Mercurial > dropbear

comparison netio.c @ 1032:0da8ba489c23 fastopen

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Move generic network routines to netio.c
author Matt Johnston <matt@ucc.asn.au>
date Fri, 20 Feb 2015 23:16:38 +0800
parents
children ca71904cf3ee
comparison
equal deleted inserted replaced
1031:64c0aa01e2b6 1032:0da8ba489c23
1 #include "netio.h"
2 #include "list.h"
3 #include "dbutil.h"
4 #include "session.h"
5 #include "debug.h"
6
7 struct dropbear_progress_connection {
8 struct addrinfo *res;
9 struct addrinfo *res_iter;
10
11 char *remotehost, *remoteport; /* For error reporting */
12
13 connect_callback cb;
14 void *cb_data;
15
16 struct Queue *writequeue; /* A queue of encrypted packets to send with TCP fastopen,
17 or NULL. */
18
19 int sock;
20
21 char* errstring;
22 };
23
24 #if defined(__linux__) && defined(TCP_DEFER_ACCEPT)
25 static void set_piggyback_ack(int sock) {
26 /* Undocumented Linux feature - set TCP_DEFER_ACCEPT and data will be piggybacked
27 on the 3rd packet (ack) of the TCP handshake. Saves a IP packet.
28 http://thread.gmane.org/gmane.linux.network/224627/focus=224727
29 "Piggyback the final ACK of the three way TCP connection establishment with the data" */
30 int val = 1;
31 /* No error checking, this is opportunistic */
32 int err = setsockopt(sock, IPPROTO_TCP, TCP_DEFER_ACCEPT, (void*)&val, sizeof(val));
33 if (err)
34 {
35 TRACE(("Failed setsockopt TCP_DEFER_ACCEPT: %s", strerror(errno)))
36 }
37 }
38 #endif
39
40
41 /* Deallocate a progress connection. Removes from the pending list if iter!=NULL.
42 Does not close sockets */
43 static void remove_connect(struct dropbear_progress_connection *c, m_list_elem *iter) {
44 if (c->res) {
45 freeaddrinfo(c->res);
46 }
47 m_free(c->remotehost);
48 m_free(c->remoteport);
49 m_free(c->errstring);
50 m_free(c);
51
52 if (iter) {
53 list_remove(iter);
54 }
55 }
56
57 static void cancel_callback(int result, int sock, void* UNUSED(data), const char* UNUSED(errstring)) {
58 if (result == DROPBEAR_SUCCESS)
59 {
60 m_close(sock);
61 }
62 }
63
64 void cancel_connect(struct dropbear_progress_connection *c) {
65 c->cb = cancel_callback;
66 c->cb_data = NULL;
67 }
68
69 static void connect_try_next(struct dropbear_progress_connection *c) {
70 struct addrinfo *r;
71
72 if (!c->res_iter) {
73 return;
74 }
75
76 for (r = c->res_iter; r; r = r->ai_next)
77 {
78 assert(c->sock == -1);
79
80 c->sock = socket(c->res_iter->ai_family, c->res_iter->ai_socktype, c->res_iter->ai_protocol);
81 if (c->sock < 0) {
82 continue;
83 }
84
85 ses.maxfd = MAX(ses.maxfd, c->sock);
86 setnonblocking(c->sock);
87
88 #if defined(__linux__) && defined(TCP_DEFER_ACCEPT)
89 set_piggyback_ack(c->sock);
90 #endif
91
92 #ifdef PROGRESS_CONNECT_FALLBACK
93 #if 0
94 if (connect(c->sock, r->ai_addr, r->ai_addrlen) < 0) {
95 if (errno == EINPROGRESS) {
96 TRACE(("Connect in progress"))
97 break;
98 } else {
99 close(c->sock);
100 c->sock = -1;
101 continue;
102 }
103 }
104
105 break; /* Success. Treated the same as EINPROGRESS */
106 #endif
107 #else
108 {
109 struct msghdr message;
110 int res = 0;
111 memset(&message, 0x0, sizeof(message));
112 message.msg_name = r->ai_addr;
113 message.msg_namelen = r->ai_addrlen;
114
115 if (c->writequeue) {
116 int iovlen; /* Linux msg_iovlen is a size_t */
117 message.msg_iov = packet_queue_to_iovec(c->writequeue, &iovlen);
118 message.msg_iovlen = iovlen;
119 res = sendmsg(c->sock, &message, MSG_FASTOPEN);
120 if (res < 0 && errno == EOPNOTSUPP) {
121 TRACE(("Fastopen not supported"));
122 /* No kernel MSG_FASTOPEN support. Fall back below */
123 c->writequeue = NULL;
124 }
125 m_free(message.msg_iov);
126 if (res > 0) {
127 packet_queue_consume(c->writequeue, res);
128 }
129 }
130
131 if (!c->writequeue) {
132 res = connect(c->sock, r->ai_addr, r->ai_addrlen);
133 }
134 if (res < 0 && errno != EINPROGRESS) {
135 close(c->sock);
136 c->sock = -1;
137 continue;
138 } else {
139 break;
140 }
141 }
142 #endif
143 }
144
145
146 if (r) {
147 c->res_iter = r->ai_next;
148 } else {
149 c->res_iter = NULL;
150 }
151
152 if (c->sock >= 0 || (errno == EINPROGRESS)) {
153 /* Success */
154 set_sock_nodelay(c->sock);
155 return;
156 } else {
157 if (!c->res_iter)
158 {
159
160 }
161 /* XXX - returning error message through */
162 #if 0
163 /* Failed */
164 if (errstring != NULL && *errstring == NULL) {
165 int len;
166 len = 20 + strlen(strerror(err));
167 *errstring = (char*)m_malloc(len);
168 snprintf(*errstring, len, "Error connecting: %s", strerror(err));
169 }
170 TRACE(("Error connecting: %s", strerror(err)))
171 #endif
172 }
173 }
174
175 /* Connect via TCP to a host. */
176 struct dropbear_progress_connection *connect_remote(const char* remotehost, const char* remoteport,
177 connect_callback cb, void* cb_data)
178 {
179 struct dropbear_progress_connection *c = NULL;
180 int err;
181 struct addrinfo hints;
182
183 c = m_malloc(sizeof(*c));
184 c->remotehost = m_strdup(remotehost);
185 c->remoteport = m_strdup(remoteport);
186 c->sock = -1;
187 c->cb = cb;
188 c->cb_data = cb_data;
189
190 list_append(&ses.conn_pending, c);
191
192 memset(&hints, 0, sizeof(hints));
193 hints.ai_socktype = SOCK_STREAM;
194 hints.ai_family = PF_UNSPEC;
195
196 err = getaddrinfo(remotehost, remoteport, &hints, &c->res);
197 if (err) {
198 int len;
199 len = 100 + strlen(gai_strerror(err));
200 c->errstring = (char*)m_malloc(len);
201 snprintf(c->errstring, len, "Error resolving '%s' port '%s'. %s",
202 remotehost, remoteport, gai_strerror(err));
203 TRACE(("Error resolving: %s", gai_strerror(err)))
204 return NULL;
205 }
206
207 c->res_iter = c->res;
208
209 return c;
210 }
211
212
213 void set_connect_fds(fd_set *writefd) {
214 m_list_elem *iter;
215 TRACE(("enter handle_connect_fds"))
216 for (iter = ses.conn_pending.first; iter; iter = iter->next) {
217 struct dropbear_progress_connection *c = iter->item;
218 /* Set one going */
219 while (c->res_iter && c->sock < 0)
220 {
221 connect_try_next(c);
222 }
223 if (c->sock >= 0) {
224 FD_SET(c->sock, writefd);
225 } else {
226 m_list_elem *remove_iter;
227 /* Final failure */
228 if (!c->errstring) {
229 c->errstring = m_strdup("unexpected failure");
230 }
231 c->cb(DROPBEAR_FAILURE, -1, c->cb_data, c->errstring);
232 /* Safely remove without invalidating iter */
233 remove_iter = iter;
234 iter = iter->prev;
235 remove_connect(c, remove_iter);
236 }
237 }
238 }
239
240 void handle_connect_fds(fd_set *writefd) {
241 m_list_elem *iter;
242 TRACE(("enter handle_connect_fds"))
243 for (iter = ses.conn_pending.first; iter; iter = iter->next) {
244 int val;
245 socklen_t vallen = sizeof(val);
246 struct dropbear_progress_connection *c = iter->item;
247
248 if (!FD_ISSET(c->sock, writefd)) {
249 continue;
250 }
251
252 TRACE(("handling %s port %s socket %d", c->remotehost, c->remoteport, c->sock));
253
254 if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &val, &vallen) != 0) {
255 TRACE(("handle_connect_fds getsockopt(%d) SO_ERROR failed: %s", c->sock, strerror(errno)))
256 /* This isn't expected to happen - Unix has surprises though, continue gracefully. */
257 m_close(c->sock);
258 c->sock = -1;
259 } else if (val != 0) {
260 /* Connect failed */
261 TRACE(("connect to %s port %s failed.", c->remotehost, c->remoteport))
262 m_close(c->sock);
263 c->sock = -1;
264
265 m_free(c->errstring);
266 c->errstring = strerror(val);
267 } else {
268 /* New connection has been established */
269 c->cb(DROPBEAR_SUCCESS, c->sock, c->cb_data, NULL);
270 remove_connect(c, iter);
271 TRACE(("leave handle_connect_fds - success"))
272 /* Must return here - remove_connect() invalidates iter */
273 return;
274 }
275 }
276 TRACE(("leave handle_connect_fds - end iter"))
277 }
278
279 void connect_set_writequeue(struct dropbear_progress_connection *c, struct Queue *writequeue) {
280 c->writequeue = writequeue;
281 }
282
283 struct iovec * packet_queue_to_iovec(struct Queue *queue, int *ret_iov_count) {
284 struct iovec *iov = NULL;
285 struct Link *l;
286 unsigned int i, packet_type;
287 int len;
288 buffer *writebuf;
289
290 #ifndef IOV_MAX
291 #define IOV_MAX UIO_MAXIOV
292 #endif
293
294 *ret_iov_count = MIN(queue->count, IOV_MAX);
295
296 iov = m_malloc(sizeof(*iov) * *ret_iov_count);
297 for (l = queue->head, i = 0; l; l = l->link, i++)
298 {
299 writebuf = (buffer*)l->item;
300 packet_type = writebuf->data[writebuf->len-1];
301 len = writebuf->len - 1 - writebuf->pos;
302 dropbear_assert(len > 0);
303 TRACE2(("write_packet writev #%d type %d len %d/%d", i, packet_type,
304 len, writebuf->len-1))
305 iov[i].iov_base = buf_getptr(writebuf, len);
306 iov[i].iov_len = len;
307 }
308
309 return iov;
310 }
311
312 void packet_queue_consume(struct Queue *queue, ssize_t written) {
313 buffer *writebuf;
314 int len;
315 while (written > 0) {
316 writebuf = (buffer*)examine(queue);
317 len = writebuf->len - 1 - writebuf->pos;
318 if (len > written) {
319 /* partial buffer write */
320 buf_incrpos(writebuf, written);
321 written = 0;
322 } else {
323 written -= len;
324 dequeue(queue);
325 buf_free(writebuf);
326 }
327 }
328 }
329
330 void set_sock_nodelay(int sock) {
331 int val;
332
333 /* disable nagle */
334 val = 1;
335 setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val));
336 }
337
338 #ifdef DROPBEAR_TCP_FAST_OPEN
339 void set_listen_fast_open(int sock) {
340 int qlen = MAX(MAX_UNAUTH_PER_IP, 5);
341 if (setsockopt(sock, SOL_TCP, TCP_FASTOPEN, &qlen, sizeof(qlen)) != 0) {
342 TRACE(("set_listen_fast_open failed for socket %d: %s", sock, strerror(errno)))
343 }
344 }
345
346 #endif
347
348 void set_sock_priority(int sock, enum dropbear_prio prio) {
349
350 int iptos_val = 0, so_prio_val = 0, rc;
351
352 /* Don't log ENOTSOCK errors so that this can harmlessly be called
353 * on a client '-J' proxy pipe */
354
355 /* set the TOS bit for either ipv4 or ipv6 */
356 #ifdef IPTOS_LOWDELAY
357 if (prio == DROPBEAR_PRIO_LOWDELAY) {
358 iptos_val = IPTOS_LOWDELAY;
359 } else if (prio == DROPBEAR_PRIO_BULK) {
360 iptos_val = IPTOS_THROUGHPUT;
361 }
362 #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS)
363 rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val));
364 if (rc < 0 && errno != ENOTSOCK) {
365 TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno)));
366 }
367 #endif
368 rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val));
369 if (rc < 0 && errno != ENOTSOCK) {
370 TRACE(("Couldn't set IP_TOS (%s)", strerror(errno)));
371 }
372 #endif
373
374 #ifdef SO_PRIORITY
375 if (prio == DROPBEAR_PRIO_LOWDELAY) {
376 so_prio_val = TC_PRIO_INTERACTIVE;
377 } else if (prio == DROPBEAR_PRIO_BULK) {
378 so_prio_val = TC_PRIO_BULK;
379 }
380 /* linux specific, sets QoS class. see tc-prio(8) */
381 rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val));
382 if (rc < 0 && errno != ENOTSOCK)
383 dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)",
384 strerror(errno));
385 #endif
386
387 }
388
389 /* Listen on address:port.
390 * Special cases are address of "" listening on everything,
391 * and address of NULL listening on localhost only.
392 * Returns the number of sockets bound on success, or -1 on failure. On
393 * failure, if errstring wasn't NULL, it'll be a newly malloced error
394 * string.*/
395 int dropbear_listen(const char* address, const char* port,
396 int *socks, unsigned int sockcount, char **errstring, int *maxfd) {
397
398 struct addrinfo hints, *res = NULL, *res0 = NULL;
399 int err;
400 unsigned int nsock;
401 struct linger linger;
402 int val;
403 int sock;
404
405 TRACE(("enter dropbear_listen"))
406
407 memset(&hints, 0, sizeof(hints));
408 hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */
409 hints.ai_socktype = SOCK_STREAM;
410
411 /* for calling getaddrinfo:
412 address == NULL and !AI_PASSIVE: local loopback
413 address == NULL and AI_PASSIVE: all interfaces
414 address != NULL: whatever the address says */
415 if (!address) {
416 TRACE(("dropbear_listen: local loopback"))
417 } else {
418 if (address[0] == '\0') {
419 TRACE(("dropbear_listen: all interfaces"))
420 address = NULL;
421 }
422 hints.ai_flags = AI_PASSIVE;
423 }
424 err = getaddrinfo(address, port, &hints, &res0);
425
426 if (err) {
427 if (errstring != NULL && *errstring == NULL) {
428 int len;
429 len = 20 + strlen(gai_strerror(err));
430 *errstring = (char*)m_malloc(len);
431 snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err));
432 }
433 if (res0) {
434 freeaddrinfo(res0);
435 res0 = NULL;
436 }
437 TRACE(("leave dropbear_listen: failed resolving"))
438 return -1;
439 }
440
441
442 nsock = 0;
443 for (res = res0; res != NULL && nsock < sockcount;
444 res = res->ai_next) {
445
446 /* Get a socket */
447 socks[nsock] = socket(res->ai_family, res->ai_socktype,
448 res->ai_protocol);
449
450 sock = socks[nsock]; /* For clarity */
451
452 if (sock < 0) {
453 err = errno;
454 TRACE(("socket() failed"))
455 continue;
456 }
457
458 /* Various useful socket options */
459 val = 1;
460 /* set to reuse, quick timeout */
461 setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void*) &val, sizeof(val));
462 linger.l_onoff = 1;
463 linger.l_linger = 5;
464 setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger));
465
466 #if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
467 if (res->ai_family == AF_INET6) {
468 int on = 1;
469 if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
470 &on, sizeof(on)) == -1) {
471 dropbear_log(LOG_WARNING, "Couldn't set IPV6_V6ONLY");
472 }
473 }
474 #endif
475
476 set_sock_nodelay(sock);
477
478 if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
479 err = errno;
480 close(sock);
481 TRACE(("bind(%s) failed", port))
482 continue;
483 }
484
485 if (listen(sock, DROPBEAR_LISTEN_BACKLOG) < 0) {
486 err = errno;
487 close(sock);
488 TRACE(("listen() failed"))
489 continue;
490 }
491
492 *maxfd = MAX(*maxfd, sock);
493
494 nsock++;
495 }
496
497 if (res0) {
498 freeaddrinfo(res0);
499 res0 = NULL;
500 }
501
502 if (nsock == 0) {
503 if (errstring != NULL && *errstring == NULL) {
504 int len;
505 len = 20 + strlen(strerror(err));
506 *errstring = (char*)m_malloc(len);
507 snprintf(*errstring, len, "Error listening: %s", strerror(err));
508 }
509 TRACE(("leave dropbear_listen: failure, %s", strerror(err)))
510 return -1;
511 }
512
513 TRACE(("leave dropbear_listen: success, %d socks bound", nsock))
514 return nsock;
515 }
516
517 void get_socket_address(int fd, char **local_host, char **local_port,
518 char **remote_host, char **remote_port, int host_lookup)
519 {
520 struct sockaddr_storage addr;
521 socklen_t addrlen;
522
523 if (local_host || local_port) {
524 addrlen = sizeof(addr);
525 if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
526 dropbear_exit("Failed socket address: %s", strerror(errno));
527 }
528 getaddrstring(&addr, local_host, local_port, host_lookup);
529 }
530 if (remote_host || remote_port) {
531 addrlen = sizeof(addr);
532 if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) < 0) {
533 dropbear_exit("Failed socket address: %s", strerror(errno));
534 }
535 getaddrstring(&addr, remote_host, remote_port, host_lookup);
536 }
537 }
538
539 /* Return a string representation of the socket address passed. The return
540 * value is allocated with malloc() */
541 void getaddrstring(struct sockaddr_storage* addr,
542 char **ret_host, char **ret_port,
543 int host_lookup) {
544
545 char host[NI_MAXHOST+1], serv[NI_MAXSERV+1];
546 unsigned int len;
547 int ret;
548
549 int flags = NI_NUMERICSERV | NI_NUMERICHOST;
550
551 #ifndef DO_HOST_LOOKUP
552 host_lookup = 0;
553 #endif
554
555 if (host_lookup) {
556 flags = NI_NUMERICSERV;
557 }
558
559 len = sizeof(struct sockaddr_storage);
560 /* Some platforms such as Solaris 8 require that len is the length
561 * of the specific structure. Some older linux systems (glibc 2.1.3
562 * such as debian potato) have sockaddr_storage.__ss_family instead
563 * but we'll ignore them */
564 #ifdef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY
565 if (addr->ss_family == AF_INET) {
566 len = sizeof(struct sockaddr_in);
567 }
568 #ifdef AF_INET6
569 if (addr->ss_family == AF_INET6) {
570 len = sizeof(struct sockaddr_in6);
571 }
572 #endif
573 #endif
574
575 ret = getnameinfo((struct sockaddr*)addr, len, host, sizeof(host)-1,
576 serv, sizeof(serv)-1, flags);
577
578 if (ret != 0) {
579 if (host_lookup) {
580 /* On some systems (Darwin does it) we get EINTR from getnameinfo
581 * somehow. Eew. So we'll just return the IP, since that doesn't seem
582 * to exhibit that behaviour. */
583 getaddrstring(addr, ret_host, ret_port, 0);
584 return;
585 } else {
586 /* if we can't do a numeric lookup, something's gone terribly wrong */
587 dropbear_exit("Failed lookup: %s", gai_strerror(ret));
588 }
589 }
590
591 if (ret_host) {
592 *ret_host = m_strdup(host);
593 }
594 if (ret_port) {
595 *ret_port = m_strdup(serv);
596 }
597 }
598