static int print_host(const char *hostname, const char *header)
{
/* We can't use xhost2sockaddr() - we want to get ALL addresses,
* not just one */
struct addrinfo *result = NULL;
int rc;
struct addrinfo hint;
memset(&hint, 0 , sizeof(hint));
/* hint.ai_family = AF_UNSPEC; - zero anyway */
/* Needed. Or else we will get each address thrice (or more)
* for each possible socket type (tcp,udp,raw...): */
hint.ai_socktype = SOCK_STREAM;
// hint.ai_flags = AI_CANONNAME;
rc = getaddrinfo(hostname, NULL /*service*/, &hint, &result);
if (!rc) {
struct addrinfo *cur = result;
unsigned cnt = 0;
printf("%-10s %s\n", header, hostname);
// puts(cur->ai_canonname); ?
while (cur) {
char *dotted, *revhost;
dotted = xmalloc_sockaddr2dotted_noport(cur->ai_addr);
revhost = xmalloc_sockaddr2hostonly_noport(cur->ai_addr);
printf("Address %u: %s%c", ++cnt, dotted, revhost ? ' ' : '\n');
if (revhost) {
puts(revhost);
if (ENABLE_FEATURE_CLEAN_UP)
free(revhost);
}
if (ENABLE_FEATURE_CLEAN_UP)
free(dotted);
cur = cur->ai_next;
}
} else {
#if ENABLE_VERBOSE_RESOLUTION_ERRORS
/*START MODIFY: z00182249 2011-09-22*/
#ifdef SUPPORT_TELMEX
printf("nslookup: can't resolve '%s'", hostname);
(void)fflush(stdout);
#endif
bb_error_msg("can't resolve '%s': %s", hostname, gai_strerror(rc));
#else
#ifdef SUPPORT_TELMEX
printf("nslookup: can't resolve '%s'", hostname);
(void)fflush(stdout);
#endif
/*END MODIFY: z00182249 2011-09-22*/
bb_error_msg("can't resolve '%s'", hostname);
#endif
}
if (ENABLE_FEATURE_CLEAN_UP)
freeaddrinfo(result);
return (rc != 0);
}
static void
add_peers(char *s)
{
peer_t *p;
p = xzalloc(sizeof(*p));
p->p_lsa = xhost2sockaddr(s, 123);
p->p_dotted = xmalloc_sockaddr2dotted_noport(&p->p_lsa->u.sa);
p->p_fd = -1;
p->p_xmt_msg.m_status = MODE_CLIENT | (NTP_VERSION << 3);
p->p_trustlevel = TRUSTLEVEL_PATHETIC;
p->next_action_time = time(NULL); /* = set_next(p, 0); */
llist_add_to(&G.ntp_peers, p);
G.peer_cnt++;
}
/* lookup the default nameserver and display it */
static void server_print(void)
{
char *server;
server = xmalloc_sockaddr2dotted_noport((struct sockaddr*)&_res.nsaddr_list[0]);
/* I honestly don't know what to do if DNS server has _IPv6 address_.
* Probably it is listed in
* _res._u._ext_.nsaddrs[MAXNS] (of type "struct sockaddr_in6*" each)
* but how to find out whether resolver uses
* _res.nsaddr_list[] or _res._u._ext_.nsaddrs[], or both?
* Looks like classic design from hell, BIND-grade. Hard to surpass. */
print_host(server, "Server:");
if (ENABLE_FEATURE_CLEAN_UP)
free(server);
bb_putchar('\n');
}
/* lookup the default nameserver and display it */
static void server_print(void)
{
char *server;
struct sockaddr *sa;
#if ENABLE_FEATURE_IPV6
sa = (struct sockaddr*)_res._u._ext.nsaddrs[0];
if (!sa)
#endif
sa = (struct sockaddr*)&_res.nsaddr_list[0];
server = xmalloc_sockaddr2dotted_noport(sa);
print_host(server, "Server:");
if (ENABLE_FEATURE_CLEAN_UP)
free(server);
bb_putchar('\n');
}
// Mount one directory. Handles CIFS, NFS, loopback, autobind, and filesystem
// type detection. Returns 0 for success, nonzero for failure.
// NB: mp->xxx fields may be trashed on exit
static int singlemount(struct mntent *mp, int ignore_busy)
{
int rc = -1, vfsflags;
char *loopFile = 0, *filteropts = 0;
llist_t *fl = 0;
struct stat st;
vfsflags = parse_mount_options(mp->mnt_opts, &filteropts);
// Treat fstype "auto" as unspecified.
if (mp->mnt_type && strcmp(mp->mnt_type,"auto") == 0)
mp->mnt_type = 0;
// Might this be an CIFS filesystem?
if (ENABLE_FEATURE_MOUNT_CIFS
&& (!mp->mnt_type || strcmp(mp->mnt_type,"cifs") == 0)
&& (mp->mnt_fsname[0]=='/' || mp->mnt_fsname[0]=='\\')
&& mp->mnt_fsname[0]==mp->mnt_fsname[1]
) {
len_and_sockaddr *lsa;
char *ip, *dotted;
char *s;
rc = 1;
// Replace '/' with '\' and verify that unc points to "//server/share".
for (s = mp->mnt_fsname; *s; ++s)
if (*s == '/') *s = '\\';
// get server IP
s = strrchr(mp->mnt_fsname, '\\');
if (s <= mp->mnt_fsname+1) goto report_error;
*s = '\0';
lsa = host2sockaddr(mp->mnt_fsname+2, 0);
*s = '\\';
if (!lsa) goto report_error;
// insert ip=... option into string flags.
dotted = xmalloc_sockaddr2dotted_noport(&lsa->sa, lsa->len);
ip = xasprintf("ip=%s", dotted);
parse_mount_options(ip, &filteropts);
// compose new unc '\\server-ip\share'
// (s => slash after hostname)
mp->mnt_fsname = xasprintf("\\\\%s%s", dotted, s);
// lock is required
vfsflags |= MS_MANDLOCK;
mp->mnt_type = (char*)"cifs";
rc = mount_it_now(mp, vfsflags, filteropts);
if (ENABLE_FEATURE_CLEAN_UP) {
free(mp->mnt_fsname);
free(ip);
free(dotted);
free(lsa);
}
goto report_error;
}
// Might this be an NFS filesystem?
if (ENABLE_FEATURE_MOUNT_NFS
&& (!mp->mnt_type || !strcmp(mp->mnt_type,"nfs"))
&& strchr(mp->mnt_fsname, ':') != NULL
) {
rc = nfsmount(mp, vfsflags, filteropts);
goto report_error;
}
// Look at the file. (Not found isn't a failure for remount, or for
// a synthetic filesystem like proc or sysfs.)
// (We use stat, not lstat, in order to allow
// mount symlink_to_file_or_blkdev dir)
if (!stat(mp->mnt_fsname, &st)
&& !(vfsflags & (MS_REMOUNT | MS_BIND | MS_MOVE))
) {
// Do we need to allocate a loopback device for it?
if (ENABLE_FEATURE_MOUNT_LOOP && S_ISREG(st.st_mode)) {
loopFile = bb_simplify_path(mp->mnt_fsname);
mp->mnt_fsname = 0;
switch (set_loop(&(mp->mnt_fsname), loopFile, 0)) {
case 0:
case 1:
break;
default:
bb_error_msg( errno == EPERM || errno == EACCES
? bb_msg_perm_denied_are_you_root
: "cannot setup loop device");
return errno;
}
// Autodetect bind mounts
} else if (S_ISDIR(st.st_mode) && !mp->mnt_type)
vfsflags |= MS_BIND;
}
/* If we know the fstype (or don't need to), jump straight
* to the actual mount. */
if (mp->mnt_type || (vfsflags & (MS_REMOUNT | MS_BIND | MS_MOVE)))
rc = mount_it_now(mp, vfsflags, filteropts);
else {
// Loop through filesystem types until mount succeeds
// or we run out
/* Initialize list of block backed filesystems. This has to be
* done here so that during "mount -a", mounts after /proc shows up
* can autodetect. */
if (!fslist) {
fslist = get_block_backed_filesystems();
if (ENABLE_FEATURE_CLEAN_UP && fslist)
atexit(delete_block_backed_filesystems);
}
for (fl = fslist; fl; fl = fl->link) {
mp->mnt_type = fl->data;
rc = mount_it_now(mp, vfsflags, filteropts);
if (!rc) break;
}
}
// If mount failed, clean up loop file (if any).
if (ENABLE_FEATURE_MOUNT_LOOP && rc && loopFile) {
del_loop(mp->mnt_fsname);
if (ENABLE_FEATURE_CLEAN_UP) {
free(loopFile);
free(mp->mnt_fsname);
}
}
report_error:
if (ENABLE_FEATURE_CLEAN_UP)
free(filteropts);
if (rc && errno == EBUSY && ignore_busy) rc = 0;
if (rc < 0)
/* perror here sometimes says "mounting ... on ... failed: Success" */
bb_error_msg("mounting %s on %s failed", mp->mnt_fsname, mp->mnt_dir);
return rc;
}
int tcpudpsvd_main(int argc ATTRIBUTE_UNUSED, char **argv)
{
char *str_C, *str_t;
char *user;
struct hcc *hccp;
const char *instructs;
char *msg_per_host = NULL;
unsigned len_per_host = len_per_host; /* gcc */
#ifndef SSLSVD
struct bb_uidgid_t ugid;
#endif
bool tcp;
uint16_t local_port;
char *preset_local_hostname = NULL;
char *remote_hostname = remote_hostname; /* for compiler */
char *remote_addr = remote_addr; /* for compiler */
len_and_sockaddr *lsa;
len_and_sockaddr local, remote;
socklen_t sa_len;
int pid;
int sock;
int conn;
unsigned backlog = 20;
INIT_G();
tcp = (applet_name[0] == 't');
/* 3+ args, -i at most once, -p implies -h, -v is counter, -b N, -c N */
opt_complementary = "-3:i--i:ph:vv:b+:c+";
#ifdef SSLSVD
getopt32(argv, "+c:C:i:x:u:l:Eb:hpt:vU:/:Z:K:",
&cmax, &str_C, &instructs, &instructs, &user, &preset_local_hostname,
&backlog, &str_t, &ssluser, &root, &cert, &key, &verbose
);
#else
/* "+": stop on first non-option */
getopt32(argv, "+c:C:i:x:u:l:Eb:hpt:v",
&cmax, &str_C, &instructs, &instructs, &user, &preset_local_hostname,
&backlog, &str_t, &verbose
);
#endif
if (option_mask32 & OPT_C) { /* -C n[:message] */
max_per_host = bb_strtou(str_C, &str_C, 10);
if (str_C[0]) {
if (str_C[0] != ':')
bb_show_usage();
msg_per_host = str_C + 1;
len_per_host = strlen(msg_per_host);
}
}
if (max_per_host > cmax)
max_per_host = cmax;
if (option_mask32 & OPT_u) {
if (!get_uidgid(&ugid, user, 1))
bb_error_msg_and_die("unknown user/group: %s", user);
}
#ifdef SSLSVD
if (option_mask32 & OPT_U) ssluser = optarg;
if (option_mask32 & OPT_slash) root = optarg;
if (option_mask32 & OPT_Z) cert = optarg;
if (option_mask32 & OPT_K) key = optarg;
#endif
argv += optind;
if (!argv[0][0] || LONE_CHAR(argv[0], '0'))
argv[0] = (char*)"0.0.0.0";
/* Per-IP flood protection is not thought-out for UDP */
if (!tcp)
max_per_host = 0;
bb_sanitize_stdio(); /* fd# 0,1,2 must be opened */
#ifdef SSLSVD
sslser = user;
client = 0;
if ((getuid() == 0) && !(option_mask32 & OPT_u)) {
xfunc_exitcode = 100;
bb_error_msg_and_die("-U ssluser must be set when running as root");
}
if (option_mask32 & OPT_u)
if (!uidgid_get(&sslugid, ssluser, 1)) {
if (errno) {
bb_perror_msg_and_die("fatal: cannot get user/group: %s", ssluser);
}
bb_error_msg_and_die("unknown user/group '%s'", ssluser);
}
if (!cert) cert = "./cert.pem";
if (!key) key = cert;
if (matrixSslOpen() < 0)
fatal("cannot initialize ssl");
if (matrixSslReadKeys(&keys, cert, key, 0, ca) < 0) {
if (client)
fatal("cannot read cert, key, or ca file");
fatal("cannot read cert or key file");
}
if (matrixSslNewSession(&ssl, keys, 0, SSL_FLAGS_SERVER) < 0)
fatal("cannot create ssl session");
#endif
sig_block(SIGCHLD);
signal(SIGCHLD, sig_child_handler);
bb_signals(BB_FATAL_SIGS, sig_term_handler);
signal(SIGPIPE, SIG_IGN);
if (max_per_host)
ipsvd_perhost_init(cmax);
local_port = bb_lookup_port(argv[1], tcp ? "tcp" : "udp", 0);
lsa = xhost2sockaddr(argv[0], local_port);
argv += 2;
sock = xsocket(lsa->u.sa.sa_family, tcp ? SOCK_STREAM : SOCK_DGRAM, 0);
setsockopt_reuseaddr(sock);
sa_len = lsa->len; /* I presume sockaddr len stays the same */
xbind(sock, &lsa->u.sa, sa_len);
if (tcp)
xlisten(sock, backlog);
else /* udp: needed for recv_from_to to work: */
socket_want_pktinfo(sock);
/* ndelay_off(sock); - it is the default I think? */
#ifndef SSLSVD
if (option_mask32 & OPT_u) {
/* drop permissions */
xsetgid(ugid.gid);
xsetuid(ugid.uid);
}
#endif
if (verbose) {
char *addr = xmalloc_sockaddr2dotted(&lsa->u.sa);
bb_error_msg("listening on %s, starting", addr);
free(addr);
#ifndef SSLSVD
if (option_mask32 & OPT_u)
printf(", uid %u, gid %u",
(unsigned)ugid.uid, (unsigned)ugid.gid);
#endif
}
/* Main accept() loop */
again:
hccp = NULL;
while (cnum >= cmax)
wait_for_any_sig(); /* expecting SIGCHLD */
/* Accept a connection to fd #0 */
again1:
close(0);
again2:
sig_unblock(SIGCHLD);
local.len = remote.len = sa_len;
if (tcp) {
conn = accept(sock, &remote.u.sa, &remote.len);
} else {
/* In case recv_from_to won't be able to recover local addr.
* Also sets port - recv_from_to is unable to do it. */
local = *lsa;
conn = recv_from_to(sock, NULL, 0, MSG_PEEK,
&remote.u.sa, &local.u.sa, sa_len);
}
sig_block(SIGCHLD);
if (conn < 0) {
if (errno != EINTR)
bb_perror_msg(tcp ? "accept" : "recv");
goto again2;
}
xmove_fd(tcp ? conn : sock, 0);
if (max_per_host) {
/* Drop connection immediately if cur_per_host > max_per_host
* (minimizing load under SYN flood) */
remote_addr = xmalloc_sockaddr2dotted_noport(&remote.u.sa);
cur_per_host = ipsvd_perhost_add(remote_addr, max_per_host, &hccp);
if (cur_per_host > max_per_host) {
/* ipsvd_perhost_add detected that max is exceeded
* (and did not store ip in connection table) */
free(remote_addr);
if (msg_per_host) {
/* don't block or test for errors */
send(0, msg_per_host, len_per_host, MSG_DONTWAIT);
}
goto again1;
}
/* NB: remote_addr is not leaked, it is stored in conn table */
}
if (!tcp) {
/* Voodoo magic: making udp sockets each receive its own
* packets is not trivial, and I still not sure
* I do it 100% right.
* 1) we have to do it before fork()
* 2) order is important - is it right now? */
/* Open new non-connected UDP socket for further clients... */
sock = xsocket(lsa->u.sa.sa_family, SOCK_DGRAM, 0);
setsockopt_reuseaddr(sock);
/* Make plain write/send work for old socket by supplying default
* destination address. This also restricts incoming packets
* to ones coming from this remote IP. */
xconnect(0, &remote.u.sa, sa_len);
/* hole? at this point we have no wildcard udp socket...
* can this cause clients to get "port unreachable" icmp?
* Yup, time window is very small, but it exists (is it?) */
/* ..."open new socket", continued */
xbind(sock, &lsa->u.sa, sa_len);
socket_want_pktinfo(sock);
/* Doesn't work:
* we cannot replace fd #0 - we will lose pending packet
* which is already buffered for us! And we cannot use fd #1
* instead - it will "intercept" all following packets, but child
* does not expect data coming *from fd #1*! */
#if 0
/* Make it so that local addr is fixed to localp->u.sa
* and we don't accidentally accept packets to other local IPs. */
/* NB: we possibly bind to the _very_ same_ address & port as the one
* already bound in parent! This seems to work in Linux.
* (otherwise we can move socket to fd #0 only if bind succeeds) */
close(0);
set_nport(localp, htons(local_port));
xmove_fd(xsocket(localp->u.sa.sa_family, SOCK_DGRAM, 0), 0);
setsockopt_reuseaddr(0); /* crucial */
xbind(0, &localp->u.sa, localp->len);
#endif
}
pid = vfork();
if (pid == -1) {
bb_perror_msg("vfork");
goto again;
}
if (pid != 0) {
/* Parent */
cnum++;
if (verbose)
connection_status();
if (hccp)
hccp->pid = pid;
/* clean up changes done by vforked child */
undo_xsetenv();
goto again;
}
/* Child: prepare env, log, and exec prog */
/* Closing tcp listening socket */
if (tcp)
close(sock);
{ /* vfork alert! every xmalloc in this block should be freed! */
char *local_hostname = local_hostname; /* for compiler */
char *local_addr = NULL;
char *free_me0 = NULL;
char *free_me1 = NULL;
char *free_me2 = NULL;
if (verbose || !(option_mask32 & OPT_E)) {
if (!max_per_host) /* remote_addr is not yet known */
free_me0 = remote_addr = xmalloc_sockaddr2dotted(&remote.u.sa);
if (option_mask32 & OPT_h) {
free_me1 = remote_hostname = xmalloc_sockaddr2host_noport(&remote.u.sa);
if (!remote_hostname) {
bb_error_msg("cannot look up hostname for %s", remote_addr);
remote_hostname = remote_addr;
}
}
/* Find out local IP peer connected to.
* Errors ignored (I'm not paranoid enough to imagine kernel
* which doesn't know local IP). */
if (tcp)
getsockname(0, &local.u.sa, &local.len);
/* else: for UDP it is done earlier by parent */
local_addr = xmalloc_sockaddr2dotted(&local.u.sa);
if (option_mask32 & OPT_h) {
local_hostname = preset_local_hostname;
if (!local_hostname) {
free_me2 = local_hostname = xmalloc_sockaddr2host_noport(&local.u.sa);
if (!local_hostname)
bb_error_msg_and_die("cannot look up hostname for %s", local_addr);
}
/* else: local_hostname is not NULL, but is NOT malloced! */
}
}
if (verbose) {
pid = getpid();
if (max_per_host) {
bb_error_msg("concurrency %s %u/%u",
remote_addr,
cur_per_host, max_per_host);
}
bb_error_msg((option_mask32 & OPT_h)
? "start %u %s-%s (%s-%s)"
: "start %u %s-%s",
pid,
local_addr, remote_addr,
local_hostname, remote_hostname);
}
if (!(option_mask32 & OPT_E)) {
/* setup ucspi env */
const char *proto = tcp ? "TCP" : "UDP";
/* Extract "original" destination addr:port
* from Linux firewall. Useful when you redirect
* an outbond connection to local handler, and it needs
* to know where it originally tried to connect */
if (tcp && getsockopt(0, SOL_IP, SO_ORIGINAL_DST, &local.u.sa, &local.len) == 0) {
char *addr = xmalloc_sockaddr2dotted(&local.u.sa);
xsetenv_plain("TCPORIGDSTADDR", addr);
free(addr);
}
xsetenv_plain("PROTO", proto);
xsetenv_proto(proto, "LOCALADDR", local_addr);
xsetenv_proto(proto, "REMOTEADDR", remote_addr);
if (option_mask32 & OPT_h) {
xsetenv_proto(proto, "LOCALHOST", local_hostname);
xsetenv_proto(proto, "REMOTEHOST", remote_hostname);
}
//compat? xsetenv_proto(proto, "REMOTEINFO", "");
/* additional */
if (cur_per_host > 0) /* can not be true for udp */
xsetenv_plain("TCPCONCURRENCY", utoa(cur_per_host));
}
free(local_addr);
free(free_me0);
free(free_me1);
free(free_me2);
}
xdup2(0, 1);
signal(SIGTERM, SIG_DFL);
signal(SIGPIPE, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
sig_unblock(SIGCHLD);
#ifdef SSLSVD
strcpy(id, utoa(pid));
ssl_io(0, argv);
#else
BB_EXECVP(argv[0], argv);
#endif
bb_perror_msg_and_die("exec '%s'", argv[0]);
}
