The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
fd_open.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 9f291e9139146e697c6cb055bb5feb5a53f5f765 $
19 * @file lib/bio/fd_open.c
20 * @brief BIO abstractions for opening file descriptors
21 *
22 * @copyright 2024 Network RADIUS SAS (legal@networkradius.com)
23 */
24
25#include <freeradius-devel/bio/fd_priv.h>
26#include <freeradius-devel/util/file.h>
27#include <freeradius-devel/util/cap.h>
28#include <freeradius-devel/util/rand.h>
29
30#include <sys/stat.h>
31#include <net/if.h>
32#include <fcntl.h>
33#include <libgen.h>
34#include <netinet/tcp.h>
35#include <netinet/in.h>
36
37/** Initialize common datagram information
38 *
39 */
40static int fr_bio_fd_common_tcp(int fd, UNUSED fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
41{
42 int on = 1;
43
44#ifdef SO_KEEPALIVE
45 /*
46 * TCP keepalives are always a good idea. Too many people put firewalls between critical
47 * systems, and then the firewalls drop live TCP streams.
48 */
49 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) {
50 fr_strerror_printf("Failed setting SO_KEEPALIVE: %s", fr_syserror(errno));
51 return -1;
52 }
53#endif
54
55#ifdef TCP_NODELAY
56 /*
57 * Add some defines for *BSD, and Solaris systems.
58 */
59# if !defined(SOL_TCP) && defined(IPPROTO_TCP)
60# define SOL_TCP IPPROTO_TCP
61# endif
62
63 /*
64 * Also set TCP_NODELAY, to force the data to be written quickly.
65 *
66 * We buffer full packets in memory before we write them, so there's no reason for the kernel to
67 * sit around waiting for more data from us.
68 */
69 if (!cfg->tcp_delay) {
70 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &on, sizeof(on)) < 0) {
71 fr_strerror_printf("Failed setting TCP_NODELAY: %s", fr_syserror(errno));
72 return -1;
73 }
74 }
75#endif
76
77 return 0;
78}
79
80
81/** Initialize common datagram information
82 *
83 */
84static int fr_bio_fd_common_datagram(int fd, UNUSED fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
85{
86 int on = 1;
87
88#ifdef SO_TIMESTAMPNS
89 /*
90 * Enable receive timestamps, these should reflect
91 * when the packet was received, not when it was read
92 * from the socket.
93 */
94 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS, &on, sizeof(int)) < 0) {
95 fr_strerror_printf("Failed setting SO_TIMESTAMPNS: %s", fr_syserror(errno));
96 return -1;
97 }
98
99#elif defined(SO_TIMESTAMP)
100 /*
101 * Enable receive timestamps, these should reflect
102 * when the packet was received, not when it was read
103 * from the socket.
104 */
105 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(int)) < 0) {
106 fr_strerror_printf("Failed setting SO_TIMESTAMP: %s", fr_syserror(errno));
107 return -1;
108 }
109#endif
110
111
112#ifdef SO_RCVBUF
113 if (cfg->recv_buff) {
114 int opt = cfg->recv_buff;
115
116 /*
117 * Clamp value to something reasonable.
118 */
119 if (opt > (1 << 29)) opt = (1 << 29);
120
121 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)) < 0) {
122 fr_strerror_printf("Failed setting SO_RCVBUF: %s", fr_syserror(errno));
123 return -1;
124 }
125 }
126#endif
127
128#ifdef SO_SNDBUF
129 if (cfg->send_buff) {
130 int opt = cfg->send_buff;
131
132 /*
133 * Clamp value to something reasonable.
134 */
135 if (opt > (1 << 29)) opt = (1 << 29);
136
137 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(opt)) < 0) {
138 fr_strerror_printf("Failed setting SO_SNDBUF: %s", fr_syserror(errno));
139 return -1;
140 }
141 }
142#endif
143
144 return 0;
145}
146
147/** Initialize a UDP socket.
148 *
149 */
150static int fr_bio_fd_common_udp(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
151{
152#ifdef SO_REUSEPORT
153 /*
154 * Servers re-use ports by default. And clients, too, if they ask nicely.
155 */
156 if (cfg->server || cfg->reuse_port) {
157 int on = 1;
158
159 /*
160 * Set SO_REUSEPORT before bind, so that all sockets can
161 * listen on the same destination IP address.
162 */
163 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on)) < 0) {
164 fr_strerror_printf("Failed setting SO_REUSEPORT: %s", fr_syserror(errno));
165 return -1;
166 }
167 }
168#endif
169
170 /*
171 * IPv4 fragments packets. IPv6 does not.
172 *
173 * Many systems set the "don't fragment" bit by default for IPv4. This setting means that "too
174 * large" packets are silently discarded in the network.
175 *
176 * Many local networks support UDP fragmentation, so we just send packets and hope for the best.
177 * In order to support local networks, we disable the "don't fragment" bit.
178 *
179 * The wider Internet does not support UDP fragmentation. This means that fragmented packets are
180 * silently discarded.
181 *
182 * @todo - add more code to properly handle EMSGSIZE for PMTUD. We can then also do
183 * getsockopt(fd,IP_MTU,&integer) to get the current path MTU. It can only be used after the
184 * socket has been connected. It should also be called after an EMSGSIZE error is returned.
185 *
186 * getsockopt(fd,IP_MTU,&integer) can also be used for unconnected sockets, if we also set
187 * IP_RECVERR. In which case the errors are put into an error queue. This is only for Linux.
188 */
189 if ((sock->af == AF_INET) && cfg->exceed_mtu) {
190#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
191 /*
192 * Disable PMTU discovery. On Linux, this also makes sure that the "don't
193 * fragment" flag is zero.
194 */
195 {
196 int flag = IP_PMTUDISC_DONT;
197
198 if (setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER, &flag, sizeof(flag)) < 0) {
199 fr_strerror_printf("Failed setting IP_MTU_DISCOVER: %s", fr_syserror(errno));
200 return -1;
201 }
202 }
203#endif
204
205#if defined(IP_DONTFRAG)
206 /*
207 * Ensure that the "don't fragment" flag is zero.
208 */
209 {
210 int off = 0;
211
212 if (setsockopt(fd, IPPROTO_IP, IP_DONTFRAG, &off, sizeof(off)) < 0) {
213 fr_strerror_printf("Failed setting IP_DONTFRAG: %s", fr_syserror(errno));
214 return -1;
215 }
216 }
217#endif
218 }
219
220 return fr_bio_fd_common_datagram(fd, sock, cfg);
221}
222
223/** Initialize a TCP server socket.
224 *
225 */
226static int fr_bio_fd_server_tcp(int fd, UNUSED fr_socket_t const *sock)
227{
228 int on = 1;
229
230 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
231 fr_strerror_printf("Failed setting SO_REUSEADDR: %s", fr_syserror(errno));
232 return -1;
233 }
234
235 return 0;
236}
237
238/** Initialize an IPv4 server socket.
239 *
240 */
241static int fr_bio_fd_server_ipv4(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
242{
243 /*
244 * And set up any UDP / TCP specific information.
245 */
246 if (sock->type == SOCK_DGRAM) return fr_bio_fd_common_udp(fd, sock, cfg);
247
248 return fr_bio_fd_server_tcp(fd, sock);
249}
250
251/** Initialize an IPv6 server socket.
252 *
253 */
254static int fr_bio_fd_server_ipv6(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
255{
256#ifdef IPV6_V6ONLY
257 /*
258 * Don't allow v4 packets on v6 connections.
259 */
260 if (IN6_IS_ADDR_UNSPECIFIED(UNCONST(struct in6_addr *, &sock->inet.src_ipaddr.addr.v6))) {
261 int on = 1;
262
263 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&on, sizeof(on)) < 0) {
264 fr_strerror_printf("Failed setting IPV6_ONLY: %s", fr_syserror(errno));
265 return -1;
266 }
267 }
268#endif /* IPV6_V6ONLY */
269
270 /*
271 * And set up any UDP / TCP specific information.
272 */
273 if (sock->type == SOCK_DGRAM) return fr_bio_fd_common_udp(fd, sock, cfg);
274
275 return fr_bio_fd_server_tcp(fd, sock);
276}
277
278/** Verify or clean up a pre-existing domain socket.
279 *
280 */
281static int fr_bio_fd_socket_unix_verify(int dirfd, char const *filename, fr_bio_fd_config_t const *cfg)
282{
283 int fd;
284 struct stat buf;
285
286 /*
287 * See if the socket exits. If there's an error opening it, that's an issue.
288 *
289 * If it doesn't exist, that's fine.
290 */
291 if (fstatat(dirfd, filename, &buf, AT_SYMLINK_NOFOLLOW) < 0) {
292 if (errno != ENOENT) {
293 fr_strerror_printf("Failed opening domain socket %s: %s", cfg->path, fr_syserror(errno));
294 return -1;
295 }
296
297 return 0;
298 }
299
300 /*
301 * If it exists, it must be a socket.
302 */
303 if (!S_ISSOCK(buf.st_mode)) {
304 fr_strerror_printf("Failed open domain socket %s: it is not a socket", filename);
305 return -1;
306 }
307
308 /*
309 * Refuse to open sockets not owned by us. This prevents configurations from stomping on each
310 * other.
311 */
312 if (buf.st_uid != cfg->uid) {
313 fr_strerror_printf("Failed opening domain socket %s: incorrect UID", cfg->path);
314 return -1;
315 }
316
317 /*
318 * The file exists,and someone is listening. We can't claim it for ourselves.
319 *
320 * Note that this function calls connect(), but connect() always returns immediately for domain
321 * sockets.
322 *
323 * @todo - redo that function here, with separate checks for permission errors vs anything else.
324 */
325 fd = fr_socket_client_unix(cfg->path, false);
326 if (fd >= 0) {
327 close(fd);
328 fr_strerror_printf("Failed creating domain socket %s: It is currently active", cfg->path);
329 return -1;
330 }
331
332 /*
333 * It exists, but no one is listening. Delete it so that we can re-bind to it.
334 */
335 if (unlinkat(dirfd, filename, 0) < 0) {
336 fr_strerror_printf("Failed removing pre-existing domain socket %s: %s",
337 cfg->path, fr_syserror(errno));
338 return -1;
339 }
340
341 return 0;
342}
343
344/*
345 * We normally can't call fchmod() or fchown() on sockets, as they don't really exist in the file system.
346 * Instead, we enforce those permissions on the parent directory of the socket.
347 */
348static int fr_bio_fd_socket_unix_mkdir(int *dirfd, char const **filename, fr_bio_fd_config_t const *cfg)
349{
350 mode_t perm;
351 int parent_fd, fd;
352 char const *path = cfg->path;
353 char *p, *dir = NULL;
354 char *slashes[2];
355
356 perm = S_IREAD | S_IWRITE | S_IEXEC;
357 perm |= S_IRGRP | S_IWGRP | S_IXGRP;
358
359 /*
360 * The parent directory exists. Ensure that it has the correct ownership and permissions.
361 *
362 * If the parent directory exists, then it enforces access, and we can create the domain socket
363 * within it.
364 */
365 if (fr_dirfd(dirfd, filename, path) == 0) {
366 struct stat buf;
367
368 if (fstat(*dirfd, &buf) < 0) {
369 fr_strerror_printf("Failed reading parent directory for file %s: %s", path, fr_syserror(errno));
370 fail:
371 talloc_free(dir);
372 close(*dirfd);
373 return -1;
374 }
375
376 if (buf.st_uid != cfg->uid) {
377 fr_strerror_printf("Failed reading parent directory for file %s: Incorrect UID", path);
378 goto fail;
379 }
380
381 if (buf.st_gid != cfg->gid) {
382 fr_strerror_printf("Failed reading parent directory for file %s: Incorrect GID", path);
383 goto fail;
384 }
385
386 /*
387 * We don't have the correct permissions on the directory, so we fix them.
388 *
389 * @todo - allow for "other" to read/write if we do authentication on the socket?
390 */
391 if (fchmod(*dirfd, perm) < 0) {
392 fr_strerror_printf("Failed setting parent directory permissions for file %s: %s", path, fr_syserror(errno));
393 goto fail;
394 }
395
396 return 0;
397 }
398
399 dir = talloc_strdup(NULL, path);
400 if (!dir) goto fail;
401
402 /*
403 * Find the last two directory separators.
404 */
405 slashes[0] = slashes[1] = NULL;
406 for (p = dir; *p != '\0'; p++) {
407 if (*p == '/') {
408 slashes[0] = slashes[1];
409 slashes[1] = p;
410 }
411 }
412
413 /*
414 * There's only one / in the path, we can't do anything.
415 *
416 * Opening 'foo/bar.sock' might be useful, but isn't normally a good idea.
417 */
418 if (!slashes[0]) {
419 fr_strerror_printf("Failed parsing filename %s: it is not absolute", path);
420 goto fail;
421 }
422
423 /*
424 * Ensure that the grandparent directory exists.
425 *
426 * /var/run/radiusd/foo.sock
427 *
428 * slashes[0] points to the slash after 'run'.
429 *
430 * slashes[1] points to the slash after 'radiusd', which doesn't exist.
431 */
432 *slashes[0] = '\0';
433
434 /*
435 * If the grandparent doesn't exist, then we don't create it.
436 *
437 * These checks minimize the possibility that a misconfiguration by user "radiusd" can cause a
438 * suid-root binary top create a directory in the wrong place. These checks are only necessary
439 * if the unix domain socket is opened as root.
440 */
441 parent_fd = open(dir, O_DIRECTORY | O_NOFOLLOW);
442 if (parent_fd < 0) {
443 fr_strerror_printf("Failed opening directory %s: %s", dir, fr_syserror(errno));
444 goto fail;
445 }
446
447 /*
448 * Create the parent directory.
449 */
450 *slashes[0] = '/';
451 *slashes[1] = '\0';
452 if (mkdirat(parent_fd, dir, 0700) < 0) {
453 fr_strerror_printf("Failed creating directory %s: %s", dir, fr_syserror(errno));
454 close_parent:
455 close(parent_fd);
456 goto fail;
457 }
458
459 fd = openat(parent_fd, dir, O_DIRECTORY);
460 if (fd < 0) {
461 fr_strerror_printf("Failed opening directory %s: %s", dir, fr_syserror(errno));
462 goto close_parent;
463 }
464
465 if (fchmod(fd, perm) < 0) {
466 fr_strerror_printf("Failed changing permission for directory %s: %s", dir, fr_syserror(errno));
467 close_fd:
468 close(fd);
469 goto close_parent;
470 }
471
472 /*
473 * This is a NOOP if we're chowning a file owned by ourselves to our own UID / GID.
474 *
475 * Otherwise if we're running as root, it will set ownership to the correct user.
476 */
477 if (fchown(fd, cfg->uid, cfg->gid) < 0) {
478 fr_strerror_printf("Failed changing ownershipt for directory %s: %s", dir, fr_syserror(errno));
479 goto close_fd;
480 }
481
482 talloc_free(dir);
483 close(fd);
484 close(parent_fd);
485
486 return 0;
487}
488
490{
491 fr_bio_fd_t *my = talloc_get_type_abort(bio, fr_bio_fd_t);
492
493 /*
494 * The bio must be open in order to shut it down.
495 *
496 * Unix domain sockets are deleted when the bio is closed.
497 *
498 * Unix domain sockets are never in the "connecting" state, because connect() always returns
499 * immediately.
500 */
501 fr_assert(my->info.state == FR_BIO_FD_STATE_OPEN);
502
503 /*
504 * Run the user shutdown before we run ours.
505 */
506 if (my->user_shutdown) my->user_shutdown(bio);
507
508 (void) unlink(my->info.socket.unix.path);
509}
510
511/** Bind to a Unix domain socket.
512 *
513 * @todo - this function only does a tiny bit of what fr_server_domain_socket_peercred() and
514 * fr_server_domain_socket_perm() do. Those functions do a lot more sanity checks.
515 *
516 * The main question is whether or not those checks are useful. In many cases, fchmod() and fchown() are not
517 * possible on Unix sockets, so we shouldn't bother doing them,
518 *
519 * Note that the listeners generally call these functions with wrappers of fr_suid_up() and fr_suid_down().
520 * So these functions are running as "root", and will create files owned as "root".
521 */
523{
524 int dirfd, rcode;
525 char const *filename, *p;
526 socklen_t sunlen;
527 struct sockaddr_un sun;
528
529 if (!cfg->path) {
530 fr_strerror_const("Failed to specify path");
531 return -1;
532 }
533
534 /*
535 * The UID and GID should be taken automatically from the "user" and "group" settings in
536 * mainconfig. There is no reason to set them to anything else.
537 */
538 if (cfg->uid == (uid_t) -1) {
539 fr_strerror_printf("Failed opening domain socket %s: no UID specified", cfg->path);
540 return -1;
541 }
542
543 if (cfg->gid == (gid_t) -1) {
544 fr_strerror_printf("Failed opening domain socket %s: no GID specified", cfg->path);
545 return -1;
546 }
547
548 /*
549 * Opening 'foo.sock' is OK.
550 */
551 p = strrchr(cfg->path, '/');
552 if (!p) {
553 dirfd = AT_FDCWD;
554 filename = cfg->path;
555
556 } else if (p == cfg->path) {
557 /*
558 * Opening '/foo.sock' is dumb.
559 */
560 fr_strerror_printf("Failed opening domain socket %s: cannot exist at file system root", p);
561 return -1;
562
563 } else if (fr_bio_fd_socket_unix_mkdir(&dirfd, &filename, cfg) < 0) {
564 return -1;
565 }
566
567 /*
568 * Verify and/or clean up the domain socket.
569 */
570 if (fr_bio_fd_socket_unix_verify(dirfd, filename, cfg) < 0) {
571 fail:
572 if (dirfd != AT_FDCWD) close(dirfd);
573 return -1;
574 }
575
576#ifdef HAVE_BINDAT
577 /*
578 * The best function to use here is bindat(), but only quite recent versions of FreeBSD actually
579 * have it, and it's definitely not POSIX.
580 *
581 * If we use bindat(), we pass a relative pathname.
582 */
583 if (fr_filename_to_sockaddr(&sun, &sunlen, filename) < 0) goto fail;
584
585 rcode = bindat(dirfd, my->info.socket.fd, (struct sockaddr *) &sun, sunlen);
586#else
587 /*
588 * For bind(), we pass the full path.
589 */
590 if (fr_filename_to_sockaddr(&sun, &sunlen, cfg->path) < 0) goto fail;
591
592 rcode = bind(my->info.socket.fd, (struct sockaddr *) &sun, sunlen);
593#endif
594 if (rcode < 0) {
595 /*
596 * @todo - if EADDRINUSE, then the socket exists. Try connect(), and if that fails,
597 * delete the socket and try again. This may be simpler than the checks above.
598 */
599 fr_strerror_printf("Failed binding to domain socket %s: %s", cfg->path, fr_syserror(errno));
600 goto fail;
601 }
602
603#ifdef __linux__
604 /*
605 * Linux supports chown && chmod for sockets.
606 */
607 if (fchmod(my->info.socket.fd, S_IREAD | S_IWRITE | S_IEXEC | S_IRGRP | S_IWGRP | S_IXGRP) < 0) {
608 fr_strerror_printf("Failed changing permission for domain socket %s: %s", cfg->path, fr_syserror(errno));
609 goto fail;
610 }
611
612 /*
613 * This is a NOOP if we're chowning a file owned by ourselves to our own UID / GID.
614 *
615 * Otherwise if we're running as root, it will set ownership to the correct user.
616 */
617 if (fchown(my->info.socket.fd, cfg->uid, cfg->gid) < 0) {
618 fr_strerror_printf("Failed changing ownershipt for domain directory %s: %s", cfg->path, fr_syserror(errno));
619 goto fail;
620 }
621
622#endif
623
624 /*
625 * Socket is open. We need to clean it up on shutdown.
626 */
627 if (my->cb.shutdown) my->user_shutdown = my->cb.shutdown;
628 my->cb.shutdown = fr_bio_fd_unix_shutdown;
629
630 return 0;
631}
632
633/*
634 * Use the OSX native versions on OSX.
635 */
636#ifdef __APPLE__
637#undef SO_BINDTODEVICE
638#endif
639
640#ifdef SO_BINDTODEVICE
641/** Linux bind to device by name.
642 *
643 */
645{
646 /*
647 * ifindex isn't set, do nothing.
648 */
649 if (!my->info.socket.inet.ifindex) return 0;
650
651 if (!cfg->interface) return 0;
652
653 /*
654 * The internet hints that CAP_NET_RAW is required to use SO_BINDTODEVICE.
655 *
656 * This function also sets fr_strerror() on failure, which will be seen if the bind fails. If
657 * the bind succeeds, then we don't really care that the capability change has failed. We must
658 * already have that capability.
659 */
660#ifdef HAVE_CAPABILITY_H
661 (void)fr_cap_enable(CAP_NET_RAW, CAP_EFFECTIVE);
662#endif
663
664 if (setsockopt(my->info.socket.fd, SOL_SOCKET, SO_BINDTODEVICE, cfg->interface, strlen(cfg->interface)) < 0) {
665 fr_strerror_printf("Failed setting SO_BINDTODEVICE for %s: %s", cfg->interface, fr_syserror(errno));
666 return -1;
667 }
668
669 return 0;
670}
671
672#elif defined(IP_BOUND_IF) || defined(IPV6_BOUND_IF)
673/** OSX bind to interface by index.
674 *
675 */
677{
678 int opt, rcode;
679
680 if (!my->info.socket.inet.ifindex) return 0;
681
682 opt = my->info.socket.inet.ifindex;
683
684 switch (my->info.socket.af) {
685 case AF_LOCAL:
686 rcode = setsockopt(my->info.socket.fd, IPPROTO_IP, IP_BOUND_IF, &opt, sizeof(opt));
687 break;
688
689 case AF_INET6:
690 rcode = setsockopt(my->info.socket.fd, IPPROTO_IPV6, IPV6_BOUND_IF, &opt, sizeof(opt));
691 break;
692
693 default:
694 rcode = -1;
695 errno = EAFNOSUPPORT;
696 break;
697 }
698
699 fr_strerror_printf("Failed setting IP_BOUND_IF: %s", fr_syserror(errno));
700 return rcode;
701}
702#else
703
704/** This system is missing SO_BINDTODEVICE, IP_BOUND_IF, IPV6_BOUND_IF
705 *
706 * @todo - FreeBSD IP_RECVIF and IP_SENDIF
707 *
708 * Except that has to be done in recvmsg() and sendmsg(). And it only works on datagram sockets.
709 *
710 * cmsg_len = sizeof(struct sockaddr_dl)
711 * cmsg_level = IPPROTO_IP
712 * cmsg_type = IP_RECVIF
713 */
715{
716 if (!my->info.socket.inet.ifindex) return 0;
717
718 fr_strerror_const("Bind to interface is not supported on this platform");
719 return -1;
720}
721
722/* bind to device */
723#endif
724
726{
727 socklen_t salen;
728 struct sockaddr_storage salocal;
729
730 fr_assert((my->info.socket.af == AF_INET) || (my->info.socket.af == AF_INET6));
731
732#ifdef HAVE_CAPABILITY_H
733 /*
734 * If we're binding to a special port as non-root, then
735 * check capabilities. If we're root, we already have
736 * equivalent capabilities so we don't need to check.
737 */
738 if ((my->info.socket.inet.src_port < 1024) && (geteuid() != 0)) {
739 (void)fr_cap_enable(CAP_NET_BIND_SERVICE, CAP_EFFECTIVE);
740 }
741#endif
742
743 if (fr_bio_fd_socket_bind_to_device(my, cfg) < 0) return -1;
744
745 /*
746 * Bind to the IP + interface.
747 */
748 if (fr_ipaddr_to_sockaddr(&salocal, &salen, &my->info.socket.inet.src_ipaddr, my->info.socket.inet.src_port) < 0) return -1;
749
750 /*
751 * If we have a fixed source port, just use that.
752 */
753 if (my->info.cfg->src_port || !my->info.cfg->src_port_start) {
754 if (bind(my->info.socket.fd, (struct sockaddr *) &salocal, salen) < 0) {
755 fr_strerror_printf("Failed binding to socket: %s", fr_syserror(errno));
756 return -1;
757 }
758 } else {
759 uint16_t src_port, current, range;
760 struct sockaddr_in *sin = (struct sockaddr_in *) &salocal;
761
762 fr_assert(my->info.cfg->src_port_start);
763 fr_assert(my->info.cfg->src_port_end);
764 fr_assert(my->info.cfg->src_port_end >= my->info.cfg->src_port_start);
765
766 range = my->info.cfg->src_port_end - my->info.cfg->src_port_start;
767 src_port = fr_rand() % range;
768
769 /*
770 * We only care about sin_port, which is in the same location for sockaddr_in and sockaddr_in6.
771 */
772 fr_assert(sin->sin_port == 0);
773
774 sin->sin_port = htons(my->info.cfg->src_port_start + src_port);
775
776 /*
777 * We've picked a random port in what is hopefully a large range. If that works, we're
778 * done.
779 */
780 if (bind(my->info.socket.fd, (struct sockaddr *) &salocal, salen) == 0) goto done;
781
782 /*
783 * Hunt & peck. Which is horrible.
784 */
785 current = src_port;
786 while (true) {
787 if (current == range) {
788 current = 0;
789 } else {
790 current++;
791 }
792
793 /*
794 * We've already checked this, so stop.
795 */
796 if (current == src_port) break;
797
798 sin->sin_port = htons(my->info.cfg->src_port_start + current);
799
800 if (bind(my->info.socket.fd, (struct sockaddr *) &salocal, salen) == 0) goto done;
801 }
802
803 /*
804 * The error is a good hint at _why_ we failed to bind.
805 * We expect errno to be EADDRINUSE, anything else is a surprise.
806 */
807 fr_strerror_printf("Failed binding port between 'src_port_start' and 'src_port_end': %s", fr_syserror(errno));
808 return -1;
809 }
810
811 /*
812 * The source IP may have changed, so get the new one.
813 */
814done:
816}
817
819{
820 fr_bio_fd_config_t const *cfg = my->info.cfg;
821
822 switch (my->info.type) {
824 return;
825
827 fr_assert(cfg->socket_type == SOCK_DGRAM);
828
829 switch (my->info.socket.af) {
830 case AF_INET:
831 case AF_INET6:
832 my->info.name = fr_asprintf(my, "proto udp local %pV port %u",
833 fr_box_ipaddr(my->info.socket.inet.src_ipaddr),
834 my->info.socket.inet.src_port);
835 break;
836
837 case AF_LOCAL:
838 my->info.name = fr_asprintf(my, "proto unix (datagram) filename %s",
839 cfg->path);
840 break;
841
842 default:
843 fr_assert(0);
844 my->info.name = "??? invalid BIO ???";
845 break;
846 }
847 break;
848
851 switch (my->info.socket.af) {
852 case AF_INET:
853 case AF_INET6:
854 my->info.name = fr_asprintf(my, "proto %s local %pV port %u remote %pV port %u",
855 (cfg->socket_type == SOCK_DGRAM) ? "udp" : "tcp",
856 fr_box_ipaddr(my->info.socket.inet.src_ipaddr),
857 my->info.socket.inet.src_port,
858 fr_box_ipaddr(my->info.socket.inet.dst_ipaddr),
859 my->info.socket.inet.dst_port);
860 break;
861
862 case AF_LOCAL:
863 my->info.name = fr_asprintf(my, "proto unix %sfilename %s",
864 (cfg->socket_type == SOCK_DGRAM) ? "(datagram) " : "",
865 cfg->path);
866 break;
867
868 case AF_FILE_BIO:
869 fr_assert(cfg->socket_type == SOCK_STREAM);
870
871 if (cfg->flags == O_RDONLY) {
872 my->info.name = fr_asprintf(my, "proto file (read-only) filename %s ",
873 cfg->filename);
874
875 } else if (cfg->flags == O_WRONLY) {
876 my->info.name = fr_asprintf(my, "proto file (write-only) filename %s",
877 cfg->filename);
878 } else {
879 my->info.name = fr_asprintf(my, "proto file (read-write) filename %s",
880 cfg->filename);
881 }
882 break;
883
884 default:
885 fr_assert(0);
886 my->info.name = "??? invalid BIO ???";
887 break;
888 }
889 break;
890
891 case FR_BIO_FD_LISTEN:
892 fr_assert(cfg->socket_type == SOCK_STREAM);
893
894 switch (my->info.socket.af) {
895 case AF_INET:
896 case AF_INET6:
897 my->info.name = fr_asprintf(my, "proto %s local %pV port %u",
898 (cfg->socket_type == SOCK_DGRAM) ? "udp" : "tcp",
899 fr_box_ipaddr(my->info.socket.inet.src_ipaddr),
900 my->info.socket.inet.src_port);
901 break;
902
903 case AF_LOCAL:
904 my->info.name = fr_asprintf(my, "proto unix filename %s",
905 cfg->path);
906 break;
907
908 default:
909 fr_assert(0);
910 my->info.name = "??? invalid BIO ???";
911 break;
912 }
913 break;
914 }
915}
916
917/** Checks the configuration without modifying anything.
918 *
919 */
921{
922 /*
923 * Unix sockets and files are OK.
924 */
925 if (cfg->path || cfg->filename) return 0;
926
927 /*
928 * Sanitize the IP addresses.
929 *
930 */
931 switch (cfg->type) {
933 fr_strerror_const("No connection type was specified");
934 return -1;
935
937 /*
938 * Ensure that we have a destination address.
939 */
940 if (cfg->dst_ipaddr.af == AF_UNSPEC) {
941 fr_strerror_const("No destination IP address was specified");
942 return -1;
943 }
944
945 if (!cfg->dst_port) {
946 fr_strerror_const("No destination port was specified");
947 return -1;
948 }
949
950 /*
951 * The source IP has to be the same address family as the destination IP.
952 */
953 if ((cfg->src_ipaddr.af != AF_UNSPEC) && (cfg->src_ipaddr.af != cfg->dst_ipaddr.af)) {
954 fr_strerror_printf("Source and destination IP addresses are not from the same IP address family");
955 return -1;
956 }
957 break;
958
959 case FR_BIO_FD_LISTEN:
960 if (!cfg->src_port) {
961 fr_strerror_const("No source port was specified");
962 return -1;
963 }
965
966 /*
967 * Unconnected sockets can use a source port, but don't need one.
968 */
970 if (cfg->path && cfg->filename) {
971 fr_strerror_const("Unconnected sockets cannot be used with Unix sockets or files");
972 return -1;
973 }
974
975 if (cfg->src_ipaddr.af == AF_UNSPEC) {
976 fr_strerror_const("No source IP address was specified");
977 return -1;
978 }
979 break;
980
982 fr_assert(cfg->src_ipaddr.af != AF_UNSPEC);
983 fr_assert(cfg->dst_ipaddr.af != AF_UNSPEC);
984 break;
985 }
986
987 return 0;
988}
989
990/** Opens a socket and updates sock->fd
991 *
992 * If the socket is asynchronous, it also calls connect()
993 */
995{
996 int fd;
997 int rcode;
998 fr_bio_fd_t *my = talloc_get_type_abort(bio, fr_bio_fd_t);
999
1001
1002 my->info = (fr_bio_fd_info_t) {
1003 .socket = {
1004 .type = cfg->socket_type,
1005 },
1006 .cfg = cfg,
1007 };
1008
1009 if (!cfg->path && !cfg->filename) {
1010 int protocol;
1011
1012 my->info.socket.af = cfg->src_ipaddr.af;
1013 my->info.socket.inet.src_ipaddr = cfg->src_ipaddr;
1014 my->info.socket.inet.dst_ipaddr = cfg->dst_ipaddr;
1015 my->info.socket.inet.src_port = cfg->src_port;
1016 my->info.socket.inet.dst_port = cfg->dst_port;
1017
1018 if (fr_bio_fd_check_config(cfg) < 0) return -1;
1019
1020 /*
1021 * Sanitize the IP addresses.
1022 *
1023 */
1024 switch (cfg->type) {
1025 case FR_BIO_FD_INVALID:
1026 return -1;
1027
1029 /*
1030 * No source specified, just bootstrap it from the destination.
1031 */
1032 if (my->info.socket.inet.src_ipaddr.af == AF_UNSPEC) {
1033 my->info.socket.inet.src_ipaddr = (fr_ipaddr_t) {
1034 .af = my->info.socket.inet.dst_ipaddr.af,
1035 .prefix = (my->info.socket.inet.dst_ipaddr.af == AF_INET) ? 32 : 128,
1036 };
1037
1038 /*
1039 * Set the main socket AF too.
1040 */
1041 my->info.socket.af = my->info.socket.inet.dst_ipaddr.af;
1042 }
1043
1044 /*
1045 * The source IP has to be the same address family as the destination IP.
1046 */
1047 if (my->info.socket.inet.src_ipaddr.af != my->info.socket.inet.dst_ipaddr.af) {
1048 fr_strerror_const("Source and destination IP addresses are not from the same IP address family");
1049 return -1;
1050 }
1051 break;
1052
1054 case FR_BIO_FD_LISTEN:
1055 fr_assert(my->info.socket.inet.src_ipaddr.af != AF_UNSPEC);
1056 break;
1057
1058 case FR_BIO_FD_ACCEPTED:
1059 fr_assert(my->info.socket.inet.src_ipaddr.af != AF_UNSPEC);
1060 fr_assert(my->info.socket.inet.dst_ipaddr.af != AF_UNSPEC);
1061 break;
1062 }
1063
1064 if (cfg->socket_type == SOCK_STREAM) {
1065 protocol = IPPROTO_TCP;
1066 } else {
1067 protocol = IPPROTO_UDP;
1068 }
1069
1070 if (cfg->interface) {
1071 my->info.socket.inet.ifindex = if_nametoindex(cfg->interface);
1072
1073 if (!my->info.socket.inet.ifindex) {
1074 fr_strerror_printf_push("Failed finding interface %s: %s", cfg->interface, fr_syserror(errno));
1075 return -1;
1076 }
1077 }
1078
1079 /*
1080 * It's already opened, so we don't need to do that.
1081 */
1082 if (cfg->type == FR_BIO_FD_ACCEPTED) {
1083 fd = my->info.socket.fd;
1084 fr_assert(fd >= 0);
1085
1086 } else {
1087 fd = socket(my->info.socket.af, my->info.socket.type, protocol);
1088 if (fd < 0) {
1089 fr_strerror_printf("Failed opening socket: %s", fr_syserror(errno));
1090 return -1;
1091 }
1092 }
1093
1094 } else if (cfg->path) {
1095 my->info.socket.af = AF_LOCAL;
1096 my->info.socket.type = SOCK_STREAM;
1097 my->info.socket.unix.path = cfg->path;
1098
1099 fd = socket(my->info.socket.af, my->info.socket.type, 0);
1100 if (fd < 0) {
1101 fr_strerror_printf("Failed opening domain socket %s: %s", cfg->path, fr_syserror(errno));
1102 return -1;
1103 }
1104
1105 } else {
1106 if (cfg->type != FR_BIO_FD_CONNECTED) {
1107 fr_strerror_printf("Can only use connected sockets for file IO");
1108 return -1;
1109 }
1110
1111 /*
1112 * Filenames overload the #fr_socket_t for now.
1113 */
1114 my->info.socket.af = AF_FILE_BIO;
1115 my->info.socket.type = SOCK_STREAM;
1116 my->info.socket.unix.path = cfg->filename;
1117
1118 /*
1119 * Allow hacks for stdout and stderr
1120 */
1121 if (strcmp(cfg->filename, "/dev/stdout") == 0) {
1122 if (cfg->flags != O_WRONLY) {
1123 fail_dev:
1124 fr_strerror_printf("Cannot read from %s", cfg->filename);
1125 return -1;
1126 }
1127
1128 fd = dup(STDOUT_FILENO);
1129
1130 } else if (strcmp(cfg->filename, "/dev/stderr") == 0) {
1131 if (cfg->flags != O_WRONLY) goto fail_dev;
1132
1133 fd = dup(STDERR_FILENO);
1134
1135 } else if (strcmp(cfg->filename, "/dev/stdin") == 0) {
1136 if (cfg->flags != O_RDONLY) {
1137 fr_strerror_printf("Cannot write to %s", cfg->filename);
1138 return -1;
1139 }
1140
1141 fd = dup(STDIN_FILENO);
1142
1143 } else {
1144 /*
1145 * Minor hacks so that we have only _one_ source of open / mkdir
1146 */
1147 my->info.socket.fd = -1;
1148
1149 fd = fr_bio_fd_reopen(bio);
1150 }
1151 if (fd < 0) {
1152 fr_strerror_printf("Failed opening file %s: %s", cfg->filename, fr_syserror(errno));
1153 return -1;
1154 }
1155 }
1156
1157 /*
1158 * Set it to be non-blocking if required.
1159 */
1160 if (cfg->async && (fr_nonblock(fd) < 0)) {
1161 fr_strerror_printf("Failed opening setting O_NONBLOCK: %s", fr_syserror(errno));
1162
1163 fail:
1164 my->info.socket = (fr_socket_t) {
1165 .fd = -1,
1166 };
1167 my->info.state = FR_BIO_FD_STATE_CLOSED;
1168 my->info.cfg = NULL;
1169 close(fd);
1170 return -1;
1171 }
1172
1173#ifdef FD_CLOEXEC
1174 /*
1175 * We don't want child processes inheriting these file descriptors.
1176 */
1177 rcode = fcntl(fd, F_GETFD);
1178 if (rcode >= 0) {
1179 if (fcntl(fd, F_SETFD, rcode | FD_CLOEXEC) < 0) {
1180 fr_strerror_printf("Failed opening setting FD_CLOEXE: %s", fr_syserror(errno));
1181 goto fail;
1182 }
1183 }
1184#endif
1185
1186 /*
1187 * Initialize the bio information before calling the various setup functions.
1188 */
1189 my->info.state = FR_BIO_FD_STATE_CONNECTING;
1190
1191 /*
1192 * Set the FD so that the subsequent calls can use it.
1193 */
1194 my->info.socket.fd = fd;
1195
1196 /*
1197 * Set the type, too.
1198 */
1199 my->info.type = cfg->type;
1200
1201 /*
1202 * Do sanity checks, bootstrap common socket options, bind to the socket, and initialize the read
1203 * / write functions.
1204 */
1205 switch (cfg->type) {
1206 case FR_BIO_FD_INVALID:
1207 return -1;
1208
1209 /*
1210 * Unconnected UDP or datagram AF_LOCAL server sockets.
1211 */
1213 if (my->info.socket.type != SOCK_DGRAM) {
1214 fr_strerror_const("Failed configuring socket: unconnected sockets must be UDP");
1215 return -1;
1216 }
1217
1218 switch (my->info.socket.af) {
1219 case AF_INET:
1220 case AF_INET6:
1221 if (fr_bio_fd_common_udp(fd, &my->info.socket, cfg) < 0) goto fail;
1222 break;
1223
1224 case AF_LOCAL:
1225 if (fr_bio_fd_common_datagram(fd, &my->info.socket, cfg) < 0) goto fail;
1226 break;
1227
1228 case AF_FILE_BIO:
1229 fr_strerror_const("Filenames must use the connected API");
1230 goto fail;
1231
1232 default:
1233 fr_strerror_const("Unsupported address family for unconnected sockets");
1234 goto fail;
1235 }
1236
1237 if (fr_bio_fd_socket_bind(my, cfg) < 0) goto fail;
1238
1239 if (fr_bio_fd_init_common(my) < 0) goto fail;
1240 break;
1241
1242 /*
1243 * A connected client: UDP, TCP, AF_LOCAL, or AF_FILE_BIO
1244 */
1246 if (my->info.socket.type == SOCK_DGRAM) {
1247 rcode = fr_bio_fd_common_datagram(fd, &my->info.socket, cfg); /* we don't use SO_REUSEPORT for clients */
1248 if (rcode < 0) goto fail;
1249
1250 } else if ((my->info.socket.af == AF_INET) || (my->info.socket.af == AF_INET6)) {
1251 rcode = fr_bio_fd_common_tcp(fd, &my->info.socket, cfg);
1252 if (rcode < 0) goto fail;
1253 }
1254
1255 switch (my->info.socket.af) {
1256 case AF_LOCAL:
1257 if (fr_bio_fd_socket_bind_unix(my, cfg) < 0) goto fail;
1258 break;
1259
1260 case AF_FILE_BIO:
1261 break;
1262
1263 case AF_INET:
1264 case AF_INET6:
1265 if (fr_bio_fd_socket_bind(my, cfg) < 0) goto fail;
1266 break;
1267
1268 default:
1269 return -1;
1270 }
1271
1272 if (fr_bio_fd_init_connected(my) < 0) goto fail;
1273 break;
1274
1275 case FR_BIO_FD_ACCEPTED:
1276#ifdef SO_NOSIGPIPE
1277 /*
1278 * Although the server ignore SIGPIPE, some operating systems like BSD and OSX ignore the
1279 * ignoring.
1280 *
1281 * Fortunately, those operating systems usually support SO_NOSIGPIPE. We set that to prevent
1282 * them raising the signal in the first place.
1283 */
1284 {
1285 int on = 1;
1286
1287 setsockopt(my->info.socket.fd, SOL_SOCKET, SO_NOSIGPIPE, &on, sizeof(on));
1288 }
1289#endif
1290
1291 my->info.type = FR_BIO_FD_CONNECTED;
1292
1293 if (fr_bio_fd_init_common(my) < 0) goto fail;
1294 break;
1295
1296 /*
1297 * Server socket which listens for new stream connections
1298 */
1299 case FR_BIO_FD_LISTEN:
1300 fr_assert(my->info.socket.type == SOCK_STREAM);
1301
1302 switch (my->info.socket.af) {
1303 case AF_INET:
1304 if (fr_bio_fd_server_ipv4(fd, &my->info.socket, cfg) < 0) goto fail;
1305
1306 if (fr_bio_fd_socket_bind(my, cfg) < 0) goto fail;
1307 break;
1308
1309 case AF_INET6:
1310 if (fr_bio_fd_server_ipv6(fd, &my->info.socket, cfg) < 0) goto fail;
1311
1312 if (fr_bio_fd_socket_bind(my, cfg) < 0) goto fail;
1313 break;
1314
1315 case AF_LOCAL:
1316 if (fr_bio_fd_socket_bind_unix(my, cfg) < 0) goto fail;
1317 break;
1318
1319 default:
1320 fr_strerror_const("Unsupported address family for accept() socket");
1321 goto fail;
1322 }
1323
1324 if (fr_bio_fd_init_listen(my) < 0) goto fail;
1325 break;
1326 }
1327
1328 /*
1329 * Set the name of the BIO.
1330 */
1332
1333 return 0;
1334}
1335
1336/** Reopen a file BIO
1337 *
1338 * e.g. for log files.
1339 */
1341{
1342 fr_bio_fd_t *my = talloc_get_type_abort(bio, fr_bio_fd_t);
1343 fr_bio_fd_config_t const *cfg = my->info.cfg;
1344 int fd, flags;
1345
1346 if (my->info.socket.af != AF_FILE_BIO) {
1347 fr_strerror_const("Cannot reopen a non-file BIO");
1348 return -1;
1349 }
1350
1351 /*
1352 * Create it if necessary.
1353 */
1354 flags = cfg->flags;
1355 if (flags != O_RDONLY) flags |= O_CREAT;
1356
1357 if (!cfg->mkdir) {
1358 /*
1359 * Client BIOs writing to a file, and therefore need to create it.
1360 */
1361 do_open:
1362 fd = open(cfg->filename, flags, cfg->perm);
1363 if (fd < 0) {
1364 failed_open:
1365 fr_strerror_printf("Failed opening file %s: %s", cfg->filename, fr_syserror(errno));
1366 return -1;
1367 }
1368
1369 } else {
1370 /*
1371 * We make the parent directory if told to, AND if there's a '/' in the path.
1372 */
1373 char *p = strrchr(cfg->filename, '/');
1374 int dir_fd;
1375
1376 if (!p) goto do_open;
1377
1378 if (fr_mkdir(&dir_fd, cfg->filename, (size_t) (p - cfg->filename), cfg->perm, fr_mkdir_chown,
1379 &(fr_mkdir_chown_t) {
1380 .uid = cfg->uid,
1381 .gid = cfg->gid,
1382 }) < 0) {
1383 return -1;
1384 }
1385
1386 fd = openat(dir_fd, p + 1, flags, cfg->perm);
1387 if (fd < 0) {
1388 close(dir_fd);
1389 goto failed_open;
1390 }
1391 }
1392
1393 /*
1394 * We're boot-strapping, just set the new FD and return.
1395 */
1396 if (my->info.socket.fd < 0) {
1397 return fd;
1398 }
1399
1400 /*
1401 * Replace the FD rather than swapping it out with a new one. This is potentially more
1402 * thread-safe.
1403 */
1404 if (dup2(fd, my->info.socket.fd) < 0) {
1405 close(fd);
1406 fr_strerror_printf("Failed reopening file - %s", fr_syserror(errno));
1407 return -1;
1408 }
1409
1410 close(fd);
1411 return my->info.socket.fd;
1412}
#define UNCONST(_type, _ptr)
Remove const qualification from a pointer.
Definition build.h:167
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:324
#define UNUSED
Definition build.h:317
int fr_bio_fd_socket_name(fr_bio_fd_t *my)
Definition fd.c:641
int fr_bio_fd_init_connected(fr_bio_fd_t *my)
Definition fd.c:797
int fr_filename_to_sockaddr(struct sockaddr_un *sun, socklen_t *sunlen, char const *filename)
Definition fd.c:623
int fr_bio_fd_init_listen(fr_bio_fd_t *my)
Definition fd.c:978
int fr_bio_fd_init_common(fr_bio_fd_t *my)
Definition fd.c:860
uint16_t src_port
our port
Definition fd.h:92
@ FR_BIO_FD_ACCEPTED
temporarily until it's connected.
Definition fd.h:71
@ FR_BIO_FD_CONNECTED
connected client sockets (UDP or TCP)
Definition fd.h:68
@ FR_BIO_FD_INVALID
not set
Definition fd.h:64
@ FR_BIO_FD_UNCONNECTED
unconnected UDP / datagram only
Definition fd.h:65
@ FR_BIO_FD_LISTEN
returns new fd in buffer on fr_bio_read() or fr_bio_fd_accept()
Definition fd.h:69
uint32_t recv_buff
How big the kernel's receive buffer should be.
Definition fd.h:100
bool mkdir
make intermediate directories
Definition fd.h:107
@ FR_BIO_FD_STATE_CLOSED
Definition fd.h:58
@ FR_BIO_FD_STATE_CONNECTING
Definition fd.h:60
@ FR_BIO_FD_STATE_OPEN
error states must be before this
Definition fd.h:59
fr_ipaddr_t dst_ipaddr
their IP address
Definition fd.h:90
fr_bio_fd_type_t type
accept, connected, unconnected, etc.
Definition fd.h:82
char const * path
for Unix domain sockets
Definition fd.h:103
uint32_t send_buff
How big the kernel's send buffer should be.
Definition fd.h:101
char const * filename
for files
Definition fd.h:109
uid_t uid
who owns the socket
Definition fd.h:105
bool server
is this a client or a server?
Definition fd.h:86
gid_t gid
who owns the socket
Definition fd.h:106
char const * interface
for binding to an interface
Definition fd.h:98
mode_t perm
permissions for domain sockets
Definition fd.h:104
#define AF_FILE_BIO
Definition fd.h:40
int socket_type
SOCK_STREAM or SOCK_DGRAM.
Definition fd.h:84
uint16_t dst_port
their port
Definition fd.h:93
bool tcp_delay
We do tcp_nodelay by default.
Definition fd.h:113
bool reuse_port
whether or not we re-use the same destination port for datagram sockets
Definition fd.h:87
bool exceed_mtu
Whether we allow packets which exceed the local MTU.
Definition fd.h:114
bool async
is it async
Definition fd.h:112
int flags
O_RDONLY, etc.
Definition fd.h:110
fr_ipaddr_t src_ipaddr
our IP address
Definition fd.h:89
Configuration for sockets.
Definition fd.h:81
Run-time status of the socket.
Definition fd.h:129
fr_bio_shutdown & my
Definition fd_errno.h:69
static int fr_bio_fd_socket_unix_mkdir(int *dirfd, char const **filename, fr_bio_fd_config_t const *cfg)
Definition fd_open.c:348
static void fr_bio_fd_name(fr_bio_fd_t *my)
Definition fd_open.c:818
static int fr_bio_fd_socket_unix_verify(int dirfd, char const *filename, fr_bio_fd_config_t const *cfg)
Verify or clean up a pre-existing domain socket.
Definition fd_open.c:281
static void fr_bio_fd_unix_shutdown(fr_bio_t *bio)
Definition fd_open.c:489
static int fr_bio_fd_server_ipv6(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize an IPv6 server socket.
Definition fd_open.c:254
static int fr_bio_fd_common_udp(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize a UDP socket.
Definition fd_open.c:150
int fr_bio_fd_reopen(fr_bio_t *bio)
Reopen a file BIO.
Definition fd_open.c:1340
static int fr_bio_fd_server_tcp(int fd, UNUSED fr_socket_t const *sock)
Initialize a TCP server socket.
Definition fd_open.c:226
static int fr_bio_fd_socket_bind_unix(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
Bind to a Unix domain socket.
Definition fd_open.c:522
static int fr_bio_fd_socket_bind(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
Definition fd_open.c:725
static int fr_bio_fd_server_ipv4(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize an IPv4 server socket.
Definition fd_open.c:241
static int fr_bio_fd_common_tcp(int fd, UNUSED fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize common datagram information.
Definition fd_open.c:40
static int fr_bio_fd_socket_bind_to_device(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
This system is missing SO_BINDTODEVICE, IP_BOUND_IF, IPV6_BOUND_IF.
Definition fd_open.c:714
int fr_bio_fd_open(fr_bio_t *bio, fr_bio_fd_config_t const *cfg)
Opens a socket and updates sock->fd.
Definition fd_open.c:994
int fr_bio_fd_check_config(fr_bio_fd_config_t const *cfg)
Checks the configuration without modifying anything.
Definition fd_open.c:920
static int fr_bio_fd_common_datagram(int fd, UNUSED fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize common datagram information.
Definition fd_open.c:84
Our FD bio structure.
Definition fd_priv.h:35
ssize_t fr_mkdir(int *fd_out, char const *path, ssize_t len, mode_t mode, fr_mkdir_func_t func, void *uctx)
Create directories that are missing in the specified path.
Definition file.c:219
int fr_mkdir_chown(int fd, char const *path, void *uctx)
Callback for the common case of chown() of the directory.
Definition file.c:39
int fr_dirfd(int *dirfd, char const **filename, char const *pathname)
From a pathname, return fd and filename needed for *at() functions.
Definition file.c:412
int fr_ipaddr_to_sockaddr(struct sockaddr_storage *sa, socklen_t *salen, fr_ipaddr_t const *ipaddr, uint16_t port)
Convert our internal ip address representation to a sockaddr.
Definition inet.c:1392
int af
Address family.
Definition inet.h:64
IPv4/6 prefix.
talloc_free(reap)
unsigned short uint16_t
unsigned int mode_t
int fr_nonblock(UNUSED int fd)
Definition misc.c:293
char * fr_asprintf(TALLOC_CTX *ctx, char const *fmt,...)
Special version of asprintf which implements custom format specifiers.
Definition print.c:874
#define fr_assert(_expr)
Definition rad_assert.h:38
static rc_request_t * current
static bool done
Definition radclient.c:81
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition rand.c:105
#define FD_CLOEXEC
int fr_socket_client_unix(UNUSED char const *path, UNUSED bool async)
Definition socket.c:562
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
close(uq->fd)
int af
AF_INET, AF_INET6, or AF_UNIX.
Definition socket.h:78
int type
SOCK_STREAM, SOCK_DGRAM, etc.
Definition socket.h:79
Holds information necessary for binding or connecting to a socket.
Definition socket.h:63
void fr_strerror_clear(void)
Clears all pending messages from the talloc pools.
Definition strerror.c:576
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
#define fr_strerror_const(_msg)
Definition strerror.h:223
#define fr_box_ipaddr(_val)
Definition value.h:305