/*
- * Copyright (c) 2005-2008 Jelmer Vernooij <jelmer@samba.org>
- * Copyright (C) 2006-2014 Stefan Metzmacher <metze@samba.org>
- * Copyright (C) 2013-2014 Andreas Schneider <asn@samba.org>
+ * BSD 3-Clause License
*
+ * Copyright (c) 2005-2008, Jelmer Vernooij <jelmer@samba.org>
+ * Copyright (c) 2006-2018, Stefan Metzmacher <metze@samba.org>
+ * Copyright (c) 2013-2018, Andreas Schneider <asn@samba.org>
+ * Copyright (c) 2014-2017, Michael Adam <obnox@samba.org>
+ * Copyright (c) 2016-2018, Anoop C S <anoopcs@redhat.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- *
*/
/*
#include <sys/un.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
+#ifdef HAVE_NETINET_TCP_FSM_H
+#include <netinet/tcp_fsm.h>
+#endif
#include <arpa/inet.h>
#include <fcntl.h>
#include <stdlib.h>
# ifdef HAVE_FALLTHROUGH_ATTRIBUTE
# define FALL_THROUGH __attribute__ ((fallthrough))
# else /* HAVE_FALLTHROUGH_ATTRIBUTE */
-# define FALL_THROUGH
+# define FALL_THROUGH ((void)0)
# endif /* HAVE_FALLTHROUGH_ATTRIBUTE */
#endif /* FALL_THROUGH */
} while(0)
#endif
+#ifndef SAFE_FREE
+#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
+#endif
+
#ifndef discard_const
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
#endif
# endif
#endif
-/* Macros for accessing mutexes */
-# define SWRAP_LOCK(m) do { \
- pthread_mutex_lock(&(m ## _mutex)); \
-} while(0)
+#define socket_wrapper_init_mutex(m) \
+ _socket_wrapper_init_mutex(m, #m)
-# define SWRAP_UNLOCK(m) do { \
- pthread_mutex_unlock(&(m ## _mutex)); \
+/* Add new global locks here please */
+# define SWRAP_REINIT_ALL do { \
+ int ret; \
+ ret = socket_wrapper_init_mutex(&sockets_mutex); \
+ if (ret != 0) exit(-1); \
+ ret = socket_wrapper_init_mutex(&socket_reset_mutex); \
+ if (ret != 0) exit(-1); \
+ ret = socket_wrapper_init_mutex(&first_free_mutex); \
+ if (ret != 0) exit(-1); \
+ ret = socket_wrapper_init_mutex(&sockets_si_global); \
+ if (ret != 0) exit(-1); \
+ ret = socket_wrapper_init_mutex(&autobind_start_mutex); \
+ if (ret != 0) exit(-1); \
+ ret = socket_wrapper_init_mutex(&pcap_dump_mutex); \
+ if (ret != 0) exit(-1); \
+ ret = socket_wrapper_init_mutex(&mtu_update_mutex); \
+ if (ret != 0) exit(-1); \
} while(0)
-/* Add new global locks here please */
-# define SWRAP_LOCK_ALL \
- SWRAP_LOCK(libc_symbol_binding); \
+# define SWRAP_LOCK_ALL do { \
+ swrap_mutex_lock(&sockets_mutex); \
+ swrap_mutex_lock(&socket_reset_mutex); \
+ swrap_mutex_lock(&first_free_mutex); \
+ swrap_mutex_lock(&sockets_si_global); \
+ swrap_mutex_lock(&autobind_start_mutex); \
+ swrap_mutex_lock(&pcap_dump_mutex); \
+ swrap_mutex_lock(&mtu_update_mutex); \
+} while(0)
-# define SWRAP_UNLOCK_ALL \
- SWRAP_UNLOCK(libc_symbol_binding); \
+# define SWRAP_UNLOCK_ALL do { \
+ swrap_mutex_unlock(&mtu_update_mutex); \
+ swrap_mutex_unlock(&pcap_dump_mutex); \
+ swrap_mutex_unlock(&autobind_start_mutex); \
+ swrap_mutex_unlock(&sockets_si_global); \
+ swrap_mutex_unlock(&first_free_mutex); \
+ swrap_mutex_unlock(&socket_reset_mutex); \
+ swrap_mutex_unlock(&sockets_mutex); \
+} while(0)
+#define SOCKET_INFO_CONTAINER(si) \
+ (struct socket_info_container *)(si)
-#define SWRAP_DLIST_ADD(list,item) do { \
- if (!(list)) { \
- (item)->prev = NULL; \
- (item)->next = NULL; \
- (list) = (item); \
- } else { \
- (item)->prev = NULL; \
- (item)->next = (list); \
- (list)->prev = (item); \
- (list) = (item); \
- } \
-} while (0)
-
-#define SWRAP_DLIST_REMOVE(list,item) do { \
- if ((list) == (item)) { \
- (list) = (item)->next; \
- if (list) { \
- (list)->prev = NULL; \
- } \
+#define SWRAP_LOCK_SI(si) do { \
+ struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si); \
+ if (sic != NULL) { \
+ swrap_mutex_lock(&sockets_si_global); \
} else { \
- if ((item)->prev) { \
- (item)->prev->next = (item)->next; \
- } \
- if ((item)->next) { \
- (item)->next->prev = (item)->prev; \
- } \
+ abort(); \
} \
- (item)->prev = NULL; \
- (item)->next = NULL; \
-} while (0)
-
-#define SWRAP_DLIST_ADD_AFTER(list, item, el) \
-do { \
- if ((list) == NULL || (el) == NULL) { \
- SWRAP_DLIST_ADD(list, item); \
+} while(0)
+
+#define SWRAP_UNLOCK_SI(si) do { \
+ struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si); \
+ if (sic != NULL) { \
+ swrap_mutex_unlock(&sockets_si_global); \
} else { \
- (item)->prev = (el); \
- (item)->next = (el)->next; \
- (el)->next = (item); \
- if ((item)->next != NULL) { \
- (item)->next->prev = (item); \
- } \
+ abort(); \
} \
-} while (0)
+} while(0)
#if defined(HAVE_GETTIMEOFDAY_TZ) || defined(HAVE_GETTIMEOFDAY_TZ_VOID)
#define swrapGetTimeOfDay(tval) gettimeofday(tval,NULL)
#define SOCKET_MAX_SOCKETS 1024
-
/*
* Maximum number of socket_info structures that can
* be used. Can be overriden by the environment variable
*/
#define SOCKET_WRAPPER_MAX_SOCKETS_DEFAULT 65535
-#define SOCKET_WRAPPER_MAX_SOCKETS_LIMIT 256000
+#define SOCKET_WRAPPER_MAX_SOCKETS_LIMIT 262140
/* This limit is to avoid broadcast sendto() needing to stat too many
* files. It may be raised (with a performance cost) to up to 254
} sa;
};
-struct socket_info_fd {
- struct socket_info_fd *prev, *next;
- int fd;
-
- /*
- * Points to corresponding index in array of
- * socket_info structures
- */
- int si_index;
-};
-
-int first_free;
+static int first_free;
struct socket_info
{
- unsigned int refcount;
-
- int next_free;
+ /*
+ * Remember to update swrap_unix_scm_right_magic
+ * on any change.
+ */
int family;
int type;
int defer_connect;
int pktinfo;
int tcp_nodelay;
+ int listening;
+ int fd_passed;
/* The unix path so we can unlink it on close() */
struct sockaddr_un un_addr;
} io;
};
-static struct socket_info *sockets;
-static size_t max_sockets = 0;
+struct socket_info_meta
+{
+ unsigned int refcount;
+ int next_free;
+ /*
+ * As long as we don't use shared memory
+ * for the sockets array, we use
+ * sockets_si_global as a single mutex.
+ *
+ * pthread_mutex_t mutex;
+ */
+};
+
+struct socket_info_container
+{
+ struct socket_info info;
+ struct socket_info_meta meta;
+};
+
+static struct socket_info_container *sockets;
+
+static size_t socket_info_max = 0;
+
+/*
+ * Allocate the socket array always on the limit value. We want it to be
+ * at least bigger than the default so if we reach the limit we can
+ * still deal with duplicate fds pointing to the same socket_info.
+ */
+static size_t socket_fds_max = SOCKET_WRAPPER_MAX_SOCKETS_LIMIT;
+
+/* Hash table to map fds to corresponding socket_info index */
+static int *socket_fds_idx;
+
+/* Mutex for syncronizing port selection during swrap_auto_bind() */
+static pthread_mutex_t autobind_start_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+/* Mutex to guard the initialization of array of socket_info structures */
+static pthread_mutex_t sockets_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+/* Mutex to guard the socket reset in swrap_close() and swrap_remove_stale() */
+static pthread_mutex_t socket_reset_mutex = PTHREAD_MUTEX_INITIALIZER;
+
+/* Mutex to synchronize access to first free index in socket_info array */
+static pthread_mutex_t first_free_mutex = PTHREAD_MUTEX_INITIALIZER;
/*
- * While socket file descriptors are passed among different processes, the
- * numerical value gets changed. So its better to store it locally to each
- * process rather than including it within socket_info which will be shared.
+ * Mutex to synchronize access to to socket_info structures
+ * We use a single global mutex in order to avoid leaking
+ * ~ 38M copy on write memory per fork.
+ * max_sockets=65535 * sizeof(struct socket_info_container)=592 = 38796720
*/
-static struct socket_info_fd *socket_fds;
+static pthread_mutex_t sockets_si_global = PTHREAD_MUTEX_INITIALIZER;
+
+/* Mutex to synchronize access to packet capture dump file */
+static pthread_mutex_t pcap_dump_mutex = PTHREAD_MUTEX_INITIALIZER;
-/* The mutex for accessing the global libc.symbols */
-static pthread_mutex_t libc_symbol_binding_mutex = PTHREAD_MUTEX_INITIALIZER;
+/* Mutex for synchronizing mtu value fetch*/
+static pthread_mutex_t mtu_update_mutex = PTHREAD_MUTEX_INITIALIZER;
/* Function prototypes */
bool socket_wrapper_enabled(void);
+#if ! defined(HAVE_CONSTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_INIT)
+/* xlC and other oldschool compilers support (only) this */
+#pragma init (swrap_constructor)
+#endif
void swrap_constructor(void) CONSTRUCTOR_ATTRIBUTE;
+#if ! defined(HAVE_DESTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_FINI)
+#pragma fini (swrap_destructor)
+#endif
void swrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
+#ifndef HAVE_GETPROGNAME
+static const char *getprogname(void)
+{
+#if defined(HAVE_PROGRAM_INVOCATION_SHORT_NAME)
+ return program_invocation_short_name;
+#elif defined(HAVE_GETEXECNAME)
+ return getexecname();
+#else
+ return NULL;
+#endif /* HAVE_PROGRAM_INVOCATION_SHORT_NAME */
+}
+#endif /* HAVE_GETPROGNAME */
+
static void swrap_log(enum swrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
# define SWRAP_LOG(dbglvl, ...) swrap_log((dbglvl), __func__, __VA_ARGS__)
va_list va;
const char *d;
unsigned int lvl = 0;
+ const char *prefix = "SWRAP";
+ const char *progname = getprogname();
d = getenv("SOCKET_WRAPPER_DEBUGLEVEL");
if (d != NULL) {
vsnprintf(buffer, sizeof(buffer), format, va);
va_end(va);
- if (lvl >= dbglvl) {
- switch (dbglvl) {
- case SWRAP_LOG_ERROR:
- fprintf(stderr,
- "SWRAP_ERROR(%d) - %s: %s\n",
- (int)getpid(), func, buffer);
- break;
- case SWRAP_LOG_WARN:
- fprintf(stderr,
- "SWRAP_WARN(%d) - %s: %s\n",
- (int)getpid(), func, buffer);
- break;
- case SWRAP_LOG_DEBUG:
- fprintf(stderr,
- "SWRAP_DEBUG(%d) - %s: %s\n",
- (int)getpid(), func, buffer);
- break;
- case SWRAP_LOG_TRACE:
- fprintf(stderr,
- "SWRAP_TRACE(%d) - %s: %s\n",
- (int)getpid(), func, buffer);
- break;
- }
+ switch (dbglvl) {
+ case SWRAP_LOG_ERROR:
+ prefix = "SWRAP_ERROR";
+ break;
+ case SWRAP_LOG_WARN:
+ prefix = "SWRAP_WARN";
+ break;
+ case SWRAP_LOG_DEBUG:
+ prefix = "SWRAP_DEBUG";
+ break;
+ case SWRAP_LOG_TRACE:
+ prefix = "SWRAP_TRACE";
+ break;
}
+
+ if (progname == NULL) {
+ progname = "<unknown>";
+ }
+
+ fprintf(stderr,
+ "%s[%s (%u)] - %s: %s\n",
+ prefix,
+ progname,
+ (unsigned int)getpid(),
+ func,
+ buffer);
}
/*********************************************************
socklen_t *optlen);
typedef int (*__libc_ioctl)(int d, unsigned long int request, ...);
typedef int (*__libc_listen)(int sockfd, int backlog);
-typedef int (*__libc_open)(const char *pathname, int flags, mode_t mode);
+typedef int (*__libc_open)(const char *pathname, int flags, ...);
#ifdef HAVE_OPEN64
-typedef int (*__libc_open64)(const char *pathname, int flags, mode_t mode);
+typedef int (*__libc_open64)(const char *pathname, int flags, ...);
#endif /* HAVE_OPEN64 */
typedef int (*__libc_openat)(int dirfd, const char *path, int flags, ...);
typedef int (*__libc_pipe)(int pipefd[2]);
static struct swrap swrap;
/* prototypes */
-static const char *socket_wrapper_dir(void);
+static char *socket_wrapper_dir(void);
#define LIBC_NAME "libc.so"
enum swrap_lib {
SWRAP_LIBC,
- SWRAP_LIBNSL,
SWRAP_LIBSOCKET,
};
switch (lib) {
case SWRAP_LIBC:
return "libc";
- case SWRAP_LIBNSL:
- return "libnsl";
case SWRAP_LIBSOCKET:
return "libsocket";
}
int i;
#ifdef RTLD_DEEPBIND
- flags |= RTLD_DEEPBIND;
+ const char *env_preload = getenv("LD_PRELOAD");
+ const char *env_deepbind = getenv("SOCKET_WRAPPER_DISABLE_DEEPBIND");
+ bool enable_deepbind = true;
+
+ /* Don't do a deepbind if we run with libasan */
+ if (env_preload != NULL && strlen(env_preload) < 1024) {
+ const char *p = strstr(env_preload, "libasan.so");
+ if (p != NULL) {
+ enable_deepbind = false;
+ }
+ }
+
+ if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
+ enable_deepbind = false;
+ }
+
+ if (enable_deepbind) {
+ flags |= RTLD_DEEPBIND;
+ }
#endif
switch (lib) {
- case SWRAP_LIBNSL:
- FALL_THROUGH;
case SWRAP_LIBSOCKET:
#ifdef HAVE_LIBSOCKET
handle = swrap.libc.socket_handle;
}
break;
#endif
- FALL_THROUGH;
case SWRAP_LIBC:
handle = swrap.libc.handle;
#ifdef LIBC_SO
handle = swrap.libc.handle = swrap.libc.socket_handle = RTLD_NEXT;
#else
SWRAP_LOG(SWRAP_LOG_ERROR,
- "Failed to dlopen library: %s\n",
+ "Failed to dlopen library: %s",
dlerror());
exit(-1);
#endif
func = dlsym(handle, fn_name);
if (func == NULL) {
SWRAP_LOG(SWRAP_LOG_ERROR,
- "Failed to find %s: %s\n",
+ "Failed to find %s: %s",
fn_name,
dlerror());
exit(-1);
return func;
}
-#define swrap_bind_symbol_libc(sym_name) \
- SWRAP_LOCK(libc_symbol_binding); \
- if (swrap.libc.symbols._libc_##sym_name.obj == NULL) { \
- swrap.libc.symbols._libc_##sym_name.obj = \
- _swrap_bind_symbol(SWRAP_LIBC, #sym_name); \
- } \
- SWRAP_UNLOCK(libc_symbol_binding)
+#define swrap_mutex_lock(m) _swrap_mutex_lock(m, #m, __func__, __LINE__)
+static void _swrap_mutex_lock(pthread_mutex_t *mutex, const char *name, const char *caller, unsigned line)
+{
+ int ret;
-#define swrap_bind_symbol_libsocket(sym_name) \
- SWRAP_LOCK(libc_symbol_binding); \
- if (swrap.libc.symbols._libc_##sym_name.obj == NULL) { \
- swrap.libc.symbols._libc_##sym_name.obj = \
- _swrap_bind_symbol(SWRAP_LIBSOCKET, #sym_name); \
- } \
- SWRAP_UNLOCK(libc_symbol_binding)
+ ret = pthread_mutex_lock(mutex);
+ if (ret != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't lock pthread mutex(%s) - %s",
+ getpid(), getppid(), caller, line, name, strerror(ret));
+ abort();
+ }
+}
-#define swrap_bind_symbol_libnsl(sym_name) \
- SWRAP_LOCK(libc_symbol_binding); \
- if (swrap.libc.symbols._libc_##sym_name.obj == NULL) { \
- swrap.libc.symbols._libc_##sym_name.obj = \
- _swrap_bind_symbol(SWRAP_LIBNSL, #sym_name); \
- } \
- SWRAP_UNLOCK(libc_symbol_binding)
+#define swrap_mutex_unlock(m) _swrap_mutex_unlock(m, #m, __func__, __LINE__)
+static void _swrap_mutex_unlock(pthread_mutex_t *mutex, const char *name, const char *caller, unsigned line)
+{
+ int ret;
+
+ ret = pthread_mutex_unlock(mutex);
+ if (ret != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't unlock pthread mutex(%s) - %s",
+ getpid(), getppid(), caller, line, name, strerror(ret));
+ abort();
+ }
+}
/*
- * IMPORTANT
+ * These macros have a thread race condition on purpose!
*
- * Functions especially from libc need to be loaded individually, you can't load
- * all at once or gdb will segfault at startup. The same applies to valgrind and
- * has probably something todo with with the linker.
- * So we need load each function at the point it is called the first time.
+ * This is an optimization to avoid locking each time we check if the symbol is
+ * bound.
*/
+#define _swrap_bind_symbol_generic(lib, sym_name) do { \
+ swrap.libc.symbols._libc_##sym_name.obj = \
+ _swrap_bind_symbol(lib, #sym_name); \
+} while(0);
+
+#define swrap_bind_symbol_libc(sym_name) \
+ _swrap_bind_symbol_generic(SWRAP_LIBC, sym_name)
+
+#define swrap_bind_symbol_libsocket(sym_name) \
+ _swrap_bind_symbol_generic(SWRAP_LIBSOCKET, sym_name)
+
+static void swrap_bind_symbol_all(void);
+
+/****************************************************************************
+ * IMPORTANT
+ ****************************************************************************
+ *
+ * Functions especially from libc need to be loaded individually, you can't
+ * load all at once or gdb will segfault at startup. The same applies to
+ * valgrind and has probably something todo with with the linker. So we need
+ * load each function at the point it is called the first time.
+ *
+ ****************************************************************************/
+
#ifdef HAVE_ACCEPT4
static int libc_accept4(int sockfd,
struct sockaddr *addr,
socklen_t *addrlen,
int flags)
{
- swrap_bind_symbol_libsocket(accept4);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_accept4.f(sockfd, addr, addrlen, flags);
}
static int libc_accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen)
{
- swrap_bind_symbol_libsocket(accept);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_accept.f(sockfd, addr, addrlen);
}
const struct sockaddr *addr,
socklen_t addrlen)
{
- swrap_bind_symbol_libsocket(bind);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_bind.f(sockfd, addr, addrlen);
}
static int libc_close(int fd)
{
- swrap_bind_symbol_libc(close);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_close.f(fd);
}
const struct sockaddr *addr,
socklen_t addrlen)
{
- swrap_bind_symbol_libsocket(connect);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_connect.f(sockfd, addr, addrlen);
}
static int libc_dup(int fd)
{
- swrap_bind_symbol_libc(dup);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_dup.f(fd);
}
static int libc_dup2(int oldfd, int newfd)
{
- swrap_bind_symbol_libc(dup2);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_dup2.f(oldfd, newfd);
}
#ifdef HAVE_EVENTFD
static int libc_eventfd(int count, int flags)
{
- swrap_bind_symbol_libc(eventfd);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_eventfd.f(count, flags);
}
DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
static int libc_vfcntl(int fd, int cmd, va_list ap)
{
- long int args[4];
+ void *arg;
int rc;
- int i;
- swrap_bind_symbol_libc(fcntl);
+ swrap_bind_symbol_all();
- for (i = 0; i < 4; i++) {
- args[i] = va_arg(ap, long int);
- }
+ arg = va_arg(ap, void *);
- rc = swrap.libc.symbols._libc_fcntl.f(fd,
- cmd,
- args[0],
- args[1],
- args[2],
- args[3]);
+ rc = swrap.libc.symbols._libc_fcntl.f(fd, cmd, arg);
return rc;
}
struct sockaddr *addr,
socklen_t *addrlen)
{
- swrap_bind_symbol_libsocket(getpeername);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_getpeername.f(sockfd, addr, addrlen);
}
struct sockaddr *addr,
socklen_t *addrlen)
{
- swrap_bind_symbol_libsocket(getsockname);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_getsockname.f(sockfd, addr, addrlen);
}
void *optval,
socklen_t *optlen)
{
- swrap_bind_symbol_libsocket(getsockopt);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_getsockopt.f(sockfd,
level,
DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
static int libc_vioctl(int d, unsigned long int request, va_list ap)
{
- long int args[4];
+ void *arg;
int rc;
- int i;
- swrap_bind_symbol_libc(ioctl);
+ swrap_bind_symbol_all();
- for (i = 0; i < 4; i++) {
- args[i] = va_arg(ap, long int);
- }
+ arg = va_arg(ap, void *);
- rc = swrap.libc.symbols._libc_ioctl.f(d,
- request,
- args[0],
- args[1],
- args[2],
- args[3]);
+ rc = swrap.libc.symbols._libc_ioctl.f(d, request, arg);
return rc;
}
static int libc_listen(int sockfd, int backlog)
{
- swrap_bind_symbol_libsocket(listen);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_listen.f(sockfd, backlog);
}
static FILE *libc_fopen(const char *name, const char *mode)
{
- swrap_bind_symbol_libc(fopen);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_fopen.f(name, mode);
}
#ifdef HAVE_FOPEN64
static FILE *libc_fopen64(const char *name, const char *mode)
{
- swrap_bind_symbol_libc(fopen64);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_fopen64.f(name, mode);
}
static int libc_vopen(const char *pathname, int flags, va_list ap)
{
- long int mode = 0;
+ int mode = 0;
int fd;
- swrap_bind_symbol_libc(open);
-
- mode = va_arg(ap, long int);
+ swrap_bind_symbol_all();
+ if (flags & O_CREAT) {
+ mode = va_arg(ap, int);
+ }
fd = swrap.libc.symbols._libc_open.f(pathname, flags, (mode_t)mode);
return fd;
#ifdef HAVE_OPEN64
static int libc_vopen64(const char *pathname, int flags, va_list ap)
{
- long int mode = 0;
+ int mode = 0;
int fd;
- swrap_bind_symbol_libc(open64);
-
- mode = va_arg(ap, long int);
+ swrap_bind_symbol_all();
+ if (flags & O_CREAT) {
+ mode = va_arg(ap, int);
+ }
fd = swrap.libc.symbols._libc_open64.f(pathname, flags, (mode_t)mode);
return fd;
static int libc_vopenat(int dirfd, const char *path, int flags, va_list ap)
{
- long int mode = 0;
+ int mode = 0;
int fd;
- swrap_bind_symbol_libc(openat);
-
- mode = va_arg(ap, long int);
+ swrap_bind_symbol_all();
- fd = swrap.libc.symbols._libc_openat.f(dirfd, path, flags, (mode_t)mode);
+ if (flags & O_CREAT) {
+ mode = va_arg(ap, int);
+ }
+ fd = swrap.libc.symbols._libc_openat.f(dirfd,
+ path,
+ flags,
+ (mode_t)mode);
return fd;
}
static int libc_pipe(int pipefd[2])
{
- swrap_bind_symbol_libsocket(pipe);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_pipe.f(pipefd);
}
static int libc_read(int fd, void *buf, size_t count)
{
- swrap_bind_symbol_libc(read);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_read.f(fd, buf, count);
}
static ssize_t libc_readv(int fd, const struct iovec *iov, int iovcnt)
{
- swrap_bind_symbol_libsocket(readv);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_readv.f(fd, iov, iovcnt);
}
static int libc_recv(int sockfd, void *buf, size_t len, int flags)
{
- swrap_bind_symbol_libsocket(recv);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_recv.f(sockfd, buf, len, flags);
}
struct sockaddr *src_addr,
socklen_t *addrlen)
{
- swrap_bind_symbol_libsocket(recvfrom);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_recvfrom.f(sockfd,
buf,
static int libc_recvmsg(int sockfd, struct msghdr *msg, int flags)
{
- swrap_bind_symbol_libsocket(recvmsg);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_recvmsg.f(sockfd, msg, flags);
}
static int libc_send(int sockfd, const void *buf, size_t len, int flags)
{
- swrap_bind_symbol_libsocket(send);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_send.f(sockfd, buf, len, flags);
}
static int libc_sendmsg(int sockfd, const struct msghdr *msg, int flags)
{
- swrap_bind_symbol_libsocket(sendmsg);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_sendmsg.f(sockfd, msg, flags);
}
const struct sockaddr *dst_addr,
socklen_t addrlen)
{
- swrap_bind_symbol_libsocket(sendto);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_sendto.f(sockfd,
buf,
const void *optval,
socklen_t optlen)
{
- swrap_bind_symbol_libsocket(setsockopt);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_setsockopt.f(sockfd,
level,
#ifdef HAVE_SIGNALFD
static int libc_signalfd(int fd, const sigset_t *mask, int flags)
{
- swrap_bind_symbol_libsocket(signalfd);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_signalfd.f(fd, mask, flags);
}
static int libc_socket(int domain, int type, int protocol)
{
- swrap_bind_symbol_libsocket(socket);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_socket.f(domain, type, protocol);
}
static int libc_socketpair(int domain, int type, int protocol, int sv[2])
{
- swrap_bind_symbol_libsocket(socketpair);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_socketpair.f(domain, type, protocol, sv);
}
#ifdef HAVE_TIMERFD_CREATE
static int libc_timerfd_create(int clockid, int flags)
{
- swrap_bind_symbol_libc(timerfd_create);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_timerfd_create.f(clockid, flags);
}
static ssize_t libc_write(int fd, const void *buf, size_t count)
{
- swrap_bind_symbol_libc(write);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_write.f(fd, buf, count);
}
static ssize_t libc_writev(int fd, const struct iovec *iov, int iovcnt)
{
- swrap_bind_symbol_libsocket(writev);
+ swrap_bind_symbol_all();
return swrap.libc.symbols._libc_writev.f(fd, iov, iovcnt);
}
+/* DO NOT call this function during library initialization! */
+static void __swrap_bind_symbol_all_once(void)
+{
+#ifdef HAVE_ACCEPT4
+ swrap_bind_symbol_libsocket(accept4);
+#else
+ swrap_bind_symbol_libsocket(accept);
+#endif
+ swrap_bind_symbol_libsocket(bind);
+ swrap_bind_symbol_libc(close);
+ swrap_bind_symbol_libsocket(connect);
+ swrap_bind_symbol_libc(dup);
+ swrap_bind_symbol_libc(dup2);
+ swrap_bind_symbol_libc(fcntl);
+ swrap_bind_symbol_libc(fopen);
+#ifdef HAVE_FOPEN64
+ swrap_bind_symbol_libc(fopen64);
+#endif
+#ifdef HAVE_EVENTFD
+ swrap_bind_symbol_libc(eventfd);
+#endif
+ swrap_bind_symbol_libsocket(getpeername);
+ swrap_bind_symbol_libsocket(getsockname);
+ swrap_bind_symbol_libsocket(getsockopt);
+ swrap_bind_symbol_libc(ioctl);
+ swrap_bind_symbol_libsocket(listen);
+ swrap_bind_symbol_libc(open);
+#ifdef HAVE_OPEN64
+ swrap_bind_symbol_libc(open64);
+#endif
+ swrap_bind_symbol_libc(openat);
+ swrap_bind_symbol_libsocket(pipe);
+ swrap_bind_symbol_libc(read);
+ swrap_bind_symbol_libsocket(readv);
+ swrap_bind_symbol_libsocket(recv);
+ swrap_bind_symbol_libsocket(recvfrom);
+ swrap_bind_symbol_libsocket(recvmsg);
+ swrap_bind_symbol_libsocket(send);
+ swrap_bind_symbol_libsocket(sendmsg);
+ swrap_bind_symbol_libsocket(sendto);
+ swrap_bind_symbol_libsocket(setsockopt);
+#ifdef HAVE_SIGNALFD
+ swrap_bind_symbol_libsocket(signalfd);
+#endif
+ swrap_bind_symbol_libsocket(socket);
+ swrap_bind_symbol_libsocket(socketpair);
+#ifdef HAVE_TIMERFD_CREATE
+ swrap_bind_symbol_libc(timerfd_create);
+#endif
+ swrap_bind_symbol_libc(write);
+ swrap_bind_symbol_libsocket(writev);
+}
+
+static void swrap_bind_symbol_all(void)
+{
+ static pthread_once_t all_symbol_binding_once = PTHREAD_ONCE_INIT;
+
+ pthread_once(&all_symbol_binding_once, __swrap_bind_symbol_all_once);
+}
+
/*********************************************************
* SWRAP HELPER FUNCTIONS
*********************************************************/
+/*
+ * We return 127.0.0.0 (default) or 10.53.57.0.
+ *
+ * This can be controlled by:
+ * SOCKET_WRAPPER_IPV4_NETWORK=127.0.0.0 (default)
+ * or
+ * SOCKET_WRAPPER_IPV4_NETWORK=10.53.57.0
+ */
+static in_addr_t swrap_ipv4_net(void)
+{
+ static int initialized;
+ static in_addr_t hv;
+ const char *net_str = NULL;
+ struct in_addr nv;
+ int ret;
+
+ if (initialized) {
+ return hv;
+ }
+ initialized = 1;
+
+ net_str = getenv("SOCKET_WRAPPER_IPV4_NETWORK");
+ if (net_str == NULL) {
+ net_str = "127.0.0.0";
+ }
+
+ ret = inet_pton(AF_INET, net_str, &nv);
+ if (ret <= 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "INVALID IPv4 Network [%s]",
+ net_str);
+ abort();
+ }
+
+ hv = ntohl(nv.s_addr);
+
+ switch (hv) {
+ case 0x7f000000:
+ /* 127.0.0.0 */
+ break;
+ case 0x0a353900:
+ /* 10.53.57.0 */
+ break;
+ default:
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "INVALID IPv4 Network [%s][0x%x] should be "
+ "127.0.0.0 or 10.53.57.0",
+ net_str, (unsigned)hv);
+ abort();
+ }
+
+ return hv;
+}
+
+/*
+ * This returns 127.255.255.255 or 10.255.255.255
+ */
+static in_addr_t swrap_ipv4_bcast(void)
+{
+ in_addr_t hv;
+
+ hv = swrap_ipv4_net();
+ hv |= IN_CLASSA_HOST;
+
+ return hv;
+}
+
+/*
+ * This returns 127.0.0.${iface} or 10.53.57.${iface}
+ */
+static in_addr_t swrap_ipv4_iface(unsigned int iface)
+{
+ in_addr_t hv;
+
+ if (iface == 0 || iface > MAX_WRAPPED_INTERFACES) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "swrap_ipv4_iface(%u) invalid!",
+ iface);
+ abort();
+ return -1;
+ }
+
+ hv = swrap_ipv4_net();
+ hv |= iface;
+
+ return hv;
+}
+
#ifdef HAVE_IPV6
/*
* FD00::5357:5FXX
return 0;
}
-static const char *socket_wrapper_dir(void)
+static struct socket_info *swrap_get_socket_info(int si_index)
{
- const char *s = getenv("SOCKET_WRAPPER_DIR");
- if (s == NULL) {
- return NULL;
- }
- /* TODO use realpath(3) here, when we add support for threads */
- if (strncmp(s, "./", 2) == 0) {
- s += 2;
- }
+ return (struct socket_info *)(&(sockets[si_index].info));
+}
- SWRAP_LOG(SWRAP_LOG_TRACE, "socket_wrapper_dir: %s", s);
- return s;
+static int swrap_get_refcount(struct socket_info *si)
+{
+ struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
+ return sic->meta.refcount;
+}
+
+static void swrap_inc_refcount(struct socket_info *si)
+{
+ struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
+
+ sic->meta.refcount += 1;
+}
+
+static void swrap_dec_refcount(struct socket_info *si)
+{
+ struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
+
+ sic->meta.refcount -= 1;
+}
+
+static int swrap_get_next_free(struct socket_info *si)
+{
+ struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
+
+ return sic->meta.next_free;
+}
+
+static void swrap_set_next_free(struct socket_info *si, int next_free)
+{
+ struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
+
+ sic->meta.next_free = next_free;
+}
+
+static int swrap_un_path(struct sockaddr_un *un,
+ const char *swrap_dir,
+ char type,
+ unsigned int iface,
+ unsigned int prt)
+{
+ int ret;
+
+ ret = snprintf(un->sun_path,
+ sizeof(un->sun_path),
+ "%s/"SOCKET_FORMAT,
+ swrap_dir,
+ type,
+ iface,
+ prt);
+ if ((size_t)ret >= sizeof(un->sun_path)) {
+ return ENAMETOOLONG;
+ }
+
+ return 0;
+}
+
+static int swrap_un_path_EINVAL(struct sockaddr_un *un,
+ const char *swrap_dir)
+{
+ int ret;
+
+ ret = snprintf(un->sun_path,
+ sizeof(un->sun_path),
+ "%s/EINVAL",
+ swrap_dir);
+
+ if ((size_t)ret >= sizeof(un->sun_path)) {
+ return ENAMETOOLONG;
+ }
+
+ return 0;
+}
+
+static bool swrap_dir_usable(const char *swrap_dir)
+{
+ struct sockaddr_un un;
+ int ret;
+
+ ret = swrap_un_path(&un, swrap_dir, SOCKET_TYPE_CHAR_TCP, 0, 0);
+ if (ret == 0) {
+ return true;
+ }
+
+ ret = swrap_un_path_EINVAL(&un, swrap_dir);
+ if (ret == 0) {
+ return true;
+ }
+
+ return false;
+}
+
+static char *socket_wrapper_dir(void)
+{
+ char *swrap_dir = NULL;
+ char *s = getenv("SOCKET_WRAPPER_DIR");
+ char *t;
+ bool ok;
+
+ if (s == NULL || s[0] == '\0') {
+ SWRAP_LOG(SWRAP_LOG_WARN, "SOCKET_WRAPPER_DIR not set");
+ return NULL;
+ }
+
+ swrap_dir = realpath(s, NULL);
+ if (swrap_dir == NULL) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "Unable to resolve socket_wrapper dir path: %s - %s",
+ s,
+ strerror(errno));
+ abort();
+ }
+
+ ok = swrap_dir_usable(swrap_dir);
+ if (ok) {
+ goto done;
+ }
+
+ free(swrap_dir);
+
+ ok = swrap_dir_usable(s);
+ if (!ok) {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "SOCKET_WRAPPER_DIR is too long");
+ abort();
+ }
+
+ t = getenv("SOCKET_WRAPPER_DIR_ALLOW_ORIG");
+ if (t == NULL) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "realpath(SOCKET_WRAPPER_DIR) too long and "
+ "SOCKET_WRAPPER_DIR_ALLOW_ORIG not set");
+ abort();
+
+ }
+
+ swrap_dir = strdup(s);
+ if (swrap_dir == NULL) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "Unable to duplicate socket_wrapper dir path");
+ abort();
+ }
+
+ SWRAP_LOG(SWRAP_LOG_WARN,
+ "realpath(SOCKET_WRAPPER_DIR) too long, "
+ "using original SOCKET_WRAPPER_DIR\n");
+
+done:
+ SWRAP_LOG(SWRAP_LOG_TRACE, "socket_wrapper_dir: %s", swrap_dir);
+ return swrap_dir;
}
static unsigned int socket_wrapper_mtu(void)
const char *s;
char *endp;
+ swrap_mutex_lock(&mtu_update_mutex);
+
if (max_mtu != 0) {
- return max_mtu;
+ goto done;
}
max_mtu = SOCKET_WRAPPER_MTU_DEFAULT;
max_mtu = tmp;
done:
+ swrap_mutex_unlock(&mtu_update_mutex);
return max_mtu;
}
+static int _socket_wrapper_init_mutex(pthread_mutex_t *m, const char *name)
+{
+ pthread_mutexattr_t ma;
+ bool need_destroy = false;
+ int ret = 0;
+
+#define __CHECK(cmd) do { \
+ ret = cmd; \
+ if (ret != 0) { \
+ SWRAP_LOG(SWRAP_LOG_ERROR, \
+ "%s: %s - failed %d", \
+ name, #cmd, ret); \
+ goto done; \
+ } \
+} while(0)
+
+ *m = (pthread_mutex_t)PTHREAD_MUTEX_INITIALIZER;
+ __CHECK(pthread_mutexattr_init(&ma));
+ need_destroy = true;
+ __CHECK(pthread_mutexattr_settype(&ma, PTHREAD_MUTEX_ERRORCHECK));
+ __CHECK(pthread_mutex_init(m, &ma));
+done:
+ if (need_destroy) {
+ pthread_mutexattr_destroy(&ma);
+ }
+ return ret;
+}
+
static size_t socket_wrapper_max_sockets(void)
{
const char *s;
- unsigned long tmp;
+ size_t tmp;
char *endp;
- if (max_sockets != 0) {
- return max_sockets;
+ if (socket_info_max != 0) {
+ return socket_info_max;
}
- max_sockets = SOCKET_WRAPPER_MAX_SOCKETS_DEFAULT;
+ socket_info_max = SOCKET_WRAPPER_MAX_SOCKETS_DEFAULT;
s = getenv("SOCKET_WRAPPER_MAX_SOCKETS");
if (s == NULL || s[0] == '\0') {
if (s == endp) {
goto done;
}
- if (tmp == 0 || tmp > SOCKET_WRAPPER_MAX_SOCKETS_LIMIT) {
+ if (tmp == 0) {
+ tmp = SOCKET_WRAPPER_MAX_SOCKETS_DEFAULT;
SWRAP_LOG(SWRAP_LOG_ERROR,
- "Invalid number of sockets specified, using default.");
- goto done;
+ "Invalid number of sockets specified, "
+ "using default (%zu)",
+ tmp);
+ }
+
+ if (tmp > SOCKET_WRAPPER_MAX_SOCKETS_LIMIT) {
+ tmp = SOCKET_WRAPPER_MAX_SOCKETS_LIMIT;
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "Invalid number of sockets specified, "
+ "using maximum (%zu).",
+ tmp);
}
- max_sockets = tmp;
+ socket_info_max = tmp;
done:
- return max_sockets;
+ return socket_info_max;
+}
+
+static void socket_wrapper_init_fds_idx(void)
+{
+ int *tmp = NULL;
+ size_t i;
+
+ if (socket_fds_idx != NULL) {
+ return;
+ }
+
+ tmp = (int *)calloc(socket_fds_max, sizeof(int));
+ if (tmp == NULL) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "Failed to allocate socket fds index array: %s",
+ strerror(errno));
+ exit(-1);
+ }
+
+ for (i = 0; i < socket_fds_max; i++) {
+ tmp[i] = -1;
+ }
+
+ socket_fds_idx = tmp;
}
static void socket_wrapper_init_sockets(void)
{
+ size_t max_sockets;
size_t i;
+ int ret = 0;
+
+ swrap_bind_symbol_all();
+
+ swrap_mutex_lock(&sockets_mutex);
if (sockets != NULL) {
+ swrap_mutex_unlock(&sockets_mutex);
return;
}
+ SWRAP_LOG(SWRAP_LOG_DEBUG,
+ "SOCKET_WRAPPER_PACKAGE[%s] SOCKET_WRAPPER_VERSION[%s]",
+ SOCKET_WRAPPER_PACKAGE, SOCKET_WRAPPER_VERSION);
+
+ /*
+ * Intialize the static cache early before
+ * any thread is able to start.
+ */
+ (void)swrap_ipv4_net();
+
+ socket_wrapper_init_fds_idx();
+
+ /* Needs to be called inside the sockets_mutex lock here. */
max_sockets = socket_wrapper_max_sockets();
- sockets = (struct socket_info *)calloc(max_sockets,
- sizeof(struct socket_info));
+ sockets = (struct socket_info_container *)calloc(max_sockets,
+ sizeof(struct socket_info_container));
if (sockets == NULL) {
SWRAP_LOG(SWRAP_LOG_ERROR,
- "Failed to allocate sockets array.\n");
+ "Failed to allocate sockets array: %s",
+ strerror(errno));
+ swrap_mutex_unlock(&sockets_mutex);
exit(-1);
}
+ swrap_mutex_lock(&first_free_mutex);
+ swrap_mutex_lock(&sockets_si_global);
+
first_free = 0;
for (i = 0; i < max_sockets; i++) {
- sockets[i].next_free = i+1;
+ swrap_set_next_free(&sockets[i].info, i+1);
}
- sockets[max_sockets-1].next_free = -1;
+ /* mark the end of the free list */
+ swrap_set_next_free(&sockets[max_sockets-1].info, -1);
+
+ swrap_mutex_unlock(&sockets_si_global);
+ swrap_mutex_unlock(&first_free_mutex);
+ swrap_mutex_unlock(&sockets_mutex);
+ if (ret != 0) {
+ exit(-1);
+ }
}
bool socket_wrapper_enabled(void)
{
- const char *s = socket_wrapper_dir();
+ char *s = socket_wrapper_dir();
if (s == NULL) {
return false;
}
+ SAFE_FREE(s);
+
socket_wrapper_init_sockets();
return true;
return 1;/* 127.0.0.1 */
}
-/*
- * Return the first free entry (if any) and make
- * it re-usable again (by nulling it out)
- */
-static int socket_wrapper_first_free_index(void)
+static void set_socket_info_index(int fd, int idx)
{
- int next_free;
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fd=%d idx=%d",
+ fd, idx);
+ socket_fds_idx[fd] = idx;
+ /* This builtin issues a full memory barrier. */
+ __sync_synchronize();
+}
+
+static void reset_socket_info_index(int fd)
+{
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fd=%d idx=%d",
+ fd, -1);
+ set_socket_info_index(fd, -1);
+}
+static int find_socket_info_index(int fd)
+{
+ if (fd < 0) {
+ return -1;
+ }
+
+ if (socket_fds_idx == NULL) {
+ return -1;
+ }
+
+ if ((size_t)fd >= socket_fds_max) {
+ /*
+ * Do not add a log here as some applications do stupid things
+ * like:
+ *
+ * for (fd = 0; fd <= getdtablesize(); fd++) {
+ * close(fd)
+ * };
+ *
+ * This would produce millions of lines of debug messages.
+ */
+#if 0
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "Looking for a socket info for the fd %d is over the "
+ "max socket index limit of %zu.",
+ fd,
+ socket_fds_max);
+#endif
+ return -1;
+ }
+
+ /* This builtin issues a full memory barrier. */
+ __sync_synchronize();
+ return socket_fds_idx[fd];
+}
+
+static int swrap_add_socket_info(const struct socket_info *si_input)
+{
+ struct socket_info *si = NULL;
+ int si_index = -1;
+
+ if (si_input == NULL) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ swrap_mutex_lock(&first_free_mutex);
if (first_free == -1) {
+ errno = ENFILE;
+ goto out;
+ }
+
+ si_index = first_free;
+ si = swrap_get_socket_info(si_index);
+
+ SWRAP_LOCK_SI(si);
+
+ first_free = swrap_get_next_free(si);
+ *si = *si_input;
+ swrap_inc_refcount(si);
+
+ SWRAP_UNLOCK_SI(si);
+
+out:
+ swrap_mutex_unlock(&first_free_mutex);
+
+ return si_index;
+}
+
+static int swrap_create_socket(struct socket_info *si, int fd)
+{
+ int idx;
+
+ if ((size_t)fd >= socket_fds_max) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ fd);
+ errno = EMFILE;
+ return -1;
+ }
+
+ idx = swrap_add_socket_info(si);
+ if (idx == -1) {
return -1;
}
- next_free = sockets[first_free].next_free;
- ZERO_STRUCT(sockets[first_free]);
- sockets[first_free].next_free = next_free;
+ set_socket_info_index(fd, idx);
- return first_free;
+ return idx;
}
static int convert_un_in(const struct sockaddr_un *un, struct sockaddr *in, socklen_t *len)
if (p) p++; else p = un->sun_path;
if (sscanf(p, SOCKET_FORMAT, &type, &iface, &prt) != 3) {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "sun_path[%s] p[%s]",
+ un->sun_path, p);
errno = EINVAL;
return -1;
}
- SWRAP_LOG(SWRAP_LOG_TRACE, "type %c iface %u port %u",
- type, iface, prt);
-
if (iface == 0 || iface > MAX_WRAPPED_INTERFACES) {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "type %c iface %u port %u",
+ type, iface, prt);
errno = EINVAL;
return -1;
}
if (prt > 0xFFFF) {
+ SWRAP_LOG(SWRAP_LOG_ERROR, "type %c iface %u port %u",
+ type, iface, prt);
errno = EINVAL;
return -1;
}
+ SWRAP_LOG(SWRAP_LOG_TRACE, "type %c iface %u port %u",
+ type, iface, prt);
+
switch(type) {
case SOCKET_TYPE_CHAR_TCP:
case SOCKET_TYPE_CHAR_UDP: {
struct sockaddr_in *in2 = (struct sockaddr_in *)(void *)in;
if ((*len) < sizeof(*in2)) {
- errno = EINVAL;
- return -1;
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "V4: *len(%zu) < sizeof(*in2)=%zu",
+ (size_t)*len, sizeof(*in2));
+ errno = EINVAL;
+ return -1;
}
memset(in2, 0, sizeof(*in2));
in2->sin_family = AF_INET;
- in2->sin_addr.s_addr = htonl((127<<24) | iface);
+ in2->sin_addr.s_addr = htonl(swrap_ipv4_iface(iface));
in2->sin_port = htons(prt);
*len = sizeof(*in2);
struct sockaddr_in6 *in2 = (struct sockaddr_in6 *)(void *)in;
if ((*len) < sizeof(*in2)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "V6: *len(%zu) < sizeof(*in2)=%zu",
+ (size_t)*len, sizeof(*in2));
+ SWRAP_LOG(SWRAP_LOG_ERROR, "LINE:%d", __LINE__);
errno = EINVAL;
return -1;
}
}
#endif
default:
+ SWRAP_LOG(SWRAP_LOG_ERROR, "type %c iface %u port %u",
+ type, iface, prt);
errno = EINVAL;
return -1;
}
unsigned int prt;
unsigned int iface;
int is_bcast = 0;
+ char *swrap_dir = NULL;
if (bcast) *bcast = 0;
char u_type = '\0';
char b_type = '\0';
char a_type = '\0';
+ const unsigned int sw_net_addr = swrap_ipv4_net();
+ const unsigned int sw_bcast_addr = swrap_ipv4_bcast();
switch (si->type) {
case SOCK_STREAM:
b_type = SOCKET_TYPE_CHAR_UDP;
break;
default:
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
errno = ESOCKTNOSUPPORT;
return -1;
}
is_bcast = 2;
type = a_type;
iface = socket_wrapper_default_iface();
- } else if (b_type && addr == 0x7FFFFFFF) {
- /* 127.255.255.255 only udp */
+ } else if (b_type && addr == sw_bcast_addr) {
+ /*
+ * 127.255.255.255
+ * or
+ * 10.255.255.255
+ * only udp
+ */
is_bcast = 1;
type = b_type;
iface = socket_wrapper_default_iface();
- } else if ((addr & 0xFFFFFF00) == 0x7F000000) {
- /* 127.0.0.X */
+ } else if ((addr & 0xFFFFFF00) == sw_net_addr) {
+ /* 127.0.0.X or 10.53.57.X */
is_bcast = 0;
type = u_type;
iface = (addr & 0x000000FF);
type = SOCKET_TYPE_CHAR_UDP_V6;
break;
default:
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
errno = ESOCKTNOSUPPORT;
return -1;
}
}
#endif
default:
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family!\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family!");
errno = ENETUNREACH;
return -1;
}
if (prt == 0) {
- SWRAP_LOG(SWRAP_LOG_WARN, "Port not set\n");
+ SWRAP_LOG(SWRAP_LOG_WARN, "Port not set");
+ errno = EINVAL;
+ return -1;
+ }
+
+ swrap_dir = socket_wrapper_dir();
+ if (swrap_dir == NULL) {
errno = EINVAL;
return -1;
}
if (is_bcast) {
- snprintf(un->sun_path, sizeof(un->sun_path), "%s/EINVAL",
- socket_wrapper_dir());
+ swrap_un_path_EINVAL(un, swrap_dir);
SWRAP_LOG(SWRAP_LOG_DEBUG, "un path [%s]", un->sun_path);
+ SAFE_FREE(swrap_dir);
/* the caller need to do more processing */
return 0;
}
- snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT,
- socket_wrapper_dir(), type, iface, prt);
+ swrap_un_path(un, swrap_dir, type, iface, prt);
SWRAP_LOG(SWRAP_LOG_DEBUG, "un path [%s]", un->sun_path);
+ SAFE_FREE(swrap_dir);
+
return 0;
}
unsigned int iface;
struct stat st;
int is_bcast = 0;
+ char *swrap_dir = NULL;
if (bcast) *bcast = 0;
char d_type = '\0';
char b_type = '\0';
char a_type = '\0';
+ const unsigned int sw_net_addr = swrap_ipv4_net();
+ const unsigned int sw_bcast_addr = swrap_ipv4_bcast();
prt = ntohs(in->sin_port);
b_type = SOCKET_TYPE_CHAR_UDP;
break;
default:
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
errno = ESOCKTNOSUPPORT;
return -1;
}
if (addr == 0) {
/* 0.0.0.0 */
- is_bcast = 0;
+ is_bcast = 0;
type = d_type;
iface = socket_wrapper_default_iface();
} else if (a_type && addr == 0xFFFFFFFF) {
is_bcast = 2;
type = a_type;
iface = socket_wrapper_default_iface();
- } else if (b_type && addr == 0x7FFFFFFF) {
+ } else if (b_type && addr == sw_bcast_addr) {
/* 127.255.255.255 only udp */
is_bcast = 1;
type = b_type;
iface = socket_wrapper_default_iface();
- } else if ((addr & 0xFFFFFF00) == 0x7F000000) {
+ } else if ((addr & 0xFFFFFF00) == sw_net_addr) {
/* 127.0.0.X */
is_bcast = 0;
type = u_type;
ZERO_STRUCT(bind_in);
bind_in.sin_family = in->sin_family;
bind_in.sin_port = in->sin_port;
- bind_in.sin_addr.s_addr = htonl(0x7F000000 | iface);
-
+ bind_in.sin_addr.s_addr = htonl(swrap_ipv4_iface(iface));
si->bindname.sa_socklen = blen;
memcpy(&si->bindname.sa.in, &bind_in, blen);
}
type = SOCKET_TYPE_CHAR_UDP_V6;
break;
default:
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
errno = ESOCKTNOSUPPORT;
return -1;
}
}
#endif
default:
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family");
errno = EADDRNOTAVAIL;
return -1;
}
return -1;
}
+ swrap_dir = socket_wrapper_dir();
+ if (swrap_dir == NULL) {
+ errno = EINVAL;
+ return -1;
+ }
+
if (prt == 0) {
/* handle auto-allocation of ephemeral ports */
for (prt = 5001; prt < 10000; prt++) {
- snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT,
- socket_wrapper_dir(), type, iface, prt);
+ swrap_un_path(un, swrap_dir, type, iface, prt);
if (stat(un->sun_path, &st) == 0) continue;
set_port(si->family, prt, &si->myname);
break;
}
+
if (prt == 10000) {
errno = ENFILE;
+ SAFE_FREE(swrap_dir);
return -1;
}
}
- snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT,
- socket_wrapper_dir(), type, iface, prt);
+ swrap_un_path(un, swrap_dir, type, iface, prt);
SWRAP_LOG(SWRAP_LOG_DEBUG, "un path [%s]", un->sun_path);
- return 0;
-}
-
-static struct socket_info_fd *find_socket_info_fd(int fd)
-{
- struct socket_info_fd *f;
-
- for (f = socket_fds; f; f = f->next) {
- if (f->fd == fd) {
- return f;
- }
- }
-
- return NULL;
-}
-
-static int find_socket_info_index(int fd)
-{
- struct socket_info_fd *fi = find_socket_info_fd(fd);
- if (fi == NULL) {
- return -1;
- }
+ SAFE_FREE(swrap_dir);
- return fi->si_index;
+ return 0;
}
static struct socket_info *find_socket_info(int fd)
return NULL;
}
- return &sockets[idx];
+ return swrap_get_socket_info(idx);
}
#if 0 /* FIXME */
return false;
}
break;
-#if HAVE_IPV6
+#ifdef HAVE_IPV6
case AF_INET6:
if (len < sizeof(struct sockaddr_in6)) {
return false;
}
for (f = socket_fds; f; f = f->next) {
- struct socket_info *s = &sockets[f->si_index];
+ struct socket_info *s = swrap_get_socket_info(f->si_index);
if (s == last_s) {
continue;
return true;
break;
}
-#if HAVE_IPV6
+#ifdef HAVE_IPV6
case AF_INET6: {
struct sockaddr_in6 *sin1, *sin2;
static void swrap_remove_stale(int fd)
{
- struct socket_info_fd *fi = find_socket_info_fd(fd);
struct socket_info *si;
int si_index;
- if (fi == NULL) {
+ SWRAP_LOG(SWRAP_LOG_TRACE, "remove stale wrapper for %d", fd);
+
+ swrap_mutex_lock(&socket_reset_mutex);
+
+ si_index = find_socket_info_index(fd);
+ if (si_index == -1) {
+ swrap_mutex_unlock(&socket_reset_mutex);
return;
}
- si_index = fi->si_index;
+ reset_socket_info_index(fd);
- SWRAP_LOG(SWRAP_LOG_TRACE, "remove stale wrapper for %d", fd);
- SWRAP_DLIST_REMOVE(socket_fds, fi);
- free(fi);
+ si = swrap_get_socket_info(si_index);
- si = &sockets[si_index];
- si->refcount--;
+ swrap_mutex_lock(&first_free_mutex);
+ SWRAP_LOCK_SI(si);
- if (si->refcount > 0) {
- return;
+ swrap_dec_refcount(si);
+
+ if (swrap_get_refcount(si) > 0) {
+ goto out;
}
if (si->un_addr.sun_path[0] != '\0') {
unlink(si->un_addr.sun_path);
}
- si->next_free = first_free;
+ swrap_set_next_free(si, first_free);
first_free = si_index;
+
+out:
+ SWRAP_UNLOCK_SI(si);
+ swrap_mutex_unlock(&first_free_mutex);
+ swrap_mutex_unlock(&socket_reset_mutex);
}
static int sockaddr_convert_to_un(struct socket_info *si,
case SOCK_DGRAM:
break;
default:
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
errno = ESOCKTNOSUPPORT;
return -1;
}
}
errno = EAFNOSUPPORT;
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family");
return -1;
}
case SOCK_DGRAM:
break;
default:
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
errno = ESOCKTNOSUPPORT;
return -1;
}
break;
}
- SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family\n");
+ SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family");
errno = EAFNOSUPPORT;
return -1;
}
if (strncmp(s, "./", 2) == 0) {
s += 2;
}
+ SWRAP_LOG(SWRAP_LOG_TRACE, "SOCKET_WRAPPER_PCAP_FILE: %s", s);
return s;
}
int unreachable,
size_t *_packet_len)
{
- uint8_t *base;
- uint8_t *buf;
- struct swrap_packet_frame *frame;
- union swrap_packet_ip *ip;
+ uint8_t *base = NULL;
+ uint8_t *buf = NULL;
+ union {
+ uint8_t *ptr;
+ struct swrap_packet_frame *frame;
+ } f;
+ union {
+ uint8_t *ptr;
+ union swrap_packet_ip *ip;
+ } i;
union swrap_packet_payload *pay;
size_t packet_len;
size_t alloc_len;
- size_t nonwire_len = sizeof(*frame);
+ size_t nonwire_len = sizeof(struct swrap_packet_frame);
size_t wire_hdr_len = 0;
size_t wire_len = 0;
size_t ip_hdr_len = 0;
dest_in = (const struct sockaddr_in *)(const void *)dest;
src_port = src_in->sin_port;
dest_port = dest_in->sin_port;
- ip_hdr_len = sizeof(ip->v4);
+ ip_hdr_len = sizeof(i.ip->v4);
break;
#ifdef HAVE_IPV6
case AF_INET6:
dest_in6 = (const struct sockaddr_in6 *)(const void *)dest;
src_port = src_in6->sin6_port;
dest_port = dest_in6->sin6_port;
- ip_hdr_len = sizeof(ip->v6);
+ ip_hdr_len = sizeof(i.ip->v6);
break;
#endif
default:
if (wire_len > 64 ) {
icmp_truncate_len = wire_len - 64;
}
- wire_hdr_len += icmp_hdr_len;
wire_len += icmp_hdr_len;
}
}
buf = base;
+ f.ptr = buf;
+
+ f.frame->seconds = tval->tv_sec;
+ f.frame->micro_seconds = tval->tv_usec;
+ f.frame->recorded_length = wire_len - icmp_truncate_len;
+ f.frame->full_length = wire_len - icmp_truncate_len;
- frame = (struct swrap_packet_frame *)(void *)buf;
- frame->seconds = tval->tv_sec;
- frame->micro_seconds = tval->tv_usec;
- frame->recorded_length = wire_len - icmp_truncate_len;
- frame->full_length = wire_len - icmp_truncate_len;
buf += SWRAP_PACKET_FRAME_SIZE;
- ip = (union swrap_packet_ip *)(void *)buf;
+ i.ptr = buf;
switch (src->sa_family) {
case AF_INET:
- ip->v4.ver_hdrlen = 0x45; /* version 4 and 5 * 32 bit words */
- ip->v4.tos = 0x00;
- ip->v4.packet_length = htons(wire_len - icmp_truncate_len);
- ip->v4.identification = htons(0xFFFF);
- ip->v4.flags = 0x40; /* BIT 1 set - means don't fragment */
- ip->v4.fragment = htons(0x0000);
- ip->v4.ttl = 0xFF;
- ip->v4.protocol = protocol;
- ip->v4.hdr_checksum = htons(0x0000);
- ip->v4.src_addr = src_in->sin_addr.s_addr;
- ip->v4.dest_addr = dest_in->sin_addr.s_addr;
+ if (src_in == NULL || dest_in == NULL) {
+ SAFE_FREE(base);
+ return NULL;
+ }
+
+ i.ip->v4.ver_hdrlen = 0x45; /* version 4 and 5 * 32 bit words */
+ i.ip->v4.tos = 0x00;
+ i.ip->v4.packet_length = htons(wire_len - icmp_truncate_len);
+ i.ip->v4.identification = htons(0xFFFF);
+ i.ip->v4.flags = 0x40; /* BIT 1 set - means don't fragment */
+ i.ip->v4.fragment = htons(0x0000);
+ i.ip->v4.ttl = 0xFF;
+ i.ip->v4.protocol = protocol;
+ i.ip->v4.hdr_checksum = htons(0x0000);
+ i.ip->v4.src_addr = src_in->sin_addr.s_addr;
+ i.ip->v4.dest_addr = dest_in->sin_addr.s_addr;
buf += SWRAP_PACKET_IP_V4_SIZE;
break;
#ifdef HAVE_IPV6
case AF_INET6:
- ip->v6.ver_prio = 0x60; /* version 4 and 5 * 32 bit words */
- ip->v6.flow_label_high = 0x00;
- ip->v6.flow_label_low = 0x0000;
- ip->v6.payload_length = htons(wire_len - icmp_truncate_len); /* TODO */
- ip->v6.next_header = protocol;
- memcpy(ip->v6.src_addr, src_in6->sin6_addr.s6_addr, 16);
- memcpy(ip->v6.dest_addr, dest_in6->sin6_addr.s6_addr, 16);
+ if (src_in6 == NULL || dest_in6 == NULL) {
+ SAFE_FREE(base);
+ return NULL;
+ }
+
+ i.ip->v6.ver_prio = 0x60; /* version 4 and 5 * 32 bit words */
+ i.ip->v6.flow_label_high = 0x00;
+ i.ip->v6.flow_label_low = 0x0000;
+ i.ip->v6.payload_length = htons(wire_len - icmp_truncate_len); /* TODO */
+ i.ip->v6.next_header = protocol;
+ memcpy(i.ip->v6.src_addr, src_in6->sin6_addr.s6_addr, 16);
+ memcpy(i.ip->v6.dest_addr, dest_in6->sin6_addr.s6_addr, 16);
buf += SWRAP_PACKET_IP_V6_SIZE;
break;
#endif
pay->icmp4.code = 0x01; /* host unreachable */
pay->icmp4.checksum = htons(0x0000);
pay->icmp4.unused = htonl(0x00000000);
+
buf += SWRAP_PACKET_PAYLOAD_ICMP4_SIZE;
/* set the ip header in the ICMP payload */
- ip = (union swrap_packet_ip *)(void *)buf;
- ip->v4.ver_hdrlen = 0x45; /* version 4 and 5 * 32 bit words */
- ip->v4.tos = 0x00;
- ip->v4.packet_length = htons(wire_len - icmp_hdr_len);
- ip->v4.identification = htons(0xFFFF);
- ip->v4.flags = 0x40; /* BIT 1 set - means don't fragment */
- ip->v4.fragment = htons(0x0000);
- ip->v4.ttl = 0xFF;
- ip->v4.protocol = icmp_protocol;
- ip->v4.hdr_checksum = htons(0x0000);
- ip->v4.src_addr = dest_in->sin_addr.s_addr;
- ip->v4.dest_addr = src_in->sin_addr.s_addr;
+ i.ptr = buf;
+ i.ip->v4.ver_hdrlen = 0x45; /* version 4 and 5 * 32 bit words */
+ i.ip->v4.tos = 0x00;
+ i.ip->v4.packet_length = htons(wire_len - icmp_hdr_len);
+ i.ip->v4.identification = htons(0xFFFF);
+ i.ip->v4.flags = 0x40; /* BIT 1 set - means don't fragment */
+ i.ip->v4.fragment = htons(0x0000);
+ i.ip->v4.ttl = 0xFF;
+ i.ip->v4.protocol = icmp_protocol;
+ i.ip->v4.hdr_checksum = htons(0x0000);
+ i.ip->v4.src_addr = dest_in->sin_addr.s_addr;
+ i.ip->v4.dest_addr = src_in->sin_addr.s_addr;
+
buf += SWRAP_PACKET_IP_V4_SIZE;
src_port = dest_in->sin_port;
buf += SWRAP_PACKET_PAYLOAD_ICMP6_SIZE;
/* set the ip header in the ICMP payload */
- ip = (union swrap_packet_ip *)(void *)buf;
- ip->v6.ver_prio = 0x60; /* version 4 and 5 * 32 bit words */
- ip->v6.flow_label_high = 0x00;
- ip->v6.flow_label_low = 0x0000;
- ip->v6.payload_length = htons(wire_len - icmp_truncate_len); /* TODO */
- ip->v6.next_header = protocol;
- memcpy(ip->v6.src_addr, dest_in6->sin6_addr.s6_addr, 16);
- memcpy(ip->v6.dest_addr, src_in6->sin6_addr.s6_addr, 16);
+ i.ptr = buf;
+ i.ip->v6.ver_prio = 0x60; /* version 4 and 5 * 32 bit words */
+ i.ip->v6.flow_label_high = 0x00;
+ i.ip->v6.flow_label_low = 0x0000;
+ i.ip->v6.payload_length = htons(wire_len - icmp_truncate_len); /* TODO */
+ i.ip->v6.next_header = protocol;
+ memcpy(i.ip->v6.src_addr, dest_in6->sin6_addr.s6_addr, 16);
+ memcpy(i.ip->v6.dest_addr, src_in6->sin6_addr.s6_addr, 16);
+
buf += SWRAP_PACKET_IP_V6_SIZE;
src_port = dest_in6->sin6_port;
if (fd != -1) {
struct swrap_file_hdr file_hdr;
file_hdr.magic = 0xA1B2C3D4;
- file_hdr.version_major = 0x0002;
+ file_hdr.version_major = 0x0002;
file_hdr.version_minor = 0x0004;
file_hdr.timezone = 0x00000000;
file_hdr.sigfigs = 0x00000000;
file_hdr.link_type = 0x0065; /* 101 RAW IP */
if (write(fd, &file_hdr, sizeof(file_hdr)) != sizeof(file_hdr)) {
- close(fd);
+ libc_close(fd);
fd = -1;
}
return fd;
size_t packet_len = 0;
int fd;
+ swrap_mutex_lock(&pcap_dump_mutex);
+
file_name = swrap_pcap_init_file();
if (!file_name) {
- return;
+ goto done;
}
packet = swrap_pcap_marshall_packet(si,
len,
&packet_len);
if (packet == NULL) {
- return;
+ goto done;
}
fd = swrap_pcap_get_fd(file_name);
if (fd != -1) {
if (write(fd, packet, packet_len) != (ssize_t)packet_len) {
free(packet);
- return;
+ goto done;
}
}
free(packet);
+
+done:
+ swrap_mutex_unlock(&pcap_dump_mutex);
}
/****************************************************************************
static int swrap_socket(int family, int type, int protocol)
{
- struct socket_info *si;
- struct socket_info_fd *fi;
+ struct socket_info *si = NULL;
+ struct socket_info _si = { 0 };
int fd;
- int idx;
+ int ret;
int real_type = type;
/*
case AF_PACKET:
#endif /* AF_PACKET */
case AF_UNIX:
- return libc_socket(family, type, protocol);
+ fd = libc_socket(family, type, protocol);
+ if (fd != -1) {
+ /* Check if we have a stale fd and remove it */
+ swrap_remove_stale(fd);
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "Unix socket fd=%d",
+ fd);
+ }
+ return fd;
default:
errno = EAFNOSUPPORT;
return -1;
/* Check if we have a stale fd and remove it */
swrap_remove_stale(fd);
- idx = socket_wrapper_first_free_index();
- if (idx == -1) {
- errno = ENOMEM;
- return -1;
- }
-
- si = &sockets[idx];
-
- si->family = family;
+ si = &_si;
+ si->family = family;
/* however, the rest of the socket_wrapper code expects just
* the type, not the flags */
memcpy(&si->myname.sa.in, &sin, si->myname.sa_socklen);
break;
}
+#ifdef HAVE_IPV6
case AF_INET6: {
struct sockaddr_in6 sin6 = {
.sin6_family = AF_INET6,
memcpy(&si->myname.sa.in6, &sin6, si->myname.sa_socklen);
break;
}
+#endif
default:
errno = EINVAL;
return -1;
}
- fi = (struct socket_info_fd *)calloc(1, sizeof(struct socket_info_fd));
- if (fi == NULL) {
- errno = ENOMEM;
+ ret = swrap_create_socket(si, fd);
+ if (ret == -1) {
+ int saved_errno = errno;
+ libc_close(fd);
+ errno = saved_errno;
return -1;
}
- si->refcount = 1;
- first_free = si->next_free;
- si->next_free = 0;
-
- fi->fd = fd;
- fi->si_index = idx;
-
- SWRAP_DLIST_ADD(socket_fds, fi);
-
SWRAP_LOG(SWRAP_LOG_TRACE,
- "Created %s socket for protocol %s",
- si->family == AF_INET ? "IPv4" : "IPv6",
- si->type == SOCK_DGRAM ? "UDP" : "TCP");
+ "Created %s socket for protocol %s, fd=%d",
+ family == AF_INET ? "IPv4" : "IPv6",
+ real_type == SOCK_DGRAM ? "UDP" : "TCP",
+ fd);
return fd;
}
int flags)
{
struct socket_info *parent_si, *child_si;
- struct socket_info_fd *child_fi;
+ struct socket_info new_si = { 0 };
int fd;
int idx;
struct swrap_address un_addr = {
#endif
}
+
+ /*
+ * prevent parent_si from being altered / closed
+ * while we read it
+ */
+ SWRAP_LOCK_SI(parent_si);
+
/*
* assume out sockaddr have the same size as the in parent
* socket family
*/
in_addr.sa_socklen = socket_length(parent_si->family);
if (in_addr.sa_socklen <= 0) {
+ SWRAP_UNLOCK_SI(parent_si);
errno = EINVAL;
return -1;
}
+ SWRAP_UNLOCK_SI(parent_si);
+
#ifdef HAVE_ACCEPT4
ret = libc_accept4(s, &un_addr.sa.s, &un_addr.sa_socklen, flags);
#else
ret = libc_accept(s, &un_addr.sa.s, &un_addr.sa_socklen);
#endif
if (ret == -1) {
- if (errno == ENOTSOCK) {
+ int saved_errno = errno;
+ if (saved_errno == ENOTSOCK) {
/* Remove stale fds */
swrap_remove_stale(s);
}
+ errno = saved_errno;
return ret;
}
fd = ret;
+ /* Check if we have a stale fd and remove it */
+ swrap_remove_stale(fd);
+
+ if (un_addr.sa.un.sun_path[0] == '\0') {
+ /*
+ * FreeBSD seems to have a problem where
+ * accept4() on the unix socket doesn't
+ * ECONNABORTED for already disconnected connections.
+ *
+ * Let's try libc_getpeername() to get the peer address
+ * as a fallback, but it'll likely return ENOTCONN,
+ * which we have to map to ECONNABORTED.
+ */
+ un_addr.sa_socklen = sizeof(struct sockaddr_un),
+ ret = libc_getpeername(fd, &un_addr.sa.s, &un_addr.sa_socklen);
+ if (ret == -1) {
+ int saved_errno = errno;
+ libc_close(fd);
+ if (saved_errno == ENOTCONN) {
+ /*
+ * If the connection is already disconnected
+ * we should return ECONNABORTED.
+ */
+ saved_errno = ECONNABORTED;
+ }
+ errno = saved_errno;
+ return ret;
+ }
+ }
+
+ ret = libc_getsockname(fd,
+ &un_my_addr.sa.s,
+ &un_my_addr.sa_socklen);
+ if (ret == -1) {
+ int saved_errno = errno;
+ libc_close(fd);
+ if (saved_errno == ENOTCONN) {
+ /*
+ * If the connection is already disconnected
+ * we should return ECONNABORTED.
+ */
+ saved_errno = ECONNABORTED;
+ }
+ errno = saved_errno;
+ return ret;
+ }
+
+ SWRAP_LOCK_SI(parent_si);
+
ret = sockaddr_convert_from_un(parent_si,
&un_addr.sa.un,
un_addr.sa_socklen,
&in_addr.sa.s,
&in_addr.sa_socklen);
if (ret == -1) {
- close(fd);
+ int saved_errno = errno;
+ SWRAP_UNLOCK_SI(parent_si);
+ libc_close(fd);
+ errno = saved_errno;
return ret;
}
- idx = socket_wrapper_first_free_index();
- if (idx == -1) {
- errno = ENOMEM;
- return -1;
- }
-
- child_si = &sockets[idx];
-
- child_fi = (struct socket_info_fd *)calloc(1, sizeof(struct socket_info_fd));
- if (child_fi == NULL) {
- close(fd);
- errno = ENOMEM;
- return -1;
- }
-
- child_fi->fd = fd;
+ child_si = &new_si;
child_si->family = parent_si->family;
child_si->type = parent_si->type;
child_si->is_server = 1;
child_si->connected = 1;
+ SWRAP_UNLOCK_SI(parent_si);
+
child_si->peername = (struct swrap_address) {
.sa_socklen = in_addr.sa_socklen,
};
*addrlen = in_addr.sa_socklen;
}
- ret = libc_getsockname(fd,
- &un_my_addr.sa.s,
- &un_my_addr.sa_socklen);
- if (ret == -1) {
- free(child_fi);
- close(fd);
- return ret;
- }
-
ret = sockaddr_convert_from_un(child_si,
&un_my_addr.sa.un,
un_my_addr.sa_socklen,
&in_my_addr.sa.s,
&in_my_addr.sa_socklen);
if (ret == -1) {
- free(child_fi);
- close(fd);
+ int saved_errno = errno;
+ libc_close(fd);
+ errno = saved_errno;
return ret;
}
};
memcpy(&child_si->myname.sa.ss, &in_my_addr.sa.ss, in_my_addr.sa_socklen);
- child_si->refcount = 1;
- first_free = child_si->next_free;
- child_si->next_free = 0;
-
- child_fi->si_index = idx;
-
- SWRAP_DLIST_ADD(socket_fds, child_fi);
+ idx = swrap_create_socket(&new_si, fd);
+ if (idx == -1) {
+ int saved_errno = errno;
+ libc_close(fd);
+ errno = saved_errno;
+ return -1;
+ }
if (addr != NULL) {
- swrap_pcap_dump_packet(child_si, addr, SWRAP_ACCEPT_SEND, NULL, 0);
- swrap_pcap_dump_packet(child_si, addr, SWRAP_ACCEPT_RECV, NULL, 0);
- swrap_pcap_dump_packet(child_si, addr, SWRAP_ACCEPT_ACK, NULL, 0);
+ struct socket_info *si = swrap_get_socket_info(idx);
+
+ SWRAP_LOCK_SI(si);
+ swrap_pcap_dump_packet(si, addr, SWRAP_ACCEPT_SEND, NULL, 0);
+ swrap_pcap_dump_packet(si, addr, SWRAP_ACCEPT_RECV, NULL, 0);
+ swrap_pcap_dump_packet(si, addr, SWRAP_ACCEPT_ACK, NULL, 0);
+ SWRAP_UNLOCK_SI(si);
}
return fd;
int ret;
int port;
struct stat st;
+ char *swrap_dir = NULL;
+
+ swrap_mutex_lock(&autobind_start_mutex);
if (autobind_start_init != 1) {
autobind_start_init = 1;
memset(&in, 0, sizeof(in));
in.sin_family = AF_INET;
- in.sin_addr.s_addr = htonl(127<<24 |
- socket_wrapper_default_iface());
+ in.sin_addr.s_addr = htonl(swrap_ipv4_iface(
+ socket_wrapper_default_iface()));
si->myname = (struct swrap_address) {
.sa_socklen = sizeof(in),
autobind_start = 10000;
}
+ swrap_dir = socket_wrapper_dir();
+ if (swrap_dir == NULL) {
+ errno = EINVAL;
+ ret = -1;
+ goto done;
+ }
+
for (i = 0; i < SOCKET_MAX_SOCKETS; i++) {
port = autobind_start + i;
- snprintf(un_addr.sa.un.sun_path, sizeof(un_addr.sa.un.sun_path),
- "%s/"SOCKET_FORMAT, socket_wrapper_dir(),
- type, socket_wrapper_default_iface(), port);
+ swrap_un_path(&un_addr.sa.un,
+ swrap_dir,
+ type,
+ socket_wrapper_default_iface(),
+ port);
if (stat(un_addr.sa.un.sun_path, &st) == 0) continue;
ret = libc_bind(fd, &un_addr.sa.s, un_addr.sa_socklen);
ret = 0;
done:
+ SAFE_FREE(swrap_dir);
+ swrap_mutex_unlock(&autobind_start_mutex);
return ret;
}
return libc_connect(s, serv_addr, addrlen);
}
+ SWRAP_LOCK_SI(si);
+
if (si->bound == 0) {
ret = swrap_auto_bind(s, si, serv_addr->sa_family);
if (ret == -1) {
}
if (si->family != serv_addr->sa_family) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "called for fd=%d (family=%d) called with invalid family=%d",
+ s, si->family, serv_addr->sa_family);
errno = EINVAL;
ret = -1;
goto done;
}
done:
+ SWRAP_UNLOCK_SI(si);
return ret;
}
return libc_bind(s, myaddr, addrlen);
}
+ SWRAP_LOCK_SI(si);
+
switch (si->family) {
case AF_INET: {
const struct sockaddr_in *sin;
if (bind_error != 0) {
errno = bind_error;
- return -1;
+ ret = -1;
+ goto out;
}
#if 0 /* FIXME */
in_use = check_addr_port_in_use(myaddr, addrlen);
if (in_use) {
errno = EADDRINUSE;
- return -1;
+ ret = -1;
+ goto out;
}
#endif
1,
&si->bcast);
if (ret == -1) {
- return -1;
+ goto out;
}
unlink(un_addr.sa.un.sun_path);
si->bound = 1;
}
+out:
+ SWRAP_UNLOCK_SI(si);
+
return ret;
}
return libc_listen(s, backlog);
}
+ SWRAP_LOCK_SI(si);
+
if (si->bound == 0) {
ret = swrap_auto_bind(s, si, si->family);
if (ret == -1) {
errno = EADDRINUSE;
- return ret;
+ goto out;
}
}
ret = libc_listen(s, backlog);
+ if (ret == 0) {
+ si->listening = 1;
+ }
+
+out:
+ SWRAP_UNLOCK_SI(si);
return ret;
}
{
struct socket_info *si = find_socket_info(s);
socklen_t len;
+ int ret = -1;
if (!si) {
return libc_getpeername(s, name, addrlen);
}
+ SWRAP_LOCK_SI(si);
+
if (si->peername.sa_socklen == 0)
{
errno = ENOTCONN;
- return -1;
+ goto out;
}
len = MIN(*addrlen, si->peername.sa_socklen);
if (len == 0) {
- return 0;
+ ret = 0;
+ goto out;
}
memcpy(name, &si->peername.sa.ss, len);
*addrlen = si->peername.sa_socklen;
- return 0;
+ ret = 0;
+out:
+ SWRAP_UNLOCK_SI(si);
+
+ return ret;
}
#ifdef HAVE_ACCEPT_PSOCKLEN_T
{
struct socket_info *si = find_socket_info(s);
socklen_t len;
+ int ret = -1;
if (!si) {
return libc_getsockname(s, name, addrlen);
}
+ SWRAP_LOCK_SI(si);
+
len = MIN(*addrlen, si->myname.sa_socklen);
if (len == 0) {
- return 0;
+ ret = 0;
+ goto out;
}
memcpy(name, &si->myname.sa.ss, len);
*addrlen = si->myname.sa_socklen;
- return 0;
+ ret = 0;
+out:
+ SWRAP_UNLOCK_SI(si);
+
+ return ret;
}
#ifdef HAVE_ACCEPT_PSOCKLEN_T
optlen);
}
+ SWRAP_LOCK_SI(si);
+
if (level == SOL_SOCKET) {
switch (optname) {
#ifdef SO_DOMAIN
ret = 0;
goto done;
#endif /* TCP_NODELAY */
+#ifdef TCP_INFO
+ case TCP_INFO: {
+ struct tcp_info info;
+ socklen_t ilen = sizeof(info);
+
+#ifdef HAVE_NETINET_TCP_FSM_H
+/* This is FreeBSD */
+# define __TCP_LISTEN TCPS_LISTEN
+# define __TCP_ESTABLISHED TCPS_ESTABLISHED
+# define __TCP_CLOSE TCPS_CLOSED
+#else
+/* This is Linux */
+# define __TCP_LISTEN TCP_LISTEN
+# define __TCP_ESTABLISHED TCP_ESTABLISHED
+# define __TCP_CLOSE TCP_CLOSE
+#endif
+
+ ZERO_STRUCT(info);
+ if (si->listening) {
+ info.tcpi_state = __TCP_LISTEN;
+ } else if (si->connected) {
+ /*
+ * For now we just fake a few values
+ * supported both by FreeBSD and Linux
+ */
+ info.tcpi_state = __TCP_ESTABLISHED;
+ info.tcpi_rto = 200000; /* 200 msec */
+ info.tcpi_rtt = 5000; /* 5 msec */
+ info.tcpi_rttvar = 5000; /* 5 msec */
+ } else {
+ info.tcpi_state = __TCP_CLOSE;
+ info.tcpi_rto = 1000000; /* 1 sec */
+ info.tcpi_rtt = 0;
+ info.tcpi_rttvar = 250000; /* 250 msec */
+ }
+
+ if (optval == NULL || optlen == NULL ||
+ *optlen < (socklen_t)ilen) {
+ errno = EINVAL;
+ ret = -1;
+ goto done;
+ }
+
+ *optlen = ilen;
+ memcpy(optval, &info, ilen);
+
+ ret = 0;
+ goto done;
+ }
+#endif /* TCP_INFO */
default:
break;
}
ret = -1;
done:
+ SWRAP_UNLOCK_SI(si);
return ret;
}
optname,
optval,
optlen);
- } else if (level == IPPROTO_TCP) {
+ }
+
+ SWRAP_LOCK_SI(si);
+
+ if (level == IPPROTO_TCP) {
switch (optname) {
#ifdef TCP_NODELAY
case TCP_NODELAY: {
}
done:
+ SWRAP_UNLOCK_SI(si);
return ret;
}
{
struct socket_info *si = find_socket_info(s);
va_list ap;
- int value;
+ int *value_ptr = NULL;
int rc;
if (!si) {
return libc_vioctl(s, r, va);
}
+ SWRAP_LOCK_SI(si);
+
va_copy(ap, va);
rc = libc_vioctl(s, r, va);
switch (r) {
case FIONREAD:
- value = *((int *)va_arg(ap, int *));
+ if (rc == 0) {
+ value_ptr = ((int *)va_arg(ap, int *));
+ }
if (rc == -1 && errno != EAGAIN && errno != ENOBUFS) {
swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
- } else if (value == 0) { /* END OF FILE */
+ } else if (value_ptr != NULL && *value_ptr == 0) { /* END OF FILE */
swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
}
break;
+#ifdef FIONWRITE
+ case FIONWRITE:
+ /* this is FreeBSD */
+ FALL_THROUGH; /* to TIOCOUTQ */
+#endif /* FIONWRITE */
+ case TIOCOUTQ: /* same as SIOCOUTQ on Linux */
+ /*
+ * This may return more bytes then the application
+ * sent into the socket, for tcp it should
+ * return the number of unacked bytes.
+ *
+ * On AF_UNIX, all bytes are immediately acked!
+ */
+ if (rc == 0) {
+ value_ptr = ((int *)va_arg(ap, int *));
+ *value_ptr = 0;
+ }
+ break;
}
va_end(ap);
+ SWRAP_UNLOCK_SI(si);
return rc;
}
return rc;
}
-static int swrap_sendmsg_copy_cmsg(struct cmsghdr *cmsg,
+static int swrap_sendmsg_copy_cmsg(const struct cmsghdr *cmsg,
uint8_t **cm_data,
size_t *cm_data_space);
-static int swrap_sendmsg_filter_cmsg_socket(struct cmsghdr *cmsg,
+static int swrap_sendmsg_filter_cmsg_ipproto_ip(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space);
+static int swrap_sendmsg_filter_cmsg_sol_socket(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space);
+
+static int swrap_sendmsg_filter_cmsghdr(const struct msghdr *_msg,
+ uint8_t **cm_data,
+ size_t *cm_data_space)
+{
+ struct msghdr *msg = discard_const_p(struct msghdr, _msg);
+ struct cmsghdr *cmsg;
+ int rc = -1;
+
+ /* Nothing to do */
+ if (msg->msg_controllen == 0 || msg->msg_control == NULL) {
+ return 0;
+ }
+
+ for (cmsg = CMSG_FIRSTHDR(msg);
+ cmsg != NULL;
+ cmsg = CMSG_NXTHDR(msg, cmsg)) {
+ switch (cmsg->cmsg_level) {
+ case IPPROTO_IP:
+ rc = swrap_sendmsg_filter_cmsg_ipproto_ip(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ case SOL_SOCKET:
+ rc = swrap_sendmsg_filter_cmsg_sol_socket(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ default:
+ rc = swrap_sendmsg_copy_cmsg(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ }
+ if (rc < 0) {
+ int saved_errno = errno;
+ SAFE_FREE(*cm_data);
+ *cm_data_space = 0;
+ errno = saved_errno;
+ return rc;
+ }
+ }
+
+ return rc;
+}
+
+static int swrap_sendmsg_copy_cmsg(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space)
+{
+ size_t cmspace;
+ uint8_t *p;
+
+ cmspace = *cm_data_space + CMSG_ALIGN(cmsg->cmsg_len);
+
+ p = realloc((*cm_data), cmspace);
+ if (p == NULL) {
+ return -1;
+ }
+ (*cm_data) = p;
+
+ p = (*cm_data) + (*cm_data_space);
+ *cm_data_space = cmspace;
+
+ memcpy(p, cmsg, cmsg->cmsg_len);
+
+ return 0;
+}
+
+static int swrap_sendmsg_filter_cmsg_pktinfo(const struct cmsghdr *cmsg,
uint8_t **cm_data,
size_t *cm_data_space);
-static int swrap_sendmsg_filter_cmsghdr(struct msghdr *msg,
- uint8_t **cm_data,
- size_t *cm_data_space) {
- struct cmsghdr *cmsg;
+
+static int swrap_sendmsg_filter_cmsg_ipproto_ip(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space)
+{
+ int rc = -1;
+
+ switch(cmsg->cmsg_type) {
+#ifdef IP_PKTINFO
+ case IP_PKTINFO:
+ rc = swrap_sendmsg_filter_cmsg_pktinfo(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+#endif
+#ifdef IPV6_PKTINFO
+ case IPV6_PKTINFO:
+ rc = swrap_sendmsg_filter_cmsg_pktinfo(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+#endif
+ default:
+ break;
+ }
+
+ return rc;
+}
+
+static int swrap_sendmsg_filter_cmsg_pktinfo(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space)
+{
+ (void)cmsg; /* unused */
+ (void)cm_data; /* unused */
+ (void)cm_data_space; /* unused */
+
+ /*
+ * Passing a IP pktinfo to a unix socket might be rejected by the
+ * Kernel, at least on FreeBSD. So skip this cmsg.
+ */
+ return 0;
+}
+
+static int swrap_sendmsg_filter_cmsg_sol_socket(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space)
+{
+ int rc = -1;
+
+ switch (cmsg->cmsg_type) {
+ case SCM_RIGHTS:
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "Ignoring SCM_RIGHTS on inet socket!");
+ rc = 0;
+ break;
+#ifdef SCM_CREDENTIALS
+ case SCM_CREDENTIALS:
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "Ignoring SCM_CREDENTIALS on inet socket!");
+ rc = 0;
+ break;
+#endif /* SCM_CREDENTIALS */
+ default:
+ rc = swrap_sendmsg_copy_cmsg(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ }
+
+ return rc;
+}
+
+static const uint64_t swrap_unix_scm_right_magic = 0x8e0e13f27c42fc36;
+
+/*
+ * We only allow up to 6 fds at a time
+ * as that's more than enough for Samba
+ * and it means we can keep the logic simple
+ * and work with fixed size arrays.
+ *
+ * We also keep sizeof(struct swrap_unix_scm_rights)
+ * under PIPE_BUF (4096) in order to allow a non-blocking
+ * write into the pipe.
+ */
+#ifndef PIPE_BUF
+#define PIPE_BUF 4096
+#endif
+#define SWRAP_MAX_PASSED_FDS ((size_t)6)
+#define SWRAP_MAX_PASSED_SOCKET_INFO SWRAP_MAX_PASSED_FDS
+struct swrap_unix_scm_rights_payload {
+ uint8_t num_idxs;
+ int8_t idxs[SWRAP_MAX_PASSED_FDS];
+ struct socket_info infos[SWRAP_MAX_PASSED_SOCKET_INFO];
+};
+struct swrap_unix_scm_rights {
+ uint64_t magic;
+ char package_name[sizeof(SOCKET_WRAPPER_PACKAGE)];
+ char package_version[sizeof(SOCKET_WRAPPER_VERSION)];
+ uint32_t full_size;
+ uint32_t payload_size;
+ struct swrap_unix_scm_rights_payload payload;
+};
+
+static void swrap_dec_fd_passed_array(size_t num, struct socket_info **array)
+{
+ int saved_errno = errno;
+ size_t i;
+
+ for (i = 0; i < num; i++) {
+ struct socket_info *si = array[i];
+ if (si == NULL) {
+ continue;
+ }
+
+ SWRAP_LOCK_SI(si);
+ swrap_dec_refcount(si);
+ if (si->fd_passed > 0) {
+ si->fd_passed -= 1;
+ }
+ SWRAP_UNLOCK_SI(si);
+ array[i] = NULL;
+ }
+
+ errno = saved_errno;
+}
+
+static void swrap_undo_si_idx_array(size_t num, int *array)
+{
+ int saved_errno = errno;
+ size_t i;
+
+ swrap_mutex_lock(&first_free_mutex);
+
+ for (i = 0; i < num; i++) {
+ struct socket_info *si = NULL;
+
+ if (array[i] == -1) {
+ continue;
+ }
+
+ si = swrap_get_socket_info(array[i]);
+ if (si == NULL) {
+ continue;
+ }
+
+ SWRAP_LOCK_SI(si);
+ swrap_dec_refcount(si);
+ SWRAP_UNLOCK_SI(si);
+
+ swrap_set_next_free(si, first_free);
+ first_free = array[i];
+ array[i] = -1;
+ }
+
+ swrap_mutex_unlock(&first_free_mutex);
+ errno = saved_errno;
+}
+
+static void swrap_close_fd_array(size_t num, const int *array)
+{
+ int saved_errno = errno;
+ size_t i;
+
+ for (i = 0; i < num; i++) {
+ if (array[i] == -1) {
+ continue;
+ }
+ libc_close(array[i]);
+ }
+
+ errno = saved_errno;
+}
+
+union __swrap_fds {
+ const uint8_t *p;
+ int *fds;
+};
+
+union __swrap_cmsghdr {
+ const uint8_t *p;
+ struct cmsghdr *cmsg;
+};
+
+static int swrap_sendmsg_unix_scm_rights(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space,
+ int *scm_rights_pipe_fd)
+{
+ struct swrap_unix_scm_rights info;
+ struct swrap_unix_scm_rights_payload *payload = NULL;
+ int si_idx_array[SWRAP_MAX_PASSED_FDS];
+ struct socket_info *si_array[SWRAP_MAX_PASSED_FDS] = { NULL, };
+ size_t info_idx = 0;
+ size_t size_fds_in;
+ size_t num_fds_in;
+ union __swrap_fds __fds_in = { .p = NULL, };
+ const int *fds_in = NULL;
+ size_t num_fds_out;
+ size_t size_fds_out;
+ union __swrap_fds __fds_out = { .p = NULL, };
+ int *fds_out = NULL;
+ size_t cmsg_len;
+ size_t cmsg_space;
+ size_t new_cm_data_space;
+ union __swrap_cmsghdr __new_cmsg = { .p = NULL, };
+ struct cmsghdr *new_cmsg = NULL;
+ uint8_t *p = NULL;
+ size_t i;
+ int pipefd[2] = { -1, -1 };
+ int rc;
+ ssize_t sret;
+
+ /*
+ * We pass this a buffer to the kernel make sure any padding
+ * is also cleared.
+ */
+ ZERO_STRUCT(info);
+ info.magic = swrap_unix_scm_right_magic;
+ memcpy(info.package_name,
+ SOCKET_WRAPPER_PACKAGE,
+ sizeof(info.package_name));
+ memcpy(info.package_version,
+ SOCKET_WRAPPER_VERSION,
+ sizeof(info.package_version));
+ info.full_size = sizeof(info);
+ info.payload_size = sizeof(info.payload);
+ payload = &info.payload;
+
+ if (*scm_rights_pipe_fd != -1) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "Two SCM_RIGHTS headers are not supported by socket_wrapper");
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (cmsg->cmsg_len < CMSG_LEN(0)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu < CMSG_LEN(0)=%zu",
+ (size_t)cmsg->cmsg_len,
+ CMSG_LEN(0));
+ errno = EINVAL;
+ return -1;
+ }
+ size_fds_in = cmsg->cmsg_len - CMSG_LEN(0);
+ if ((size_fds_in % sizeof(int)) != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu => (size_fds_in=%zu %% sizeof(int)=%zu) != 0",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ sizeof(int));
+ errno = EINVAL;
+ return -1;
+ }
+ num_fds_in = size_fds_in / sizeof(int);
+ if (num_fds_in > SWRAP_MAX_PASSED_FDS) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
+ "num_fds_in=%zu > "
+ "SWRAP_MAX_PASSED_FDS(%zu)",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ num_fds_in,
+ SWRAP_MAX_PASSED_FDS);
+ errno = EINVAL;
+ return -1;
+ }
+ if (num_fds_in == 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
+ "num_fds_in=%zu",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ num_fds_in);
+ errno = EINVAL;
+ return -1;
+ }
+ __fds_in.p = CMSG_DATA(cmsg);
+ fds_in = __fds_in.fds;
+ num_fds_out = num_fds_in + 1;
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "num_fds_in=%zu num_fds_out=%zu",
+ num_fds_in, num_fds_out);
+
+ size_fds_out = sizeof(int) * num_fds_out;
+ cmsg_len = CMSG_LEN(size_fds_out);
+ cmsg_space = CMSG_SPACE(size_fds_out);
+
+ new_cm_data_space = *cm_data_space + cmsg_space;
+
+ p = realloc((*cm_data), new_cm_data_space);
+ if (p == NULL) {
+ return -1;
+ }
+ (*cm_data) = p;
+ p = (*cm_data) + (*cm_data_space);
+ memset(p, 0, cmsg_space);
+ __new_cmsg.p = p;
+ new_cmsg = __new_cmsg.cmsg;
+ *new_cmsg = *cmsg;
+ __fds_out.p = CMSG_DATA(new_cmsg);
+ fds_out = __fds_out.fds;
+ memcpy(fds_out, fds_in, size_fds_in);
+ new_cmsg->cmsg_len = cmsg->cmsg_len;
+
+ for (i = 0; i < num_fds_in; i++) {
+ size_t j;
+
+ payload->idxs[i] = -1;
+ payload->num_idxs++;
+
+ si_idx_array[i] = find_socket_info_index(fds_in[i]);
+ if (si_idx_array[i] == -1) {
+ continue;
+ }
+
+ si_array[i] = swrap_get_socket_info(si_idx_array[i]);
+ if (si_array[i] == NULL) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "fds_in[%zu]=%d si_idx_array[%zu]=%d missing!",
+ i, fds_in[i], i, si_idx_array[i]);
+ errno = EINVAL;
+ return -1;
+ }
+
+ for (j = 0; j < i; j++) {
+ if (si_array[j] == si_array[i]) {
+ payload->idxs[i] = payload->idxs[j];
+ break;
+ }
+ }
+ if (payload->idxs[i] == -1) {
+ if (info_idx >= SWRAP_MAX_PASSED_SOCKET_INFO) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "fds_in[%zu]=%d,si_idx_array[%zu]=%d: "
+ "info_idx=%zu >= SWRAP_MAX_PASSED_FDS(%zu)!",
+ i, fds_in[i], i, si_idx_array[i],
+ info_idx,
+ SWRAP_MAX_PASSED_SOCKET_INFO);
+ errno = EINVAL;
+ return -1;
+ }
+ payload->idxs[i] = info_idx;
+ info_idx += 1;
+ continue;
+ }
+ }
+
+ for (i = 0; i < num_fds_in; i++) {
+ struct socket_info *si = si_array[i];
+
+ if (si == NULL) {
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fds_in[%zu]=%d not an inet socket",
+ i, fds_in[i]);
+ continue;
+ }
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fds_in[%zu]=%d si_idx_array[%zu]=%d "
+ "passing as info.idxs[%zu]=%d!",
+ i, fds_in[i],
+ i, si_idx_array[i],
+ i, payload->idxs[i]);
+
+ SWRAP_LOCK_SI(si);
+ si->fd_passed += 1;
+ payload->infos[payload->idxs[i]] = *si;
+ payload->infos[payload->idxs[i]].fd_passed = 0;
+ SWRAP_UNLOCK_SI(si);
+ }
+
+ rc = pipe(pipefd);
+ if (rc == -1) {
+ int saved_errno = errno;
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "pipe() failed - %d %s",
+ saved_errno,
+ strerror(saved_errno));
+ swrap_dec_fd_passed_array(num_fds_in, si_array);
+ errno = saved_errno;
+ return -1;
+ }
+
+ sret = write(pipefd[1], &info, sizeof(info));
+ if (sret != sizeof(info)) {
+ int saved_errno = errno;
+ if (sret != -1) {
+ saved_errno = EINVAL;
+ }
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "write() failed - sret=%zd - %d %s",
+ sret, saved_errno,
+ strerror(saved_errno));
+ swrap_dec_fd_passed_array(num_fds_in, si_array);
+ libc_close(pipefd[1]);
+ libc_close(pipefd[0]);
+ errno = saved_errno;
+ return -1;
+ }
+ libc_close(pipefd[1]);
+
+ /*
+ * Add the pipe read end to the end of the passed fd array
+ */
+ fds_out[num_fds_in] = pipefd[0];
+ new_cmsg->cmsg_len = cmsg_len;
+
+ /* we're done ... */
+ *scm_rights_pipe_fd = pipefd[0];
+ *cm_data_space = new_cm_data_space;
+
+ return 0;
+}
+
+static int swrap_sendmsg_unix_sol_socket(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space,
+ int *scm_rights_pipe_fd)
+{
+ int rc = -1;
+
+ switch (cmsg->cmsg_type) {
+ case SCM_RIGHTS:
+ rc = swrap_sendmsg_unix_scm_rights(cmsg,
+ cm_data,
+ cm_data_space,
+ scm_rights_pipe_fd);
+ break;
+ default:
+ rc = swrap_sendmsg_copy_cmsg(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ }
+
+ return rc;
+}
+
+static int swrap_recvmsg_unix_scm_rights(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space)
+{
+ int scm_rights_pipe_fd = -1;
+ struct swrap_unix_scm_rights info;
+ struct swrap_unix_scm_rights_payload *payload = NULL;
+ int si_idx_array[SWRAP_MAX_PASSED_FDS];
+ size_t size_fds_in;
+ size_t num_fds_in;
+ union __swrap_fds __fds_in = { .p = NULL, };
+ const int *fds_in = NULL;
+ size_t num_fds_out;
+ size_t size_fds_out;
+ union __swrap_fds __fds_out = { .p = NULL, };
+ int *fds_out = NULL;
+ size_t cmsg_len;
+ size_t cmsg_space;
+ size_t new_cm_data_space;
+ union __swrap_cmsghdr __new_cmsg = { .p = NULL, };
+ struct cmsghdr *new_cmsg = NULL;
+ uint8_t *p = NULL;
+ ssize_t sret;
+ size_t i;
+ int cmp;
+
+ if (cmsg->cmsg_len < CMSG_LEN(0)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu < CMSG_LEN(0)=%zu",
+ (size_t)cmsg->cmsg_len,
+ CMSG_LEN(0));
+ errno = EINVAL;
+ return -1;
+ }
+ size_fds_in = cmsg->cmsg_len - CMSG_LEN(0);
+ if ((size_fds_in % sizeof(int)) != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu => (size_fds_in=%zu %% sizeof(int)=%zu) != 0",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ sizeof(int));
+ errno = EINVAL;
+ return -1;
+ }
+ num_fds_in = size_fds_in / sizeof(int);
+ if (num_fds_in > (SWRAP_MAX_PASSED_FDS + 1)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
+ "num_fds_in=%zu > SWRAP_MAX_PASSED_FDS+1(%zu)",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ num_fds_in,
+ SWRAP_MAX_PASSED_FDS+1);
+ errno = EINVAL;
+ return -1;
+ }
+ if (num_fds_in <= 1) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
+ "num_fds_in=%zu",
+ (size_t)cmsg->cmsg_len,
+ size_fds_in,
+ num_fds_in);
+ errno = EINVAL;
+ return -1;
+ }
+ __fds_in.p = CMSG_DATA(cmsg);
+ fds_in = __fds_in.fds;
+ num_fds_out = num_fds_in - 1;
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "num_fds_in=%zu num_fds_out=%zu",
+ num_fds_in, num_fds_out);
+
+ for (i = 0; i < num_fds_in; i++) {
+ /* Check if we have a stale fd and remove it */
+ swrap_remove_stale(fds_in[i]);
+ }
+
+ scm_rights_pipe_fd = fds_in[num_fds_out];
+ size_fds_out = sizeof(int) * num_fds_out;
+ cmsg_len = CMSG_LEN(size_fds_out);
+ cmsg_space = CMSG_SPACE(size_fds_out);
+
+ new_cm_data_space = *cm_data_space + cmsg_space;
+
+ p = realloc((*cm_data), new_cm_data_space);
+ if (p == NULL) {
+ swrap_close_fd_array(num_fds_in, fds_in);
+ return -1;
+ }
+ (*cm_data) = p;
+ p = (*cm_data) + (*cm_data_space);
+ memset(p, 0, cmsg_space);
+ __new_cmsg.p = p;
+ new_cmsg = __new_cmsg.cmsg;
+ *new_cmsg = *cmsg;
+ __fds_out.p = CMSG_DATA(new_cmsg);
+ fds_out = __fds_out.fds;
+ memcpy(fds_out, fds_in, size_fds_out);
+ new_cmsg->cmsg_len = cmsg_len;
+
+ sret = read(scm_rights_pipe_fd, &info, sizeof(info));
+ if (sret != sizeof(info)) {
+ int saved_errno = errno;
+ if (sret != -1) {
+ saved_errno = EINVAL;
+ }
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "read() failed - sret=%zd - %d %s",
+ sret, saved_errno,
+ strerror(saved_errno));
+ swrap_close_fd_array(num_fds_in, fds_in);
+ errno = saved_errno;
+ return -1;
+ }
+ libc_close(scm_rights_pipe_fd);
+ payload = &info.payload;
+
+ if (info.magic != swrap_unix_scm_right_magic) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.magic=0x%llx != swrap_unix_scm_right_magic=0x%llx",
+ (unsigned long long)info.magic,
+ (unsigned long long)swrap_unix_scm_right_magic);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ cmp = memcmp(info.package_name,
+ SOCKET_WRAPPER_PACKAGE,
+ sizeof(info.package_name));
+ if (cmp != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.package_name='%.*s' != '%s'",
+ (int)sizeof(info.package_name),
+ info.package_name,
+ SOCKET_WRAPPER_PACKAGE);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ cmp = memcmp(info.package_version,
+ SOCKET_WRAPPER_VERSION,
+ sizeof(info.package_version));
+ if (cmp != 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.package_version='%.*s' != '%s'",
+ (int)sizeof(info.package_version),
+ info.package_version,
+ SOCKET_WRAPPER_VERSION);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (info.full_size != sizeof(info)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.full_size=%zu != sizeof(info)=%zu",
+ (size_t)info.full_size,
+ sizeof(info));
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (info.payload_size != sizeof(info.payload)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.payload_size=%zu != sizeof(info.payload)=%zu",
+ (size_t)info.payload_size,
+ sizeof(info.payload));
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (payload->num_idxs != num_fds_out) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "info.num_idxs=%u != num_fds_out=%zu",
+ payload->num_idxs, num_fds_out);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ for (i = 0; i < num_fds_out; i++) {
+ size_t j;
+
+ si_idx_array[i] = -1;
+
+ if (payload->idxs[i] == -1) {
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fds_out[%zu]=%d not an inet socket",
+ i, fds_out[i]);
+ continue;
+ }
+
+ if (payload->idxs[i] < 0) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "fds_out[%zu]=%d info.idxs[%zu]=%d < 0!",
+ i, fds_out[i], i, payload->idxs[i]);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (payload->idxs[i] >= payload->num_idxs) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "fds_out[%zu]=%d info.idxs[%zu]=%d >= %u!",
+ i, fds_out[i], i, payload->idxs[i],
+ payload->num_idxs);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EINVAL;
+ return -1;
+ }
+
+ if ((size_t)fds_out[i] >= socket_fds_max) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ fds_out[i]);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = EMFILE;
+ return -1;
+ }
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "fds_in[%zu]=%d "
+ "received as info.idxs[%zu]=%d!",
+ i, fds_out[i],
+ i, payload->idxs[i]);
+
+ for (j = 0; j < i; j++) {
+ if (payload->idxs[j] == -1) {
+ continue;
+ }
+ if (payload->idxs[j] == payload->idxs[i]) {
+ si_idx_array[i] = si_idx_array[j];
+ }
+ }
+ if (si_idx_array[i] == -1) {
+ const struct socket_info *si = &payload->infos[payload->idxs[i]];
+
+ si_idx_array[i] = swrap_add_socket_info(si);
+ if (si_idx_array[i] == -1) {
+ int saved_errno = errno;
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ fds_out[i]);
+ swrap_undo_si_idx_array(i, si_idx_array);
+ swrap_close_fd_array(num_fds_out, fds_out);
+ errno = saved_errno;
+ return -1;
+ }
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "Imported %s socket for protocol %s, fd=%d",
+ si->family == AF_INET ? "IPv4" : "IPv6",
+ si->type == SOCK_DGRAM ? "UDP" : "TCP",
+ fds_out[i]);
+ }
+ }
+
+ for (i = 0; i < num_fds_out; i++) {
+ if (si_idx_array[i] == -1) {
+ continue;
+ }
+ set_socket_info_index(fds_out[i], si_idx_array[i]);
+ }
+
+ /* we're done ... */
+ *cm_data_space = new_cm_data_space;
+
+ return 0;
+}
+
+static int swrap_recvmsg_unix_sol_socket(const struct cmsghdr *cmsg,
+ uint8_t **cm_data,
+ size_t *cm_data_space)
+{
+ int rc = -1;
+
+ switch (cmsg->cmsg_type) {
+ case SCM_RIGHTS:
+ rc = swrap_recvmsg_unix_scm_rights(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ default:
+ rc = swrap_sendmsg_copy_cmsg(cmsg,
+ cm_data,
+ cm_data_space);
+ break;
+ }
+
+ return rc;
+}
+
+#endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+
+static int swrap_sendmsg_before_unix(const struct msghdr *_msg_in,
+ struct msghdr *msg_tmp,
+ int *scm_rights_pipe_fd)
+{
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ struct msghdr *msg_in = discard_const_p(struct msghdr, _msg_in);
+ struct cmsghdr *cmsg = NULL;
+ uint8_t *cm_data = NULL;
+ size_t cm_data_space = 0;
int rc = -1;
+ *msg_tmp = *msg_in;
+ *scm_rights_pipe_fd = -1;
+
/* Nothing to do */
- if (msg->msg_controllen == 0 || msg->msg_control == NULL) {
+ if (msg_in->msg_controllen == 0 || msg_in->msg_control == NULL) {
return 0;
}
- for (cmsg = CMSG_FIRSTHDR(msg);
+ for (cmsg = CMSG_FIRSTHDR(msg_in);
cmsg != NULL;
- cmsg = CMSG_NXTHDR(msg, cmsg)) {
+ cmsg = CMSG_NXTHDR(msg_in, cmsg)) {
switch (cmsg->cmsg_level) {
- case IPPROTO_IP:
- rc = swrap_sendmsg_filter_cmsg_socket(cmsg,
- cm_data,
- cm_data_space);
+ case SOL_SOCKET:
+ rc = swrap_sendmsg_unix_sol_socket(cmsg,
+ &cm_data,
+ &cm_data_space,
+ scm_rights_pipe_fd);
break;
+
default:
rc = swrap_sendmsg_copy_cmsg(cmsg,
- cm_data,
- cm_data_space);
+ &cm_data,
+ &cm_data_space);
break;
}
+ if (rc < 0) {
+ int saved_errno = errno;
+ SAFE_FREE(cm_data);
+ errno = saved_errno;
+ return rc;
+ }
}
- return rc;
+ msg_tmp->msg_controllen = cm_data_space;
+ msg_tmp->msg_control = cm_data;
+
+ return 0;
+#else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ *msg_tmp = *_msg_in;
+ return 0;
+#endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
}
-static int swrap_sendmsg_copy_cmsg(struct cmsghdr *cmsg,
- uint8_t **cm_data,
- size_t *cm_data_space)
+static ssize_t swrap_sendmsg_after_unix(struct msghdr *msg_tmp,
+ ssize_t ret,
+ int scm_rights_pipe_fd)
{
- size_t cmspace;
- uint8_t *p;
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ int saved_errno = errno;
+ SAFE_FREE(msg_tmp->msg_control);
+ if (scm_rights_pipe_fd != -1) {
+ libc_close(scm_rights_pipe_fd);
+ }
+ errno = saved_errno;
+#endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ return ret;
+}
- cmspace = *cm_data_space + CMSG_ALIGN(cmsg->cmsg_len);
+static int swrap_recvmsg_before_unix(struct msghdr *msg_in,
+ struct msghdr *msg_tmp)
+{
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ const size_t cm_extra_space = CMSG_SPACE(sizeof(int));
+ uint8_t *cm_data = NULL;
+ size_t cm_data_space = 0;
- p = realloc((*cm_data), cmspace);
- if (p == NULL) {
- return -1;
+ *msg_tmp = *msg_in;
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_in->msg_controllen=%zu",
+ (size_t)msg_in->msg_controllen);
+
+ /* Nothing to do */
+ if (msg_in->msg_controllen == 0 || msg_in->msg_control == NULL) {
+ return 0;
}
- (*cm_data) = p;
- p = (*cm_data) + (*cm_data_space);
- *cm_data_space = cmspace;
+ /*
+ * We need to give the kernel a bit more space in order
+ * recv the pipe fd, added by swrap_sendmsg_before_unix()).
+ * swrap_recvmsg_after_unix() will hide it again.
+ */
+ cm_data_space = msg_in->msg_controllen;
+ if (cm_data_space < (INT32_MAX - cm_extra_space)) {
+ cm_data_space += cm_extra_space;
+ }
+ cm_data = calloc(1, cm_data_space);
+ if (cm_data == NULL) {
+ return -1;
+ }
+ memcpy(cm_data, msg_in->msg_control, msg_in->msg_controllen);
- memcpy(p, cmsg, cmsg->cmsg_len);
+ msg_tmp->msg_controllen = cm_data_space;
+ msg_tmp->msg_control = cm_data;
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_tmp->msg_controllen=%zu",
+ (size_t)msg_tmp->msg_controllen);
+ return 0;
+#else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ *msg_tmp = *msg_in;
return 0;
+#endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
}
-static int swrap_sendmsg_filter_cmsg_pktinfo(struct cmsghdr *cmsg,
- uint8_t **cm_data,
- size_t *cm_data_space);
-
-
-static int swrap_sendmsg_filter_cmsg_socket(struct cmsghdr *cmsg,
- uint8_t **cm_data,
- size_t *cm_data_space)
+static ssize_t swrap_recvmsg_after_unix(struct msghdr *msg_tmp,
+ struct msghdr *msg_out,
+ ssize_t ret)
{
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ struct cmsghdr *cmsg = NULL;
+ uint8_t *cm_data = NULL;
+ size_t cm_data_space = 0;
int rc = -1;
- switch(cmsg->cmsg_type) {
-#ifdef IP_PKTINFO
- case IP_PKTINFO:
- rc = swrap_sendmsg_filter_cmsg_pktinfo(cmsg,
- cm_data,
- cm_data_space);
- break;
-#endif
-#ifdef IPV6_PKTINFO
- case IPV6_PKTINFO:
- rc = swrap_sendmsg_filter_cmsg_pktinfo(cmsg,
- cm_data,
- cm_data_space);
- break;
-#endif
- default:
- break;
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_tmp->msg_controllen=%zu",
+ (size_t)msg_tmp->msg_controllen);
+
+ /* Nothing to do */
+ if (msg_tmp->msg_controllen == 0 || msg_tmp->msg_control == NULL) {
+ *msg_out = *msg_tmp;
+ return ret;
}
- return rc;
-}
+ for (cmsg = CMSG_FIRSTHDR(msg_tmp);
+ cmsg != NULL;
+ cmsg = CMSG_NXTHDR(msg_tmp, cmsg)) {
+ switch (cmsg->cmsg_level) {
+ case SOL_SOCKET:
+ rc = swrap_recvmsg_unix_sol_socket(cmsg,
+ &cm_data,
+ &cm_data_space);
+ break;
-static int swrap_sendmsg_filter_cmsg_pktinfo(struct cmsghdr *cmsg,
- uint8_t **cm_data,
- size_t *cm_data_space)
-{
- (void)cmsg; /* unused */
- (void)cm_data; /* unused */
- (void)cm_data_space; /* unused */
+ default:
+ rc = swrap_sendmsg_copy_cmsg(cmsg,
+ &cm_data,
+ &cm_data_space);
+ break;
+ }
+ if (rc < 0) {
+ int saved_errno = errno;
+ SAFE_FREE(cm_data);
+ errno = saved_errno;
+ return rc;
+ }
+ }
/*
- * Passing a IP pktinfo to a unix socket might be rejected by the
- * Kernel, at least on FreeBSD. So skip this cmsg.
+ * msg_tmp->msg_control was created by swrap_recvmsg_before_unix()
+ * and msg_out->msg_control is still the buffer of the caller.
*/
- return 0;
+ SAFE_FREE(msg_tmp->msg_control);
+ msg_tmp->msg_control = msg_out->msg_control;
+ msg_tmp->msg_controllen = msg_out->msg_controllen;
+ *msg_out = *msg_tmp;
+
+ cm_data_space = MIN(cm_data_space, msg_out->msg_controllen);
+ memcpy(msg_out->msg_control, cm_data, cm_data_space);
+ msg_out->msg_controllen = cm_data_space;
+ SAFE_FREE(cm_data);
+
+ SWRAP_LOG(SWRAP_LOG_TRACE,
+ "msg_out->msg_controllen=%zu",
+ (size_t)msg_out->msg_controllen);
+ return ret;
+#else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
+ *msg_out = *msg_tmp;
+ return ret;
+#endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
}
-#endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
static ssize_t swrap_sendmsg_before(int fd,
struct socket_info *si,
int *bcast)
{
size_t i, len = 0;
- ssize_t ret;
+ ssize_t ret = -1;
if (to_un) {
*to_un = NULL;
*bcast = 0;
}
+ SWRAP_LOCK_SI(si);
+
switch (si->type) {
case SOCK_STREAM: {
unsigned long mtu;
if (!si->connected) {
errno = ENOTCONN;
- return -1;
+ goto out;
}
if (msg->msg_iovlen == 0) {
for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
size_t nlen;
nlen = len + msg->msg_iov[i].iov_len;
+ if (nlen < len) {
+ /* overflow */
+ errno = EMSGSIZE;
+ goto out;
+ }
if (nlen > mtu) {
break;
}
if (msg_name == NULL) {
errno = ENOTCONN;
- return -1;
+ goto out;
}
ret = sockaddr_convert_to_un(si, msg_name, msg->msg_namelen,
tmp_un, 0, bcast);
if (ret == -1) {
- return -1;
+ goto out;
}
if (to_un) {
if (si->bound == 0) {
ret = swrap_auto_bind(fd, si, si->family);
if (ret == -1) {
+ SWRAP_UNLOCK_SI(si);
if (errno == ENOTSOCK) {
swrap_remove_stale(fd);
- return -ENOTSOCK;
+ ret = -ENOTSOCK;
} else {
SWRAP_LOG(SWRAP_LOG_ERROR, "swrap_sendmsg_before failed");
- return -1;
}
+ return ret;
}
}
0,
NULL);
if (ret == -1) {
- return -1;
+ goto out;
}
ret = libc_connect(fd,
}
if (ret == -1) {
- return ret;
+ goto out;
}
si->defer_connect = 0;
break;
default:
errno = EHOSTUNREACH;
- return -1;
+ goto out;
}
-#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
- if (msg->msg_controllen > 0 && msg->msg_control != NULL) {
- uint8_t *cmbuf = NULL;
- size_t cmlen = 0;
-
- ret = swrap_sendmsg_filter_cmsghdr(msg, &cmbuf, &cmlen);
- if (ret < 0) {
- free(cmbuf);
- return -1;
- }
-
- if (cmlen == 0) {
- msg->msg_controllen = 0;
- msg->msg_control = NULL;
- } else if (cmlen < msg->msg_controllen && cmbuf != NULL) {
- memcpy(msg->msg_control, cmbuf, cmlen);
- msg->msg_controllen = cmlen;
- }
- free(cmbuf);
- }
-#endif
+ ret = 0;
+out:
+ SWRAP_UNLOCK_SI(si);
- return 0;
+ return ret;
}
static void swrap_sendmsg_after(int fd,
}
len = ofs;
+ SWRAP_LOCK_SI(si);
+
switch (si->type) {
case SOCK_STREAM:
if (ret == -1) {
break;
}
+ SWRAP_UNLOCK_SI(si);
+
free(buf);
errno = saved_errno;
}
struct iovec *tmp_iov)
{
size_t i, len = 0;
- ssize_t ret;
+ int ret = -1;
+
+ SWRAP_LOCK_SI(si);
(void)fd; /* unused */
unsigned int mtu;
if (!si->connected) {
errno = ENOTCONN;
- return -1;
+ goto out;
}
if (msg->msg_iovlen == 0) {
case SOCK_DGRAM:
if (msg->msg_name == NULL) {
errno = EINVAL;
- return -1;
+ goto out;
}
if (msg->msg_iovlen == 0) {
if (si->bound == 0) {
ret = swrap_auto_bind(fd, si, si->family);
if (ret == -1) {
+ SWRAP_UNLOCK_SI(si);
/*
* When attempting to read or write to a
* descriptor, if an underlying autobind fails
*/
if (errno == ENOTSOCK) {
swrap_remove_stale(fd);
- return -ENOTSOCK;
+ ret = -ENOTSOCK;
} else {
SWRAP_LOG(SWRAP_LOG_ERROR,
"swrap_recvmsg_before failed");
- return -1;
}
+ return ret;
}
}
break;
default:
errno = EHOSTUNREACH;
- return -1;
+ goto out;
}
- return 0;
+ ret = 0;
+out:
+ SWRAP_UNLOCK_SI(si);
+
+ return ret;
}
static int swrap_recvmsg_after(int fd,
avail += msg->msg_iov[i].iov_len;
}
+ SWRAP_LOCK_SI(si);
+
/* Convert the socket address before we leave */
if (si->type == SOCK_DGRAM && un_addr != NULL) {
rc = sockaddr_convert_from_un(si,
buf = (uint8_t *)malloc(remain);
if (buf == NULL) {
/* we just not capture the packet */
+ SWRAP_UNLOCK_SI(si);
errno = saved_errno;
return -1;
}
msg->msg_control != NULL) {
rc = swrap_msghdr_add_socket_info(si, msg);
if (rc < 0) {
+ SWRAP_UNLOCK_SI(si);
return -1;
}
}
#endif
+ SWRAP_UNLOCK_SI(si);
return rc;
}
msg.msg_namelen = tolen; /* size of address */
msg.msg_iov = &tmp; /* scatter/gather array */
msg.msg_iovlen = 1; /* # elements in msg_iov */
-#if HAVE_STRUCT_MSGHDR_MSG_CONTROL
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
msg.msg_control = NULL; /* ancillary data, see below */
msg.msg_controllen = 0; /* ancillary data buffer len */
msg.msg_flags = 0; /* flags on received message */
unsigned int iface;
unsigned int prt = ntohs(((const struct sockaddr_in *)(const void *)to)->sin_port);
char type;
+ char *swrap_dir = NULL;
type = SOCKET_TYPE_CHAR_UDP;
+ swrap_dir = socket_wrapper_dir();
+ if (swrap_dir == NULL) {
+ return -1;
+ }
+
for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
- snprintf(un_addr.sa.un.sun_path,
- sizeof(un_addr.sa.un.sun_path),
- "%s/"SOCKET_FORMAT,
- socket_wrapper_dir(), type, iface, prt);
+ swrap_un_path(&un_addr.sa.un,
+ swrap_dir,
+ type,
+ iface,
+ prt);
if (stat(un_addr.sa.un.sun_path, &st) != 0) continue;
/* ignore the any errors in broadcast sends */
un_addr.sa_socklen);
}
+ SAFE_FREE(swrap_dir);
+
+ SWRAP_LOCK_SI(si);
+
swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
+ SWRAP_UNLOCK_SI(si);
+
return len;
}
+ SWRAP_LOCK_SI(si);
/*
* If it is a dgram socket and we are connected, don't include the
* 'to' address.
msg.msg_namelen);
}
+ SWRAP_UNLOCK_SI(si);
+
swrap_sendmsg_after(s, si, &msg, to, ret);
return ret;
msg.msg_namelen = 0; /* size of address */
msg.msg_iov = &tmp; /* scatter/gather array */
msg.msg_iovlen = 1; /* # elements in msg_iov */
-#if HAVE_STRUCT_MSGHDR_MSG_CONTROL
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
msg.msg_control = NULL; /* ancillary data, see below */
msg.msg_controllen = 0; /* ancillary data buffer len */
msg.msg_flags = 0; /* flags on received message */
msg.msg_namelen = 0; /* size of address */
msg.msg_iov = &tmp; /* scatter/gather array */
msg.msg_iovlen = 1; /* # elements in msg_iov */
-#if HAVE_STRUCT_MSGHDR_MSG_CONTROL
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
msg.msg_control = NULL; /* ancillary data, see below */
msg.msg_controllen = 0; /* ancillary data buffer len */
msg.msg_flags = 0; /* flags on received message */
si = find_socket_info(s);
if (si == NULL) {
- return libc_recvmsg(s, omsg, flags);
+ rc = swrap_recvmsg_before_unix(omsg, &msg);
+ if (rc < 0) {
+ return rc;
+ }
+ ret = libc_recvmsg(s, &msg, flags);
+ return swrap_recvmsg_after_unix(&msg, omsg, ret);
}
tmp.iov_base = NULL;
#endif
omsg->msg_iovlen = msg.msg_iovlen;
+ SWRAP_LOCK_SI(si);
+
/*
* From the manpage:
*
omsg->msg_namelen = msg.msg_namelen;
}
+ SWRAP_UNLOCK_SI(si);
+
return ret;
}
int bcast = 0;
if (!si) {
- return libc_sendmsg(s, omsg, flags);
+ int scm_rights_pipe_fd = -1;
+
+ rc = swrap_sendmsg_before_unix(omsg, &msg,
+ &scm_rights_pipe_fd);
+ if (rc < 0) {
+ return rc;
+ }
+ ret = libc_sendmsg(s, &msg, flags);
+ return swrap_sendmsg_after_unix(&msg, ret, scm_rights_pipe_fd);
}
ZERO_STRUCT(un_addr);
ZERO_STRUCT(msg);
+ SWRAP_LOCK_SI(si);
+
if (si->connected == 0) {
msg.msg_name = omsg->msg_name; /* optional address */
msg.msg_namelen = omsg->msg_namelen; /* size of address */
}
msg.msg_iov = omsg->msg_iov; /* scatter/gather array */
msg.msg_iovlen = omsg->msg_iovlen; /* # elements in msg_iov */
+
+ SWRAP_UNLOCK_SI(si);
+
#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
- if (msg.msg_controllen > 0 && msg.msg_control != NULL) {
- /* omsg is a const so use a local buffer for modifications */
- uint8_t cmbuf[omsg->msg_controllen];
+ if (omsg != NULL && omsg->msg_controllen > 0 && omsg->msg_control != NULL) {
+ uint8_t *cmbuf = NULL;
+ size_t cmlen = 0;
- memcpy(cmbuf, omsg->msg_control, omsg->msg_controllen);
+ rc = swrap_sendmsg_filter_cmsghdr(omsg, &cmbuf, &cmlen);
+ if (rc < 0) {
+ return rc;
+ }
- msg.msg_control = cmbuf; /* ancillary data, see below */
- msg.msg_controllen = omsg->msg_controllen; /* ancillary data buffer len */
+ if (cmlen == 0) {
+ msg.msg_controllen = 0;
+ msg.msg_control = NULL;
+ } else {
+ msg.msg_control = cmbuf;
+ msg.msg_controllen = cmlen;
+ }
}
msg.msg_flags = omsg->msg_flags; /* flags on received message */
#endif
-
rc = swrap_sendmsg_before(s, si, &msg, &tmp, &un_addr, &to_un, &to, &bcast);
if (rc < 0) {
+ int saved_errno = errno;
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ SAFE_FREE(msg.msg_control);
+#endif
+ errno = saved_errno;
return -1;
}
off_t ofs = 0;
size_t avail = 0;
size_t remain;
+ char *swrap_dir = NULL;
for (i = 0; i < (size_t)msg.msg_iovlen; i++) {
avail += msg.msg_iov[i].iov_len;
/* we capture it as one single packet */
buf = (uint8_t *)malloc(remain);
if (!buf) {
+ int saved_errno = errno;
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ SAFE_FREE(msg.msg_control);
+#endif
+ errno = saved_errno;
return -1;
}
type = SOCKET_TYPE_CHAR_UDP;
+ swrap_dir = socket_wrapper_dir();
+ if (swrap_dir == NULL) {
+ int saved_errno = errno;
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ SAFE_FREE(msg.msg_control);
+#endif
+ SAFE_FREE(buf);
+ errno = saved_errno;
+ return -1;
+ }
+
for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
- snprintf(un_addr.sun_path, sizeof(un_addr.sun_path), "%s/"SOCKET_FORMAT,
- socket_wrapper_dir(), type, iface, prt);
+ swrap_un_path(&un_addr, swrap_dir, type, iface, prt);
if (stat(un_addr.sun_path, &st) != 0) continue;
msg.msg_name = &un_addr; /* optional address */
libc_sendmsg(s, &msg, flags);
}
+ SAFE_FREE(swrap_dir);
+
+ SWRAP_LOCK_SI(si);
+
swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
free(buf);
+ SWRAP_UNLOCK_SI(si);
+
return len;
}
swrap_sendmsg_after(s, si, &msg, to, ret);
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
+ {
+ int saved_errno = errno;
+ SAFE_FREE(msg.msg_control);
+ errno = saved_errno;
+ }
+#endif
+
return ret;
}
msg.msg_namelen = 0; /* size of address */
msg.msg_iov = discard_const_p(struct iovec, vector); /* scatter/gather array */
msg.msg_iovlen = count; /* # elements in msg_iov */
-#if HAVE_STRUCT_MSGHDR_MSG_CONTROL
+#ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
msg.msg_control = NULL; /* ancillary data, see below */
msg.msg_controllen = 0; /* ancillary data buffer len */
msg.msg_flags = 0; /* flags on received message */
static int swrap_close(int fd)
{
- struct socket_info_fd *fi = find_socket_info_fd(fd);
struct socket_info *si = NULL;
int si_index;
int ret;
- if (fi == NULL) {
+ swrap_mutex_lock(&socket_reset_mutex);
+
+ si_index = find_socket_info_index(fd);
+ if (si_index == -1) {
+ swrap_mutex_unlock(&socket_reset_mutex);
return libc_close(fd);
}
- si_index = fi->si_index;
+ SWRAP_LOG(SWRAP_LOG_TRACE, "Close wrapper for fd=%d", fd);
+ reset_socket_info_index(fd);
- SWRAP_DLIST_REMOVE(socket_fds, fi);
- free(fi);
+ si = swrap_get_socket_info(si_index);
+
+ swrap_mutex_lock(&first_free_mutex);
+ SWRAP_LOCK_SI(si);
ret = libc_close(fd);
- si = &sockets[si_index];
- si->refcount--;
+ swrap_dec_refcount(si);
- if (si->refcount > 0) {
+ if (swrap_get_refcount(si) > 0) {
/* there are still references left */
- return ret;
+ goto out;
+ }
+
+ if (si->fd_passed) {
+ goto set_next_free;
}
if (si->myname.sa_socklen > 0 && si->peername.sa_socklen > 0) {
unlink(si->un_addr.sun_path);
}
- si->next_free = first_free;
+set_next_free:
+ swrap_set_next_free(si, first_free);
first_free = si_index;
+out:
+ SWRAP_UNLOCK_SI(si);
+ swrap_mutex_unlock(&first_free_mutex);
+ swrap_mutex_unlock(&socket_reset_mutex);
+
return ret;
}
static int swrap_dup(int fd)
{
struct socket_info *si;
- struct socket_info_fd *src_fi, *fi;
+ int dup_fd, idx;
- src_fi = find_socket_info_fd(fd);
- if (src_fi == NULL) {
+ idx = find_socket_info_index(fd);
+ if (idx == -1) {
return libc_dup(fd);
}
- si = &sockets[src_fi->si_index];
+ si = swrap_get_socket_info(idx);
- fi = (struct socket_info_fd *)calloc(1, sizeof(struct socket_info_fd));
- if (fi == NULL) {
- errno = ENOMEM;
+ dup_fd = libc_dup(fd);
+ if (dup_fd == -1) {
+ int saved_errno = errno;
+ errno = saved_errno;
return -1;
}
- fi->fd = libc_dup(fd);
- if (fi->fd == -1) {
- int saved_errno = errno;
- free(fi);
- errno = saved_errno;
+ if ((size_t)dup_fd >= socket_fds_max) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ dup_fd);
+ libc_close(dup_fd);
+ errno = EMFILE;
return -1;
}
- si->refcount++;
- fi->si_index = src_fi->si_index;
+ SWRAP_LOCK_SI(si);
+
+ swrap_inc_refcount(si);
+
+ SWRAP_UNLOCK_SI(si);
/* Make sure we don't have an entry for the fd */
- swrap_remove_stale(fi->fd);
+ swrap_remove_stale(dup_fd);
+
+ set_socket_info_index(dup_fd, idx);
- SWRAP_DLIST_ADD_AFTER(socket_fds, fi, src_fi);
- return fi->fd;
+ return dup_fd;
}
int dup(int fd)
static int swrap_dup2(int fd, int newfd)
{
struct socket_info *si;
- struct socket_info_fd *src_fi, *fi;
+ int dup_fd, idx;
- src_fi = find_socket_info_fd(fd);
- if (src_fi == NULL) {
+ idx = find_socket_info_index(fd);
+ if (idx == -1) {
return libc_dup2(fd, newfd);
}
- si = &sockets[src_fi->si_index];
+ si = swrap_get_socket_info(idx);
if (fd == newfd) {
/*
return newfd;
}
+ if ((size_t)newfd >= socket_fds_max) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ newfd);
+ errno = EMFILE;
+ return -1;
+ }
+
if (find_socket_info(newfd)) {
/* dup2() does an implicit close of newfd, which we
* need to emulate */
swrap_close(newfd);
}
- fi = (struct socket_info_fd *)calloc(1, sizeof(struct socket_info_fd));
- if (fi == NULL) {
- errno = ENOMEM;
- return -1;
- }
-
- fi->fd = libc_dup2(fd, newfd);
- if (fi->fd == -1) {
+ dup_fd = libc_dup2(fd, newfd);
+ if (dup_fd == -1) {
int saved_errno = errno;
- free(fi);
errno = saved_errno;
return -1;
}
- si->refcount++;
- fi->si_index = src_fi->si_index;
+ SWRAP_LOCK_SI(si);
+
+ swrap_inc_refcount(si);
+
+ SWRAP_UNLOCK_SI(si);
/* Make sure we don't have an entry for the fd */
- swrap_remove_stale(fi->fd);
+ swrap_remove_stale(dup_fd);
- SWRAP_DLIST_ADD_AFTER(socket_fds, fi, src_fi);
- return fi->fd;
+ set_socket_info_index(dup_fd, idx);
+
+ return dup_fd;
}
int dup2(int fd, int newfd)
static int swrap_vfcntl(int fd, int cmd, va_list va)
{
- struct socket_info_fd *src_fi, *fi;
struct socket_info *si;
- int rc;
+ int rc, dup_fd, idx;
- src_fi = find_socket_info_fd(fd);
- if (src_fi == NULL) {
+ idx = find_socket_info_index(fd);
+ if (idx == -1) {
return libc_vfcntl(fd, cmd, va);
}
- si = &sockets[src_fi->si_index];
+ si = swrap_get_socket_info(idx);
switch (cmd) {
case F_DUPFD:
- fi = (struct socket_info_fd *)calloc(1, sizeof(struct socket_info_fd));
- if (fi == NULL) {
- errno = ENOMEM;
+ dup_fd = libc_vfcntl(fd, cmd, va);
+ if (dup_fd == -1) {
+ int saved_errno = errno;
+ errno = saved_errno;
return -1;
}
- fi->fd = libc_vfcntl(fd, cmd, va);
- if (fi->fd == -1) {
- int saved_errno = errno;
- free(fi);
- errno = saved_errno;
+ /* Make sure we don't have an entry for the fd */
+ swrap_remove_stale(dup_fd);
+
+ if ((size_t)dup_fd >= socket_fds_max) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "The max socket index limit of %zu has been reached, "
+ "trying to add %d",
+ socket_fds_max,
+ dup_fd);
+ libc_close(dup_fd);
+ errno = EMFILE;
return -1;
}
- si->refcount++;
- fi->si_index = src_fi->si_index;
+ SWRAP_LOCK_SI(si);
- /* Make sure we don't have an entry for the fd */
- swrap_remove_stale(fi->fd);
+ swrap_inc_refcount(si);
+
+ SWRAP_UNLOCK_SI(si);
- SWRAP_DLIST_ADD_AFTER(socket_fds, fi, src_fi);
- rc = fi->fd;
+ set_socket_info_index(dup_fd, idx);
+
+ rc = dup_fd;
break;
default:
rc = libc_vfcntl(fd, cmd, va);
static void swrap_thread_prepare(void)
{
+ /*
+ * This function should only be called here!!
+ *
+ * We bind all symobls to avoid deadlocks of the fork is
+ * interrupted by a signal handler using a symbol of this
+ * library.
+ */
+ swrap_bind_symbol_all();
+
SWRAP_LOCK_ALL;
}
static void swrap_thread_child(void)
{
- SWRAP_UNLOCK_ALL;
+ SWRAP_REINIT_ALL;
}
/****************************
***************************/
void swrap_constructor(void)
{
+ if (PIPE_BUF < sizeof(struct swrap_unix_scm_rights)) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "PIPE_BUF=%zu < "
+ "sizeof(struct swrap_unix_scm_rights)=%zu\n"
+ "sizeof(struct swrap_unix_scm_rights_payload)=%zu "
+ "sizeof(struct socket_info)=%zu",
+ (size_t)PIPE_BUF,
+ sizeof(struct swrap_unix_scm_rights),
+ sizeof(struct swrap_unix_scm_rights_payload),
+ sizeof(struct socket_info));
+ exit(-1);
+ }
+
+ SWRAP_REINIT_ALL;
+
/*
* If we hold a lock and the application forks, then the child
* is not able to unlock the mutex and we are in a deadlock.
*/
void swrap_destructor(void)
{
- struct socket_info_fd *s = socket_fds;
+ size_t i;
- while (s != NULL) {
- swrap_close(s->fd);
- s = socket_fds;
+ if (socket_fds_idx != NULL) {
+ for (i = 0; i < socket_fds_max; ++i) {
+ if (socket_fds_idx[i] != -1) {
+ swrap_close(i);
+ }
+ }
+ SAFE_FREE(socket_fds_idx);
}
- free(sockets);
+ SAFE_FREE(sockets);
if (swrap.libc.handle != NULL) {
dlclose(swrap.libc.handle);
dlclose(swrap.libc.socket_handle);
}
}
+
+#if defined(HAVE__SOCKET) && defined(HAVE__CLOSE)
+/*
+ * On FreeBSD 12 (and maybe other platforms)
+ * system libraries like libresolv prefix there
+ * syscalls with '_' in order to always use
+ * the symbols from libc.
+ *
+ * In the interaction with resolv_wrapper,
+ * we need to inject socket wrapper into libresolv,
+ * which means we need to private all socket
+ * related syscalls also with the '_' prefix.
+ *
+ * This is tested in Samba's 'make test',
+ * there we noticed that providing '_read'
+ * and '_open' would cause errors, which
+ * means we skip '_read', '_write' and
+ * all non socket related calls without
+ * further analyzing the problem.
+ */
+#define SWRAP_SYMBOL_ALIAS(__sym, __aliassym) \
+ extern typeof(__sym) __aliassym __attribute__ ((alias(#__sym)))
+
+#ifdef HAVE_ACCEPT4
+SWRAP_SYMBOL_ALIAS(accept4, _accept4);
+#endif
+SWRAP_SYMBOL_ALIAS(accept, _accept);
+SWRAP_SYMBOL_ALIAS(bind, _bind);
+SWRAP_SYMBOL_ALIAS(close, _close);
+SWRAP_SYMBOL_ALIAS(connect, _connect);
+SWRAP_SYMBOL_ALIAS(dup, _dup);
+SWRAP_SYMBOL_ALIAS(dup2, _dup2);
+SWRAP_SYMBOL_ALIAS(fcntl, _fcntl);
+SWRAP_SYMBOL_ALIAS(getpeername, _getpeername);
+SWRAP_SYMBOL_ALIAS(getsockname, _getsockname);
+SWRAP_SYMBOL_ALIAS(getsockopt, _getsockopt);
+SWRAP_SYMBOL_ALIAS(ioctl, _ioctl);
+SWRAP_SYMBOL_ALIAS(listen, _listen);
+SWRAP_SYMBOL_ALIAS(readv, _readv);
+SWRAP_SYMBOL_ALIAS(recv, _recv);
+SWRAP_SYMBOL_ALIAS(recvfrom, _recvfrom);
+SWRAP_SYMBOL_ALIAS(recvmsg, _recvmsg);
+SWRAP_SYMBOL_ALIAS(send, _send);
+SWRAP_SYMBOL_ALIAS(sendmsg, _sendmsg);
+SWRAP_SYMBOL_ALIAS(sendto, _sendto);
+SWRAP_SYMBOL_ALIAS(setsockopt, _setsockopt);
+SWRAP_SYMBOL_ALIAS(socket, _socket);
+SWRAP_SYMBOL_ALIAS(socketpair, _socketpair);
+SWRAP_SYMBOL_ALIAS(writev, _writev);
+
+#endif /* SOCKET_WRAPPER_EXPORT_UNDERSCORE_SYMBOLS */