int setup_tcp_server_socket(const char ip[4], const char ip6[16], u16 port, int backlog) {
char sip[FMT_IP6];
int fd;
fd = socket_tcp6();
if(fd >= 0) {
if(socket_bind6_reuse(fd, ip6, port, 0) == -1) {
close(fd);
fd = socket_tcp();
if(fd >= 0) {
if(-1 == socket_bind4_reuse(fd, ip, port))
ERROR("unable to create server socket: %s", strerror(errno));
else {
fmt_ip4(sip, ip);
DEBUG("bound TCP socket on %s:%hu", sip, port);
}
} else {
ERROR("unable to create TCP socket: %s", strerror(errno));
}
} else {
fmt_ip6(sip, ip6);
DEBUG("bound TCP socket on [%s]:%hu", sip, port);
}
if(socket_listen(fd, backlog) == -1)
ERROR("listen() failed: %s", strerror(errno));
} else {
ERROR("unable to create TCP socket: %s", strerror(errno));
}
return fd;
}
static void handle_reconnects( void ) {
int i;
for( i=0; i<g_connection_count; ++i )
if( PROXYPEER_NEEDSCONNECT( g_connections[i].state ) ) {
int64 newfd = socket_tcp6( );
fprintf( stderr, "(Re)connecting to peer..." );
if( newfd < 0 ) continue; /* No socket for you */
io_fd(newfd);
if( socket_bind6_reuse(newfd,g_serverip,g_serverport,0) ) {
io_close( newfd );
continue;
}
if( socket_connect6(newfd,g_connections[i].ip,g_connections[i].port,0) == -1 &&
errno != EINPROGRESS && errno != EWOULDBLOCK ) {
close(newfd);
continue;
}
io_wantwrite(newfd); /* So we will be informed when it is connected */
io_setcookie(newfd,g_connections+i);
/* Prepare connection info block */
reset_info_block( g_connections+i );
g_connections[i].fd = newfd;
PROXYPEER_SETCONNECTING( g_connections[i].state );
}
g_connection_reconn = time(NULL) + 30;
}
static int64_t ot_try_bind( ot_ip6 ip, uint16_t port ) {
int64 sock = socket_tcp6( );
if( socket_bind6_reuse( sock, ip, port, 0 ) == -1 )
panic( "socket_bind6_reuse" );
if( socket_listen( sock, SOMAXCONN) == -1 )
panic( "socket_listen" );
if( !io_fd( sock ) )
panic( "io_fd" );
io_setcookie( sock, (void*)FLAG_SERVERSOCKET );
io_wantread( sock );
return sock;
}
static int make_connection(char* ip,uint16 port,uint32 scope_id) {
int v6=byte_diff(ip,12,V4mappedprefix);
int s;
if (v6) {
s=socket_tcp6();
if (s==-1)
panic("socket_tcp6()");
ndelay_off(s);
if (bindport) {
for (;;) {
int r=socket_bind6_reuse(s,V6any,bindport,0);
if (++bindport<1024) bindport=1024;
if (r==0) break;
if (errno!=EADDRINUSE)
panic("socket_bind6");
}
}
if (socket_connect6(s,ip,port,scope_id)==-1) {
carp("socket_connect6");
close(s);
return -1;
}
} else {
s=socket_tcp4();
if (s==-1)
panic("socket_tcp4()");
ndelay_off(s);
if (bindport) {
for (;;) {
int r=socket_bind4_reuse(s,V6any,bindport);
if (++bindport<1024) bindport=1024;
if (r==0) break;
if (errno!=EADDRINUSE)
panic("socket_bind4");
}
}
if (socket_connect4(s,ip+12,port)==-1) {
carp("socket_connect4");
close(s);
return -1;
}
}
return s;
}
int main(int argc,char * const *argv) {
const char *hostname;
int opt;
struct servent *se;
char *x;
unsigned long u;
int s;
int t;
io_opt = ssl_io_opt_default;
io_opt.timeout = 3600;
while ((opt = getopt(argc,argv,"46dDvqQhHrR1UXx:t:T:u:g:l:b:B:c:Z:pPoO3IiEeSsaAw:nNyYuUjJ")) != opteof)
switch(opt) {
case 'b': scan_ulong(optarg,&backlog); break;
case 'c': scan_ulong(optarg,&limit); break;
case 'X': flagallownorules = 1; break;
case 'x': fnrules = optarg; break;
case 'B': banner = optarg; break;
case 'd': flagdelay = 1; break;
case 'D': flagdelay = 0; break;
case 'v': verbosity = 2; break;
case 'q': verbosity = 0; break;
case 'Q': verbosity = 1; break;
case 'P': flagparanoid = 0; break;
case 'p': flagparanoid = 1; break;
case 'O': flagkillopts = 1; break;
case 'o': flagkillopts = 0; break;
case 'H': flagremotehost = 0; break;
case 'h': flagremotehost = 1; break;
case 'R': flagremoteinfo = 0; break;
case 'r': flagremoteinfo = 1; break;
case 't': scan_ulong(optarg,&timeout); break;
case 'T': scan_ulong(optarg,&ssltimeout); break;
case 'w': scan_uint(optarg,&io_opt.timeout); break;
case 'U': x = env_get("UID"); if (x) scan_ulong(x,&uid);
x = env_get("GID"); if (x) scan_ulong(x,&gid); break;
case 'u': scan_ulong(optarg,&uid); break;
case 'g': scan_ulong(optarg,&gid); break;
case 'Z': netif=socket_getifidx(optarg); break;
case '1': flag1 = 1; break;
case '4': noipv6 = 1; break;
case '6': forcev6 = 1; break;
case 'l': localhost = optarg; break;
case '3': flag3 = 1; break;
case 'I': flagclientcert = 0; break;
case 'i': flagclientcert = 1; break;
case 'S': flagsslenv = 0; break;
case 's': flagsslenv = 1; break;
case 'E': flagtcpenv = 0; break;
case 'e': flagtcpenv = 1; break;
case 'n': case 'y': flagsslwait = 1; break;
case 'N': case 'Y': flagsslwait = 0; break;
case 'j': io_opt.just_shutdown = 1; break;
case 'J': io_opt.just_shutdown = 0; break;
default: usage();
}
argc -= optind;
argv += optind;
if (!verbosity)
buffer_2->fd = -1;
hostname = *argv++;
if (!hostname) usage();
if (str_equal(hostname,"")) hostname = "0";
x = *argv++;
if (!x) usage();
prog = argv;
if (!*argv) usage();
if (!x[scan_ulong(x,&u)])
localport = u;
else {
se = getservbyname(x,"tcp");
if (!se)
strerr_die3x(111,FATAL,"unable to figure out port number for ",x);
uint16_unpack_big((char*)&se->s_port,&localport);
}
if (x = env_get("VERIFYDEPTH")) {
scan_ulong(x,&u);
verifydepth = u;
}
if (x = env_get("CAFILE")) cafile = x;
if (cafile && str_equal(cafile,"")) cafile = 0;
if (x = env_get("CCAFILE")) ccafile = x;
if (ccafile && str_equal(ccafile,"")) ccafile = 0;
if (!flagclientcert) ccafile = 0;
if (x = env_get("CADIR")) cadir = x;
if (cadir && str_equal(cadir,"")) cadir= 0;
if (x = env_get("CERTFILE")) certfile = x;
if (certfile && str_equal(certfile,"")) certfile = 0;
if (x = env_get("KEYFILE")) keyfile = x;
if (keyfile && str_equal(keyfile,"")) keyfile = 0;
if (x = env_get("DHFILE")) dhfile = x;
if (dhfile && str_equal(dhfile,"")) dhfile = 0;
if (x = env_get("CIPHERS")) ciphers = x;
if (ciphers && str_equal(ciphers,"")) ciphers = 0;
sig_block(sig_child);
sig_catch(sig_child,sigchld);
sig_catch(sig_term,sigterm);
sig_ignore(sig_pipe);
if (str_equal(hostname,"0")) {
byte_zero(localip,sizeof localip);
} else {
if (!stralloc_copys(&tmp,hostname))
strerr_die2x(111,FATAL,"out of memory");
if (dns_ip6_qualify(&addresses,&fqdn,&tmp) == -1)
strerr_die4sys(111,FATAL,"temporarily unable to figure out IP address for ",hostname,": ");
if (addresses.len < 16)
strerr_die3x(111,FATAL,"no IP address for ",hostname);
byte_copy(localip,16,addresses.s);
if (ip6_isv4mapped(localip))
noipv6=1;
}
s = socket_tcp6();
if (s == -1)
strerr_die2sys(111,FATAL,"unable to create socket: ");
if (socket_bind6_reuse(s,localip,localport,netif) == -1)
strerr_die2sys(111,FATAL,"unable to bind: ");
if (socket_local6(s,localip,&localport,&netif) == -1)
strerr_die2sys(111,FATAL,"unable to get local address: ");
if (socket_listen(s,backlog) == -1)
strerr_die2sys(111,FATAL,"unable to listen: ");
ndelay_off(s);
localportstr[fmt_ulong(localportstr,localport)] = 0;
if (flag1) {
buffer_init(&b,buffer_unixwrite,1,bspace,sizeof bspace);
buffer_puts(&b,localportstr);
buffer_puts(&b,"\n");
buffer_flush(&b);
}
if (flag3) read_passwd();
ctx = ssl_server();
ssl_errstr();
if (!ctx) strerr_die2x(111,FATAL,"unable to create SSL context");
switch (ssl_certkey(ctx,certfile,keyfile,passwd_cb)) {
case -1: strerr_die2x(111,FATAL,"unable to load certificate");
case -2: strerr_die2x(111,FATAL,"unable to load key");
case -3: strerr_die2x(111,FATAL,"key does not match certificate");
default: break;
}
if (!ssl_ca(ctx,cafile,cadir,verifydepth))
strerr_die2x(111,FATAL,"unable to load CA list");
if (!ssl_cca(ctx,ccafile))
strerr_die2x(111,FATAL,"unable to load client CA list");
if (!ssl_params(ctx,dhfile,rsalen))
strerr_die2x(111,FATAL,"unable to set cipher parameters");
if (!ssl_ciphers(ctx,ciphers))
strerr_die2x(111,FATAL,"unable to set cipher list");
if (verbosity >= 2) {
strnum[fmt_ulong(strnum,getpid())] = 0;
strnum2[fmt_ulong(strnum2,rsalen)] = 0;
strerr_warn4("sslserver: cafile ",strnum," ",cafile,0);
strerr_warn4("sslserver: ccafile ",strnum," ",ccafile,0);
strerr_warn4("sslserver: cadir ",strnum," ",cadir,0);
strerr_warn4("sslserver: cert ",strnum," ",certfile,0);
strerr_warn4("sslserver: key ",strnum," ",keyfile,0);
strerr_warn6("sslserver: param ",strnum," ",dhfile," ",strnum2,0);
}
close(0); open_read("/dev/null");
close(1); open_append("/dev/null");
printstatus();
for (;;) {
while (numchildren >= limit) sig_pause();
sig_unblock(sig_child);
t = socket_accept6(s,remoteip,&remoteport,&netif);
sig_block(sig_child);
if (t == -1) continue;
++numchildren; printstatus();
switch(fork()) {
case 0:
close(s);
doit(t);
strerr_die4sys(111,DROP,"unable to run ",*argv,": ");
case -1:
strerr_warn2(DROP,"unable to fork: ",&strerr_sys);
--numchildren; printstatus();
}
close(t);
}
}
int main(int argc,char* argv[]) {
int s,t;
uint16 port=2342;
uint32 scope_id=0;
char ip[16];
char buf[8192];
int i;
struct pollfd p[2];
if (argc<3) {
usage:
__write2("usage: server ip port\n\nexample: server 0 8000 | restore x -f -\n");
return 0;
}
if (!strcmp(argv[1],"0"))
byte_zero(ip,16);
else
if (argv[1][i=scan_ip6if(argv[1],ip,&scope_id)]) {
__write2("server: error: invalid ip address!\n");
goto usage;
}
if (argv[2][scan_ushort(argv[2],&port)]) {
__write2("server: error: invalid port number!\n");
goto usage;
}
if (byte_equal(ip,12,V4mappedprefix)) {
s=socket_tcp4b();
if (s==-1) panic("server: error: socket() failed");
if (socket_bind4_reuse(s,ip+12,port)==-1) panic("server: error: bind() failed");
if (socket_listen(s,1)==-1) panic("server: error: listen() failed");
ndelay_off(s);
if ((t=socket_accept4(s,0,0))==-1) panic("server: error: accept() failed");
} else {
s=socket_tcp6b();
if (s==-1) panic("server: error: socket() failed");
if (socket_bind6_reuse(s,ip,port,scope_id)==-1) panic("server: error: bind() failed");
if (socket_listen(s,1)==-1) panic("server: error: listen() failed");
ndelay_off(s);
if ((t=socket_accept6(s,0,0,0))==-1) panic("server: error: accept() failed");
}
close(s);
p[0].fd=0; p[0].events=POLLIN;
p[1].fd=t; p[1].events=POLLIN;
while (poll(p,2,5000)) {
if (p[0].revents) {
int j;
if (p[0].revents&POLLERR)
panic("server: error: poll() signals POLLERR\n");
i=read(0,buf,sizeof(buf));
if (i==0) { shutdown(t,SHUT_WR); blockingcopy(t,1); }
for (j=0; j<i; ) {
int k=write(t,buf+j,i-j);
if (k==-1) panic("server: error: write() failed");
if (k==0) panic("server: error: short write!\n");
j+=k;
}
}
if (p[1].revents) {
int j;
if (p[1].revents&POLLERR)
panic("server: error: poll() signals POLLERR\n");
i=read(t,buf,sizeof(buf));
if (i==0) { shutdown(1,SHUT_WR); blockingcopy(0,t); }
for (j=0; j<i; ) {
int k=write(1,buf+j,i-j);
if (k==-1) panic("server: error: write() failed");
if (k==0) panic("server: error: short write!\n");
j+=k;
}
}
}
return 0;
}
int
main(int argc, char* argv[]) {
int s = socket_tcp6();
uint32 scope_id;
char ip[16];
uint16 port;
char hisip[16];
uint16 hisport;
uint32 hisscope_id;
static char seed[128];
static stralloc fqdn;
static stralloc out;
if(argc != 4) {
usage:
buffer_putsflush(buffer_2,
"usage: proxy myip myport hisip hisport\n"
"\n"
"e.g.: proxy 0 119 news.fu-berlin.de 119\n");
return 0;
}
if(argv[1][scan_ip6if(argv[1], ip, &scope_id)]) {
if(str_equal(argv[1], "0")) {
byte_zero(ip, 16);
scope_id = 0;
} else
goto usage;
}
if(argv[2][scan_ushort(argv[2], &port)])
goto usage;
if(argv[3][scan_ip6if(argv[3], hisip, &hisscope_id)]) {
dns_random_init(seed);
if(!stralloc_copys(&fqdn, argv[3]))
goto nomem;
if(dns_ip4(&out, &fqdn) == -1) {
buffer_puts(buffer_2, "unable to find IP address for ");
buffer_puts(buffer_2, argv[3]);
buffer_puts(buffer_2, ": ");
buffer_puterror(buffer_2);
buffer_putnlflush(buffer_2);
return 111;
}
} else if(!stralloc_catb(&out, hisip, 16)) {
nomem:
buffer_putsflush(buffer_2, "out of memory\n");
return 111;
}
if(argv[4][scan_ushort(argv[4], &hisport)])
goto usage;
if(socket_bind6_reuse(s, ip, port, scope_id) == -1) {
buffer_puts(buffer_2, "socket_bind6_reuse: ");
buffer_puterror(buffer_2);
buffer_putnlflush(buffer_2);
return 111;
}
if(socket_listen(s, 16) == -1) {
buffer_puts(buffer_2, "socket_listen: ");
buffer_puterror(buffer_2);
buffer_putnlflush(buffer_2);
return 111;
}
if(!io_fd(s)) {
buffer_puts(buffer_2, "io_fd: ");
buffer_puterror(buffer_2);
buffer_putnlflush(buffer_2);
return 111;
}
io_wantread(s);
for(;;) {
int64 i;
io_wait();
while((i = io_canread()) != -1) {
if(i == s) {
/* the read event is on the server socket */
/* that means it's an incoming connection */
int n;
while((n = socket_accept6(s, ip, &port, &scope_id)) != -1) {
int x = socket_tcp6();
if(x == -1) {
buffer_puts(buffer_2, "socket_tcp6 failed: ");
fail:
buffer_puterror(buffer_2);
buffer_putnlflush(buffer_2);
io_close(n);
} else {
struct state* s = malloc(sizeof(struct state));
if(!s)
goto closefail;
s->a = n;
s->b = x;
s->connected = 0;
s->done = s->todo = 0;
s->dir = UNDECIDED;
io_nonblock(x);
socket_connect6(x, out.s, hisport, hisscope_id);
if(!io_fd(x) || !io_fd(n)) {
buffer_puts(buffer_2, "io_fd failed: ");
closefail:
free(s);
io_close(x);
goto fail;
}
io_setcookie(x, s);
io_setcookie(n, s);
io_wantwrite(x);
}
}
if(errno != EAGAIN) {
buffer_puts(buffer_2, "socket_accept6 failed: ");
buffer_puterror(buffer_2);
buffer_putnlflush(buffer_2);
}
} else {
/* read event on an established connection */
struct state* s = io_getcookie(i);
int l = io_tryread(i, s->buf, sizeof(s->buf));
if(l == -1) {
buffer_puts(buffer_2, "io_tryread(");
buffer_putulong(buffer_2, i);
buffer_puts(buffer_2, "): ");
buffer_puterror(buffer_2);
buffer_putnlflush(buffer_2);
io_close(s->a);
io_close(s->b);
} else if(l == 0) {
buffer_puts(buffer_2, "eof on fd #");
buffer_putulong(buffer_2, i);
buffer_putnlflush(buffer_2);
io_close(i);
} else {
int r;
switch(r = io_trywrite(i, s->buf, l)) {
case -1:
buffer_puts(buffer_2, "io_tryread(");
buffer_putulong(buffer_2, i);
buffer_puts(buffer_2, "): ");
buffer_puterror(buffer_2);
buffer_putnlflush(buffer_2);
io_close(i);
break;
case 0:
buffer_puts(buffer_2, "write eof on fd #");
buffer_putulong(buffer_2, i);
buffer_putnlflush(buffer_2);
io_close(i);
default:
if(r != l) {
buffer_puts(buffer_2, "short write on fd #");
buffer_putulong(buffer_2, i);
buffer_puts(buffer_2, ": wrote ");
buffer_putulong(buffer_2, r);
buffer_puts(buffer_2, ", wanted to write ");
buffer_putulong(buffer_2, l);
buffer_putsflush(buffer_2, ").\n");
}
}
}
}
}
}
return 0;
}
int main()
{
char *x;
unsigned int i, j, k;
unsigned long cachesize;
static stralloc sa = {0};
x = env_get("INTERFACE");
if (x) scan_ulong(x,&interface);
x = env_get("IP");
if (!x)
strerr_die2x(111,FATAL,"$IP not set");
if (!ip6_scan(x,myipincoming))
strerr_die3x(111,FATAL,"unable to parse IP address ",x);
#if 0
/* if if IP is a mapped-IPv4 address, disable IPv6 functionality */
/* this is actually a bad idea */
if (ip6_isv4mapped(myipincoming))
noipv6 = 1;
#endif
udp53 = socket_udp6();
if (udp53 == -1)
strerr_die2sys(111,FATAL,"unable to create UDP socket: ");
if (socket_bind6_reuse(udp53,myipincoming,53,interface) == -1)
strerr_die2sys(111,FATAL,"unable to bind UDP socket: ");
tcp53 = socket_tcp6();
if (tcp53 == -1)
strerr_die2sys(111,FATAL,"unable to create TCP socket: ");
if (socket_bind6_reuse(tcp53,myipincoming,53,interface) == -1)
strerr_die2sys(111,FATAL,"unable to bind TCP socket: ");
droproot(FATAL);
socket_tryreservein(udp53,131072);
byte_zero(seed,sizeof seed);
read(0,seed,sizeof seed);
dns_random_init(seed);
close(0);
x = env_get("IPSEND");
if (!x)
strerr_die2x(111,FATAL,"$IPSEND not set");
if (!ip6_scan(x,myipoutgoing))
strerr_die3x(111,FATAL,"unable to parse IP address ",x);
x = env_get("CACHESIZE");
if (!x)
strerr_die2x(111,FATAL,"$CACHESIZE not set");
scan_ulong(x,&cachesize);
if (!cache_init(cachesize))
strerr_die3x(111,FATAL,"not enough memory for cache of size ",x);
if (openreadclose("ignoreip",&sa,64) < 0)
strerr_die2x(111,FATAL,"trouble reading ignoreip");
for(j = k = i = 0; i < sa.len; i++)
if (sa.s[i] == '\n') {
sa.s[i] = '\0';
if (!stralloc_readyplus(&ignoreip,16))
strerr_die2x(111,FATAL,"out of memory parsing ignoreip");
if (!ip6_scan(sa.s+k,ignoreip.s+j))
strerr_die3x(111,FATAL,"unable to parse address in ignoreip ",ignoreip.s+k);
j += 16;
k = i + 1;
}
ignoreip.len = j;
if (env_get("HIDETTL"))
response_hidettl();
if (env_get("FORWARDONLY"))
query_forwardonly();
if (!roots_init())
strerr_die2sys(111,FATAL,"unable to read servers: ");
if (socket_listen(tcp53,20) == -1)
strerr_die2sys(111,FATAL,"unable to listen on TCP socket: ");
log_startup();
doit();
}
