ninfod.c revision 313379eb6b9da55f7371adef39a92153a0707d4a
1/* $USAGI: ninfod.c,v 1.34 2003-01-15 06:41:23 mk Exp $ */ 2/* 3 * Copyright (C) 2002 USAGI/WIDE Project. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of the project nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30/* 31 * Author: 32 * YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> 33 */ 34 35#if HAVE_CONFIG_H 36#include "config.h" 37#endif 38 39#if HAVE_SYS_TYPES_H 40# include <sys/types.h> 41#endif 42#if STDC_HEADERS 43# include <stdio.h> 44# include <stdlib.h> 45# include <stddef.h> 46# include <stdarg.h> 47#else 48# if HAVE_STDLIB_H 49# include <stdlib.h> 50# endif 51#endif 52 53#if HAVE_STRING_H 54# if !STDC_HEADERS && HAVE_MEMORY_H 55# include <memory.h> 56# endif 57# include <string.h> 58#endif 59#if HAVE_STRINGS_H 60# include <strings.h> 61#endif 62#if HAVE_INTTYPES_H 63# include <inttypes.h> 64#else 65# if HAVE_STDINT_H 66# include <stdint.h> 67# endif 68#endif 69#if HAVE_LIMITS_H 70# include <limits.h> 71#endif 72#if HAVE_UNISTD_H 73# include <unistd.h> 74#endif 75 76#ifdef TIME_WITH_SYS_TIME 77# include <sys/time.h> 78# include <time.h> 79#else 80# ifdef HAVE_SYS_TIME_H 81# include <sys/time.h> 82# else 83# include <time.h> 84# endif 85#endif 86 87#if HAVE_SYS_UIO_H 88#include <sys/uio.h> 89#endif 90 91#include <sys/socket.h> 92 93#if HAVE_NETINET_IN_H 94# include <netinet/in.h> 95#endif 96 97#if HAVE_NETINET_ICMP6_H 98# include <netinet/icmp6.h> 99#endif 100#ifndef HAVE_STRUCT_ICMP6_NODEINFO 101# include "icmp6_nodeinfo.h" 102#endif 103 104#if HAVE_NETDB_H 105# include <netdb.h> 106#endif 107#include <errno.h> 108 109#include <signal.h> 110 111#if HAVE_SYSLOG_H 112# include <syslog.h> 113#endif 114 115#if HAVE_PWD_H 116# include <pwd.h> 117#endif 118 119#if HAVE_SYS_CAPABILITY_H 120# include <sys/prctl.h> 121# include <sys/capability.h> 122#endif 123 124#include "ninfod.h" 125 126#ifndef offsetof 127# define offsetof(aggregate,member) ((size_t)&((aggregate *)0)->member) 128#endif 129 130/* --------- */ 131/* ID */ 132static char *RCSID __attribute__ ((unused)) = "$USAGI: ninfod.c,v 1.34 2003-01-15 06:41:23 mk Exp $"; 133 134/* Variables */ 135int sock; 136int daemonized; 137 138char *appname; 139static int opt_d = 0; /* debug */ 140static int opt_h = 0; /* help */ 141static char *opt_p = NINFOD_PIDFILE; /* pidfile */ 142static int got_signal = 0; /* loop unless true */ 143int opt_v = 0; /* verbose */ 144static uid_t opt_u; 145 146static int ipv6_pktinfo = IPV6_PKTINFO; 147 148/* --------- */ 149#if ENABLE_DEBUG 150static const __inline__ char * log_level(int priority) { 151 switch(priority) { 152 case LOG_EMERG: return "EMERG"; 153 case LOG_ALERT: return "ALERT"; 154 case LOG_CRIT: return "CRIT"; 155 case LOG_ERR: return "ERR"; 156 case LOG_WARNING: return "WARNING"; 157 case LOG_NOTICE: return "NOTICE"; 158 case LOG_INFO: return "INFO"; 159 case LOG_DEBUG: return "DEBUG"; 160 default: return "???"; 161 } 162} 163 164void stderrlog(int pri, char *fmt, ...) 165{ 166 va_list ap; 167 char ebuf[512]; 168 char *buf; 169 size_t buflen; 170 171 va_start(ap, fmt); 172 173 for (buf = ebuf, buflen = sizeof(ebuf); 174 buflen < SIZE_MAX / 2; 175 free(buf != ebuf ? buf : NULL), buf = NULL, buflen *= 2) { 176 size_t rem; 177 size_t res; 178 179 buf = malloc(buflen); 180 if (!buf) 181 break; /*XXX*/ 182 183 rem = buflen; 184 185 res = snprintf(buf, rem, "[%s] ", log_level(pri)); 186 if (res >= rem) 187 continue; 188 rem -= res; 189 190 res = vsnprintf(buf + res, rem, fmt, ap); 191 192 if (res >= rem) 193 continue; 194 break; 195 } 196 197 if (buf) { 198 fputs(buf, stderr); 199 free(buf != ebuf ? buf : NULL); 200 } 201 202 va_end(ap); 203} 204#endif 205 206/* --------- */ 207static int __inline__ open_sock(void) 208{ 209 return socket(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6); 210} 211 212static int set_recvpktinfo(int sock) 213{ 214 int on, ret; 215 216 on = 1; 217 218#if defined(IPV6_RECVPKTINFO) 219 ret = setsockopt(sock, 220 IPPROTO_IPV6, IPV6_RECVPKTINFO, 221 &on, sizeof(on)); 222 if (!ret) 223 return 0; 224# if defined(IPV6_2292PKTINFO) 225 ret = setsockopt(sock, 226 IPPROTO_IPV6, IPV6_2292PKTINFO, 227 &on, sizeof(on)); 228 if (!ret) { 229 ipv6_pktinfo = IPV6_2292PKTINFO; 230 return 0; 231 } 232 233 DEBUG(LOG_ERR, "setsockopt(IPV6_RECVPKTINFO/IPV6_2292PKTINFO): %s\n", 234 strerror(errno)); 235# else 236 DEBUG(LOG_ERR, "setsockopt(IPV6_RECVPKTINFO): %s\n", 237 strerror(errno)); 238# endif 239#else 240 ret = setsockopt(sock, 241 IPPROTO_IPV6, IPV6_PKTINFO, 242 &on, sizeof(on)); 243 if (!ret) 244 return 0; 245 246 DEBUG(LOG_ERR, "setsockopt(IPV6_PKTINFO): %s\n", 247 strerror(errno)); 248#endif 249 250 return -1; 251} 252 253static int __inline__ init_sock(int sock) 254{ 255 struct icmp6_filter filter; 256#if NEED_IPV6CHECKSUM 257 int i; 258 259 i = offsetof(struct icmp6_nodeinfo, ni_cksum); 260 if (setsockopt(sock, 261 IPPROTO_IPV6, IPV6_CHECKSUM, 262 &i, sizeof(i)) < 0) { 263 DEBUG(LOG_ERR, "setsockopt(IPV6_CHECKSUM): %s\n", 264 strerror(errno)); 265 return -1; 266 } 267#endif 268 269 ICMP6_FILTER_SETBLOCKALL(&filter); 270 ICMP6_FILTER_SETPASS(ICMP6_NI_QUERY, &filter); 271 if (setsockopt(sock, 272 IPPROTO_ICMPV6, ICMP6_FILTER, 273 &filter, sizeof(filter)) < 0) { 274 DEBUG(LOG_ERR, "setsockopt(ICMP6_FILTER): %s\n", 275 strerror(errno)); 276 return -1; 277 } 278 279 if (set_recvpktinfo(sock) < 0) 280 return -1; 281 282 return 0; 283} 284 285/* --------- */ 286int ni_recv(struct packetcontext *p) 287{ 288 int sock = p->sock; 289 struct iovec iov[1]; 290 struct msghdr msgh; 291 char recvcbuf[CMSG_SPACE(sizeof(p->pktinfo))]; 292 struct cmsghdr *cmsg; 293 int cc; 294 295 DEBUG(LOG_DEBUG, "%s()\n", __func__); 296 297 memset(&iov, 0, sizeof(iov)); 298 iov[0].iov_base = p->query; 299 iov[0].iov_len = sizeof(p->query); 300 301 memset(&msgh, 0, sizeof(msgh)); 302 msgh.msg_name = (struct sockaddr *)&p->addr; 303 msgh.msg_namelen = sizeof(p->addr); 304 msgh.msg_iov = iov; 305 msgh.msg_iovlen = 1; 306 msgh.msg_control = recvcbuf; 307 msgh.msg_controllen = sizeof(recvcbuf); 308 309 if ((cc = recvmsg(sock, &msgh, 0)) < 0) 310 return -1; 311 312 p->querylen = cc; 313 p->addrlen = msgh.msg_namelen; 314 315 for (cmsg = CMSG_FIRSTHDR(&msgh); cmsg; 316 cmsg = CMSG_NXTHDR(&msgh, cmsg)) { 317 if (cmsg->cmsg_level == IPPROTO_IPV6 && 318 (cmsg->cmsg_type == IPV6_PKTINFO 319#if defined(IPV6_2292PKTINFO) 320 || cmsg->cmsg_type == IPV6_2292PKTINFO 321#endif 322 )) { 323 memcpy(&p->pktinfo, CMSG_DATA(cmsg), sizeof(p->pktinfo)); 324 break; 325 } 326 } 327 328 return 0; 329} 330 331int ni_send(struct packetcontext *p) 332{ 333 int sock = p->sock; 334 struct iovec iov[2]; 335 char cbuf[CMSG_SPACE(sizeof(p->pktinfo))]; 336 struct msghdr msgh; 337 struct cmsghdr *cmsg; 338 int cc; 339 340 DEBUG(LOG_DEBUG, "%s()\n", __func__); 341 342 memset(&iov, 0, sizeof(iov)); 343 iov[0].iov_base = &p->reply; 344 iov[0].iov_len = sizeof(p->reply); 345 iov[1].iov_base = p->replydata; 346 iov[1].iov_len = p->replydatalen; 347 348 memset(&msgh, 0, sizeof(msgh)); 349 msgh.msg_name = (struct sockaddr *)&p->addr; 350 msgh.msg_namelen = p->addrlen; 351 msgh.msg_iov = iov; 352 msgh.msg_iovlen = p->replydata ? 2 : 1; 353 354 msgh.msg_control = cbuf; 355 msgh.msg_controllen = sizeof(cbuf); 356 357 cmsg = CMSG_FIRSTHDR(&msgh); 358 cmsg->cmsg_level = IPPROTO_IPV6; 359 cmsg->cmsg_type = ipv6_pktinfo; 360 cmsg->cmsg_len = CMSG_LEN(sizeof(p->pktinfo)); 361 memcpy(CMSG_DATA(cmsg), &p->pktinfo, sizeof(p->pktinfo)); 362 363 msgh.msg_controllen = cmsg->cmsg_len; 364 365 if (p->delay) { 366#if HAVE_NANOSLEEP 367 struct timespec ts, rts; 368 int err = 0; 369 370 rts.tv_sec = p->delay / 1000000; 371 rts.tv_nsec = (long)(p->delay % 1000000) * 1000; 372 373 do { 374 ts = rts; 375 err = nanosleep(&ts, &rts); 376 } while(err < 0); 377#else 378 usleep(p->delay); /*XXX: signal*/ 379#endif 380 } 381 382 cc = sendmsg(sock, &msgh, 0); 383 if (cc < 0) 384 DEBUG(LOG_DEBUG, "sendmsg(): %s\n", strerror(errno)); 385 386 ni_free(p->replydata); 387 ni_free(p); 388 389 return cc; 390} 391 392/* --------- */ 393static void sig_handler(int sig) 394{ 395 if (!got_signal) 396 DEBUG(LOG_INFO, "singnal(%d) received, quitting.\n", sig); 397 got_signal = 1; 398} 399 400static void setup_sighandlers(void) 401{ 402 struct sigaction act; 403 sigset_t smask; 404 sigemptyset(&smask); 405 sigaddset(&smask, SIGHUP); 406 sigaddset(&smask, SIGINT); 407 sigaddset(&smask, SIGQUIT); 408 sigaddset(&smask, SIGTERM); 409 410 memset(&act, 0, sizeof(act)); 411 act.sa_handler = sig_handler; 412 act.sa_mask = smask; 413 414 sigaction(SIGHUP, &act, NULL); 415 sigaction(SIGINT, &act, NULL); 416 sigaction(SIGQUIT, &act, NULL); 417 sigaction(SIGTERM, &act, NULL); 418} 419 420static void set_logfile(void) 421{ 422 setbuf(stderr, NULL); 423#if ENABLE_DEBUG 424 openlog(NINFOD, 0, LOG_USER); 425#endif 426} 427 428static void cleanup_pidfile(void) 429{ 430 int err; 431 432 if (daemonized && opt_p) { 433 err = unlink(opt_p); 434 DEBUG(LOG_ERR, "failed to unlink file '%s' : %s\n", 435 opt_p, strerror(errno)); 436 } 437} 438 439static FILE *fopen_excl(const char *file) 440{ 441#ifndef __linux__ 442 int fd; 443 FILE *fp; 444 445 fd = open(file, O_CREAT | O_RDWR | O_EXCL, 446 S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); 447 if (fd < 0) 448 return NULL; 449 450 return fdopen(file, "w+"); 451#else 452 return fopen(file, "w+x"); 453#endif 454} 455 456static void do_daemonize(void) 457{ 458 FILE *fp = NULL; 459 pid_t pid; 460 461 if (opt_p) { 462 if (!access(opt_p, R_OK)) { 463 if ((fp = fopen(opt_p, "r"))) { 464 if (fscanf(fp, "%d", &pid) != 1) { 465 DEBUG(LOG_ERR, "pid file '%s' exists, but read failed.\n", 466 opt_p); 467 } else { 468 DEBUG(LOG_ERR, "pid file '%s' exists : %d\n", 469 opt_p, pid); 470 } 471 fclose(fp); 472 exit(1); 473 } 474 } 475 476 fp = fopen_excl(opt_p); 477 if (!fp) { 478 DEBUG(LOG_ERR, "failed to open file '%s': %s\n", 479 opt_p, strerror(errno)); 480 exit(1); 481 } 482 } 483 484 if (daemon(0, 0) < 0) { 485 DEBUG(LOG_ERR, "failed to daemon(): %s\n", strerror(errno)); 486 unlink(opt_p); 487 exit(1); 488 } 489 daemonized = 1; 490 491 if (fp) { 492 fprintf(fp, "%d\n", getpid()); 493 fclose(fp); 494 } 495} 496 497/* --------- */ 498#ifdef HAVE_LIBCAP 499static const cap_value_t cap_net_raw = CAP_NET_RAW; 500static const cap_value_t cap_setuid = CAP_SETUID; 501static cap_flag_value_t cap_ok; 502#else 503static uid_t euid; 504#endif 505 506static void limit_capabilities(void) 507{ 508#ifdef HAVE_LIBCAP 509 cap_t cap_p, cap_cur_p; 510 511 cap_p = cap_init(); 512 if (!cap_p) { 513 DEBUG(LOG_ERR, "cap_init: %s\n", strerror(errno)); 514 exit(-1); 515 } 516 517 cap_cur_p = cap_get_proc(); 518 if (!cap_cur_p) { 519 DEBUG(LOG_ERR, "cap_get_proc: %s\n", strerror(errno)); 520 exit(-1); 521 } 522 523 /* net_raw + setuid / net_raw */ 524 cap_get_flag(cap_cur_p, CAP_NET_RAW, CAP_PERMITTED, &cap_ok); 525 if (cap_ok != CAP_CLEAR) { 526 cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_net_raw, CAP_SET); 527 cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_net_raw, CAP_SET); 528 } 529 530 cap_get_flag(cap_cur_p, CAP_SETUID, CAP_PERMITTED, &cap_ok); 531 if (cap_ok != CAP_CLEAR) 532 cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET); 533 534 if (cap_set_proc(cap_p) < 0) { 535 DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno)); 536 if (errno != EPERM) 537 exit(-1); 538 } 539 540 if (prctl(PR_SET_KEEPCAPS, 1) < 0) { 541 DEBUG(LOG_ERR, "prctl: %s\n", strerror(errno)); 542 exit(-1); 543 } 544 545 cap_free(cap_cur_p); 546 cap_free(cap_p); 547#else 548 euid = geteuid(); 549#endif 550} 551 552static void drop_capabilities(void) 553{ 554#ifdef HAVE_LIBCAP 555 cap_t cap_p; 556 557 cap_p = cap_init(); 558 if (!cap_p) { 559 DEBUG(LOG_ERR, "cap_init: %s\n", strerror(errno)); 560 exit(-1); 561 } 562 563 /* setuid / setuid */ 564 if (cap_ok != CAP_CLEAR) { 565 cap_set_flag(cap_p, CAP_PERMITTED, 1, &cap_setuid, CAP_SET); 566 cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &cap_setuid, CAP_SET); 567 568 if (cap_set_proc(cap_p) < 0) { 569 DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno)); 570 exit(-1); 571 } 572 } 573 574 if (seteuid(opt_u ? opt_u : getuid()) < 0) { 575 DEBUG(LOG_ERR, "setuid: %s\n", strerror(errno)); 576 exit(-1); 577 } 578 579 if (prctl(PR_SET_KEEPCAPS, 0) < 0) { 580 DEBUG(LOG_ERR, "prctl: %s\n", strerror(errno)); 581 exit(-1); 582 } 583 584 cap_clear(cap_p); 585 if (cap_set_proc(cap_p) < 0) { 586 DEBUG(LOG_ERR, "cap_set_proc: %s\n", strerror(errno)); 587 exit(-1); 588 } 589 590 cap_free(cap_p); 591#else 592 if (setuid(getuid()) < 0) { 593 DEBUG(LOG_ERR, "setuid: %s\n", strerror(errno)); 594 exit(-1); 595 } 596#endif 597} 598 599/* --------- */ 600static void parse_args(int argc, char **argv) 601{ 602 int c; 603 unsigned long val; 604 char *ep; 605 606 /* parse options */ 607 while ((c = getopt(argc, argv, "dhvp:u:")) != -1) { 608 switch(c) { 609 case 'd': /* debug */ 610 opt_d = 1; 611 break; 612 case 'v': /* verbose */ 613 opt_v = 1; 614 break; 615 case 'p': 616 opt_p = optarg; 617 break; 618 case 'u': 619 val = strtoul(optarg, &ep, 10); 620 if (!optarg || *ep) { 621 struct passwd *pw = getpwnam(optarg); 622 if (!pw) { 623 DEBUG(LOG_ERR, "No such user: %s", optarg); 624 exit(1); 625 } 626 opt_u = pw->pw_uid; 627 } else 628 opt_u = val; 629 break; 630 case 'h': /* help */ 631 default: 632 opt_h = 1; 633 break; 634 } 635 } 636 637 argc -= optind; 638#if 0 639 argv += optind; 640#endif 641 642 if (argc) 643 opt_h = 1; 644} 645 646static void print_copying(void) { 647 fprintf(stderr, 648 "Node Information Daemon\n" 649 "Copyright (C)2002 USAGI/WIDE Project. All Rights Reserved.\n" 650 "\n" 651 ); 652} 653 654static void print_usage(void) { 655 fprintf(stderr, 656 "Usage: %s [-d] [-p pidfile] [-u user] [-h] [-v]\n\n", 657 appname 658 ); 659} 660 661/* --------- */ 662int main (int argc, char **argv) 663{ 664 int sock_errno = 0; 665 int ret; 666 667 appname = argv[0]; 668 set_logfile(); 669 670 limit_capabilities(); 671 672 sock = open_sock(); 673 if (sock < 0) 674 sock_errno = errno; 675 676 parse_args(argc, argv); 677 678 drop_capabilities(); 679 680 if (opt_h || opt_v) 681 print_copying(); 682 if (opt_h) { 683 print_usage(); 684 exit(1); 685 } 686 687 if (sock_errno) { 688 DEBUG(LOG_ERR, "socket: %s\n", strerror(sock_errno)); 689 exit(1); 690 } 691 692 /* initialize */ 693 if (init_sock(sock) < 0) 694 exit(1); 695 696 setup_sighandlers(); 697 if (!opt_d) 698 do_daemonize(); 699 700 init_core(1); 701 702 /* main loop */ 703 while (!got_signal) { 704 struct packetcontext *p; 705 struct icmp6_hdr *icmph; 706#if ENABLE_DEBUG 707 char saddrbuf[NI_MAXHOST]; 708 int gni; 709#endif 710 711 init_core(0); 712 713 p = ni_malloc(sizeof(*p)); 714 if (!p) { 715 DEBUG(LOG_WARNING, "%s(): failed to allocate packet context; sleep 1 sec.\n", 716 __func__); 717 sleep(1); 718 continue; 719 } 720 721 while (!got_signal) { 722 memset(p, 0, sizeof(*p)); 723 p->sock = sock; 724 725 if (ni_recv(p) < 0) { 726 if (got_signal) 727 break; 728 if (errno == EAGAIN || errno == EINTR) 729 continue; 730 /* XXX: syslog */ 731 continue; 732 } 733 break; 734 } 735 736#if ENABLE_DEBUG 737 gni = getnameinfo((struct sockaddr *)&p->addr, 738 p->addrlen, 739 saddrbuf, sizeof(saddrbuf), 740 NULL, 0, 741 NI_NUMERICHOST); 742 if (gni) 743 sprintf(saddrbuf, "???"); 744#endif 745 init_core(0); 746 747 if (p->querylen < sizeof(struct icmp6_hdr)) { 748 ni_free(p); 749 DEBUG(LOG_WARNING, "Too short icmp message from %s\n", saddrbuf); 750 continue; 751 } 752 753 icmph = (struct icmp6_hdr *)p->query; 754 755 DEBUG(LOG_DEBUG, 756 "type=%d, code=%d, cksum=0x%04x\n", 757 icmph->icmp6_type, icmph->icmp6_code, 758 ntohs(icmph->icmp6_cksum)); 759 760 if (icmph->icmp6_type != ICMP6_NI_QUERY) { 761 DEBUG(LOG_WARNING, 762 "Strange icmp type %d from %s\n", 763 icmph->icmp6_type, saddrbuf); 764 ni_free(p); 765 continue; 766 } 767 768 pr_nodeinfo(p); /* this frees p */ 769 } 770 771 cleanup_pidfile(); 772 773 exit(0); 774} 775 776