/[svn]/ircd-hybrid/branches/8.2.x/src/s_bsd.c
ViewVC logotype

Contents of /ircd-hybrid/branches/8.2.x/src/s_bsd.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8918 - (show annotations)
Mon Apr 22 09:51:16 2019 UTC (3 years, 3 months ago) by michael
File MIME type: text/x-chdr
File size: 16037 byte(s)
- Should be using monotonic clock almost everywhere now; sort out mixture and misuse of 'firsttime', 'lasttime' and 'since' in the Connection structure

1 /*
2 * ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3 *
4 * Copyright (c) 1997-2019 ircd-hybrid development team
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
19 * USA
20 */
21
22 /*! \file s_bsd.c
23 * \brief Network functions.
24 * \version $Id$
25 */
26
27 #include "stdinc.h"
28 #include <netinet/in_systm.h>
29 #include <netinet/ip.h>
30 #include <netinet/tcp.h>
31 #include "list.h"
32 #include "fdlist.h"
33 #include "s_bsd.h"
34 #include "client.h"
35 #include "dbuf.h"
36 #include "event.h"
37 #include "irc_string.h"
38 #include "ircd.h"
39 #include "listener.h"
40 #include "numeric.h"
41 #include "packet.h"
42 #include "res.h"
43 #include "restart.h"
44 #include "conf.h"
45 #include "log.h"
46 #include "server.h"
47 #include "send.h"
48 #include "memory.h"
49 #include "user.h"
50
51
52 static const char *const comm_err_str[] =
53 {
54 [COMM_OK] = "Comm OK",
55 [COMM_ERR_BIND] = "Error during bind()",
56 [COMM_ERR_TIMEOUT] = "connect timeout",
57 [COMM_ERR_CONNECT] = "Error during connect()",
58 [COMM_ERROR] = "Comm Error"
59 };
60
61 static void comm_connect_callback(fde_t *, int);
62 static void comm_connect_timeout(fde_t *, void *);
63 static void comm_connect_tryconnect(fde_t *, void *);
64
65
66 /* comm_get_sockerr - get the error value from the socket or the current errno
67 *
68 * Get the *real* error from the socket (well try to anyway..).
69 * This may only work when SO_DEBUG is enabled but its worth the
70 * gamble anyway.
71 */
72 int
73 comm_get_sockerr(fde_t *F)
74 {
75 int errtmp = errno;
76 #ifdef SO_ERROR
77 int err = 0;
78 socklen_t len = sizeof(err);
79
80 assert(F);
81 assert(F->flags.open == true);
82
83 if (getsockopt(F->fd, SOL_SOCKET, SO_ERROR, &err, &len) == 0)
84 {
85 if (err)
86 errtmp = err;
87 }
88
89 errno = errtmp;
90 #endif
91 return errtmp;
92 }
93
94 /*
95 * report_error - report an error from an errno.
96 * Record error to log and also send a copy to all *LOCAL* opers online.
97 *
98 * text is a *format* string for outputing error. It must
99 * contain only two '%s', the first will be replaced
100 * by the sockhost from the client_p, and the latter will
101 * be taken from sys_errlist[errno].
102 *
103 * client_p if not NULL, is the *LOCAL* client associated with
104 * the error.
105 *
106 * Cannot use perror() within daemon. stderr is closed in
107 * ircd and cannot be used. And, worse yet, it might have
108 * been reassigned to a normal connection...
109 *
110 * Actually stderr is still there IFF ircd was run with -s --Rodder
111 */
112 void
113 report_error(int level, const char *text, const char *who, int error)
114 {
115 who = (who) ? who : "";
116
117 sendto_realops_flags(UMODE_DEBUG, level, SEND_NOTICE,
118 text, who, strerror(error));
119 ilog(LOG_TYPE_IRCD, text, who, strerror(error));
120 }
121
122 /*
123 * setup_socket()
124 *
125 * Set the socket non-blocking, and other wonderful bits.
126 */
127 static void
128 setup_socket(int fd)
129 {
130 int opt = 1;
131
132 setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &opt, sizeof(opt));
133
134 #ifdef IPTOS_LOWDELAY
135 opt = IPTOS_LOWDELAY;
136 setsockopt(fd, IPPROTO_IP, IP_TOS, &opt, sizeof(opt));
137 #endif
138
139 fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_NONBLOCK);
140 }
141
142 /*
143 * ssl_handshake - let OpenSSL initialize the protocol. Register for
144 * read/write events if necessary.
145 */
146 static void
147 ssl_handshake(fde_t *F, void *data)
148 {
149 struct Client *client_p = data;
150
151 assert(client_p);
152 assert(client_p->connection);
153 assert(client_p->connection->fd);
154 assert(client_p->connection->fd == F);
155
156 tls_handshake_status_t ret = tls_handshake(&F->ssl, TLS_ROLE_SERVER, NULL);
157 if (ret != TLS_HANDSHAKE_DONE)
158 {
159 if ((event_base->time.sec_monotonic - client_p->connection->created_monotonic) > CONNECTTIMEOUT)
160 {
161 exit_client(client_p, "Timeout during TLS handshake");
162 return;
163 }
164
165 switch (ret)
166 {
167 case TLS_HANDSHAKE_WANT_WRITE:
168 comm_setselect(F, COMM_SELECT_WRITE, ssl_handshake, client_p, CONNECTTIMEOUT);
169 return;
170 case TLS_HANDSHAKE_WANT_READ:
171 comm_setselect(F, COMM_SELECT_READ, ssl_handshake, client_p, CONNECTTIMEOUT);
172 return;
173 default:
174 exit_client(client_p, "Error during TLS handshake");
175 return;
176 }
177 }
178
179 comm_settimeout(F, 0, NULL, NULL);
180
181 if (tls_verify_cert(&F->ssl, ConfigServerInfo.message_digest_algorithm, &client_p->certfp) == false)
182 ilog(LOG_TYPE_IRCD, "Client %s!%s@%s gave bad TLS client certificate",
183 client_p->name, client_p->username, client_p->host);
184
185 auth_start(client_p);
186 }
187
188 /*
189 * add_connection - creates a client which has just connected to us on
190 * the given fd. The sockhost field is initialized with the ip# of the host.
191 * An unique id is calculated now, in case it is needed for auth.
192 * The client is sent to the auth module for verification, and not put in
193 * any client list yet.
194 */
195 void
196 add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd)
197 {
198 struct Client *client_p = client_make(NULL);
199
200 client_p->connection->fd = fd_open(fd, true, (listener->flags & LISTENER_SSL) ?
201 "Incoming SSL connection" : "Incoming connection");
202
203 /*
204 * copy address to 'sockhost' as a string, copy it to host too
205 * so we have something valid to put into error messages...
206 */
207 memcpy(&client_p->ip, irn, sizeof(client_p->ip));
208
209 getnameinfo((const struct sockaddr *)&client_p->ip,
210 client_p->ip.ss_len, client_p->sockhost,
211 sizeof(client_p->sockhost), NULL, 0, NI_NUMERICHOST);
212
213 if (client_p->sockhost[0] == ':')
214 {
215 client_p->sockhost[0] = '0';
216 memmove(client_p->sockhost + 1, client_p->sockhost, sizeof(client_p->sockhost) - 1);
217 }
218
219 strlcpy(client_p->host, client_p->sockhost, sizeof(client_p->host));
220
221 client_p->connection->listener = listener;
222 ++listener->ref_count;
223
224 if (listener->flags & LISTENER_SSL)
225 {
226 if (tls_new(&client_p->connection->fd->ssl, fd, TLS_ROLE_SERVER) == false)
227 {
228 SetDead(client_p);
229 exit_client(client_p, "TLS context initialization failed");
230 return;
231 }
232
233 AddFlag(client_p, FLAGS_SSL);
234 ssl_handshake(client_p->connection->fd, client_p);
235 }
236 else
237 auth_start(client_p);
238 }
239
240 /*
241 * stolen from squid - its a neat (but overused! :) routine which we
242 * can use to see whether we can ignore this errno or not. It is
243 * generally useful for non-blocking network IO related errnos.
244 * -- adrian
245 */
246 bool
247 comm_ignore_errno(int ierrno)
248 {
249 switch (ierrno)
250 {
251 case EINPROGRESS:
252 case EWOULDBLOCK:
253 #if EAGAIN != EWOULDBLOCK
254 case EAGAIN:
255 #endif
256 case EALREADY:
257 case EINTR:
258 #ifdef ERESTART
259 case ERESTART:
260 #endif
261 return true;
262 default:
263 return false;
264 }
265 }
266
267 /*
268 * comm_settimeout() - set the socket timeout
269 *
270 * Set the timeout for the fd
271 */
272 void
273 comm_settimeout(fde_t *F, uintmax_t timeout, void (*callback)(fde_t *, void *), void *cbdata)
274 {
275 assert(F);
276 assert(F->flags.open == true);
277
278 F->timeout = event_base->time.sec_monotonic + (timeout / 1000);
279 F->timeout_handler = callback;
280 F->timeout_data = cbdata;
281 }
282
283 /*
284 * comm_setflush() - set a flush function
285 *
286 * A flush function is simply a function called if found during
287 * comm_timeouts(). Its basically a second timeout, except in this case
288 * I'm too lazy to implement multiple timeout functions! :-)
289 * its kinda nice to have it separate, since this is designed for
290 * flush functions, and when comm_close() is implemented correctly
291 * with close functions, we _actually_ don't call comm_close() here ..
292 * -- originally Adrian's notes
293 * comm_close() is replaced with fd_close() in fdlist.c
294 */
295 void
296 comm_setflush(fde_t *F, uintmax_t timeout, void (*callback)(fde_t *, void *), void *cbdata)
297 {
298 assert(F);
299 assert(F->flags.open == true);
300
301 F->flush_timeout = event_base->time.sec_monotonic + (timeout / 1000);
302 F->flush_handler = callback;
303 F->flush_data = cbdata;
304 }
305
306 /*
307 * comm_checktimeouts() - check the socket timeouts
308 *
309 * All this routine does is call the given callback/cbdata, without closing
310 * down the file descriptor. When close handlers have been implemented,
311 * this will happen.
312 */
313 void
314 comm_checktimeouts(void *unused)
315 {
316 void (*hdl)(fde_t *, void *);
317 void *data;
318
319 for (int fd = 0; fd <= highest_fd; ++fd)
320 {
321 fde_t *F = &fd_table[fd];
322
323 if (F->flags.open == false)
324 continue;
325
326 /* check flush functions */
327 if (F->flush_handler && F->flush_timeout > 0 &&
328 F->flush_timeout < event_base->time.sec_monotonic)
329 {
330 hdl = F->flush_handler;
331 data = F->flush_data;
332
333 comm_setflush(F, 0, NULL, NULL);
334 hdl(F, data);
335 }
336
337 /* check timeouts */
338 if (F->timeout_handler && F->timeout > 0 &&
339 F->timeout < event_base->time.sec_monotonic)
340 {
341 /* Call timeout handler */
342 hdl = F->timeout_handler;
343 data = F->timeout_data;
344
345 comm_settimeout(F, 0, NULL, NULL);
346 hdl(F, data);
347 }
348 }
349 }
350
351 /*
352 * void comm_connect_tcp(int fd, const char *host, unsigned short port,
353 * struct sockaddr *clocal, int socklen,
354 * CNCB *callback, void *data, int aftype, int timeout)
355 * Input: An fd to connect with, a host and port to connect to,
356 * a local sockaddr to connect from + length(or NULL to use the
357 * default), a callback, the data to pass into the callback, the
358 * address family.
359 * Output: None.
360 * Side-effects: A non-blocking connection to the host is started, and
361 * if necessary, set up for selection. The callback given
362 * may be called now, or it may be called later.
363 */
364 void
365 comm_connect_tcp(fde_t *F, const struct irc_ssaddr *caddr, unsigned short port, const struct irc_ssaddr *baddr,
366 void (*callback)(fde_t *, int, void *), void *data, uintmax_t timeout)
367 {
368 assert(callback);
369
370 memcpy(&F->connect.hostaddr, caddr, sizeof(F->connect.hostaddr));
371
372 /* The cast is hacky, but safe - port offset is same on v4 and v6 */
373 ((struct sockaddr_in *)&F->connect.hostaddr)->sin_port = htons(port);
374 F->connect.callback = callback;
375 F->connect.data = data;
376
377 /* Note that we're using a passed sockaddr here. This is because
378 * generally you'll be bind()ing to a sockaddr grabbed from
379 * getsockname(), so this makes things easier.
380 * XXX If NULL is passed as local, we should later on bind() to the
381 * virtual host IP, for completeness.
382 * -- adrian
383 */
384 if (baddr && bind(F->fd, (const struct sockaddr *)baddr, baddr->ss_len) < 0)
385 {
386 /* Failure, call the callback with COMM_ERR_BIND */
387 comm_connect_callback(F, COMM_ERR_BIND);
388 return; /* ... and quit */
389 }
390
391 comm_settimeout(F, timeout * 1000, comm_connect_timeout, NULL);
392 comm_connect_tryconnect(F, NULL);
393 }
394
395 /*
396 * comm_connect_callback() - call the callback, and continue with life
397 */
398 static void
399 comm_connect_callback(fde_t *F, int status)
400 {
401 void (*hdl)(fde_t *, int, void *);
402
403 /* This check is gross..but probably necessary */
404 if (F->connect.callback == NULL)
405 return;
406
407 /* Clear the connect flag + handler */
408 hdl = F->connect.callback;
409 F->connect.callback = NULL;
410
411 /* Clear the timeout handler */
412 comm_settimeout(F, 0, NULL, NULL);
413
414 /* Call the handler */
415 hdl(F, status, F->connect.data);
416 }
417
418 /*
419 * comm_connect_timeout() - this gets called when the socket connection
420 * times out. This *only* can be called once connect() is initially
421 * called ..
422 */
423 static void
424 comm_connect_timeout(fde_t *F, void *unused)
425 {
426 /* error! */
427 comm_connect_callback(F, COMM_ERR_TIMEOUT);
428 }
429
430 /* static void comm_connect_tryconnect(fde_t *fd, void *unused)
431 * Input: The fd, the handler data(unused).
432 * Output: None.
433 * Side-effects: Try and connect with pending connect data for the FD. If
434 * we succeed or get a fatal error, call the callback.
435 * Otherwise, it is still blocking or something, so register
436 * to select for a write event on this FD.
437 */
438 static void
439 comm_connect_tryconnect(fde_t *F, void *unused)
440 {
441 /* This check is needed or re-entrant s_bsd_* like sigio break it. */
442 if (F->connect.callback == NULL)
443 return;
444
445 /* Try the connect() */
446 int retval = connect(F->fd, (struct sockaddr *)&F->connect.hostaddr, F->connect.hostaddr.ss_len);
447
448 /* Error? */
449 if (retval < 0)
450 {
451 /*
452 * If we get EISCONN, then we've already connect()ed the socket,
453 * which is a good thing.
454 * -- adrian
455 */
456 if (errno == EISCONN)
457 comm_connect_callback(F, COMM_OK);
458 else if (comm_ignore_errno(errno))
459 /* Ignore error? Reschedule */
460 comm_setselect(F, COMM_SELECT_WRITE, comm_connect_tryconnect, NULL, 0);
461 else
462 /* Error? Fail with COMM_ERR_CONNECT */
463 comm_connect_callback(F, COMM_ERR_CONNECT);
464 return;
465 }
466
467 /* If we get here, we've suceeded, so call with COMM_OK */
468 comm_connect_callback(F, COMM_OK);
469 }
470
471 /*
472 * comm_errorstr() - return an error string for the given error condition
473 */
474 const char *
475 comm_errstr(int error)
476 {
477 if (error < 0 || error >= COMM_ERR_MAX)
478 return "Invalid error number!";
479 return comm_err_str[error];
480 }
481
482 /*
483 * comm_open() - open a socket
484 *
485 * This is a highly highly cut down version of squid's comm_open() which
486 * for the most part emulates socket(), *EXCEPT* it fails if we're about
487 * to run out of file descriptors.
488 */
489 int
490 comm_socket(int family, int sock_type, int proto)
491 {
492 /* First, make sure we aren't going to run out of file descriptors */
493 if (number_fd >= hard_fdlimit)
494 {
495 errno = ENFILE;
496 return -1;
497 }
498
499 /*
500 * Next, we try to open the socket. We *should* drop the reserved FD
501 * limit if/when we get an error, but we can deal with that later.
502 * XXX !!! -- adrian
503 */
504 int fd = socket(family, sock_type, proto);
505 if (fd < 0)
506 return -1; /* errno will be passed through, yay.. */
507
508 setup_socket(fd);
509
510 return fd;
511 }
512
513 /*
514 * comm_accept() - accept an incoming connection
515 *
516 * This is a simple wrapper for accept() which enforces FD limits like
517 * comm_open() does. Returned fd must be either closed or tagged with
518 * fd_open (this function no longer does it).
519 */
520 int
521 comm_accept(fde_t *F, struct irc_ssaddr *addr)
522 {
523 socklen_t addrlen = sizeof(struct irc_ssaddr);
524
525 if (number_fd >= hard_fdlimit)
526 {
527 errno = ENFILE;
528 return -1;
529 }
530
531 memset(addr, 0, sizeof(*addr));
532
533 /*
534 * Next, do the accept(). if we get an error, we should drop the
535 * reserved fd limit, but we can deal with that when comm_open()
536 * also does it. XXX -- adrian
537 */
538 int fd = accept(F->fd, (struct sockaddr *)addr, &addrlen);
539 if (fd < 0)
540 return -1;
541
542 remove_ipv6_mapping(addr);
543
544 setup_socket(fd);
545
546 /* .. and return */
547 return fd;
548 }
549
550 /*
551 * remove_ipv6_mapping() - Removes IPv4-In-IPv6 mapping from an address
552 * OSes with IPv6 mapping listening on both
553 * AF_INET and AF_INET6 map AF_INET connections inside AF_INET6 structures
554 *
555 */
556 void
557 remove_ipv6_mapping(struct irc_ssaddr *addr)
558 {
559 if (addr->ss.ss_family == AF_INET6)
560 {
561 if (IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)addr)->sin6_addr))
562 {
563 struct sockaddr_in6 v6;
564 struct sockaddr_in *v4 = (struct sockaddr_in *)addr;
565
566 memcpy(&v6, addr, sizeof(v6));
567 memset(v4, 0, sizeof(struct sockaddr_in));
568 memcpy(&v4->sin_addr, &v6.sin6_addr.s6_addr[12], sizeof(v4->sin_addr));
569
570 addr->ss.ss_family = AF_INET;
571 addr->ss_len = sizeof(struct sockaddr_in);
572 }
573 else
574 addr->ss_len = sizeof(struct sockaddr_in6);
575 }
576 else
577 addr->ss_len = sizeof(struct sockaddr_in);
578 }

Properties

Name Value
svn:eol-style native
svn:keywords Id

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.28