+
+ if (_vlen > __SWRAP_RECVMMSG_MAX_VLEN) {
+ vlen = __SWRAP_RECVMMSG_MAX_VLEN;
+ } else {
+ vlen = _vlen;
+ }
+
+ if (si == NULL) {
+ uint8_t *tmp_control[__SWRAP_RECVMMSG_MAX_VLEN] = { NULL, };
+
+ for (i = 0; i < vlen; i++) {
+ struct msghdr *omsg = &omsgvec[i].msg_hdr;
+ struct msghdr *msg = &msgvec[i].msg_hdr;
+
+ rc = swrap_recvmsg_before_unix(omsg, msg,
+ &tmp_control[i]);
+ if (rc < 0) {
+ ret = rc;
+ goto fail_libc;
+ }
+ }
+
+ ret = libc_recvmmsg(s, msgvec, vlen, flags, timeout);
+ if (ret < 0) {
+ goto fail_libc;
+ }
+
+ for (i = 0; i < ret; i++) {
+ omsgvec[i].msg_len = msgvec[i].msg_len;
+ }
+
+fail_libc:
+ saved_errno = errno;
+ for (i = 0; i < vlen; i++) {
+ struct msghdr *omsg = &omsgvec[i].msg_hdr;
+ struct msghdr *msg = &msgvec[i].msg_hdr;
+
+ if (i == 0 || i < ret) {
+ swrap_recvmsg_after_unix(msg, &tmp_control[i], omsg, ret);
+ }
+ SAFE_FREE(tmp_control[i]);
+ }
+ errno = saved_errno;
+
+ return ret;
+ }
+
+ for (i = 0; i < vlen; i++) {
+ struct msghdr *omsg = &omsgvec[i].msg_hdr;
+ struct msghdr *msg = &msgvec[i].msg_hdr;
+
+ tmp[i].from_addr.sa_socklen = sizeof(struct sockaddr_un);
+ tmp[i].convert_addr.sa_socklen = sizeof(struct sockaddr_storage);
+
+ msg->msg_name = &tmp[i].from_addr.sa; /* optional address */
+ msg->msg_namelen = tmp[i].from_addr.sa_socklen; /* size of address */
+ msg->msg_iov = omsg->msg_iov; /* scatter/gather array */
+ msg->msg_iovlen = omsg->msg_iovlen; /* # elements in msg_iov */
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ tmp[i].msg_ctrllen_filled = 0;
+ tmp[i].msg_ctrllen_left = omsg->msg_controllen;
+
+ msg->msg_control = omsg->msg_control; /* ancillary data, see below */
+ msg->msg_controllen = omsg->msg_controllen; /* ancillary data buffer len */
+ msg->msg_flags = omsg->msg_flags; /* flags on received message */
+#endif
+
+ rc = swrap_recvmsg_before(s, si, msg, &tmp[i].iov);
+ if (rc < 0) {
+ ret = rc;
+ goto fail_swrap;
+ }
+ }
+
+ ret = libc_recvmmsg(s, msgvec, vlen, flags, timeout);
+ if (ret < 0) {
+ goto fail_swrap;
+ }
+
+ for (i = 0; i < ret; i++) {
+ omsgvec[i].msg_len = msgvec[i].msg_len;
+ }
+
+fail_swrap:
+
+ saved_errno = errno;
+ for (i = 0; i < vlen; i++) {
+ struct msghdr *omsg = &omsgvec[i].msg_hdr;
+ struct msghdr *msg = &msgvec[i].msg_hdr;
+
+ if (!(i == 0 || i < ret)) {
+ break;
+ }
+
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ tmp[i].msg_ctrllen_filled += msg->msg_controllen;
+ tmp[i].msg_ctrllen_left -= msg->msg_controllen;
+
+ if (omsg->msg_control != NULL) {
+ uint8_t *p;
+
+ p = omsg->msg_control;
+ p += tmp[i].msg_ctrllen_filled;
+
+ msg->msg_control = p;
+ msg->msg_controllen = tmp[i].msg_ctrllen_left;
+ } else {
+ msg->msg_control = NULL;
+ msg->msg_controllen = 0;
+ }
+#endif
+
+ /*
+ * We convert the unix address to a IP address so we need a buffer
+ * which can store the address in case of SOCK_DGRAM, see below.
+ */
+ msg->msg_name = &tmp[i].convert_addr.sa;
+ msg->msg_namelen = tmp[i].convert_addr.sa_socklen;
+
+ swrap_recvmsg_after(s, si, msg,
+ &tmp[i].from_addr.sa.un,
+ tmp[i].from_addr.sa_socklen,
+ ret);
+
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ if (omsg->msg_control != NULL) {
+ /* msg->msg_controllen = space left */
+ tmp[i].msg_ctrllen_left = msg->msg_controllen;
+ tmp[i].msg_ctrllen_filled = omsg->msg_controllen - tmp[i].msg_ctrllen_left;
+ }
+
+ /* Update the original message length */
+ omsg->msg_controllen = tmp[i].msg_ctrllen_filled;
+ omsg->msg_flags = msg->msg_flags;
+#endif
+ omsg->msg_iovlen = msg->msg_iovlen;
+
+ SWRAP_LOCK_SI(si);
+
+ /*
+ * From the manpage:
+ *
+ * The msg_name field points to a caller-allocated buffer that is
+ * used to return the source address if the socket is unconnected. The
+ * caller should set msg_namelen to the size of this buffer before this
+ * call; upon return from a successful call, msg_name will contain the
+ * length of the returned address. If the application does not need
+ * to know the source address, msg_name can be specified as NULL.
+ */
+ if (si->type == SOCK_STREAM) {
+ omsg->msg_namelen = 0;
+ } else if (omsg->msg_name != NULL &&
+ omsg->msg_namelen != 0 &&
+ omsg->msg_namelen >= msg->msg_namelen) {
+ memcpy(omsg->msg_name, msg->msg_name, msg->msg_namelen);
+ omsg->msg_namelen = msg->msg_namelen;
+ }
+
+ SWRAP_UNLOCK_SI(si);
+ }
+ errno = saved_errno;
+
+ return ret;
+}
+
+#if defined(HAVE_RECVMMSG_SSIZE_T_CONST_TIMEOUT)
+/* FreeBSD */
+ssize_t recvmmsg(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags, const struct timespec *timeout)
+#elif defined(HAVE_RECVMMSG_CONST_TIMEOUT)
+/* Linux legacy glibc < 2.21 */
+int recvmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, const struct timespec *timeout)
+#else
+/* Linux glibc >= 2.21 */
+int recvmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, struct timespec *timeout)
+#endif
+{
+ return swrap_recvmmsg(sockfd, msgvec, vlen, flags, timeout);
+}
+#endif /* HAVE_RECVMMSG */
+
/****************************************************************************
* SENDMSG
***************************************************************************/
int bcast = 0;
if (!si) {
- return libc_sendmsg(s, omsg, flags);
+ int scm_rights_pipe_fd = -1;
+
+ rc = swrap_sendmsg_before_unix(omsg, &msg,
+ &scm_rights_pipe_fd);
+ if (rc < 0) {
+ return rc;
+ }
+ ret = libc_sendmsg(s, &msg, flags);
+ return swrap_sendmsg_after_unix(&msg, ret, scm_rights_pipe_fd);
}
ZERO_STRUCT(un_addr);
SAFE_FREE(msg.msg_control);
#endif
errno = saved_errno;
- return -1;
+ return -1;
+ }
+
+ if (bcast) {
+ struct stat st;
+ unsigned int iface;
+ unsigned int prt = ntohs(((const struct sockaddr_in *)(const void *)to)->sin_port);
+ char type;
+ size_t i, len = 0;
+ uint8_t *buf;
+ off_t ofs = 0;
+ size_t avail = 0;
+ size_t remain;
+ char *swrap_dir = NULL;
+
+ for (i = 0; i < (size_t)msg.msg_iovlen; i++) {
+ avail += msg.msg_iov[i].iov_len;
+ }
+
+ len = avail;
+ remain = avail;
+
+ /* we capture it as one single packet */
+ buf = (uint8_t *)malloc(remain);
+ if (!buf) {
+ int saved_errno = errno;
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ SAFE_FREE(msg.msg_control);
+#endif
+ errno = saved_errno;
+ return -1;
+ }
+
+ for (i = 0; i < (size_t)msg.msg_iovlen; i++) {
+ size_t this_time = MIN(remain, (size_t)msg.msg_iov[i].iov_len);
+ memcpy(buf + ofs,
+ msg.msg_iov[i].iov_base,
+ this_time);
+ ofs += this_time;
+ remain -= this_time;
+ }
+
+ type = SOCKET_TYPE_CHAR_UDP;
+
+ swrap_dir = socket_wrapper_dir();
+ if (swrap_dir == NULL) {
+ int saved_errno = errno;
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ SAFE_FREE(msg.msg_control);
+#endif
+ SAFE_FREE(buf);
+ errno = saved_errno;
+ return -1;
+ }
+
+ for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
+ swrap_un_path(&un_addr, swrap_dir, type, iface, prt);
+ if (stat(un_addr.sun_path, &st) != 0) continue;
+
+ msg.msg_name = &un_addr; /* optional address */
+ msg.msg_namelen = sizeof(un_addr); /* size of address */
+
+ /* ignore the any errors in broadcast sends */
+ libc_sendmsg(s, &msg, flags);
+ }
+
+ SAFE_FREE(swrap_dir);
+
+ SWRAP_LOCK_SI(si);
+
+ swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
+ free(buf);
+
+ SWRAP_UNLOCK_SI(si);
+
+ return len;
+ }
+
+ ret = libc_sendmsg(s, &msg, flags);
+
+ swrap_sendmsg_after(s, si, &msg, to, ret);
+
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ {
+ int saved_errno = errno;
+ SAFE_FREE(msg.msg_control);
+ errno = saved_errno;
+ }
+#endif
+
+ return ret;
+}
+
+ssize_t sendmsg(int s, const struct msghdr *omsg, int flags)
+{
+ return swrap_sendmsg(s, omsg, flags);
+}
+
+/****************************************************************************
+ * SENDMMSG
+ ***************************************************************************/
+
+#ifdef HAVE_SENDMMSG
+#if defined(HAVE_SENDMMSG_SSIZE_T)
+/* FreeBSD */
+static ssize_t swrap_sendmmsg(int s, struct mmsghdr *omsgvec, size_t _vlen, int flags)
+#else
+/* Linux */
+static int swrap_sendmmsg(int s, struct mmsghdr *omsgvec, unsigned int _vlen, int flags)
+#endif
+{
+ struct socket_info *si = find_socket_info(s);
+#define __SWRAP_SENDMMSG_MAX_VLEN 16
+ struct mmsghdr msgvec[__SWRAP_SENDMMSG_MAX_VLEN] = {};
+ struct {
+ struct iovec iov;
+ struct sockaddr_un un_addr;
+ const struct sockaddr_un *to_un;
+ const struct sockaddr *to;
+ int bcast;
+ } tmp[__SWRAP_SENDMMSG_MAX_VLEN] = {};
+ int vlen;
+ int i;
+ char *swrap_dir = NULL;
+ int connected = 0;
+ int found_bcast = 0;
+ int ret;
+ int rc;
+ int saved_errno;
+
+ if (_vlen > __SWRAP_SENDMMSG_MAX_VLEN) {
+ vlen = __SWRAP_SENDMMSG_MAX_VLEN;
+ } else {
+ vlen = _vlen;
+ }
+
+ if (!si) {
+ int scm_rights_pipe_fd[__SWRAP_SENDMMSG_MAX_VLEN];
+
+ for (i = 0; i < __SWRAP_SENDMMSG_MAX_VLEN; i++) {
+ scm_rights_pipe_fd[i] = -1;
+ }
+
+ for (i = 0; i < vlen; i++) {
+ struct msghdr *omsg = &omsgvec[i].msg_hdr;
+ struct msghdr *msg = &msgvec[i].msg_hdr;
+
+ rc = swrap_sendmsg_before_unix(omsg, msg,
+ &scm_rights_pipe_fd[i]);
+ if (rc < 0) {
+ ret = rc;
+ goto fail_libc;
+ }
+ }
+
+ ret = libc_sendmmsg(s, msgvec, vlen, flags);
+ if (ret < 0) {
+ goto fail_libc;
+ }
+
+ for (i = 0; i < ret; i++) {
+ omsgvec[i].msg_len = msgvec[i].msg_len;
+ }
+
+fail_libc:
+ saved_errno = errno;
+ for (i = 0; i < vlen; i++) {
+ struct msghdr *msg = &msgvec[i].msg_hdr;
+
+ swrap_sendmsg_after_unix(msg, ret,
+ scm_rights_pipe_fd[i]);
+ }
+ errno = saved_errno;
+
+ return ret;
}
- if (bcast) {
- struct stat st;
- unsigned int iface;
- unsigned int prt = ntohs(((const struct sockaddr_in *)(const void *)to)->sin_port);
- char type;
- size_t i, len = 0;
- uint8_t *buf;
- off_t ofs = 0;
- size_t avail = 0;
- size_t remain;
- char *swrap_dir = NULL;
+ SWRAP_LOCK_SI(si);
+ connected = si->connected;
+ SWRAP_UNLOCK_SI(si);
- for (i = 0; i < (size_t)msg.msg_iovlen; i++) {
- avail += msg.msg_iov[i].iov_len;
- }
+ for (i = 0; i < vlen; i++) {
+ struct msghdr *omsg = &omsgvec[i].msg_hdr;
+ struct msghdr *msg = &msgvec[i].msg_hdr;
- len = avail;
- remain = avail;
+ if (connected == 0) {
+ msg->msg_name = omsg->msg_name; /* optional address */
+ msg->msg_namelen = omsg->msg_namelen; /* size of address */
+ }
+ msg->msg_iov = omsg->msg_iov; /* scatter/gather array */
+ msg->msg_iovlen = omsg->msg_iovlen; /* # elements in msg_iov */
- /* we capture it as one single packet */
- buf = (uint8_t *)malloc(remain);
- if (!buf) {
- int saved_errno = errno;
#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
- SAFE_FREE(msg.msg_control);
+ if (omsg->msg_controllen > 0 && omsg->msg_control != NULL) {
+ uint8_t *cmbuf = NULL;
+ size_t cmlen = 0;
+
+ rc = swrap_sendmsg_filter_cmsghdr(omsg, &cmbuf, &cmlen);
+ if (rc < 0) {
+ ret = rc;
+ goto fail_swrap;
+ }
+
+ if (cmlen != 0) {
+ msg->msg_control = cmbuf;
+ msg->msg_controllen = cmlen;
+ }
+ }
+ msg->msg_flags = omsg->msg_flags; /* flags on received message */
#endif
- errno = saved_errno;
- return -1;
+
+ rc = swrap_sendmsg_before(s, si, msg,
+ &tmp[i].iov,
+ &tmp[i].un_addr,
+ &tmp[i].to_un,
+ &tmp[i].to,
+ &tmp[i].bcast);
+ if (rc < 0) {
+ ret = rc;
+ goto fail_swrap;
}
- for (i = 0; i < (size_t)msg.msg_iovlen; i++) {
- size_t this_time = MIN(remain, (size_t)msg.msg_iov[i].iov_len);
- memcpy(buf + ofs,
- msg.msg_iov[i].iov_base,
- this_time);
- ofs += this_time;
- remain -= this_time;
+ if (tmp[i].bcast) {
+ found_bcast = 1;
}
+ }
- type = SOCKET_TYPE_CHAR_UDP;
+ if (found_bcast) {
swrap_dir = socket_wrapper_dir();
if (swrap_dir == NULL) {
- int saved_errno = errno;
-#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
- SAFE_FREE(msg.msg_control);
-#endif
- SAFE_FREE(buf);
- errno = saved_errno;
- return -1;
- }
+ ret = -1;
+ goto fail_swrap;
+ }
+
+ for (i = 0; i < vlen; i++) {
+ struct msghdr *msg = &msgvec[i].msg_hdr;
+ struct sockaddr_un *un_addr = &tmp[i].un_addr;
+ const struct sockaddr *to = tmp[i].to;
+ struct stat st;
+ unsigned int iface;
+ unsigned int prt = ntohs(((const struct sockaddr_in *)(const void *)to)->sin_port);
+ char type;
+ size_t l, len = 0;
+ uint8_t *buf;
+ off_t ofs = 0;
+ size_t avail = 0;
+ size_t remain;
+
+ for (l = 0; l < (size_t)msg->msg_iovlen; l++) {
+ avail += msg->msg_iov[l].iov_len;
+ }
- for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
- swrap_un_path(&un_addr, swrap_dir, type, iface, prt);
- if (stat(un_addr.sun_path, &st) != 0) continue;
+ len = avail;
+ remain = avail;
- msg.msg_name = &un_addr; /* optional address */
- msg.msg_namelen = sizeof(un_addr); /* size of address */
+ /* we capture it as one single packet */
+ buf = (uint8_t *)malloc(remain);
+ if (!buf) {
+ ret = -1;
+ goto fail_swrap;
+ }
- /* ignore the any errors in broadcast sends */
- libc_sendmsg(s, &msg, flags);
- }
+ for (l = 0; l < (size_t)msg->msg_iovlen; l++) {
+ size_t this_time = MIN(remain, (size_t)msg->msg_iov[l].iov_len);
+ memcpy(buf + ofs,
+ msg->msg_iov[l].iov_base,
+ this_time);
+ ofs += this_time;
+ remain -= this_time;
+ }
- SAFE_FREE(swrap_dir);
+ type = SOCKET_TYPE_CHAR_UDP;
- SWRAP_LOCK_SI(si);
+ for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
+ swrap_un_path(un_addr, swrap_dir, type, iface, prt);
+ if (stat(un_addr->sun_path, &st) != 0) continue;
- swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
- free(buf);
+ msg->msg_name = un_addr; /* optional address */
+ msg->msg_namelen = sizeof(*un_addr); /* size of address */
- SWRAP_UNLOCK_SI(si);
+ /*
+ * ignore the any errors in broadcast sends and
+ * do a single sendmsg instead of sendmmsg
+ */
+ libc_sendmsg(s, msg, flags);
+ }
- return len;
+ SWRAP_LOCK_SI(si);
+ swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
+ SWRAP_UNLOCK_SI(si);
+
+ SAFE_FREE(buf);
+
+ msgvec[i].msg_len = len;
+ }
+
+ ret = vlen;
+ goto bcast_done;
}
- ret = libc_sendmsg(s, &msg, flags);
+ ret = libc_sendmmsg(s, msgvec, vlen, flags);
+ if (ret < 0) {
+ goto fail_swrap;
+ }
- swrap_sendmsg_after(s, si, &msg, to, ret);
+bcast_done:
+ for (i = 0; i < ret; i++) {
+ omsgvec[i].msg_len = msgvec[i].msg_len;
+ }
+
+fail_swrap:
+ saved_errno = errno;
+ for (i = 0; i < vlen; i++) {
+ struct msghdr *msg = &msgvec[i].msg_hdr;
+ if (i == 0 || i < ret) {
+ swrap_sendmsg_after(s, si, msg, tmp[i].to, ret);
+ }
#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
- {
- int saved_errno = errno;
- SAFE_FREE(msg.msg_control);
- errno = saved_errno;
- }
+ SAFE_FREE(msg->msg_control);
#endif
+ }
+ SAFE_FREE(swrap_dir);
+ errno = saved_errno;
return ret;
}
-ssize_t sendmsg(int s, const struct msghdr *omsg, int flags)
+#if defined(HAVE_SENDMMSG_SSIZE_T)
+/* FreeBSD */
+ssize_t sendmmsg(int s, struct mmsghdr *msgvec, size_t vlen, int flags)
+#else
+/* Linux */
+int sendmmsg(int s, struct mmsghdr *msgvec, unsigned int vlen, int flags)
+#endif
{
- return swrap_sendmsg(s, omsg, flags);
+ return swrap_sendmmsg(s, msgvec, vlen, flags);
}
+#endif /* HAVE_SENDMMSG */
/****************************************************************************
* READV
* CLOSE
***************************/
-static int swrap_close(int fd)
+static int swrap_remove_wrapper(const char *__func_name,
+ int (*__close_fd_fn)(int fd),
+ int fd)
{
struct socket_info *si = NULL;
int si_index;
+ int ret_errno = errno;
int ret;
swrap_mutex_lock(&socket_reset_mutex);
si_index = find_socket_info_index(fd);
if (si_index == -1) {
swrap_mutex_unlock(&socket_reset_mutex);
- return libc_close(fd);
+ return __close_fd_fn(fd);
}
- SWRAP_LOG(SWRAP_LOG_TRACE, "Close wrapper for fd=%d", fd);
+ swrap_log(SWRAP_LOG_TRACE, __func_name, "Remove wrapper for fd=%d", fd);
reset_socket_info_index(fd);
si = swrap_get_socket_info(si_index);
swrap_mutex_lock(&first_free_mutex);
SWRAP_LOCK_SI(si);
- ret = libc_close(fd);
+ ret = __close_fd_fn(fd);
+ if (ret == -1) {
+ ret_errno = errno;
+ }
swrap_dec_refcount(si);
goto out;
}
+ if (si->fd_passed) {
+ goto set_next_free;
+ }
+
if (si->myname.sa_socklen > 0 && si->peername.sa_socklen > 0) {
swrap_pcap_dump_packet(si, NULL, SWRAP_CLOSE_SEND, NULL, 0);
}
unlink(si->un_addr.sun_path);
}
+set_next_free:
swrap_set_next_free(si, first_free);
first_free = si_index;
swrap_mutex_unlock(&first_free_mutex);
swrap_mutex_unlock(&socket_reset_mutex);
+ errno = ret_errno;
return ret;
}
+static int swrap_noop_close(int fd)
+{
+ (void)fd; /* unused */
+ return 0;
+}
+
+static void swrap_remove_stale(int fd)
+{
+ swrap_remove_wrapper(__func__, swrap_noop_close, fd);
+}
+
+/*
+ * This allows socket_wrapper aware applications to
+ * indicate that the given fd does not belong to
+ * an inet socket.
+ *
+ * We already overload a lot of unrelated functions
+ * like eventfd(), timerfd_create(), ... in order to
+ * call swrap_remove_stale() on the returned fd, but
+ * we'll never be able to handle all possible syscalls.
+ *
+ * socket_wrapper_indicate_no_inet_fd() gives them a way
+ * to do the same.
+ *
+ * We don't export swrap_remove_stale() in order to
+ * make it easier to analyze SOCKET_WRAPPER_DEBUGLEVEL=3
+ * log files.
+ */
+void socket_wrapper_indicate_no_inet_fd(int fd)
+{
+ swrap_remove_wrapper(__func__, swrap_noop_close, fd);
+}
+
+static int swrap_close(int fd)
+{
+ return swrap_remove_wrapper(__func__, libc_close, fd);
+}
+
int close(int fd)
{
return swrap_close(fd);
}
+#ifdef HAVE___CLOSE_NOCANCEL
+
+static int swrap___close_nocancel(int fd)
+{
+ return swrap_remove_wrapper(__func__, libc___close_nocancel, fd);
+}
+
+int __close_nocancel(int fd);
+int __close_nocancel(int fd)
+{
+ return swrap___close_nocancel(fd);
+}
+
+#endif /* HAVE___CLOSE_NOCANCEL */
+
/****************************
* DUP
***************************/
return -1;
}
+ if ((size_t)dup_fd >= socket_fds_max) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ dup_fd);
+ libc_close(dup_fd);
+ errno = EMFILE;
+ return -1;
+ }
+
SWRAP_LOCK_SI(si);
swrap_inc_refcount(si);
return newfd;
}
+ if ((size_t)newfd >= socket_fds_max) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ newfd);
+ errno = EMFILE;
+ return -1;
+ }
+
if (find_socket_info(newfd)) {
/* dup2() does an implicit close of newfd, which we
* need to emulate */
return -1;
}
+ /* Make sure we don't have an entry for the fd */
+ swrap_remove_stale(dup_fd);
+
+ if ((size_t)dup_fd >= socket_fds_max) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ dup_fd);
+ libc_close(dup_fd);
+ errno = EMFILE;
+ return -1;
+ }
+
SWRAP_LOCK_SI(si);
swrap_inc_refcount(si);
SWRAP_UNLOCK_SI(si);
- /* Make sure we don't have an entry for the fd */
- swrap_remove_stale(dup_fd);
set_socket_info_index(dup_fd, idx);
}
#endif /* HAVE_PLEDGE */
+#ifdef HAVE_SYSCALL
+static bool swrap_is_swrap_related_syscall(long int sysno)
+{
+ switch (sysno) {
+#ifdef SYS_close
+ case SYS_close:
+ return true;
+#endif /* SYS_close */
+
+#ifdef SYS_recvmmsg
+ case SYS_recvmmsg:
+ return true;
+#endif /* SYS_recvmmsg */
+
+#ifdef SYS_sendmmsg
+ case SYS_sendmmsg:
+ return true;
+#endif /* SYS_sendmmsg */
+
+ default:
+ return false;
+ }
+}
+
+static long int swrap_syscall(long int sysno, va_list vp)
+{
+ long int rc;
+
+ switch (sysno) {
+#ifdef SYS_close
+ case SYS_close:
+ {
+ int fd = (int)va_arg(vp, int);
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "calling swrap_close syscall %lu",
+ sysno);
+ rc = swrap_close(fd);
+ }
+ break;
+#endif /* SYS_close */
+
+#ifdef SYS_recvmmsg
+ case SYS_recvmmsg:
+ {
+ int fd = (int)va_arg(vp, int);
+ struct mmsghdr *msgvec = va_arg(vp, struct mmsghdr *);
+ unsigned int vlen = va_arg(vp, unsigned int);
+ int flags = va_arg(vp, int);
+ struct timespec *timeout = va_arg(vp, struct timespec *);
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "calling swrap_recvmmsg syscall %lu",
+ sysno);
+ rc = swrap_recvmmsg(fd, msgvec, vlen, flags, timeout);
+ }
+ break;
+#endif /* SYS_recvmmsg */
+
+#ifdef SYS_sendmmsg
+ case SYS_sendmmsg:
+ {
+ int fd = (int)va_arg(vp, int);
+ struct mmsghdr *msgvec = va_arg(vp, struct mmsghdr *);
+ unsigned int vlen = va_arg(vp, unsigned int);
+ int flags = va_arg(vp, int);
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "calling swrap_sendmmsg syscall %lu",
+ sysno);
+ rc = swrap_sendmmsg(fd, msgvec, vlen, flags);
+ }
+ break;
+#endif /* SYS_sendmmsg */
+
+ default:
+ rc = -1;
+ errno = ENOSYS;
+ break;
+ }
+
+ return rc;
+}
+
+#ifdef HAVE_SYSCALL_INT
+int syscall(int sysno, ...)
+#else
+long int syscall(long int sysno, ...)
+#endif
+{
+#ifdef HAVE_SYSCALL_INT
+ int rc;
+#else
+ long int rc;
+#endif
+ va_list va;
+
+ va_start(va, sysno);
+
+ /*
+ * We should only handle the syscall numbers
+ * we care about...
+ */
+ if (!swrap_is_swrap_related_syscall(sysno)) {
+ /*
+ * We need to give socket_wrapper a
+ * chance to take over...
+ */
+ if (swrap_uwrap_syscall_valid(sysno)) {
+ rc = swrap_uwrap_syscall_va(sysno, va);
+ va_end(va);
+ return rc;
+ }
+
+ rc = libc_vsyscall(sysno, va);
+ va_end(va);
+ return rc;
+ }
+
+ if (!socket_wrapper_enabled()) {
+ rc = libc_vsyscall(sysno, va);
+ va_end(va);
+ return rc;
+ }
+
+ rc = swrap_syscall(sysno, va);
+ va_end(va);
+
+ return rc;
+}
+
+/* used by uid_wrapper */
+bool socket_wrapper_syscall_valid(long int sysno);
+bool socket_wrapper_syscall_valid(long int sysno)
+{
+ if (!swrap_is_swrap_related_syscall(sysno)) {
+ return false;
+ }
+
+ if (!socket_wrapper_enabled()) {
+ return false;
+ }
+
+ return true;
+}
+
+/* used by uid_wrapper */
+long int socket_wrapper_syscall_va(long int sysno, va_list va);
+long int socket_wrapper_syscall_va(long int sysno, va_list va)
+{
+ if (!swrap_is_swrap_related_syscall(sysno)) {
+ errno = ENOSYS;
+ return -1;
+ }
+
+ if (!socket_wrapper_enabled()) {
+ return libc_vsyscall(sysno, va);
+ }
+
+ return swrap_syscall(sysno, va);
+}
+#endif /* HAVE_SYSCALL */
+
static void swrap_thread_prepare(void)
{
/*
***************************/
void swrap_constructor(void)
{
+ if (PIPE_BUF < sizeof(struct swrap_unix_scm_rights)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "PIPE_BUF=%zu < "
+ "sizeof(struct swrap_unix_scm_rights)=%zu\n"
+ "sizeof(struct swrap_unix_scm_rights_payload)=%zu "
+ "sizeof(struct socket_info)=%zu",
+ (size_t)PIPE_BUF,
+ sizeof(struct swrap_unix_scm_rights),
+ sizeof(struct swrap_unix_scm_rights_payload),
+ sizeof(struct socket_info));
+ exit(-1);
+ }
+
SWRAP_REINIT_ALL;
/*
SAFE_FREE(sockets);
- if (swrap.libc.handle != NULL) {
+ if (swrap.libc.handle != NULL
+#ifdef RTLD_NEXT
+ && swrap.libc.handle != RTLD_NEXT
+#endif
+ ) {
dlclose(swrap.libc.handle);
}
- if (swrap.libc.socket_handle) {
+ if (swrap.libc.socket_handle
+#ifdef RTLD_NEXT
+ && swrap.libc.socket_handle != RTLD_NEXT
+#endif
+ ) {
dlclose(swrap.libc.socket_handle);
}
}
* related syscalls also with the '_' prefix.
*
* This is tested in Samba's 'make test',
- * there we noticed that providing '_read'
- * and '_open' would cause errors, which
+ * there we noticed that providing '_read',
+ * '_open' and '_close' would cause errors, which
* means we skip '_read', '_write' and
* all non socket related calls without
* further analyzing the problem.
#endif
SWRAP_SYMBOL_ALIAS(accept, _accept);
SWRAP_SYMBOL_ALIAS(bind, _bind);
-SWRAP_SYMBOL_ALIAS(close, _close);
SWRAP_SYMBOL_ALIAS(connect, _connect);
SWRAP_SYMBOL_ALIAS(dup, _dup);
SWRAP_SYMBOL_ALIAS(dup2, _dup2);