search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
rpc_server: Fix a comment
[samba4-gss.git] / third_party / socket_wrapper / socket_wrapper.c
blob37799c82419f60db19c65866490ba3752f40682a
1 /*
2 * BSD 3-Clause License
3 *
4 * Copyright (c) 2005-2008, Jelmer Vernooij <jelmer@samba.org>
5 * Copyright (c) 2006-2021, Stefan Metzmacher <metze@samba.org>
6 * Copyright (c) 2013-2021, Andreas Schneider <asn@samba.org>
7 * Copyright (c) 2014-2017, Michael Adam <obnox@samba.org>
8 * Copyright (c) 2016-2018, Anoop C S <anoopcs@redhat.com>
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 *
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 *
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 *
22 * 3. Neither the name of the author nor the names of its contributors
23 * may be used to endorse or promote products derived from this software
24 * without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 * SUCH DAMAGE.
37 */
38
39 /*
40 Socket wrapper library. Passes all socket communication over
41 unix domain sockets if the environment variable SOCKET_WRAPPER_DIR
42 is set.
43 */
44
45 #include "config.h"
46
47 /*
48 * Make sure we do not redirect (f)open(at)() or fcntl() to their 64bit
49 * variants
50 */
51 #undef _FILE_OFFSET_BITS
52
53 #include <sys/types.h>
54 #include <sys/time.h>
55 #include <sys/stat.h>
56 #ifdef HAVE_SYS_SYSCALL_H
57 #include <sys/syscall.h>
58 #endif
59 #ifdef HAVE_SYSCALL_H
60 #include <syscall.h>
61 #endif
62 #include <sys/socket.h>
63 #include <sys/ioctl.h>
64 #ifdef HAVE_SYS_FILIO_H
65 #include <sys/filio.h>
66 #endif
67 #ifdef HAVE_SYS_SIGNALFD_H
68 #include <sys/signalfd.h>
69 #endif
70 #ifdef HAVE_SYS_EVENTFD_H
71 #include <sys/eventfd.h>
72 #endif
73 #ifdef HAVE_SYS_TIMERFD_H
74 #include <sys/timerfd.h>
75 #endif
76 #include <sys/uio.h>
77 #include <errno.h>
78 #include <sys/un.h>
79 #include <netinet/in.h>
80 #include <netinet/tcp.h>
81 #ifdef HAVE_NETINET_TCP_FSM_H
82 #include <netinet/tcp_fsm.h>
83 #endif
84 #include <arpa/inet.h>
85 #include <fcntl.h>
86 #include <stdlib.h>
87 #include <string.h>
88 #include <stdio.h>
89 #include <stdint.h>
90 #include <stdarg.h>
91 #include <stdbool.h>
92 #include <unistd.h>
93 #ifdef HAVE_GNU_LIB_NAMES_H
94 #include <gnu/lib-names.h>
95 #endif
96 #ifdef HAVE_RPC_RPC_H
97 #include <rpc/rpc.h>
98 #endif
99 #include <pthread.h>
100
101 #include "socket_wrapper.h"
102
103 #ifdef __USE_FILE_OFFSET64
104 #error -D_FILE_OFFSET_BITS=64 should not be set for socket_wrapper!
105 #endif
106
107 enum swrap_dbglvl_e {
108 SWRAP_LOG_ERROR = 0,
109 SWRAP_LOG_WARN,
110 SWRAP_LOG_DEBUG,
111 SWRAP_LOG_TRACE
112 };
113
114 /* GCC have printf type attribute check. */
115 #ifdef HAVE_FUNCTION_ATTRIBUTE_FORMAT
116 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
117 #else
118 #define PRINTF_ATTRIBUTE(a,b)
119 #endif /* HAVE_FUNCTION_ATTRIBUTE_FORMAT */
120
121 #ifdef HAVE_CONSTRUCTOR_ATTRIBUTE
122 #define CONSTRUCTOR_ATTRIBUTE __attribute__ ((constructor))
123 #else
124 #define CONSTRUCTOR_ATTRIBUTE
125 #endif /* HAVE_CONSTRUCTOR_ATTRIBUTE */
126
127 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
128 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
129 #else
130 #define DESTRUCTOR_ATTRIBUTE
131 #endif
132
133 #ifndef FALL_THROUGH
134 # ifdef HAVE_FALLTHROUGH_ATTRIBUTE
135 # define FALL_THROUGH __attribute__ ((fallthrough))
136 # else /* HAVE_FALLTHROUGH_ATTRIBUTE */
137 # define FALL_THROUGH ((void)0)
138 # endif /* HAVE_FALLTHROUGH_ATTRIBUTE */
139 #endif /* FALL_THROUGH */
140
141 #ifdef HAVE_ADDRESS_SANITIZER_ATTRIBUTE
142 #define DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE __attribute__((no_sanitize_address))
143 #else
144 #define DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
145 #endif
146
147 #ifdef HAVE_GCC_THREAD_LOCAL_STORAGE
148 # define SWRAP_THREAD __thread
149 #else
150 # define SWRAP_THREAD
151 #endif
152
153 #ifndef MIN
154 #define MIN(a,b) ((a)<(b)?(a):(b))
155 #endif
156
157 #ifndef ZERO_STRUCT
158 #define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
159 #endif
160
161 #ifndef ZERO_STRUCTP
162 #define ZERO_STRUCTP(x) do { \
163 if ((x) != NULL) \
164 memset((char *)(x), 0, sizeof(*(x))); \
165 } while(0)
166 #endif
167
168 #ifndef SAFE_FREE
169 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
170 #endif
171
172 #ifndef discard_const
173 #define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
174 #endif
175
176 #ifndef discard_const_p
177 #define discard_const_p(type, ptr) ((type *)discard_const(ptr))
178 #endif
179
180 #define UNUSED(x) (void)(x)
181
182 #ifdef IPV6_PKTINFO
183 # ifndef IPV6_RECVPKTINFO
184 # define IPV6_RECVPKTINFO IPV6_PKTINFO
185 # endif /* IPV6_RECVPKTINFO */
186 #endif /* IPV6_PKTINFO */
187
188 /*
189 * On BSD IP_PKTINFO has a different name because during
190 * the time when they implemented it, there was no RFC.
191 * The name for IPv6 is the same as on Linux.
192 */
193 #ifndef IP_PKTINFO
194 # ifdef IP_RECVDSTADDR
195 # define IP_PKTINFO IP_RECVDSTADDR
196 # endif
197 #endif
198
199 #define socket_wrapper_init_mutex(m) \
200 _socket_wrapper_init_mutex(m, #m)
201
202 /* Add new global locks here please */
203 # define SWRAP_REINIT_ALL do { \
204 int ret; \
205 ret = socket_wrapper_init_mutex(&sockets_mutex); \
206 if (ret != 0) exit(-1); \
207 ret = socket_wrapper_init_mutex(&socket_reset_mutex); \
208 if (ret != 0) exit(-1); \
209 ret = socket_wrapper_init_mutex(&first_free_mutex); \
210 if (ret != 0) exit(-1); \
211 ret = socket_wrapper_init_mutex(&sockets_si_global); \
212 if (ret != 0) exit(-1); \
213 ret = socket_wrapper_init_mutex(&autobind_start_mutex); \
214 if (ret != 0) exit(-1); \
215 ret = socket_wrapper_init_mutex(&pcap_dump_mutex); \
216 if (ret != 0) exit(-1); \
217 ret = socket_wrapper_init_mutex(&mtu_update_mutex); \
218 if (ret != 0) exit(-1); \
219 } while(0)
220
221 # define SWRAP_LOCK_ALL do { \
222 swrap_mutex_lock(&sockets_mutex); \
223 swrap_mutex_lock(&socket_reset_mutex); \
224 swrap_mutex_lock(&first_free_mutex); \
225 swrap_mutex_lock(&sockets_si_global); \
226 swrap_mutex_lock(&autobind_start_mutex); \
227 swrap_mutex_lock(&pcap_dump_mutex); \
228 swrap_mutex_lock(&mtu_update_mutex); \
229 } while(0)
230
231 # define SWRAP_UNLOCK_ALL do { \
232 swrap_mutex_unlock(&mtu_update_mutex); \
233 swrap_mutex_unlock(&pcap_dump_mutex); \
234 swrap_mutex_unlock(&autobind_start_mutex); \
235 swrap_mutex_unlock(&sockets_si_global); \
236 swrap_mutex_unlock(&first_free_mutex); \
237 swrap_mutex_unlock(&socket_reset_mutex); \
238 swrap_mutex_unlock(&sockets_mutex); \
239 } while(0)
240
241 #define SOCKET_INFO_CONTAINER(si) \
242 (struct socket_info_container *)(si)
243
244 #define SWRAP_LOCK_SI(si) do { \
245 struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si); \
246 if (sic != NULL) { \
247 swrap_mutex_lock(&sockets_si_global); \
248 } else { \
249 abort(); \
250 } \
251 } while(0)
252
253 #define SWRAP_UNLOCK_SI(si) do { \
254 struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si); \
255 if (sic != NULL) { \
256 swrap_mutex_unlock(&sockets_si_global); \
257 } else { \
258 abort(); \
259 } \
260 } while(0)
261
262 #if defined(HAVE_GETTIMEOFDAY_TZ) || defined(HAVE_GETTIMEOFDAY_TZ_VOID)
263 #define swrapGetTimeOfDay(tval) gettimeofday(tval,NULL)
264 #else
265 #define swrapGetTimeOfDay(tval) gettimeofday(tval)
266 #endif
267
268 /* we need to use a very terse format here as IRIX 6.4 silently
269 truncates names to 16 chars, so if we use a longer name then we
270 can't tell which port a packet came from with recvfrom()
271
272 with this format we have 8 chars left for the directory name
273 */
274 #define SOCKET_FORMAT "%c%02X%04X"
275 #define SOCKET_TYPE_CHAR_TCP 'T'
276 #define SOCKET_TYPE_CHAR_UDP 'U'
277 #define SOCKET_TYPE_CHAR_TCP_V6 'X'
278 #define SOCKET_TYPE_CHAR_UDP_V6 'Y'
279
280 /*
281 * Set the packet MTU to 1500 bytes for stream sockets to make it it easier to
282 * format PCAP capture files (as the caller will simply continue from here).
283 */
284 #define SOCKET_WRAPPER_MTU_DEFAULT 1500
285 #define SOCKET_WRAPPER_MTU_MIN 512
286 #define SOCKET_WRAPPER_MTU_MAX 32768
287
288 #define SOCKET_MAX_SOCKETS 1024
289
290 /*
291 * Maximum number of socket_info structures that can
292 * be used. Can be overriden by the environment variable
293 * SOCKET_WRAPPER_MAX_SOCKETS.
294 */
295 #define SOCKET_WRAPPER_MAX_SOCKETS_DEFAULT 65535
296
297 #define SOCKET_WRAPPER_MAX_SOCKETS_LIMIT 262140
298
299 /* This limit is to avoid broadcast sendto() needing to stat too many
300 * files. It may be raised (with a performance cost) to up to 254
301 * without changing the format above */
302 #define MAX_WRAPPED_INTERFACES 64
303
304 struct swrap_address {
305 socklen_t sa_socklen;
306 union {
307 struct sockaddr s;
308 struct sockaddr_in in;
309 #ifdef HAVE_IPV6
310 struct sockaddr_in6 in6;
311 #endif
312 struct sockaddr_un un;
313 struct sockaddr_storage ss;
314 } sa;
315 };
316
317 static int first_free;
318
319 struct socket_info
320 {
321 /*
322 * Remember to update swrap_unix_scm_right_magic
323 * on any change.
324 */
325
326 int family;
327 int type;
328 int protocol;
329 int bound;
330 int bcast;
331 int is_server;
332 int connected;
333 int defer_connect;
334 int pktinfo;
335 int tcp_nodelay;
336 int listening;
337 int fd_passed;
338
339 /* The unix path so we can unlink it on close() */
340 struct sockaddr_un un_addr;
341
342 struct swrap_address bindname;
343 struct swrap_address myname;
344 struct swrap_address peername;
345
346 struct {
347 unsigned long pck_snd;
348 unsigned long pck_rcv;
349 } io;
350 };
351
352 struct socket_info_meta
353 {
354 unsigned int refcount;
355 int next_free;
356 /*
357 * As long as we don't use shared memory
358 * for the sockets array, we use
359 * sockets_si_global as a single mutex.
360 *
361 * pthread_mutex_t mutex;
362 */
363 };
364
365 struct socket_info_container
366 {
367 struct socket_info info;
368 struct socket_info_meta meta;
369 };
370
371 static struct socket_info_container *sockets;
372
373 static size_t socket_info_max = 0;
374
375 /*
376 * Allocate the socket array always on the limit value. We want it to be
377 * at least bigger than the default so if we reach the limit we can
378 * still deal with duplicate fds pointing to the same socket_info.
379 */
380 static size_t socket_fds_max = SOCKET_WRAPPER_MAX_SOCKETS_LIMIT;
381
382 /* Hash table to map fds to corresponding socket_info index */
383 static int *socket_fds_idx;
384
385 /* Mutex for syncronizing port selection during swrap_auto_bind() */
386 static pthread_mutex_t autobind_start_mutex = PTHREAD_MUTEX_INITIALIZER;
387
388 /* Mutex to guard the initialization of array of socket_info structures */
389 static pthread_mutex_t sockets_mutex = PTHREAD_MUTEX_INITIALIZER;
390
391 /* Mutex to guard the socket reset in swrap_remove_wrapper() */
392 static pthread_mutex_t socket_reset_mutex = PTHREAD_MUTEX_INITIALIZER;
393
394 /* Mutex to synchronize access to first free index in socket_info array */
395 static pthread_mutex_t first_free_mutex = PTHREAD_MUTEX_INITIALIZER;
396
397 /*
398 * Mutex to synchronize access to to socket_info structures
399 * We use a single global mutex in order to avoid leaking
400 * ~ 38M copy on write memory per fork.
401 * max_sockets=65535 * sizeof(struct socket_info_container)=592 = 38796720
402 */
403 static pthread_mutex_t sockets_si_global = PTHREAD_MUTEX_INITIALIZER;
404
405 /* Mutex to synchronize access to packet capture dump file */
406 static pthread_mutex_t pcap_dump_mutex = PTHREAD_MUTEX_INITIALIZER;
407
408 /* Mutex for synchronizing mtu value fetch*/
409 static pthread_mutex_t mtu_update_mutex = PTHREAD_MUTEX_INITIALIZER;
410
411 /* Function prototypes */
412
413 #if ! defined(HAVE_CONSTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_INIT)
414 /* xlC and other oldschool compilers support (only) this */
415 #pragma init (swrap_constructor)
416 #endif
417 void swrap_constructor(void) CONSTRUCTOR_ATTRIBUTE;
418 #if ! defined(HAVE_DESTRUCTOR_ATTRIBUTE) && defined(HAVE_PRAGMA_FINI)
419 #pragma fini (swrap_destructor)
420 #endif
421 void swrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
422
423 #ifndef HAVE_GETPROGNAME
424 static const char *getprogname(void)
425 {
426 #if defined(HAVE_PROGRAM_INVOCATION_SHORT_NAME)
427 return program_invocation_short_name;
428 #elif defined(HAVE_GETEXECNAME)
429 return getexecname();
430 #else
431 return NULL;
432 #endif /* HAVE_PROGRAM_INVOCATION_SHORT_NAME */
433 }
434 #endif /* HAVE_GETPROGNAME */
435
436 static void swrap_log(enum swrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
437 # define SWRAP_LOG(dbglvl, ...) swrap_log((dbglvl), __func__, __VA_ARGS__)
438
439 static void swrap_log(enum swrap_dbglvl_e dbglvl,
440 const char *func,
441 const char *format, ...)
442 {
443 char buffer[1024];
444 va_list va;
445 const char *d;
446 unsigned int lvl = 0;
447 const char *prefix = "SWRAP";
448 const char *progname = getprogname();
449
450 d = getenv("SOCKET_WRAPPER_DEBUGLEVEL");
451 if (d != NULL) {
452 lvl = atoi(d);
453 }
454
455 if (lvl < dbglvl) {
456 return;
457 }
458
459 va_start(va, format);
460 vsnprintf(buffer, sizeof(buffer), format, va);
461 va_end(va);
462
463 switch (dbglvl) {
464 case SWRAP_LOG_ERROR:
465 prefix = "SWRAP_ERROR";
466 break;
467 case SWRAP_LOG_WARN:
468 prefix = "SWRAP_WARN";
469 break;
470 case SWRAP_LOG_DEBUG:
471 prefix = "SWRAP_DEBUG";
472 break;
473 case SWRAP_LOG_TRACE:
474 prefix = "SWRAP_TRACE";
475 break;
476 }
477
478 if (progname == NULL) {
479 progname = "<unknown>";
480 }
481
482 fprintf(stderr,
483 "%s[%s (%u)] - %s: %s\n",
484 prefix,
485 progname,
486 (unsigned int)getpid(),
487 func,
488 buffer);
489 }
490
491 /*********************************************************
492 * SWRAP LOADING LIBC FUNCTIONS
493 *********************************************************/
494
495 #include <dlfcn.h>
496
497 #ifdef HAVE_ACCEPT4
498 typedef int (*__libc_accept4)(int sockfd,
499 struct sockaddr *addr,
500 socklen_t *addrlen,
501 int flags);
502 #else
503 typedef int (*__libc_accept)(int sockfd,
504 struct sockaddr *addr,
505 socklen_t *addrlen);
506 #endif
507 typedef int (*__libc_bind)(int sockfd,
508 const struct sockaddr *addr,
509 socklen_t addrlen);
510 typedef int (*__libc_close)(int fd);
511 #ifdef HAVE___CLOSE_NOCANCEL
512 typedef int (*__libc___close_nocancel)(int fd);
513 #endif
514 typedef int (*__libc_connect)(int sockfd,
515 const struct sockaddr *addr,
516 socklen_t addrlen);
517 typedef int (*__libc_dup)(int fd);
518 typedef int (*__libc_dup2)(int oldfd, int newfd);
519 typedef int (*__libc_fcntl)(int fd, int cmd, ...);
520 #ifdef HAVE_FCNTL64
521 typedef int (*__libc_fcntl64)(int fd, int cmd, ...);
522 #endif
523 typedef FILE *(*__libc_fopen)(const char *name, const char *mode);
524 #ifdef HAVE_FOPEN64
525 typedef FILE *(*__libc_fopen64)(const char *name, const char *mode);
526 #endif
527 #ifdef HAVE_EVENTFD
528 typedef int (*__libc_eventfd)(int count, int flags);
529 #endif
530 typedef int (*__libc_getpeername)(int sockfd,
531 struct sockaddr *addr,
532 socklen_t *addrlen);
533 typedef int (*__libc_getsockname)(int sockfd,
534 struct sockaddr *addr,
535 socklen_t *addrlen);
536 typedef int (*__libc_getsockopt)(int sockfd,
537 int level,
538 int optname,
539 void *optval,
540 socklen_t *optlen);
541 typedef int (*__libc_ioctl)(int d, unsigned long int request, ...);
542 typedef int (*__libc_listen)(int sockfd, int backlog);
543 typedef int (*__libc_open)(const char *pathname, int flags, ...);
544 #ifdef HAVE_OPEN64
545 typedef int (*__libc_open64)(const char *pathname, int flags, ...);
546 #endif /* HAVE_OPEN64 */
547 #ifdef HAVE_OPENAT64
548 typedef int (*__libc_openat64)(int dirfd, const char *pathname, int flags, ...);
549 #endif /* HAVE_OPENAT64 */
550 typedef int (*__libc_openat)(int dirfd, const char *path, int flags, ...);
551 typedef int (*__libc_pipe)(int pipefd[2]);
552 typedef int (*__libc_read)(int fd, void *buf, size_t count);
553 typedef ssize_t (*__libc_readv)(int fd, const struct iovec *iov, int iovcnt);
554 typedef int (*__libc_recv)(int sockfd, void *buf, size_t len, int flags);
555 typedef int (*__libc_recvfrom)(int sockfd,
556 void *buf,
557 size_t len,
558 int flags,
559 struct sockaddr *src_addr,
560 socklen_t *addrlen);
561 typedef int (*__libc_recvmsg)(int sockfd, const struct msghdr *msg, int flags);
562 #ifdef HAVE_RECVMMSG
563 #if defined(HAVE_RECVMMSG_SSIZE_T_CONST_TIMEOUT)
564 /* FreeBSD */
565 typedef ssize_t (*__libc_recvmmsg)(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags, const struct timespec *timeout);
566 #elif defined(HAVE_RECVMMSG_CONST_TIMEOUT)
567 /* Linux legacy glibc < 2.21 */
568 typedef int (*__libc_recvmmsg)(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, const struct timespec *timeout);
569 #else
570 /* Linux glibc >= 2.21 */
571 typedef int (*__libc_recvmmsg)(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, struct timespec *timeout);
572 #endif
573 #endif /* HAVE_RECVMMSG */
574 typedef int (*__libc_send)(int sockfd, const void *buf, size_t len, int flags);
575 typedef int (*__libc_sendmsg)(int sockfd, const struct msghdr *msg, int flags);
576 #ifdef HAVE_SENDMMSG
577 #if defined(HAVE_SENDMMSG_SSIZE_T)
578 /* FreeBSD */
579 typedef ssize_t (*__libc_sendmmsg)(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags);
580 #else
581 /* Linux */
582 typedef int (*__libc_sendmmsg)(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags);
583 #endif
584 #endif /* HAVE_SENDMMSG */
585 typedef int (*__libc_sendto)(int sockfd,
586 const void *buf,
587 size_t len,
588 int flags,
589 const struct sockaddr *dst_addr,
590 socklen_t addrlen);
591 typedef int (*__libc_setsockopt)(int sockfd,
592 int level,
593 int optname,
594 const void *optval,
595 socklen_t optlen);
596 #ifdef HAVE_SIGNALFD
597 typedef int (*__libc_signalfd)(int fd, const sigset_t *mask, int flags);
598 #endif
599 typedef int (*__libc_socket)(int domain, int type, int protocol);
600 typedef int (*__libc_socketpair)(int domain, int type, int protocol, int sv[2]);
601 #ifdef HAVE_TIMERFD_CREATE
602 typedef int (*__libc_timerfd_create)(int clockid, int flags);
603 #endif
604 typedef ssize_t (*__libc_write)(int fd, const void *buf, size_t count);
605 typedef ssize_t (*__libc_writev)(int fd, const struct iovec *iov, int iovcnt);
606 #ifdef HAVE_SYSCALL
607 typedef long int (*__libc_syscall)(long int sysno, ...);
608 #endif
609
610 #define SWRAP_SYMBOL_ENTRY(i) \
611 union { \
612 __libc_##i f; \
613 void *obj; \
614 } _libc_##i
615
616 struct swrap_libc_symbols {
617 #ifdef HAVE_ACCEPT4
618 SWRAP_SYMBOL_ENTRY(accept4);
619 #else
620 SWRAP_SYMBOL_ENTRY(accept);
621 #endif
622 SWRAP_SYMBOL_ENTRY(bind);
623 SWRAP_SYMBOL_ENTRY(close);
624 #ifdef HAVE___CLOSE_NOCANCEL
625 SWRAP_SYMBOL_ENTRY(__close_nocancel);
626 #endif
627 SWRAP_SYMBOL_ENTRY(connect);
628 SWRAP_SYMBOL_ENTRY(dup);
629 SWRAP_SYMBOL_ENTRY(dup2);
630 SWRAP_SYMBOL_ENTRY(fcntl);
631 #ifdef HAVE_FCNTL64
632 SWRAP_SYMBOL_ENTRY(fcntl64);
633 #endif
634 SWRAP_SYMBOL_ENTRY(fopen);
635 #ifdef HAVE_FOPEN64
636 SWRAP_SYMBOL_ENTRY(fopen64);
637 #endif
638 #ifdef HAVE_EVENTFD
639 SWRAP_SYMBOL_ENTRY(eventfd);
640 #endif
641 SWRAP_SYMBOL_ENTRY(getpeername);
642 SWRAP_SYMBOL_ENTRY(getsockname);
643 SWRAP_SYMBOL_ENTRY(getsockopt);
644 SWRAP_SYMBOL_ENTRY(ioctl);
645 SWRAP_SYMBOL_ENTRY(listen);
646 SWRAP_SYMBOL_ENTRY(open);
647 #ifdef HAVE_OPEN64
648 SWRAP_SYMBOL_ENTRY(open64);
649 #endif
650 #ifdef HAVE_OPENAT64
651 SWRAP_SYMBOL_ENTRY(openat64);
652 #endif
653 SWRAP_SYMBOL_ENTRY(openat);
654 SWRAP_SYMBOL_ENTRY(pipe);
655 SWRAP_SYMBOL_ENTRY(read);
656 SWRAP_SYMBOL_ENTRY(readv);
657 SWRAP_SYMBOL_ENTRY(recv);
658 SWRAP_SYMBOL_ENTRY(recvfrom);
659 SWRAP_SYMBOL_ENTRY(recvmsg);
660 #ifdef HAVE_RECVMMSG
661 SWRAP_SYMBOL_ENTRY(recvmmsg);
662 #endif
663 SWRAP_SYMBOL_ENTRY(send);
664 SWRAP_SYMBOL_ENTRY(sendmsg);
665 #ifdef HAVE_SENDMMSG
666 SWRAP_SYMBOL_ENTRY(sendmmsg);
667 #endif
668 SWRAP_SYMBOL_ENTRY(sendto);
669 SWRAP_SYMBOL_ENTRY(setsockopt);
670 #ifdef HAVE_SIGNALFD
671 SWRAP_SYMBOL_ENTRY(signalfd);
672 #endif
673 SWRAP_SYMBOL_ENTRY(socket);
674 SWRAP_SYMBOL_ENTRY(socketpair);
675 #ifdef HAVE_TIMERFD_CREATE
676 SWRAP_SYMBOL_ENTRY(timerfd_create);
677 #endif
678 SWRAP_SYMBOL_ENTRY(write);
679 SWRAP_SYMBOL_ENTRY(writev);
680 #ifdef HAVE_SYSCALL
681 SWRAP_SYMBOL_ENTRY(syscall);
682 #endif
683 };
684 #undef SWRAP_SYMBOL_ENTRY
685
686 #define SWRAP_SYMBOL_ENTRY(i) \
687 union { \
688 __rtld_default_##i f; \
689 void *obj; \
690 } _rtld_default_##i
691
692 #ifdef HAVE_SYSCALL
693 typedef bool (*__rtld_default_uid_wrapper_syscall_valid)(long int sysno);
694 typedef long int (*__rtld_default_uid_wrapper_syscall_va)(long int sysno, va_list va);
695 #endif
696
697 struct swrap_rtld_default_symbols {
698 #ifdef HAVE_SYSCALL
699 SWRAP_SYMBOL_ENTRY(uid_wrapper_syscall_valid);
700 SWRAP_SYMBOL_ENTRY(uid_wrapper_syscall_va);
701 #else
702 uint8_t dummy;
703 #endif
704 };
705 #undef SWRAP_SYMBOL_ENTRY
706
707 struct swrap {
708 struct {
709 void *handle;
710 void *socket_handle;
711 struct swrap_libc_symbols symbols;
712 } libc;
713
714 struct {
715 struct swrap_rtld_default_symbols symbols;
716 } rtld_default;
717 };
718
719 static struct swrap swrap;
720
721 /* prototypes */
722 static char *socket_wrapper_dir(void);
723
724 #define LIBC_NAME "libc.so"
725
726 enum swrap_lib {
727 SWRAP_LIBC,
728 SWRAP_LIBSOCKET,
729 };
730
731 static const char *swrap_str_lib(enum swrap_lib lib)
732 {
733 switch (lib) {
734 case SWRAP_LIBC:
735 return "libc";
736 case SWRAP_LIBSOCKET:
737 return "libsocket";
738 }
739
740 /* Compiler would warn us about unhandled enum value if we get here */
741 return "unknown";
742 }
743
744 static void *swrap_load_lib_handle(enum swrap_lib lib)
745 {
746 int flags = RTLD_LAZY;
747 void *handle = NULL;
748 int i;
749
750 #ifdef RTLD_DEEPBIND
751 const char *env_preload = getenv("LD_PRELOAD");
752 const char *env_deepbind = getenv("SOCKET_WRAPPER_DISABLE_DEEPBIND");
753 bool enable_deepbind = true;
754
755 /* Don't do a deepbind if we run with libasan */
756 if (env_preload != NULL && strlen(env_preload) < 1024) {
757 const char *p = strstr(env_preload, "libasan.so");
758 if (p != NULL) {
759 enable_deepbind = false;
760 }
761 }
762
763 if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
764 enable_deepbind = false;
765 }
766
767 if (enable_deepbind) {
768 flags |= RTLD_DEEPBIND;
769 }
770 #endif
771
772 switch (lib) {
773 case SWRAP_LIBSOCKET:
774 #ifdef HAVE_LIBSOCKET
775 handle = swrap.libc.socket_handle;
776 if (handle == NULL) {
777 for (i = 10; i >= 0; i--) {
778 char soname[256] = {0};
779
780 snprintf(soname, sizeof(soname), "libsocket.so.%d", i);
781 handle = dlopen(soname, flags);
782 if (handle != NULL) {
783 break;
784 }
785 }
786
787 swrap.libc.socket_handle = handle;
788 }
789 break;
790 #endif
791 case SWRAP_LIBC:
792 handle = swrap.libc.handle;
793 #ifdef LIBC_SO
794 if (handle == NULL) {
795 handle = dlopen(LIBC_SO, flags);
796
797 swrap.libc.handle = handle;
798 }
799 #endif
800 if (handle == NULL) {
801 for (i = 10; i >= 0; i--) {
802 char soname[256] = {0};
803
804 snprintf(soname, sizeof(soname), "libc.so.%d", i);
805 handle = dlopen(soname, flags);
806 if (handle != NULL) {
807 break;
808 }
809 }
810
811 swrap.libc.handle = handle;
812 }
813 break;
814 }
815
816 if (handle == NULL) {
817 #ifdef RTLD_NEXT
818 handle = swrap.libc.handle = swrap.libc.socket_handle = RTLD_NEXT;
819 #else
820 SWRAP_LOG(SWRAP_LOG_ERROR,
821 "Failed to dlopen library: %s",
822 dlerror());
823 exit(-1);
824 #endif
825 }
826
827 return handle;
828 }
829
830 static void *_swrap_bind_symbol(enum swrap_lib lib, const char *fn_name)
831 {
832 void *handle;
833 void *func;
834
835 handle = swrap_load_lib_handle(lib);
836
837 func = dlsym(handle, fn_name);
838 if (func == NULL) {
839 SWRAP_LOG(SWRAP_LOG_ERROR,
840 "Failed to find %s: %s",
841 fn_name,
842 dlerror());
843 exit(-1);
844 }
845
846 SWRAP_LOG(SWRAP_LOG_TRACE,
847 "Loaded %s from %s",
848 fn_name,
849 swrap_str_lib(lib));
850
851 return func;
852 }
853
854 #define swrap_mutex_lock(m) _swrap_mutex_lock(m, #m, __func__, __LINE__)
855 static void _swrap_mutex_lock(pthread_mutex_t *mutex, const char *name, const char *caller, unsigned line)
856 {
857 int ret;
858
859 ret = pthread_mutex_lock(mutex);
860 if (ret != 0) {
861 SWRAP_LOG(SWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't lock pthread mutex(%s) - %s",
862 getpid(), getppid(), caller, line, name, strerror(ret));
863 abort();
864 }
865 }
866
867 #define swrap_mutex_unlock(m) _swrap_mutex_unlock(m, #m, __func__, __LINE__)
868 static void _swrap_mutex_unlock(pthread_mutex_t *mutex, const char *name, const char *caller, unsigned line)
869 {
870 int ret;
871
872 ret = pthread_mutex_unlock(mutex);
873 if (ret != 0) {
874 SWRAP_LOG(SWRAP_LOG_ERROR, "PID(%d):PPID(%d): %s(%u): Couldn't unlock pthread mutex(%s) - %s",
875 getpid(), getppid(), caller, line, name, strerror(ret));
876 abort();
877 }
878 }
879
880 /*
881 * These macros have a thread race condition on purpose!
882 *
883 * This is an optimization to avoid locking each time we check if the symbol is
884 * bound.
885 */
886 #define _swrap_bind_symbol_generic(lib, sym_name) do { \
887 swrap.libc.symbols._libc_##sym_name.obj = \
888 _swrap_bind_symbol(lib, #sym_name); \
889 } while(0);
890
891 #define swrap_bind_symbol_libc(sym_name) \
892 _swrap_bind_symbol_generic(SWRAP_LIBC, sym_name)
893
894 #define swrap_bind_symbol_libsocket(sym_name) \
895 _swrap_bind_symbol_generic(SWRAP_LIBSOCKET, sym_name)
896
897 #define swrap_bind_symbol_rtld_default_optional(sym_name) do { \
898 swrap.rtld_default.symbols._rtld_default_##sym_name.obj = \
899 dlsym(RTLD_DEFAULT, #sym_name); \
900 } while(0);
901
902 static void swrap_bind_symbol_all(void);
903
904 /****************************************************************************
905 * IMPORTANT
906 ****************************************************************************
907 *
908 * Functions especially from libc need to be loaded individually, you can't
909 * load all at once or gdb will segfault at startup. The same applies to
910 * valgrind and has probably something todo with with the linker. So we need
911 * load each function at the point it is called the first time.
912 *
913 ****************************************************************************/
914
915 #ifdef HAVE_ACCEPT4
916 static int libc_accept4(int sockfd,
917 struct sockaddr *addr,
918 socklen_t *addrlen,
919 int flags)
920 {
921 swrap_bind_symbol_all();
922
923 return swrap.libc.symbols._libc_accept4.f(sockfd, addr, addrlen, flags);
924 }
925
926 #else /* HAVE_ACCEPT4 */
927
928 static int libc_accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen)
929 {
930 swrap_bind_symbol_all();
931
932 return swrap.libc.symbols._libc_accept.f(sockfd, addr, addrlen);
933 }
934 #endif /* HAVE_ACCEPT4 */
935
936 static int libc_bind(int sockfd,
937 const struct sockaddr *addr,
938 socklen_t addrlen)
939 {
940 swrap_bind_symbol_all();
941
942 return swrap.libc.symbols._libc_bind.f(sockfd, addr, addrlen);
943 }
944
945 static int libc_close(int fd)
946 {
947 swrap_bind_symbol_all();
948
949 return swrap.libc.symbols._libc_close.f(fd);
950 }
951
952 #ifdef HAVE___CLOSE_NOCANCEL
953 static int libc___close_nocancel(int fd)
954 {
955 swrap_bind_symbol_all();
956
957 return swrap.libc.symbols._libc___close_nocancel.f(fd);
958 }
959 #endif /* HAVE___CLOSE_NOCANCEL */
960
961 static int libc_connect(int sockfd,
962 const struct sockaddr *addr,
963 socklen_t addrlen)
964 {
965 swrap_bind_symbol_all();
966
967 return swrap.libc.symbols._libc_connect.f(sockfd, addr, addrlen);
968 }
969
970 static int libc_dup(int fd)
971 {
972 swrap_bind_symbol_all();
973
974 return swrap.libc.symbols._libc_dup.f(fd);
975 }
976
977 static int libc_dup2(int oldfd, int newfd)
978 {
979 swrap_bind_symbol_all();
980
981 return swrap.libc.symbols._libc_dup2.f(oldfd, newfd);
982 }
983
984 #ifdef HAVE_EVENTFD
985 static int libc_eventfd(int count, int flags)
986 {
987 swrap_bind_symbol_all();
988
989 return swrap.libc.symbols._libc_eventfd.f(count, flags);
990 }
991 #endif
992
993 DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
994 static int libc_vfcntl(int fd, int cmd, va_list ap)
995 {
996 void *arg;
997 int rc;
998
999 swrap_bind_symbol_all();
1000
1001 arg = va_arg(ap, void *);
1002
1003 rc = swrap.libc.symbols._libc_fcntl.f(fd, cmd, arg);
1004
1005 return rc;
1006 }
1007
1008 #ifdef HAVE_FCNTL64
1009 DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
1010 static int libc_vfcntl64(int fd, int cmd, va_list ap)
1011 {
1012 void *arg;
1013 int rc;
1014
1015 swrap_bind_symbol_all();
1016
1017 arg = va_arg(ap, void *);
1018
1019 rc = swrap.libc.symbols._libc_fcntl64.f(fd, cmd, arg);
1020
1021 return rc;
1022 }
1023 #endif
1024
1025 static int libc_getpeername(int sockfd,
1026 struct sockaddr *addr,
1027 socklen_t *addrlen)
1028 {
1029 swrap_bind_symbol_all();
1030
1031 return swrap.libc.symbols._libc_getpeername.f(sockfd, addr, addrlen);
1032 }
1033
1034 static int libc_getsockname(int sockfd,
1035 struct sockaddr *addr,
1036 socklen_t *addrlen)
1037 {
1038 swrap_bind_symbol_all();
1039
1040 return swrap.libc.symbols._libc_getsockname.f(sockfd, addr, addrlen);
1041 }
1042
1043 static int libc_getsockopt(int sockfd,
1044 int level,
1045 int optname,
1046 void *optval,
1047 socklen_t *optlen)
1048 {
1049 swrap_bind_symbol_all();
1050
1051 return swrap.libc.symbols._libc_getsockopt.f(sockfd,
1052 level,
1053 optname,
1054 optval,
1055 optlen);
1056 }
1057
1058 DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
1059 static int libc_vioctl(int d, unsigned long int request, va_list ap)
1060 {
1061 void *arg;
1062 int rc;
1063
1064 swrap_bind_symbol_all();
1065
1066 arg = va_arg(ap, void *);
1067
1068 rc = swrap.libc.symbols._libc_ioctl.f(d, request, arg);
1069
1070 return rc;
1071 }
1072
1073 static int libc_listen(int sockfd, int backlog)
1074 {
1075 swrap_bind_symbol_all();
1076
1077 return swrap.libc.symbols._libc_listen.f(sockfd, backlog);
1078 }
1079
1080 static FILE *libc_fopen(const char *name, const char *mode)
1081 {
1082 swrap_bind_symbol_all();
1083
1084 return swrap.libc.symbols._libc_fopen.f(name, mode);
1085 }
1086
1087 #ifdef HAVE_FOPEN64
1088 static FILE *libc_fopen64(const char *name, const char *mode)
1089 {
1090 swrap_bind_symbol_all();
1091
1092 return swrap.libc.symbols._libc_fopen64.f(name, mode);
1093 }
1094 #endif /* HAVE_FOPEN64 */
1095
1096 static void swrap_inject_o_largefile(int *flags)
1097 {
1098 (void)*flags; /* maybe unused */
1099 #if SIZE_MAX == 0xffffffffUL && defined(O_LARGEFILE)
1100 #ifdef O_PATH
1101 if (((*flags) & O_PATH) == 0)
1102 #endif
1103 {
1104 *flags |= O_LARGEFILE;
1105 }
1106 #endif
1107 }
1108
1109 static int libc_vopen(const char *pathname, int flags, va_list ap)
1110 {
1111 int mode = 0;
1112 int fd;
1113
1114 swrap_bind_symbol_all();
1115
1116 swrap_inject_o_largefile(&flags);
1117
1118 if (flags & O_CREAT) {
1119 mode = va_arg(ap, int);
1120 }
1121 fd = swrap.libc.symbols._libc_open.f(pathname, flags, (mode_t)mode);
1122
1123 return fd;
1124 }
1125
1126 static int libc_open(const char *pathname, int flags, ...)
1127 {
1128 va_list ap;
1129 int fd;
1130
1131 va_start(ap, flags);
1132 fd = libc_vopen(pathname, flags, ap);
1133 va_end(ap);
1134
1135 return fd;
1136 }
1137
1138 #ifdef HAVE_OPEN64
1139 static int libc_vopen64(const char *pathname, int flags, va_list ap)
1140 {
1141 int mode = 0;
1142 int fd;
1143
1144 swrap_bind_symbol_all();
1145
1146 swrap_inject_o_largefile(&flags);
1147
1148 if (flags & O_CREAT) {
1149 mode = va_arg(ap, int);
1150 }
1151 fd = swrap.libc.symbols._libc_open64.f(pathname, flags, (mode_t)mode);
1152
1153 return fd;
1154 }
1155 #endif /* HAVE_OPEN64 */
1156
1157 #ifdef HAVE_OPENAT64
1158 static int
1159 libc_vopenat64(int dirfd, const char *pathname, int flags, va_list ap)
1160 {
1161 int mode = 0;
1162 int fd;
1163
1164 swrap_bind_symbol_all();
1165
1166 swrap_inject_o_largefile(&flags);
1167
1168 if (flags & O_CREAT) {
1169 mode = va_arg(ap, int);
1170 }
1171 fd = swrap.libc.symbols._libc_openat64.f(dirfd,
1172 pathname,
1173 flags,
1174 (mode_t)mode);
1175
1176 return fd;
1177 }
1178 #endif /* HAVE_OPENAT64 */
1179
1180 static int libc_vopenat(int dirfd, const char *path, int flags, va_list ap)
1181 {
1182 int mode = 0;
1183 int fd;
1184
1185 swrap_bind_symbol_all();
1186
1187 swrap_inject_o_largefile(&flags);
1188
1189 if (flags & O_CREAT) {
1190 mode = va_arg(ap, int);
1191 }
1192 fd = swrap.libc.symbols._libc_openat.f(dirfd,
1193 path,
1194 flags,
1195 (mode_t)mode);
1196
1197 return fd;
1198 }
1199
1200 #if 0
1201 static int libc_openat(int dirfd, const char *path, int flags, ...)
1202 {
1203 va_list ap;
1204 int fd;
1205
1206 va_start(ap, flags);
1207 fd = libc_vopenat(dirfd, path, flags, ap);
1208 va_end(ap);
1209
1210 return fd;
1211 }
1212 #endif
1213
1214 static int libc_pipe(int pipefd[2])
1215 {
1216 swrap_bind_symbol_all();
1217
1218 return swrap.libc.symbols._libc_pipe.f(pipefd);
1219 }
1220
1221 static int libc_read(int fd, void *buf, size_t count)
1222 {
1223 swrap_bind_symbol_all();
1224
1225 return swrap.libc.symbols._libc_read.f(fd, buf, count);
1226 }
1227
1228 static ssize_t libc_readv(int fd, const struct iovec *iov, int iovcnt)
1229 {
1230 swrap_bind_symbol_all();
1231
1232 return swrap.libc.symbols._libc_readv.f(fd, iov, iovcnt);
1233 }
1234
1235 static int libc_recv(int sockfd, void *buf, size_t len, int flags)
1236 {
1237 swrap_bind_symbol_all();
1238
1239 return swrap.libc.symbols._libc_recv.f(sockfd, buf, len, flags);
1240 }
1241
1242 static int libc_recvfrom(int sockfd,
1243 void *buf,
1244 size_t len,
1245 int flags,
1246 struct sockaddr *src_addr,
1247 socklen_t *addrlen)
1248 {
1249 swrap_bind_symbol_all();
1250
1251 return swrap.libc.symbols._libc_recvfrom.f(sockfd,
1252 buf,
1253 len,
1254 flags,
1255 src_addr,
1256 addrlen);
1257 }
1258
1259 static int libc_recvmsg(int sockfd, struct msghdr *msg, int flags)
1260 {
1261 swrap_bind_symbol_all();
1262
1263 return swrap.libc.symbols._libc_recvmsg.f(sockfd, msg, flags);
1264 }
1265
1266 #ifdef HAVE_RECVMMSG
1267 #if defined(HAVE_RECVMMSG_SSIZE_T_CONST_TIMEOUT)
1268 /* FreeBSD */
1269 static ssize_t libc_recvmmsg(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags, const struct timespec *timeout)
1270 #elif defined(HAVE_RECVMMSG_CONST_TIMEOUT)
1271 /* Linux legacy glibc < 2.21 */
1272 static int libc_recvmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, const struct timespec *timeout)
1273 #else
1274 /* Linux glibc >= 2.21 */
1275 static int libc_recvmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, struct timespec *timeout)
1276 #endif
1277 {
1278 swrap_bind_symbol_all();
1279
1280 return swrap.libc.symbols._libc_recvmmsg.f(sockfd, msgvec, vlen, flags, timeout);
1281 }
1282 #endif
1283
1284 static int libc_send(int sockfd, const void *buf, size_t len, int flags)
1285 {
1286 swrap_bind_symbol_all();
1287
1288 return swrap.libc.symbols._libc_send.f(sockfd, buf, len, flags);
1289 }
1290
1291 static int libc_sendmsg(int sockfd, const struct msghdr *msg, int flags)
1292 {
1293 swrap_bind_symbol_all();
1294
1295 return swrap.libc.symbols._libc_sendmsg.f(sockfd, msg, flags);
1296 }
1297
1298 #ifdef HAVE_SENDMMSG
1299 #if defined(HAVE_SENDMMSG_SSIZE_T)
1300 /* FreeBSD */
1301 static ssize_t libc_sendmmsg(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags)
1302 #else
1303 /* Linux */
1304 static int libc_sendmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags)
1305 #endif
1306 {
1307 swrap_bind_symbol_all();
1308
1309 return swrap.libc.symbols._libc_sendmmsg.f(sockfd, msgvec, vlen, flags);
1310 }
1311 #endif
1312
1313 static int libc_sendto(int sockfd,
1314 const void *buf,
1315 size_t len,
1316 int flags,
1317 const struct sockaddr *dst_addr,
1318 socklen_t addrlen)
1319 {
1320 swrap_bind_symbol_all();
1321
1322 return swrap.libc.symbols._libc_sendto.f(sockfd,
1323 buf,
1324 len,
1325 flags,
1326 dst_addr,
1327 addrlen);
1328 }
1329
1330 static int libc_setsockopt(int sockfd,
1331 int level,
1332 int optname,
1333 const void *optval,
1334 socklen_t optlen)
1335 {
1336 swrap_bind_symbol_all();
1337
1338 return swrap.libc.symbols._libc_setsockopt.f(sockfd,
1339 level,
1340 optname,
1341 optval,
1342 optlen);
1343 }
1344
1345 #ifdef HAVE_SIGNALFD
1346 static int libc_signalfd(int fd, const sigset_t *mask, int flags)
1347 {
1348 swrap_bind_symbol_all();
1349
1350 return swrap.libc.symbols._libc_signalfd.f(fd, mask, flags);
1351 }
1352 #endif
1353
1354 static int libc_socket(int domain, int type, int protocol)
1355 {
1356 swrap_bind_symbol_all();
1357
1358 return swrap.libc.symbols._libc_socket.f(domain, type, protocol);
1359 }
1360
1361 static int libc_socketpair(int domain, int type, int protocol, int sv[2])
1362 {
1363 swrap_bind_symbol_all();
1364
1365 return swrap.libc.symbols._libc_socketpair.f(domain, type, protocol, sv);
1366 }
1367
1368 #ifdef HAVE_TIMERFD_CREATE
1369 static int libc_timerfd_create(int clockid, int flags)
1370 {
1371 swrap_bind_symbol_all();
1372
1373 return swrap.libc.symbols._libc_timerfd_create.f(clockid, flags);
1374 }
1375 #endif
1376
1377 static ssize_t libc_write(int fd, const void *buf, size_t count)
1378 {
1379 swrap_bind_symbol_all();
1380
1381 return swrap.libc.symbols._libc_write.f(fd, buf, count);
1382 }
1383
1384 static ssize_t libc_writev(int fd, const struct iovec *iov, int iovcnt)
1385 {
1386 swrap_bind_symbol_all();
1387
1388 return swrap.libc.symbols._libc_writev.f(fd, iov, iovcnt);
1389 }
1390
1391 /* JEMALLOC: This tells socket_wrapper if it should handle syscall() */
1392 static bool swrap_handle_syscall;
1393
1394 #ifdef HAVE_SYSCALL
1395 DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
1396 static long int libc_vsyscall(long int sysno, va_list va)
1397 {
1398 long int args[8];
1399 long int rc;
1400 int i;
1401
1402 /*
1403 * JEMALLOC:
1404 *
1405 * This is a workaround to prevent a deadlock in jemalloc calling
1406 * malloc_init() twice. The first allocation call will trigger a
1407 * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
1408 * so it goes to socket or uid wrapper. In this code path we need to
1409 * avoid any allocation calls. This will prevent the deadlock.
1410 *
1411 * We also need to avoid dlopen() as that would trigger the recursion
1412 * into malloc_init(), so we use dlsym(RTLD_NEXT), until we reached
1413 * swrap_constructor() or any real socket call at that time
1414 * swrap_bind_symbol_all() will replace the function pointer again after
1415 * dlopen of libc.
1416 */
1417 if (swrap_handle_syscall) {
1418 swrap_bind_symbol_all();
1419 } else if (swrap.libc.symbols._libc_syscall.obj == NULL) {
1420 swrap.libc.symbols._libc_syscall.obj = dlsym(RTLD_NEXT,
1421 "syscall");
1422 }
1423
1424 for (i = 0; i < 8; i++) {
1425 args[i] = va_arg(va, long int);
1426 }
1427
1428 rc = swrap.libc.symbols._libc_syscall.f(sysno,
1429 args[0],
1430 args[1],
1431 args[2],
1432 args[3],
1433 args[4],
1434 args[5],
1435 args[6],
1436 args[7]);
1437
1438 return rc;
1439 }
1440
1441 static bool swrap_uwrap_syscall_valid(long int sysno)
1442 {
1443 swrap_bind_symbol_all();
1444
1445 if (swrap.rtld_default.symbols._rtld_default_uid_wrapper_syscall_valid.f == NULL) {
1446 return false;
1447 }
1448
1449 return swrap.rtld_default.symbols._rtld_default_uid_wrapper_syscall_valid.f(
1450 sysno);
1451 }
1452
1453 DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
1454 static long int swrap_uwrap_syscall_va(long int sysno, va_list va)
1455 {
1456 swrap_bind_symbol_all();
1457
1458 if (swrap.rtld_default.symbols._rtld_default_uid_wrapper_syscall_va.f == NULL) {
1459 /*
1460 * Fallback to libc, if uid_wrapper_syscall_va is not
1461 * available.
1462 */
1463 return libc_vsyscall(sysno, va);
1464 }
1465
1466 return swrap.rtld_default.symbols._rtld_default_uid_wrapper_syscall_va.f(
1467 sysno,
1468 va);
1469 }
1470 #endif /* HAVE_SYSCALL */
1471
1472 /* DO NOT call this function during library initialization! */
1473 static void __swrap_bind_symbol_all_once(void)
1474 {
1475 #ifdef HAVE_ACCEPT4
1476 swrap_bind_symbol_libsocket(accept4);
1477 #else
1478 swrap_bind_symbol_libsocket(accept);
1479 #endif
1480 swrap_bind_symbol_libsocket(bind);
1481 swrap_bind_symbol_libc(close);
1482 #ifdef HAVE___CLOSE_NOCANCEL
1483 swrap_bind_symbol_libc(__close_nocancel);
1484 #endif
1485 swrap_bind_symbol_libsocket(connect);
1486 swrap_bind_symbol_libc(dup);
1487 swrap_bind_symbol_libc(dup2);
1488 swrap_bind_symbol_libc(fcntl);
1489 #ifdef HAVE_FCNTL64
1490 swrap_bind_symbol_libc(fcntl64);
1491 #endif
1492 swrap_bind_symbol_libc(fopen);
1493 #ifdef HAVE_FOPEN64
1494 swrap_bind_symbol_libc(fopen64);
1495 #endif
1496 #ifdef HAVE_EVENTFD
1497 swrap_bind_symbol_libc(eventfd);
1498 #endif
1499 swrap_bind_symbol_libsocket(getpeername);
1500 swrap_bind_symbol_libsocket(getsockname);
1501 swrap_bind_symbol_libsocket(getsockopt);
1502 swrap_bind_symbol_libc(ioctl);
1503 swrap_bind_symbol_libsocket(listen);
1504 swrap_bind_symbol_libc(open);
1505 #ifdef HAVE_OPEN64
1506 swrap_bind_symbol_libc(open64);
1507 #endif
1508 #ifdef HAVE_OPENAT64
1509 swrap_bind_symbol_libc(openat64);
1510 #endif
1511 swrap_bind_symbol_libc(openat);
1512 swrap_bind_symbol_libsocket(pipe);
1513 swrap_bind_symbol_libc(read);
1514 swrap_bind_symbol_libsocket(readv);
1515 swrap_bind_symbol_libsocket(recv);
1516 swrap_bind_symbol_libsocket(recvfrom);
1517 swrap_bind_symbol_libsocket(recvmsg);
1518 #ifdef HAVE_RECVMMSG
1519 swrap_bind_symbol_libsocket(recvmmsg);
1520 #endif
1521 swrap_bind_symbol_libsocket(send);
1522 swrap_bind_symbol_libsocket(sendmsg);
1523 #ifdef HAVE_SENDMMSG
1524 swrap_bind_symbol_libsocket(sendmmsg);
1525 #endif
1526 swrap_bind_symbol_libsocket(sendto);
1527 swrap_bind_symbol_libsocket(setsockopt);
1528 #ifdef HAVE_SIGNALFD
1529 swrap_bind_symbol_libsocket(signalfd);
1530 #endif
1531 swrap_bind_symbol_libsocket(socket);
1532 swrap_bind_symbol_libsocket(socketpair);
1533 #ifdef HAVE_TIMERFD_CREATE
1534 swrap_bind_symbol_libc(timerfd_create);
1535 #endif
1536 swrap_bind_symbol_libc(write);
1537 swrap_bind_symbol_libsocket(writev);
1538 #ifdef HAVE_SYSCALL
1539 swrap_bind_symbol_libc(syscall);
1540 swrap_bind_symbol_rtld_default_optional(uid_wrapper_syscall_valid);
1541 swrap_bind_symbol_rtld_default_optional(uid_wrapper_syscall_va);
1542 #endif
1543
1544 swrap_handle_syscall = true;
1545 }
1546
1547 static void swrap_bind_symbol_all(void)
1548 {
1549 static pthread_once_t all_symbol_binding_once = PTHREAD_ONCE_INIT;
1550
1551 pthread_once(&all_symbol_binding_once, __swrap_bind_symbol_all_once);
1552 }
1553
1554 /*********************************************************
1555 * SWRAP HELPER FUNCTIONS
1556 *********************************************************/
1557
1558 /*
1559 * We return 127.0.0.0 (default) or 10.53.57.0.
1560 *
1561 * This can be controlled by:
1562 * SOCKET_WRAPPER_IPV4_NETWORK=127.0.0.0 (default)
1563 * or
1564 * SOCKET_WRAPPER_IPV4_NETWORK=10.53.57.0
1565 */
1566 static in_addr_t swrap_ipv4_net(void)
1567 {
1568 static int initialized;
1569 static in_addr_t hv;
1570 const char *net_str = NULL;
1571 struct in_addr nv;
1572 int ret;
1573
1574 if (initialized) {
1575 return hv;
1576 }
1577 initialized = 1;
1578
1579 net_str = getenv("SOCKET_WRAPPER_IPV4_NETWORK");
1580 if (net_str == NULL) {
1581 net_str = "127.0.0.0";
1582 }
1583
1584 ret = inet_pton(AF_INET, net_str, &nv);
1585 if (ret <= 0) {
1586 SWRAP_LOG(SWRAP_LOG_ERROR,
1587 "INVALID IPv4 Network [%s]",
1588 net_str);
1589 abort();
1590 }
1591
1592 hv = ntohl(nv.s_addr);
1593
1594 switch (hv) {
1595 case 0x7f000000:
1596 /* 127.0.0.0 */
1597 break;
1598 case 0x0a353900:
1599 /* 10.53.57.0 */
1600 break;
1601 default:
1602 SWRAP_LOG(SWRAP_LOG_ERROR,
1603 "INVALID IPv4 Network [%s][0x%x] should be "
1604 "127.0.0.0 or 10.53.57.0",
1605 net_str, (unsigned)hv);
1606 abort();
1607 }
1608
1609 return hv;
1610 }
1611
1612 /*
1613 * This returns 127.255.255.255 or 10.255.255.255
1614 */
1615 static in_addr_t swrap_ipv4_bcast(void)
1616 {
1617 in_addr_t hv;
1618
1619 hv = swrap_ipv4_net();
1620 hv |= IN_CLASSA_HOST;
1621
1622 return hv;
1623 }
1624
1625 /*
1626 * This returns 127.0.0.${iface} or 10.53.57.${iface}
1627 */
1628 static in_addr_t swrap_ipv4_iface(unsigned int iface)
1629 {
1630 in_addr_t hv;
1631
1632 if (iface == 0 || iface > MAX_WRAPPED_INTERFACES) {
1633 SWRAP_LOG(SWRAP_LOG_ERROR,
1634 "swrap_ipv4_iface(%u) invalid!",
1635 iface);
1636 abort();
1637 return -1;
1638 }
1639
1640 hv = swrap_ipv4_net();
1641 hv |= iface;
1642
1643 return hv;
1644 }
1645
1646 #ifdef HAVE_IPV6
1647 /*
1648 * FD00::5357:5FXX
1649 */
1650 static const struct in6_addr *swrap_ipv6(void)
1651 {
1652 static struct in6_addr v;
1653 static int initialized;
1654 int ret;
1655
1656 if (initialized) {
1657 return &v;
1658 }
1659 initialized = 1;
1660
1661 ret = inet_pton(AF_INET6, "FD00::5357:5F00", &v);
1662 if (ret <= 0) {
1663 abort();
1664 }
1665
1666 return &v;
1667 }
1668 #endif
1669
1670 static void set_port(int family, int prt, struct swrap_address *addr)
1671 {
1672 switch (family) {
1673 case AF_INET:
1674 addr->sa.in.sin_port = htons(prt);
1675 break;
1676 #ifdef HAVE_IPV6
1677 case AF_INET6:
1678 addr->sa.in6.sin6_port = htons(prt);
1679 break;
1680 #endif
1681 }
1682 }
1683
1684 static size_t socket_length(int family)
1685 {
1686 switch (family) {
1687 case AF_INET:
1688 return sizeof(struct sockaddr_in);
1689 #ifdef HAVE_IPV6
1690 case AF_INET6:
1691 return sizeof(struct sockaddr_in6);
1692 #endif
1693 }
1694 return 0;
1695 }
1696
1697 struct swrap_sockaddr_buf {
1698 char str[128];
1699 };
1700
1701 static const char *swrap_sockaddr_string(struct swrap_sockaddr_buf *buf,
1702 const struct sockaddr *saddr)
1703 {
1704 unsigned int port = 0;
1705 char addr[64] = {0,};
1706
1707 switch (saddr->sa_family) {
1708 case AF_INET: {
1709 const struct sockaddr_in *in =
1710 (const struct sockaddr_in *)(const void *)saddr;
1711
1712 port = ntohs(in->sin_port);
1713
1714 inet_ntop(saddr->sa_family,
1715 &in->sin_addr,
1716 addr, sizeof(addr));
1717 break;
1718 }
1719 #ifdef HAVE_IPV6
1720 case AF_INET6: {
1721 const struct sockaddr_in6 *in6 =
1722 (const struct sockaddr_in6 *)(const void *)saddr;
1723
1724 port = ntohs(in6->sin6_port);
1725
1726 inet_ntop(saddr->sa_family,
1727 &in6->sin6_addr,
1728 addr, sizeof(addr));
1729 break;
1730 }
1731 #endif
1732 default:
1733 snprintf(addr, sizeof(addr),
1734 "<Unknown address family %u>",
1735 saddr->sa_family);
1736 break;
1737 }
1738
1739 snprintf(buf->str, sizeof(buf->str),
1740 "addr[%s]/port[%u]",
1741 addr, port);
1742
1743 return buf->str;
1744 }
1745
1746 static struct socket_info *swrap_get_socket_info(int si_index)
1747 {
1748 return (struct socket_info *)(&(sockets[si_index].info));
1749 }
1750
1751 static int swrap_get_refcount(struct socket_info *si)
1752 {
1753 struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
1754 return sic->meta.refcount;
1755 }
1756
1757 static void swrap_inc_refcount(struct socket_info *si)
1758 {
1759 struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
1760
1761 sic->meta.refcount += 1;
1762 }
1763
1764 static void swrap_dec_refcount(struct socket_info *si)
1765 {
1766 struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
1767
1768 sic->meta.refcount -= 1;
1769 }
1770
1771 static int swrap_get_next_free(struct socket_info *si)
1772 {
1773 struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
1774
1775 return sic->meta.next_free;
1776 }
1777
1778 static void swrap_set_next_free(struct socket_info *si, int next_free)
1779 {
1780 struct socket_info_container *sic = SOCKET_INFO_CONTAINER(si);
1781
1782 sic->meta.next_free = next_free;
1783 }
1784
1785 static int swrap_un_path(struct sockaddr_un *un,
1786 const char *swrap_dir,
1787 char type,
1788 unsigned int iface,
1789 unsigned int prt)
1790 {
1791 int ret;
1792
1793 ret = snprintf(un->sun_path,
1794 sizeof(un->sun_path),
1795 "%s/"SOCKET_FORMAT,
1796 swrap_dir,
1797 type,
1798 iface,
1799 prt);
1800 if ((size_t)ret >= sizeof(un->sun_path)) {
1801 return ENAMETOOLONG;
1802 }
1803
1804 return 0;
1805 }
1806
1807 static int swrap_un_path_EINVAL(struct sockaddr_un *un,
1808 const char *swrap_dir)
1809 {
1810 int ret;
1811
1812 ret = snprintf(un->sun_path,
1813 sizeof(un->sun_path),
1814 "%s/EINVAL",
1815 swrap_dir);
1816
1817 if ((size_t)ret >= sizeof(un->sun_path)) {
1818 return ENAMETOOLONG;
1819 }
1820
1821 return 0;
1822 }
1823
1824 static bool swrap_dir_usable(const char *swrap_dir)
1825 {
1826 struct sockaddr_un un;
1827 int ret;
1828
1829 ret = swrap_un_path(&un, swrap_dir, SOCKET_TYPE_CHAR_TCP, 0, 0);
1830 if (ret == 0) {
1831 return true;
1832 }
1833
1834 ret = swrap_un_path_EINVAL(&un, swrap_dir);
1835 if (ret == 0) {
1836 return true;
1837 }
1838
1839 return false;
1840 }
1841
1842 static char *socket_wrapper_dir(void)
1843 {
1844 char *swrap_dir = NULL;
1845 char *s = getenv("SOCKET_WRAPPER_DIR");
1846 char *t;
1847 bool ok;
1848
1849 if (s == NULL || s[0] == '\0') {
1850 SWRAP_LOG(SWRAP_LOG_WARN, "SOCKET_WRAPPER_DIR not set");
1851 return NULL;
1852 }
1853
1854 swrap_dir = realpath(s, NULL);
1855 if (swrap_dir == NULL) {
1856 SWRAP_LOG(SWRAP_LOG_ERROR,
1857 "Unable to resolve socket_wrapper dir path: %s - %s",
1858 s,
1859 strerror(errno));
1860 abort();
1861 }
1862
1863 ok = swrap_dir_usable(swrap_dir);
1864 if (ok) {
1865 goto done;
1866 }
1867
1868 free(swrap_dir);
1869
1870 ok = swrap_dir_usable(s);
1871 if (!ok) {
1872 SWRAP_LOG(SWRAP_LOG_ERROR, "SOCKET_WRAPPER_DIR is too long");
1873 abort();
1874 }
1875
1876 t = getenv("SOCKET_WRAPPER_DIR_ALLOW_ORIG");
1877 if (t == NULL) {
1878 SWRAP_LOG(SWRAP_LOG_ERROR,
1879 "realpath(SOCKET_WRAPPER_DIR) too long and "
1880 "SOCKET_WRAPPER_DIR_ALLOW_ORIG not set");
1881 abort();
1882
1883 }
1884
1885 swrap_dir = strdup(s);
1886 if (swrap_dir == NULL) {
1887 SWRAP_LOG(SWRAP_LOG_ERROR,
1888 "Unable to duplicate socket_wrapper dir path");
1889 abort();
1890 }
1891
1892 SWRAP_LOG(SWRAP_LOG_WARN,
1893 "realpath(SOCKET_WRAPPER_DIR) too long, "
1894 "using original SOCKET_WRAPPER_DIR\n");
1895
1896 done:
1897 SWRAP_LOG(SWRAP_LOG_TRACE, "socket_wrapper_dir: %s", swrap_dir);
1898 return swrap_dir;
1899 }
1900
1901 static unsigned int socket_wrapper_mtu(void)
1902 {
1903 static unsigned int max_mtu = 0;
1904 unsigned int tmp;
1905 const char *s;
1906 char *endp;
1907
1908 swrap_mutex_lock(&mtu_update_mutex);
1909
1910 if (max_mtu != 0) {
1911 goto done;
1912 }
1913
1914 max_mtu = SOCKET_WRAPPER_MTU_DEFAULT;
1915
1916 s = getenv("SOCKET_WRAPPER_MTU");
1917 if (s == NULL) {
1918 goto done;
1919 }
1920
1921 tmp = strtol(s, &endp, 10);
1922 if (s == endp) {
1923 goto done;
1924 }
1925
1926 if (tmp < SOCKET_WRAPPER_MTU_MIN || tmp > SOCKET_WRAPPER_MTU_MAX) {
1927 goto done;
1928 }
1929 max_mtu = tmp;
1930
1931 done:
1932 swrap_mutex_unlock(&mtu_update_mutex);
1933 return max_mtu;
1934 }
1935
1936 static int _socket_wrapper_init_mutex(pthread_mutex_t *m, const char *name)
1937 {
1938 pthread_mutexattr_t ma;
1939 bool need_destroy = false;
1940 int ret = 0;
1941
1942 #define __CHECK(cmd) do { \
1943 ret = cmd; \
1944 if (ret != 0) { \
1945 SWRAP_LOG(SWRAP_LOG_ERROR, \
1946 "%s: %s - failed %d", \
1947 name, #cmd, ret); \
1948 goto done; \
1949 } \
1950 } while(0)
1951
1952 *m = (pthread_mutex_t)PTHREAD_MUTEX_INITIALIZER;
1953 __CHECK(pthread_mutexattr_init(&ma));
1954 need_destroy = true;
1955 __CHECK(pthread_mutexattr_settype(&ma, PTHREAD_MUTEX_ERRORCHECK));
1956 __CHECK(pthread_mutex_init(m, &ma));
1957 done:
1958 if (need_destroy) {
1959 pthread_mutexattr_destroy(&ma);
1960 }
1961 return ret;
1962 }
1963
1964 static size_t socket_wrapper_max_sockets(void)
1965 {
1966 const char *s;
1967 size_t tmp;
1968 char *endp;
1969
1970 if (socket_info_max != 0) {
1971 return socket_info_max;
1972 }
1973
1974 socket_info_max = SOCKET_WRAPPER_MAX_SOCKETS_DEFAULT;
1975
1976 s = getenv("SOCKET_WRAPPER_MAX_SOCKETS");
1977 if (s == NULL || s[0] == '\0') {
1978 goto done;
1979 }
1980
1981 tmp = strtoul(s, &endp, 10);
1982 if (s == endp) {
1983 goto done;
1984 }
1985 if (tmp == 0) {
1986 tmp = SOCKET_WRAPPER_MAX_SOCKETS_DEFAULT;
1987 SWRAP_LOG(SWRAP_LOG_ERROR,
1988 "Invalid number of sockets specified, "
1989 "using default (%zu)",
1990 tmp);
1991 }
1992
1993 if (tmp > SOCKET_WRAPPER_MAX_SOCKETS_LIMIT) {
1994 tmp = SOCKET_WRAPPER_MAX_SOCKETS_LIMIT;
1995 SWRAP_LOG(SWRAP_LOG_ERROR,
1996 "Invalid number of sockets specified, "
1997 "using maximum (%zu).",
1998 tmp);
1999 }
2000
2001 socket_info_max = tmp;
2002
2003 done:
2004 return socket_info_max;
2005 }
2006
2007 static void socket_wrapper_init_fds_idx(void)
2008 {
2009 int *tmp = NULL;
2010 size_t i;
2011
2012 if (socket_fds_idx != NULL) {
2013 return;
2014 }
2015
2016 tmp = (int *)calloc(socket_fds_max, sizeof(int));
2017 if (tmp == NULL) {
2018 SWRAP_LOG(SWRAP_LOG_ERROR,
2019 "Failed to allocate socket fds index array: %s",
2020 strerror(errno));
2021 exit(-1);
2022 }
2023
2024 for (i = 0; i < socket_fds_max; i++) {
2025 tmp[i] = -1;
2026 }
2027
2028 socket_fds_idx = tmp;
2029 }
2030
2031 static void socket_wrapper_init_sockets(void)
2032 {
2033 size_t max_sockets;
2034 size_t i;
2035 int ret = 0;
2036
2037 swrap_bind_symbol_all();
2038
2039 swrap_mutex_lock(&sockets_mutex);
2040
2041 if (sockets != NULL) {
2042 swrap_mutex_unlock(&sockets_mutex);
2043 return;
2044 }
2045
2046 SWRAP_LOG(SWRAP_LOG_DEBUG,
2047 "SOCKET_WRAPPER_PACKAGE[%s] SOCKET_WRAPPER_VERSION[%s]",
2048 SOCKET_WRAPPER_PACKAGE, SOCKET_WRAPPER_VERSION);
2049
2050 /*
2051 * Intialize the static cache early before
2052 * any thread is able to start.
2053 */
2054 (void)swrap_ipv4_net();
2055
2056 socket_wrapper_init_fds_idx();
2057
2058 /* Needs to be called inside the sockets_mutex lock here. */
2059 max_sockets = socket_wrapper_max_sockets();
2060
2061 sockets = (struct socket_info_container *)calloc(max_sockets,
2062 sizeof(struct socket_info_container));
2063
2064 if (sockets == NULL) {
2065 SWRAP_LOG(SWRAP_LOG_ERROR,
2066 "Failed to allocate sockets array: %s",
2067 strerror(errno));
2068 swrap_mutex_unlock(&sockets_mutex);
2069 exit(-1);
2070 }
2071
2072 swrap_mutex_lock(&first_free_mutex);
2073 swrap_mutex_lock(&sockets_si_global);
2074
2075 first_free = 0;
2076
2077 for (i = 0; i < max_sockets; i++) {
2078 swrap_set_next_free(&sockets[i].info, i+1);
2079 }
2080
2081 /* mark the end of the free list */
2082 swrap_set_next_free(&sockets[max_sockets-1].info, -1);
2083
2084 swrap_mutex_unlock(&sockets_si_global);
2085 swrap_mutex_unlock(&first_free_mutex);
2086 swrap_mutex_unlock(&sockets_mutex);
2087 if (ret != 0) {
2088 exit(-1);
2089 }
2090 }
2091
2092 bool socket_wrapper_enabled(void)
2093 {
2094 char *s = socket_wrapper_dir();
2095
2096 if (s == NULL) {
2097 return false;
2098 }
2099
2100 SAFE_FREE(s);
2101
2102 socket_wrapper_init_sockets();
2103
2104 return true;
2105 }
2106
2107 static unsigned int socket_wrapper_default_iface(void)
2108 {
2109 const char *s = getenv("SOCKET_WRAPPER_DEFAULT_IFACE");
2110 if (s) {
2111 unsigned int iface;
2112 if (sscanf(s, "%u", &iface) == 1) {
2113 if (iface >= 1 && iface <= MAX_WRAPPED_INTERFACES) {
2114 return iface;
2115 }
2116 }
2117 }
2118
2119 return 1;/* 127.0.0.1 */
2120 }
2121
2122 static void set_socket_info_index(int fd, int idx)
2123 {
2124 SWRAP_LOG(SWRAP_LOG_TRACE,
2125 "fd=%d idx=%d",
2126 fd, idx);
2127 socket_fds_idx[fd] = idx;
2128 /* This builtin issues a full memory barrier. */
2129 __sync_synchronize();
2130 }
2131
2132 static void reset_socket_info_index(int fd)
2133 {
2134 SWRAP_LOG(SWRAP_LOG_TRACE,
2135 "fd=%d idx=%d",
2136 fd, -1);
2137 set_socket_info_index(fd, -1);
2138 }
2139
2140 static int find_socket_info_index(int fd)
2141 {
2142 if (fd < 0) {
2143 return -1;
2144 }
2145
2146 if (socket_fds_idx == NULL) {
2147 return -1;
2148 }
2149
2150 if ((size_t)fd >= socket_fds_max) {
2151 /*
2152 * Do not add a log here as some applications do stupid things
2153 * like:
2154 *
2155 * for (fd = 0; fd <= getdtablesize(); fd++) {
2156 * close(fd)
2157 * };
2158 *
2159 * This would produce millions of lines of debug messages.
2160 */
2161 #if 0
2162 SWRAP_LOG(SWRAP_LOG_ERROR,
2163 "Looking for a socket info for the fd %d is over the "
2164 "max socket index limit of %zu.",
2165 fd,
2166 socket_fds_max);
2167 #endif
2168 return -1;
2169 }
2170
2171 /* This builtin issues a full memory barrier. */
2172 __sync_synchronize();
2173 return socket_fds_idx[fd];
2174 }
2175
2176 static int swrap_add_socket_info(const struct socket_info *si_input)
2177 {
2178 struct socket_info *si = NULL;
2179 int si_index = -1;
2180
2181 if (si_input == NULL) {
2182 errno = EINVAL;
2183 return -1;
2184 }
2185
2186 swrap_mutex_lock(&first_free_mutex);
2187 if (first_free == -1) {
2188 errno = ENFILE;
2189 goto out;
2190 }
2191
2192 si_index = first_free;
2193 si = swrap_get_socket_info(si_index);
2194
2195 SWRAP_LOCK_SI(si);
2196
2197 first_free = swrap_get_next_free(si);
2198 *si = *si_input;
2199 swrap_inc_refcount(si);
2200
2201 SWRAP_UNLOCK_SI(si);
2202
2203 out:
2204 swrap_mutex_unlock(&first_free_mutex);
2205
2206 return si_index;
2207 }
2208
2209 static int swrap_create_socket(struct socket_info *si, int fd)
2210 {
2211 int idx;
2212
2213 if ((size_t)fd >= socket_fds_max) {
2214 SWRAP_LOG(SWRAP_LOG_ERROR,
2215 "The max socket index limit of %zu has been reached, "
2216 "trying to add %d",
2217 socket_fds_max,
2218 fd);
2219 errno = EMFILE;
2220 return -1;
2221 }
2222
2223 idx = swrap_add_socket_info(si);
2224 if (idx == -1) {
2225 return -1;
2226 }
2227
2228 set_socket_info_index(fd, idx);
2229
2230 return idx;
2231 }
2232
2233 static int convert_un_in(const struct sockaddr_un *un, struct sockaddr *in, socklen_t *len)
2234 {
2235 unsigned int iface;
2236 unsigned int prt;
2237 const char *p;
2238 char type;
2239
2240 p = strrchr(un->sun_path, '/');
2241 if (p) p++; else p = un->sun_path;
2242
2243 if (sscanf(p, SOCKET_FORMAT, &type, &iface, &prt) != 3) {
2244 SWRAP_LOG(SWRAP_LOG_ERROR, "sun_path[%s] p[%s]",
2245 un->sun_path, p);
2246 errno = EINVAL;
2247 return -1;
2248 }
2249
2250 if (iface == 0 || iface > MAX_WRAPPED_INTERFACES) {
2251 SWRAP_LOG(SWRAP_LOG_ERROR, "type %c iface %u port %u",
2252 type, iface, prt);
2253 errno = EINVAL;
2254 return -1;
2255 }
2256
2257 if (prt > 0xFFFF) {
2258 SWRAP_LOG(SWRAP_LOG_ERROR, "type %c iface %u port %u",
2259 type, iface, prt);
2260 errno = EINVAL;
2261 return -1;
2262 }
2263
2264 SWRAP_LOG(SWRAP_LOG_TRACE, "type %c iface %u port %u",
2265 type, iface, prt);
2266
2267 switch(type) {
2268 case SOCKET_TYPE_CHAR_TCP:
2269 case SOCKET_TYPE_CHAR_UDP: {
2270 struct sockaddr_in *in2 = (struct sockaddr_in *)(void *)in;
2271
2272 if ((*len) < sizeof(*in2)) {
2273 SWRAP_LOG(SWRAP_LOG_ERROR,
2274 "V4: *len(%zu) < sizeof(*in2)=%zu",
2275 (size_t)*len, sizeof(*in2));
2276 errno = EINVAL;
2277 return -1;
2278 }
2279
2280 memset(in2, 0, sizeof(*in2));
2281 in2->sin_family = AF_INET;
2282 in2->sin_addr.s_addr = htonl(swrap_ipv4_iface(iface));
2283 in2->sin_port = htons(prt);
2284
2285 *len = sizeof(*in2);
2286 break;
2287 }
2288 #ifdef HAVE_IPV6
2289 case SOCKET_TYPE_CHAR_TCP_V6:
2290 case SOCKET_TYPE_CHAR_UDP_V6: {
2291 struct sockaddr_in6 *in2 = (struct sockaddr_in6 *)(void *)in;
2292
2293 if ((*len) < sizeof(*in2)) {
2294 SWRAP_LOG(SWRAP_LOG_ERROR,
2295 "V6: *len(%zu) < sizeof(*in2)=%zu",
2296 (size_t)*len, sizeof(*in2));
2297 SWRAP_LOG(SWRAP_LOG_ERROR, "LINE:%d", __LINE__);
2298 errno = EINVAL;
2299 return -1;
2300 }
2301
2302 memset(in2, 0, sizeof(*in2));
2303 in2->sin6_family = AF_INET6;
2304 in2->sin6_addr = *swrap_ipv6();
2305 in2->sin6_addr.s6_addr[15] = iface;
2306 in2->sin6_port = htons(prt);
2307
2308 *len = sizeof(*in2);
2309 break;
2310 }
2311 #endif
2312 default:
2313 SWRAP_LOG(SWRAP_LOG_ERROR, "type %c iface %u port %u",
2314 type, iface, prt);
2315 errno = EINVAL;
2316 return -1;
2317 }
2318
2319 return 0;
2320 }
2321
2322 static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *inaddr, struct sockaddr_un *un,
2323 int *bcast)
2324 {
2325 char type = '\0';
2326 unsigned int prt;
2327 unsigned int iface;
2328 int is_bcast = 0;
2329 char *swrap_dir = NULL;
2330
2331 if (bcast) *bcast = 0;
2332
2333 switch (inaddr->sa_family) {
2334 case AF_INET: {
2335 const struct sockaddr_in *in =
2336 (const struct sockaddr_in *)(const void *)inaddr;
2337 unsigned int addr = ntohl(in->sin_addr.s_addr);
2338 char u_type = '\0';
2339 char b_type = '\0';
2340 char a_type = '\0';
2341 const unsigned int sw_net_addr = swrap_ipv4_net();
2342 const unsigned int sw_bcast_addr = swrap_ipv4_bcast();
2343
2344 switch (si->type) {
2345 case SOCK_STREAM:
2346 u_type = SOCKET_TYPE_CHAR_TCP;
2347 break;
2348 case SOCK_DGRAM:
2349 u_type = SOCKET_TYPE_CHAR_UDP;
2350 a_type = SOCKET_TYPE_CHAR_UDP;
2351 b_type = SOCKET_TYPE_CHAR_UDP;
2352 break;
2353 default:
2354 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
2355 errno = ESOCKTNOSUPPORT;
2356 return -1;
2357 }
2358
2359 prt = ntohs(in->sin_port);
2360 if (a_type && addr == 0xFFFFFFFF) {
2361 /* 255.255.255.255 only udp */
2362 is_bcast = 2;
2363 type = a_type;
2364 iface = socket_wrapper_default_iface();
2365 } else if (b_type && addr == sw_bcast_addr) {
2366 /*
2367 * 127.255.255.255
2368 * or
2369 * 10.255.255.255
2370 * only udp
2371 */
2372 is_bcast = 1;
2373 type = b_type;
2374 iface = socket_wrapper_default_iface();
2375 } else if ((addr & 0xFFFFFF00) == sw_net_addr) {
2376 /* 127.0.0.X or 10.53.57.X */
2377 is_bcast = 0;
2378 type = u_type;
2379 iface = (addr & 0x000000FF);
2380 } else {
2381 struct swrap_sockaddr_buf buf = {};
2382 SWRAP_LOG(SWRAP_LOG_WARN,
2383 "%s",
2384 swrap_sockaddr_string(&buf, inaddr));
2385 errno = ENETUNREACH;
2386 return -1;
2387 }
2388 if (bcast) *bcast = is_bcast;
2389 break;
2390 }
2391 #ifdef HAVE_IPV6
2392 case AF_INET6: {
2393 const struct sockaddr_in6 *in =
2394 (const struct sockaddr_in6 *)(const void *)inaddr;
2395 struct in6_addr cmp1, cmp2;
2396
2397 switch (si->type) {
2398 case SOCK_STREAM:
2399 type = SOCKET_TYPE_CHAR_TCP_V6;
2400 break;
2401 case SOCK_DGRAM:
2402 type = SOCKET_TYPE_CHAR_UDP_V6;
2403 break;
2404 default:
2405 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
2406 errno = ESOCKTNOSUPPORT;
2407 return -1;
2408 }
2409
2410 /* XXX no multicast/broadcast */
2411
2412 prt = ntohs(in->sin6_port);
2413
2414 cmp1 = *swrap_ipv6();
2415 cmp2 = in->sin6_addr;
2416 cmp2.s6_addr[15] = 0;
2417 if (IN6_ARE_ADDR_EQUAL(&cmp1, &cmp2)) {
2418 iface = in->sin6_addr.s6_addr[15];
2419 } else {
2420 struct swrap_sockaddr_buf buf = {};
2421 SWRAP_LOG(SWRAP_LOG_WARN,
2422 "%s",
2423 swrap_sockaddr_string(&buf, inaddr));
2424 errno = ENETUNREACH;
2425 return -1;
2426 }
2427
2428 break;
2429 }
2430 #endif
2431 default:
2432 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family!");
2433 errno = ENETUNREACH;
2434 return -1;
2435 }
2436
2437 if (prt == 0) {
2438 SWRAP_LOG(SWRAP_LOG_WARN, "Port not set");
2439 errno = EINVAL;
2440 return -1;
2441 }
2442
2443 swrap_dir = socket_wrapper_dir();
2444 if (swrap_dir == NULL) {
2445 errno = EINVAL;
2446 return -1;
2447 }
2448
2449 if (is_bcast) {
2450 swrap_un_path_EINVAL(un, swrap_dir);
2451 SWRAP_LOG(SWRAP_LOG_DEBUG, "un path [%s]", un->sun_path);
2452 SAFE_FREE(swrap_dir);
2453 /* the caller need to do more processing */
2454 return 0;
2455 }
2456
2457 swrap_un_path(un, swrap_dir, type, iface, prt);
2458 SWRAP_LOG(SWRAP_LOG_DEBUG, "un path [%s]", un->sun_path);
2459
2460 SAFE_FREE(swrap_dir);
2461
2462 return 0;
2463 }
2464
2465 static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *inaddr, struct sockaddr_un *un,
2466 int *bcast)
2467 {
2468 char type = '\0';
2469 unsigned int prt;
2470 unsigned int iface;
2471 struct stat st;
2472 int is_bcast = 0;
2473 char *swrap_dir = NULL;
2474
2475 if (bcast) *bcast = 0;
2476
2477 switch (si->family) {
2478 case AF_INET: {
2479 const struct sockaddr_in *in =
2480 (const struct sockaddr_in *)(const void *)inaddr;
2481 unsigned int addr = ntohl(in->sin_addr.s_addr);
2482 char u_type = '\0';
2483 char d_type = '\0';
2484 char b_type = '\0';
2485 char a_type = '\0';
2486 const unsigned int sw_net_addr = swrap_ipv4_net();
2487 const unsigned int sw_bcast_addr = swrap_ipv4_bcast();
2488
2489 prt = ntohs(in->sin_port);
2490
2491 switch (si->type) {
2492 case SOCK_STREAM:
2493 u_type = SOCKET_TYPE_CHAR_TCP;
2494 d_type = SOCKET_TYPE_CHAR_TCP;
2495 break;
2496 case SOCK_DGRAM:
2497 u_type = SOCKET_TYPE_CHAR_UDP;
2498 d_type = SOCKET_TYPE_CHAR_UDP;
2499 a_type = SOCKET_TYPE_CHAR_UDP;
2500 b_type = SOCKET_TYPE_CHAR_UDP;
2501 break;
2502 default:
2503 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
2504 errno = ESOCKTNOSUPPORT;
2505 return -1;
2506 }
2507
2508 if (addr == 0) {
2509 /* 0.0.0.0 */
2510 is_bcast = 0;
2511 type = d_type;
2512 iface = socket_wrapper_default_iface();
2513 } else if (a_type && addr == 0xFFFFFFFF) {
2514 /* 255.255.255.255 only udp */
2515 is_bcast = 2;
2516 type = a_type;
2517 iface = socket_wrapper_default_iface();
2518 } else if (b_type && addr == sw_bcast_addr) {
2519 /* 127.255.255.255 only udp */
2520 is_bcast = 1;
2521 type = b_type;
2522 iface = socket_wrapper_default_iface();
2523 } else if ((addr & 0xFFFFFF00) == sw_net_addr) {
2524 /* 127.0.0.X */
2525 is_bcast = 0;
2526 type = u_type;
2527 iface = (addr & 0x000000FF);
2528 } else {
2529 errno = EADDRNOTAVAIL;
2530 return -1;
2531 }
2532
2533 /* Store the bind address for connect() */
2534 if (si->bindname.sa_socklen == 0) {
2535 struct sockaddr_in bind_in;
2536 socklen_t blen = sizeof(struct sockaddr_in);
2537
2538 ZERO_STRUCT(bind_in);
2539 bind_in.sin_family = in->sin_family;
2540 bind_in.sin_port = in->sin_port;
2541 bind_in.sin_addr.s_addr = htonl(swrap_ipv4_iface(iface));
2542 si->bindname.sa_socklen = blen;
2543 memcpy(&si->bindname.sa.in, &bind_in, blen);
2544 }
2545
2546 break;
2547 }
2548 #ifdef HAVE_IPV6
2549 case AF_INET6: {
2550 const struct sockaddr_in6 *in =
2551 (const struct sockaddr_in6 *)(const void *)inaddr;
2552 struct in6_addr cmp1, cmp2;
2553
2554 switch (si->type) {
2555 case SOCK_STREAM:
2556 type = SOCKET_TYPE_CHAR_TCP_V6;
2557 break;
2558 case SOCK_DGRAM:
2559 type = SOCKET_TYPE_CHAR_UDP_V6;
2560 break;
2561 default:
2562 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
2563 errno = ESOCKTNOSUPPORT;
2564 return -1;
2565 }
2566
2567 /* XXX no multicast/broadcast */
2568
2569 prt = ntohs(in->sin6_port);
2570
2571 cmp1 = *swrap_ipv6();
2572 cmp2 = in->sin6_addr;
2573 cmp2.s6_addr[15] = 0;
2574 if (IN6_IS_ADDR_UNSPECIFIED(&in->sin6_addr)) {
2575 iface = socket_wrapper_default_iface();
2576 } else if (IN6_ARE_ADDR_EQUAL(&cmp1, &cmp2)) {
2577 iface = in->sin6_addr.s6_addr[15];
2578 } else {
2579 errno = EADDRNOTAVAIL;
2580 return -1;
2581 }
2582
2583 /* Store the bind address for connect() */
2584 if (si->bindname.sa_socklen == 0) {
2585 struct sockaddr_in6 bind_in;
2586 socklen_t blen = sizeof(struct sockaddr_in6);
2587
2588 ZERO_STRUCT(bind_in);
2589 bind_in.sin6_family = in->sin6_family;
2590 bind_in.sin6_port = in->sin6_port;
2591
2592 bind_in.sin6_addr = *swrap_ipv6();
2593 bind_in.sin6_addr.s6_addr[15] = iface;
2594
2595 memcpy(&si->bindname.sa.in6, &bind_in, blen);
2596 si->bindname.sa_socklen = blen;
2597 }
2598
2599 break;
2600 }
2601 #endif
2602 default:
2603 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family");
2604 errno = EADDRNOTAVAIL;
2605 return -1;
2606 }
2607
2608
2609 if (bcast) *bcast = is_bcast;
2610
2611 if (iface == 0 || iface > MAX_WRAPPED_INTERFACES) {
2612 errno = EINVAL;
2613 return -1;
2614 }
2615
2616 swrap_dir = socket_wrapper_dir();
2617 if (swrap_dir == NULL) {
2618 errno = EINVAL;
2619 return -1;
2620 }
2621
2622 if (prt == 0) {
2623 /* handle auto-allocation of ephemeral ports */
2624 for (prt = 5001; prt < 10000; prt++) {
2625 swrap_un_path(un, swrap_dir, type, iface, prt);
2626 if (stat(un->sun_path, &st) == 0) continue;
2627
2628 set_port(si->family, prt, &si->myname);
2629 set_port(si->family, prt, &si->bindname);
2630
2631 break;
2632 }
2633
2634 if (prt == 10000) {
2635 errno = ENFILE;
2636 SAFE_FREE(swrap_dir);
2637 return -1;
2638 }
2639 }
2640
2641 swrap_un_path(un, swrap_dir, type, iface, prt);
2642 SWRAP_LOG(SWRAP_LOG_DEBUG, "un path [%s]", un->sun_path);
2643
2644 SAFE_FREE(swrap_dir);
2645
2646 return 0;
2647 }
2648
2649 static struct socket_info *find_socket_info(int fd)
2650 {
2651 int idx = find_socket_info_index(fd);
2652
2653 if (idx == -1) {
2654 return NULL;
2655 }
2656
2657 return swrap_get_socket_info(idx);
2658 }
2659
2660 #if 0 /* FIXME */
2661 static bool check_addr_port_in_use(const struct sockaddr *sa, socklen_t len)
2662 {
2663 struct socket_info_fd *f;
2664 const struct socket_info *last_s = NULL;
2665
2666 /* first catch invalid input */
2667 switch (sa->sa_family) {
2668 case AF_INET:
2669 if (len < sizeof(struct sockaddr_in)) {
2670 return false;
2671 }
2672 break;
2673 #ifdef HAVE_IPV6
2674 case AF_INET6:
2675 if (len < sizeof(struct sockaddr_in6)) {
2676 return false;
2677 }
2678 break;
2679 #endif
2680 default:
2681 return false;
2682 break;
2683 }
2684
2685 for (f = socket_fds; f; f = f->next) {
2686 struct socket_info *s = swrap_get_socket_info(f->si_index);
2687
2688 if (s == last_s) {
2689 continue;
2690 }
2691 last_s = s;
2692
2693 if (s->myname == NULL) {
2694 continue;
2695 }
2696 if (s->myname->sa_family != sa->sa_family) {
2697 continue;
2698 }
2699 switch (s->myname->sa_family) {
2700 case AF_INET: {
2701 struct sockaddr_in *sin1, *sin2;
2702
2703 sin1 = (struct sockaddr_in *)s->myname;
2704 sin2 = (struct sockaddr_in *)sa;
2705
2706 if (sin1->sin_addr.s_addr == htonl(INADDR_ANY)) {
2707 continue;
2708 }
2709 if (sin1->sin_port != sin2->sin_port) {
2710 continue;
2711 }
2712 if (sin1->sin_addr.s_addr != sin2->sin_addr.s_addr) {
2713 continue;
2714 }
2715
2716 /* found */
2717 return true;
2718 break;
2719 }
2720 #ifdef HAVE_IPV6
2721 case AF_INET6: {
2722 struct sockaddr_in6 *sin1, *sin2;
2723
2724 sin1 = (struct sockaddr_in6 *)s->myname;
2725 sin2 = (struct sockaddr_in6 *)sa;
2726
2727 if (sin1->sin6_port != sin2->sin6_port) {
2728 continue;
2729 }
2730 if (!IN6_ARE_ADDR_EQUAL(&sin1->sin6_addr,
2731 &sin2->sin6_addr))
2732 {
2733 continue;
2734 }
2735
2736 /* found */
2737 return true;
2738 break;
2739 }
2740 #endif
2741 default:
2742 continue;
2743 break;
2744
2745 }
2746 }
2747
2748 return false;
2749 }
2750 #endif
2751
2752 static void swrap_remove_stale(int fd);
2753
2754 static int sockaddr_convert_to_un(struct socket_info *si,
2755 const struct sockaddr *in_addr,
2756 socklen_t in_len,
2757 struct sockaddr_un *out_addr,
2758 int alloc_sock,
2759 int *bcast)
2760 {
2761 struct sockaddr *out = (struct sockaddr *)(void *)out_addr;
2762
2763 (void) in_len; /* unused */
2764
2765 if (out_addr == NULL) {
2766 return 0;
2767 }
2768
2769 out->sa_family = AF_UNIX;
2770 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
2771 out->sa_len = sizeof(*out_addr);
2772 #endif
2773
2774 switch (in_addr->sa_family) {
2775 case AF_UNSPEC: {
2776 const struct sockaddr_in *sin;
2777 if (si->family != AF_INET) {
2778 break;
2779 }
2780 if (in_len < sizeof(struct sockaddr_in)) {
2781 break;
2782 }
2783 sin = (const struct sockaddr_in *)(const void *)in_addr;
2784 if(sin->sin_addr.s_addr != htonl(INADDR_ANY)) {
2785 break;
2786 }
2787
2788 /*
2789 * Note: in the special case of AF_UNSPEC and INADDR_ANY,
2790 * AF_UNSPEC is mapped to AF_INET and must be treated here.
2791 */
2792
2793 FALL_THROUGH;
2794 }
2795 case AF_INET:
2796 #ifdef HAVE_IPV6
2797 case AF_INET6:
2798 #endif
2799 switch (si->type) {
2800 case SOCK_STREAM:
2801 case SOCK_DGRAM:
2802 break;
2803 default:
2804 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
2805 errno = ESOCKTNOSUPPORT;
2806 return -1;
2807 }
2808 if (alloc_sock) {
2809 return convert_in_un_alloc(si, in_addr, out_addr, bcast);
2810 } else {
2811 return convert_in_un_remote(si, in_addr, out_addr, bcast);
2812 }
2813 default:
2814 break;
2815 }
2816
2817 errno = EAFNOSUPPORT;
2818 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family");
2819 return -1;
2820 }
2821
2822 static int sockaddr_convert_from_un(const struct socket_info *si,
2823 const struct sockaddr_un *in_addr,
2824 socklen_t un_addrlen,
2825 int family,
2826 struct sockaddr *out_addr,
2827 socklen_t *out_addrlen)
2828 {
2829 int ret;
2830
2831 if (out_addr == NULL || out_addrlen == NULL)
2832 return 0;
2833
2834 if (un_addrlen == 0) {
2835 *out_addrlen = 0;
2836 return 0;
2837 }
2838
2839 switch (family) {
2840 case AF_INET:
2841 #ifdef HAVE_IPV6
2842 case AF_INET6:
2843 #endif
2844 switch (si->type) {
2845 case SOCK_STREAM:
2846 case SOCK_DGRAM:
2847 break;
2848 default:
2849 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown socket type!");
2850 errno = ESOCKTNOSUPPORT;
2851 return -1;
2852 }
2853 ret = convert_un_in(in_addr, out_addr, out_addrlen);
2854 #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN
2855 out_addr->sa_len = *out_addrlen;
2856 #endif
2857 return ret;
2858 default:
2859 break;
2860 }
2861
2862 SWRAP_LOG(SWRAP_LOG_ERROR, "Unknown address family");
2863 errno = EAFNOSUPPORT;
2864 return -1;
2865 }
2866
2867 enum swrap_packet_type {
2868 SWRAP_CONNECT_SEND,
2869 SWRAP_CONNECT_UNREACH,
2870 SWRAP_CONNECT_RECV,
2871 SWRAP_CONNECT_ACK,
2872 SWRAP_ACCEPT_SEND,
2873 SWRAP_ACCEPT_RECV,
2874 SWRAP_ACCEPT_ACK,
2875 SWRAP_RECVFROM,
2876 SWRAP_SENDTO,
2877 SWRAP_SENDTO_UNREACH,
2878 SWRAP_PENDING_RST,
2879 SWRAP_RECV,
2880 SWRAP_RECV_RST,
2881 SWRAP_SEND,
2882 SWRAP_SEND_RST,
2883 SWRAP_CLOSE_SEND,
2884 SWRAP_CLOSE_RECV,
2885 SWRAP_CLOSE_ACK,
2886 };
2887
2888 struct swrap_file_hdr {
2889 uint32_t magic;
2890 uint16_t version_major;
2891 uint16_t version_minor;
2892 int32_t timezone;
2893 uint32_t sigfigs;
2894 uint32_t frame_max_len;
2895 #define SWRAP_FRAME_LENGTH_MAX 0xFFFF
2896 uint32_t link_type;
2897 };
2898 #define SWRAP_FILE_HDR_SIZE 24
2899
2900 struct swrap_packet_frame {
2901 uint32_t seconds;
2902 uint32_t micro_seconds;
2903 uint32_t recorded_length;
2904 uint32_t full_length;
2905 };
2906 #define SWRAP_PACKET_FRAME_SIZE 16
2907
2908 union swrap_packet_ip {
2909 struct {
2910 uint8_t ver_hdrlen;
2911 uint8_t tos;
2912 uint16_t packet_length;
2913 uint16_t identification;
2914 uint8_t flags;
2915 uint8_t fragment;
2916 uint8_t ttl;
2917 uint8_t protocol;
2918 uint16_t hdr_checksum;
2919 uint32_t src_addr;
2920 uint32_t dest_addr;
2921 } v4;
2922 #define SWRAP_PACKET_IP_V4_SIZE 20
2923 struct {
2924 uint8_t ver_prio;
2925 uint8_t flow_label_high;
2926 uint16_t flow_label_low;
2927 uint16_t payload_length;
2928 uint8_t next_header;
2929 uint8_t hop_limit;
2930 uint8_t src_addr[16];
2931 uint8_t dest_addr[16];
2932 } v6;
2933 #define SWRAP_PACKET_IP_V6_SIZE 40
2934 };
2935 #define SWRAP_PACKET_IP_SIZE 40
2936
2937 union swrap_packet_payload {
2938 struct {
2939 uint16_t source_port;
2940 uint16_t dest_port;
2941 uint32_t seq_num;
2942 uint32_t ack_num;
2943 uint8_t hdr_length;
2944 uint8_t control;
2945 uint16_t window;
2946 uint16_t checksum;
2947 uint16_t urg;
2948 } tcp;
2949 #define SWRAP_PACKET_PAYLOAD_TCP_SIZE 20
2950 struct {
2951 uint16_t source_port;
2952 uint16_t dest_port;
2953 uint16_t length;
2954 uint16_t checksum;
2955 } udp;
2956 #define SWRAP_PACKET_PAYLOAD_UDP_SIZE 8
2957 struct {
2958 uint8_t type;
2959 uint8_t code;
2960 uint16_t checksum;
2961 uint32_t unused;
2962 } icmp4;
2963 #define SWRAP_PACKET_PAYLOAD_ICMP4_SIZE 8
2964 struct {
2965 uint8_t type;
2966 uint8_t code;
2967 uint16_t checksum;
2968 uint32_t unused;
2969 } icmp6;
2970 #define SWRAP_PACKET_PAYLOAD_ICMP6_SIZE 8
2971 };
2972 #define SWRAP_PACKET_PAYLOAD_SIZE 20
2973
2974 #define SWRAP_PACKET_MIN_ALLOC \
2975 (SWRAP_PACKET_FRAME_SIZE + \
2976 SWRAP_PACKET_IP_SIZE + \
2977 SWRAP_PACKET_PAYLOAD_SIZE)
2978
2979 static const char *swrap_pcap_init_file(void)
2980 {
2981 static int initialized = 0;
2982 static const char *s = NULL;
2983 static const struct swrap_file_hdr h;
2984 static const struct swrap_packet_frame f;
2985 static const union swrap_packet_ip i;
2986 static const union swrap_packet_payload p;
2987
2988 if (initialized == 1) {
2989 return s;
2990 }
2991 initialized = 1;
2992
2993 /*
2994 * TODO: don't use the structs use plain buffer offsets
2995 * and PUSH_U8(), PUSH_U16() and PUSH_U32()
2996 *
2997 * for now make sure we disable PCAP support
2998 * if the struct has alignment!
2999 */
3000 if (sizeof(h) != SWRAP_FILE_HDR_SIZE) {
3001 return NULL;
3002 }
3003 if (sizeof(f) != SWRAP_PACKET_FRAME_SIZE) {
3004 return NULL;
3005 }
3006 if (sizeof(i) != SWRAP_PACKET_IP_SIZE) {
3007 return NULL;
3008 }
3009 if (sizeof(i.v4) != SWRAP_PACKET_IP_V4_SIZE) {
3010 return NULL;
3011 }
3012 if (sizeof(i.v6) != SWRAP_PACKET_IP_V6_SIZE) {
3013 return NULL;
3014 }
3015 if (sizeof(p) != SWRAP_PACKET_PAYLOAD_SIZE) {
3016 return NULL;
3017 }
3018 if (sizeof(p.tcp) != SWRAP_PACKET_PAYLOAD_TCP_SIZE) {
3019 return NULL;
3020 }
3021 if (sizeof(p.udp) != SWRAP_PACKET_PAYLOAD_UDP_SIZE) {
3022 return NULL;
3023 }
3024 if (sizeof(p.icmp4) != SWRAP_PACKET_PAYLOAD_ICMP4_SIZE) {
3025 return NULL;
3026 }
3027 if (sizeof(p.icmp6) != SWRAP_PACKET_PAYLOAD_ICMP6_SIZE) {
3028 return NULL;
3029 }
3030
3031 s = getenv("SOCKET_WRAPPER_PCAP_FILE");
3032 if (s == NULL) {
3033 return NULL;
3034 }
3035 if (strncmp(s, "./", 2) == 0) {
3036 s += 2;
3037 }
3038 SWRAP_LOG(SWRAP_LOG_TRACE, "SOCKET_WRAPPER_PCAP_FILE: %s", s);
3039 return s;
3040 }
3041
3042 static uint8_t *swrap_pcap_packet_init(struct timeval *tval,
3043 const struct sockaddr *src,
3044 const struct sockaddr *dest,
3045 int socket_type,
3046 const uint8_t *payload,
3047 size_t payload_len,
3048 unsigned long tcp_seqno,
3049 unsigned long tcp_ack,
3050 unsigned char tcp_ctl,
3051 int unreachable,
3052 size_t *_packet_len)
3053 {
3054 uint8_t *base = NULL;
3055 uint8_t *buf = NULL;
3056 union {
3057 uint8_t *ptr;
3058 struct swrap_packet_frame *frame;
3059 } f;
3060 union {
3061 uint8_t *ptr;
3062 union swrap_packet_ip *ip;
3063 } i;
3064 union swrap_packet_payload *pay;
3065 size_t packet_len;
3066 size_t alloc_len;
3067 size_t nonwire_len = sizeof(struct swrap_packet_frame);
3068 size_t wire_hdr_len = 0;
3069 size_t wire_len = 0;
3070 size_t ip_hdr_len = 0;
3071 size_t icmp_hdr_len = 0;
3072 size_t icmp_truncate_len = 0;
3073 uint8_t protocol = 0, icmp_protocol = 0;
3074 const struct sockaddr_in *src_in = NULL;
3075 const struct sockaddr_in *dest_in = NULL;
3076 #ifdef HAVE_IPV6
3077 const struct sockaddr_in6 *src_in6 = NULL;
3078 const struct sockaddr_in6 *dest_in6 = NULL;
3079 #endif
3080 uint16_t src_port;
3081 uint16_t dest_port;
3082
3083 switch (src->sa_family) {
3084 case AF_INET:
3085 src_in = (const struct sockaddr_in *)(const void *)src;
3086 dest_in = (const struct sockaddr_in *)(const void *)dest;
3087 src_port = src_in->sin_port;
3088 dest_port = dest_in->sin_port;
3089 ip_hdr_len = sizeof(i.ip->v4);
3090 break;
3091 #ifdef HAVE_IPV6
3092 case AF_INET6:
3093 src_in6 = (const struct sockaddr_in6 *)(const void *)src;
3094 dest_in6 = (const struct sockaddr_in6 *)(const void *)dest;
3095 src_port = src_in6->sin6_port;
3096 dest_port = dest_in6->sin6_port;
3097 ip_hdr_len = sizeof(i.ip->v6);
3098 break;
3099 #endif
3100 default:
3101 return NULL;
3102 }
3103
3104 switch (socket_type) {
3105 case SOCK_STREAM:
3106 protocol = 0x06; /* TCP */
3107 wire_hdr_len = ip_hdr_len + sizeof(pay->tcp);
3108 wire_len = wire_hdr_len + payload_len;
3109 break;
3110
3111 case SOCK_DGRAM:
3112 protocol = 0x11; /* UDP */
3113 wire_hdr_len = ip_hdr_len + sizeof(pay->udp);
3114 wire_len = wire_hdr_len + payload_len;
3115 break;
3116
3117 default:
3118 return NULL;
3119 }
3120
3121 if (unreachable) {
3122 icmp_protocol = protocol;
3123 switch (src->sa_family) {
3124 case AF_INET:
3125 protocol = 0x01; /* ICMPv4 */
3126 icmp_hdr_len = ip_hdr_len + sizeof(pay->icmp4);
3127 break;
3128 #ifdef HAVE_IPV6
3129 case AF_INET6:
3130 protocol = 0x3A; /* ICMPv6 */
3131 icmp_hdr_len = ip_hdr_len + sizeof(pay->icmp6);
3132 break;
3133 #endif
3134 }
3135 if (wire_len > 64 ) {
3136 icmp_truncate_len = wire_len - 64;
3137 }
3138 wire_len += icmp_hdr_len;
3139 }
3140
3141 packet_len = nonwire_len + wire_len;
3142 alloc_len = packet_len;
3143 if (alloc_len < SWRAP_PACKET_MIN_ALLOC) {
3144 alloc_len = SWRAP_PACKET_MIN_ALLOC;
3145 }
3146
3147 base = (uint8_t *)calloc(1, alloc_len);
3148 if (base == NULL) {
3149 return NULL;
3150 }
3151
3152 buf = base;
3153 f.ptr = buf;
3154
3155 f.frame->seconds = tval->tv_sec;
3156 f.frame->micro_seconds = tval->tv_usec;
3157 f.frame->recorded_length = wire_len - icmp_truncate_len;
3158 f.frame->full_length = wire_len - icmp_truncate_len;
3159
3160 buf += SWRAP_PACKET_FRAME_SIZE;
3161
3162 i.ptr = buf;
3163 switch (src->sa_family) {
3164 case AF_INET:
3165 if (src_in == NULL || dest_in == NULL) {
3166 SAFE_FREE(base);
3167 return NULL;
3168 }
3169
3170 i.ip->v4.ver_hdrlen = 0x45; /* version 4 and 5 * 32 bit words */
3171 i.ip->v4.tos = 0x00;
3172 i.ip->v4.packet_length = htons(wire_len - icmp_truncate_len);
3173 i.ip->v4.identification = htons(0xFFFF);
3174 i.ip->v4.flags = 0x40; /* BIT 1 set - means don't fragment */
3175 i.ip->v4.fragment = htons(0x0000);
3176 i.ip->v4.ttl = 0xFF;
3177 i.ip->v4.protocol = protocol;
3178 i.ip->v4.hdr_checksum = htons(0x0000);
3179 i.ip->v4.src_addr = src_in->sin_addr.s_addr;
3180 i.ip->v4.dest_addr = dest_in->sin_addr.s_addr;
3181 buf += SWRAP_PACKET_IP_V4_SIZE;
3182 break;
3183 #ifdef HAVE_IPV6
3184 case AF_INET6:
3185 if (src_in6 == NULL || dest_in6 == NULL) {
3186 SAFE_FREE(base);
3187 return NULL;
3188 }
3189
3190 i.ip->v6.ver_prio = 0x60; /* version 4 and 5 * 32 bit words */
3191 i.ip->v6.flow_label_high = 0x00;
3192 i.ip->v6.flow_label_low = 0x0000;
3193 i.ip->v6.payload_length = htons(wire_len - icmp_truncate_len); /* TODO */
3194 i.ip->v6.next_header = protocol;
3195 memcpy(i.ip->v6.src_addr, src_in6->sin6_addr.s6_addr, 16);
3196 memcpy(i.ip->v6.dest_addr, dest_in6->sin6_addr.s6_addr, 16);
3197 buf += SWRAP_PACKET_IP_V6_SIZE;
3198 break;
3199 #endif
3200 }
3201
3202 if (unreachable) {
3203 pay = (union swrap_packet_payload *)(void *)buf;
3204 switch (src->sa_family) {
3205 case AF_INET:
3206 pay->icmp4.type = 0x03; /* destination unreachable */
3207 pay->icmp4.code = 0x01; /* host unreachable */
3208 pay->icmp4.checksum = htons(0x0000);
3209 pay->icmp4.unused = htonl(0x00000000);
3210
3211 buf += SWRAP_PACKET_PAYLOAD_ICMP4_SIZE;
3212
3213 /* set the ip header in the ICMP payload */
3214 i.ptr = buf;
3215 i.ip->v4.ver_hdrlen = 0x45; /* version 4 and 5 * 32 bit words */
3216 i.ip->v4.tos = 0x00;
3217 i.ip->v4.packet_length = htons(wire_len - icmp_hdr_len);
3218 i.ip->v4.identification = htons(0xFFFF);
3219 i.ip->v4.flags = 0x40; /* BIT 1 set - means don't fragment */
3220 i.ip->v4.fragment = htons(0x0000);
3221 i.ip->v4.ttl = 0xFF;
3222 i.ip->v4.protocol = icmp_protocol;
3223 i.ip->v4.hdr_checksum = htons(0x0000);
3224 i.ip->v4.src_addr = dest_in->sin_addr.s_addr;
3225 i.ip->v4.dest_addr = src_in->sin_addr.s_addr;
3226
3227 buf += SWRAP_PACKET_IP_V4_SIZE;
3228
3229 src_port = dest_in->sin_port;
3230 dest_port = src_in->sin_port;
3231 break;
3232 #ifdef HAVE_IPV6
3233 case AF_INET6:
3234 pay->icmp6.type = 0x01; /* destination unreachable */
3235 pay->icmp6.code = 0x03; /* address unreachable */
3236 pay->icmp6.checksum = htons(0x0000);
3237 pay->icmp6.unused = htonl(0x00000000);
3238 buf += SWRAP_PACKET_PAYLOAD_ICMP6_SIZE;
3239
3240 /* set the ip header in the ICMP payload */
3241 i.ptr = buf;
3242 i.ip->v6.ver_prio = 0x60; /* version 4 and 5 * 32 bit words */
3243 i.ip->v6.flow_label_high = 0x00;
3244 i.ip->v6.flow_label_low = 0x0000;
3245 i.ip->v6.payload_length = htons(wire_len - icmp_truncate_len); /* TODO */
3246 i.ip->v6.next_header = protocol;
3247 memcpy(i.ip->v6.src_addr, dest_in6->sin6_addr.s6_addr, 16);
3248 memcpy(i.ip->v6.dest_addr, src_in6->sin6_addr.s6_addr, 16);
3249
3250 buf += SWRAP_PACKET_IP_V6_SIZE;
3251
3252 src_port = dest_in6->sin6_port;
3253 dest_port = src_in6->sin6_port;
3254 break;
3255 #endif
3256 }
3257 }
3258
3259 pay = (union swrap_packet_payload *)(void *)buf;
3260
3261 switch (socket_type) {
3262 case SOCK_STREAM:
3263 pay->tcp.source_port = src_port;
3264 pay->tcp.dest_port = dest_port;
3265 pay->tcp.seq_num = htonl(tcp_seqno);
3266 pay->tcp.ack_num = htonl(tcp_ack);
3267 pay->tcp.hdr_length = 0x50; /* 5 * 32 bit words */
3268 pay->tcp.control = tcp_ctl;
3269 pay->tcp.window = htons(0x7FFF);
3270 pay->tcp.checksum = htons(0x0000);
3271 pay->tcp.urg = htons(0x0000);
3272 buf += SWRAP_PACKET_PAYLOAD_TCP_SIZE;
3273
3274 break;
3275
3276 case SOCK_DGRAM:
3277 pay->udp.source_port = src_port;
3278 pay->udp.dest_port = dest_port;
3279 pay->udp.length = htons(8 + payload_len);
3280 pay->udp.checksum = htons(0x0000);
3281 buf += SWRAP_PACKET_PAYLOAD_UDP_SIZE;
3282
3283 break;
3284 }
3285
3286 if (payload && payload_len > 0) {
3287 memcpy(buf, payload, payload_len);
3288 }
3289
3290 *_packet_len = packet_len - icmp_truncate_len;
3291 return base;
3292 }
3293
3294 static int swrap_pcap_get_fd(const char *fname)
3295 {
3296 static int fd = -1;
3297
3298 if (fd != -1) {
3299 return fd;
3300 }
3301
3302 fd = libc_open(fname, O_WRONLY|O_CREAT|O_EXCL|O_APPEND, 0644);
3303 if (fd != -1) {
3304 struct swrap_file_hdr file_hdr;
3305 file_hdr.magic = 0xA1B2C3D4;
3306 file_hdr.version_major = 0x0002;
3307 file_hdr.version_minor = 0x0004;
3308 file_hdr.timezone = 0x00000000;
3309 file_hdr.sigfigs = 0x00000000;
3310 file_hdr.frame_max_len = SWRAP_FRAME_LENGTH_MAX;
3311 file_hdr.link_type = 0x0065; /* 101 RAW IP */
3312
3313 if (libc_write(fd, &file_hdr, sizeof(file_hdr)) != sizeof(file_hdr)) {
3314 libc_close(fd);
3315 fd = -1;
3316 }
3317 return fd;
3318 }
3319
3320 fd = libc_open(fname, O_WRONLY|O_APPEND, 0644);
3321
3322 return fd;
3323 }
3324
3325 static uint8_t *swrap_pcap_marshall_packet(struct socket_info *si,
3326 const struct sockaddr *addr,
3327 enum swrap_packet_type type,
3328 const void *buf, size_t len,
3329 size_t *packet_len)
3330 {
3331 const struct sockaddr *src_addr;
3332 const struct sockaddr *dest_addr;
3333 unsigned long tcp_seqno = 0;
3334 unsigned long tcp_ack = 0;
3335 unsigned char tcp_ctl = 0;
3336 int unreachable = 0;
3337
3338 struct timeval tv;
3339
3340 switch (si->family) {
3341 case AF_INET:
3342 break;
3343 #ifdef HAVE_IPV6
3344 case AF_INET6:
3345 break;
3346 #endif
3347 default:
3348 return NULL;
3349 }
3350
3351 switch (type) {
3352 case SWRAP_CONNECT_SEND:
3353 if (si->type != SOCK_STREAM) {
3354 return NULL;
3355 }
3356
3357 src_addr = &si->myname.sa.s;
3358 dest_addr = addr;
3359
3360 tcp_seqno = si->io.pck_snd;
3361 tcp_ack = si->io.pck_rcv;
3362 tcp_ctl = 0x02; /* SYN */
3363
3364 si->io.pck_snd += 1;
3365
3366 break;
3367
3368 case SWRAP_CONNECT_RECV:
3369 if (si->type != SOCK_STREAM) {
3370 return NULL;
3371 }
3372
3373 dest_addr = &si->myname.sa.s;
3374 src_addr = addr;
3375
3376 tcp_seqno = si->io.pck_rcv;
3377 tcp_ack = si->io.pck_snd;
3378 tcp_ctl = 0x12; /** SYN,ACK */
3379
3380 si->io.pck_rcv += 1;
3381
3382 break;
3383
3384 case SWRAP_CONNECT_UNREACH:
3385 if (si->type != SOCK_STREAM) {
3386 return NULL;
3387 }
3388
3389 dest_addr = &si->myname.sa.s;
3390 src_addr = addr;
3391
3392 /* Unreachable: resend the data of SWRAP_CONNECT_SEND */
3393 tcp_seqno = si->io.pck_snd - 1;
3394 tcp_ack = si->io.pck_rcv;
3395 tcp_ctl = 0x02; /* SYN */
3396 unreachable = 1;
3397
3398 break;
3399
3400 case SWRAP_CONNECT_ACK:
3401 if (si->type != SOCK_STREAM) {
3402 return NULL;
3403 }
3404
3405 src_addr = &si->myname.sa.s;
3406 dest_addr = addr;
3407
3408 tcp_seqno = si->io.pck_snd;
3409 tcp_ack = si->io.pck_rcv;
3410 tcp_ctl = 0x10; /* ACK */
3411
3412 break;
3413
3414 case SWRAP_ACCEPT_SEND:
3415 if (si->type != SOCK_STREAM) {
3416 return NULL;
3417 }
3418
3419 dest_addr = &si->myname.sa.s;
3420 src_addr = addr;
3421
3422 tcp_seqno = si->io.pck_rcv;
3423 tcp_ack = si->io.pck_snd;
3424 tcp_ctl = 0x02; /* SYN */
3425
3426 si->io.pck_rcv += 1;
3427
3428 break;
3429
3430 case SWRAP_ACCEPT_RECV:
3431 if (si->type != SOCK_STREAM) {
3432 return NULL;
3433 }
3434
3435 src_addr = &si->myname.sa.s;
3436 dest_addr = addr;
3437
3438 tcp_seqno = si->io.pck_snd;
3439 tcp_ack = si->io.pck_rcv;
3440 tcp_ctl = 0x12; /* SYN,ACK */
3441
3442 si->io.pck_snd += 1;
3443
3444 break;
3445
3446 case SWRAP_ACCEPT_ACK:
3447 if (si->type != SOCK_STREAM) {
3448 return NULL;
3449 }
3450
3451 dest_addr = &si->myname.sa.s;
3452 src_addr = addr;
3453
3454 tcp_seqno = si->io.pck_rcv;
3455 tcp_ack = si->io.pck_snd;
3456 tcp_ctl = 0x10; /* ACK */
3457
3458 break;
3459
3460 case SWRAP_SEND:
3461 src_addr = &si->myname.sa.s;
3462 dest_addr = &si->peername.sa.s;
3463
3464 tcp_seqno = si->io.pck_snd;
3465 tcp_ack = si->io.pck_rcv;
3466 tcp_ctl = 0x18; /* PSH,ACK */
3467
3468 si->io.pck_snd += len;
3469
3470 break;
3471
3472 case SWRAP_SEND_RST:
3473 dest_addr = &si->myname.sa.s;
3474 src_addr = &si->peername.sa.s;
3475
3476 if (si->type == SOCK_DGRAM) {
3477 return swrap_pcap_marshall_packet(si,
3478 &si->peername.sa.s,
3479 SWRAP_SENDTO_UNREACH,
3480 buf,
3481 len,
3482 packet_len);
3483 }
3484
3485 tcp_seqno = si->io.pck_rcv;
3486 tcp_ack = si->io.pck_snd;
3487 tcp_ctl = 0x14; /** RST,ACK */
3488
3489 break;
3490
3491 case SWRAP_PENDING_RST:
3492 dest_addr = &si->myname.sa.s;
3493 src_addr = &si->peername.sa.s;
3494
3495 if (si->type == SOCK_DGRAM) {
3496 return NULL;
3497 }
3498
3499 tcp_seqno = si->io.pck_rcv;
3500 tcp_ack = si->io.pck_snd;
3501 tcp_ctl = 0x14; /* RST,ACK */
3502
3503 break;
3504
3505 case SWRAP_RECV:
3506 dest_addr = &si->myname.sa.s;
3507 src_addr = &si->peername.sa.s;
3508
3509 tcp_seqno = si->io.pck_rcv;
3510 tcp_ack = si->io.pck_snd;
3511 tcp_ctl = 0x18; /* PSH,ACK */
3512
3513 si->io.pck_rcv += len;
3514
3515 break;
3516
3517 case SWRAP_RECV_RST:
3518 dest_addr = &si->myname.sa.s;
3519 src_addr = &si->peername.sa.s;
3520
3521 if (si->type == SOCK_DGRAM) {
3522 return NULL;
3523 }
3524
3525 tcp_seqno = si->io.pck_rcv;
3526 tcp_ack = si->io.pck_snd;
3527 tcp_ctl = 0x14; /* RST,ACK */
3528
3529 break;
3530
3531 case SWRAP_SENDTO:
3532 src_addr = &si->myname.sa.s;
3533 dest_addr = addr;
3534
3535 si->io.pck_snd += len;
3536
3537 break;
3538
3539 case SWRAP_SENDTO_UNREACH:
3540 dest_addr = &si->myname.sa.s;
3541 src_addr = addr;
3542
3543 unreachable = 1;
3544
3545 break;
3546
3547 case SWRAP_RECVFROM:
3548 dest_addr = &si->myname.sa.s;
3549 src_addr = addr;
3550
3551 si->io.pck_rcv += len;
3552
3553 break;
3554
3555 case SWRAP_CLOSE_SEND:
3556 if (si->type != SOCK_STREAM) {
3557 return NULL;
3558 }
3559
3560 src_addr = &si->myname.sa.s;
3561 dest_addr = &si->peername.sa.s;
3562
3563 tcp_seqno = si->io.pck_snd;
3564 tcp_ack = si->io.pck_rcv;
3565 tcp_ctl = 0x11; /* FIN, ACK */
3566
3567 si->io.pck_snd += 1;
3568
3569 break;
3570
3571 case SWRAP_CLOSE_RECV:
3572 if (si->type != SOCK_STREAM) {
3573 return NULL;
3574 }
3575
3576 dest_addr = &si->myname.sa.s;
3577 src_addr = &si->peername.sa.s;
3578
3579 tcp_seqno = si->io.pck_rcv;
3580 tcp_ack = si->io.pck_snd;
3581 tcp_ctl = 0x11; /* FIN,ACK */
3582
3583 si->io.pck_rcv += 1;
3584
3585 break;
3586
3587 case SWRAP_CLOSE_ACK:
3588 if (si->type != SOCK_STREAM) {
3589 return NULL;
3590 }
3591
3592 src_addr = &si->myname.sa.s;
3593 dest_addr = &si->peername.sa.s;
3594
3595 tcp_seqno = si->io.pck_snd;
3596 tcp_ack = si->io.pck_rcv;
3597 tcp_ctl = 0x10; /* ACK */
3598
3599 break;
3600 default:
3601 return NULL;
3602 }
3603
3604 swrapGetTimeOfDay(&tv);
3605
3606 return swrap_pcap_packet_init(&tv,
3607 src_addr,
3608 dest_addr,
3609 si->type,
3610 (const uint8_t *)buf,
3611 len,
3612 tcp_seqno,
3613 tcp_ack,
3614 tcp_ctl,
3615 unreachable,
3616 packet_len);
3617 }
3618
3619 static void swrap_pcap_dump_packet(struct socket_info *si,
3620 const struct sockaddr *addr,
3621 enum swrap_packet_type type,
3622 const void *buf, size_t len)
3623 {
3624 const char *file_name;
3625 uint8_t *packet;
3626 size_t packet_len = 0;
3627 int fd;
3628
3629 swrap_mutex_lock(&pcap_dump_mutex);
3630
3631 file_name = swrap_pcap_init_file();
3632 if (!file_name) {
3633 goto done;
3634 }
3635
3636 packet = swrap_pcap_marshall_packet(si,
3637 addr,
3638 type,
3639 buf,
3640 len,
3641 &packet_len);
3642 if (packet == NULL) {
3643 goto done;
3644 }
3645
3646 fd = swrap_pcap_get_fd(file_name);
3647 if (fd != -1) {
3648 if (libc_write(fd, packet, packet_len) != (ssize_t)packet_len) {
3649 free(packet);
3650 goto done;
3651 }
3652 }
3653
3654 free(packet);
3655
3656 done:
3657 swrap_mutex_unlock(&pcap_dump_mutex);
3658 }
3659
3660 /****************************************************************************
3661 * SIGNALFD
3662 ***************************************************************************/
3663
3664 #ifdef HAVE_SIGNALFD
3665 static int swrap_signalfd(int fd, const sigset_t *mask, int flags)
3666 {
3667 int rc;
3668
3669 rc = libc_signalfd(fd, mask, flags);
3670 if (rc != -1) {
3671 swrap_remove_stale(fd);
3672 }
3673
3674 return rc;
3675 }
3676
3677 int signalfd(int fd, const sigset_t *mask, int flags)
3678 {
3679 return swrap_signalfd(fd, mask, flags);
3680 }
3681 #endif
3682
3683 /****************************************************************************
3684 * SOCKET
3685 ***************************************************************************/
3686
3687 static int swrap_socket(int family, int type, int protocol)
3688 {
3689 struct socket_info *si = NULL;
3690 struct socket_info _si = { 0 };
3691 int fd;
3692 int ret;
3693 int real_type = type;
3694
3695 /*
3696 * Remove possible addition flags passed to socket() so
3697 * do not fail checking the type.
3698 * See https://lwn.net/Articles/281965/
3699 */
3700 #ifdef SOCK_CLOEXEC
3701 real_type &= ~SOCK_CLOEXEC;
3702 #endif
3703 #ifdef SOCK_NONBLOCK
3704 real_type &= ~SOCK_NONBLOCK;
3705 #endif
3706
3707 if (!socket_wrapper_enabled()) {
3708 return libc_socket(family, type, protocol);
3709 }
3710
3711 switch (family) {
3712 case AF_INET:
3713 #ifdef HAVE_IPV6
3714 case AF_INET6:
3715 #endif
3716 break;
3717 #ifdef AF_NETLINK
3718 case AF_NETLINK:
3719 #endif /* AF_NETLINK */
3720 #ifdef AF_PACKET
3721 case AF_PACKET:
3722 #endif /* AF_PACKET */
3723 case AF_UNIX:
3724 fd = libc_socket(family, type, protocol);
3725 if (fd != -1) {
3726 /* Check if we have a stale fd and remove it */
3727 swrap_remove_stale(fd);
3728 SWRAP_LOG(SWRAP_LOG_TRACE,
3729 "Unix socket fd=%d",
3730 fd);
3731 }
3732 return fd;
3733 default:
3734 errno = EAFNOSUPPORT;
3735 return -1;
3736 }
3737
3738 switch (real_type) {
3739 case SOCK_STREAM:
3740 break;
3741 case SOCK_DGRAM:
3742 break;
3743 default:
3744 errno = EPROTONOSUPPORT;
3745 return -1;
3746 }
3747
3748 switch (protocol) {
3749 case 0:
3750 break;
3751 case 6:
3752 if (real_type == SOCK_STREAM) {
3753 break;
3754 }
3755 FALL_THROUGH;
3756 case 17:
3757 if (real_type == SOCK_DGRAM) {
3758 break;
3759 }
3760 FALL_THROUGH;
3761 default:
3762 errno = EPROTONOSUPPORT;
3763 return -1;
3764 }
3765
3766 /*
3767 * We must call libc_socket with type, from the caller, not the version
3768 * we removed SOCK_CLOEXEC and SOCK_NONBLOCK from
3769 */
3770 fd = libc_socket(AF_UNIX, type, 0);
3771
3772 if (fd == -1) {
3773 return -1;
3774 }
3775
3776 /* Check if we have a stale fd and remove it */
3777 swrap_remove_stale(fd);
3778
3779 si = &_si;
3780 si->family = family;
3781
3782 /* however, the rest of the socket_wrapper code expects just
3783 * the type, not the flags */
3784 si->type = real_type;
3785 si->protocol = protocol;
3786
3787 /*
3788 * Setup myname so getsockname() can succeed to find out the socket
3789 * type.
3790 */
3791 switch(si->family) {
3792 case AF_INET: {
3793 struct sockaddr_in sin = {
3794 .sin_family = AF_INET,
3795 };
3796
3797 si->myname.sa_socklen = sizeof(struct sockaddr_in);
3798 memcpy(&si->myname.sa.in, &sin, si->myname.sa_socklen);
3799 break;
3800 }
3801 #ifdef HAVE_IPV6
3802 case AF_INET6: {
3803 struct sockaddr_in6 sin6 = {
3804 .sin6_family = AF_INET6,
3805 };
3806
3807 si->myname.sa_socklen = sizeof(struct sockaddr_in6);
3808 memcpy(&si->myname.sa.in6, &sin6, si->myname.sa_socklen);
3809 break;
3810 }
3811 #endif
3812 default:
3813 errno = EINVAL;
3814 return -1;
3815 }
3816
3817 ret = swrap_create_socket(si, fd);
3818 if (ret == -1) {
3819 int saved_errno = errno;
3820 libc_close(fd);
3821 errno = saved_errno;
3822 return -1;
3823 }
3824
3825 SWRAP_LOG(SWRAP_LOG_TRACE,
3826 "Created %s socket for protocol %s, fd=%d",
3827 family == AF_INET ? "IPv4" : "IPv6",
3828 real_type == SOCK_DGRAM ? "UDP" : "TCP",
3829 fd);
3830
3831 return fd;
3832 }
3833
3834 int socket(int family, int type, int protocol)
3835 {
3836 return swrap_socket(family, type, protocol);
3837 }
3838
3839 /****************************************************************************
3840 * SOCKETPAIR
3841 ***************************************************************************/
3842
3843 static int swrap_socketpair(int family, int type, int protocol, int sv[2])
3844 {
3845 int rc;
3846
3847 rc = libc_socketpair(family, type, protocol, sv);
3848 if (rc != -1) {
3849 swrap_remove_stale(sv[0]);
3850 swrap_remove_stale(sv[1]);
3851 }
3852
3853 return rc;
3854 }
3855
3856 int socketpair(int family, int type, int protocol, int sv[2])
3857 {
3858 return swrap_socketpair(family, type, protocol, sv);
3859 }
3860
3861 /****************************************************************************
3862 * SOCKETPAIR
3863 ***************************************************************************/
3864
3865 #ifdef HAVE_TIMERFD_CREATE
3866 static int swrap_timerfd_create(int clockid, int flags)
3867 {
3868 int fd;
3869
3870 fd = libc_timerfd_create(clockid, flags);
3871 if (fd != -1) {
3872 swrap_remove_stale(fd);
3873 }
3874
3875 return fd;
3876 }
3877
3878 int timerfd_create(int clockid, int flags)
3879 {
3880 return swrap_timerfd_create(clockid, flags);
3881 }
3882 #endif
3883
3884 /****************************************************************************
3885 * PIPE
3886 ***************************************************************************/
3887
3888 static int swrap_pipe(int pipefd[2])
3889 {
3890 int rc;
3891
3892 rc = libc_pipe(pipefd);
3893 if (rc != -1) {
3894 swrap_remove_stale(pipefd[0]);
3895 swrap_remove_stale(pipefd[1]);
3896 }
3897
3898 return rc;
3899 }
3900
3901 int pipe(int pipefd[2])
3902 {
3903 return swrap_pipe(pipefd);
3904 }
3905
3906 /****************************************************************************
3907 * ACCEPT
3908 ***************************************************************************/
3909
3910 static int swrap_accept(int s,
3911 struct sockaddr *addr,
3912 socklen_t *addrlen,
3913 int flags)
3914 {
3915 struct socket_info *parent_si, *child_si;
3916 struct socket_info new_si = { 0 };
3917 int fd;
3918 int idx;
3919 struct swrap_address un_addr = {
3920 .sa_socklen = sizeof(struct sockaddr_un),
3921 };
3922 struct swrap_address un_my_addr = {
3923 .sa_socklen = sizeof(struct sockaddr_un),
3924 };
3925 struct swrap_address in_addr = {
3926 .sa_socklen = sizeof(struct sockaddr_storage),
3927 };
3928 struct swrap_address in_my_addr = {
3929 .sa_socklen = sizeof(struct sockaddr_storage),
3930 };
3931 int ret;
3932
3933 parent_si = find_socket_info(s);
3934 if (!parent_si) {
3935 #ifdef HAVE_ACCEPT4
3936 return libc_accept4(s, addr, addrlen, flags);
3937 #else
3938 UNUSED(flags);
3939 return libc_accept(s, addr, addrlen);
3940 #endif
3941 }
3942
3943
3944 /*
3945 * prevent parent_si from being altered / closed
3946 * while we read it
3947 */
3948 SWRAP_LOCK_SI(parent_si);
3949
3950 /*
3951 * assume out sockaddr have the same size as the in parent
3952 * socket family
3953 */
3954 in_addr.sa_socklen = socket_length(parent_si->family);
3955 if (in_addr.sa_socklen <= 0) {
3956 SWRAP_UNLOCK_SI(parent_si);
3957 errno = EINVAL;
3958 return -1;
3959 }
3960
3961 SWRAP_UNLOCK_SI(parent_si);
3962
3963 #ifdef HAVE_ACCEPT4
3964 ret = libc_accept4(s, &un_addr.sa.s, &un_addr.sa_socklen, flags);
3965 #else
3966 UNUSED(flags);
3967 ret = libc_accept(s, &un_addr.sa.s, &un_addr.sa_socklen);
3968 #endif
3969 if (ret == -1) {
3970 int saved_errno = errno;
3971 if (saved_errno == ENOTSOCK) {
3972 /* Remove stale fds */
3973 swrap_remove_stale(s);
3974 }
3975 errno = saved_errno;
3976 return ret;
3977 }
3978
3979 fd = ret;
3980
3981 /* Check if we have a stale fd and remove it */
3982 swrap_remove_stale(fd);
3983
3984 if (un_addr.sa.un.sun_path[0] == '\0') {
3985 /*
3986 * FreeBSD seems to have a problem where
3987 * accept4() on the unix socket doesn't
3988 * ECONNABORTED for already disconnected connections.
3989 *
3990 * Let's try libc_getpeername() to get the peer address
3991 * as a fallback, but it'll likely return ENOTCONN,
3992 * which we have to map to ECONNABORTED.
3993 */
3994 un_addr.sa_socklen = sizeof(struct sockaddr_un),
3995 ret = libc_getpeername(fd, &un_addr.sa.s, &un_addr.sa_socklen);
3996 if (ret == -1) {
3997 int saved_errno = errno;
3998 libc_close(fd);
3999 if (saved_errno == ENOTCONN) {
4000 /*
4001 * If the connection is already disconnected
4002 * we should return ECONNABORTED.
4003 */
4004 saved_errno = ECONNABORTED;
4005 }
4006 errno = saved_errno;
4007 return ret;
4008 }
4009 }
4010
4011 ret = libc_getsockname(fd,
4012 &un_my_addr.sa.s,
4013 &un_my_addr.sa_socklen);
4014 if (ret == -1) {
4015 int saved_errno = errno;
4016 libc_close(fd);
4017 if (saved_errno == ENOTCONN) {
4018 /*
4019 * If the connection is already disconnected
4020 * we should return ECONNABORTED.
4021 */
4022 saved_errno = ECONNABORTED;
4023 }
4024 errno = saved_errno;
4025 return ret;
4026 }
4027
4028 SWRAP_LOCK_SI(parent_si);
4029
4030 ret = sockaddr_convert_from_un(parent_si,
4031 &un_addr.sa.un,
4032 un_addr.sa_socklen,
4033 parent_si->family,
4034 &in_addr.sa.s,
4035 &in_addr.sa_socklen);
4036 if (ret == -1) {
4037 int saved_errno = errno;
4038 SWRAP_UNLOCK_SI(parent_si);
4039 libc_close(fd);
4040 errno = saved_errno;
4041 return ret;
4042 }
4043
4044 child_si = &new_si;
4045
4046 child_si->family = parent_si->family;
4047 child_si->type = parent_si->type;
4048 child_si->protocol = parent_si->protocol;
4049 child_si->bound = 1;
4050 child_si->is_server = 1;
4051 child_si->connected = 1;
4052
4053 SWRAP_UNLOCK_SI(parent_si);
4054
4055 child_si->peername = (struct swrap_address) {
4056 .sa_socklen = in_addr.sa_socklen,
4057 };
4058 memcpy(&child_si->peername.sa.ss, &in_addr.sa.ss, in_addr.sa_socklen);
4059
4060 if (addr != NULL && addrlen != NULL) {
4061 size_t copy_len = MIN(*addrlen, in_addr.sa_socklen);
4062 if (copy_len > 0) {
4063 memcpy(addr, &in_addr.sa.ss, copy_len);
4064 }
4065 *addrlen = in_addr.sa_socklen;
4066 }
4067
4068 ret = sockaddr_convert_from_un(child_si,
4069 &un_my_addr.sa.un,
4070 un_my_addr.sa_socklen,
4071 child_si->family,
4072 &in_my_addr.sa.s,
4073 &in_my_addr.sa_socklen);
4074 if (ret == -1) {
4075 int saved_errno = errno;
4076 libc_close(fd);
4077 errno = saved_errno;
4078 return ret;
4079 }
4080
4081 SWRAP_LOG(SWRAP_LOG_TRACE,
4082 "accept() path=%s, fd=%d",
4083 un_my_addr.sa.un.sun_path, s);
4084
4085 child_si->myname = (struct swrap_address) {
4086 .sa_socklen = in_my_addr.sa_socklen,
4087 };
4088 memcpy(&child_si->myname.sa.ss, &in_my_addr.sa.ss, in_my_addr.sa_socklen);
4089
4090 idx = swrap_create_socket(&new_si, fd);
4091 if (idx == -1) {
4092 int saved_errno = errno;
4093 libc_close(fd);
4094 errno = saved_errno;
4095 return -1;
4096 }
4097
4098 if (addr != NULL) {
4099 struct socket_info *si = swrap_get_socket_info(idx);
4100
4101 SWRAP_LOCK_SI(si);
4102 swrap_pcap_dump_packet(si, addr, SWRAP_ACCEPT_SEND, NULL, 0);
4103 swrap_pcap_dump_packet(si, addr, SWRAP_ACCEPT_RECV, NULL, 0);
4104 swrap_pcap_dump_packet(si, addr, SWRAP_ACCEPT_ACK, NULL, 0);
4105 SWRAP_UNLOCK_SI(si);
4106 }
4107
4108 return fd;
4109 }
4110
4111 #ifdef HAVE_ACCEPT4
4112 int accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags)
4113 {
4114 return swrap_accept(s, addr, (socklen_t *)addrlen, flags);
4115 }
4116 #endif
4117
4118 #ifdef HAVE_ACCEPT_PSOCKLEN_T
4119 int accept(int s, struct sockaddr *addr, Psocklen_t addrlen)
4120 #else
4121 int accept(int s, struct sockaddr *addr, socklen_t *addrlen)
4122 #endif
4123 {
4124 return swrap_accept(s, addr, (socklen_t *)addrlen, 0);
4125 }
4126
4127 static int autobind_start_init;
4128 static int autobind_start;
4129
4130 /* using sendto() or connect() on an unbound socket would give the
4131 recipient no way to reply, as unlike UDP and TCP, a unix domain
4132 socket can't auto-assign ephemeral port numbers, so we need to
4133 assign it here.
4134 Note: this might change the family from ipv6 to ipv4
4135 */
4136 static int swrap_auto_bind(int fd, struct socket_info *si, int family)
4137 {
4138 struct swrap_address un_addr = {
4139 .sa_socklen = sizeof(struct sockaddr_un),
4140 };
4141 int i;
4142 char type;
4143 int ret;
4144 int port;
4145 char *swrap_dir = NULL;
4146
4147 swrap_mutex_lock(&autobind_start_mutex);
4148
4149 if (autobind_start_init != 1) {
4150 autobind_start_init = 1;
4151 autobind_start = getpid();
4152 autobind_start %= 50000;
4153 autobind_start += 10000;
4154 }
4155
4156 un_addr.sa.un.sun_family = AF_UNIX;
4157
4158 switch (family) {
4159 case AF_INET: {
4160 struct sockaddr_in in;
4161
4162 switch (si->type) {
4163 case SOCK_STREAM:
4164 type = SOCKET_TYPE_CHAR_TCP;
4165 break;
4166 case SOCK_DGRAM:
4167 type = SOCKET_TYPE_CHAR_UDP;
4168 break;
4169 default:
4170 errno = ESOCKTNOSUPPORT;
4171 ret = -1;
4172 goto done;
4173 }
4174
4175 memset(&in, 0, sizeof(in));
4176 in.sin_family = AF_INET;
4177 in.sin_addr.s_addr = htonl(swrap_ipv4_iface(
4178 socket_wrapper_default_iface()));
4179
4180 si->myname = (struct swrap_address) {
4181 .sa_socklen = sizeof(in),
4182 };
4183 memcpy(&si->myname.sa.in, &in, si->myname.sa_socklen);
4184 break;
4185 }
4186 #ifdef HAVE_IPV6
4187 case AF_INET6: {
4188 struct sockaddr_in6 in6;
4189
4190 if (si->family != family) {
4191 errno = ENETUNREACH;
4192 ret = -1;
4193 goto done;
4194 }
4195
4196 switch (si->type) {
4197 case SOCK_STREAM:
4198 type = SOCKET_TYPE_CHAR_TCP_V6;
4199 break;
4200 case SOCK_DGRAM:
4201 type = SOCKET_TYPE_CHAR_UDP_V6;
4202 break;
4203 default:
4204 errno = ESOCKTNOSUPPORT;
4205 ret = -1;
4206 goto done;
4207 }
4208
4209 memset(&in6, 0, sizeof(in6));
4210 in6.sin6_family = AF_INET6;
4211 in6.sin6_addr = *swrap_ipv6();
4212 in6.sin6_addr.s6_addr[15] = socket_wrapper_default_iface();
4213
4214 si->myname = (struct swrap_address) {
4215 .sa_socklen = sizeof(in6),
4216 };
4217 memcpy(&si->myname.sa.in6, &in6, si->myname.sa_socklen);
4218 break;
4219 }
4220 #endif
4221 default:
4222 errno = ESOCKTNOSUPPORT;
4223 ret = -1;
4224 goto done;
4225 }
4226
4227 if (autobind_start > 60000) {
4228 autobind_start = 10000;
4229 }
4230
4231 swrap_dir = socket_wrapper_dir();
4232 if (swrap_dir == NULL) {
4233 errno = EINVAL;
4234 ret = -1;
4235 goto done;
4236 }
4237
4238 for (i = 0; i < SOCKET_MAX_SOCKETS; i++) {
4239 port = autobind_start + i;
4240 swrap_un_path(&un_addr.sa.un,
4241 swrap_dir,
4242 type,
4243 socket_wrapper_default_iface(),
4244 port);
4245
4246 ret = libc_bind(fd, &un_addr.sa.s, un_addr.sa_socklen);
4247 if (ret == -1) {
4248 if (errno == EALREADY || errno == EADDRINUSE) {
4249 continue;
4250 }
4251 goto done;
4252 }
4253
4254 si->un_addr = un_addr.sa.un;
4255
4256 si->bound = 1;
4257 autobind_start = port + 1;
4258 break;
4259 }
4260 if (i == SOCKET_MAX_SOCKETS) {
4261 SWRAP_LOG(SWRAP_LOG_ERROR, "Too many open unix sockets (%u) for "
4262 "interface "SOCKET_FORMAT,
4263 SOCKET_MAX_SOCKETS,
4264 type,
4265 socket_wrapper_default_iface(),
4266 0);
4267 errno = ENFILE;
4268 ret = -1;
4269 goto done;
4270 }
4271
4272 si->family = family;
4273 set_port(si->family, port, &si->myname);
4274
4275 ret = 0;
4276
4277 done:
4278 SAFE_FREE(swrap_dir);
4279 swrap_mutex_unlock(&autobind_start_mutex);
4280 return ret;
4281 }
4282
4283 /****************************************************************************
4284 * CONNECT
4285 ***************************************************************************/
4286
4287 static int swrap_connect(int s, const struct sockaddr *serv_addr,
4288 socklen_t addrlen)
4289 {
4290 int ret;
4291 struct swrap_address un_addr = {
4292 .sa_socklen = sizeof(struct sockaddr_un),
4293 };
4294 struct socket_info *si = find_socket_info(s);
4295 struct swrap_sockaddr_buf buf = {};
4296 int bcast = 0;
4297
4298 if (!si) {
4299 return libc_connect(s, serv_addr, addrlen);
4300 }
4301
4302 SWRAP_LOCK_SI(si);
4303
4304 if (si->bound == 0) {
4305 ret = swrap_auto_bind(s, si, serv_addr->sa_family);
4306 if (ret == -1) {
4307 goto done;
4308 }
4309 }
4310
4311 if (si->family != serv_addr->sa_family) {
4312 SWRAP_LOG(SWRAP_LOG_ERROR,
4313 "called for fd=%d (family=%d) called with invalid family=%d",
4314 s, si->family, serv_addr->sa_family);
4315 errno = EINVAL;
4316 ret = -1;
4317 goto done;
4318 }
4319
4320 ret = sockaddr_convert_to_un(si, serv_addr,
4321 addrlen, &un_addr.sa.un, 0, &bcast);
4322 if (ret == -1) {
4323 goto done;
4324 }
4325
4326 if (bcast) {
4327 errno = ENETUNREACH;
4328 ret = -1;
4329 goto done;
4330 }
4331
4332 if (si->type == SOCK_DGRAM) {
4333 si->defer_connect = 1;
4334 ret = 0;
4335 } else {
4336 swrap_pcap_dump_packet(si, serv_addr, SWRAP_CONNECT_SEND, NULL, 0);
4337
4338 ret = libc_connect(s,
4339 &un_addr.sa.s,
4340 un_addr.sa_socklen);
4341 }
4342
4343 SWRAP_LOG(SWRAP_LOG_TRACE,
4344 "connect(%s) path=%s, fd=%d",
4345 swrap_sockaddr_string(&buf, serv_addr),
4346 un_addr.sa.un.sun_path, s);
4347
4348
4349 /* to give better errors */
4350 if (ret == -1 && errno == ENOENT) {
4351 errno = EHOSTUNREACH;
4352 }
4353
4354 if (ret == 0) {
4355 si->peername = (struct swrap_address) {
4356 .sa_socklen = addrlen,
4357 };
4358
4359 memcpy(&si->peername.sa.ss, serv_addr, addrlen);
4360 si->connected = 1;
4361
4362 /*
4363 * When we connect() on a socket than we have to bind the
4364 * outgoing connection on the interface we use for the
4365 * transport. We already bound it on the right interface
4366 * but here we have to update the name so getsockname()
4367 * returns correct information.
4368 */
4369 if (si->bindname.sa_socklen > 0) {
4370 si->myname = (struct swrap_address) {
4371 .sa_socklen = si->bindname.sa_socklen,
4372 };
4373
4374 memcpy(&si->myname.sa.ss,
4375 &si->bindname.sa.ss,
4376 si->bindname.sa_socklen);
4377
4378 /* Cleanup bindname */
4379 si->bindname = (struct swrap_address) {
4380 .sa_socklen = 0,
4381 };
4382 }
4383
4384 swrap_pcap_dump_packet(si, serv_addr, SWRAP_CONNECT_RECV, NULL, 0);
4385 swrap_pcap_dump_packet(si, serv_addr, SWRAP_CONNECT_ACK, NULL, 0);
4386 } else {
4387 swrap_pcap_dump_packet(si, serv_addr, SWRAP_CONNECT_UNREACH, NULL, 0);
4388 }
4389
4390 done:
4391 SWRAP_UNLOCK_SI(si);
4392 return ret;
4393 }
4394
4395 int connect(int s, const struct sockaddr *serv_addr, socklen_t addrlen)
4396 {
4397 return swrap_connect(s, serv_addr, addrlen);
4398 }
4399
4400 /****************************************************************************
4401 * BIND
4402 ***************************************************************************/
4403
4404 static int swrap_bind(int s, const struct sockaddr *myaddr, socklen_t addrlen)
4405 {
4406 int ret;
4407 struct swrap_address un_addr = {
4408 .sa_socklen = sizeof(struct sockaddr_un),
4409 };
4410 struct socket_info *si = find_socket_info(s);
4411 struct swrap_sockaddr_buf buf = {};
4412 int ret_errno = errno;
4413 int bind_error = 0;
4414 #if 0 /* FIXME */
4415 bool in_use;
4416 #endif
4417
4418 if (!si) {
4419 return libc_bind(s, myaddr, addrlen);
4420 }
4421
4422 SWRAP_LOCK_SI(si);
4423
4424 switch (si->family) {
4425 case AF_INET: {
4426 const struct sockaddr_in *sin;
4427 if (addrlen < sizeof(struct sockaddr_in)) {
4428 bind_error = EINVAL;
4429 break;
4430 }
4431
4432 sin = (const struct sockaddr_in *)(const void *)myaddr;
4433
4434 if (sin->sin_family != AF_INET) {
4435 bind_error = EAFNOSUPPORT;
4436 }
4437
4438 /* special case for AF_UNSPEC */
4439 if (sin->sin_family == AF_UNSPEC &&
4440 (sin->sin_addr.s_addr == htonl(INADDR_ANY)))
4441 {
4442 bind_error = 0;
4443 }
4444
4445 break;
4446 }
4447 #ifdef HAVE_IPV6
4448 case AF_INET6: {
4449 const struct sockaddr_in6 *sin6;
4450 if (addrlen < sizeof(struct sockaddr_in6)) {
4451 bind_error = EINVAL;
4452 break;
4453 }
4454
4455 sin6 = (const struct sockaddr_in6 *)(const void *)myaddr;
4456
4457 if (sin6->sin6_family != AF_INET6) {
4458 bind_error = EAFNOSUPPORT;
4459 }
4460
4461 break;
4462 }
4463 #endif
4464 default:
4465 bind_error = EINVAL;
4466 break;
4467 }
4468
4469 if (bind_error != 0) {
4470 ret_errno = bind_error;
4471 ret = -1;
4472 goto out;
4473 }
4474
4475 #if 0 /* FIXME */
4476 in_use = check_addr_port_in_use(myaddr, addrlen);
4477 if (in_use) {
4478 errno = EADDRINUSE;
4479 ret = -1;
4480 goto out;
4481 }
4482 #endif
4483
4484 si->myname.sa_socklen = addrlen;
4485 memcpy(&si->myname.sa.ss, myaddr, addrlen);
4486
4487 ret = sockaddr_convert_to_un(si,
4488 myaddr,
4489 addrlen,
4490 &un_addr.sa.un,
4491 1,
4492 &si->bcast);
4493 if (ret == -1) {
4494 ret_errno = errno;
4495 goto out;
4496 }
4497
4498 unlink(un_addr.sa.un.sun_path);
4499
4500 ret = libc_bind(s, &un_addr.sa.s, un_addr.sa_socklen);
4501 if (ret == -1) {
4502 ret_errno = errno;
4503 }
4504
4505 SWRAP_LOG(SWRAP_LOG_TRACE,
4506 "bind(%s) path=%s, fd=%d ret=%d ret_errno=%d",
4507 swrap_sockaddr_string(&buf, myaddr),
4508 un_addr.sa.un.sun_path, s, ret, ret_errno);
4509
4510 if (ret == 0) {
4511 si->bound = 1;
4512 }
4513
4514 out:
4515 SWRAP_UNLOCK_SI(si);
4516 errno = ret_errno;
4517 return ret;
4518 }
4519
4520 int bind(int s, const struct sockaddr *myaddr, socklen_t addrlen)
4521 {
4522 return swrap_bind(s, myaddr, addrlen);
4523 }
4524
4525 /****************************************************************************
4526 * BINDRESVPORT
4527 ***************************************************************************/
4528
4529 #ifdef HAVE_BINDRESVPORT
4530 static int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen);
4531
4532 static int swrap_bindresvport_sa(int sd, struct sockaddr *sa)
4533 {
4534 struct swrap_address myaddr = {
4535 .sa_socklen = sizeof(struct sockaddr_storage),
4536 };
4537 socklen_t salen;
4538 static uint16_t port;
4539 uint16_t i;
4540 int rc = -1;
4541 int af;
4542
4543 #define SWRAP_STARTPORT 600
4544 #define SWRAP_ENDPORT (IPPORT_RESERVED - 1)
4545 #define SWRAP_NPORTS (SWRAP_ENDPORT - SWRAP_STARTPORT + 1)
4546
4547 if (port == 0) {
4548 port = (getpid() % SWRAP_NPORTS) + SWRAP_STARTPORT;
4549 }
4550
4551 if (sa == NULL) {
4552 salen = myaddr.sa_socklen;
4553 sa = &myaddr.sa.s;
4554
4555 rc = swrap_getsockname(sd, &myaddr.sa.s, &salen);
4556 if (rc < 0) {
4557 return -1;
4558 }
4559
4560 af = sa->sa_family;
4561 memset(&myaddr.sa.ss, 0, salen);
4562 } else {
4563 af = sa->sa_family;
4564 }
4565
4566 for (i = 0; i < SWRAP_NPORTS; i++, port++) {
4567 switch(af) {
4568 case AF_INET: {
4569 struct sockaddr_in *sinp = (struct sockaddr_in *)(void *)sa;
4570
4571 salen = sizeof(struct sockaddr_in);
4572 sinp->sin_port = htons(port);
4573 break;
4574 }
4575 case AF_INET6: {
4576 struct sockaddr_in6 *sin6p = (struct sockaddr_in6 *)(void *)sa;
4577
4578 salen = sizeof(struct sockaddr_in6);
4579 sin6p->sin6_port = htons(port);
4580 break;
4581 }
4582 default:
4583 errno = EAFNOSUPPORT;
4584 return -1;
4585 }
4586 sa->sa_family = af;
4587
4588 if (port > SWRAP_ENDPORT) {
4589 port = SWRAP_STARTPORT;
4590 }
4591
4592 rc = swrap_bind(sd, (struct sockaddr *)sa, salen);
4593 if (rc == 0 || errno != EADDRINUSE) {
4594 break;
4595 }
4596 }
4597
4598 return rc;
4599 }
4600
4601 int bindresvport(int sockfd, struct sockaddr_in *sinp)
4602 {
4603 return swrap_bindresvport_sa(sockfd, (struct sockaddr *)sinp);
4604 }
4605 #endif
4606
4607 /****************************************************************************
4608 * LISTEN
4609 ***************************************************************************/
4610
4611 static int swrap_listen(int s, int backlog)
4612 {
4613 int ret;
4614 struct socket_info *si = find_socket_info(s);
4615
4616 if (!si) {
4617 return libc_listen(s, backlog);
4618 }
4619
4620 SWRAP_LOCK_SI(si);
4621
4622 if (si->bound == 0) {
4623 ret = swrap_auto_bind(s, si, si->family);
4624 if (ret == -1) {
4625 errno = EADDRINUSE;
4626 goto out;
4627 }
4628 }
4629
4630 ret = libc_listen(s, backlog);
4631 if (ret == 0) {
4632 si->listening = 1;
4633 }
4634
4635 out:
4636 SWRAP_UNLOCK_SI(si);
4637
4638 return ret;
4639 }
4640
4641 int listen(int s, int backlog)
4642 {
4643 return swrap_listen(s, backlog);
4644 }
4645
4646 /****************************************************************************
4647 * FOPEN
4648 ***************************************************************************/
4649
4650 static FILE *swrap_fopen(const char *name, const char *mode)
4651 {
4652 FILE *fp;
4653
4654 fp = libc_fopen(name, mode);
4655 if (fp != NULL) {
4656 int fd = fileno(fp);
4657
4658 swrap_remove_stale(fd);
4659 }
4660
4661 return fp;
4662 }
4663
4664 #undef fopen /* Needed for LFS handling */
4665 FILE *fopen(const char *name, const char *mode)
4666 {
4667 return swrap_fopen(name, mode);
4668 }
4669
4670 /****************************************************************************
4671 * FOPEN64
4672 ***************************************************************************/
4673
4674 #ifdef HAVE_FOPEN64
4675 static FILE *swrap_fopen64(const char *name, const char *mode)
4676 {
4677 FILE *fp;
4678
4679 fp = libc_fopen64(name, mode);
4680 if (fp != NULL) {
4681 int fd = fileno(fp);
4682
4683 swrap_remove_stale(fd);
4684 }
4685
4686 return fp;
4687 }
4688
4689 FILE *fopen64(const char *name, const char *mode)
4690 {
4691 return swrap_fopen64(name, mode);
4692 }
4693 #endif /* HAVE_FOPEN64 */
4694
4695 /****************************************************************************
4696 * OPEN
4697 ***************************************************************************/
4698
4699 static int swrap_vopen(const char *pathname, int flags, va_list ap)
4700 {
4701 int ret;
4702
4703 ret = libc_vopen(pathname, flags, ap);
4704 if (ret != -1) {
4705 /*
4706 * There are methods for closing descriptors (libc-internal code
4707 * paths, direct syscalls) which close descriptors in ways that
4708 * we can't intercept, so try to recover when we notice that
4709 * that's happened
4710 */
4711 swrap_remove_stale(ret);
4712 }
4713 return ret;
4714 }
4715
4716 #undef open /* Needed for LFS handling */
4717 int open(const char *pathname, int flags, ...)
4718 {
4719 va_list ap;
4720 int fd;
4721
4722 va_start(ap, flags);
4723 fd = swrap_vopen(pathname, flags, ap);
4724 va_end(ap);
4725
4726 return fd;
4727 }
4728
4729 /****************************************************************************
4730 * OPEN64
4731 ***************************************************************************/
4732
4733 #ifdef HAVE_OPEN64
4734 static int swrap_vopen64(const char *pathname, int flags, va_list ap)
4735 {
4736 int ret;
4737
4738 ret = libc_vopen64(pathname, flags, ap);
4739 if (ret != -1) {
4740 /*
4741 * There are methods for closing descriptors (libc-internal code
4742 * paths, direct syscalls) which close descriptors in ways that
4743 * we can't intercept, so try to recover when we notice that
4744 * that's happened
4745 */
4746 swrap_remove_stale(ret);
4747 }
4748 return ret;
4749 }
4750
4751 int open64(const char *pathname, int flags, ...)
4752 {
4753 va_list ap;
4754 int fd;
4755
4756 va_start(ap, flags);
4757 fd = swrap_vopen64(pathname, flags, ap);
4758 va_end(ap);
4759
4760 return fd;
4761 }
4762 #endif /* HAVE_OPEN64 */
4763
4764 /****************************************************************************
4765 * OPENAT64
4766 ***************************************************************************/
4767
4768 #ifdef HAVE_OPENAT64
4769 static int
4770 swrap_vopenat64(int dirfd, const char *pathname, int flags, va_list ap)
4771 {
4772 int ret;
4773
4774 ret = libc_vopenat64(dirfd, pathname, flags, ap);
4775 if (ret != -1) {
4776 /*
4777 * There are methods for closing descriptors (libc-internal code
4778 * paths, direct syscalls) which close descriptors in ways that
4779 * we can't intercept, so try to recover when we notice that
4780 * that's happened
4781 */
4782 swrap_remove_stale(ret);
4783 }
4784 return ret;
4785 }
4786
4787 int openat64(int dirfd, const char *pathname, int flags, ...)
4788 {
4789 va_list ap;
4790 int fd;
4791
4792 va_start(ap, flags);
4793 fd = swrap_vopenat64(dirfd, pathname, flags, ap);
4794 va_end(ap);
4795
4796 return fd;
4797 }
4798 #endif /* HAVE_OPENAT64 */
4799
4800 /****************************************************************************
4801 * OPENAT
4802 ***************************************************************************/
4803
4804 static int swrap_vopenat(int dirfd, const char *path, int flags, va_list ap)
4805 {
4806 int ret;
4807
4808 ret = libc_vopenat(dirfd, path, flags, ap);
4809 if (ret != -1) {
4810 /*
4811 * There are methods for closing descriptors (libc-internal code
4812 * paths, direct syscalls) which close descriptors in ways that
4813 * we can't intercept, so try to recover when we notice that
4814 * that's happened
4815 */
4816 swrap_remove_stale(ret);
4817 }
4818
4819 return ret;
4820 }
4821
4822 #undef openat /* Needed for LFS handling */
4823 int openat(int dirfd, const char *path, int flags, ...)
4824 {
4825 va_list ap;
4826 int fd;
4827
4828 va_start(ap, flags);
4829 fd = swrap_vopenat(dirfd, path, flags, ap);
4830 va_end(ap);
4831
4832 return fd;
4833 }
4834
4835 /****************************************************************************
4836 * GETPEERNAME
4837 ***************************************************************************/
4838
4839 static int swrap_getpeername(int s, struct sockaddr *name, socklen_t *addrlen)
4840 {
4841 struct socket_info *si = find_socket_info(s);
4842 socklen_t len;
4843 int ret = -1;
4844
4845 if (!si) {
4846 return libc_getpeername(s, name, addrlen);
4847 }
4848
4849 SWRAP_LOCK_SI(si);
4850
4851 if (si->peername.sa_socklen == 0)
4852 {
4853 errno = ENOTCONN;
4854 goto out;
4855 }
4856
4857 len = MIN(*addrlen, si->peername.sa_socklen);
4858 if (len == 0) {
4859 ret = 0;
4860 goto out;
4861 }
4862
4863 memcpy(name, &si->peername.sa.ss, len);
4864 *addrlen = si->peername.sa_socklen;
4865
4866 ret = 0;
4867 out:
4868 SWRAP_UNLOCK_SI(si);
4869
4870 return ret;
4871 }
4872
4873 #ifdef HAVE_ACCEPT_PSOCKLEN_T
4874 int getpeername(int s, struct sockaddr *name, Psocklen_t addrlen)
4875 #else
4876 int getpeername(int s, struct sockaddr *name, socklen_t *addrlen)
4877 #endif
4878 {
4879 return swrap_getpeername(s, name, (socklen_t *)addrlen);
4880 }
4881
4882 /****************************************************************************
4883 * GETSOCKNAME
4884 ***************************************************************************/
4885
4886 static int swrap_getsockname(int s, struct sockaddr *name, socklen_t *addrlen)
4887 {
4888 struct socket_info *si = find_socket_info(s);
4889 socklen_t len;
4890 int ret = -1;
4891
4892 if (!si) {
4893 return libc_getsockname(s, name, addrlen);
4894 }
4895
4896 SWRAP_LOCK_SI(si);
4897
4898 len = MIN(*addrlen, si->myname.sa_socklen);
4899 if (len == 0) {
4900 ret = 0;
4901 goto out;
4902 }
4903
4904 memcpy(name, &si->myname.sa.ss, len);
4905 *addrlen = si->myname.sa_socklen;
4906
4907 ret = 0;
4908 out:
4909 SWRAP_UNLOCK_SI(si);
4910
4911 return ret;
4912 }
4913
4914 #ifdef HAVE_ACCEPT_PSOCKLEN_T
4915 int getsockname(int s, struct sockaddr *name, Psocklen_t addrlen)
4916 #else
4917 int getsockname(int s, struct sockaddr *name, socklen_t *addrlen)
4918 #endif
4919 {
4920 return swrap_getsockname(s, name, (socklen_t *)addrlen);
4921 }
4922
4923 /****************************************************************************
4924 * GETSOCKOPT
4925 ***************************************************************************/
4926
4927 #ifndef SO_PROTOCOL
4928 # ifdef SO_PROTOTYPE /* The Solaris name */
4929 # define SO_PROTOCOL SO_PROTOTYPE
4930 # endif /* SO_PROTOTYPE */
4931 #endif /* SO_PROTOCOL */
4932
4933 static int swrap_getsockopt(int s, int level, int optname,
4934 void *optval, socklen_t *optlen)
4935 {
4936 struct socket_info *si = find_socket_info(s);
4937 int ret;
4938
4939 if (!si) {
4940 return libc_getsockopt(s,
4941 level,
4942 optname,
4943 optval,
4944 optlen);
4945 }
4946
4947 SWRAP_LOCK_SI(si);
4948
4949 if (level == SOL_SOCKET) {
4950 switch (optname) {
4951 #ifdef SO_DOMAIN
4952 case SO_DOMAIN:
4953 if (optval == NULL || optlen == NULL ||
4954 *optlen < (socklen_t)sizeof(int)) {
4955 errno = EINVAL;
4956 ret = -1;
4957 goto done;
4958 }
4959
4960 *optlen = sizeof(int);
4961 *(int *)optval = si->family;
4962 ret = 0;
4963 goto done;
4964 #endif /* SO_DOMAIN */
4965
4966 #ifdef SO_PROTOCOL
4967 case SO_PROTOCOL:
4968 if (optval == NULL || optlen == NULL ||
4969 *optlen < (socklen_t)sizeof(int)) {
4970 errno = EINVAL;
4971 ret = -1;
4972 goto done;
4973 }
4974
4975 *optlen = sizeof(int);
4976 *(int *)optval = si->protocol;
4977 ret = 0;
4978 goto done;
4979 #endif /* SO_PROTOCOL */
4980 case SO_TYPE:
4981 if (optval == NULL || optlen == NULL ||
4982 *optlen < (socklen_t)sizeof(int)) {
4983 errno = EINVAL;
4984 ret = -1;
4985 goto done;
4986 }
4987
4988 *optlen = sizeof(int);
4989 *(int *)optval = si->type;
4990 ret = 0;
4991 goto done;
4992 default:
4993 ret = libc_getsockopt(s,
4994 level,
4995 optname,
4996 optval,
4997 optlen);
4998 goto done;
4999 }
5000 } else if (level == IPPROTO_TCP) {
5001 switch (optname) {
5002 #ifdef TCP_NODELAY
5003 case TCP_NODELAY:
5004 /*
5005 * This enables sending packets directly out over TCP.
5006 * As a unix socket is doing that any way, report it as
5007 * enabled.
5008 */
5009 if (optval == NULL || optlen == NULL ||
5010 *optlen < (socklen_t)sizeof(int)) {
5011 errno = EINVAL;
5012 ret = -1;
5013 goto done;
5014 }
5015
5016 *optlen = sizeof(int);
5017 *(int *)optval = si->tcp_nodelay;
5018
5019 ret = 0;
5020 goto done;
5021 #endif /* TCP_NODELAY */
5022 #ifdef TCP_INFO
5023 case TCP_INFO: {
5024 struct tcp_info info;
5025 socklen_t ilen = sizeof(info);
5026
5027 #ifdef HAVE_NETINET_TCP_FSM_H
5028 /* This is FreeBSD */
5029 # define __TCP_LISTEN TCPS_LISTEN
5030 # define __TCP_ESTABLISHED TCPS_ESTABLISHED
5031 # define __TCP_CLOSE TCPS_CLOSED
5032 #else
5033 /* This is Linux */
5034 # define __TCP_LISTEN TCP_LISTEN
5035 # define __TCP_ESTABLISHED TCP_ESTABLISHED
5036 # define __TCP_CLOSE TCP_CLOSE
5037 #endif
5038
5039 ZERO_STRUCT(info);
5040 if (si->listening) {
5041 info.tcpi_state = __TCP_LISTEN;
5042 } else if (si->connected) {
5043 /*
5044 * For now we just fake a few values
5045 * supported both by FreeBSD and Linux
5046 */
5047 info.tcpi_state = __TCP_ESTABLISHED;
5048 info.tcpi_rto = 200000; /* 200 msec */
5049 info.tcpi_rtt = 5000; /* 5 msec */
5050 info.tcpi_rttvar = 5000; /* 5 msec */
5051 } else {
5052 info.tcpi_state = __TCP_CLOSE;
5053 info.tcpi_rto = 1000000; /* 1 sec */
5054 info.tcpi_rtt = 0;
5055 info.tcpi_rttvar = 250000; /* 250 msec */
5056 }
5057
5058 if (optval == NULL || optlen == NULL ||
5059 *optlen < (socklen_t)ilen) {
5060 errno = EINVAL;
5061 ret = -1;
5062 goto done;
5063 }
5064
5065 *optlen = ilen;
5066 memcpy(optval, &info, ilen);
5067
5068 ret = 0;
5069 goto done;
5070 }
5071 #endif /* TCP_INFO */
5072 default:
5073 break;
5074 }
5075 }
5076
5077 errno = ENOPROTOOPT;
5078 ret = -1;
5079
5080 done:
5081 SWRAP_UNLOCK_SI(si);
5082 return ret;
5083 }
5084
5085 #ifdef HAVE_ACCEPT_PSOCKLEN_T
5086 int getsockopt(int s, int level, int optname, void *optval, Psocklen_t optlen)
5087 #else
5088 int getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen)
5089 #endif
5090 {
5091 return swrap_getsockopt(s, level, optname, optval, (socklen_t *)optlen);
5092 }
5093
5094 /****************************************************************************
5095 * SETSOCKOPT
5096 ***************************************************************************/
5097
5098 static int swrap_setsockopt(int s, int level, int optname,
5099 const void *optval, socklen_t optlen)
5100 {
5101 struct socket_info *si = find_socket_info(s);
5102 int ret;
5103
5104 if (!si) {
5105 return libc_setsockopt(s,
5106 level,
5107 optname,
5108 optval,
5109 optlen);
5110 }
5111
5112 if (level == SOL_SOCKET) {
5113 return libc_setsockopt(s,
5114 level,
5115 optname,
5116 optval,
5117 optlen);
5118 }
5119
5120 SWRAP_LOCK_SI(si);
5121
5122 if (level == IPPROTO_TCP) {
5123 switch (optname) {
5124 #ifdef TCP_NODELAY
5125 case TCP_NODELAY: {
5126 int i;
5127
5128 /*
5129 * This enables sending packets directly out over TCP.
5130 * A unix socket is doing that any way.
5131 */
5132 if (optval == NULL || optlen == 0 ||
5133 optlen < (socklen_t)sizeof(int)) {
5134 errno = EINVAL;
5135 ret = -1;
5136 goto done;
5137 }
5138
5139 i = *discard_const_p(int, optval);
5140 if (i != 0 && i != 1) {
5141 errno = EINVAL;
5142 ret = -1;
5143 goto done;
5144 }
5145 si->tcp_nodelay = i;
5146
5147 ret = 0;
5148 goto done;
5149 }
5150 #endif /* TCP_NODELAY */
5151 default:
5152 break;
5153 }
5154 }
5155
5156 switch (si->family) {
5157 case AF_INET:
5158 if (level == IPPROTO_IP) {
5159 #ifdef IP_PKTINFO
5160 if (optname == IP_PKTINFO) {
5161 si->pktinfo = AF_INET;
5162 }
5163 #endif /* IP_PKTINFO */
5164 }
5165 ret = 0;
5166 goto done;
5167 #ifdef HAVE_IPV6
5168 case AF_INET6:
5169 if (level == IPPROTO_IPV6) {
5170 #ifdef IPV6_RECVPKTINFO
5171 if (optname == IPV6_RECVPKTINFO) {
5172 si->pktinfo = AF_INET6;
5173 }
5174 #endif /* IPV6_PKTINFO */
5175 }
5176 ret = 0;
5177 goto done;
5178 #endif
5179 default:
5180 errno = ENOPROTOOPT;
5181 ret = -1;
5182 goto done;
5183 }
5184
5185 done:
5186 SWRAP_UNLOCK_SI(si);
5187 return ret;
5188 }
5189
5190 int setsockopt(int s, int level, int optname,
5191 const void *optval, socklen_t optlen)
5192 {
5193 return swrap_setsockopt(s, level, optname, optval, optlen);
5194 }
5195
5196 /****************************************************************************
5197 * IOCTL
5198 ***************************************************************************/
5199
5200 static int swrap_vioctl(int s, unsigned long int r, va_list va)
5201 {
5202 struct socket_info *si = find_socket_info(s);
5203 va_list ap;
5204 int *value_ptr = NULL;
5205 int rc;
5206
5207 if (!si) {
5208 return libc_vioctl(s, r, va);
5209 }
5210
5211 SWRAP_LOCK_SI(si);
5212
5213 va_copy(ap, va);
5214
5215 rc = libc_vioctl(s, r, va);
5216
5217 switch (r) {
5218 case FIONREAD:
5219 if (rc == 0) {
5220 value_ptr = ((int *)va_arg(ap, int *));
5221 }
5222
5223 if (rc == -1 && errno != EAGAIN && errno != ENOBUFS) {
5224 swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
5225 } else if (value_ptr != NULL && *value_ptr == 0) { /* END OF FILE */
5226 swrap_pcap_dump_packet(si, NULL, SWRAP_PENDING_RST, NULL, 0);
5227 }
5228 break;
5229 #ifdef FIONWRITE
5230 case FIONWRITE:
5231 /* this is FreeBSD */
5232 FALL_THROUGH; /* to TIOCOUTQ */
5233 #endif /* FIONWRITE */
5234 case TIOCOUTQ: /* same as SIOCOUTQ on Linux */
5235 /*
5236 * This may return more bytes then the application
5237 * sent into the socket, for tcp it should
5238 * return the number of unacked bytes.
5239 *
5240 * On AF_UNIX, all bytes are immediately acked!
5241 */
5242 if (rc == 0) {
5243 value_ptr = ((int *)va_arg(ap, int *));
5244 *value_ptr = 0;
5245 }
5246 break;
5247 }
5248
5249 va_end(ap);
5250
5251 SWRAP_UNLOCK_SI(si);
5252 return rc;
5253 }
5254
5255 #ifdef HAVE_IOCTL_INT
5256 int ioctl(int s, int r, ...)
5257 #else
5258 int ioctl(int s, unsigned long int r, ...)
5259 #endif
5260 {
5261 va_list va;
5262 int rc;
5263
5264 va_start(va, r);
5265
5266 rc = swrap_vioctl(s, (unsigned long int) r, va);
5267
5268 va_end(va);
5269
5270 return rc;
5271 }
5272
5273 /*****************
5274 * CMSG
5275 *****************/
5276
5277 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
5278
5279 #ifndef CMSG_ALIGN
5280 # ifdef _ALIGN /* BSD */
5281 #define CMSG_ALIGN _ALIGN
5282 # else
5283 #define CMSG_ALIGN(len) (((len) + sizeof(size_t) - 1) & ~(sizeof(size_t) - 1))
5284 # endif /* _ALIGN */
5285 #endif /* CMSG_ALIGN */
5286
5287 /**
5288 * @brief Add a cmsghdr to a msghdr.
5289 *
5290 * This is an function to add any type of cmsghdr. It will operate on the
5291 * msg->msg_control and msg->msg_controllen you pass in by adapting them to
5292 * the buffer position after the added cmsg element. Hence, this function is
5293 * intended to be used with an intermediate msghdr and not on the original
5294 * one handed in by the client.
5295 *
5296 * @param[in] msg The msghdr to which to add the cmsg.
5297 *
5298 * @param[in] level The cmsg level to set.
5299 *
5300 * @param[in] type The cmsg type to set.
5301 *
5302 * @param[in] data The cmsg data to set.
5303 *
5304 * @param[in] len the length of the data to set.
5305 */
5306 static void swrap_msghdr_add_cmsghdr(struct msghdr *msg,
5307 int level,
5308 int type,
5309 const void *data,
5310 size_t len)
5311 {
5312 size_t cmlen = CMSG_LEN(len);
5313 size_t cmspace = CMSG_SPACE(len);
5314 uint8_t cmbuf[cmspace];
5315 void *cast_ptr = (void *)cmbuf;
5316 struct cmsghdr *cm = (struct cmsghdr *)cast_ptr;
5317 uint8_t *p;
5318
5319 memset(cmbuf, 0, cmspace);
5320
5321 if (msg->msg_controllen < cmlen) {
5322 cmlen = msg->msg_controllen;
5323 msg->msg_flags |= MSG_CTRUNC;
5324 }
5325
5326 if (msg->msg_controllen < cmspace) {
5327 cmspace = msg->msg_controllen;
5328 }
5329
5330 /*
5331 * We copy the full input data into an intermediate cmsghdr first
5332 * in order to more easily cope with truncation.
5333 */
5334 cm->cmsg_len = cmlen;
5335 cm->cmsg_level = level;
5336 cm->cmsg_type = type;
5337 memcpy(CMSG_DATA(cm), data, len);
5338
5339 /*
5340 * We now copy the possibly truncated buffer.
5341 * We copy cmlen bytes, but consume cmspace bytes,
5342 * leaving the possible padding uninitialiazed.
5343 */
5344 p = (uint8_t *)msg->msg_control;
5345 memcpy(p, cm, cmlen);
5346 p += cmspace;
5347 msg->msg_control = p;
5348 msg->msg_controllen -= cmspace;
5349
5350 return;
5351 }
5352
5353 static int swrap_msghdr_add_pktinfo(struct socket_info *si,
5354 struct msghdr *msg)
5355 {
5356 /* Add packet info */
5357 switch (si->pktinfo) {
5358 #if defined(IP_PKTINFO) && (defined(HAVE_STRUCT_IN_PKTINFO) || defined(IP_RECVDSTADDR))
5359 case AF_INET: {
5360 struct sockaddr_in *sin;
5361 #if defined(HAVE_STRUCT_IN_PKTINFO)
5362 struct in_pktinfo pkt;
5363 #elif defined(IP_RECVDSTADDR)
5364 struct in_addr pkt;
5365 #endif
5366
5367 if (si->bindname.sa_socklen == sizeof(struct sockaddr_in)) {
5368 sin = &si->bindname.sa.in;
5369 } else {
5370 if (si->myname.sa_socklen != sizeof(struct sockaddr_in)) {
5371 return 0;
5372 }
5373 sin = &si->myname.sa.in;
5374 }
5375
5376 ZERO_STRUCT(pkt);
5377
5378 #if defined(HAVE_STRUCT_IN_PKTINFO)
5379 pkt.ipi_ifindex = socket_wrapper_default_iface();
5380 pkt.ipi_addr.s_addr = sin->sin_addr.s_addr;
5381 #elif defined(IP_RECVDSTADDR)
5382 pkt = sin->sin_addr;
5383 #endif
5384
5385 swrap_msghdr_add_cmsghdr(msg, IPPROTO_IP, IP_PKTINFO,
5386 &pkt, sizeof(pkt));
5387
5388 break;
5389 }
5390 #endif /* IP_PKTINFO */
5391 #if defined(HAVE_IPV6)
5392 case AF_INET6: {
5393 #if defined(IPV6_PKTINFO) && defined(HAVE_STRUCT_IN6_PKTINFO)
5394 struct sockaddr_in6 *sin6;
5395 struct in6_pktinfo pkt6;
5396
5397 if (si->bindname.sa_socklen == sizeof(struct sockaddr_in6)) {
5398 sin6 = &si->bindname.sa.in6;
5399 } else {
5400 if (si->myname.sa_socklen != sizeof(struct sockaddr_in6)) {
5401 return 0;
5402 }
5403 sin6 = &si->myname.sa.in6;
5404 }
5405
5406 ZERO_STRUCT(pkt6);
5407
5408 pkt6.ipi6_ifindex = socket_wrapper_default_iface();
5409 pkt6.ipi6_addr = sin6->sin6_addr;
5410
5411 swrap_msghdr_add_cmsghdr(msg, IPPROTO_IPV6, IPV6_PKTINFO,
5412 &pkt6, sizeof(pkt6));
5413 #endif /* HAVE_STRUCT_IN6_PKTINFO */
5414
5415 break;
5416 }
5417 #endif /* IPV6_PKTINFO */
5418 default:
5419 return -1;
5420 }
5421
5422 return 0;
5423 }
5424
5425 static int swrap_msghdr_add_socket_info(struct socket_info *si,
5426 struct msghdr *omsg)
5427 {
5428 int rc = 0;
5429
5430 if (si->pktinfo > 0) {
5431 rc = swrap_msghdr_add_pktinfo(si, omsg);
5432 }
5433
5434 return rc;
5435 }
5436
5437 static int swrap_sendmsg_copy_cmsg(const struct cmsghdr *cmsg,
5438 uint8_t **cm_data,
5439 size_t *cm_data_space);
5440 static int swrap_sendmsg_filter_cmsg_ipproto_ip(const struct cmsghdr *cmsg,
5441 uint8_t **cm_data,
5442 size_t *cm_data_space);
5443 static int swrap_sendmsg_filter_cmsg_sol_socket(const struct cmsghdr *cmsg,
5444 uint8_t **cm_data,
5445 size_t *cm_data_space);
5446
5447 static int swrap_sendmsg_filter_cmsghdr(const struct msghdr *_msg,
5448 uint8_t **cm_data,
5449 size_t *cm_data_space)
5450 {
5451 struct msghdr *msg = discard_const_p(struct msghdr, _msg);
5452 struct cmsghdr *cmsg;
5453 int rc = -1;
5454
5455 /* Nothing to do */
5456 if (msg->msg_controllen == 0 || msg->msg_control == NULL) {
5457 return 0;
5458 }
5459
5460 for (cmsg = CMSG_FIRSTHDR(msg);
5461 cmsg != NULL;
5462 cmsg = CMSG_NXTHDR(msg, cmsg)) {
5463 switch (cmsg->cmsg_level) {
5464 case IPPROTO_IP:
5465 rc = swrap_sendmsg_filter_cmsg_ipproto_ip(cmsg,
5466 cm_data,
5467 cm_data_space);
5468 break;
5469 case SOL_SOCKET:
5470 rc = swrap_sendmsg_filter_cmsg_sol_socket(cmsg,
5471 cm_data,
5472 cm_data_space);
5473 break;
5474 default:
5475 rc = swrap_sendmsg_copy_cmsg(cmsg,
5476 cm_data,
5477 cm_data_space);
5478 break;
5479 }
5480 if (rc < 0) {
5481 int saved_errno = errno;
5482 SAFE_FREE(*cm_data);
5483 *cm_data_space = 0;
5484 errno = saved_errno;
5485 return rc;
5486 }
5487 }
5488
5489 return rc;
5490 }
5491
5492 static int swrap_sendmsg_copy_cmsg(const struct cmsghdr *cmsg,
5493 uint8_t **cm_data,
5494 size_t *cm_data_space)
5495 {
5496 size_t cmspace;
5497 uint8_t *p;
5498
5499 cmspace = *cm_data_space + CMSG_ALIGN(cmsg->cmsg_len);
5500
5501 p = realloc((*cm_data), cmspace);
5502 if (p == NULL) {
5503 return -1;
5504 }
5505 (*cm_data) = p;
5506
5507 p = (*cm_data) + (*cm_data_space);
5508 *cm_data_space = cmspace;
5509
5510 memcpy(p, cmsg, cmsg->cmsg_len);
5511
5512 return 0;
5513 }
5514
5515 static int swrap_sendmsg_filter_cmsg_pktinfo(const struct cmsghdr *cmsg,
5516 uint8_t **cm_data,
5517 size_t *cm_data_space);
5518
5519
5520 static int swrap_sendmsg_filter_cmsg_ipproto_ip(const struct cmsghdr *cmsg,
5521 uint8_t **cm_data,
5522 size_t *cm_data_space)
5523 {
5524 int rc = -1;
5525
5526 switch(cmsg->cmsg_type) {
5527 #ifdef IP_PKTINFO
5528 case IP_PKTINFO:
5529 rc = swrap_sendmsg_filter_cmsg_pktinfo(cmsg,
5530 cm_data,
5531 cm_data_space);
5532 break;
5533 #endif
5534 #ifdef IPV6_PKTINFO
5535 case IPV6_PKTINFO:
5536 rc = swrap_sendmsg_filter_cmsg_pktinfo(cmsg,
5537 cm_data,
5538 cm_data_space);
5539 break;
5540 #endif
5541 default:
5542 break;
5543 }
5544
5545 return rc;
5546 }
5547
5548 static int swrap_sendmsg_filter_cmsg_pktinfo(const struct cmsghdr *cmsg,
5549 uint8_t **cm_data,
5550 size_t *cm_data_space)
5551 {
5552 (void)cmsg; /* unused */
5553 (void)cm_data; /* unused */
5554 (void)cm_data_space; /* unused */
5555
5556 /*
5557 * Passing a IP pktinfo to a unix socket might be rejected by the
5558 * Kernel, at least on FreeBSD. So skip this cmsg.
5559 */
5560 return 0;
5561 }
5562
5563 static int swrap_sendmsg_filter_cmsg_sol_socket(const struct cmsghdr *cmsg,
5564 uint8_t **cm_data,
5565 size_t *cm_data_space)
5566 {
5567 int rc = -1;
5568
5569 switch (cmsg->cmsg_type) {
5570 case SCM_RIGHTS:
5571 SWRAP_LOG(SWRAP_LOG_TRACE,
5572 "Ignoring SCM_RIGHTS on inet socket!");
5573 rc = 0;
5574 break;
5575 #ifdef SCM_CREDENTIALS
5576 case SCM_CREDENTIALS:
5577 SWRAP_LOG(SWRAP_LOG_TRACE,
5578 "Ignoring SCM_CREDENTIALS on inet socket!");
5579 rc = 0;
5580 break;
5581 #endif /* SCM_CREDENTIALS */
5582 default:
5583 rc = swrap_sendmsg_copy_cmsg(cmsg,
5584 cm_data,
5585 cm_data_space);
5586 break;
5587 }
5588
5589 return rc;
5590 }
5591
5592 static const uint64_t swrap_unix_scm_right_magic = 0x8e0e13f27c42fc36;
5593
5594 /*
5595 * We only allow up to 6 fds at a time
5596 * as that's more than enough for Samba
5597 * and it means we can keep the logic simple
5598 * and work with fixed size arrays.
5599 *
5600 * We also keep sizeof(struct swrap_unix_scm_rights)
5601 * under PIPE_BUF (4096) in order to allow a non-blocking
5602 * write into the pipe.
5603 */
5604 #ifndef PIPE_BUF
5605 #define PIPE_BUF 4096
5606 #endif
5607 #define SWRAP_MAX_PASSED_FDS ((size_t)6)
5608 #define SWRAP_MAX_PASSED_SOCKET_INFO SWRAP_MAX_PASSED_FDS
5609 struct swrap_unix_scm_rights_payload {
5610 uint8_t num_idxs;
5611 int8_t idxs[SWRAP_MAX_PASSED_FDS];
5612 struct socket_info infos[SWRAP_MAX_PASSED_SOCKET_INFO];
5613 };
5614 struct swrap_unix_scm_rights {
5615 uint64_t magic;
5616 char package_name[sizeof(SOCKET_WRAPPER_PACKAGE)];
5617 char package_version[sizeof(SOCKET_WRAPPER_VERSION)];
5618 uint32_t full_size;
5619 uint32_t payload_size;
5620 struct swrap_unix_scm_rights_payload payload;
5621 };
5622
5623 static void swrap_dec_fd_passed_array(size_t num, struct socket_info **array)
5624 {
5625 int saved_errno = errno;
5626 size_t i;
5627
5628 for (i = 0; i < num; i++) {
5629 struct socket_info *si = array[i];
5630 if (si == NULL) {
5631 continue;
5632 }
5633
5634 SWRAP_LOCK_SI(si);
5635 swrap_dec_refcount(si);
5636 if (si->fd_passed > 0) {
5637 si->fd_passed -= 1;
5638 }
5639 SWRAP_UNLOCK_SI(si);
5640 array[i] = NULL;
5641 }
5642
5643 errno = saved_errno;
5644 }
5645
5646 static void swrap_undo_si_idx_array(size_t num, int *array)
5647 {
5648 int saved_errno = errno;
5649 size_t i;
5650
5651 swrap_mutex_lock(&first_free_mutex);
5652
5653 for (i = 0; i < num; i++) {
5654 struct socket_info *si = NULL;
5655
5656 if (array[i] == -1) {
5657 continue;
5658 }
5659
5660 si = swrap_get_socket_info(array[i]);
5661 if (si == NULL) {
5662 continue;
5663 }
5664
5665 SWRAP_LOCK_SI(si);
5666 swrap_dec_refcount(si);
5667 SWRAP_UNLOCK_SI(si);
5668
5669 swrap_set_next_free(si, first_free);
5670 first_free = array[i];
5671 array[i] = -1;
5672 }
5673
5674 swrap_mutex_unlock(&first_free_mutex);
5675 errno = saved_errno;
5676 }
5677
5678 static void swrap_close_fd_array(size_t num, const int *array)
5679 {
5680 int saved_errno = errno;
5681 size_t i;
5682
5683 for (i = 0; i < num; i++) {
5684 if (array[i] == -1) {
5685 continue;
5686 }
5687 libc_close(array[i]);
5688 }
5689
5690 errno = saved_errno;
5691 }
5692
5693 union __swrap_fds {
5694 const uint8_t *p;
5695 int *fds;
5696 };
5697
5698 union __swrap_cmsghdr {
5699 const uint8_t *p;
5700 struct cmsghdr *cmsg;
5701 };
5702
5703 static int swrap_sendmsg_unix_scm_rights(struct cmsghdr *cmsg,
5704 uint8_t **cm_data,
5705 size_t *cm_data_space,
5706 int *scm_rights_pipe_fd)
5707 {
5708 struct swrap_unix_scm_rights info;
5709 struct swrap_unix_scm_rights_payload *payload = NULL;
5710 int si_idx_array[SWRAP_MAX_PASSED_FDS];
5711 struct socket_info *si_array[SWRAP_MAX_PASSED_FDS] = { NULL, };
5712 size_t info_idx = 0;
5713 size_t size_fds_in;
5714 size_t num_fds_in;
5715 union __swrap_fds __fds_in = { .p = NULL, };
5716 const int *fds_in = NULL;
5717 size_t num_fds_out;
5718 size_t size_fds_out;
5719 union __swrap_fds __fds_out = { .p = NULL, };
5720 int *fds_out = NULL;
5721 size_t cmsg_len;
5722 size_t cmsg_space;
5723 size_t new_cm_data_space;
5724 union __swrap_cmsghdr __new_cmsg = { .p = NULL, };
5725 struct cmsghdr *new_cmsg = NULL;
5726 uint8_t *p = NULL;
5727 size_t i;
5728 int pipefd[2] = { -1, -1 };
5729 int rc;
5730 ssize_t sret;
5731
5732 /*
5733 * We pass this a buffer to the kernel make sure any padding
5734 * is also cleared.
5735 */
5736 ZERO_STRUCT(info);
5737 info.magic = swrap_unix_scm_right_magic;
5738 memcpy(info.package_name,
5739 SOCKET_WRAPPER_PACKAGE,
5740 sizeof(info.package_name));
5741 memcpy(info.package_version,
5742 SOCKET_WRAPPER_VERSION,
5743 sizeof(info.package_version));
5744 info.full_size = sizeof(info);
5745 info.payload_size = sizeof(info.payload);
5746 payload = &info.payload;
5747
5748 if (*scm_rights_pipe_fd != -1) {
5749 SWRAP_LOG(SWRAP_LOG_ERROR,
5750 "Two SCM_RIGHTS headers are not supported by socket_wrapper");
5751 errno = EINVAL;
5752 return -1;
5753 }
5754
5755 if (cmsg->cmsg_len < CMSG_LEN(0)) {
5756 SWRAP_LOG(SWRAP_LOG_ERROR,
5757 "cmsg->cmsg_len=%zu < CMSG_LEN(0)=%zu",
5758 (size_t)cmsg->cmsg_len,
5759 CMSG_LEN(0));
5760 errno = EINVAL;
5761 return -1;
5762 }
5763 size_fds_in = cmsg->cmsg_len - CMSG_LEN(0);
5764 if ((size_fds_in % sizeof(int)) != 0) {
5765 SWRAP_LOG(SWRAP_LOG_ERROR,
5766 "cmsg->cmsg_len=%zu => (size_fds_in=%zu %% sizeof(int)=%zu) != 0",
5767 (size_t)cmsg->cmsg_len,
5768 size_fds_in,
5769 sizeof(int));
5770 errno = EINVAL;
5771 return -1;
5772 }
5773 num_fds_in = size_fds_in / sizeof(int);
5774 if (num_fds_in > SWRAP_MAX_PASSED_FDS) {
5775 SWRAP_LOG(SWRAP_LOG_ERROR,
5776 "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
5777 "num_fds_in=%zu > "
5778 "SWRAP_MAX_PASSED_FDS(%zu)",
5779 (size_t)cmsg->cmsg_len,
5780 size_fds_in,
5781 num_fds_in,
5782 SWRAP_MAX_PASSED_FDS);
5783 errno = EINVAL;
5784 return -1;
5785 }
5786 if (num_fds_in == 0) {
5787 SWRAP_LOG(SWRAP_LOG_ERROR,
5788 "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
5789 "num_fds_in=%zu",
5790 (size_t)cmsg->cmsg_len,
5791 size_fds_in,
5792 num_fds_in);
5793 errno = EINVAL;
5794 return -1;
5795 }
5796 __fds_in.p = CMSG_DATA(cmsg);
5797 fds_in = __fds_in.fds;
5798 num_fds_out = num_fds_in + 1;
5799
5800 SWRAP_LOG(SWRAP_LOG_TRACE,
5801 "num_fds_in=%zu num_fds_out=%zu",
5802 num_fds_in, num_fds_out);
5803
5804 size_fds_out = sizeof(int) * num_fds_out;
5805 cmsg_len = CMSG_LEN(size_fds_out);
5806 cmsg_space = CMSG_SPACE(size_fds_out);
5807
5808 new_cm_data_space = *cm_data_space + cmsg_space;
5809
5810 p = realloc((*cm_data), new_cm_data_space);
5811 if (p == NULL) {
5812 return -1;
5813 }
5814 (*cm_data) = p;
5815 p = (*cm_data) + (*cm_data_space);
5816 memset(p, 0, cmsg_space);
5817 __new_cmsg.p = p;
5818 new_cmsg = __new_cmsg.cmsg;
5819 *new_cmsg = *cmsg;
5820 __fds_out.p = CMSG_DATA(new_cmsg);
5821 fds_out = __fds_out.fds;
5822 memcpy(fds_out, fds_in, size_fds_in);
5823 new_cmsg->cmsg_len = cmsg->cmsg_len;
5824
5825 for (i = 0; i < num_fds_in; i++) {
5826 size_t j;
5827
5828 payload->idxs[i] = -1;
5829 payload->num_idxs++;
5830
5831 si_idx_array[i] = find_socket_info_index(fds_in[i]);
5832 if (si_idx_array[i] == -1) {
5833 continue;
5834 }
5835
5836 si_array[i] = swrap_get_socket_info(si_idx_array[i]);
5837 if (si_array[i] == NULL) {
5838 SWRAP_LOG(SWRAP_LOG_ERROR,
5839 "fds_in[%zu]=%d si_idx_array[%zu]=%d missing!",
5840 i, fds_in[i], i, si_idx_array[i]);
5841 errno = EINVAL;
5842 return -1;
5843 }
5844
5845 for (j = 0; j < i; j++) {
5846 if (si_array[j] == si_array[i]) {
5847 payload->idxs[i] = payload->idxs[j];
5848 break;
5849 }
5850 }
5851 if (payload->idxs[i] == -1) {
5852 if (info_idx >= SWRAP_MAX_PASSED_SOCKET_INFO) {
5853 SWRAP_LOG(SWRAP_LOG_ERROR,
5854 "fds_in[%zu]=%d,si_idx_array[%zu]=%d: "
5855 "info_idx=%zu >= SWRAP_MAX_PASSED_FDS(%zu)!",
5856 i, fds_in[i], i, si_idx_array[i],
5857 info_idx,
5858 SWRAP_MAX_PASSED_SOCKET_INFO);
5859 errno = EINVAL;
5860 return -1;
5861 }
5862 payload->idxs[i] = info_idx;
5863 info_idx += 1;
5864 continue;
5865 }
5866 }
5867
5868 for (i = 0; i < num_fds_in; i++) {
5869 struct socket_info *si = si_array[i];
5870
5871 if (si == NULL) {
5872 SWRAP_LOG(SWRAP_LOG_TRACE,
5873 "fds_in[%zu]=%d not an inet socket",
5874 i, fds_in[i]);
5875 continue;
5876 }
5877
5878 SWRAP_LOG(SWRAP_LOG_TRACE,
5879 "fds_in[%zu]=%d si_idx_array[%zu]=%d "
5880 "passing as info.idxs[%zu]=%d!",
5881 i, fds_in[i],
5882 i, si_idx_array[i],
5883 i, payload->idxs[i]);
5884
5885 SWRAP_LOCK_SI(si);
5886 si->fd_passed += 1;
5887 payload->infos[payload->idxs[i]] = *si;
5888 payload->infos[payload->idxs[i]].fd_passed = 0;
5889 SWRAP_UNLOCK_SI(si);
5890 }
5891
5892 rc = pipe(pipefd);
5893 if (rc == -1) {
5894 int saved_errno = errno;
5895 SWRAP_LOG(SWRAP_LOG_ERROR,
5896 "pipe() failed - %d %s",
5897 saved_errno,
5898 strerror(saved_errno));
5899 swrap_dec_fd_passed_array(num_fds_in, si_array);
5900 errno = saved_errno;
5901 return -1;
5902 }
5903
5904 sret = libc_write(pipefd[1], &info, sizeof(info));
5905 if (sret != sizeof(info)) {
5906 int saved_errno = errno;
5907 if (sret != -1) {
5908 saved_errno = EINVAL;
5909 }
5910 SWRAP_LOG(SWRAP_LOG_ERROR,
5911 "write() failed - sret=%zd - %d %s",
5912 sret, saved_errno,
5913 strerror(saved_errno));
5914 swrap_dec_fd_passed_array(num_fds_in, si_array);
5915 libc_close(pipefd[1]);
5916 libc_close(pipefd[0]);
5917 errno = saved_errno;
5918 return -1;
5919 }
5920 libc_close(pipefd[1]);
5921
5922 /*
5923 * Add the pipe read end to the end of the passed fd array
5924 */
5925 fds_out[num_fds_in] = pipefd[0];
5926 new_cmsg->cmsg_len = cmsg_len;
5927
5928 /* we're done ... */
5929 *scm_rights_pipe_fd = pipefd[0];
5930 *cm_data_space = new_cm_data_space;
5931
5932 return 0;
5933 }
5934
5935 static int swrap_sendmsg_unix_sol_socket(struct cmsghdr *cmsg,
5936 uint8_t **cm_data,
5937 size_t *cm_data_space,
5938 int *scm_rights_pipe_fd)
5939 {
5940 int rc = -1;
5941
5942 switch (cmsg->cmsg_type) {
5943 case SCM_RIGHTS:
5944 rc = swrap_sendmsg_unix_scm_rights(cmsg,
5945 cm_data,
5946 cm_data_space,
5947 scm_rights_pipe_fd);
5948 break;
5949 default:
5950 rc = swrap_sendmsg_copy_cmsg(cmsg,
5951 cm_data,
5952 cm_data_space);
5953 break;
5954 }
5955
5956 return rc;
5957 }
5958
5959 static int swrap_recvmsg_unix_scm_rights(struct cmsghdr *cmsg,
5960 uint8_t **cm_data,
5961 size_t *cm_data_space)
5962 {
5963 int scm_rights_pipe_fd = -1;
5964 struct swrap_unix_scm_rights info;
5965 struct swrap_unix_scm_rights_payload *payload = NULL;
5966 int si_idx_array[SWRAP_MAX_PASSED_FDS];
5967 size_t size_fds_in;
5968 size_t num_fds_in;
5969 union __swrap_fds __fds_in = { .p = NULL, };
5970 const int *fds_in = NULL;
5971 size_t num_fds_out;
5972 size_t size_fds_out;
5973 union __swrap_fds __fds_out = { .p = NULL, };
5974 int *fds_out = NULL;
5975 size_t cmsg_len;
5976 size_t cmsg_space;
5977 size_t new_cm_data_space;
5978 union __swrap_cmsghdr __new_cmsg = { .p = NULL, };
5979 struct cmsghdr *new_cmsg = NULL;
5980 uint8_t *p = NULL;
5981 ssize_t sret;
5982 size_t i;
5983 int cmp;
5984
5985 if (cmsg->cmsg_len < CMSG_LEN(0)) {
5986 SWRAP_LOG(SWRAP_LOG_ERROR,
5987 "cmsg->cmsg_len=%zu < CMSG_LEN(0)=%zu",
5988 (size_t)cmsg->cmsg_len,
5989 CMSG_LEN(0));
5990 errno = EINVAL;
5991 return -1;
5992 }
5993 size_fds_in = cmsg->cmsg_len - CMSG_LEN(0);
5994 if ((size_fds_in % sizeof(int)) != 0) {
5995 SWRAP_LOG(SWRAP_LOG_ERROR,
5996 "cmsg->cmsg_len=%zu => (size_fds_in=%zu %% sizeof(int)=%zu) != 0",
5997 (size_t)cmsg->cmsg_len,
5998 size_fds_in,
5999 sizeof(int));
6000 errno = EINVAL;
6001 return -1;
6002 }
6003 num_fds_in = size_fds_in / sizeof(int);
6004 if (num_fds_in > (SWRAP_MAX_PASSED_FDS + 1)) {
6005 SWRAP_LOG(SWRAP_LOG_ERROR,
6006 "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
6007 "num_fds_in=%zu > SWRAP_MAX_PASSED_FDS+1(%zu)",
6008 (size_t)cmsg->cmsg_len,
6009 size_fds_in,
6010 num_fds_in,
6011 SWRAP_MAX_PASSED_FDS+1);
6012 errno = EINVAL;
6013 return -1;
6014 }
6015 if (num_fds_in <= 1) {
6016 SWRAP_LOG(SWRAP_LOG_ERROR,
6017 "cmsg->cmsg_len=%zu,size_fds_in=%zu => "
6018 "num_fds_in=%zu",
6019 (size_t)cmsg->cmsg_len,
6020 size_fds_in,
6021 num_fds_in);
6022 errno = EINVAL;
6023 return -1;
6024 }
6025 __fds_in.p = CMSG_DATA(cmsg);
6026 fds_in = __fds_in.fds;
6027 num_fds_out = num_fds_in - 1;
6028
6029 SWRAP_LOG(SWRAP_LOG_TRACE,
6030 "num_fds_in=%zu num_fds_out=%zu",
6031 num_fds_in, num_fds_out);
6032
6033 for (i = 0; i < num_fds_in; i++) {
6034 /* Check if we have a stale fd and remove it */
6035 swrap_remove_stale(fds_in[i]);
6036 }
6037
6038 scm_rights_pipe_fd = fds_in[num_fds_out];
6039 size_fds_out = sizeof(int) * num_fds_out;
6040 cmsg_len = CMSG_LEN(size_fds_out);
6041 cmsg_space = CMSG_SPACE(size_fds_out);
6042
6043 new_cm_data_space = *cm_data_space + cmsg_space;
6044
6045 p = realloc((*cm_data), new_cm_data_space);
6046 if (p == NULL) {
6047 swrap_close_fd_array(num_fds_in, fds_in);
6048 return -1;
6049 }
6050 (*cm_data) = p;
6051 p = (*cm_data) + (*cm_data_space);
6052 memset(p, 0, cmsg_space);
6053 __new_cmsg.p = p;
6054 new_cmsg = __new_cmsg.cmsg;
6055 *new_cmsg = *cmsg;
6056 __fds_out.p = CMSG_DATA(new_cmsg);
6057 fds_out = __fds_out.fds;
6058 memcpy(fds_out, fds_in, size_fds_out);
6059 new_cmsg->cmsg_len = cmsg_len;
6060
6061 sret = read(scm_rights_pipe_fd, &info, sizeof(info));
6062 if (sret != sizeof(info)) {
6063 int saved_errno = errno;
6064 if (sret != -1) {
6065 saved_errno = EINVAL;
6066 }
6067 SWRAP_LOG(SWRAP_LOG_ERROR,
6068 "read() failed - sret=%zd - %d %s",
6069 sret, saved_errno,
6070 strerror(saved_errno));
6071 swrap_close_fd_array(num_fds_in, fds_in);
6072 errno = saved_errno;
6073 return -1;
6074 }
6075 libc_close(scm_rights_pipe_fd);
6076 payload = &info.payload;
6077
6078 if (info.magic != swrap_unix_scm_right_magic) {
6079 SWRAP_LOG(SWRAP_LOG_ERROR,
6080 "info.magic=0x%llx != swrap_unix_scm_right_magic=0x%llx",
6081 (unsigned long long)info.magic,
6082 (unsigned long long)swrap_unix_scm_right_magic);
6083 swrap_close_fd_array(num_fds_out, fds_out);
6084 errno = EINVAL;
6085 return -1;
6086 }
6087
6088 cmp = memcmp(info.package_name,
6089 SOCKET_WRAPPER_PACKAGE,
6090 sizeof(info.package_name));
6091 if (cmp != 0) {
6092 SWRAP_LOG(SWRAP_LOG_ERROR,
6093 "info.package_name='%.*s' != '%s'",
6094 (int)sizeof(info.package_name),
6095 info.package_name,
6096 SOCKET_WRAPPER_PACKAGE);
6097 swrap_close_fd_array(num_fds_out, fds_out);
6098 errno = EINVAL;
6099 return -1;
6100 }
6101
6102 cmp = memcmp(info.package_version,
6103 SOCKET_WRAPPER_VERSION,
6104 sizeof(info.package_version));
6105 if (cmp != 0) {
6106 SWRAP_LOG(SWRAP_LOG_ERROR,
6107 "info.package_version='%.*s' != '%s'",
6108 (int)sizeof(info.package_version),
6109 info.package_version,
6110 SOCKET_WRAPPER_VERSION);
6111 swrap_close_fd_array(num_fds_out, fds_out);
6112 errno = EINVAL;
6113 return -1;
6114 }
6115
6116 if (info.full_size != sizeof(info)) {
6117 SWRAP_LOG(SWRAP_LOG_ERROR,
6118 "info.full_size=%zu != sizeof(info)=%zu",
6119 (size_t)info.full_size,
6120 sizeof(info));
6121 swrap_close_fd_array(num_fds_out, fds_out);
6122 errno = EINVAL;
6123 return -1;
6124 }
6125
6126 if (info.payload_size != sizeof(info.payload)) {
6127 SWRAP_LOG(SWRAP_LOG_ERROR,
6128 "info.payload_size=%zu != sizeof(info.payload)=%zu",
6129 (size_t)info.payload_size,
6130 sizeof(info.payload));
6131 swrap_close_fd_array(num_fds_out, fds_out);
6132 errno = EINVAL;
6133 return -1;
6134 }
6135
6136 if (payload->num_idxs != num_fds_out) {
6137 SWRAP_LOG(SWRAP_LOG_ERROR,
6138 "info.num_idxs=%u != num_fds_out=%zu",
6139 payload->num_idxs, num_fds_out);
6140 swrap_close_fd_array(num_fds_out, fds_out);
6141 errno = EINVAL;
6142 return -1;
6143 }
6144
6145 for (i = 0; i < num_fds_out; i++) {
6146 size_t j;
6147
6148 si_idx_array[i] = -1;
6149
6150 if (payload->idxs[i] == -1) {
6151 SWRAP_LOG(SWRAP_LOG_TRACE,
6152 "fds_out[%zu]=%d not an inet socket",
6153 i, fds_out[i]);
6154 continue;
6155 }
6156
6157 if (payload->idxs[i] < 0) {
6158 SWRAP_LOG(SWRAP_LOG_ERROR,
6159 "fds_out[%zu]=%d info.idxs[%zu]=%d < 0!",
6160 i, fds_out[i], i, payload->idxs[i]);
6161 swrap_close_fd_array(num_fds_out, fds_out);
6162 errno = EINVAL;
6163 return -1;
6164 }
6165
6166 if (payload->idxs[i] >= payload->num_idxs) {
6167 SWRAP_LOG(SWRAP_LOG_ERROR,
6168 "fds_out[%zu]=%d info.idxs[%zu]=%d >= %u!",
6169 i, fds_out[i], i, payload->idxs[i],
6170 payload->num_idxs);
6171 swrap_close_fd_array(num_fds_out, fds_out);
6172 errno = EINVAL;
6173 return -1;
6174 }
6175
6176 if ((size_t)fds_out[i] >= socket_fds_max) {
6177 SWRAP_LOG(SWRAP_LOG_ERROR,
6178 "The max socket index limit of %zu has been reached, "
6179 "trying to add %d",
6180 socket_fds_max,
6181 fds_out[i]);
6182 swrap_close_fd_array(num_fds_out, fds_out);
6183 errno = EMFILE;
6184 return -1;
6185 }
6186
6187 SWRAP_LOG(SWRAP_LOG_TRACE,
6188 "fds_in[%zu]=%d "
6189 "received as info.idxs[%zu]=%d!",
6190 i, fds_out[i],
6191 i, payload->idxs[i]);
6192
6193 for (j = 0; j < i; j++) {
6194 if (payload->idxs[j] == -1) {
6195 continue;
6196 }
6197 if (payload->idxs[j] == payload->idxs[i]) {
6198 si_idx_array[i] = si_idx_array[j];
6199 }
6200 }
6201 if (si_idx_array[i] == -1) {
6202 const struct socket_info *si = &payload->infos[payload->idxs[i]];
6203
6204 si_idx_array[i] = swrap_add_socket_info(si);
6205 if (si_idx_array[i] == -1) {
6206 int saved_errno = errno;
6207 SWRAP_LOG(SWRAP_LOG_ERROR,
6208 "The max socket index limit of %zu has been reached, "
6209 "trying to add %d",
6210 socket_fds_max,
6211 fds_out[i]);
6212 swrap_undo_si_idx_array(i, si_idx_array);
6213 swrap_close_fd_array(num_fds_out, fds_out);
6214 errno = saved_errno;
6215 return -1;
6216 }
6217 SWRAP_LOG(SWRAP_LOG_TRACE,
6218 "Imported %s socket for protocol %s, fd=%d",
6219 si->family == AF_INET ? "IPv4" : "IPv6",
6220 si->type == SOCK_DGRAM ? "UDP" : "TCP",
6221 fds_out[i]);
6222 }
6223 }
6224
6225 for (i = 0; i < num_fds_out; i++) {
6226 if (si_idx_array[i] == -1) {
6227 continue;
6228 }
6229 set_socket_info_index(fds_out[i], si_idx_array[i]);
6230 }
6231
6232 /* we're done ... */
6233 *cm_data_space = new_cm_data_space;
6234
6235 return 0;
6236 }
6237
6238 static int swrap_recvmsg_unix_sol_socket(struct cmsghdr *cmsg,
6239 uint8_t **cm_data,
6240 size_t *cm_data_space)
6241 {
6242 int rc = -1;
6243
6244 switch (cmsg->cmsg_type) {
6245 case SCM_RIGHTS:
6246 rc = swrap_recvmsg_unix_scm_rights(cmsg,
6247 cm_data,
6248 cm_data_space);
6249 break;
6250 default:
6251 rc = swrap_sendmsg_copy_cmsg(cmsg,
6252 cm_data,
6253 cm_data_space);
6254 break;
6255 }
6256
6257 return rc;
6258 }
6259
6260 #endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
6261
6262 static int swrap_sendmsg_before_unix(const struct msghdr *_msg_in,
6263 struct msghdr *msg_tmp,
6264 int *scm_rights_pipe_fd)
6265 {
6266 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
6267 struct msghdr *msg_in = discard_const_p(struct msghdr, _msg_in);
6268 struct cmsghdr *cmsg = NULL;
6269 uint8_t *cm_data = NULL;
6270 size_t cm_data_space = 0;
6271 int rc = -1;
6272
6273 *msg_tmp = *msg_in;
6274 *scm_rights_pipe_fd = -1;
6275
6276 /* Nothing to do */
6277 if (msg_in->msg_controllen == 0 || msg_in->msg_control == NULL) {
6278 return 0;
6279 }
6280
6281 for (cmsg = CMSG_FIRSTHDR(msg_in);
6282 cmsg != NULL;
6283 cmsg = CMSG_NXTHDR(msg_in, cmsg)) {
6284 switch (cmsg->cmsg_level) {
6285 case SOL_SOCKET:
6286 rc = swrap_sendmsg_unix_sol_socket(cmsg,
6287 &cm_data,
6288 &cm_data_space,
6289 scm_rights_pipe_fd);
6290 break;
6291
6292 default:
6293 rc = swrap_sendmsg_copy_cmsg(cmsg,
6294 &cm_data,
6295 &cm_data_space);
6296 break;
6297 }
6298 if (rc < 0) {
6299 int saved_errno = errno;
6300 SAFE_FREE(cm_data);
6301 errno = saved_errno;
6302 return rc;
6303 }
6304 }
6305
6306 msg_tmp->msg_controllen = cm_data_space;
6307 msg_tmp->msg_control = cm_data;
6308
6309 return 0;
6310 #else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
6311 *msg_tmp = *_msg_in;
6312 return 0;
6313 #endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
6314 }
6315
6316 static ssize_t swrap_sendmsg_after_unix(struct msghdr *msg_tmp,
6317 ssize_t ret,
6318 int scm_rights_pipe_fd)
6319 {
6320 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
6321 int saved_errno = errno;
6322 SAFE_FREE(msg_tmp->msg_control);
6323 if (scm_rights_pipe_fd != -1) {
6324 libc_close(scm_rights_pipe_fd);
6325 }
6326 errno = saved_errno;
6327 #endif /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
6328 return ret;
6329 }
6330
6331 static int swrap_recvmsg_before_unix(struct msghdr *msg_in,
6332 struct msghdr *msg_tmp,
6333 uint8_t **tmp_control)
6334 {
6335 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
6336 const size_t cm_extra_space = CMSG_SPACE(sizeof(int));
6337 uint8_t *cm_data = NULL;
6338 size_t cm_data_space = 0;
6339
6340 *msg_tmp = *msg_in;
6341 *tmp_control = NULL;
6342
6343 SWRAP_LOG(SWRAP_LOG_TRACE,
6344 "msg_in->msg_controllen=%zu",
6345 (size_t)msg_in->msg_controllen);
6346
6347 /* Nothing to do */
6348 if (msg_in->msg_controllen == 0 || msg_in->msg_control == NULL) {
6349 return 0;
6350 }
6351
6352 /*
6353 * We need to give the kernel a bit more space in order
6354 * recv the pipe fd, added by swrap_sendmsg_before_unix()).
6355 * swrap_recvmsg_after_unix() will hide it again.
6356 */
6357 cm_data_space = msg_in->msg_controllen;
6358 if (cm_data_space < (INT32_MAX - cm_extra_space)) {
6359 cm_data_space += cm_extra_space;
6360 }
6361 cm_data = calloc(1, cm_data_space);
6362 if (cm_data == NULL) {
6363 return -1;
6364 }
6365
6366 msg_tmp->msg_controllen = cm_data_space;
6367 msg_tmp->msg_control = cm_data;
6368 *tmp_control = cm_data;
6369
6370 SWRAP_LOG(SWRAP_LOG_TRACE,
6371 "msg_tmp->msg_controllen=%zu",
6372 (size_t)msg_tmp->msg_controllen);
6373 return 0;
6374 #else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
6375 *msg_tmp = *msg_in;
6376 *tmp_control = NULL;
6377 return 0;
6378 #endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
6379 }
6380
6381 static ssize_t swrap_recvmsg_after_unix(struct msghdr *msg_tmp,
6382 uint8_t **tmp_control,
6383 struct msghdr *msg_out,
6384 ssize_t ret)
6385 {
6386 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
6387 struct cmsghdr *cmsg = NULL;
6388 uint8_t *cm_data = NULL;
6389 size_t cm_data_space = 0;
6390 int rc = -1;
6391
6392 if (ret < 0) {
6393 int saved_errno = errno;
6394 SWRAP_LOG(SWRAP_LOG_TRACE, "ret=%zd - %d - %s", ret,
6395 saved_errno, strerror(saved_errno));
6396 SAFE_FREE(*tmp_control);
6397 /* msg_out should not be touched on error */
6398 errno = saved_errno;
6399 return ret;
6400 }
6401
6402 SWRAP_LOG(SWRAP_LOG_TRACE,
6403 "msg_tmp->msg_controllen=%zu",
6404 (size_t)msg_tmp->msg_controllen);
6405
6406 /* Nothing to do */
6407 if (msg_tmp->msg_controllen == 0 || msg_tmp->msg_control == NULL) {
6408 int saved_errno = errno;
6409 *msg_out = *msg_tmp;
6410 SAFE_FREE(*tmp_control);
6411 errno = saved_errno;
6412 return ret;
6413 }
6414
6415 for (cmsg = CMSG_FIRSTHDR(msg_tmp);
6416 cmsg != NULL;
6417 cmsg = CMSG_NXTHDR(msg_tmp, cmsg)) {
6418 switch (cmsg->cmsg_level) {
6419 case SOL_SOCKET:
6420 rc = swrap_recvmsg_unix_sol_socket(cmsg,
6421 &cm_data,
6422 &cm_data_space);
6423 break;
6424
6425 default:
6426 rc = swrap_sendmsg_copy_cmsg(cmsg,
6427 &cm_data,
6428 &cm_data_space);
6429 break;
6430 }
6431 if (rc < 0) {
6432 int saved_errno = errno;
6433 SAFE_FREE(cm_data);
6434 SAFE_FREE(*tmp_control);
6435 errno = saved_errno;
6436 return rc;
6437 }
6438 }
6439
6440 /*
6441 * msg_tmp->msg_control (*tmp_control) was created by
6442 * swrap_recvmsg_before_unix() and msg_out->msg_control
6443 * is still the buffer of the caller.
6444 */
6445 msg_tmp->msg_control = msg_out->msg_control;
6446 msg_tmp->msg_controllen = msg_out->msg_controllen;
6447 *msg_out = *msg_tmp;
6448
6449 cm_data_space = MIN(cm_data_space, msg_out->msg_controllen);
6450 memcpy(msg_out->msg_control, cm_data, cm_data_space);
6451 msg_out->msg_controllen = cm_data_space;
6452 SAFE_FREE(cm_data);
6453 SAFE_FREE(*tmp_control);
6454
6455 SWRAP_LOG(SWRAP_LOG_TRACE,
6456 "msg_out->msg_controllen=%zu",
6457 (size_t)msg_out->msg_controllen);
6458 return ret;
6459 #else /* HAVE_STRUCT_MSGHDR_MSG_CONTROL */
6460 int saved_errno = errno;
6461 *msg_out = *msg_tmp;
6462 SAFE_FREE(*tmp_control);
6463 errno = saved_errno;
6464 return ret;
6465 #endif /* ! HAVE_STRUCT_MSGHDR_MSG_CONTROL */
6466 }
6467
6468 static ssize_t swrap_sendmsg_before(int fd,
6469 struct socket_info *si,
6470 struct msghdr *msg,
6471 struct iovec *tmp_iov,
6472 struct sockaddr_un *tmp_un,
6473 const struct sockaddr_un **to_un,
6474 const struct sockaddr **to,
6475 int *bcast)
6476 {
6477 size_t i, len = 0;
6478 ssize_t ret = -1;
6479 struct swrap_sockaddr_buf buf = {};
6480
6481 if (to_un) {
6482 *to_un = NULL;
6483 }
6484 if (to) {
6485 *to = NULL;
6486 }
6487 if (bcast) {
6488 *bcast = 0;
6489 }
6490
6491 SWRAP_LOCK_SI(si);
6492
6493 switch (si->type) {
6494 case SOCK_STREAM: {
6495 unsigned long mtu;
6496
6497 if (!si->connected) {
6498 errno = ENOTCONN;
6499 goto out;
6500 }
6501
6502 if (msg->msg_iovlen == 0) {
6503 break;
6504 }
6505
6506 mtu = socket_wrapper_mtu();
6507 for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
6508 size_t nlen;
6509 nlen = len + msg->msg_iov[i].iov_len;
6510 if (nlen < len) {
6511 /* overflow */
6512 errno = EMSGSIZE;
6513 goto out;
6514 }
6515 if (nlen > mtu) {
6516 break;
6517 }
6518 }
6519 msg->msg_iovlen = i;
6520 if (msg->msg_iovlen == 0) {
6521 *tmp_iov = msg->msg_iov[0];
6522 tmp_iov->iov_len = MIN((size_t)tmp_iov->iov_len,
6523 (size_t)mtu);
6524 msg->msg_iov = tmp_iov;
6525 msg->msg_iovlen = 1;
6526 }
6527 break;
6528 }
6529 case SOCK_DGRAM:
6530 if (si->connected) {
6531 if (msg->msg_name != NULL) {
6532 /*
6533 * We are dealing with unix sockets and if we
6534 * are connected, we should only talk to the
6535 * connected unix path. Using the fd to send
6536 * to another server would be hard to achieve.
6537 */
6538 msg->msg_name = NULL;
6539 msg->msg_namelen = 0;
6540 }
6541 SWRAP_LOG(SWRAP_LOG_TRACE,
6542 "connected(%s) fd=%d",
6543 swrap_sockaddr_string(&buf, &si->peername.sa.s),
6544 fd);
6545 } else {
6546 const struct sockaddr *msg_name;
6547 msg_name = (const struct sockaddr *)msg->msg_name;
6548
6549 if (msg_name == NULL) {
6550 errno = ENOTCONN;
6551 goto out;
6552 }
6553
6554
6555 ret = sockaddr_convert_to_un(si, msg_name, msg->msg_namelen,
6556 tmp_un, 0, bcast);
6557 if (ret == -1) {
6558 goto out;
6559 }
6560
6561 if (to_un) {
6562 *to_un = tmp_un;
6563 }
6564 if (to) {
6565 *to = msg_name;
6566 }
6567 msg->msg_name = tmp_un;
6568 msg->msg_namelen = sizeof(*tmp_un);
6569 }
6570
6571 if (si->bound == 0) {
6572 ret = swrap_auto_bind(fd, si, si->family);
6573 if (ret == -1) {
6574 SWRAP_UNLOCK_SI(si);
6575 if (errno == ENOTSOCK) {
6576 swrap_remove_stale(fd);
6577 ret = -ENOTSOCK;
6578 } else {
6579 SWRAP_LOG(SWRAP_LOG_ERROR, "swrap_sendmsg_before failed");
6580 }
6581 return ret;
6582 }
6583 }
6584
6585 if (!si->defer_connect) {
6586 break;
6587 }
6588
6589 ret = sockaddr_convert_to_un(si,
6590 &si->peername.sa.s,
6591 si->peername.sa_socklen,
6592 tmp_un,
6593 0,
6594 NULL);
6595 if (ret == -1) {
6596 goto out;
6597 }
6598
6599 SWRAP_LOG(SWRAP_LOG_TRACE,
6600 "deferred connect(%s) path=%s, fd=%d",
6601 swrap_sockaddr_string(&buf, &si->peername.sa.s),
6602 tmp_un->sun_path, fd);
6603
6604 ret = libc_connect(fd,
6605 (struct sockaddr *)(void *)tmp_un,
6606 sizeof(*tmp_un));
6607
6608 /* to give better errors */
6609 if (ret == -1 && errno == ENOENT) {
6610 errno = EHOSTUNREACH;
6611 }
6612
6613 if (ret == -1) {
6614 goto out;
6615 }
6616
6617 si->defer_connect = 0;
6618 break;
6619 default:
6620 errno = EHOSTUNREACH;
6621 goto out;
6622 }
6623
6624 ret = 0;
6625 out:
6626 SWRAP_UNLOCK_SI(si);
6627
6628 return ret;
6629 }
6630
6631 static void swrap_sendmsg_after(int fd,
6632 struct socket_info *si,
6633 struct msghdr *msg,
6634 const struct sockaddr *to,
6635 ssize_t ret)
6636 {
6637 int saved_errno = errno;
6638 size_t i, len = 0;
6639 uint8_t *buf;
6640 off_t ofs = 0;
6641 size_t avail = 0;
6642 size_t remain;
6643
6644 /* to give better errors */
6645 if (ret == -1) {
6646 if (saved_errno == ENOENT) {
6647 saved_errno = EHOSTUNREACH;
6648 } else if (saved_errno == ENOTSOCK) {
6649 /* If the fd is not a socket, remove it */
6650 swrap_remove_stale(fd);
6651 }
6652 }
6653
6654 for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
6655 avail += msg->msg_iov[i].iov_len;
6656 }
6657
6658 if (ret == -1) {
6659 remain = MIN(80, avail);
6660 } else {
6661 remain = ret;
6662 }
6663
6664 /* we capture it as one single packet */
6665 buf = (uint8_t *)malloc(remain);
6666 if (!buf) {
6667 /* we just not capture the packet */
6668 errno = saved_errno;
6669 return;
6670 }
6671
6672 for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
6673 size_t this_time = MIN(remain, (size_t)msg->msg_iov[i].iov_len);
6674 if (this_time > 0) {
6675 memcpy(buf + ofs,
6676 msg->msg_iov[i].iov_base,
6677 this_time);
6678 }
6679 ofs += this_time;
6680 remain -= this_time;
6681 }
6682 len = ofs;
6683
6684 SWRAP_LOCK_SI(si);
6685
6686 switch (si->type) {
6687 case SOCK_STREAM:
6688 if (ret == -1) {
6689 swrap_pcap_dump_packet(si, NULL, SWRAP_SEND, buf, len);
6690 swrap_pcap_dump_packet(si, NULL, SWRAP_SEND_RST, NULL, 0);
6691 } else {
6692 swrap_pcap_dump_packet(si, NULL, SWRAP_SEND, buf, len);
6693 }
6694 break;
6695
6696 case SOCK_DGRAM:
6697 if (si->connected) {
6698 to = &si->peername.sa.s;
6699 }
6700 if (ret == -1) {
6701 swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
6702 swrap_pcap_dump_packet(si, to, SWRAP_SENDTO_UNREACH, buf, len);
6703 } else {
6704 swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
6705 }
6706 break;
6707 }
6708
6709 SWRAP_UNLOCK_SI(si);
6710
6711 free(buf);
6712 errno = saved_errno;
6713 }
6714
6715 static int swrap_recvmsg_before(int fd,
6716 struct socket_info *si,
6717 struct msghdr *msg,
6718 struct iovec *tmp_iov)
6719 {
6720 size_t i, len = 0;
6721 int ret = -1;
6722
6723 SWRAP_LOCK_SI(si);
6724
6725 (void)fd; /* unused */
6726
6727 switch (si->type) {
6728 case SOCK_STREAM: {
6729 unsigned int mtu;
6730 if (!si->connected) {
6731 errno = ENOTCONN;
6732 goto out;
6733 }
6734
6735 if (msg->msg_iovlen == 0) {
6736 break;
6737 }
6738
6739 mtu = socket_wrapper_mtu();
6740 for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
6741 size_t nlen;
6742 nlen = len + msg->msg_iov[i].iov_len;
6743 if (nlen > mtu) {
6744 break;
6745 }
6746 }
6747 msg->msg_iovlen = i;
6748 if (msg->msg_iovlen == 0) {
6749 *tmp_iov = msg->msg_iov[0];
6750 tmp_iov->iov_len = MIN((size_t)tmp_iov->iov_len,
6751 (size_t)mtu);
6752 msg->msg_iov = tmp_iov;
6753 msg->msg_iovlen = 1;
6754 }
6755 break;
6756 }
6757 case SOCK_DGRAM:
6758 if (msg->msg_name == NULL) {
6759 errno = EINVAL;
6760 goto out;
6761 }
6762
6763 if (msg->msg_iovlen == 0) {
6764 break;
6765 }
6766
6767 if (si->bound == 0) {
6768 ret = swrap_auto_bind(fd, si, si->family);
6769 if (ret == -1) {
6770 SWRAP_UNLOCK_SI(si);
6771 /*
6772 * When attempting to read or write to a
6773 * descriptor, if an underlying autobind fails
6774 * because it's not a socket, stop intercepting
6775 * uses of that descriptor.
6776 */
6777 if (errno == ENOTSOCK) {
6778 swrap_remove_stale(fd);
6779 ret = -ENOTSOCK;
6780 } else {
6781 SWRAP_LOG(SWRAP_LOG_ERROR,
6782 "swrap_recvmsg_before failed");
6783 }
6784 return ret;
6785 }
6786 }
6787 break;
6788 default:
6789 errno = EHOSTUNREACH;
6790 goto out;
6791 }
6792
6793 ret = 0;
6794 out:
6795 SWRAP_UNLOCK_SI(si);
6796
6797 return ret;
6798 }
6799
6800 static int swrap_recvmsg_after(int fd,
6801 struct socket_info *si,
6802 struct msghdr *msg,
6803 const struct sockaddr_un *un_addr,
6804 socklen_t un_addrlen,
6805 ssize_t ret)
6806 {
6807 int saved_errno = errno;
6808 size_t i;
6809 uint8_t *buf = NULL;
6810 off_t ofs = 0;
6811 size_t avail = 0;
6812 size_t remain;
6813 int rc;
6814
6815 /* to give better errors */
6816 if (ret == -1) {
6817 if (saved_errno == ENOENT) {
6818 saved_errno = EHOSTUNREACH;
6819 } else if (saved_errno == ENOTSOCK) {
6820 /* If the fd is not a socket, remove it */
6821 swrap_remove_stale(fd);
6822 }
6823 }
6824
6825 for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
6826 avail += msg->msg_iov[i].iov_len;
6827 }
6828
6829 SWRAP_LOCK_SI(si);
6830
6831 /* Convert the socket address before we leave */
6832 if (si->type == SOCK_DGRAM && un_addr != NULL) {
6833 rc = sockaddr_convert_from_un(si,
6834 un_addr,
6835 un_addrlen,
6836 si->family,
6837 msg->msg_name,
6838 &msg->msg_namelen);
6839 if (rc == -1) {
6840 goto done;
6841 }
6842 }
6843
6844 if (avail == 0) {
6845 rc = 0;
6846 goto done;
6847 }
6848
6849 if (ret == -1) {
6850 remain = MIN(80, avail);
6851 } else {
6852 remain = ret;
6853 }
6854
6855 /* we capture it as one single packet */
6856 buf = (uint8_t *)malloc(remain);
6857 if (buf == NULL) {
6858 /* we just not capture the packet */
6859 SWRAP_UNLOCK_SI(si);
6860 errno = saved_errno;
6861 return -1;
6862 }
6863
6864 for (i = 0; i < (size_t)msg->msg_iovlen; i++) {
6865 size_t this_time = MIN(remain, (size_t)msg->msg_iov[i].iov_len);
6866 memcpy(buf + ofs,
6867 msg->msg_iov[i].iov_base,
6868 this_time);
6869 ofs += this_time;
6870 remain -= this_time;
6871 }
6872
6873 switch (si->type) {
6874 case SOCK_STREAM:
6875 if (ret == -1 && saved_errno != EAGAIN && saved_errno != ENOBUFS) {
6876 swrap_pcap_dump_packet(si, NULL, SWRAP_RECV_RST, NULL, 0);
6877 } else if (ret == 0) { /* END OF FILE */
6878 swrap_pcap_dump_packet(si, NULL, SWRAP_RECV_RST, NULL, 0);
6879 } else if (ret > 0) {
6880 swrap_pcap_dump_packet(si, NULL, SWRAP_RECV, buf, ret);
6881 }
6882 break;
6883
6884 case SOCK_DGRAM:
6885 if (ret == -1) {
6886 break;
6887 }
6888
6889 if (un_addr != NULL) {
6890 swrap_pcap_dump_packet(si,
6891 msg->msg_name,
6892 SWRAP_RECVFROM,
6893 buf,
6894 ret);
6895 } else {
6896 swrap_pcap_dump_packet(si,
6897 msg->msg_name,
6898 SWRAP_RECV,
6899 buf,
6900 ret);
6901 }
6902
6903 break;
6904 }
6905
6906 rc = 0;
6907 done:
6908 free(buf);
6909 errno = saved_errno;
6910
6911 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
6912 if (rc == 0 &&
6913 msg->msg_controllen > 0 &&
6914 msg->msg_control != NULL) {
6915 rc = swrap_msghdr_add_socket_info(si, msg);
6916 if (rc < 0) {
6917 SWRAP_UNLOCK_SI(si);
6918 return -1;
6919 }
6920 }
6921 #endif
6922
6923 SWRAP_UNLOCK_SI(si);
6924 return rc;
6925 }
6926
6927 /****************************************************************************
6928 * RECVFROM
6929 ***************************************************************************/
6930
6931 static ssize_t swrap_recvfrom(int s, void *buf, size_t len, int flags,
6932 struct sockaddr *from, socklen_t *fromlen)
6933 {
6934 struct swrap_address from_addr = {
6935 .sa_socklen = sizeof(struct sockaddr_un),
6936 };
6937 ssize_t ret;
6938 struct socket_info *si = find_socket_info(s);
6939 struct swrap_address saddr = {
6940 .sa_socklen = sizeof(struct sockaddr_storage),
6941 };
6942 struct msghdr msg;
6943 struct iovec tmp;
6944 int tret;
6945
6946 if (!si) {
6947 return libc_recvfrom(s,
6948 buf,
6949 len,
6950 flags,
6951 from,
6952 fromlen);
6953 }
6954
6955 tmp.iov_base = buf;
6956 tmp.iov_len = len;
6957
6958 ZERO_STRUCT(msg);
6959 if (from != NULL && fromlen != NULL) {
6960 msg.msg_name = from; /* optional address */
6961 msg.msg_namelen = *fromlen; /* size of address */
6962 } else {
6963 msg.msg_name = &saddr.sa.s; /* optional address */
6964 msg.msg_namelen = saddr.sa_socklen; /* size of address */
6965 }
6966 msg.msg_iov = &tmp; /* scatter/gather array */
6967 msg.msg_iovlen = 1; /* # elements in msg_iov */
6968 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
6969 msg.msg_control = NULL; /* ancillary data, see below */
6970 msg.msg_controllen = 0; /* ancillary data buffer len */
6971 msg.msg_flags = 0; /* flags on received message */
6972 #endif
6973
6974 tret = swrap_recvmsg_before(s, si, &msg, &tmp);
6975 if (tret < 0) {
6976 return -1;
6977 }
6978
6979 buf = msg.msg_iov[0].iov_base;
6980 len = msg.msg_iov[0].iov_len;
6981
6982 ret = libc_recvfrom(s,
6983 buf,
6984 len,
6985 flags,
6986 &from_addr.sa.s,
6987 &from_addr.sa_socklen);
6988 if (ret == -1) {
6989 return ret;
6990 }
6991
6992 tret = swrap_recvmsg_after(s,
6993 si,
6994 &msg,
6995 &from_addr.sa.un,
6996 from_addr.sa_socklen,
6997 ret);
6998 if (tret != 0) {
6999 return tret;
7000 }
7001
7002 if (from != NULL && fromlen != NULL) {
7003 *fromlen = msg.msg_namelen;
7004 }
7005
7006 return ret;
7007 }
7008
7009 #ifdef HAVE_ACCEPT_PSOCKLEN_T
7010 ssize_t recvfrom(int s, void *buf, size_t len, int flags,
7011 struct sockaddr *from, Psocklen_t fromlen)
7012 #else
7013 ssize_t recvfrom(int s, void *buf, size_t len, int flags,
7014 struct sockaddr *from, socklen_t *fromlen)
7015 #endif
7016 {
7017 return swrap_recvfrom(s, buf, len, flags, from, (socklen_t *)fromlen);
7018 }
7019
7020 /****************************************************************************
7021 * SENDTO
7022 ***************************************************************************/
7023
7024 static ssize_t swrap_sendto(int s, const void *buf, size_t len, int flags,
7025 const struct sockaddr *to, socklen_t tolen)
7026 {
7027 struct msghdr msg;
7028 struct iovec tmp;
7029 struct swrap_address un_addr = {
7030 .sa_socklen = sizeof(struct sockaddr_un),
7031 };
7032 const struct sockaddr_un *to_un = NULL;
7033 ssize_t ret;
7034 int rc;
7035 struct socket_info *si = find_socket_info(s);
7036 int bcast = 0;
7037
7038 if (!si) {
7039 return libc_sendto(s, buf, len, flags, to, tolen);
7040 }
7041
7042 tmp.iov_base = discard_const_p(char, buf);
7043 tmp.iov_len = len;
7044
7045 ZERO_STRUCT(msg);
7046 msg.msg_name = discard_const_p(struct sockaddr, to); /* optional address */
7047 msg.msg_namelen = tolen; /* size of address */
7048 msg.msg_iov = &tmp; /* scatter/gather array */
7049 msg.msg_iovlen = 1; /* # elements in msg_iov */
7050 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7051 msg.msg_control = NULL; /* ancillary data, see below */
7052 msg.msg_controllen = 0; /* ancillary data buffer len */
7053 msg.msg_flags = 0; /* flags on received message */
7054 #endif
7055
7056 rc = swrap_sendmsg_before(s,
7057 si,
7058 &msg,
7059 &tmp,
7060 &un_addr.sa.un,
7061 &to_un,
7062 &to,
7063 &bcast);
7064 if (rc < 0) {
7065 return -1;
7066 }
7067
7068 buf = msg.msg_iov[0].iov_base;
7069 len = msg.msg_iov[0].iov_len;
7070
7071 if (bcast) {
7072 struct stat st;
7073 unsigned int iface;
7074 unsigned int prt = ntohs(((const struct sockaddr_in *)(const void *)to)->sin_port);
7075 char type;
7076 char *swrap_dir = NULL;
7077
7078 type = SOCKET_TYPE_CHAR_UDP;
7079
7080 swrap_dir = socket_wrapper_dir();
7081 if (swrap_dir == NULL) {
7082 return -1;
7083 }
7084
7085 for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
7086 swrap_un_path(&un_addr.sa.un,
7087 swrap_dir,
7088 type,
7089 iface,
7090 prt);
7091 if (stat(un_addr.sa.un.sun_path, &st) != 0) continue;
7092
7093 /* ignore the any errors in broadcast sends */
7094 libc_sendto(s,
7095 buf,
7096 len,
7097 flags,
7098 &un_addr.sa.s,
7099 un_addr.sa_socklen);
7100 }
7101
7102 SAFE_FREE(swrap_dir);
7103
7104 SWRAP_LOCK_SI(si);
7105
7106 swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
7107
7108 SWRAP_UNLOCK_SI(si);
7109
7110 return len;
7111 }
7112
7113 SWRAP_LOCK_SI(si);
7114 /*
7115 * If it is a dgram socket and we are connected, don't include the
7116 * 'to' address.
7117 */
7118 if (si->type == SOCK_DGRAM && si->connected) {
7119 ret = libc_sendto(s,
7120 buf,
7121 len,
7122 flags,
7123 NULL,
7124 0);
7125 } else {
7126 ret = libc_sendto(s,
7127 buf,
7128 len,
7129 flags,
7130 (struct sockaddr *)msg.msg_name,
7131 msg.msg_namelen);
7132 }
7133
7134 SWRAP_UNLOCK_SI(si);
7135
7136 swrap_sendmsg_after(s, si, &msg, to, ret);
7137
7138 return ret;
7139 }
7140
7141 ssize_t sendto(int s, const void *buf, size_t len, int flags,
7142 const struct sockaddr *to, socklen_t tolen)
7143 {
7144 return swrap_sendto(s, buf, len, flags, to, tolen);
7145 }
7146
7147 /****************************************************************************
7148 * READV
7149 ***************************************************************************/
7150
7151 static ssize_t swrap_recv(int s, void *buf, size_t len, int flags)
7152 {
7153 struct socket_info *si;
7154 struct msghdr msg;
7155 struct swrap_address saddr = {
7156 .sa_socklen = sizeof(struct sockaddr_storage),
7157 };
7158 struct iovec tmp;
7159 ssize_t ret;
7160 int tret;
7161
7162 si = find_socket_info(s);
7163 if (si == NULL) {
7164 return libc_recv(s, buf, len, flags);
7165 }
7166
7167 tmp.iov_base = buf;
7168 tmp.iov_len = len;
7169
7170 ZERO_STRUCT(msg);
7171 msg.msg_name = &saddr.sa.s; /* optional address */
7172 msg.msg_namelen = saddr.sa_socklen; /* size of address */
7173 msg.msg_iov = &tmp; /* scatter/gather array */
7174 msg.msg_iovlen = 1; /* # elements in msg_iov */
7175 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7176 msg.msg_control = NULL; /* ancillary data, see below */
7177 msg.msg_controllen = 0; /* ancillary data buffer len */
7178 msg.msg_flags = 0; /* flags on received message */
7179 #endif
7180
7181 tret = swrap_recvmsg_before(s, si, &msg, &tmp);
7182 if (tret < 0) {
7183 return -1;
7184 }
7185
7186 buf = msg.msg_iov[0].iov_base;
7187 len = msg.msg_iov[0].iov_len;
7188
7189 ret = libc_recv(s, buf, len, flags);
7190
7191 tret = swrap_recvmsg_after(s, si, &msg, NULL, 0, ret);
7192 if (tret != 0) {
7193 return tret;
7194 }
7195
7196 return ret;
7197 }
7198
7199 ssize_t recv(int s, void *buf, size_t len, int flags)
7200 {
7201 return swrap_recv(s, buf, len, flags);
7202 }
7203
7204 /****************************************************************************
7205 * READ
7206 ***************************************************************************/
7207
7208 static ssize_t swrap_read(int s, void *buf, size_t len)
7209 {
7210 struct socket_info *si;
7211 struct msghdr msg;
7212 struct iovec tmp;
7213 struct swrap_address saddr = {
7214 .sa_socklen = sizeof(struct sockaddr_storage),
7215 };
7216 ssize_t ret;
7217 int tret;
7218
7219 si = find_socket_info(s);
7220 if (si == NULL) {
7221 return libc_read(s, buf, len);
7222 }
7223
7224 tmp.iov_base = buf;
7225 tmp.iov_len = len;
7226
7227 ZERO_STRUCT(msg);
7228 msg.msg_name = &saddr.sa.ss; /* optional address */
7229 msg.msg_namelen = saddr.sa_socklen; /* size of address */
7230 msg.msg_iov = &tmp; /* scatter/gather array */
7231 msg.msg_iovlen = 1; /* # elements in msg_iov */
7232 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7233 msg.msg_control = NULL; /* ancillary data, see below */
7234 msg.msg_controllen = 0; /* ancillary data buffer len */
7235 msg.msg_flags = 0; /* flags on received message */
7236 #endif
7237
7238 tret = swrap_recvmsg_before(s, si, &msg, &tmp);
7239 if (tret < 0) {
7240 if (tret == -ENOTSOCK) {
7241 return libc_read(s, buf, len);
7242 }
7243 return -1;
7244 }
7245
7246 buf = msg.msg_iov[0].iov_base;
7247 len = msg.msg_iov[0].iov_len;
7248
7249 ret = libc_read(s, buf, len);
7250
7251 tret = swrap_recvmsg_after(s, si, &msg, NULL, 0, ret);
7252 if (tret != 0) {
7253 return tret;
7254 }
7255
7256 return ret;
7257 }
7258
7259 ssize_t read(int s, void *buf, size_t len)
7260 {
7261 return swrap_read(s, buf, len);
7262 }
7263
7264 /****************************************************************************
7265 * WRITE
7266 ***************************************************************************/
7267
7268 static ssize_t swrap_write(int s, const void *buf, size_t len)
7269 {
7270 struct msghdr msg;
7271 struct iovec tmp;
7272 struct sockaddr_un un_addr;
7273 ssize_t ret;
7274 int rc;
7275 struct socket_info *si;
7276
7277 si = find_socket_info(s);
7278 if (si == NULL) {
7279 return libc_write(s, buf, len);
7280 }
7281
7282 tmp.iov_base = discard_const_p(char, buf);
7283 tmp.iov_len = len;
7284
7285 ZERO_STRUCT(msg);
7286 msg.msg_name = NULL; /* optional address */
7287 msg.msg_namelen = 0; /* size of address */
7288 msg.msg_iov = &tmp; /* scatter/gather array */
7289 msg.msg_iovlen = 1; /* # elements in msg_iov */
7290 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7291 msg.msg_control = NULL; /* ancillary data, see below */
7292 msg.msg_controllen = 0; /* ancillary data buffer len */
7293 msg.msg_flags = 0; /* flags on received message */
7294 #endif
7295
7296 rc = swrap_sendmsg_before(s, si, &msg, &tmp, &un_addr, NULL, NULL, NULL);
7297 if (rc < 0) {
7298 return -1;
7299 }
7300
7301 buf = msg.msg_iov[0].iov_base;
7302 len = msg.msg_iov[0].iov_len;
7303
7304 ret = libc_write(s, buf, len);
7305
7306 swrap_sendmsg_after(s, si, &msg, NULL, ret);
7307
7308 return ret;
7309 }
7310
7311 ssize_t write(int s, const void *buf, size_t len)
7312 {
7313 return swrap_write(s, buf, len);
7314 }
7315
7316 /****************************************************************************
7317 * SEND
7318 ***************************************************************************/
7319
7320 static ssize_t swrap_send(int s, const void *buf, size_t len, int flags)
7321 {
7322 struct msghdr msg;
7323 struct iovec tmp;
7324 struct sockaddr_un un_addr;
7325 ssize_t ret;
7326 int rc;
7327 struct socket_info *si = find_socket_info(s);
7328
7329 if (!si) {
7330 return libc_send(s, buf, len, flags);
7331 }
7332
7333 tmp.iov_base = discard_const_p(char, buf);
7334 tmp.iov_len = len;
7335
7336 ZERO_STRUCT(msg);
7337 msg.msg_name = NULL; /* optional address */
7338 msg.msg_namelen = 0; /* size of address */
7339 msg.msg_iov = &tmp; /* scatter/gather array */
7340 msg.msg_iovlen = 1; /* # elements in msg_iov */
7341 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7342 msg.msg_control = NULL; /* ancillary data, see below */
7343 msg.msg_controllen = 0; /* ancillary data buffer len */
7344 msg.msg_flags = 0; /* flags on received message */
7345 #endif
7346
7347 rc = swrap_sendmsg_before(s, si, &msg, &tmp, &un_addr, NULL, NULL, NULL);
7348 if (rc < 0) {
7349 return -1;
7350 }
7351
7352 buf = msg.msg_iov[0].iov_base;
7353 len = msg.msg_iov[0].iov_len;
7354
7355 ret = libc_send(s, buf, len, flags);
7356
7357 swrap_sendmsg_after(s, si, &msg, NULL, ret);
7358
7359 return ret;
7360 }
7361
7362 ssize_t send(int s, const void *buf, size_t len, int flags)
7363 {
7364 return swrap_send(s, buf, len, flags);
7365 }
7366
7367 /****************************************************************************
7368 * RECVMSG
7369 ***************************************************************************/
7370
7371 static ssize_t swrap_recvmsg(int s, struct msghdr *omsg, int flags)
7372 {
7373 struct swrap_address from_addr = {
7374 .sa_socklen = sizeof(struct sockaddr_un),
7375 };
7376 struct swrap_address convert_addr = {
7377 .sa_socklen = sizeof(struct sockaddr_storage),
7378 };
7379 struct socket_info *si;
7380 struct msghdr msg;
7381 struct iovec tmp;
7382 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7383 size_t msg_ctrllen_filled;
7384 size_t msg_ctrllen_left;
7385 #endif
7386
7387 ssize_t ret;
7388 int rc;
7389
7390 si = find_socket_info(s);
7391 if (si == NULL) {
7392 uint8_t *tmp_control = NULL;
7393 rc = swrap_recvmsg_before_unix(omsg, &msg, &tmp_control);
7394 if (rc < 0) {
7395 return rc;
7396 }
7397 ret = libc_recvmsg(s, &msg, flags);
7398 return swrap_recvmsg_after_unix(&msg, &tmp_control, omsg, ret);
7399 }
7400
7401 tmp.iov_base = NULL;
7402 tmp.iov_len = 0;
7403
7404 ZERO_STRUCT(msg);
7405 msg.msg_name = &from_addr.sa; /* optional address */
7406 msg.msg_namelen = from_addr.sa_socklen; /* size of address */
7407 msg.msg_iov = omsg->msg_iov; /* scatter/gather array */
7408 msg.msg_iovlen = omsg->msg_iovlen; /* # elements in msg_iov */
7409 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7410 msg_ctrllen_filled = 0;
7411 msg_ctrllen_left = omsg->msg_controllen;
7412
7413 msg.msg_control = omsg->msg_control; /* ancillary data, see below */
7414 msg.msg_controllen = omsg->msg_controllen; /* ancillary data buffer len */
7415 msg.msg_flags = omsg->msg_flags; /* flags on received message */
7416 #endif
7417
7418 rc = swrap_recvmsg_before(s, si, &msg, &tmp);
7419 if (rc < 0) {
7420 return -1;
7421 }
7422
7423 ret = libc_recvmsg(s, &msg, flags);
7424
7425 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7426 msg_ctrllen_filled += msg.msg_controllen;
7427 msg_ctrllen_left -= msg.msg_controllen;
7428
7429 if (omsg->msg_control != NULL) {
7430 uint8_t *p;
7431
7432 p = omsg->msg_control;
7433 p += msg_ctrllen_filled;
7434
7435 msg.msg_control = p;
7436 msg.msg_controllen = msg_ctrllen_left;
7437 } else {
7438 msg.msg_control = NULL;
7439 msg.msg_controllen = 0;
7440 }
7441 #endif
7442
7443 /*
7444 * We convert the unix address to a IP address so we need a buffer
7445 * which can store the address in case of SOCK_DGRAM, see below.
7446 */
7447 msg.msg_name = &convert_addr.sa;
7448 msg.msg_namelen = convert_addr.sa_socklen;
7449
7450 rc = swrap_recvmsg_after(s,
7451 si,
7452 &msg,
7453 &from_addr.sa.un,
7454 from_addr.sa_socklen,
7455 ret);
7456 if (rc != 0) {
7457 return rc;
7458 }
7459
7460 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7461 if (omsg->msg_control != NULL) {
7462 /* msg.msg_controllen = space left */
7463 msg_ctrllen_left = msg.msg_controllen;
7464 msg_ctrllen_filled = omsg->msg_controllen - msg_ctrllen_left;
7465 }
7466
7467 /* Update the original message length */
7468 omsg->msg_controllen = msg_ctrllen_filled;
7469 omsg->msg_flags = msg.msg_flags;
7470 #endif
7471 omsg->msg_iovlen = msg.msg_iovlen;
7472
7473 SWRAP_LOCK_SI(si);
7474
7475 /*
7476 * From the manpage:
7477 *
7478 * The msg_name field points to a caller-allocated buffer that is
7479 * used to return the source address if the socket is unconnected. The
7480 * caller should set msg_namelen to the size of this buffer before this
7481 * call; upon return from a successful call, msg_name will contain the
7482 * length of the returned address. If the application does not need
7483 * to know the source address, msg_name can be specified as NULL.
7484 */
7485 if (si->type == SOCK_STREAM) {
7486 omsg->msg_namelen = 0;
7487 } else if (omsg->msg_name != NULL &&
7488 omsg->msg_namelen != 0 &&
7489 omsg->msg_namelen >= msg.msg_namelen) {
7490 memcpy(omsg->msg_name, msg.msg_name, msg.msg_namelen);
7491 omsg->msg_namelen = msg.msg_namelen;
7492 }
7493
7494 SWRAP_UNLOCK_SI(si);
7495
7496 return ret;
7497 }
7498
7499 ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags)
7500 {
7501 return swrap_recvmsg(sockfd, msg, flags);
7502 }
7503
7504 /****************************************************************************
7505 * RECVMMSG
7506 ***************************************************************************/
7507
7508 #ifdef HAVE_RECVMMSG
7509 #if defined(HAVE_RECVMMSG_SSIZE_T_CONST_TIMEOUT)
7510 /* FreeBSD */
7511 static ssize_t swrap_recvmmsg(int s, struct mmsghdr *omsgvec, size_t _vlen, int flags, const struct timespec *timeout)
7512 #elif defined(HAVE_RECVMMSG_CONST_TIMEOUT)
7513 /* Linux legacy glibc < 2.21 */
7514 static int swrap_recvmmsg(int s, struct mmsghdr *omsgvec, unsigned int _vlen, int flags, const struct timespec *timeout)
7515 #else
7516 /* Linux glibc >= 2.21 */
7517 static int swrap_recvmmsg(int s, struct mmsghdr *omsgvec, unsigned int _vlen, int flags, struct timespec *timeout)
7518 #endif
7519 {
7520 struct socket_info *si = find_socket_info(s);
7521 #define __SWRAP_RECVMMSG_MAX_VLEN 16
7522 struct mmsghdr msgvec[__SWRAP_RECVMMSG_MAX_VLEN] = {};
7523 struct {
7524 struct iovec iov;
7525 struct swrap_address from_addr;
7526 struct swrap_address convert_addr;
7527 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7528 size_t msg_ctrllen_filled;
7529 size_t msg_ctrllen_left;
7530 #endif
7531 } tmp[__SWRAP_RECVMMSG_MAX_VLEN] = {};
7532 int vlen;
7533 int i;
7534 int ret;
7535 int rc;
7536 int saved_errno;
7537
7538 if (_vlen > __SWRAP_RECVMMSG_MAX_VLEN) {
7539 vlen = __SWRAP_RECVMMSG_MAX_VLEN;
7540 } else {
7541 vlen = _vlen;
7542 }
7543
7544 if (si == NULL) {
7545 uint8_t *tmp_control[__SWRAP_RECVMMSG_MAX_VLEN] = { NULL, };
7546
7547 for (i = 0; i < vlen; i++) {
7548 struct msghdr *omsg = &omsgvec[i].msg_hdr;
7549 struct msghdr *msg = &msgvec[i].msg_hdr;
7550
7551 rc = swrap_recvmsg_before_unix(omsg, msg,
7552 &tmp_control[i]);
7553 if (rc < 0) {
7554 ret = rc;
7555 goto fail_libc;
7556 }
7557 }
7558
7559 ret = libc_recvmmsg(s, msgvec, vlen, flags, timeout);
7560 if (ret < 0) {
7561 goto fail_libc;
7562 }
7563
7564 for (i = 0; i < ret; i++) {
7565 omsgvec[i].msg_len = msgvec[i].msg_len;
7566 }
7567
7568 fail_libc:
7569 saved_errno = errno;
7570 for (i = 0; i < vlen; i++) {
7571 struct msghdr *omsg = &omsgvec[i].msg_hdr;
7572 struct msghdr *msg = &msgvec[i].msg_hdr;
7573
7574 if (i == 0 || i < ret) {
7575 swrap_recvmsg_after_unix(msg, &tmp_control[i], omsg, ret);
7576 }
7577 SAFE_FREE(tmp_control[i]);
7578 }
7579 errno = saved_errno;
7580
7581 return ret;
7582 }
7583
7584 for (i = 0; i < vlen; i++) {
7585 struct msghdr *omsg = &omsgvec[i].msg_hdr;
7586 struct msghdr *msg = &msgvec[i].msg_hdr;
7587
7588 tmp[i].from_addr.sa_socklen = sizeof(struct sockaddr_un);
7589 tmp[i].convert_addr.sa_socklen = sizeof(struct sockaddr_storage);
7590
7591 msg->msg_name = &tmp[i].from_addr.sa; /* optional address */
7592 msg->msg_namelen = tmp[i].from_addr.sa_socklen; /* size of address */
7593 msg->msg_iov = omsg->msg_iov; /* scatter/gather array */
7594 msg->msg_iovlen = omsg->msg_iovlen; /* # elements in msg_iov */
7595 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7596 tmp[i].msg_ctrllen_filled = 0;
7597 tmp[i].msg_ctrllen_left = omsg->msg_controllen;
7598
7599 msg->msg_control = omsg->msg_control; /* ancillary data, see below */
7600 msg->msg_controllen = omsg->msg_controllen; /* ancillary data buffer len */
7601 msg->msg_flags = omsg->msg_flags; /* flags on received message */
7602 #endif
7603
7604 rc = swrap_recvmsg_before(s, si, msg, &tmp[i].iov);
7605 if (rc < 0) {
7606 ret = rc;
7607 goto fail_swrap;
7608 }
7609 }
7610
7611 ret = libc_recvmmsg(s, msgvec, vlen, flags, timeout);
7612 if (ret < 0) {
7613 goto fail_swrap;
7614 }
7615
7616 for (i = 0; i < ret; i++) {
7617 omsgvec[i].msg_len = msgvec[i].msg_len;
7618 }
7619
7620 fail_swrap:
7621
7622 saved_errno = errno;
7623 for (i = 0; i < vlen; i++) {
7624 struct msghdr *omsg = &omsgvec[i].msg_hdr;
7625 struct msghdr *msg = &msgvec[i].msg_hdr;
7626
7627 if (!(i == 0 || i < ret)) {
7628 break;
7629 }
7630
7631 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7632 tmp[i].msg_ctrllen_filled += msg->msg_controllen;
7633 tmp[i].msg_ctrllen_left -= msg->msg_controllen;
7634
7635 if (omsg->msg_control != NULL) {
7636 uint8_t *p;
7637
7638 p = omsg->msg_control;
7639 p += tmp[i].msg_ctrllen_filled;
7640
7641 msg->msg_control = p;
7642 msg->msg_controllen = tmp[i].msg_ctrllen_left;
7643 } else {
7644 msg->msg_control = NULL;
7645 msg->msg_controllen = 0;
7646 }
7647 #endif
7648
7649 /*
7650 * We convert the unix address to a IP address so we need a buffer
7651 * which can store the address in case of SOCK_DGRAM, see below.
7652 */
7653 msg->msg_name = &tmp[i].convert_addr.sa;
7654 msg->msg_namelen = tmp[i].convert_addr.sa_socklen;
7655
7656 swrap_recvmsg_after(s, si, msg,
7657 &tmp[i].from_addr.sa.un,
7658 tmp[i].from_addr.sa_socklen,
7659 ret);
7660
7661 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7662 if (omsg->msg_control != NULL) {
7663 /* msg->msg_controllen = space left */
7664 tmp[i].msg_ctrllen_left = msg->msg_controllen;
7665 tmp[i].msg_ctrllen_filled = omsg->msg_controllen - tmp[i].msg_ctrllen_left;
7666 }
7667
7668 /* Update the original message length */
7669 omsg->msg_controllen = tmp[i].msg_ctrllen_filled;
7670 omsg->msg_flags = msg->msg_flags;
7671 #endif
7672 omsg->msg_iovlen = msg->msg_iovlen;
7673
7674 SWRAP_LOCK_SI(si);
7675
7676 /*
7677 * From the manpage:
7678 *
7679 * The msg_name field points to a caller-allocated buffer that is
7680 * used to return the source address if the socket is unconnected. The
7681 * caller should set msg_namelen to the size of this buffer before this
7682 * call; upon return from a successful call, msg_name will contain the
7683 * length of the returned address. If the application does not need
7684 * to know the source address, msg_name can be specified as NULL.
7685 */
7686 if (si->type == SOCK_STREAM) {
7687 omsg->msg_namelen = 0;
7688 } else if (omsg->msg_name != NULL &&
7689 omsg->msg_namelen != 0 &&
7690 omsg->msg_namelen >= msg->msg_namelen) {
7691 memcpy(omsg->msg_name, msg->msg_name, msg->msg_namelen);
7692 omsg->msg_namelen = msg->msg_namelen;
7693 }
7694
7695 SWRAP_UNLOCK_SI(si);
7696 }
7697 errno = saved_errno;
7698
7699 return ret;
7700 }
7701
7702 #if defined(HAVE_RECVMMSG_SSIZE_T_CONST_TIMEOUT)
7703 /* FreeBSD */
7704 ssize_t recvmmsg(int sockfd, struct mmsghdr *msgvec, size_t vlen, int flags, const struct timespec *timeout)
7705 #elif defined(HAVE_RECVMMSG_CONST_TIMEOUT)
7706 /* Linux legacy glibc < 2.21 */
7707 int recvmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, const struct timespec *timeout)
7708 #else
7709 /* Linux glibc >= 2.21 */
7710 int recvmmsg(int sockfd, struct mmsghdr *msgvec, unsigned int vlen, int flags, struct timespec *timeout)
7711 #endif
7712 {
7713 return swrap_recvmmsg(sockfd, msgvec, vlen, flags, timeout);
7714 }
7715 #endif /* HAVE_RECVMMSG */
7716
7717 /****************************************************************************
7718 * SENDMSG
7719 ***************************************************************************/
7720
7721 static ssize_t swrap_sendmsg(int s, const struct msghdr *omsg, int flags)
7722 {
7723 struct msghdr msg;
7724 struct iovec tmp;
7725 struct sockaddr_un un_addr;
7726 const struct sockaddr_un *to_un = NULL;
7727 const struct sockaddr *to = NULL;
7728 ssize_t ret;
7729 int rc;
7730 struct socket_info *si = find_socket_info(s);
7731 int bcast = 0;
7732
7733 if (!si) {
7734 int scm_rights_pipe_fd = -1;
7735
7736 rc = swrap_sendmsg_before_unix(omsg, &msg,
7737 &scm_rights_pipe_fd);
7738 if (rc < 0) {
7739 return rc;
7740 }
7741 ret = libc_sendmsg(s, &msg, flags);
7742 return swrap_sendmsg_after_unix(&msg, ret, scm_rights_pipe_fd);
7743 }
7744
7745 ZERO_STRUCT(un_addr);
7746
7747 tmp.iov_base = NULL;
7748 tmp.iov_len = 0;
7749
7750 ZERO_STRUCT(msg);
7751
7752 SWRAP_LOCK_SI(si);
7753
7754 if (si->connected == 0) {
7755 msg.msg_name = omsg->msg_name; /* optional address */
7756 msg.msg_namelen = omsg->msg_namelen; /* size of address */
7757 }
7758 msg.msg_iov = omsg->msg_iov; /* scatter/gather array */
7759 msg.msg_iovlen = omsg->msg_iovlen; /* # elements in msg_iov */
7760
7761 SWRAP_UNLOCK_SI(si);
7762
7763 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7764 if (omsg != NULL && omsg->msg_controllen > 0 && omsg->msg_control != NULL) {
7765 uint8_t *cmbuf = NULL;
7766 size_t cmlen = 0;
7767
7768 rc = swrap_sendmsg_filter_cmsghdr(omsg, &cmbuf, &cmlen);
7769 if (rc < 0) {
7770 return rc;
7771 }
7772
7773 if (cmlen == 0) {
7774 msg.msg_controllen = 0;
7775 msg.msg_control = NULL;
7776 } else {
7777 msg.msg_control = cmbuf;
7778 msg.msg_controllen = cmlen;
7779 }
7780 }
7781 msg.msg_flags = omsg->msg_flags; /* flags on received message */
7782 #endif
7783 rc = swrap_sendmsg_before(s, si, &msg, &tmp, &un_addr, &to_un, &to, &bcast);
7784 if (rc < 0) {
7785 int saved_errno = errno;
7786 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7787 SAFE_FREE(msg.msg_control);
7788 #endif
7789 errno = saved_errno;
7790 return -1;
7791 }
7792
7793 if (bcast) {
7794 struct stat st;
7795 unsigned int iface;
7796 unsigned int prt = ntohs(((const struct sockaddr_in *)(const void *)to)->sin_port);
7797 char type;
7798 size_t i, len = 0;
7799 uint8_t *buf;
7800 off_t ofs = 0;
7801 size_t avail = 0;
7802 size_t remain;
7803 char *swrap_dir = NULL;
7804
7805 for (i = 0; i < (size_t)msg.msg_iovlen; i++) {
7806 avail += msg.msg_iov[i].iov_len;
7807 }
7808
7809 len = avail;
7810 remain = avail;
7811
7812 /* we capture it as one single packet */
7813 buf = (uint8_t *)malloc(remain);
7814 if (!buf) {
7815 int saved_errno = errno;
7816 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7817 SAFE_FREE(msg.msg_control);
7818 #endif
7819 errno = saved_errno;
7820 return -1;
7821 }
7822
7823 for (i = 0; i < (size_t)msg.msg_iovlen; i++) {
7824 size_t this_time = MIN(remain, (size_t)msg.msg_iov[i].iov_len);
7825 memcpy(buf + ofs,
7826 msg.msg_iov[i].iov_base,
7827 this_time);
7828 ofs += this_time;
7829 remain -= this_time;
7830 }
7831
7832 type = SOCKET_TYPE_CHAR_UDP;
7833
7834 swrap_dir = socket_wrapper_dir();
7835 if (swrap_dir == NULL) {
7836 int saved_errno = errno;
7837 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7838 SAFE_FREE(msg.msg_control);
7839 #endif
7840 SAFE_FREE(buf);
7841 errno = saved_errno;
7842 return -1;
7843 }
7844
7845 for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
7846 swrap_un_path(&un_addr, swrap_dir, type, iface, prt);
7847 if (stat(un_addr.sun_path, &st) != 0) continue;
7848
7849 msg.msg_name = &un_addr; /* optional address */
7850 msg.msg_namelen = sizeof(un_addr); /* size of address */
7851
7852 /* ignore the any errors in broadcast sends */
7853 libc_sendmsg(s, &msg, flags);
7854 }
7855
7856 SAFE_FREE(swrap_dir);
7857
7858 SWRAP_LOCK_SI(si);
7859
7860 swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
7861 free(buf);
7862
7863 SWRAP_UNLOCK_SI(si);
7864
7865 return len;
7866 }
7867
7868 ret = libc_sendmsg(s, &msg, flags);
7869
7870 swrap_sendmsg_after(s, si, &msg, to, ret);
7871
7872 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7873 {
7874 int saved_errno = errno;
7875 SAFE_FREE(msg.msg_control);
7876 errno = saved_errno;
7877 }
7878 #endif
7879
7880 return ret;
7881 }
7882
7883 ssize_t sendmsg(int s, const struct msghdr *omsg, int flags)
7884 {
7885 return swrap_sendmsg(s, omsg, flags);
7886 }
7887
7888 /****************************************************************************
7889 * SENDMMSG
7890 ***************************************************************************/
7891
7892 #ifdef HAVE_SENDMMSG
7893 #if defined(HAVE_SENDMMSG_SSIZE_T)
7894 /* FreeBSD */
7895 static ssize_t swrap_sendmmsg(int s, struct mmsghdr *omsgvec, size_t _vlen, int flags)
7896 #else
7897 /* Linux */
7898 static int swrap_sendmmsg(int s, struct mmsghdr *omsgvec, unsigned int _vlen, int flags)
7899 #endif
7900 {
7901 struct socket_info *si = find_socket_info(s);
7902 #define __SWRAP_SENDMMSG_MAX_VLEN 16
7903 struct mmsghdr msgvec[__SWRAP_SENDMMSG_MAX_VLEN] = {};
7904 struct {
7905 struct iovec iov;
7906 struct sockaddr_un un_addr;
7907 const struct sockaddr_un *to_un;
7908 const struct sockaddr *to;
7909 int bcast;
7910 } tmp[__SWRAP_SENDMMSG_MAX_VLEN] = {};
7911 int vlen;
7912 int i;
7913 char *swrap_dir = NULL;
7914 int connected = 0;
7915 int found_bcast = 0;
7916 int ret;
7917 int rc;
7918 int saved_errno;
7919
7920 if (_vlen > __SWRAP_SENDMMSG_MAX_VLEN) {
7921 vlen = __SWRAP_SENDMMSG_MAX_VLEN;
7922 } else {
7923 vlen = _vlen;
7924 }
7925
7926 if (!si) {
7927 int scm_rights_pipe_fd[__SWRAP_SENDMMSG_MAX_VLEN];
7928
7929 for (i = 0; i < __SWRAP_SENDMMSG_MAX_VLEN; i++) {
7930 scm_rights_pipe_fd[i] = -1;
7931 }
7932
7933 for (i = 0; i < vlen; i++) {
7934 struct msghdr *omsg = &omsgvec[i].msg_hdr;
7935 struct msghdr *msg = &msgvec[i].msg_hdr;
7936
7937 rc = swrap_sendmsg_before_unix(omsg, msg,
7938 &scm_rights_pipe_fd[i]);
7939 if (rc < 0) {
7940 ret = rc;
7941 goto fail_libc;
7942 }
7943 }
7944
7945 ret = libc_sendmmsg(s, msgvec, vlen, flags);
7946 if (ret < 0) {
7947 goto fail_libc;
7948 }
7949
7950 for (i = 0; i < ret; i++) {
7951 omsgvec[i].msg_len = msgvec[i].msg_len;
7952 }
7953
7954 fail_libc:
7955 saved_errno = errno;
7956 for (i = 0; i < vlen; i++) {
7957 struct msghdr *msg = &msgvec[i].msg_hdr;
7958
7959 swrap_sendmsg_after_unix(msg, ret,
7960 scm_rights_pipe_fd[i]);
7961 }
7962 errno = saved_errno;
7963
7964 return ret;
7965 }
7966
7967 SWRAP_LOCK_SI(si);
7968 connected = si->connected;
7969 SWRAP_UNLOCK_SI(si);
7970
7971 for (i = 0; i < vlen; i++) {
7972 struct msghdr *omsg = &omsgvec[i].msg_hdr;
7973 struct msghdr *msg = &msgvec[i].msg_hdr;
7974
7975 if (connected == 0) {
7976 msg->msg_name = omsg->msg_name; /* optional address */
7977 msg->msg_namelen = omsg->msg_namelen; /* size of address */
7978 }
7979 msg->msg_iov = omsg->msg_iov; /* scatter/gather array */
7980 msg->msg_iovlen = omsg->msg_iovlen; /* # elements in msg_iov */
7981
7982 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
7983 if (omsg->msg_controllen > 0 && omsg->msg_control != NULL) {
7984 uint8_t *cmbuf = NULL;
7985 size_t cmlen = 0;
7986
7987 rc = swrap_sendmsg_filter_cmsghdr(omsg, &cmbuf, &cmlen);
7988 if (rc < 0) {
7989 ret = rc;
7990 goto fail_swrap;
7991 }
7992
7993 if (cmlen != 0) {
7994 msg->msg_control = cmbuf;
7995 msg->msg_controllen = cmlen;
7996 }
7997 }
7998 msg->msg_flags = omsg->msg_flags; /* flags on received message */
7999 #endif
8000
8001 rc = swrap_sendmsg_before(s, si, msg,
8002 &tmp[i].iov,
8003 &tmp[i].un_addr,
8004 &tmp[i].to_un,
8005 &tmp[i].to,
8006 &tmp[i].bcast);
8007 if (rc < 0) {
8008 ret = rc;
8009 goto fail_swrap;
8010 }
8011
8012 if (tmp[i].bcast) {
8013 found_bcast = 1;
8014 }
8015 }
8016
8017 if (found_bcast) {
8018
8019 swrap_dir = socket_wrapper_dir();
8020 if (swrap_dir == NULL) {
8021 ret = -1;
8022 goto fail_swrap;
8023 }
8024
8025 for (i = 0; i < vlen; i++) {
8026 struct msghdr *msg = &msgvec[i].msg_hdr;
8027 struct sockaddr_un *un_addr = &tmp[i].un_addr;
8028 const struct sockaddr *to = tmp[i].to;
8029 struct stat st;
8030 unsigned int iface;
8031 unsigned int prt = ntohs(((const struct sockaddr_in *)(const void *)to)->sin_port);
8032 char type;
8033 size_t l, len = 0;
8034 uint8_t *buf;
8035 off_t ofs = 0;
8036 size_t avail = 0;
8037 size_t remain;
8038
8039 for (l = 0; l < (size_t)msg->msg_iovlen; l++) {
8040 avail += msg->msg_iov[l].iov_len;
8041 }
8042
8043 len = avail;
8044 remain = avail;
8045
8046 /* we capture it as one single packet */
8047 buf = (uint8_t *)malloc(remain);
8048 if (!buf) {
8049 ret = -1;
8050 goto fail_swrap;
8051 }
8052
8053 for (l = 0; l < (size_t)msg->msg_iovlen; l++) {
8054 size_t this_time = MIN(remain, (size_t)msg->msg_iov[l].iov_len);
8055 memcpy(buf + ofs,
8056 msg->msg_iov[l].iov_base,
8057 this_time);
8058 ofs += this_time;
8059 remain -= this_time;
8060 }
8061
8062 type = SOCKET_TYPE_CHAR_UDP;
8063
8064 for(iface=0; iface <= MAX_WRAPPED_INTERFACES; iface++) {
8065 swrap_un_path(un_addr, swrap_dir, type, iface, prt);
8066 if (stat(un_addr->sun_path, &st) != 0) continue;
8067
8068 msg->msg_name = un_addr; /* optional address */
8069 msg->msg_namelen = sizeof(*un_addr); /* size of address */
8070
8071 /*
8072 * ignore the any errors in broadcast sends and
8073 * do a single sendmsg instead of sendmmsg
8074 */
8075 libc_sendmsg(s, msg, flags);
8076 }
8077
8078 SWRAP_LOCK_SI(si);
8079 swrap_pcap_dump_packet(si, to, SWRAP_SENDTO, buf, len);
8080 SWRAP_UNLOCK_SI(si);
8081
8082 SAFE_FREE(buf);
8083
8084 msgvec[i].msg_len = len;
8085 }
8086
8087 ret = vlen;
8088 goto bcast_done;
8089 }
8090
8091 ret = libc_sendmmsg(s, msgvec, vlen, flags);
8092 if (ret < 0) {
8093 goto fail_swrap;
8094 }
8095
8096 bcast_done:
8097 for (i = 0; i < ret; i++) {
8098 omsgvec[i].msg_len = msgvec[i].msg_len;
8099 }
8100
8101 fail_swrap:
8102 saved_errno = errno;
8103 for (i = 0; i < vlen; i++) {
8104 struct msghdr *msg = &msgvec[i].msg_hdr;
8105
8106 if (i == 0 || i < ret) {
8107 swrap_sendmsg_after(s, si, msg, tmp[i].to, ret);
8108 }
8109 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
8110 SAFE_FREE(msg->msg_control);
8111 #endif
8112 }
8113 SAFE_FREE(swrap_dir);
8114 errno = saved_errno;
8115
8116 return ret;
8117 }
8118
8119 #if defined(HAVE_SENDMMSG_SSIZE_T)
8120 /* FreeBSD */
8121 ssize_t sendmmsg(int s, struct mmsghdr *msgvec, size_t vlen, int flags)
8122 #else
8123 /* Linux */
8124 int sendmmsg(int s, struct mmsghdr *msgvec, unsigned int vlen, int flags)
8125 #endif
8126 {
8127 return swrap_sendmmsg(s, msgvec, vlen, flags);
8128 }
8129 #endif /* HAVE_SENDMMSG */
8130
8131 /****************************************************************************
8132 * READV
8133 ***************************************************************************/
8134
8135 static ssize_t swrap_readv(int s, const struct iovec *vector, int count)
8136 {
8137 struct socket_info *si;
8138 struct msghdr msg;
8139 struct iovec tmp;
8140 struct swrap_address saddr = {
8141 .sa_socklen = sizeof(struct sockaddr_storage)
8142 };
8143 ssize_t ret;
8144 int rc;
8145
8146 si = find_socket_info(s);
8147 if (si == NULL) {
8148 return libc_readv(s, vector, count);
8149 }
8150
8151 tmp.iov_base = NULL;
8152 tmp.iov_len = 0;
8153
8154 ZERO_STRUCT(msg);
8155 msg.msg_name = &saddr.sa.s; /* optional address */
8156 msg.msg_namelen = saddr.sa_socklen; /* size of address */
8157 msg.msg_iov = discard_const_p(struct iovec, vector); /* scatter/gather array */
8158 msg.msg_iovlen = count; /* # elements in msg_iov */
8159 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
8160 msg.msg_control = NULL; /* ancillary data, see below */
8161 msg.msg_controllen = 0; /* ancillary data buffer len */
8162 msg.msg_flags = 0; /* flags on received message */
8163 #endif
8164
8165 rc = swrap_recvmsg_before(s, si, &msg, &tmp);
8166 if (rc < 0) {
8167 if (rc == -ENOTSOCK) {
8168 return libc_readv(s, vector, count);
8169 }
8170 return -1;
8171 }
8172
8173 ret = libc_readv(s, msg.msg_iov, msg.msg_iovlen);
8174
8175 rc = swrap_recvmsg_after(s, si, &msg, NULL, 0, ret);
8176 if (rc != 0) {
8177 return rc;
8178 }
8179
8180 return ret;
8181 }
8182
8183 ssize_t readv(int s, const struct iovec *vector, int count)
8184 {
8185 return swrap_readv(s, vector, count);
8186 }
8187
8188 /****************************************************************************
8189 * WRITEV
8190 ***************************************************************************/
8191
8192 static ssize_t swrap_writev(int s, const struct iovec *vector, int count)
8193 {
8194 struct msghdr msg;
8195 struct iovec tmp;
8196 struct sockaddr_un un_addr;
8197 ssize_t ret;
8198 int rc;
8199 struct socket_info *si = find_socket_info(s);
8200
8201 if (!si) {
8202 return libc_writev(s, vector, count);
8203 }
8204
8205 tmp.iov_base = NULL;
8206 tmp.iov_len = 0;
8207
8208 ZERO_STRUCT(msg);
8209 msg.msg_name = NULL; /* optional address */
8210 msg.msg_namelen = 0; /* size of address */
8211 msg.msg_iov = discard_const_p(struct iovec, vector); /* scatter/gather array */
8212 msg.msg_iovlen = count; /* # elements in msg_iov */
8213 #ifdef HAVE_STRUCT_MSGHDR_MSG_CONTROL
8214 msg.msg_control = NULL; /* ancillary data, see below */
8215 msg.msg_controllen = 0; /* ancillary data buffer len */
8216 msg.msg_flags = 0; /* flags on received message */
8217 #endif
8218
8219 rc = swrap_sendmsg_before(s, si, &msg, &tmp, &un_addr, NULL, NULL, NULL);
8220 if (rc < 0) {
8221 if (rc == -ENOTSOCK) {
8222 return libc_readv(s, vector, count);
8223 }
8224 return -1;
8225 }
8226
8227 ret = libc_writev(s, msg.msg_iov, msg.msg_iovlen);
8228
8229 swrap_sendmsg_after(s, si, &msg, NULL, ret);
8230
8231 return ret;
8232 }
8233
8234 ssize_t writev(int s, const struct iovec *vector, int count)
8235 {
8236 return swrap_writev(s, vector, count);
8237 }
8238
8239 /****************************
8240 * CLOSE
8241 ***************************/
8242
8243 static int swrap_remove_wrapper(const char *__func_name,
8244 int (*__close_fd_fn)(int fd),
8245 int fd)
8246 {
8247 struct socket_info *si = NULL;
8248 int si_index;
8249 int ret_errno = errno;
8250 int ret;
8251
8252 swrap_mutex_lock(&socket_reset_mutex);
8253
8254 si_index = find_socket_info_index(fd);
8255 if (si_index == -1) {
8256 swrap_mutex_unlock(&socket_reset_mutex);
8257 return __close_fd_fn(fd);
8258 }
8259
8260 swrap_log(SWRAP_LOG_TRACE, __func_name, "Remove wrapper for fd=%d", fd);
8261 reset_socket_info_index(fd);
8262
8263 si = swrap_get_socket_info(si_index);
8264
8265 swrap_mutex_lock(&first_free_mutex);
8266 SWRAP_LOCK_SI(si);
8267
8268 ret = __close_fd_fn(fd);
8269 if (ret == -1) {
8270 ret_errno = errno;
8271 }
8272
8273 swrap_dec_refcount(si);
8274
8275 if (swrap_get_refcount(si) > 0) {
8276 /* there are still references left */
8277 goto out;
8278 }
8279
8280 if (si->fd_passed) {
8281 goto set_next_free;
8282 }
8283
8284 if (si->myname.sa_socklen > 0 && si->peername.sa_socklen > 0) {
8285 swrap_pcap_dump_packet(si, NULL, SWRAP_CLOSE_SEND, NULL, 0);
8286 }
8287
8288 if (si->myname.sa_socklen > 0 && si->peername.sa_socklen > 0) {
8289 swrap_pcap_dump_packet(si, NULL, SWRAP_CLOSE_RECV, NULL, 0);
8290 swrap_pcap_dump_packet(si, NULL, SWRAP_CLOSE_ACK, NULL, 0);
8291 }
8292
8293 if (si->un_addr.sun_path[0] != '\0') {
8294 unlink(si->un_addr.sun_path);
8295 }
8296
8297 set_next_free:
8298 swrap_set_next_free(si, first_free);
8299 first_free = si_index;
8300
8301 out:
8302 SWRAP_UNLOCK_SI(si);
8303 swrap_mutex_unlock(&first_free_mutex);
8304 swrap_mutex_unlock(&socket_reset_mutex);
8305
8306 errno = ret_errno;
8307 return ret;
8308 }
8309
8310 static int swrap_noop_close(int fd)
8311 {
8312 (void)fd; /* unused */
8313 return 0;
8314 }
8315
8316 static void swrap_remove_stale(int fd)
8317 {
8318 swrap_remove_wrapper(__func__, swrap_noop_close, fd);
8319 }
8320
8321 /*
8322 * This allows socket_wrapper aware applications to
8323 * indicate that the given fd does not belong to
8324 * an inet socket.
8325 *
8326 * We already overload a lot of unrelated functions
8327 * like eventfd(), timerfd_create(), ... in order to
8328 * call swrap_remove_stale() on the returned fd, but
8329 * we'll never be able to handle all possible syscalls.
8330 *
8331 * socket_wrapper_indicate_no_inet_fd() gives them a way
8332 * to do the same.
8333 *
8334 * We don't export swrap_remove_stale() in order to
8335 * make it easier to analyze SOCKET_WRAPPER_DEBUGLEVEL=3
8336 * log files.
8337 */
8338 void socket_wrapper_indicate_no_inet_fd(int fd)
8339 {
8340 swrap_remove_wrapper(__func__, swrap_noop_close, fd);
8341 }
8342
8343 static int swrap_close(int fd)
8344 {
8345 return swrap_remove_wrapper(__func__, libc_close, fd);
8346 }
8347
8348 int close(int fd)
8349 {
8350 return swrap_close(fd);
8351 }
8352
8353 #ifdef HAVE___CLOSE_NOCANCEL
8354
8355 static int swrap___close_nocancel(int fd)
8356 {
8357 return swrap_remove_wrapper(__func__, libc___close_nocancel, fd);
8358 }
8359
8360 int __close_nocancel(int fd);
8361 int __close_nocancel(int fd)
8362 {
8363 return swrap___close_nocancel(fd);
8364 }
8365
8366 #endif /* HAVE___CLOSE_NOCANCEL */
8367
8368 /****************************
8369 * DUP
8370 ***************************/
8371
8372 static int swrap_dup(int fd)
8373 {
8374 struct socket_info *si;
8375 int dup_fd, idx;
8376
8377 idx = find_socket_info_index(fd);
8378 if (idx == -1) {
8379 return libc_dup(fd);
8380 }
8381
8382 si = swrap_get_socket_info(idx);
8383
8384 dup_fd = libc_dup(fd);
8385 if (dup_fd == -1) {
8386 int saved_errno = errno;
8387 errno = saved_errno;
8388 return -1;
8389 }
8390
8391 if ((size_t)dup_fd >= socket_fds_max) {
8392 SWRAP_LOG(SWRAP_LOG_ERROR,
8393 "The max socket index limit of %zu has been reached, "
8394 "trying to add %d",
8395 socket_fds_max,
8396 dup_fd);
8397 libc_close(dup_fd);
8398 errno = EMFILE;
8399 return -1;
8400 }
8401
8402 SWRAP_LOCK_SI(si);
8403
8404 swrap_inc_refcount(si);
8405
8406 SWRAP_UNLOCK_SI(si);
8407
8408 /* Make sure we don't have an entry for the fd */
8409 swrap_remove_stale(dup_fd);
8410
8411 set_socket_info_index(dup_fd, idx);
8412
8413 return dup_fd;
8414 }
8415
8416 int dup(int fd)
8417 {
8418 return swrap_dup(fd);
8419 }
8420
8421 /****************************
8422 * DUP2
8423 ***************************/
8424
8425 static int swrap_dup2(int fd, int newfd)
8426 {
8427 struct socket_info *si;
8428 int dup_fd, idx;
8429
8430 idx = find_socket_info_index(fd);
8431 if (idx == -1) {
8432 return libc_dup2(fd, newfd);
8433 }
8434
8435 si = swrap_get_socket_info(idx);
8436
8437 if (fd == newfd) {
8438 /*
8439 * According to the manpage:
8440 *
8441 * "If oldfd is a valid file descriptor, and newfd has the same
8442 * value as oldfd, then dup2() does nothing, and returns newfd."
8443 */
8444 return newfd;
8445 }
8446
8447 if ((size_t)newfd >= socket_fds_max) {
8448 SWRAP_LOG(SWRAP_LOG_ERROR,
8449 "The max socket index limit of %zu has been reached, "
8450 "trying to add %d",
8451 socket_fds_max,
8452 newfd);
8453 errno = EMFILE;
8454 return -1;
8455 }
8456
8457 if (find_socket_info(newfd)) {
8458 /* dup2() does an implicit close of newfd, which we
8459 * need to emulate */
8460 swrap_close(newfd);
8461 }
8462
8463 dup_fd = libc_dup2(fd, newfd);
8464 if (dup_fd == -1) {
8465 int saved_errno = errno;
8466 errno = saved_errno;
8467 return -1;
8468 }
8469
8470 SWRAP_LOCK_SI(si);
8471
8472 swrap_inc_refcount(si);
8473
8474 SWRAP_UNLOCK_SI(si);
8475
8476 /* Make sure we don't have an entry for the fd */
8477 swrap_remove_stale(dup_fd);
8478
8479 set_socket_info_index(dup_fd, idx);
8480
8481 return dup_fd;
8482 }
8483
8484 int dup2(int fd, int newfd)
8485 {
8486 return swrap_dup2(fd, newfd);
8487 }
8488
8489 /****************************
8490 * FCNTL
8491 ***************************/
8492
8493 static int swrap_vfcntl(int fd, int cmd, va_list va)
8494 {
8495 struct socket_info *si;
8496 int rc, dup_fd, idx;
8497
8498 idx = find_socket_info_index(fd);
8499 if (idx == -1) {
8500 return libc_vfcntl(fd, cmd, va);
8501 }
8502
8503 si = swrap_get_socket_info(idx);
8504
8505 switch (cmd) {
8506 case F_DUPFD:
8507 dup_fd = libc_vfcntl(fd, cmd, va);
8508 if (dup_fd == -1) {
8509 int saved_errno = errno;
8510 errno = saved_errno;
8511 return -1;
8512 }
8513
8514 /* Make sure we don't have an entry for the fd */
8515 swrap_remove_stale(dup_fd);
8516
8517 if ((size_t)dup_fd >= socket_fds_max) {
8518 SWRAP_LOG(SWRAP_LOG_ERROR,
8519 "The max socket index limit of %zu has been reached, "
8520 "trying to add %d",
8521 socket_fds_max,
8522 dup_fd);
8523 libc_close(dup_fd);
8524 errno = EMFILE;
8525 return -1;
8526 }
8527
8528 SWRAP_LOCK_SI(si);
8529
8530 swrap_inc_refcount(si);
8531
8532 SWRAP_UNLOCK_SI(si);
8533
8534
8535 set_socket_info_index(dup_fd, idx);
8536
8537 rc = dup_fd;
8538 break;
8539 default:
8540 rc = libc_vfcntl(fd, cmd, va);
8541 break;
8542 }
8543
8544 return rc;
8545 }
8546
8547 #undef fcntl /* Needed for LFS handling */
8548 int fcntl(int fd, int cmd, ...)
8549 {
8550 va_list va;
8551 int rc;
8552
8553 va_start(va, cmd);
8554
8555 rc = swrap_vfcntl(fd, cmd, va);
8556
8557 va_end(va);
8558
8559 return rc;
8560 }
8561
8562 /****************************
8563 * FCNTL64
8564 ***************************/
8565
8566 #ifdef HAVE_FCNTL64
8567 static int swrap_vfcntl64(int fd, int cmd, va_list va)
8568 {
8569 struct socket_info *si;
8570 int rc, dup_fd, idx;
8571
8572 idx = find_socket_info_index(fd);
8573 if (idx == -1) {
8574 return libc_vfcntl64(fd, cmd, va);
8575 }
8576
8577 si = swrap_get_socket_info(idx);
8578
8579 switch (cmd) {
8580 case F_DUPFD:
8581 dup_fd = libc_vfcntl64(fd, cmd, va);
8582 if (dup_fd == -1) {
8583 int saved_errno = errno;
8584 errno = saved_errno;
8585 return -1;
8586 }
8587
8588 /* Make sure we don't have an entry for the fd */
8589 swrap_remove_stale(dup_fd);
8590
8591 if ((size_t)dup_fd >= socket_fds_max) {
8592 SWRAP_LOG(SWRAP_LOG_ERROR,
8593 "The max socket index limit of %zu has been reached, "
8594 "trying to add %d",
8595 socket_fds_max,
8596 dup_fd);
8597 libc_close(dup_fd);
8598 errno = EMFILE;
8599 return -1;
8600 }
8601
8602 SWRAP_LOCK_SI(si);
8603
8604 swrap_inc_refcount(si);
8605
8606 SWRAP_UNLOCK_SI(si);
8607
8608
8609 set_socket_info_index(dup_fd, idx);
8610
8611 rc = dup_fd;
8612 break;
8613 default:
8614 rc = libc_vfcntl64(fd, cmd, va);
8615 break;
8616 }
8617
8618 return rc;
8619 }
8620
8621 int fcntl64(int fd, int cmd, ...)
8622 {
8623 va_list va;
8624 int rc;
8625
8626 va_start(va, cmd);
8627
8628 rc = swrap_vfcntl64(fd, cmd, va);
8629
8630 va_end(va);
8631
8632 return rc;
8633 }
8634 #endif
8635
8636 /****************************
8637 * EVENTFD
8638 ***************************/
8639
8640 #ifdef HAVE_EVENTFD
8641 static int swrap_eventfd(int count, int flags)
8642 {
8643 int fd;
8644
8645 fd = libc_eventfd(count, flags);
8646 if (fd != -1) {
8647 swrap_remove_stale(fd);
8648 }
8649
8650 return fd;
8651 }
8652
8653 #ifdef HAVE_EVENTFD_UNSIGNED_INT
8654 int eventfd(unsigned int count, int flags)
8655 #else
8656 int eventfd(int count, int flags)
8657 #endif
8658 {
8659 return swrap_eventfd(count, flags);
8660 }
8661 #endif
8662
8663 #ifdef HAVE_PLEDGE
8664 int pledge(const char *promises, const char *paths[])
8665 {
8666 (void)promises; /* unused */
8667 (void)paths; /* unused */
8668
8669 return 0;
8670 }
8671 #endif /* HAVE_PLEDGE */
8672
8673 #ifdef HAVE_SYSCALL
8674 static bool swrap_is_swrap_related_syscall(long int sysno)
8675 {
8676 switch (sysno) {
8677 #ifdef SYS_close
8678 case SYS_close:
8679 return true;
8680 #endif /* SYS_close */
8681
8682 #ifdef SYS_recvmmsg
8683 case SYS_recvmmsg:
8684 return true;
8685 #endif /* SYS_recvmmsg */
8686
8687 #ifdef SYS_sendmmsg
8688 case SYS_sendmmsg:
8689 return true;
8690 #endif /* SYS_sendmmsg */
8691
8692 default:
8693 return false;
8694 }
8695 }
8696
8697 static long int swrap_syscall(long int sysno, va_list vp)
8698 {
8699 long int rc;
8700
8701 switch (sysno) {
8702 #ifdef SYS_close
8703 case SYS_close:
8704 {
8705 int fd = (int)va_arg(vp, int);
8706
8707 SWRAP_LOG(SWRAP_LOG_TRACE,
8708 "calling swrap_close syscall %lu",
8709 sysno);
8710 rc = swrap_close(fd);
8711 }
8712 break;
8713 #endif /* SYS_close */
8714
8715 #ifdef SYS_recvmmsg
8716 case SYS_recvmmsg:
8717 {
8718 int fd = (int)va_arg(vp, int);
8719 struct mmsghdr *msgvec = va_arg(vp, struct mmsghdr *);
8720 unsigned int vlen = va_arg(vp, unsigned int);
8721 int flags = va_arg(vp, int);
8722 struct timespec *timeout = va_arg(vp, struct timespec *);
8723
8724 SWRAP_LOG(SWRAP_LOG_TRACE,
8725 "calling swrap_recvmmsg syscall %lu",
8726 sysno);
8727 rc = swrap_recvmmsg(fd, msgvec, vlen, flags, timeout);
8728 }
8729 break;
8730 #endif /* SYS_recvmmsg */
8731
8732 #ifdef SYS_sendmmsg
8733 case SYS_sendmmsg:
8734 {
8735 int fd = (int)va_arg(vp, int);
8736 struct mmsghdr *msgvec = va_arg(vp, struct mmsghdr *);
8737 unsigned int vlen = va_arg(vp, unsigned int);
8738 int flags = va_arg(vp, int);
8739
8740 SWRAP_LOG(SWRAP_LOG_TRACE,
8741 "calling swrap_sendmmsg syscall %lu",
8742 sysno);
8743 rc = swrap_sendmmsg(fd, msgvec, vlen, flags);
8744 }
8745 break;
8746 #endif /* SYS_sendmmsg */
8747
8748 default:
8749 rc = -1;
8750 errno = ENOSYS;
8751 break;
8752 }
8753
8754 return rc;
8755 }
8756
8757 #ifdef HAVE_SYSCALL_INT
8758 int syscall(int sysno, ...)
8759 #else
8760 long int syscall(long int sysno, ...)
8761 #endif
8762 {
8763 #ifdef HAVE_SYSCALL_INT
8764 int rc;
8765 #else
8766 long int rc;
8767 #endif
8768 va_list va;
8769
8770 va_start(va, sysno);
8771
8772 /*
8773 * JEMALLOC:
8774 *
8775 * This is a workaround to prevent a deadlock in jemalloc calling
8776 * malloc_init() twice. The first allocation call will trigger a
8777 * malloc_init() of jemalloc. The functions calls syscall(SYS_open, ...)
8778 * so it goes to socket or uid wrapper. In this code path we need to
8779 * avoid any allocation calls. This will prevent the deadlock.
8780 */
8781 if (!swrap_handle_syscall) {
8782 rc = libc_vsyscall(sysno, va);
8783 va_end(va);
8784 return rc;
8785 }
8786
8787 /*
8788 * We should only handle the syscall numbers
8789 * we care about...
8790 */
8791 if (!swrap_is_swrap_related_syscall(sysno)) {
8792 /*
8793 * We need to give socket_wrapper a
8794 * chance to take over...
8795 */
8796 if (swrap_uwrap_syscall_valid(sysno)) {
8797 rc = swrap_uwrap_syscall_va(sysno, va);
8798 va_end(va);
8799 return rc;
8800 }
8801
8802 rc = libc_vsyscall(sysno, va);
8803 va_end(va);
8804 return rc;
8805 }
8806
8807 if (!socket_wrapper_enabled()) {
8808 rc = libc_vsyscall(sysno, va);
8809 va_end(va);
8810 return rc;
8811 }
8812
8813 rc = swrap_syscall(sysno, va);
8814 va_end(va);
8815
8816 return rc;
8817 }
8818
8819 /* used by uid_wrapper */
8820 bool socket_wrapper_syscall_valid(long int sysno);
8821 bool socket_wrapper_syscall_valid(long int sysno)
8822 {
8823 if (!swrap_is_swrap_related_syscall(sysno)) {
8824 return false;
8825 }
8826
8827 if (!socket_wrapper_enabled()) {
8828 return false;
8829 }
8830
8831 return true;
8832 }
8833
8834 /* used by uid_wrapper */
8835 long int socket_wrapper_syscall_va(long int sysno, va_list va);
8836 long int socket_wrapper_syscall_va(long int sysno, va_list va)
8837 {
8838 if (!swrap_is_swrap_related_syscall(sysno)) {
8839 errno = ENOSYS;
8840 return -1;
8841 }
8842
8843 if (!socket_wrapper_enabled()) {
8844 return libc_vsyscall(sysno, va);
8845 }
8846
8847 return swrap_syscall(sysno, va);
8848 }
8849 #endif /* HAVE_SYSCALL */
8850
8851 static void swrap_thread_prepare(void)
8852 {
8853 /*
8854 * This function should only be called here!!
8855 *
8856 * We bind all symobls to avoid deadlocks of the fork is
8857 * interrupted by a signal handler using a symbol of this
8858 * library.
8859 */
8860 swrap_bind_symbol_all();
8861
8862 SWRAP_LOCK_ALL;
8863 }
8864
8865 static void swrap_thread_parent(void)
8866 {
8867 SWRAP_UNLOCK_ALL;
8868 }
8869
8870 static void swrap_thread_child(void)
8871 {
8872 SWRAP_REINIT_ALL;
8873 }
8874
8875 /****************************
8876 * CONSTRUCTOR
8877 ***************************/
8878 void swrap_constructor(void)
8879 {
8880 if (PIPE_BUF < sizeof(struct swrap_unix_scm_rights)) {
8881 SWRAP_LOG(SWRAP_LOG_ERROR,
8882 "PIPE_BUF=%zu < "
8883 "sizeof(struct swrap_unix_scm_rights)=%zu\n"
8884 "sizeof(struct swrap_unix_scm_rights_payload)=%zu "
8885 "sizeof(struct socket_info)=%zu",
8886 (size_t)PIPE_BUF,
8887 sizeof(struct swrap_unix_scm_rights),
8888 sizeof(struct swrap_unix_scm_rights_payload),
8889 sizeof(struct socket_info));
8890 exit(-1);
8891 }
8892
8893 SWRAP_REINIT_ALL;
8894
8895 /*
8896 * If we hold a lock and the application forks, then the child
8897 * is not able to unlock the mutex and we are in a deadlock.
8898 * This should prevent such deadlocks.
8899 */
8900 pthread_atfork(&swrap_thread_prepare,
8901 &swrap_thread_parent,
8902 &swrap_thread_child);
8903
8904 /* Let socket_wrapper handle syscall() */
8905 swrap_handle_syscall = true;
8906 }
8907
8908 /****************************
8909 * DESTRUCTOR
8910 ***************************/
8911
8912 /*
8913 * This function is called when the library is unloaded and makes sure that
8914 * sockets get closed and the unix file for the socket are unlinked.
8915 */
8916 void swrap_destructor(void)
8917 {
8918 size_t i;
8919
8920 if (socket_fds_idx != NULL) {
8921 for (i = 0; i < socket_fds_max; ++i) {
8922 if (socket_fds_idx[i] != -1) {
8923 swrap_close(i);
8924 }
8925 }
8926 SAFE_FREE(socket_fds_idx);
8927 }
8928
8929 SAFE_FREE(sockets);
8930
8931 if (swrap.libc.handle != NULL
8932 #ifdef RTLD_NEXT
8933 && swrap.libc.handle != RTLD_NEXT
8934 #endif
8935 ) {
8936 dlclose(swrap.libc.handle);
8937 }
8938 if (swrap.libc.socket_handle
8939 #ifdef RTLD_NEXT
8940 && swrap.libc.socket_handle != RTLD_NEXT
8941 #endif
8942 ) {
8943 dlclose(swrap.libc.socket_handle);
8944 }
8945 }
8946
8947 #if defined(HAVE__SOCKET) && defined(HAVE__CLOSE)
8948 /*
8949 * On FreeBSD 12 (and maybe other platforms)
8950 * system libraries like libresolv prefix there
8951 * syscalls with '_' in order to always use
8952 * the symbols from libc.
8953 *
8954 * In the interaction with resolv_wrapper,
8955 * we need to inject socket wrapper into libresolv,
8956 * which means we need to private all socket
8957 * related syscalls also with the '_' prefix.
8958 *
8959 * This is tested in Samba's 'make test',
8960 * there we noticed that providing '_read',
8961 * '_open' and '_close' would cause errors, which
8962 * means we skip '_read', '_write' and
8963 * all non socket related calls without
8964 * further analyzing the problem.
8965 */
8966 #define SWRAP_SYMBOL_ALIAS(__sym, __aliassym) \
8967 extern typeof(__sym) __aliassym __attribute__ ((alias(#__sym)))
8968
8969 #ifdef HAVE_ACCEPT4
8970 SWRAP_SYMBOL_ALIAS(accept4, _accept4);
8971 #endif
8972 SWRAP_SYMBOL_ALIAS(accept, _accept);
8973 SWRAP_SYMBOL_ALIAS(bind, _bind);
8974 SWRAP_SYMBOL_ALIAS(connect, _connect);
8975 SWRAP_SYMBOL_ALIAS(dup, _dup);
8976 SWRAP_SYMBOL_ALIAS(dup2, _dup2);
8977 SWRAP_SYMBOL_ALIAS(fcntl, _fcntl);
8978 SWRAP_SYMBOL_ALIAS(getpeername, _getpeername);
8979 SWRAP_SYMBOL_ALIAS(getsockname, _getsockname);
8980 SWRAP_SYMBOL_ALIAS(getsockopt, _getsockopt);
8981 SWRAP_SYMBOL_ALIAS(ioctl, _ioctl);
8982 SWRAP_SYMBOL_ALIAS(listen, _listen);
8983 SWRAP_SYMBOL_ALIAS(readv, _readv);
8984 SWRAP_SYMBOL_ALIAS(recv, _recv);
8985 SWRAP_SYMBOL_ALIAS(recvfrom, _recvfrom);
8986 SWRAP_SYMBOL_ALIAS(recvmsg, _recvmsg);
8987 SWRAP_SYMBOL_ALIAS(send, _send);
8988 SWRAP_SYMBOL_ALIAS(sendmsg, _sendmsg);
8989 SWRAP_SYMBOL_ALIAS(sendto, _sendto);
8990 SWRAP_SYMBOL_ALIAS(setsockopt, _setsockopt);
8991 SWRAP_SYMBOL_ALIAS(socket, _socket);
8992 SWRAP_SYMBOL_ALIAS(socketpair, _socketpair);
8993 SWRAP_SYMBOL_ALIAS(writev, _writev);
8994
8995 #endif /* SOCKET_WRAPPER_EXPORT_UNDERSCORE_SYMBOLS */
GSS-enabled samba4