summaryrefslogtreecommitdiff
path: root/ipsvd/udpsvd.c
diff options
context:
space:
mode:
authorDenis Vlasenko2007-04-03 01:13:04 +0000
committerDenis Vlasenko2007-04-03 01:13:04 +0000
commit992e05b6f070562d83f9238b227e1ddbf951c9af (patch)
treec64729c60f929f3007b4ed93543291b52cb50a02 /ipsvd/udpsvd.c
parentcea0a8bccbb0d98eb0e7423e6fff0d8529db8efe (diff)
downloadbusybox-992e05b6f070562d83f9238b227e1ddbf951c9af.zip
busybox-992e05b6f070562d83f9238b227e1ddbf951c9af.tar.gz
udpsvd: more work on it. works in limited testing.
Diffstat (limited to 'ipsvd/udpsvd.c')
-rw-r--r--ipsvd/udpsvd.c181
1 files changed, 131 insertions, 50 deletions
diff --git a/ipsvd/udpsvd.c b/ipsvd/udpsvd.c
index 06c4f2e..700e1af 100644
--- a/ipsvd/udpsvd.c
+++ b/ipsvd/udpsvd.c
@@ -22,12 +22,14 @@
#include "busybox.h"
+#include "udp_io.c"
+
unsigned verbose;
static void sig_term_handler(int sig)
{
if (verbose)
- printf("udpsvd: info: sigterm received, exit\n");
+ printf("%s: info: sigterm received, exit\n", applet_name);
exit(0);
}
@@ -37,21 +39,14 @@ int udpsvd_main(int argc, char **argv)
const char *instructs;
char *str_t, *user;
unsigned opt;
-// unsigned lookuphost = 0;
-// unsigned paranoid = 0;
-// unsigned long timeout = 0;
char *remote_hostname;
- char *local_hostname = local_hostname; /* gcc */
+ char *local_hostname = NULL;
char *remote_ip;
char *local_ip = local_ip; /* gcc */
uint16_t local_port, remote_port;
- union {
- struct sockaddr sa;
- struct sockaddr_in sin;
- USE_FEATURE_IPV6(struct sockaddr_in6 sin6;)
- } sock_adr;
- socklen_t sockadr_size;
+ len_and_sockaddr remote;
+ len_and_sockaddr *localp;
int sock;
int wstat;
unsigned pid;
@@ -68,7 +63,7 @@ int udpsvd_main(int argc, char **argv)
OPT_t = (1 << 7),
};
- opt_complementary = "ph:vv";
+ opt_complementary = "-3:ph:vv";
opt = getopt32(argc, argv, "vu:l:hpi:x:t:",
&user, &local_hostname, &instructs, &instructs, &str_t, &verbose);
//if (opt & OPT_x) iscdb =1;
@@ -83,26 +78,29 @@ int udpsvd_main(int argc, char **argv)
if (!argv[0][0] || LONE_CHAR(argv[0], '0'))
argv[0] = (char*)"0.0.0.0";
+ /* stdout is used for logging, don't buffer */
setlinebuf(stdout);
+ bb_sanitize_stdio(); /* fd# 1,2 must be opened */
signal(SIGTERM, sig_term_handler);
signal(SIGPIPE, SIG_IGN);
local_port = bb_lookup_port(argv[1], "udp", 0);
- sock = create_and_bind_dgram_or_die(argv[0], local_port);
+ localp = xhost2sockaddr(argv[0], local_port);
+ sock = xsocket(localp->sa.sa_family, SOCK_DGRAM, 0);
+ xmove_fd(sock, 0); /* fd# 0 is the open UDP socket */
+ xbind(0, &localp->sa, localp->len);
+ socket_want_pktinfo(0);
if (opt & OPT_u) { /* drop permissions */
xsetgid(ugid.gid);
xsetuid(ugid.uid);
}
- bb_sanitize_stdio(); /* fd# 1,2 must be opened */
- close(0);
if (verbose) {
/* we do it only for ":port" cosmetics... oh well */
- len_and_sockaddr *lsa = xhost2sockaddr(argv[0], local_port);
- char *addr = xmalloc_sockaddr2dotted(&lsa->sa, lsa->len);
- printf("udpsvd: info: listening on %s", addr);
+ char *addr = xmalloc_sockaddr2dotted(&localp->sa, localp->len);
+ printf("%s: info: listening on %s", applet_name, addr);
free(addr);
if (option_mask32 & OPT_u)
printf(", uid %u, gid %u",
@@ -111,19 +109,8 @@ int udpsvd_main(int argc, char **argv)
}
again:
-/* io[0].fd = s;
- io[0].events = IOPAUSE_READ;
- io[0].revents = 0;
- taia_now(&now);
- taia_uint(&deadline, 3600);
- taia_add(&deadline, &now, &deadline);
- iopause(io, 1, &deadline, &now);
- if (!(io[0].revents | IOPAUSE_READ))
- goto again;
- io[0].revents = 0;
-*/
- sockadr_size = sizeof(sock_adr);
- if (recvfrom(sock, NULL, 0, MSG_PEEK, &sock_adr.sa, &sockadr_size) == -1) {
+ /* if (recvfrom(0, NULL, 0, MSG_PEEK, &remote.sa, &localp->len) < 0) { */
+ if (recv_from_to(0, NULL, 0, MSG_PEEK, &remote.sa, &localp->sa, localp->len) < 0) {
bb_perror_msg("recvfrom");
goto again;
}
@@ -136,28 +123,38 @@ int udpsvd_main(int argc, char **argv)
while (wait_pid(&wstat, pid) == -1)
bb_perror_msg("error waiting for child");
if (verbose)
- printf("udpsvd: info: end %u\n", pid);
+ printf("%s: info: end %u\n", applet_name, pid);
goto again;
}
/* Child */
-/* if (recvfrom(sock, 0, 0, MSG_PEEK, (struct sockaddr *)&sock_adr, &sockadr_size) == -1)
- drop("unable to read from socket");
-*/
+#if 0
+ /* I'd like to make it so that local addr is fixed to localp->sa,
+ * but how? The below trick doesn't work... */
+ close(0);
+ set_nport(localp, htons(local_port));
+ xmove_fd(xsocket(localp->sa.sa_family, SOCK_DGRAM, 0), 0);
+ xbind(0, &localp->sa, localp->len);
+#endif
+
if (verbose) {
- local_ip = argv[0]; // TODO: recv_from_to!
- local_hostname = (char*)"localhost";
+ local_ip = xmalloc_sockaddr2dotted_noport(&localp->sa, localp->len);
+ if (!local_hostname) {
+ local_hostname = xmalloc_sockaddr2host_noport(&localp->sa, localp->len);
+ if (!local_hostname)
+ bb_error_msg_and_die("cannot look up local hostname for %s", local_ip);
+ }
}
- remote_ip = xmalloc_sockaddr2dotted_noport(&sock_adr.sa, sockadr_size);
- remote_port = get_nport(&sock_adr.sa);
+ remote_ip = xmalloc_sockaddr2dotted_noport(&remote.sa, localp->len);
+ remote_port = get_nport(&remote.sa);
remote_port = ntohs(remote_port);
- if (verbose) {
- printf("udpsvd: info: pid %u from %s\n", pid, remote_ip);
- }
+ if (verbose)
+ printf("%s: info: pid %u from %s\n", applet_name, pid, remote_ip);
+
if (opt & OPT_h) {
- remote_hostname = xmalloc_sockaddr2host(&sock_adr.sa, sizeof(sock_adr));
+ remote_hostname = xmalloc_sockaddr2host(&remote.sa, localp->len);
if (!remote_hostname) {
bb_error_msg("warning: cannot look up hostname for %s", remote_ip);
remote_hostname = (char*)"";
@@ -176,15 +173,15 @@ int udpsvd_main(int argc, char **argv)
if (verbose) {
#if 0
- out("udpsvd: info: ");
+ out("%s: info: ", applet_name);
switch(ac) {
case IPSVD_DENY: out("deny "); break;
case IPSVD_DEFAULT: case IPSVD_INSTRUCT: out("start "); break;
case IPSVD_EXEC: out("exec "); break;
}
#endif
- printf("udpsvd: info: %u %s:%s :%s:%s:%u\n",
- pid, local_hostname, local_ip,
+ printf("%s: info: %u %s:%s :%s:%s:%u\n",
+ applet_name, pid, local_hostname, local_ip,
remote_hostname, remote_ip, remote_port);
#if 0
if (instructs) {
@@ -202,7 +199,7 @@ int udpsvd_main(int argc, char **argv)
#if 0
if (ac == IPSVD_DENY) {
- recv(s, 0, 0, 0);
+ recv(0, 0, 0, 0);
_exit(100);
}
if (ac == IPSVD_EXEC) {
@@ -213,14 +210,98 @@ int udpsvd_main(int argc, char **argv)
run = args;
} else run = prog;
#endif
-
- xmove_fd(sock, 0);
+ /* Make plain write(1) work for the child by supplying default
+ * destination address */
+ xconnect(0, &remote.sa, localp->len);
dup2(0, 1);
signal(SIGTERM, SIG_DFL);
signal(SIGPIPE, SIG_DFL);
- argv += 2;
+ argv += 2;
BB_EXECVP(argv[0], argv);
bb_perror_msg_and_die("exec '%s'", argv[0]);
}
+
+/*
+udpsvd [-hpvv] [-u user] [-l name] [-i dir|-x cdb] [-t sec] host port prog
+
+udpsvd creates an UDP/IP socket, binds it to the address host:port,
+and listens on the socket for incoming datagrams.
+
+If a datagram is available on the socket, udpsvd conditionally starts
+a program, with standard input reading from the socket, and standard
+output redirected to standard error, to handle this, and possibly
+more datagrams. udpsvd does not start the program if another program
+that it has started before still is running. If the program exits,
+udpsvd again listens to the socket until a new datagram is available.
+If there are still datagrams available on the socket, the program
+is restarted immediately.
+
+udpsvd optionally checks for special intructions depending on
+the IP address or hostname of the client sending the datagram which
+not yet was handled by a running program, see ipsvd-instruct(5)
+for details.
+
+Attention:
+UDP is a connectionless protocol. Most programs that handle user datagrams,
+such as talkd(8), keep running after receiving a datagram, and process
+subsequent datagrams sent to the socket until a timeout is reached.
+udpsvd only checks special instructions for a datagram that causes a startup
+of the program; not if a program handling datagrams already is running.
+It doesn't make much sense to restrict access through special instructions
+when using such a program.
+
+On the other hand, it makes perfectly sense with programs like tftpd(8),
+that fork to establish a separate connection to the client when receiving
+the datagram. In general it's adequate to set up special instructions for
+programs that support being run by tcpwrapper.
+Options
+
+host
+ host either is a hostname, or a dotted-decimal IP address, or 0.
+ If host is 0, udpsvd accepts datagrams to any local IP address.
+port
+ udpsvd accepts datagrams to host:port. port may be a name from
+ /etc/services or a number.
+prog
+ prog consists of one or more arguments. udpsvd normally runs prog
+ to handle a datagram, and possibly more, that is sent to the socket,
+ if there is no program that was started before by udpsvd still running
+ and handling datagrams.
+-i dir
+ read instructions for handling new connections from the instructions
+ directory dir. See ipsvd-instruct(5) for details.
+-x cdb
+ read instructions for handling new connections from the constant
+ database cdb. The constant database normally is created from
+ an instructions directory by running ipsvd-cdb(8).
+-t sec
+ timeout. This option only takes effect if the -i option is given.
+ While checking the instructions directory, check the time of last
+ access of the file that matches the clients address or hostname if any,
+ discard and remove the file if it wasn't accessed within the last
+ sec seconds; udpsvd does not discard or remove a file if the user's
+ write permission is not set, for those files the timeout is disabled.
+ Default is 0, which means that the timeout is disabled.
+-l name
+ local hostname. Do not look up the local hostname in DNS, but use name
+ as hostname. By default udpsvd looks up the local hostname once at startup.
+-u user[:group]
+ drop permissions. Switch user ID to user's UID, and group ID to user's
+ primary GID after creating and binding to the socket. If user
+ is followed by a colon and a group name, the group ID is switched
+ to the GID of group instead. All supplementary groups are removed.
+-h
+ Look up the client's hostname in DNS.
+-p
+ paranoid. After looking up the client's hostname in DNS, look up
+ the IP addresses in DNS for that hostname, and forget the hostname
+ if none of the addresses match the client's IP address. You should
+ set this option if you use hostname based instructions. The -p option
+ implies the -h option.
+-v
+ verbose. Print verbose messages to standard output.
+-vv
+ more verbose. Print more verbose messages to standard output.
+*/