Annotation of /trunk/mkinitrd-magellan/busybox/networking/tcpudp.c
Parent Directory
| 
Revision Log
Revision 816 -
(hide annotations)
(download)
Fri Apr 24 18:33:46 2009 UTC (15 years, 1 month ago) by niro
File MIME type: text/plain
File size: 18788 byte(s)
Fri Apr 24 18:33:46 2009 UTC (15 years, 1 month ago) by niro
File MIME type: text/plain
File size: 18788 byte(s)
-updated to busybox-1.13.4
| 1 | niro | 816 | /* Based on ipsvd utilities written by Gerrit Pape <pape@smarden.org> |
| 2 | * which are released into public domain by the author. | ||
| 3 | * Homepage: http://smarden.sunsite.dk/ipsvd/ | ||
| 4 | * | ||
| 5 | * Copyright (C) 2007 Denys Vlasenko. | ||
| 6 | * | ||
| 7 | * Licensed under GPLv2, see file LICENSE in this tarball for details. | ||
| 8 | */ | ||
| 9 | |||
| 10 | /* Based on ipsvd-0.12.1. This tcpsvd accepts all options | ||
| 11 | * which are supported by one from ipsvd-0.12.1, but not all are | ||
| 12 | * functional. See help text at the end of this file for details. | ||
| 13 | * | ||
| 14 | * Code inside "#ifdef SSLSVD" is for sslsvd and is currently unused. | ||
| 15 | * | ||
| 16 | * Busybox version exports TCPLOCALADDR instead of | ||
| 17 | * TCPLOCALIP + TCPLOCALPORT pair. ADDR more closely matches reality | ||
| 18 | * (which is "struct sockaddr_XXX". Port is not a separate entity, | ||
| 19 | * it's just a part of (AF_INET[6]) sockaddr!). | ||
| 20 | * | ||
| 21 | * TCPORIGDSTADDR is Busybox-specific addition. | ||
| 22 | * | ||
| 23 | * udp server is hacked up by reusing TCP code. It has the following | ||
| 24 | * limitation inherent in Unix DGRAM sockets implementation: | ||
| 25 | * - local IP address is retrieved (using recvmsg voodoo) but | ||
| 26 | * child's socket is not bound to it (bind cannot be called on | ||
| 27 | * already bound socket). Thus it still can emit outgoing packets | ||
| 28 | * with wrong source IP... | ||
| 29 | * - don't know how to retrieve ORIGDST for udp. | ||
| 30 | */ | ||
| 31 | |||
| 32 | #include "libbb.h" | ||
| 33 | /* Wants <limits.h> etc, thus included after libbb.h: */ | ||
| 34 | #include <linux/types.h> /* for __be32 etc */ | ||
| 35 | #include <linux/netfilter_ipv4.h> | ||
| 36 | |||
| 37 | // TODO: move into this file: | ||
| 38 | #include "tcpudp_perhost.h" | ||
| 39 | |||
| 40 | #ifdef SSLSVD | ||
| 41 | #include "matrixSsl.h" | ||
| 42 | #include "ssl_io.h" | ||
| 43 | #endif | ||
| 44 | |||
| 45 | struct globals { | ||
| 46 | unsigned verbose; | ||
| 47 | unsigned max_per_host; | ||
| 48 | unsigned cur_per_host; | ||
| 49 | unsigned cnum; | ||
| 50 | unsigned cmax; | ||
| 51 | char **env_cur; | ||
| 52 | char *env_var[1]; /* actually bigger */ | ||
| 53 | }; | ||
| 54 | #define G (*(struct globals*)&bb_common_bufsiz1) | ||
| 55 | #define verbose (G.verbose ) | ||
| 56 | #define max_per_host (G.max_per_host) | ||
| 57 | #define cur_per_host (G.cur_per_host) | ||
| 58 | #define cnum (G.cnum ) | ||
| 59 | #define cmax (G.cmax ) | ||
| 60 | #define env_cur (G.env_cur ) | ||
| 61 | #define env_var (G.env_var ) | ||
| 62 | #define INIT_G() do { \ | ||
| 63 | cmax = 30; \ | ||
| 64 | env_cur = &env_var[0]; \ | ||
| 65 | } while (0) | ||
| 66 | |||
| 67 | |||
| 68 | /* We have to be careful about leaking memory in repeated setenv's */ | ||
| 69 | static void xsetenv_plain(const char *n, const char *v) | ||
| 70 | { | ||
| 71 | char *var = xasprintf("%s=%s", n, v); | ||
| 72 | *env_cur++ = var; | ||
| 73 | putenv(var); | ||
| 74 | } | ||
| 75 | |||
| 76 | static void xsetenv_proto(const char *proto, const char *n, const char *v) | ||
| 77 | { | ||
| 78 | char *var = xasprintf("%s%s=%s", proto, n, v); | ||
| 79 | *env_cur++ = var; | ||
| 80 | putenv(var); | ||
| 81 | } | ||
| 82 | |||
| 83 | static void undo_xsetenv(void) | ||
| 84 | { | ||
| 85 | char **pp = env_cur = &env_var[0]; | ||
| 86 | while (*pp) { | ||
| 87 | char *var = *pp; | ||
| 88 | *strchrnul(var, '=') = '\0'; | ||
| 89 | unsetenv(var); | ||
| 90 | free(var); | ||
| 91 | *pp++ = NULL; | ||
| 92 | } | ||
| 93 | } | ||
| 94 | |||
| 95 | static void sig_term_handler(int sig) | ||
| 96 | { | ||
| 97 | if (verbose) | ||
| 98 | bb_error_msg("got signal %u, exit", sig); | ||
| 99 | kill_myself_with_sig(sig); | ||
| 100 | } | ||
| 101 | |||
| 102 | /* Little bloated, but tries to give accurate info how child exited. | ||
| 103 | * Makes easier to spot segfaulting children etc... */ | ||
| 104 | static void print_waitstat(unsigned pid, int wstat) | ||
| 105 | { | ||
| 106 | unsigned e = 0; | ||
| 107 | const char *cause = "?exit"; | ||
| 108 | |||
| 109 | if (WIFEXITED(wstat)) { | ||
| 110 | cause++; | ||
| 111 | e = WEXITSTATUS(wstat); | ||
| 112 | } else if (WIFSIGNALED(wstat)) { | ||
| 113 | cause = "signal"; | ||
| 114 | e = WTERMSIG(wstat); | ||
| 115 | } | ||
| 116 | bb_error_msg("end %d %s %d", pid, cause, e); | ||
| 117 | } | ||
| 118 | |||
| 119 | /* Must match getopt32 in main! */ | ||
| 120 | enum { | ||
| 121 | OPT_c = (1 << 0), | ||
| 122 | OPT_C = (1 << 1), | ||
| 123 | OPT_i = (1 << 2), | ||
| 124 | OPT_x = (1 << 3), | ||
| 125 | OPT_u = (1 << 4), | ||
| 126 | OPT_l = (1 << 5), | ||
| 127 | OPT_E = (1 << 6), | ||
| 128 | OPT_b = (1 << 7), | ||
| 129 | OPT_h = (1 << 8), | ||
| 130 | OPT_p = (1 << 9), | ||
| 131 | OPT_t = (1 << 10), | ||
| 132 | OPT_v = (1 << 11), | ||
| 133 | OPT_V = (1 << 12), | ||
| 134 | OPT_U = (1 << 13), /* from here: sslsvd only */ | ||
| 135 | OPT_slash = (1 << 14), | ||
| 136 | OPT_Z = (1 << 15), | ||
| 137 | OPT_K = (1 << 16), | ||
| 138 | }; | ||
| 139 | |||
| 140 | static void connection_status(void) | ||
| 141 | { | ||
| 142 | /* "only 1 client max" desn't need this */ | ||
| 143 | if (cmax > 1) | ||
| 144 | bb_error_msg("status %u/%u", cnum, cmax); | ||
| 145 | } | ||
| 146 | |||
| 147 | static void sig_child_handler(int sig UNUSED_PARAM) | ||
| 148 | { | ||
| 149 | int wstat; | ||
| 150 | pid_t pid; | ||
| 151 | |||
| 152 | while ((pid = wait_any_nohang(&wstat)) > 0) { | ||
| 153 | if (max_per_host) | ||
| 154 | ipsvd_perhost_remove(pid); | ||
| 155 | if (cnum) | ||
| 156 | cnum--; | ||
| 157 | if (verbose) | ||
| 158 | print_waitstat(pid, wstat); | ||
| 159 | } | ||
| 160 | if (verbose) | ||
| 161 | connection_status(); | ||
| 162 | } | ||
| 163 | |||
| 164 | int tcpudpsvd_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; | ||
| 165 | int tcpudpsvd_main(int argc UNUSED_PARAM, char **argv) | ||
| 166 | { | ||
| 167 | char *str_C, *str_t; | ||
| 168 | char *user; | ||
| 169 | struct hcc *hccp; | ||
| 170 | const char *instructs; | ||
| 171 | char *msg_per_host = NULL; | ||
| 172 | unsigned len_per_host = len_per_host; /* gcc */ | ||
| 173 | #ifndef SSLSVD | ||
| 174 | struct bb_uidgid_t ugid; | ||
| 175 | #endif | ||
| 176 | bool tcp; | ||
| 177 | uint16_t local_port; | ||
| 178 | char *preset_local_hostname = NULL; | ||
| 179 | char *remote_hostname = remote_hostname; /* for compiler */ | ||
| 180 | char *remote_addr = remote_addr; /* for compiler */ | ||
| 181 | len_and_sockaddr *lsa; | ||
| 182 | len_and_sockaddr local, remote; | ||
| 183 | socklen_t sa_len; | ||
| 184 | int pid; | ||
| 185 | int sock; | ||
| 186 | int conn; | ||
| 187 | unsigned backlog = 20; | ||
| 188 | |||
| 189 | INIT_G(); | ||
| 190 | |||
| 191 | tcp = (applet_name[0] == 't'); | ||
| 192 | |||
| 193 | /* 3+ args, -i at most once, -p implies -h, -v is counter, -b N, -c N */ | ||
| 194 | opt_complementary = "-3:i--i:ph:vv:b+:c+"; | ||
| 195 | #ifdef SSLSVD | ||
| 196 | getopt32(argv, "+c:C:i:x:u:l:Eb:hpt:vU:/:Z:K:", | ||
| 197 | &cmax, &str_C, &instructs, &instructs, &user, &preset_local_hostname, | ||
| 198 | &backlog, &str_t, &ssluser, &root, &cert, &key, &verbose | ||
| 199 | ); | ||
| 200 | #else | ||
| 201 | /* "+": stop on first non-option */ | ||
| 202 | getopt32(argv, "+c:C:i:x:u:l:Eb:hpt:v", | ||
| 203 | &cmax, &str_C, &instructs, &instructs, &user, &preset_local_hostname, | ||
| 204 | &backlog, &str_t, &verbose | ||
| 205 | ); | ||
| 206 | #endif | ||
| 207 | if (option_mask32 & OPT_C) { /* -C n[:message] */ | ||
| 208 | max_per_host = bb_strtou(str_C, &str_C, 10); | ||
| 209 | if (str_C[0]) { | ||
| 210 | if (str_C[0] != ':') | ||
| 211 | bb_show_usage(); | ||
| 212 | msg_per_host = str_C + 1; | ||
| 213 | len_per_host = strlen(msg_per_host); | ||
| 214 | } | ||
| 215 | } | ||
| 216 | if (max_per_host > cmax) | ||
| 217 | max_per_host = cmax; | ||
| 218 | if (option_mask32 & OPT_u) { | ||
| 219 | xget_uidgid(&ugid, user); | ||
| 220 | } | ||
| 221 | #ifdef SSLSVD | ||
| 222 | if (option_mask32 & OPT_U) ssluser = optarg; | ||
| 223 | if (option_mask32 & OPT_slash) root = optarg; | ||
| 224 | if (option_mask32 & OPT_Z) cert = optarg; | ||
| 225 | if (option_mask32 & OPT_K) key = optarg; | ||
| 226 | #endif | ||
| 227 | argv += optind; | ||
| 228 | if (!argv[0][0] || LONE_CHAR(argv[0], '0')) | ||
| 229 | argv[0] = (char*)"0.0.0.0"; | ||
| 230 | |||
| 231 | /* Per-IP flood protection is not thought-out for UDP */ | ||
| 232 | if (!tcp) | ||
| 233 | max_per_host = 0; | ||
| 234 | |||
| 235 | bb_sanitize_stdio(); /* fd# 0,1,2 must be opened */ | ||
| 236 | |||
| 237 | #ifdef SSLSVD | ||
| 238 | sslser = user; | ||
| 239 | client = 0; | ||
| 240 | if ((getuid() == 0) && !(option_mask32 & OPT_u)) { | ||
| 241 | xfunc_exitcode = 100; | ||
| 242 | bb_error_msg_and_die("-U ssluser must be set when running as root"); | ||
| 243 | } | ||
| 244 | if (option_mask32 & OPT_u) | ||
| 245 | if (!uidgid_get(&sslugid, ssluser, 1)) { | ||
| 246 | if (errno) { | ||
| 247 | bb_perror_msg_and_die("can't get user/group: %s", ssluser); | ||
| 248 | } | ||
| 249 | bb_error_msg_and_die("unknown user/group %s", ssluser); | ||
| 250 | } | ||
| 251 | if (!cert) cert = "./cert.pem"; | ||
| 252 | if (!key) key = cert; | ||
| 253 | if (matrixSslOpen() < 0) | ||
| 254 | fatal("cannot initialize ssl"); | ||
| 255 | if (matrixSslReadKeys(&keys, cert, key, 0, ca) < 0) { | ||
| 256 | if (client) | ||
| 257 | fatal("cannot read cert, key, or ca file"); | ||
| 258 | fatal("cannot read cert or key file"); | ||
| 259 | } | ||
| 260 | if (matrixSslNewSession(&ssl, keys, 0, SSL_FLAGS_SERVER) < 0) | ||
| 261 | fatal("cannot create ssl session"); | ||
| 262 | #endif | ||
| 263 | |||
| 264 | sig_block(SIGCHLD); | ||
| 265 | signal(SIGCHLD, sig_child_handler); | ||
| 266 | bb_signals(BB_FATAL_SIGS, sig_term_handler); | ||
| 267 | signal(SIGPIPE, SIG_IGN); | ||
| 268 | |||
| 269 | if (max_per_host) | ||
| 270 | ipsvd_perhost_init(cmax); | ||
| 271 | |||
| 272 | local_port = bb_lookup_port(argv[1], tcp ? "tcp" : "udp", 0); | ||
| 273 | lsa = xhost2sockaddr(argv[0], local_port); | ||
| 274 | argv += 2; | ||
| 275 | |||
| 276 | sock = xsocket(lsa->u.sa.sa_family, tcp ? SOCK_STREAM : SOCK_DGRAM, 0); | ||
| 277 | setsockopt_reuseaddr(sock); | ||
| 278 | sa_len = lsa->len; /* I presume sockaddr len stays the same */ | ||
| 279 | xbind(sock, &lsa->u.sa, sa_len); | ||
| 280 | if (tcp) | ||
| 281 | xlisten(sock, backlog); | ||
| 282 | else /* udp: needed for recv_from_to to work: */ | ||
| 283 | socket_want_pktinfo(sock); | ||
| 284 | /* ndelay_off(sock); - it is the default I think? */ | ||
| 285 | |||
| 286 | #ifndef SSLSVD | ||
| 287 | if (option_mask32 & OPT_u) { | ||
| 288 | /* drop permissions */ | ||
| 289 | xsetgid(ugid.gid); | ||
| 290 | xsetuid(ugid.uid); | ||
| 291 | } | ||
| 292 | #endif | ||
| 293 | |||
| 294 | if (verbose) { | ||
| 295 | char *addr = xmalloc_sockaddr2dotted(&lsa->u.sa); | ||
| 296 | bb_error_msg("listening on %s, starting", addr); | ||
| 297 | free(addr); | ||
| 298 | #ifndef SSLSVD | ||
| 299 | if (option_mask32 & OPT_u) | ||
| 300 | printf(", uid %u, gid %u", | ||
| 301 | (unsigned)ugid.uid, (unsigned)ugid.gid); | ||
| 302 | #endif | ||
| 303 | } | ||
| 304 | |||
| 305 | /* Main accept() loop */ | ||
| 306 | |||
| 307 | again: | ||
| 308 | hccp = NULL; | ||
| 309 | |||
| 310 | while (cnum >= cmax) | ||
| 311 | wait_for_any_sig(); /* expecting SIGCHLD */ | ||
| 312 | |||
| 313 | /* Accept a connection to fd #0 */ | ||
| 314 | again1: | ||
| 315 | close(0); | ||
| 316 | again2: | ||
| 317 | sig_unblock(SIGCHLD); | ||
| 318 | local.len = remote.len = sa_len; | ||
| 319 | if (tcp) { | ||
| 320 | conn = accept(sock, &remote.u.sa, &remote.len); | ||
| 321 | } else { | ||
| 322 | /* In case recv_from_to won't be able to recover local addr. | ||
| 323 | * Also sets port - recv_from_to is unable to do it. */ | ||
| 324 | local = *lsa; | ||
| 325 | conn = recv_from_to(sock, NULL, 0, MSG_PEEK, | ||
| 326 | &remote.u.sa, &local.u.sa, sa_len); | ||
| 327 | } | ||
| 328 | sig_block(SIGCHLD); | ||
| 329 | if (conn < 0) { | ||
| 330 | if (errno != EINTR) | ||
| 331 | bb_perror_msg(tcp ? "accept" : "recv"); | ||
| 332 | goto again2; | ||
| 333 | } | ||
| 334 | xmove_fd(tcp ? conn : sock, 0); | ||
| 335 | |||
| 336 | if (max_per_host) { | ||
| 337 | /* Drop connection immediately if cur_per_host > max_per_host | ||
| 338 | * (minimizing load under SYN flood) */ | ||
| 339 | remote_addr = xmalloc_sockaddr2dotted_noport(&remote.u.sa); | ||
| 340 | cur_per_host = ipsvd_perhost_add(remote_addr, max_per_host, &hccp); | ||
| 341 | if (cur_per_host > max_per_host) { | ||
| 342 | /* ipsvd_perhost_add detected that max is exceeded | ||
| 343 | * (and did not store ip in connection table) */ | ||
| 344 | free(remote_addr); | ||
| 345 | if (msg_per_host) { | ||
| 346 | /* don't block or test for errors */ | ||
| 347 | send(0, msg_per_host, len_per_host, MSG_DONTWAIT); | ||
| 348 | } | ||
| 349 | goto again1; | ||
| 350 | } | ||
| 351 | /* NB: remote_addr is not leaked, it is stored in conn table */ | ||
| 352 | } | ||
| 353 | |||
| 354 | if (!tcp) { | ||
| 355 | /* Voodoo magic: making udp sockets each receive its own | ||
| 356 | * packets is not trivial, and I still not sure | ||
| 357 | * I do it 100% right. | ||
| 358 | * 1) we have to do it before fork() | ||
| 359 | * 2) order is important - is it right now? */ | ||
| 360 | |||
| 361 | /* Open new non-connected UDP socket for further clients... */ | ||
| 362 | sock = xsocket(lsa->u.sa.sa_family, SOCK_DGRAM, 0); | ||
| 363 | setsockopt_reuseaddr(sock); | ||
| 364 | /* Make plain write/send work for old socket by supplying default | ||
| 365 | * destination address. This also restricts incoming packets | ||
| 366 | * to ones coming from this remote IP. */ | ||
| 367 | xconnect(0, &remote.u.sa, sa_len); | ||
| 368 | /* hole? at this point we have no wildcard udp socket... | ||
| 369 | * can this cause clients to get "port unreachable" icmp? | ||
| 370 | * Yup, time window is very small, but it exists (is it?) */ | ||
| 371 | /* ..."open new socket", continued */ | ||
| 372 | xbind(sock, &lsa->u.sa, sa_len); | ||
| 373 | socket_want_pktinfo(sock); | ||
| 374 | |||
| 375 | /* Doesn't work: | ||
| 376 | * we cannot replace fd #0 - we will lose pending packet | ||
| 377 | * which is already buffered for us! And we cannot use fd #1 | ||
| 378 | * instead - it will "intercept" all following packets, but child | ||
| 379 | * does not expect data coming *from fd #1*! */ | ||
| 380 | #if 0 | ||
| 381 | /* Make it so that local addr is fixed to localp->u.sa | ||
| 382 | * and we don't accidentally accept packets to other local IPs. */ | ||
| 383 | /* NB: we possibly bind to the _very_ same_ address & port as the one | ||
| 384 | * already bound in parent! This seems to work in Linux. | ||
| 385 | * (otherwise we can move socket to fd #0 only if bind succeeds) */ | ||
| 386 | close(0); | ||
| 387 | set_nport(localp, htons(local_port)); | ||
| 388 | xmove_fd(xsocket(localp->u.sa.sa_family, SOCK_DGRAM, 0), 0); | ||
| 389 | setsockopt_reuseaddr(0); /* crucial */ | ||
| 390 | xbind(0, &localp->u.sa, localp->len); | ||
| 391 | #endif | ||
| 392 | } | ||
| 393 | |||
| 394 | pid = vfork(); | ||
| 395 | if (pid == -1) { | ||
| 396 | bb_perror_msg("vfork"); | ||
| 397 | goto again; | ||
| 398 | } | ||
| 399 | |||
| 400 | if (pid != 0) { | ||
| 401 | /* Parent */ | ||
| 402 | cnum++; | ||
| 403 | if (verbose) | ||
| 404 | connection_status(); | ||
| 405 | if (hccp) | ||
| 406 | hccp->pid = pid; | ||
| 407 | /* clean up changes done by vforked child */ | ||
| 408 | undo_xsetenv(); | ||
| 409 | goto again; | ||
| 410 | } | ||
| 411 | |||
| 412 | /* Child: prepare env, log, and exec prog */ | ||
| 413 | |||
| 414 | /* Closing tcp listening socket */ | ||
| 415 | if (tcp) | ||
| 416 | close(sock); | ||
| 417 | |||
| 418 | { /* vfork alert! every xmalloc in this block should be freed! */ | ||
| 419 | char *local_hostname = local_hostname; /* for compiler */ | ||
| 420 | char *local_addr = NULL; | ||
| 421 | char *free_me0 = NULL; | ||
| 422 | char *free_me1 = NULL; | ||
| 423 | char *free_me2 = NULL; | ||
| 424 | |||
| 425 | if (verbose || !(option_mask32 & OPT_E)) { | ||
| 426 | if (!max_per_host) /* remote_addr is not yet known */ | ||
| 427 | free_me0 = remote_addr = xmalloc_sockaddr2dotted(&remote.u.sa); | ||
| 428 | if (option_mask32 & OPT_h) { | ||
| 429 | free_me1 = remote_hostname = xmalloc_sockaddr2host_noport(&remote.u.sa); | ||
| 430 | if (!remote_hostname) { | ||
| 431 | bb_error_msg("cannot look up hostname for %s", remote_addr); | ||
| 432 | remote_hostname = remote_addr; | ||
| 433 | } | ||
| 434 | } | ||
| 435 | /* Find out local IP peer connected to. | ||
| 436 | * Errors ignored (I'm not paranoid enough to imagine kernel | ||
| 437 | * which doesn't know local IP). */ | ||
| 438 | if (tcp) | ||
| 439 | getsockname(0, &local.u.sa, &local.len); | ||
| 440 | /* else: for UDP it is done earlier by parent */ | ||
| 441 | local_addr = xmalloc_sockaddr2dotted(&local.u.sa); | ||
| 442 | if (option_mask32 & OPT_h) { | ||
| 443 | local_hostname = preset_local_hostname; | ||
| 444 | if (!local_hostname) { | ||
| 445 | free_me2 = local_hostname = xmalloc_sockaddr2host_noport(&local.u.sa); | ||
| 446 | if (!local_hostname) | ||
| 447 | bb_error_msg_and_die("cannot look up hostname for %s", local_addr); | ||
| 448 | } | ||
| 449 | /* else: local_hostname is not NULL, but is NOT malloced! */ | ||
| 450 | } | ||
| 451 | } | ||
| 452 | if (verbose) { | ||
| 453 | pid = getpid(); | ||
| 454 | if (max_per_host) { | ||
| 455 | bb_error_msg("concurrency %s %u/%u", | ||
| 456 | remote_addr, | ||
| 457 | cur_per_host, max_per_host); | ||
| 458 | } | ||
| 459 | bb_error_msg((option_mask32 & OPT_h) | ||
| 460 | ? "start %u %s-%s (%s-%s)" | ||
| 461 | : "start %u %s-%s", | ||
| 462 | pid, | ||
| 463 | local_addr, remote_addr, | ||
| 464 | local_hostname, remote_hostname); | ||
| 465 | } | ||
| 466 | |||
| 467 | if (!(option_mask32 & OPT_E)) { | ||
| 468 | /* setup ucspi env */ | ||
| 469 | const char *proto = tcp ? "TCP" : "UDP"; | ||
| 470 | |||
| 471 | /* Extract "original" destination addr:port | ||
| 472 | * from Linux firewall. Useful when you redirect | ||
| 473 | * an outbond connection to local handler, and it needs | ||
| 474 | * to know where it originally tried to connect */ | ||
| 475 | if (tcp && getsockopt(0, SOL_IP, SO_ORIGINAL_DST, &local.u.sa, &local.len) == 0) { | ||
| 476 | char *addr = xmalloc_sockaddr2dotted(&local.u.sa); | ||
| 477 | xsetenv_plain("TCPORIGDSTADDR", addr); | ||
| 478 | free(addr); | ||
| 479 | } | ||
| 480 | xsetenv_plain("PROTO", proto); | ||
| 481 | xsetenv_proto(proto, "LOCALADDR", local_addr); | ||
| 482 | xsetenv_proto(proto, "REMOTEADDR", remote_addr); | ||
| 483 | if (option_mask32 & OPT_h) { | ||
| 484 | xsetenv_proto(proto, "LOCALHOST", local_hostname); | ||
| 485 | xsetenv_proto(proto, "REMOTEHOST", remote_hostname); | ||
| 486 | } | ||
| 487 | //compat? xsetenv_proto(proto, "REMOTEINFO", ""); | ||
| 488 | /* additional */ | ||
| 489 | if (cur_per_host > 0) /* can not be true for udp */ | ||
| 490 | xsetenv_plain("TCPCONCURRENCY", utoa(cur_per_host)); | ||
| 491 | } | ||
| 492 | free(local_addr); | ||
| 493 | free(free_me0); | ||
| 494 | free(free_me1); | ||
| 495 | free(free_me2); | ||
| 496 | } | ||
| 497 | |||
| 498 | xdup2(0, 1); | ||
| 499 | |||
| 500 | signal(SIGPIPE, SIG_DFL); /* this one was SIG_IGNed */ | ||
| 501 | /* Non-ignored signals revert to SIG_DFL on exec anyway */ | ||
| 502 | /*signal(SIGCHLD, SIG_DFL);*/ | ||
| 503 | sig_unblock(SIGCHLD); | ||
| 504 | |||
| 505 | #ifdef SSLSVD | ||
| 506 | strcpy(id, utoa(pid)); | ||
| 507 | ssl_io(0, argv); | ||
| 508 | #else | ||
| 509 | BB_EXECVP(argv[0], argv); | ||
| 510 | #endif | ||
| 511 | bb_perror_msg_and_die("exec '%s'", argv[0]); | ||
| 512 | } | ||
| 513 | |||
| 514 | /* | ||
| 515 | tcpsvd [-hpEvv] [-c n] [-C n:msg] [-b n] [-u user] [-l name] | ||
| 516 | [-i dir|-x cdb] [ -t sec] host port prog | ||
| 517 | |||
| 518 | tcpsvd creates a TCP/IP socket, binds it to the address host:port, | ||
| 519 | and listens on the socket for incoming connections. | ||
| 520 | |||
| 521 | On each incoming connection, tcpsvd conditionally runs a program, | ||
| 522 | with standard input reading from the socket, and standard output | ||
| 523 | writing to the socket, to handle this connection. tcpsvd keeps | ||
| 524 | listening on the socket for new connections, and can handle | ||
| 525 | multiple connections simultaneously. | ||
| 526 | |||
| 527 | tcpsvd optionally checks for special instructions depending | ||
| 528 | on the IP address or hostname of the client that initiated | ||
| 529 | the connection, see ipsvd-instruct(5). | ||
| 530 | |||
| 531 | host | ||
| 532 | host either is a hostname, or a dotted-decimal IP address, | ||
| 533 | or 0. If host is 0, tcpsvd accepts connections to any local | ||
| 534 | IP address. | ||
| 535 | * busybox accepts IPv6 addresses and host:port pairs too | ||
| 536 | In this case second parameter is ignored | ||
| 537 | port | ||
| 538 | tcpsvd accepts connections to host:port. port may be a name | ||
| 539 | from /etc/services or a number. | ||
| 540 | prog | ||
| 541 | prog consists of one or more arguments. For each connection, | ||
| 542 | tcpsvd normally runs prog, with file descriptor 0 reading from | ||
| 543 | the network, and file descriptor 1 writing to the network. | ||
| 544 | By default it also sets up TCP-related environment variables, | ||
| 545 | see tcp-environ(5) | ||
| 546 | -i dir | ||
| 547 | read instructions for handling new connections from the instructions | ||
| 548 | directory dir. See ipsvd-instruct(5) for details. | ||
| 549 | * ignored by busyboxed version | ||
| 550 | -x cdb | ||
| 551 | read instructions for handling new connections from the constant database | ||
| 552 | cdb. The constant database normally is created from an instructions | ||
| 553 | directory by running ipsvd-cdb(8). | ||
| 554 | * ignored by busyboxed version | ||
| 555 | -t sec | ||
| 556 | timeout. This option only takes effect if the -i option is given. | ||
| 557 | While checking the instructions directory, check the time of last access | ||
| 558 | of the file that matches the clients address or hostname if any, discard | ||
| 559 | and remove the file if it wasn't accessed within the last sec seconds; | ||
| 560 | tcpsvd does not discard or remove a file if the user's write permission | ||
| 561 | is not set, for those files the timeout is disabled. Default is 0, | ||
| 562 | which means that the timeout is disabled. | ||
| 563 | * ignored by busyboxed version | ||
| 564 | -l name | ||
| 565 | local hostname. Do not look up the local hostname in DNS, but use name | ||
| 566 | as hostname. This option must be set if tcpsvd listens on port 53 | ||
| 567 | to avoid loops. | ||
| 568 | -u user[:group] | ||
| 569 | drop permissions. Switch user ID to user's UID, and group ID to user's | ||
| 570 | primary GID after creating and binding to the socket. If user is followed | ||
| 571 | by a colon and a group name, the group ID is switched to the GID of group | ||
| 572 | instead. All supplementary groups are removed. | ||
| 573 | -c n | ||
| 574 | concurrency. Handle up to n connections simultaneously. Default is 30. | ||
| 575 | If there are n connections active, tcpsvd defers acceptance of a new | ||
| 576 | connection until an active connection is closed. | ||
| 577 | -C n[:msg] | ||
| 578 | per host concurrency. Allow only up to n connections from the same IP | ||
| 579 | address simultaneously. If there are n active connections from one IP | ||
| 580 | address, new incoming connections from this IP address are closed | ||
| 581 | immediately. If n is followed by :msg, the message msg is written | ||
| 582 | to the client if possible, before closing the connection. By default | ||
| 583 | msg is empty. See ipsvd-instruct(5) for supported escape sequences in msg. | ||
| 584 | |||
| 585 | For each accepted connection, the current per host concurrency is | ||
| 586 | available through the environment variable TCPCONCURRENCY. n and msg | ||
| 587 | can be overwritten by ipsvd(7) instructions, see ipsvd-instruct(5). | ||
| 588 | By default tcpsvd doesn't keep track of connections. | ||
| 589 | -h | ||
| 590 | Look up the client's hostname in DNS. | ||
| 591 | -p | ||
| 592 | paranoid. After looking up the client's hostname in DNS, look up the IP | ||
| 593 | addresses in DNS for that hostname, and forget about the hostname | ||
| 594 | if none of the addresses match the client's IP address. You should | ||
| 595 | set this option if you use hostname based instructions. The -p option | ||
| 596 | implies the -h option. | ||
| 597 | * ignored by busyboxed version | ||
| 598 | -b n | ||
| 599 | backlog. Allow a backlog of approximately n TCP SYNs. On some systems n | ||
| 600 | is silently limited. Default is 20. | ||
| 601 | -E | ||
| 602 | no special environment. Do not set up TCP-related environment variables. | ||
| 603 | -v | ||
| 604 | verbose. Print verbose messsages to standard output. | ||
| 605 | -vv | ||
| 606 | more verbose. Print more verbose messages to standard output. | ||
| 607 | * no difference between -v and -vv in busyboxed version | ||
| 608 | */ |