/* call ioctl system call */
int vrf_if_ioctl(unsigned long request, caddr_t buffer, vrf_id_t vrf_id)
{
int sock;
int ret;
int err = 0;
frr_elevate_privs(&zserv_privs) {
sock = vrf_socket(AF_INET, SOCK_DGRAM, 0, vrf_id, NULL);
if (sock < 0) {
zlog_err("Cannot create UDP socket: %s",
safe_strerror(errno));
exit(1);
}
ret = vrf_ioctl(vrf_id, sock, request, buffer);
if (ret < 0)
err = errno;
}
close(sock);
if (ret < 0) {
errno = err;
return ret;
}
return 0;
}
static int get_iflink_speed(struct interface *interface)
{
struct ifreq ifdata;
struct ethtool_cmd ecmd;
int sd;
int rc;
const char *ifname = interface->name;
/* initialize struct */
memset(&ifdata, 0, sizeof(ifdata));
/* set interface name */
strlcpy(ifdata.ifr_name, ifname, sizeof(ifdata.ifr_name));
/* initialize ethtool interface */
memset(&ecmd, 0, sizeof(ecmd));
ecmd.cmd = ETHTOOL_GSET; /* ETHTOOL_GLINK */
ifdata.ifr_data = (caddr_t)&ecmd;
/* use ioctl to get IP address of an interface */
frr_elevate_privs(&zserv_privs) {
sd = vrf_socket(PF_INET, SOCK_DGRAM, IPPROTO_IP,
interface->vrf_id,
NULL);
if (sd < 0) {
if (IS_ZEBRA_DEBUG_KERNEL)
zlog_debug("Failure to read interface %s speed: %d %s",
ifname, errno, safe_strerror(errno));
return 0;
}
/* Get the current link state for the interface */
rc = vrf_ioctl(interface->vrf_id, sd, SIOCETHTOOL,
(char *)&ifdata);
}
if (rc < 0) {
if (IS_ZEBRA_DEBUG_KERNEL)
zlog_debug(
"IOCTL failure to read interface %s speed: %d %s",
ifname, errno, safe_strerror(errno));
ecmd.speed_hi = 0;
ecmd.speed = 0;
}
close(sd);
return (ecmd.speed_hi << 16) | ecmd.speed;
}
/* IPv6 supported version of BGP server socket setup. */
int bgp_socket(struct bgp *bgp, unsigned short port, const char *address)
{
struct addrinfo *ainfo;
struct addrinfo *ainfo_save;
static const struct addrinfo req = {
.ai_family = AF_UNSPEC,
.ai_flags = AI_PASSIVE,
.ai_socktype = SOCK_STREAM,
};
int ret, count;
char port_str[BUFSIZ];
snprintf(port_str, sizeof(port_str), "%d", port);
port_str[sizeof(port_str) - 1] = '\0';
frr_elevate_privs(&bgpd_privs) {
ret = vrf_getaddrinfo(address, port_str, &req, &ainfo_save,
bgp->vrf_id);
}
if (ret != 0) {
flog_err_sys(EC_LIB_SOCKET, "getaddrinfo: %s",
gai_strerror(ret));
return -1;
}
if (bgp_option_check(BGP_OPT_NO_ZEBRA) &&
bgp->vrf_id != VRF_DEFAULT) {
freeaddrinfo(ainfo_save);
return -1;
}
count = 0;
for (ainfo = ainfo_save; ainfo; ainfo = ainfo->ai_next) {
int sock;
if (ainfo->ai_family != AF_INET && ainfo->ai_family != AF_INET6)
continue;
frr_elevate_privs(&bgpd_privs) {
sock = vrf_socket(ainfo->ai_family,
ainfo->ai_socktype,
ainfo->ai_protocol, bgp->vrf_id,
(bgp->inst_type
== BGP_INSTANCE_TYPE_VRF
? bgp->name : NULL));
}
if (sock < 0) {
flog_err_sys(EC_LIB_SOCKET, "socket: %s",
safe_strerror(errno));
continue;
}
/* if we intend to implement ttl-security, this socket needs
* ttl=255 */
sockopt_ttl(ainfo->ai_family, sock, MAXTTL);
ret = bgp_listener(sock, ainfo->ai_addr, ainfo->ai_addrlen,
bgp);
if (ret == 0)
++count;
else
close(sock);
}
freeaddrinfo(ainfo_save);
if (count == 0 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
flog_err(
EC_LIB_SOCKET,
"%s: no usable addresses please check other programs usage of specified port %d",
__func__, port);
flog_err_sys(EC_LIB_SOCKET, "%s: Program cannot continue",
__func__);
exit(-1);
}
return 0;
}
int pptp_manager(int argc, char **argv)
{
int firstOpen = -1;
int ctrl_pid;
socklen_t addrsize;
int hostSocket;
fd_set connSet;
int rc, sig_fd;
rc = sigpipe_create();
if (rc < 0) {
syslog(LOG_ERR, "MGR: unable to setup sigchld pipe!");
syslog_perror("sigpipe_create");
exit(-1);
}
sigpipe_assign(SIGCHLD);
sigpipe_assign(SIGTERM);
sig_fd = sigpipe_fd();
/* openlog() not required, done in pptpd.c */
syslog(LOG_INFO, "MGR: Manager process started");
if (!pptp_delegate) {
syslog(LOG_INFO, "MGR: Maximum of %d connections available",
pptp_connections);
}
/* Connect the host socket and activate it for listening */
if (createHostSocket(&hostSocket) < 0) {
syslog(LOG_ERR, "MGR: Couldn't create host socket");
syslog_perror("createHostSocket");
exit(-1);
}
while (1) {
int max_fd;
FD_ZERO(&connSet);
if (pptp_delegate) {
FD_SET(hostSocket, &connSet);
} else {
firstOpen = slot_find_empty();
if (firstOpen == -1) {
syslog(LOG_ERR, "MGR: No free connection slots or IPs - no more clients can connect!");
} else {
FD_SET(hostSocket, &connSet);
}
}
max_fd = hostSocket;
FD_SET(sig_fd, &connSet);
if (max_fd < sig_fd) max_fd = sig_fd;
while (1) {
if (select(max_fd + 1, &connSet, NULL, NULL, NULL) != -1) break;
if (errno == EINTR) continue;
syslog(LOG_ERR, "MGR: Error with manager select()!");
syslog_perror("select");
exit(-1);
}
if (FD_ISSET(sig_fd, &connSet)) { /* SIGCHLD */
int signum = sigpipe_read();
if (signum == SIGCHLD)
sigchld_responder(signum);
else if (signum == SIGTERM)
{
if (!keep_connections) sigterm_responder();
return signum;
}
}
if (FD_ISSET(hostSocket, &connSet)) { /* A call came! */
int clientSocket;
struct sockaddr_in client_addr;
/* Accept call and launch PPTPCTRL */
addrsize = sizeof(client_addr);
clientSocket = accept(hostSocket, (struct sockaddr *) &client_addr, &addrsize);
#ifdef HAVE_LIBWRAP
if (clientSocket != -1) {
struct request_info r;
request_init(&r, RQ_DAEMON, "pptpd", RQ_FILE, clientSocket, NULL);
fromhost(&r);
if (!hosts_access(&r)) {
/* send a permission denied message? this is a tcp wrapper
* type deny so probably best to just drop it immediately like
* this, as tcp wrappers usually do.
*/
close(clientSocket);
/* this would never be file descriptor 0, so use it as a error
* value
*/
clientSocket = 0;
}
}
#endif
if (clientSocket == -1) {
/* accept failed, but life goes on... */
syslog(LOG_ERR, "MGR: accept() failed");
syslog_perror("accept");
} else if (clientSocket != 0) {
fd_set rfds;
struct timeval tv;
struct pptp_header ph;
/* TODO: this select below prevents
other connections from being
processed during the wait for the
first data packet from the
client. */
/*
* DOS protection: get a peek at the first packet
* and do some checks on it before we continue.
* A 10 second timeout on the first packet seems reasonable
* to me, if anything looks sus, throw it away.
*/
FD_ZERO(&rfds);
FD_SET(clientSocket, &rfds);
tv.tv_sec = pptp_stimeout;
tv.tv_usec = 0;
if (select(clientSocket + 1, &rfds, NULL, NULL, &tv) <= 0) {
syslog(LOG_ERR, "MGR: dropped slow initial connection");
close(clientSocket);
continue;
}
if (recv(clientSocket, &ph, sizeof(ph), MSG_PEEK) !=
sizeof(ph)) {
syslog(LOG_ERR, "MGR: dropped small initial connection");
close(clientSocket);
continue;
}
ph.length = ntohs(ph.length);
ph.pptp_type = ntohs(ph.pptp_type);
ph.magic = ntohl(ph.magic);
ph.ctrl_type = ntohs(ph.ctrl_type);
if (ph.length <= 0 || ph.length > PPTP_MAX_CTRL_PCKT_SIZE) {
syslog(LOG_WARNING, "MGR: initial packet length %d outside "
"(0 - %d)", ph.length, PPTP_MAX_CTRL_PCKT_SIZE);
goto dos_exit;
}
if (ph.magic != PPTP_MAGIC_COOKIE) {
syslog(LOG_WARNING, "MGR: initial packet bad magic");
goto dos_exit;
}
if (ph.pptp_type != PPTP_CTRL_MESSAGE) {
syslog(LOG_WARNING, "MGR: initial packet has bad type");
goto dos_exit;
}
if (ph.ctrl_type != START_CTRL_CONN_RQST) {
syslog(LOG_WARNING, "MGR: initial packet has bad ctrl type "
"0x%x", ph.ctrl_type);
dos_exit:
close(clientSocket);
continue;
}
#ifndef HAVE_FORK
switch (ctrl_pid = vfork()) {
#else
switch (ctrl_pid = fork()) {
#endif
case -1: /* error */
syslog(LOG_ERR, "MGR: fork() failed launching " PPTP_CTRL_BIN);
close(clientSocket);
break;
case 0: /* child */
close(hostSocket);
if (pptp_debug)
syslog(LOG_DEBUG, "MGR: Launching " PPTP_CTRL_BIN " to handle client");
connectCall(clientSocket, !pptp_delegate ? firstOpen : 0);
_exit(1);
/* NORETURN */
default: /* parent */
close(clientSocket);
unique_call_id += MAX_CALLS_PER_TCP_LINK;
if (!pptp_delegate)
slot_set_pid(firstOpen, ctrl_pid);
break;
}
}
} /* FD_ISSET(hostSocket, &connSet) */
} /* while (1) */
} /* pptp_manager() */
/*
* Author: Kevin Thayer
*
* This creates a socket to listen on, sets the max # of pending connections and
* various other options.
*
* Returns the fd of the host socket.
*
* The function return values are:
* 0 for sucessful
* -1 for bad socket creation
* -2 for bad socket options
* -3 for bad bind
* -4 for bad listen
*/
static int createHostSocket(int *hostSocket)
{
int opt = 1;
struct sockaddr_in address;
#ifdef HAVE_GETSERVBYNAME
struct servent *serv;
#endif
/* create the master socket and check it worked */
if ((*hostSocket = vrf_socket(vrf, AF_INET, SOCK_STREAM, 0)) <= 0)
return -1;
/* set master socket to allow daemon to be restarted with connections active */
if (setsockopt(*hostSocket, SOL_SOCKET, SO_REUSEADDR,
(char *) &opt, sizeof(opt)) < 0)
return -2;
/* set up socket */
memset(&address, 0, sizeof(address));
address.sin_family = AF_INET;
if(bindaddr)
address.sin_addr.s_addr = inet_addr(bindaddr);
else
address.sin_addr.s_addr = INADDR_ANY;
#ifdef HAVE_GETSERVBYNAME
if ((serv = getservbyname("pptp", "tcp")) != NULL) {
address.sin_port = serv->s_port;
} else
#endif
address.sin_port = htons(PPTP_PORT);
/* bind the socket to the pptp port */
if (bind(*hostSocket, (struct sockaddr *) &address, sizeof(address)) < 0)
return -3;
/* minimal backlog to avoid DoS */
if (listen(*hostSocket, 3) < 0)
return -4;
return 0;
}