int login_setup_udp_feed(struct client_t *c, int port)
{
if (!c->udpclient)
return -1;
c->udp_port = port;
c->udpaddr = c->addr;
if (c->udpaddr.sa.sa_family == AF_INET) {
c->udpaddr.si.sin_port = htons(c->udp_port);
c->udpaddrlen = sizeof(c->udpaddr.si);
} else {
c->udpaddr.si6.sin6_port = htons(c->udp_port);
c->udpaddrlen = sizeof(c->udpaddr.si6);
}
inbound_connects_account(3, c->udpclient->portaccount); /* "3" = udp, not listening.. */
return 0;
}
static void do_accept(struct listen_t *l)
{
int fd;
struct client_t *c;
union sockaddr_u sa; /* large enough for also IPv6 address */
socklen_t addr_len = sizeof(sa);
static time_t last_EMFILE_report;
char *s;
if ((fd = accept(l->fd, (struct sockaddr*)&sa, &addr_len)) < 0) {
int e = errno;
switch (e) {
/* Errors reporting really bad internal (programming) bugs */
case EBADF:
case EINVAL:
#ifdef ENOTSOCK
case ENOTSOCK: /* Not a socket */
#endif
#ifdef EOPNOTSUPP
case EOPNOTSUPP: /* Not a SOCK_STREAM */
#endif
#ifdef ESOCKTNOSUPPORT
case ESOCKTNOSUPPORT: /* Linux errors ? */
#endif
#ifdef EPROTONOSUPPORT
case EPROTONOSUPPORT: /* Linux errors ? */
#endif
hlog(LOG_CRIT, "accept() failed: %s (giving up)", strerror(e));
exit(1); // ABORT with core-dump ??
break;
/* Too many open files -- rate limit the reporting -- every 10th second or so.. */
case EMFILE:
if (last_EMFILE_report + 10 <= tick) {
last_EMFILE_report = tick;
hlog(LOG_ERR, "accept() failed: %s (continuing)", strerror(e));
}
return;
/* Errors reporting system internal/external glitches */
default:
hlog(LOG_ERR, "accept() failed: %s (continuing)", strerror(e));
return;
}
}
/* convert client address to string */
s = strsockaddr( &sa.sa, addr_len );
/* TODO: the dropped connections here are not accounted. */
/* Limit amount of connections per port, and globally.
* Error messages written just before closing the socet may or may not get
* to the user, but at least we try.
*/
if (l->portaccount->gauge >= l->clients_max || inbound_connects.gauge >= maxclients) {
if (inbound_connects.gauge >= maxclients) {
hlog(LOG_INFO, "%s - Denied client on fd %d from %s: MaxClients reached (%d)", l->addr_s, fd, s, inbound_connects.gauge);
/* The "if" is here only to silence a compiler warning
* about ignoring the result value. We're really
* disconnecting the client right now, so we don't care.
*/
if (write(fd, "# Server full\r\n", 15)) {};
} else {
hlog(LOG_INFO, "%s - Denied client on fd %d from %s: Too many clients on Listener (%d)", l->addr_s, fd, s, l->portaccount->gauge);
if (write(fd, "# Port full\r\n", 13)) {};
}
close(fd);
hfree(s);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
/* match against acl... could probably have an error message to the client */
if (l->acl) {
if (!acl_check(l->acl, (struct sockaddr *)&sa, addr_len)) {
hlog(LOG_INFO, "%s - Denied client on fd %d from %s (ACL)", l->addr_s, fd, s);
close(fd);
hfree(s);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
}
c = accept_client_for_listener(l, fd, s, &sa, addr_len);
if (!c) {
hlog(LOG_ERR, "%s - client_alloc returned NULL, too many clients. Denied client on fd %d from %s", l->addr_s, fd, s);
close(fd);
hfree(s);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
hfree(s);
c->state = CSTATE_LOGIN;
/* use the default login handler */
c->handler_line_in = &login_handler;
c->keepalive = tick + keepalive_interval;
#ifdef USE_SSL
if (l->ssl) {
if (ssl_create_connection(l->ssl, c, 0)) {
close(fd);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
}
#endif
hlog(LOG_DEBUG, "%s - Accepted client on fd %d from %s", c->addr_loc, c->fd, c->addr_rem);
/* set client socket options, return -1 on serious errors */
if (set_client_sockopt(c) != 0)
goto err;
/* ok, found it... lock the new client queue and pass the client */
if (pass_client_to_worker(pick_next_worker(), c))
goto err;
return;
err:
inbound_connects_account(0, c->portaccount); /* something failed, remove this from accounts.. */
client_free(c);
return;
}
static void peerip_clients_config(void)
{
struct client_t *c;
struct peerip_config_t *pe;
struct client_udp_t *udpclient;
char *s;
union sockaddr_u sa; /* large enough for also IPv6 address */
socklen_t addr_len = sizeof(sa);
for (pe = peerip_config; (pe); pe = pe->next) {
hlog(LOG_DEBUG, "Setting up UDP peer %s (%s)", pe->name, pe->host);
udpclient = client_udp_find(udppeers, pe->af, pe->local_port);
if (!udpclient) {
hlog(LOG_ERR, "Failed to find UDP socket on port %d for peer %s (%s)", pe->local_port, pe->name, pe->host);
continue;
}
c = client_alloc();
if (!c) {
hlog(LOG_ERR, "peerip_clients_config: client_alloc returned NULL");
abort();
}
c->fd = -1; // Right, this client will never have a socket of it's own.
c->ai_protocol = IPPROTO_UDP;
c->portnum = pe->local_port; // local port
c->state = CSTATE_COREPEER;
c->validated = VALIDATED_WEAK;
c->flags = CLFLAGS_UPLINKPORT;
c->handler_line_in = &incoming_handler;
memcpy((void *)&c->udpaddr.sa, (void *)pe->ai->ai_addr, pe->ai->ai_addrlen);
c->udpaddrlen = pe->ai->ai_addrlen;
c->udp_port = pe->remote_port; // remote port
c->addr = c->udpaddr;
c->udpclient = udpclient;
//c->portaccount = l->portaccount;
c->keepalive = tick + keepalive_interval;
c->last_read = tick; /* not simulated time */
inbound_connects_account(3, c->udpclient->portaccount); /* "3" = udp, not listening.. */
/* set up peer serverid to username */
strncpy(c->username, pe->serverid, sizeof(c->username));
c->username[sizeof(c->username)-1] = 0;
c->username_len = strlen(c->username);
/* convert client address to string */
s = strsockaddr( &c->udpaddr.sa, c->udpaddrlen );
/* text format of client's IP address + port */
strncpy(c->addr_rem, s, sizeof(c->addr_rem));
c->addr_rem[sizeof(c->addr_rem)-1] = 0;
hfree(s);
/* hex format of client's IP address + port */
s = hexsockaddr( &c->udpaddr.sa, c->udpaddrlen );
strncpy(c->addr_hex, s, sizeof(c->addr_hex));
c->addr_hex[sizeof(c->addr_hex)-1] = 0;
hfree(s);
/* text format of servers' connected IP address + port */
addr_len = sizeof(sa);
if (getsockname(c->udpclient->fd, &sa.sa, &addr_len) == 0) { /* Fails very rarely.. */
/* present my socket end address as a malloced string... */
s = strsockaddr( &sa.sa, addr_len );
} else {
hlog(LOG_ERR, "Peer config: getsockname on udpclient->fd failed: %s", strerror(errno));
s = hstrdup( "um" ); /* Server's bound IP address.. TODO: what? */
}
strncpy(c->addr_loc, s, sizeof(c->addr_loc));
c->addr_loc[sizeof(c->addr_loc)-1] = 0;
hfree(s);
/* pass the client to the first worker thread */
if (pass_client_to_worker(worker_threads, c)) {
hlog(LOG_ERR, "Failed to pass UDP peer %s (%s) to worker", pe->name, pe->host);
client_free(c);
}
}
}
struct client_t *accept_client_for_listener(struct listen_t *l, int fd, char *addr_s, union sockaddr_u *sa, unsigned addr_len)
{
struct client_t *c;
char *s;
int i;
union sockaddr_u sa_loc; /* local address */
socklen_t addr_len_loc = sizeof(sa_loc);
c = client_alloc();
if (!c)
return NULL;
c->fd = fd;
c->listener_id = l->listener_id;
c->addr = *sa;
c->ai_protocol = l->ai_protocol;
c->portnum = l->portnum;
c->hidden = l->hidden;
c->flags = l->client_flags;
c->udpclient = client_udp_find(udpclients, sa->sa.sa_family, l->portnum);
c->portaccount = l->portaccount;
c->last_read = tick; /* not simulated time */
inbound_connects_account(1, c->portaccount); /* account all ports + port-specifics */
/* text format of client's IP address + port */
strncpy(c->addr_rem, addr_s, sizeof(c->addr_rem));
c->addr_rem[sizeof(c->addr_rem)-1] = 0;
/* hex format of client's IP address + port */
s = hexsockaddr( &sa->sa, addr_len );
strncpy(c->addr_hex, s, sizeof(c->addr_hex));
c->addr_hex[sizeof(c->addr_hex)-1] = 0;
hfree(s);
/* text format of servers' connected IP address + port */
if (getsockname(fd, &sa_loc.sa, &addr_len_loc) == 0) { /* Fails very rarely.. */
if (addr_len_loc > sizeof(sa_loc))
hlog(LOG_ERR, "accept_client_for_listener: getsockname for client %s truncated local address of %d to %d bytes", c->addr_rem, addr_len_loc, sizeof(sa_loc));
/* present my socket end address as a malloced string... */
s = strsockaddr( &sa_loc.sa, addr_len_loc );
} else {
s = hstrdup( l->addr_s ); /* Server's bound IP address */
hlog(LOG_ERR, "accept_client_for_listener: getsockname for client %s failed: %s (using '%s' instead)", c->addr_rem, strerror(errno), s);
}
strncpy(c->addr_loc, s, sizeof(c->addr_loc));
c->addr_loc[sizeof(c->addr_loc)-1] = 0;
hfree(s);
/* apply predefined filters */
for (i = 0; i < (sizeof(l->filters)/sizeof(l->filters[0])); ++i) {
if (l->filters[i]) {
if (filter_parse(c, l->filters[i], 0) < 0) { /* system filters */
hlog(LOG_ERR, "Bad system filter definition: %s", l->filters[i]);
}
}
}
if (l->filter_s) {
strncpy(c->filter_s, l->filter_s, sizeof(c->filter_s));
c->filter_s[FILTER_S_SIZE-1] = 0;
}
return c;
}
static int accept_liveupgrade_single(cJSON *client, int *rxerr_map, int rxerr_map_len)
{
cJSON *fd, *listener_id, *username, *time_connect, *tick_connect;
cJSON *state;
cJSON *addr_loc;
cJSON *udp_port;
cJSON *app_name, *app_version;
cJSON *verified;
cJSON *obuf_q;
cJSON *bytes_rx, *bytes_tx;
cJSON *pkts_rx, *pkts_tx, *pkts_ign;
cJSON *rx_errs;
cJSON *filter;
cJSON *ibuf, *obuf;
cJSON *client_heard;
cJSON *lat, *lng;
unsigned addr_len;
union sockaddr_u sa;
char *argv[256];
int i, argc;
const char *username_s = "unknown";
/* get username first, so we can log it later */
username = accept_liveupgrade_cJSON_get(client, "username", cJSON_String, username_s);
if (username)
username_s = username->valuestring;
fd = accept_liveupgrade_cJSON_get(client, "fd", cJSON_Number, username_s);
int fd_i = -1;
if (fd)
fd_i = fd->valueint;
if (fd_i < 0) {
hlog(LOG_INFO, "Live upgrade: Client '%s' has negative fd %d, ignoring (corepeer?)", username_s, fd_i);
return -1;
}
listener_id = accept_liveupgrade_cJSON_get(client, "listener_id", cJSON_Number, username_s);
state = accept_liveupgrade_cJSON_get(client, "state", cJSON_String, username_s);
time_connect = accept_liveupgrade_cJSON_get(client, "t_connect", cJSON_Number, username_s);
addr_loc = accept_liveupgrade_cJSON_get(client, "addr_loc", cJSON_String, username_s);
app_name = accept_liveupgrade_cJSON_get(client, "app_name", cJSON_String, username_s);
app_version = accept_liveupgrade_cJSON_get(client, "app_version", cJSON_String, username_s);
verified = accept_liveupgrade_cJSON_get(client, "verified", cJSON_Number, username_s);
obuf_q = accept_liveupgrade_cJSON_get(client, "obuf_q", cJSON_Number, username_s);
bytes_rx = accept_liveupgrade_cJSON_get(client, "bytes_rx", cJSON_Number, username_s);
bytes_tx = accept_liveupgrade_cJSON_get(client, "bytes_tx", cJSON_Number, username_s);
pkts_rx = accept_liveupgrade_cJSON_get(client, "pkts_rx", cJSON_Number, username_s);
pkts_tx = accept_liveupgrade_cJSON_get(client, "pkts_tx", cJSON_Number, username_s);
pkts_ign = accept_liveupgrade_cJSON_get(client, "pkts_ign", cJSON_Number, username_s);
rx_errs = accept_liveupgrade_cJSON_get(client, "rx_errs", cJSON_Array, username_s);
filter = accept_liveupgrade_cJSON_get(client, "filter", cJSON_String, username_s);
/* optional */
tick_connect = cJSON_GetObjectItem(client, "t_connect_tick");
udp_port = cJSON_GetObjectItem(client, "udp_port");
ibuf = cJSON_GetObjectItem(client, "ibuf");
obuf = cJSON_GetObjectItem(client, "obuf");
client_heard = cJSON_GetObjectItem(client, "client_heard");
lat = cJSON_GetObjectItem(client, "lat");
lng = cJSON_GetObjectItem(client, "lng");
if (!(
(fd)
&& (listener_id)
&& (state)
&& (username)
&& (time_connect)
&& (addr_loc)
&& (app_name)
&& (app_version)
&& (verified)
&& (obuf_q)
&& (bytes_rx)
&& (bytes_tx)
&& (pkts_rx)
&& (pkts_tx)
&& (pkts_ign)
&& (rx_errs)
&& (filter)
)) {
hlog(LOG_ERR, "Live upgrade: Fields missing from client JSON, discarding client fd %d", fd_i);
if (fd_i >= 0)
close(fd_i);
return -1;
}
hlog(LOG_DEBUG, "Old client on fd %d: %s", fd->valueint, username->valuestring);
/* fetch peer address from the fd instead of parsing it from text */
addr_len = sizeof(sa);
if (getpeername(fd->valueint, &sa.sa, &addr_len) != 0) {
/* Sometimes clients disconnect during upgrade, especially on slow RPi servers... */
if (errno == ENOTCONN)
hlog(LOG_INFO, "Live upgrade: Client %s on fd %d has disconnected during upgrade (%s)",
username->valuestring, fd->valueint, strerror(errno));
else
hlog(LOG_ERR, "Live upgrade: getpeername client fd %d failed: %s", fd->valueint, strerror(errno));
close(fd->valueint);
return -1;
}
/* convert client address to string */
char *client_addr_s = strsockaddr( &sa.sa, addr_len );
/* find the right listener for this client, for configuration and accounting */
struct listen_t *l = liveupgrade_find_listener(listener_id->valueint);
if (!l) {
hlog(LOG_INFO, "Live upgrade: Listener has been removed for fd %d (%s - local %s): disconnecting %s",
fd->valueint, client_addr_s, addr_loc->valuestring, username->valuestring);
close(fd->valueint);
hfree(client_addr_s);
return -1;
}
struct client_t *c = accept_client_for_listener(l, fd->valueint, client_addr_s, &sa, addr_len);
if (!c) {
hlog(LOG_ERR, "Live upgrade - client_alloc returned NULL, too many clients. Denied client %s on fd %d from %s",
username->valuestring, fd->valueint, client_addr_s);
close(fd->valueint);
hfree(client_addr_s);
return -1;
}
hfree(client_addr_s);
if (strcmp(state->valuestring, "connected") == 0) {
c->state = CSTATE_CONNECTED;
c->handler_line_in = &incoming_handler;
strncpy(c->username, username->valuestring, sizeof(c->username));
c->username[sizeof(c->username)-1] = 0;
c->username_len = strlen(c->username);
} else if (strcmp(state->valuestring, "login") == 0) {
c->state = CSTATE_LOGIN;
c->handler_line_in = &login_handler;
} else {
hlog(LOG_ERR, "Live upgrade: Client %s is in invalid state '%s' (fd %d)", l->addr_s, state->valuestring, l->fd);
goto err;
}
/* distribute keepalive intervals for the existing old clients
* but send them rather sooner than later */
// coverity[dont_call] // squelch warning: not security sensitive use of random(): load distribution
c->keepalive = tick + (random() % (keepalive_interval/2));
/* distribute cleanup intervals over the next 2 minutes */
// coverity[dont_call] // squelch warning: not security sensitive use of random(): load distribution
c->cleanup = tick + (random() % 120);
c->connect_time = time_connect->valueint;
/* live upgrade / backward compatibility: upgrading from <= 1.8.2 requires the 'else' path' */
if (tick_connect && tick_connect->type == cJSON_Number)
c->connect_tick = tick_connect->valueint;
else /* convert to monotonic time */
c->connect_tick = tick - (now - c->connect_time);
c->validated = verified->valueint;
c->localaccount.rxbytes = bytes_rx->valuedouble;
c->localaccount.txbytes = bytes_tx->valuedouble;
c->localaccount.rxpackets = pkts_rx->valuedouble;
c->localaccount.txpackets = pkts_tx->valuedouble;
c->localaccount.rxdrops = pkts_ign->valuedouble;
login_set_app_name(c, app_name->valuestring, app_version->valuestring);
// handle client's filter setting
if (c->flags & CLFLAGS_USERFILTEROK && (filter) && (filter->valuestring) && *(filter->valuestring)) {
// archive a copy of the filters, for status display
strncpy(c->filter_s, filter->valuestring, FILTER_S_SIZE);
c->filter_s[FILTER_S_SIZE-1] = 0;
sanitize_ascii_string(c->filter_s);
char *f = hstrdup(filter->valuestring);
argc = parse_args(argv, f);
for (i = 0; i < argc; ++i) {
filter_parse(c, argv[i], 1);
}
hfree(f);
}
// set up UDP downstream if necessary
if (udp_port && udp_port->type == cJSON_Number && udp_port->valueint > 1024 && udp_port->valueint < 65536) {
if (login_setup_udp_feed(c, udp_port->valueint) != 0) {
hlog(LOG_DEBUG, "%s/%s: Requested UDP on client port with no UDP configured", c->addr_rem, c->username);
}
}
// fill up ibuf
if (ibuf && ibuf->type == cJSON_String && ibuf->valuestring) {
int l = hex_decode(c->ibuf, c->ibuf_size, ibuf->valuestring);
if (l < 0) {
hlog(LOG_ERR, "Live upgrade: %s/%s: Failed to decode ibuf: %s", c->addr_rem, c->username, ibuf->valuestring);
} else {
c->ibuf_end = l;
hlog(LOG_DEBUG, "Live upgrade: Decoded ibuf %d bytes: '%.*s'", l, l, c->ibuf);
hlog(LOG_DEBUG, "Hex: %s", ibuf->valuestring);
}
}
// fill up obuf
if (obuf && obuf->type == cJSON_String && obuf->valuestring) {
int l = hex_decode(c->obuf, c->obuf_size, obuf->valuestring);
if (l < 0) {
hlog(LOG_ERR, "Live upgrade: %s/%s: Failed to decode obuf: %s", c->addr_rem, c->username, obuf->valuestring);
} else {
c->obuf_start = 0;
c->obuf_end = l;
hlog(LOG_DEBUG, "Live upgrade: Decoded obuf %d bytes: '%.*s'", l, l, c->obuf);
hlog(LOG_DEBUG, "Hex: %s", obuf->valuestring);
}
}
/* load list of stations heard by this client, to immediately support
* messaging
*/
if (client_heard && client_heard->type == cJSON_Array)
client_heard_json_load(c, client_heard);
/* load rxerrs counters, with error name string mapping to support
* adding/reordering of error counters
*/
if (rx_errs && rx_errs->type == cJSON_Array && rxerr_map && rxerr_map_len > 0)
accept_rx_err_load(c, rx_errs, rxerr_map, rxerr_map_len);
/* set client lat/lon, if they're given
*/
if (lat && lng && lat->type == cJSON_Number && lng->type == cJSON_Number) {
c->loc_known = 1;
c->lat = lat->valuedouble;
c->lng = lng->valuedouble;
}
hlog(LOG_DEBUG, "%s - Accepted live upgrade client on fd %d from %s", c->addr_loc, c->fd, c->addr_rem);
/* set client socket options, return -1 on serious errors */
if (set_client_sockopt(c) != 0)
goto err;
/* Add the client to the client list. */
int old_fd = clientlist_add(c);
if (c->validated && old_fd != -1) {
/* TODO: If old connection is SSL validated, and this one is not, do not disconnect it. */
hlog(LOG_INFO, "fd %d: Disconnecting duplicate validated client with username '%s'", old_fd, c->username);
shutdown(old_fd, SHUT_RDWR);
}
/* ok, found it... lock the new client queue and pass the client */
if (pass_client_to_worker(pick_next_worker(), c))
goto err;
return 0;
err:
close(c->fd);
inbound_connects_account(0, c->portaccount); /* something failed, remove this from accounts.. */
client_free(c);
return -1;
}