The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Loading...
Searching...
No Matches
fd_open.c
Go to the documentation of this file.
1/*
2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License as published by
4 * the Free Software Foundation; either version 2 of the License, or (at
5 * your option) any later version.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
15 */
16
17/**
18 * $Id: 92d2738fe61a91f3a7432fe28e99bddbf2b905fa $
19 * @file lib/bio/fd_open.c
20 * @brief BIO abstractions for opening file descriptors
21 *
22 * @copyright 2024 Network RADIUS SAS (legal@networkradius.com)
23 */
24
25#include <freeradius-devel/bio/fd_priv.h>
26#include <freeradius-devel/util/file.h>
27#include <freeradius-devel/util/cap.h>
28#include <freeradius-devel/util/rand.h>
29
30#include <sys/stat.h>
31#include <net/if.h>
32#include <fcntl.h>
33#include <libgen.h>
34#include <netinet/tcp.h>
35#include <netinet/in.h>
36
37/** Initialize common datagram information
38 *
39 */
40static int fr_bio_fd_common_tcp(int fd, UNUSED fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
41{
42 int on = 1;
43
44#ifdef SO_KEEPALIVE
45 /*
46 * TCP keepalives are always a good idea. Too many people put firewalls between critical
47 * systems, and then the firewalls drop live TCP streams.
48 */
49 if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) {
50 fr_strerror_printf("Failed setting SO_KEEPALIVE: %s", fr_syserror(errno));
51 return -1;
52 }
53#endif
54
55#ifdef TCP_NODELAY
56 /*
57 * Add some defines for *BSD, and Solaris systems.
58 */
59# if !defined(SOL_TCP) && defined(IPPROTO_TCP)
60# define SOL_TCP IPPROTO_TCP
61# endif
62
63 /*
64 * Also set TCP_NODELAY, to force the data to be written quickly.
65 *
66 * We buffer full packets in memory before we write them, so there's no reason for the kernel to
67 * sit around waiting for more data from us.
68 */
69 if (!cfg->tcp_delay) {
70 if (setsockopt(fd, SOL_TCP, TCP_NODELAY, &on, sizeof(on)) < 0) {
71 fr_strerror_printf("Failed setting TCP_NODELAY: %s", fr_syserror(errno));
72 return -1;
73 }
74 }
75#endif
76
77 return 0;
78}
79
80
81/** Initialize common datagram information
82 *
83 */
84static int fr_bio_fd_common_datagram(int fd, UNUSED fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
85{
86 int on = 1;
87
88#ifdef SO_TIMESTAMPNS
89 /*
90 * Enable receive timestamps, these should reflect
91 * when the packet was received, not when it was read
92 * from the socket.
93 */
94 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMPNS, &on, sizeof(int)) < 0) {
95 fr_strerror_printf("Failed setting SO_TIMESTAMPNS: %s", fr_syserror(errno));
96 return -1;
97 }
98
99#elif defined(SO_TIMESTAMP)
100 /*
101 * Enable receive timestamps, these should reflect
102 * when the packet was received, not when it was read
103 * from the socket.
104 */
105 if (setsockopt(fd, SOL_SOCKET, SO_TIMESTAMP, &on, sizeof(int)) < 0) {
106 fr_strerror_printf("Failed setting SO_TIMESTAMP: %s", fr_syserror(errno));
107 return -1;
108 }
109#endif
110
111
112#ifdef SO_RCVBUF
113 if (cfg->recv_buff) {
114 int opt = cfg->recv_buff;
115
116 /*
117 * Clamp value to something reasonable.
118 */
119 if (opt > (1 << 29)) opt = (1 << 29);
120
121 if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &opt, sizeof(opt)) < 0) {
122 fr_strerror_printf("Failed setting SO_RCVBUF: %s", fr_syserror(errno));
123 return -1;
124 }
125 }
126#endif
127
128#ifdef SO_SNDBUF
129 if (cfg->send_buff) {
130 int opt = cfg->send_buff;
131
132 /*
133 * Clamp value to something reasonable.
134 */
135 if (opt > (1 << 29)) opt = (1 << 29);
136
137 if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(opt)) < 0) {
138 fr_strerror_printf("Failed setting SO_SNDBUF: %s", fr_syserror(errno));
139 return -1;
140 }
141 }
142#endif
143
144 return 0;
145}
146
147/** Initialize a UDP socket.
148 *
149 */
150static int fr_bio_fd_common_udp(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
151{
152#ifdef SO_REUSEPORT
153 /*
154 * Servers re-use ports by default. And clients, too, if they ask nicely.
155 */
156 if (cfg->server || cfg->reuse_port) {
157 int on = 1;
158
159 /*
160 * Set SO_REUSEPORT before bind, so that all sockets can
161 * listen on the same destination IP address.
162 */
163 if (setsockopt(fd, SOL_SOCKET, SO_REUSEPORT, &on, sizeof(on)) < 0) {
164 fr_strerror_printf("Failed setting SO_REUSEPORT: %s", fr_syserror(errno));
165 return -1;
166 }
167 }
168#endif
169
170 return fr_bio_fd_common_datagram(fd, sock, cfg);
171}
172
173/** Initialize a TCP server socket.
174 *
175 */
176static int fr_bio_fd_server_tcp(int fd, UNUSED fr_socket_t const *sock)
177{
178 int on = 1;
179
180 if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
181 fr_strerror_printf("Failed setting SO_REUSEADDR: %s", fr_syserror(errno));
182 return -1;
183 }
184
185 return 0;
186}
187
188/** Initialize an IPv4 server socket.
189 *
190 */
191static int fr_bio_fd_server_ipv4(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
192{
193 int flag;
194
195#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT)
196 /*
197 * Disable PMTU discovery. On Linux, this also makes sure that the "don't
198 * fragment" flag is zero.
199 */
200 flag = IP_PMTUDISC_DONT;
201
202 if (setsockopt(fd, IPPROTO_IP, IP_MTU_DISCOVER, &flag, sizeof(flag)) < 0) {
203 fr_strerror_printf("Failed setting IP_MTU_DISCOVER: %s", fr_syserror(errno));
204 return -1;
205 }
206#endif
207
208#if defined(IP_DONTFRAG)
209 /*
210 * Ensure that the "don't fragment" flag is zero.
211 */
212 flag = 0;
213
214 if (setsockopt(fd, IPPROTO_IP, IP_DONTFRAG, &flag, sizeof(flag)) < 0) {
215 fr_strerror_printf("Failed setting IP_DONTFRAG: %s", fr_syserror(errno));
216 return -1;
217 }
218#endif
219
220 /*
221 * And set up any UDP / TCP specific information.
222 */
223 if (sock->type == SOCK_DGRAM) return fr_bio_fd_common_udp(fd, sock, cfg);
224
225 return fr_bio_fd_server_tcp(fd, sock);
226}
227
228/** Initialize an IPv6 server socket.
229 *
230 */
231static int fr_bio_fd_server_ipv6(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
232{
233#ifdef IPV6_V6ONLY
234 /*
235 * Don't allow v4 packets on v6 connections.
236 */
237 if (IN6_IS_ADDR_UNSPECIFIED(UNCONST(struct in6_addr *, &sock->inet.src_ipaddr.addr.v6))) {
238 int on = 1;
239
240 if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&on, sizeof(on)) < 0) {
241 fr_strerror_printf("Failed setting IPV6_ONLY: %s", fr_syserror(errno));
242 return -1;
243 }
244 }
245#endif /* IPV6_V6ONLY */
246
247 /*
248 * And set up any UDP / TCP specific information.
249 */
250 if (sock->type == SOCK_DGRAM) return fr_bio_fd_common_udp(fd, sock, cfg);
251
252 return fr_bio_fd_server_tcp(fd, sock);
253}
254
255/** Verify or clean up a pre-existing domain socket.
256 *
257 */
258static int fr_bio_fd_socket_unix_verify(int dirfd, char const *filename, fr_bio_fd_config_t const *cfg)
259{
260 int fd;
261 struct stat buf;
262
263 /*
264 * See if the socket exits. If there's an error opening it, that's an issue.
265 *
266 * If it doesn't exist, that's fine.
267 */
268 if (fstatat(dirfd, filename, &buf, AT_SYMLINK_NOFOLLOW) < 0) {
269 if (errno != ENOENT) {
270 fr_strerror_printf("Failed opening domain socket %s: %s", cfg->path, fr_syserror(errno));
271 return -1;
272 }
273
274 return 0;
275 }
276
277 /*
278 * If it exists, it must be a socket.
279 */
280 if (!S_ISSOCK(buf.st_mode)) {
281 fr_strerror_printf("Failed open domain socket %s: it is not a socket", filename);
282 return -1;
283 }
284
285 /*
286 * Refuse to open sockets not owned by us. This prevents configurations from stomping on each
287 * other.
288 */
289 if (buf.st_uid != cfg->uid) {
290 fr_strerror_printf("Failed opening domain socket %s: incorrect UID", cfg->path);
291 return -1;
292 }
293
294 /*
295 * The file exists,and someone is listening. We can't claim it for ourselves.
296 *
297 * Note that this function calls connect(), but connect() always returns immediately for domain
298 * sockets.
299 *
300 * @todo - redo that function here, with separate checks for permission errors vs anything else.
301 */
302 fd = fr_socket_client_unix(cfg->path, false);
303 if (fd >= 0) {
304 close(fd);
305 fr_strerror_printf("Failed creating domain socket %s: It is currently active", cfg->path);
306 return -1;
307 }
308
309 /*
310 * It exists, but no one is listening. Delete it so that we can re-bind to it.
311 */
312 if (unlinkat(dirfd, filename, 0) < 0) {
313 fr_strerror_printf("Failed removing pre-existing domain socket %s: %s",
314 cfg->path, fr_syserror(errno));
315 return -1;
316 }
317
318 return 0;
319}
320
321/*
322 * We normally can't call fchmod() or fchown() on sockets, as they don't really exist in the file system.
323 * Instead, we enforce those permissions on the parent directory of the socket.
324 */
325static int fr_bio_fd_socket_unix_mkdir(int *dirfd, char const **filename, fr_bio_fd_config_t const *cfg)
326{
327 mode_t perm;
328 int parent_fd, fd;
329 char const *path = cfg->path;
330 char *p, *dir = NULL;
331 char *slashes[2];
332
333 perm = S_IREAD | S_IWRITE | S_IEXEC;
334 perm |= S_IRGRP | S_IWGRP | S_IXGRP;
335
336 /*
337 * The parent directory exists. Ensure that it has the correct ownership and permissions.
338 *
339 * If the parent directory exists, then it enforces access, and we can create the domain socket
340 * within it.
341 */
342 if (fr_dirfd(dirfd, filename, path) == 0) {
343 struct stat buf;
344
345 if (fstat(*dirfd, &buf) < 0) {
346 fr_strerror_printf("Failed reading parent directory for file %s: %s", path, fr_syserror(errno));
347 fail:
348 talloc_free(dir);
349 close(*dirfd);
350 return -1;
351 }
352
353 if (buf.st_uid != cfg->uid) {
354 fr_strerror_printf("Failed reading parent directory for file %s: Incorrect UID", path);
355 goto fail;
356 }
357
358 if (buf.st_gid != cfg->gid) {
359 fr_strerror_printf("Failed reading parent directory for file %s: Incorrect GID", path);
360 goto fail;
361 }
362
363 /*
364 * We don't have the correct permissions on the directory, so we fix them.
365 *
366 * @todo - allow for "other" to read/write if we do authentication on the socket?
367 */
368 if (fchmod(*dirfd, perm) < 0) {
369 fr_strerror_printf("Failed setting parent directory permissions for file %s: %s", path, fr_syserror(errno));
370 goto fail;
371 }
372
373 return 0;
374 }
375
376 dir = talloc_strdup(NULL, path);
377 if (!dir) goto fail;
378
379 /*
380 * Find the last two directory separators.
381 */
382 slashes[0] = slashes[1] = NULL;
383 for (p = dir; *p != '\0'; p++) {
384 if (*p == '/') {
385 slashes[0] = slashes[1];
386 slashes[1] = p;
387 }
388 }
389
390 /*
391 * There's only one / in the path, we can't do anything.
392 *
393 * Opening 'foo/bar.sock' might be useful, but isn't normally a good idea.
394 */
395 if (!slashes[0]) {
396 fr_strerror_printf("Failed parsing filename %s: it is not absolute", path);
397 goto fail;
398 }
399
400 /*
401 * Ensure that the grandparent directory exists.
402 *
403 * /var/run/radiusd/foo.sock
404 *
405 * slashes[0] points to the slash after 'run'.
406 *
407 * slashes[1] points to the slash after 'radiusd', which doesn't exist.
408 */
409 *slashes[0] = '\0';
410
411 /*
412 * If the grandparent doesn't exist, then we don't create it.
413 *
414 * These checks minimize the possibility that a misconfiguration by user "radiusd" can cause a
415 * suid-root binary top create a directory in the wrong place. These checks are only necessary
416 * if the unix domain socket is opened as root.
417 */
418 parent_fd = open(dir, O_DIRECTORY | O_NOFOLLOW);
419 if (parent_fd < 0) {
420 fr_strerror_printf("Failed opening directory %s: %s", dir, fr_syserror(errno));
421 goto fail;
422 }
423
424 /*
425 * Create the parent directory.
426 */
427 *slashes[0] = '/';
428 *slashes[1] = '\0';
429 if (mkdirat(parent_fd, dir, 0700) < 0) {
430 fr_strerror_printf("Failed creating directory %s: %s", dir, fr_syserror(errno));
431 close_parent:
432 close(parent_fd);
433 goto fail;
434 }
435
436 fd = openat(parent_fd, dir, O_DIRECTORY);
437 if (fd < 0) {
438 fr_strerror_printf("Failed opening directory %s: %s", dir, fr_syserror(errno));
439 goto close_parent;
440 }
441
442 if (fchmod(fd, perm) < 0) {
443 fr_strerror_printf("Failed changing permission for directory %s: %s", dir, fr_syserror(errno));
444 close_fd:
445 close(fd);
446 goto close_parent;
447 }
448
449 /*
450 * This is a NOOP if we're chowning a file owned by ourselves to our own UID / GID.
451 *
452 * Otherwise if we're running as root, it will set ownership to the correct user.
453 */
454 if (fchown(fd, cfg->uid, cfg->gid) < 0) {
455 fr_strerror_printf("Failed changing ownershipt for directory %s: %s", dir, fr_syserror(errno));
456 goto close_fd;
457 }
458
459 talloc_free(dir);
460 close(fd);
461 close(parent_fd);
462
463 return 0;
464}
465
466static void fr_bio_fd_unix_shutdown(fr_bio_t *bio)
467{
468 fr_bio_fd_t *my = talloc_get_type_abort(bio, fr_bio_fd_t);
469
470 /*
471 * The bio must be open in order to shut it down.
472 *
473 * Unix domain sockets are deleted when the bio is closed.
474 *
475 * Unix domain sockets are never in the "connecting" state, because connect() always returns
476 * immediately.
477 */
478 fr_assert(my->info.state == FR_BIO_FD_STATE_OPEN);
479
480 /*
481 * Run the user shutdown before we run ours.
482 */
483 if (my->user_shutdown) my->user_shutdown(bio);
484
485 (void) unlink(my->info.socket.unix.path);
486}
487
488/** Bind to a Unix domain socket.
489 *
490 * @todo - this function only does a tiny bit of what fr_server_domain_socket_peercred() and
491 * fr_server_domain_socket_perm() do. Those functions do a lot more sanity checks.
492 *
493 * The main question is whether or not those checks are useful. In many cases, fchmod() and fchown() are not
494 * possible on Unix sockets, so we shouldn't bother doing them,
495 *
496 * Note that the listeners generally call these functions with wrappers of fr_suid_up() and fr_suid_down().
497 * So these functions are running as "root", and will create files owned as "root".
498 */
499static int fr_bio_fd_socket_bind_unix(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
500{
501 int dirfd, rcode;
502 char const *filename, *p;
503 socklen_t sunlen;
504 struct sockaddr_un sun;
505
506 if (!cfg->path) {
507 fr_strerror_const("Failed to specify path");
508 return -1;
509 }
510
511 /*
512 * The UID and GID should be taken automatically from the "user" and "group" settings in
513 * mainconfig. There is no reason to set them to anything else.
514 */
515 if (cfg->uid == (uid_t) -1) {
516 fr_strerror_printf("Failed opening domain socket %s: no UID specified", cfg->path);
517 return -1;
518 }
519
520 if (cfg->gid == (gid_t) -1) {
521 fr_strerror_printf("Failed opening domain socket %s: no GID specified", cfg->path);
522 return -1;
523 }
524
525 /*
526 * Opening 'foo.sock' is OK.
527 */
528 p = strrchr(cfg->path, '/');
529 if (!p) {
530 dirfd = AT_FDCWD;
531 filename = cfg->path;
532
533 } else if (p == cfg->path) {
534 /*
535 * Opening '/foo.sock' is dumb.
536 */
537 fr_strerror_printf("Failed opening domain socket %s: cannot exist at file system root", p);
538 return -1;
539
540 } else if (fr_bio_fd_socket_unix_mkdir(&dirfd, &filename, cfg) < 0) {
541 return -1;
542 }
543
544 /*
545 * Verify and/or clean up the domain socket.
546 */
547 if (fr_bio_fd_socket_unix_verify(dirfd, filename, cfg) < 0) {
548 fail:
549 if (dirfd != AT_FDCWD) close(dirfd);
550 return -1;
551 }
552
553#ifdef HAVE_BINDAT
554 /*
555 * The best function to use here is bindat(), but only quite recent versions of FreeBSD actually
556 * have it, and it's definitely not POSIX.
557 *
558 * If we use bindat(), we pass a relative pathname.
559 */
560 if (fr_filename_to_sockaddr(&sun, &sunlen, filename) < 0) goto fail;
561
562 rcode = bindat(dirfd, my->info.socket.fd, (struct sockaddr *) &sun, sunlen);
563#else
564 /*
565 * For bind(), we pass the full path.
566 */
567 if (fr_filename_to_sockaddr(&sun, &sunlen, cfg->path) < 0) goto fail;
568
569 rcode = bind(my->info.socket.fd, (struct sockaddr *) &sun, sunlen);
570#endif
571 if (rcode < 0) {
572 /*
573 * @todo - if EADDRINUSE, then the socket exists. Try connect(), and if that fails,
574 * delete the socket and try again. This may be simpler than the checks above.
575 */
576 fr_strerror_printf("Failed binding to domain socket %s: %s", cfg->path, fr_syserror(errno));
577 goto fail;
578 }
579
580#ifdef __linux__
581 /*
582 * Linux supports chown && chmod for sockets.
583 */
584 if (fchmod(my->info.socket.fd, S_IREAD | S_IWRITE | S_IEXEC | S_IRGRP | S_IWGRP | S_IXGRP) < 0) {
585 fr_strerror_printf("Failed changing permission for domain socket %s: %s", cfg->path, fr_syserror(errno));
586 goto fail;
587 }
588
589 /*
590 * This is a NOOP if we're chowning a file owned by ourselves to our own UID / GID.
591 *
592 * Otherwise if we're running as root, it will set ownership to the correct user.
593 */
594 if (fchown(my->info.socket.fd, cfg->uid, cfg->gid) < 0) {
595 fr_strerror_printf("Failed changing ownershipt for domain directory %s: %s", cfg->path, fr_syserror(errno));
596 goto fail;
597 }
598
599#endif
600
601 /*
602 * Socket is open. We need to clean it up on shutdown.
603 */
604 if (my->cb.shutdown) my->user_shutdown = my->cb.shutdown;
605 my->cb.shutdown = fr_bio_fd_unix_shutdown;
606
607 return 0;
608}
609
610/*
611 * Use the OSX native versions on OSX.
612 */
613#ifdef __APPLE__
614#undef SO_BINDTODEVICE
615#endif
616
617#ifdef SO_BINDTODEVICE
618/** Linux bind to device by name.
619 *
620 */
621static int fr_bio_fd_socket_bind_to_device(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
622{
623 /*
624 * ifindex isn't set, do nothing.
625 */
626 if (!my->info.socket.inet.ifindex) return 0;
627
628 if (!cfg->interface) return 0;
629
630 /*
631 * The internet hints that CAP_NET_RAW is required to use SO_BINDTODEVICE.
632 *
633 * This function also sets fr_strerror() on failure, which will be seen if the bind fails. If
634 * the bind succeeds, then we don't really care that the capability change has failed. We must
635 * already have that capability.
636 */
637#ifdef HAVE_CAPABILITY_H
638 (void)fr_cap_enable(CAP_NET_RAW, CAP_EFFECTIVE);
639#endif
640
641 if (setsockopt(my->info.socket.fd, SOL_SOCKET, SO_BINDTODEVICE, cfg->interface, strlen(cfg->interface)) < 0) {
642 fr_strerror_printf("Failed setting SO_BINDTODEVICE for %s: %s", cfg->interface, fr_syserror(errno));
643 return -1;
644 }
645
646 return 0;
647}
648
649#elif defined(IP_BOUND_IF) || defined(IPV6_BOUND_IF)
650/** OSX bind to interface by index.
651 *
652 */
653static int fr_bio_fd_socket_bind_to_device(fr_bio_fd_t *my, UNUSED fr_bio_fd_config_t const *cfg)
654{
655 int opt, rcode;
656
657 if (!my->info.socket.inet.ifindex) return 0;
658
659 opt = my->info.socket.inet.ifindex;
660
661 switch (my->info.socket.af) {
662 case AF_LOCAL:
663 rcode = setsockopt(my->info.socket.fd, IPPROTO_IP, IP_BOUND_IF, &opt, sizeof(opt));
664 break;
665
666 case AF_INET6:
667 rcode = setsockopt(my->info.socket.fd, IPPROTO_IPV6, IPV6_BOUND_IF, &opt, sizeof(opt));
668 break;
669
670 default:
671 rcode = -1;
672 errno = EAFNOSUPPORT;
673 break;
674 }
675
676 fr_strerror_printf("Failed setting IP_BOUND_IF: %s", fr_syserror(errno));
677 return rcode;
678}
679#else
680
681/** This system is missing SO_BINDTODEVICE, IP_BOUND_IF, IPV6_BOUND_IF
682 *
683 * @todo - FreeBSD IP_RECVIF and IP_SENDIF
684 *
685 * Except that has to be done in recvmsg() and sendmsg(). And it only works on datagram sockets.
686 *
687 * cmsg_len = sizeof(struct sockaddr_dl)
688 * cmsg_level = IPPROTO_IP
689 * cmsg_type = IP_RECVIF
690 */
691static int fr_bio_fd_socket_bind_to_device(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
692{
693 if (!my->info.socket.inet.ifindex) return 0;
694
695 fr_strerror_const("Bind to interface is not supported on this platform");
696 return -1;
697}
698
699/* bind to device */
700#endif
701
702static int fr_bio_fd_socket_bind(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
703{
704 socklen_t salen;
705 struct sockaddr_storage salocal;
706
707 fr_assert((my->info.socket.af == AF_INET) || (my->info.socket.af == AF_INET6));
708
709#ifdef HAVE_CAPABILITY_H
710 /*
711 * If we're binding to a special port as non-root, then
712 * check capabilities. If we're root, we already have
713 * equivalent capabilities so we don't need to check.
714 */
715 if ((my->info.socket.inet.src_port < 1024) && (geteuid() != 0)) {
716 (void)fr_cap_enable(CAP_NET_BIND_SERVICE, CAP_EFFECTIVE);
717 }
718#endif
719
720 if (fr_bio_fd_socket_bind_to_device(my, cfg) < 0) return -1;
721
722 /*
723 * Bind to the IP + interface.
724 */
725 if (fr_ipaddr_to_sockaddr(&salocal, &salen, &my->info.socket.inet.src_ipaddr, my->info.socket.inet.src_port) < 0) return -1;
726
727 /*
728 * If we have a fixed source port, just use that.
729 */
730 if (my->info.cfg->src_port || !my->info.cfg->src_port_start) {
731 if (bind(my->info.socket.fd, (struct sockaddr *) &salocal, salen) < 0) {
732 fr_strerror_printf("Failed binding to socket: %s", fr_syserror(errno));
733 return -1;
734 }
735 } else {
736 uint16_t src_port, current, range;
737 struct sockaddr_in *sin = (struct sockaddr_in *) &salocal;
738
739 fr_assert(my->info.cfg->src_port_start);
740 fr_assert(my->info.cfg->src_port_end);
741 fr_assert(my->info.cfg->src_port_end >= my->info.cfg->src_port_start);
742
743 range = my->info.cfg->src_port_end - my->info.cfg->src_port_start;
744 src_port = fr_rand() % range;
745
746 /*
747 * We only care about sin_port, which is in the same location for sockaddr_in and sockaddr_in6.
748 */
749 fr_assert(sin->sin_port == 0);
750
751 sin->sin_port = htons(my->info.cfg->src_port_start + src_port);
752
753 /*
754 * We've picked a random port in what is hopefully a large range. If that works, we're
755 * done.
756 */
757 if (bind(my->info.socket.fd, (struct sockaddr *) &salocal, salen) == 0) goto done;
758
759 /*
760 * Hunt & peck. Which is horrible.
761 */
762 current = src_port;
763 while (true) {
764 if (current == range) {
765 current = 0;
766 } else {
767 current++;
768 }
769
770 /*
771 * We've already checked this, so stop.
772 */
773 if (current == src_port) break;
774
775 sin->sin_port = htons(my->info.cfg->src_port_start + current);
776
777 if (bind(my->info.socket.fd, (struct sockaddr *) &salocal, salen) == 0) goto done;
778 }
779
780 /*
781 * The error is a good hint at _why_ we failed to bind.
782 * We expect errno to be EADDRINUSE, anything else is a surprise.
783 */
784 fr_strerror_printf("Failed binding port between 'src_port_start' and 'src_port_end': %s", fr_syserror(errno));
785 return -1;
786 }
787
788 /*
789 * The source IP may have changed, so get the new one.
790 */
791done:
792 return fr_bio_fd_socket_name(my);
793}
794
795static void fr_bio_fd_name(fr_bio_fd_t *my)
796{
797 fr_bio_fd_config_t const *cfg = my->info.cfg;
798
799 switch (my->info.type) {
800 case FR_BIO_FD_INVALID:
801 return;
802
803 case FR_BIO_FD_UNCONNECTED:
804 fr_assert(cfg->socket_type == SOCK_DGRAM);
805
806 switch (my->info.socket.af) {
807 case AF_INET:
808 case AF_INET6:
809 my->info.name = fr_asprintf(my, "proto udp local %pV port %u",
810 fr_box_ipaddr(my->info.socket.inet.src_ipaddr),
811 my->info.socket.inet.src_port);
812 break;
813
814 case AF_LOCAL:
815 my->info.name = fr_asprintf(my, "proto unix (datagram) filename %s",
816 cfg->path);
817 break;
818
819 default:
820 fr_assert(0);
821 my->info.name = "??? invalid BIO ???";
822 break;
823 }
824 break;
825
826 case FR_BIO_FD_CONNECTED:
827 case FR_BIO_FD_ACCEPTED:
828 switch (my->info.socket.af) {
829 case AF_INET:
830 case AF_INET6:
831 my->info.name = fr_asprintf(my, "proto %s local %pV port %u remote %pV port %u",
832 (cfg->socket_type == SOCK_DGRAM) ? "udp" : "tcp",
833 fr_box_ipaddr(my->info.socket.inet.src_ipaddr),
834 my->info.socket.inet.src_port,
835 fr_box_ipaddr(my->info.socket.inet.dst_ipaddr),
836 my->info.socket.inet.dst_port);
837 break;
838
839 case AF_LOCAL:
840 my->info.name = fr_asprintf(my, "proto unix %sfilename %s",
841 (cfg->socket_type == SOCK_DGRAM) ? "(datagram) " : "",
842 cfg->path);
843 break;
844
845 case AF_FILE_BIO:
846 fr_assert(cfg->socket_type == SOCK_STREAM);
847
848 if (cfg->flags == O_RDONLY) {
849 my->info.name = fr_asprintf(my, "proto file (read-only) filename %s ",
850 cfg->filename);
851
852 } else if (cfg->flags == O_WRONLY) {
853 my->info.name = fr_asprintf(my, "proto file (write-only) filename %s",
854 cfg->filename);
855 } else {
856 my->info.name = fr_asprintf(my, "proto file (read-write) filename %s",
857 cfg->filename);
858 }
859 break;
860
861 default:
862 fr_assert(0);
863 my->info.name = "??? invalid BIO ???";
864 break;
865 }
866 break;
867
868 case FR_BIO_FD_LISTEN:
869 fr_assert(cfg->socket_type == SOCK_STREAM);
870
871 switch (my->info.socket.af) {
872 case AF_INET:
873 case AF_INET6:
874 my->info.name = fr_asprintf(my, "proto %s local %pV port %u",
875 (cfg->socket_type == SOCK_DGRAM) ? "udp" : "tcp",
876 fr_box_ipaddr(my->info.socket.inet.src_ipaddr),
877 my->info.socket.inet.src_port);
878 break;
879
880 case AF_LOCAL:
881 my->info.name = fr_asprintf(my, "proto unix filename %s",
882 cfg->path);
883 break;
884
885 default:
886 fr_assert(0);
887 my->info.name = "??? invalid BIO ???";
888 break;
889 }
890 break;
891 }
892}
893
894/** Checks the configuration without modifying anything.
895 *
896 */
897int fr_bio_fd_check_config(fr_bio_fd_config_t const *cfg)
898{
899 /*
900 * Unix sockets and files are OK.
901 */
902 if (cfg->path || cfg->filename) return 0;
903
904 /*
905 * Sanitize the IP addresses.
906 *
907 */
908 switch (cfg->type) {
909 case FR_BIO_FD_INVALID:
910 fr_strerror_const("No connection type was specified");
911 return -1;
912
913 case FR_BIO_FD_CONNECTED:
914 /*
915 * Ensure that we have a destination address.
916 */
917 if (cfg->dst_ipaddr.af == AF_UNSPEC) {
918 fr_strerror_const("No destination IP address was specified");
919 return -1;
920 }
921
922 if (!cfg->dst_port) {
923 fr_strerror_const("No destination port was specified");
924 return -1;
925 }
926
927 /*
928 * The source IP has to be the same address family as the destination IP.
929 */
930 if ((cfg->src_ipaddr.af != AF_UNSPEC) && (cfg->src_ipaddr.af != cfg->dst_ipaddr.af)) {
931 fr_strerror_printf("Source and destination IP addresses are not from the same IP address family");
932 return -1;
933 }
934 break;
935
936 case FR_BIO_FD_LISTEN:
937 if (!cfg->src_port) {
938 fr_strerror_const("No source port was specified");
939 return -1;
940 }
941 FALL_THROUGH;
942
943 /*
944 * Unconnected sockets can use a source port, but don't need one.
945 */
946 case FR_BIO_FD_UNCONNECTED:
947 if (cfg->path && cfg->filename) {
948 fr_strerror_const("Unconnected sockets cannot be used with Unix sockets or files");
949 return -1;
950 }
951
952 if (cfg->src_ipaddr.af == AF_UNSPEC) {
953 fr_strerror_const("No source IP address was specified");
954 return -1;
955 }
956 break;
957
958 case FR_BIO_FD_ACCEPTED:
959 fr_assert(cfg->src_ipaddr.af != AF_UNSPEC);
960 fr_assert(cfg->dst_ipaddr.af != AF_UNSPEC);
961 break;
962 }
963
964 return 0;
965}
966
967/** Opens a socket and updates sock->fd
968 *
969 * If the socket is asynchronous, it also calls connect()
970 */
971int fr_bio_fd_open(fr_bio_t *bio, fr_bio_fd_config_t const *cfg)
972{
973 int fd;
974 int rcode;
975 fr_bio_fd_t *my = talloc_get_type_abort(bio, fr_bio_fd_t);
976
977 fr_strerror_clear();
978
979 my->info = (fr_bio_fd_info_t) {
980 .socket = {
981 .type = cfg->socket_type,
982 },
983 .cfg = cfg,
984 };
985
986 if (!cfg->path && !cfg->filename) {
987 int protocol;
988
989 my->info.socket.af = cfg->src_ipaddr.af;
990 my->info.socket.inet.src_ipaddr = cfg->src_ipaddr;
991 my->info.socket.inet.dst_ipaddr = cfg->dst_ipaddr;
992 my->info.socket.inet.src_port = cfg->src_port;
993 my->info.socket.inet.dst_port = cfg->dst_port;
994
995 if (fr_bio_fd_check_config(cfg) < 0) return -1;
996
997 /*
998 * Sanitize the IP addresses.
999 *
1000 */
1001 switch (cfg->type) {
1002 case FR_BIO_FD_INVALID:
1003 return -1;
1004
1005 case FR_BIO_FD_CONNECTED:
1006 /*
1007 * No source specified, just bootstrap it from the destination.
1008 */
1009 if (my->info.socket.inet.src_ipaddr.af == AF_UNSPEC) {
1010 my->info.socket.inet.src_ipaddr = (fr_ipaddr_t) {
1011 .af = my->info.socket.inet.dst_ipaddr.af,
1012 .prefix = (my->info.socket.inet.dst_ipaddr.af == AF_INET) ? 32 : 128,
1013 };
1014
1015 /*
1016 * Set the main socket AF too.
1017 */
1018 my->info.socket.af = my->info.socket.inet.dst_ipaddr.af;
1019 }
1020
1021 /*
1022 * The source IP has to be the same address family as the destination IP.
1023 */
1024 if (my->info.socket.inet.src_ipaddr.af != my->info.socket.inet.dst_ipaddr.af) {
1025 fr_strerror_const("Source and destination IP addresses are not from the same IP address family");
1026 return -1;
1027 }
1028 break;
1029
1030 case FR_BIO_FD_UNCONNECTED:
1031 case FR_BIO_FD_LISTEN:
1032 fr_assert(my->info.socket.inet.src_ipaddr.af != AF_UNSPEC);
1033 break;
1034
1035 case FR_BIO_FD_ACCEPTED:
1036 fr_assert(my->info.socket.inet.src_ipaddr.af != AF_UNSPEC);
1037 fr_assert(my->info.socket.inet.dst_ipaddr.af != AF_UNSPEC);
1038 break;
1039 }
1040
1041 if (cfg->socket_type == SOCK_STREAM) {
1042 protocol = IPPROTO_TCP;
1043 } else {
1044 protocol = IPPROTO_UDP;
1045 }
1046
1047 if (cfg->interface) {
1048 my->info.socket.inet.ifindex = if_nametoindex(cfg->interface);
1049
1050 if (!my->info.socket.inet.ifindex) {
1051 fr_strerror_printf_push("Failed finding interface %s: %s", cfg->interface, fr_syserror(errno));
1052 return -1;
1053 }
1054 }
1055
1056 /*
1057 * It's already opened, so we don't need to do that.
1058 */
1059 if (cfg->type == FR_BIO_FD_ACCEPTED) {
1060 fd = my->info.socket.fd;
1061 fr_assert(fd >= 0);
1062
1063 } else {
1064 fd = socket(my->info.socket.af, my->info.socket.type, protocol);
1065 if (fd < 0) {
1066 fr_strerror_printf("Failed opening socket: %s", fr_syserror(errno));
1067 return -1;
1068 }
1069 }
1070
1071 } else if (cfg->path) {
1072 my->info.socket.af = AF_LOCAL;
1073 my->info.socket.type = SOCK_STREAM;
1074 my->info.socket.unix.path = cfg->path;
1075
1076 fd = socket(my->info.socket.af, my->info.socket.type, 0);
1077 if (fd < 0) {
1078 fr_strerror_printf("Failed opening domain socket %s: %s", cfg->path, fr_syserror(errno));
1079 return -1;
1080 }
1081
1082 } else {
1083 if (cfg->type != FR_BIO_FD_CONNECTED) {
1084 fr_strerror_printf("Can only use connected sockets for file IO");
1085 return -1;
1086 }
1087
1088 /*
1089 * Filenames overload the #fr_socket_t for now.
1090 */
1091 my->info.socket.af = AF_FILE_BIO;
1092 my->info.socket.type = SOCK_STREAM;
1093 my->info.socket.unix.path = cfg->filename;
1094
1095 /*
1096 * Allow hacks for stdout and stderr
1097 */
1098 if (strcmp(cfg->filename, "/dev/stdout") == 0) {
1099 if (cfg->flags != O_WRONLY) {
1100 fail_dev:
1101 fr_strerror_printf("Cannot read from %s", cfg->filename);
1102 return -1;
1103 }
1104
1105 fd = dup(STDOUT_FILENO);
1106
1107 } else if (strcmp(cfg->filename, "/dev/stderr") == 0) {
1108 if (cfg->flags != O_WRONLY) goto fail_dev;
1109
1110 fd = dup(STDERR_FILENO);
1111
1112 } else if (strcmp(cfg->filename, "/dev/stdin") == 0) {
1113 if (cfg->flags != O_RDONLY) {
1114 fr_strerror_printf("Cannot write to %s", cfg->filename);
1115 return -1;
1116 }
1117
1118 fd = dup(STDIN_FILENO);
1119
1120 } else {
1121 /*
1122 * Minor hacks so that we have only _one_ source of open / mkdir
1123 */
1124 my->info.socket.fd = -1;
1125
1126 fd = fr_bio_fd_reopen(bio);
1127 }
1128 if (fd < 0) {
1129 fr_strerror_printf("Failed opening file %s: %s", cfg->filename, fr_syserror(errno));
1130 return -1;
1131 }
1132 }
1133
1134 /*
1135 * Set it to be non-blocking if required.
1136 */
1137 if (cfg->async && (fr_nonblock(fd) < 0)) {
1138 fr_strerror_printf("Failed opening setting O_NONBLOCK: %s", fr_syserror(errno));
1139
1140 fail:
1141 my->info.socket = (fr_socket_t) {
1142 .fd = -1,
1143 };
1144 my->info.state = FR_BIO_FD_STATE_CLOSED;
1145 my->info.cfg = NULL;
1146 close(fd);
1147 return -1;
1148 }
1149
1150#ifdef FD_CLOEXEC
1151 /*
1152 * We don't want child processes inheriting these file descriptors.
1153 */
1154 rcode = fcntl(fd, F_GETFD);
1155 if (rcode >= 0) {
1156 if (fcntl(fd, F_SETFD, rcode | FD_CLOEXEC) < 0) {
1157 fr_strerror_printf("Failed opening setting FD_CLOEXE: %s", fr_syserror(errno));
1158 goto fail;
1159 }
1160 }
1161#endif
1162
1163 /*
1164 * Initialize the bio information before calling the various setup functions.
1165 */
1166 my->info.state = FR_BIO_FD_STATE_CONNECTING;
1167
1168 /*
1169 * Set the FD so that the subsequent calls can use it.
1170 */
1171 my->info.socket.fd = fd;
1172
1173 /*
1174 * Set the type, too.
1175 */
1176 my->info.type = cfg->type;
1177
1178 /*
1179 * Do sanity checks, bootstrap common socket options, bind to the socket, and initialize the read
1180 * / write functions.
1181 */
1182 switch (cfg->type) {
1183 case FR_BIO_FD_INVALID:
1184 return -1;
1185
1186 /*
1187 * Unconnected UDP or datagram AF_LOCAL server sockets.
1188 */
1189 case FR_BIO_FD_UNCONNECTED:
1190 if (my->info.socket.type != SOCK_DGRAM) {
1191 fr_strerror_const("Failed configuring socket: unconnected sockets must be UDP");
1192 return -1;
1193 }
1194
1195 switch (my->info.socket.af) {
1196 case AF_INET:
1197 case AF_INET6:
1198 if (fr_bio_fd_common_udp(fd, &my->info.socket, cfg) < 0) goto fail;
1199 break;
1200
1201 case AF_LOCAL:
1202 if (fr_bio_fd_common_datagram(fd, &my->info.socket, cfg) < 0) goto fail;
1203 break;
1204
1205 case AF_FILE_BIO:
1206 fr_strerror_const("Filenames must use the connected API");
1207 goto fail;
1208
1209 default:
1210 fr_strerror_const("Unsupported address family for unconnected sockets");
1211 goto fail;
1212 }
1213
1214 if (fr_bio_fd_socket_bind(my, cfg) < 0) goto fail;
1215
1216 if (fr_bio_fd_init_common(my) < 0) goto fail;
1217 break;
1218
1219 /*
1220 * A connected client: UDP, TCP, AF_LOCAL, or AF_FILE_BIO
1221 */
1222 case FR_BIO_FD_CONNECTED:
1223 if (my->info.socket.type == SOCK_DGRAM) {
1224 rcode = fr_bio_fd_common_datagram(fd, &my->info.socket, cfg); /* we don't use SO_REUSEPORT for clients */
1225 if (rcode < 0) goto fail;
1226
1227 } else if ((my->info.socket.af == AF_INET) || (my->info.socket.af == AF_INET6)) {
1228 rcode = fr_bio_fd_common_tcp(fd, &my->info.socket, cfg);
1229 if (rcode < 0) goto fail;
1230 }
1231
1232 switch (my->info.socket.af) {
1233 case AF_LOCAL:
1234 if (fr_bio_fd_socket_bind_unix(my, cfg) < 0) goto fail;
1235 break;
1236
1237 case AF_FILE_BIO:
1238 break;
1239
1240 case AF_INET:
1241 case AF_INET6:
1242 if (fr_bio_fd_socket_bind(my, cfg) < 0) goto fail;
1243 break;
1244
1245 default:
1246 return -1;
1247 }
1248
1249 if (fr_bio_fd_init_connected(my) < 0) goto fail;
1250 break;
1251
1252 case FR_BIO_FD_ACCEPTED:
1253#ifdef SO_NOSIGPIPE
1254 /*
1255 * Although the server ignore SIGPIPE, some operating systems like BSD and OSX ignore the
1256 * ignoring.
1257 *
1258 * Fortunately, those operating systems usually support SO_NOSIGPIPE. We set that to prevent
1259 * them raising the signal in the first place.
1260 */
1261 {
1262 int on = 1;
1263
1264 setsockopt(my->info.socket.fd, SOL_SOCKET, SO_NOSIGPIPE, &on, sizeof(on));
1265 }
1266#endif
1267
1268 my->info.type = FR_BIO_FD_CONNECTED;
1269
1270 if (fr_bio_fd_init_common(my) < 0) goto fail;
1271 break;
1272
1273 /*
1274 * Server socket which listens for new stream connections
1275 */
1276 case FR_BIO_FD_LISTEN:
1277 fr_assert(my->info.socket.type == SOCK_STREAM);
1278
1279 switch (my->info.socket.af) {
1280 case AF_INET:
1281 if (fr_bio_fd_server_ipv4(fd, &my->info.socket, cfg) < 0) goto fail;
1282
1283 if (fr_bio_fd_socket_bind(my, cfg) < 0) goto fail;
1284 break;
1285
1286 case AF_INET6:
1287 if (fr_bio_fd_server_ipv6(fd, &my->info.socket, cfg) < 0) goto fail;
1288
1289 if (fr_bio_fd_socket_bind(my, cfg) < 0) goto fail;
1290 break;
1291
1292 case AF_LOCAL:
1293 if (fr_bio_fd_socket_bind_unix(my, cfg) < 0) goto fail;
1294 break;
1295
1296 default:
1297 fr_strerror_const("Unsupported address family for accept() socket");
1298 goto fail;
1299 }
1300
1301 if (fr_bio_fd_init_listen(my) < 0) goto fail;
1302 break;
1303 }
1304
1305 /*
1306 * Set the name of the BIO.
1307 */
1308 fr_bio_fd_name(my);
1309
1310 return 0;
1311}
1312
1313/** Reopen a file BIO
1314 *
1315 * e.g. for log files.
1316 */
1317int fr_bio_fd_reopen(fr_bio_t *bio)
1318{
1319 fr_bio_fd_t *my = talloc_get_type_abort(bio, fr_bio_fd_t);
1320 fr_bio_fd_config_t const *cfg = my->info.cfg;
1321 int fd, flags;
1322
1323 if (my->info.socket.af != AF_FILE_BIO) {
1324 fr_strerror_const("Cannot reopen a non-file BIO");
1325 return -1;
1326 }
1327
1328 /*
1329 * Create it if necessary.
1330 */
1331 flags = cfg->flags;
1332 if (flags != O_RDONLY) flags |= O_CREAT;
1333
1334 if (!cfg->mkdir) {
1335 /*
1336 * Client BIOs writing to a file, and therefore need to create it.
1337 */
1338 do_open:
1339 fd = open(cfg->filename, flags, cfg->perm);
1340 if (fd < 0) {
1341 failed_open:
1342 fr_strerror_printf("Failed opening file %s: %s", cfg->filename, fr_syserror(errno));
1343 return -1;
1344 }
1345
1346 } else {
1347 /*
1348 * We make the parent directory if told to, AND if there's a '/' in the path.
1349 */
1350 char *p = strrchr(cfg->filename, '/');
1351 int dir_fd;
1352
1353 if (!p) goto do_open;
1354
1355 if (fr_mkdir(&dir_fd, cfg->filename, (size_t) (p - cfg->filename), cfg->perm, fr_mkdir_chown,
1356 &(fr_mkdir_chown_t) {
1357 .uid = cfg->uid,
1358 .gid = cfg->gid,
1359 }) < 0) {
1360 return -1;
1361 }
1362
1363 fd = openat(dir_fd, p + 1, flags, cfg->perm);
1364 if (fd < 0) {
1365 close(dir_fd);
1366 goto failed_open;
1367 }
1368 }
1369
1370 /*
1371 * We're boot-strapping, just set the new FD and return.
1372 */
1373 if (my->info.socket.fd < 0) {
1374 return fd;
1375 }
1376
1377 /*
1378 * Replace the FD rather than swapping it out with a new one. This is potentially more
1379 * thread-safe.
1380 */
1381 if (dup2(fd, my->info.socket.fd) < 0) {
1382 close(fd);
1383 fr_strerror_printf("Failed reopening file - %s", fr_syserror(errno));
1384 return -1;
1385 }
1386
1387 close(fd);
1388 return my->info.socket.fd;
1389}
fr_bio_s
Definition base.h:112
UNCONST
#define UNCONST(_type, _ptr)
Remove const qualification from a pointer.
Definition build.h:167
FALL_THROUGH
#define FALL_THROUGH
clang 10 doesn't recognised the FALL-THROUGH comment anymore
Definition build.h:324
UNUSED
#define UNUSED
Definition build.h:317
fr_bio_fd_socket_name
int fr_bio_fd_socket_name(fr_bio_fd_t *my)
Definition fd.c:645
fr_bio_fd_init_connected
int fr_bio_fd_init_connected(fr_bio_fd_t *my)
Definition fd.c:801
fr_filename_to_sockaddr
int fr_filename_to_sockaddr(struct sockaddr_un *sun, socklen_t *sunlen, char const *filename)
Definition fd.c:627
fr_bio_fd_init_listen
int fr_bio_fd_init_listen(fr_bio_fd_t *my)
Definition fd.c:982
fr_bio_fd_init_common
int fr_bio_fd_init_common(fr_bio_fd_t *my)
Definition fd.c:864
fr_bio_fd_config_t::src_port
uint16_t src_port
our port
Definition fd.h:92
FR_BIO_FD_ACCEPTED
@ FR_BIO_FD_ACCEPTED
temporarily until it's connected.
Definition fd.h:71
FR_BIO_FD_CONNECTED
@ FR_BIO_FD_CONNECTED
connected client sockets (UDP or TCP)
Definition fd.h:68
FR_BIO_FD_INVALID
@ FR_BIO_FD_INVALID
not set
Definition fd.h:64
FR_BIO_FD_UNCONNECTED
@ FR_BIO_FD_UNCONNECTED
unconnected UDP / datagram only
Definition fd.h:65
FR_BIO_FD_LISTEN
@ FR_BIO_FD_LISTEN
returns new fd in buffer on fr_bio_read() or fr_bio_fd_accept()
Definition fd.h:69
fr_bio_fd_config_t::recv_buff
uint32_t recv_buff
How big the kernel's receive buffer should be.
Definition fd.h:100
fr_bio_fd_config_t::mkdir
bool mkdir
make intermediate directories
Definition fd.h:107
FR_BIO_FD_STATE_CLOSED
@ FR_BIO_FD_STATE_CLOSED
Definition fd.h:58
FR_BIO_FD_STATE_CONNECTING
@ FR_BIO_FD_STATE_CONNECTING
Definition fd.h:60
FR_BIO_FD_STATE_OPEN
@ FR_BIO_FD_STATE_OPEN
error states must be before this
Definition fd.h:59
fr_bio_fd_config_t::dst_ipaddr
fr_ipaddr_t dst_ipaddr
their IP address
Definition fd.h:90
fr_bio_fd_config_t::type
fr_bio_fd_type_t type
accept, connected, unconnected, etc.
Definition fd.h:82
fr_bio_fd_config_t::path
char const * path
for Unix domain sockets
Definition fd.h:103
fr_bio_fd_config_t::send_buff
uint32_t send_buff
How big the kernel's send buffer should be.
Definition fd.h:101
fr_bio_fd_config_t::filename
char const * filename
for files
Definition fd.h:109
fr_bio_fd_config_t::uid
uid_t uid
who owns the socket
Definition fd.h:105
fr_bio_fd_config_t::server
bool server
is this a client or a server?
Definition fd.h:86
fr_bio_fd_config_t::gid
gid_t gid
who owns the socket
Definition fd.h:106
fr_bio_fd_config_t::interface
char const * interface
for binding to an interface
Definition fd.h:98
fr_bio_fd_config_t::perm
mode_t perm
permissions for domain sockets
Definition fd.h:104
AF_FILE_BIO
#define AF_FILE_BIO
Definition fd.h:40
fr_bio_fd_config_t::socket_type
int socket_type
SOCK_STREAM or SOCK_DGRAM.
Definition fd.h:84
fr_bio_fd_config_t::dst_port
uint16_t dst_port
their port
Definition fd.h:93
fr_bio_fd_config_t::tcp_delay
bool tcp_delay
We do tcp_nodelay by default.
Definition fd.h:113
fr_bio_fd_config_t::reuse_port
bool reuse_port
whether or not we re-use the same destination port for datagram sockets
Definition fd.h:87
fr_bio_fd_config_t::async
bool async
is it async
Definition fd.h:112
fr_bio_fd_config_t::flags
int flags
O_RDONLY, etc.
Definition fd.h:110
fr_bio_fd_config_t::src_ipaddr
fr_ipaddr_t src_ipaddr
our IP address
Definition fd.h:89
fr_bio_fd_config_t
Configuration for sockets.
Definition fd.h:81
fr_bio_fd_info_t
Run-time status of the socket.
Definition fd.h:128
my
fr_bio_shutdown & my
Definition fd_errno.h:59
fr_bio_fd_socket_unix_mkdir
static int fr_bio_fd_socket_unix_mkdir(int *dirfd, char const **filename, fr_bio_fd_config_t const *cfg)
Definition fd_open.c:325
fr_bio_fd_name
static void fr_bio_fd_name(fr_bio_fd_t *my)
Definition fd_open.c:795
fr_bio_fd_socket_unix_verify
static int fr_bio_fd_socket_unix_verify(int dirfd, char const *filename, fr_bio_fd_config_t const *cfg)
Verify or clean up a pre-existing domain socket.
Definition fd_open.c:258
fr_bio_fd_unix_shutdown
static void fr_bio_fd_unix_shutdown(fr_bio_t *bio)
Definition fd_open.c:466
fr_bio_fd_server_ipv6
static int fr_bio_fd_server_ipv6(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize an IPv6 server socket.
Definition fd_open.c:231
fr_bio_fd_common_udp
static int fr_bio_fd_common_udp(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize a UDP socket.
Definition fd_open.c:150
fr_bio_fd_reopen
int fr_bio_fd_reopen(fr_bio_t *bio)
Reopen a file BIO.
Definition fd_open.c:1317
fr_bio_fd_server_tcp
static int fr_bio_fd_server_tcp(int fd, UNUSED fr_socket_t const *sock)
Initialize a TCP server socket.
Definition fd_open.c:176
fr_bio_fd_socket_bind_unix
static int fr_bio_fd_socket_bind_unix(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
Bind to a Unix domain socket.
Definition fd_open.c:499
fr_bio_fd_socket_bind
static int fr_bio_fd_socket_bind(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
Definition fd_open.c:702
fr_bio_fd_server_ipv4
static int fr_bio_fd_server_ipv4(int fd, fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize an IPv4 server socket.
Definition fd_open.c:191
fr_bio_fd_common_tcp
static int fr_bio_fd_common_tcp(int fd, UNUSED fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize common datagram information.
Definition fd_open.c:40
fr_bio_fd_socket_bind_to_device
static int fr_bio_fd_socket_bind_to_device(fr_bio_fd_t *my, fr_bio_fd_config_t const *cfg)
This system is missing SO_BINDTODEVICE, IP_BOUND_IF, IPV6_BOUND_IF.
Definition fd_open.c:691
fr_bio_fd_open
int fr_bio_fd_open(fr_bio_t *bio, fr_bio_fd_config_t const *cfg)
Opens a socket and updates sock->fd.
Definition fd_open.c:971
fr_bio_fd_check_config
int fr_bio_fd_check_config(fr_bio_fd_config_t const *cfg)
Checks the configuration without modifying anything.
Definition fd_open.c:897
fr_bio_fd_common_datagram
static int fr_bio_fd_common_datagram(int fd, UNUSED fr_socket_t const *sock, fr_bio_fd_config_t const *cfg)
Initialize common datagram information.
Definition fd_open.c:84
fr_bio_fd_s
Our FD bio structure.
Definition fd_priv.h:35
fr_mkdir
ssize_t fr_mkdir(int *fd_out, char const *path, ssize_t len, mode_t mode, fr_mkdir_func_t func, void *uctx)
Create directories that are missing in the specified path.
Definition file.c:219
fr_mkdir_chown
int fr_mkdir_chown(int fd, char const *path, void *uctx)
Callback for the common case of chown() of the directory.
Definition file.c:39
fr_dirfd
int fr_dirfd(int *dirfd, char const **filename, char const *pathname)
From a pathname, return fd and filename needed for *at() functions.
Definition file.c:412
fr_mkdir_chown_t
Definition file.h:47
fr_ipaddr_to_sockaddr
int fr_ipaddr_to_sockaddr(struct sockaddr_storage *sa, socklen_t *salen, fr_ipaddr_t const *ipaddr, uint16_t port)
Convert our internal ip address representation to a sockaddr.
Definition inet.c:1392
fr_ipaddr_t::af
int af
Address family.
Definition inet.h:64
fr_ipaddr_t
IPv4/6 prefix.
Definition merged_model.c:266
talloc_free
talloc_free(reap)
uint16_t
unsigned short uint16_t
Definition merged_model.c:31
mode_t
unsigned int mode_t
Definition merged_model.c:21
fr_nonblock
int fr_nonblock(UNUSED int fd)
Definition misc.c:293
fr_asprintf
char * fr_asprintf(TALLOC_CTX *ctx, char const *fmt,...)
Special version of asprintf which implements custom format specifiers.
Definition print.c:874
fr_assert
#define fr_assert(_expr)
Definition rad_assert.h:38
current
static rc_request_t * current
Definition radclient-ng.c:100
done
static bool done
Definition radclient.c:80
fr_rand
uint32_t fr_rand(void)
Return a 32-bit random number.
Definition rand.c:105
FD_CLOEXEC
#define FD_CLOEXEC
fr_socket_client_unix
int fr_socket_client_unix(UNUSED char const *path, UNUSED bool async)
Definition socket.c:564
fr_syserror
char const * fr_syserror(int num)
Guaranteed to be thread-safe version of strerror.
Definition syserror.c:243
close
close(uq->fd)
fr_socket_t::type
int type
SOCK_STREAM, SOCK_DGRAM, etc.
Definition socket.h:79
fr_socket_t
Holds information necessary for binding or connecting to a socket.
Definition socket.h:63
fr_strerror_clear
void fr_strerror_clear(void)
Clears all pending messages from the talloc pools.
Definition strerror.c:577
fr_strerror_printf
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
Definition strerror.h:64
fr_strerror_printf_push
#define fr_strerror_printf_push(_fmt,...)
Add a message to an existing stack of messages at the tail.
Definition strerror.h:84
fr_strerror_const
#define fr_strerror_const(_msg)
Definition strerror.h:223
fr_box_ipaddr
#define fr_box_ipaddr(_val)
Definition value.h:305
Generated by   doxygen 1.9.8