udpsvd: more work on it. works in limited testing.

git-svn-id: svn://busybox.net/trunk/busybox@18311 69ca8d6d-28ef-0310-b511-8ec308f3f277

5 files changed, 320 insertions, 60 deletions

diff --git a/include/libbb.h b/include/libbb.h
index b802e01d3..e5413b1a4 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -321,6 +321,17 @@ typedef struct len_and_sockaddr {
 #endif
         };
 } len_and_sockaddr;
+enum {
+        LSA_SIZEOF_SA = sizeof(
+                union {
+                        struct sockaddr sa;
+                        struct sockaddr_in sin;
+#if ENABLE_FEATURE_IPV6
+                        struct sockaddr_in6 sin6;
+#endif
+                }
+        )
+};
 /* Create stream socket, and allocated suitable lsa
  * (lsa of correct size and lsa->sa.sa_family (AF_INET/AF_INET6)) */
 int xsocket_stream(len_and_sockaddr **lsap);
diff --git a/include/usage.h b/include/usage.h
index cec2dd766..bab14f5c3 100644
--- a/include/usage.h
+++ b/include/usage.h
@@ -3326,32 +3326,41 @@ USE_FEATURE_RUN_PARTS_FANCY("\n	-l	Prints names of all matching files even when
        "1\n"
 
 #define tcpsvd_trivial_usage \
-       "[-hpEvv] [-c n] [-C n:msg] [-b n] [-u user] [-l name] ip port prog..."
+       "[-hEv] [-c n] [-C n:msg] [-b n] [-u user] [-l name] ip port prog..."
 /* with not-implemented options: */
 /*     "[-hpEvv] [-c n] [-C n:msg] [-b n] [-u user] [-l name] [-i dir|-x cdb] [ -t sec] ip port prog..." */
 #define tcpsvd_full_usage \
-       "tcpsvd creates TCP/IP socket, binds it to host:port\n" \
-       "and listens on in for incoming connections. For each connection\n" \
-       "it runs prog" \
+       "Creates TCP socket, binds it to host:port and listens on in\n" \
+       "for incoming connections. For each connection it runs prog" \
      "\n" \
-     "\nip              IP to listen on. '0' = 'all'" \
+     "\nip              IP to listen on. '0' = all" \
      "\nport            Port to listen on" \
-     "\nprog [arg]      Program to run for each connection" \
+     "\nprog [arg]      Program to run" \
      "\n-l name         Local hostname (else looks up local hostname in DNS)" \
      "\n-u user[:group] Change to user/group after bind" \
      "\n-c n            Handle up to n connections simultaneously" \
      "\n-C n[:msg]      Allow only up to n connections from the same IP" \
      "\n                New connections from this IP address are closed" \
      "\n                immediately. 'msg' is written to the peer before close" \
-     "\n-h              Look up peer's hostname in DNS" \
+     "\n-h              Look up peer's hostname" \
      "\n-b n            Allow a backlog of approximately n TCP SYNs" \
      "\n-E              Do not set up TCP-related environment variables" \
      "\n-v              Verbose"
 
 #define udpsvd_trivial_usage \
-       "TODO"
+       "[-hv] [-u user] [-l name] host port prog"
 #define udpsvd_full_usage \
-       "TODO"
+       "Creates UDP socket, binds it to host:port and listens on in\n" \
+       "for incoming packets. When packet arrives it runs prog.\n" \
+       "When prog exits, it start to listen on the socket again" \
+     "\n" \
+     "\nip              IP to listen on. '0' = all" \
+     "\nport            Port to listen on" \
+     "\nprog [arg]      Program to run" \
+     "\n-l name         Local hostname (else looks up local hostname in DNS)" \
+     "\n-u user[:group] Change to user/group after bind" \
+     "\n-h              Look up peer's hostname" \
+     "\n-v              Verbose"
 
 #define tftp_trivial_usage \
        "[OPTION]... HOST [PORT]"
diff --git a/ipsvd/tcpsvd.c b/ipsvd/tcpsvd.c
index 98234a78b..056deff33 100644
--- a/ipsvd/tcpsvd.c
+++ b/ipsvd/tcpsvd.c
@@ -179,7 +179,10 @@ int tcpsvd_main(int argc, char **argv)
         if (!argv[0][0] || LONE_CHAR(argv[0], '0'))
                 argv[0] = (char*)"0.0.0.0";
 
+        /* stdout is used for logging, don't buffer */
         setlinebuf(stdout);
+        bb_sanitize_stdio(); /* fd# 1,2 must be opened */
+
         need_hostnames = verbose || !(option_mask32 & OPT_E);
         need_remote_ip = max_per_host || need_hostnames;
 
@@ -232,7 +235,6 @@ int tcpsvd_main(int argc, char **argv)
                 xsetuid(ugid.uid);
         }
 #endif
-        bb_sanitize_stdio(); /* fd# 1,2 must be opened */
         close(0);
 
         if (verbose) {
@@ -439,6 +441,7 @@ int tcpsvd_main(int argc, char **argv)
 
         xmove_fd(conn, 0);
         dup2(0, 1);
+
         signal(SIGTERM, SIG_DFL);
         signal(SIGPIPE, SIG_DFL);
         signal(SIGCHLD, SIG_DFL);
diff --git a/ipsvd/udp_io.c b/ipsvd/udp_io.c
new file mode 100644
index 000000000..68999d44d
--- /dev/null
+++ b/ipsvd/udp_io.c
@@ -0,0 +1,156 @@
+/* Thus far used only by udpsvd.c */
+
+void socket_want_pktinfo(int fd);
+ssize_t send_to_from(int fd, void *buf, size_t len, int flags,
+                const struct sockaddr *from, const struct sockaddr *to,
+                socklen_t tolen);
+ssize_t recv_from_to(int fd, void *buf, size_t len, int flags,
+                struct sockaddr *from, struct sockaddr *to,
+                socklen_t sa_size);
+
+/*
+ * This asks kernel to let us know dst addr/port of incoming packets
+ * We don't check for errors here. Not supported == won't be used
+ */
+void
+socket_want_pktinfo(int fd)
+{
+#ifdef IP_PKTINFO
+        setsockopt(fd, IPPROTO_IP, IP_PKTINFO, &const_int_1, sizeof(int));
+#endif
+#ifdef IPV6_PKTINFO
+        setsockopt(fd, IPPROTO_IPV6, IPV6_PKTINFO, &const_int_1, sizeof(int));
+#endif
+}
+
+
+ssize_t
+send_to_from(int fd, void *buf, size_t len, int flags,
+                const struct sockaddr *from, const struct sockaddr *to,
+                socklen_t tolen)
+{
+#ifndef IP_PKTINFO
+        return sendto(fd, buf, len, flags, to, tolen);
+#else
+        struct iovec iov[1];
+        struct msghdr msg;
+        char cbuf[LSA_SIZEOF_SA];
+        /* actually, max(sizeof(in_pktinfo),sizeof(in6_pktinfo)) */
+        struct cmsghdr* cmsgptr;
+
+        if (from->sa_family != AF_INET
+#if ENABLE_FEATURE_IPV6
+         && from->sa_family != AF_INET6
+#endif
+        ) {
+                /* ANY local address */
+                return sendto(fd, buf, len, flags, to, tolen);
+        }
+        
+        /* man recvmsg and man cmsg is needed to make sense of code below */
+
+        iov[0].iov_base = buf;
+        iov[0].iov_len = len;
+
+        memset(cbuf, 0, sizeof(cbuf));
+
+        memset(&msg, 0, sizeof(msg));
+        msg.msg_name = (void *)(struct sockaddr *)to; /* or compiler will annoy us */
+        msg.msg_namelen = tolen;
+        msg.msg_iov = iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = cbuf;
+        msg.msg_controllen = sizeof(cbuf);
+        msg.msg_flags = flags;
+
+        cmsgptr = CMSG_FIRSTHDR(&msg);
+        if (to->sa_family == AF_INET && from->sa_family == AF_INET) {
+                struct in_pktinfo *pktptr;
+                cmsgptr->cmsg_level = IPPROTO_IP;
+                cmsgptr->cmsg_type = IP_PKTINFO;
+                cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
+                pktptr = (struct in_pktinfo *)(CMSG_DATA(cmsgptr));
+                /* pktptr->ipi_ifindex = 0; -- already done by memset(cbuf...) */
+                pktptr->ipi_spec_dst = ((struct sockaddr_in*)from)->sin_addr;
+        }
+#if ENABLE_FEATURE_IPV6 && defined(IP6_PKTINFO)
+        else if (to->sa_family == AF_INET6 && from->sa_family == AF_INET6) {
+                struct in6_pktinfo *pktptr;
+                cmsgptr->cmsg_level = IPPROTO_IPV6;
+                cmsgptr->cmsg_type = IP6_PKTINFO;
+                cmsgptr->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
+                pktptr = (struct in6_pktinfo *)(CMSG_DATA(cmsgptr));
+                /* pktptr->ipi6_ifindex = 0; -- already done by memset(cbuf...) */
+                pktptr->ipi6_addr = ((struct sockaddr_in6*)from)->sin6_addr;
+        }
+#endif
+        return sendmsg(fd, &msg, flags);
+#endif
+}
+
+/* NB: this will never set port# in *to! */
+ssize_t
+recv_from_to(int fd, void *buf, size_t len, int flags,
+                struct sockaddr *from, struct sockaddr *to,
+                socklen_t sa_size)
+{
+#ifndef IP_PKTINFO
+        return recvfrom(fd, buf, len, flags, from, &sa_size);
+#else
+        /* man recvmsg and man cmsg is needed to make sense of code below */
+        struct iovec iov[1];
+        union {
+                char cmsg[CMSG_SPACE(sizeof(struct in_pktinfo))];
+                char cmsg6[CMSG_SPACE(sizeof(struct in6_pktinfo))];
+        } u;
+        struct cmsghdr *cmsgptr;
+        struct msghdr msg;
+        socklen_t recv_length;
+
+        iov[0].iov_base = buf;
+        iov[0].iov_len = len;
+
+        memset(&msg, 0, sizeof(msg));
+        msg.msg_name = (struct sockaddr *)from;
+        msg.msg_namelen = sa_size;
+        msg.msg_iov = iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = &u;
+        msg.msg_controllen = sizeof(u);
+
+        recv_length = recvmsg(fd, &msg, flags);
+        if (recv_length < 0)
+                return recv_length;
+
+        /* Here we try to retrieve destination IP and memorize it */
+        memset(to, 0, sa_size);
+        for (cmsgptr = CMSG_FIRSTHDR(&msg);
+                        cmsgptr != NULL;
+                        cmsgptr = CMSG_NXTHDR(&msg, cmsgptr)
+        ) {
+                if (cmsgptr->cmsg_level == IPPROTO_IP
+                 && cmsgptr->cmsg_type == IP_PKTINFO
+                ) {
+#define pktinfo(cmsgptr) ( (struct in_pktinfo*)(CMSG_DATA(cmsgptr)) )
+                        to->sa_family = AF_INET;
+                        ((struct sockaddr_in*)to)->sin_addr = pktinfo(cmsgptr)->ipi_addr;
+                        /* ((struct sockaddr_in*)to)->sin_port = 123; */
+#undef pktinfo
+                        break;
+                }
+#if ENABLE_FEATURE_IPV6 && defined(IP6_PKTINFO)
+                if (cmsgptr->cmsg_level == IPPROTO_IPV6
+                 && cmsgptr->cmsg_type == IP6_PKTINFO
+                ) {
+#define pktinfo(cmsgptr) ( (struct in6_pktinfo*)(CMSG_DATA(cmsgptr)) )
+                        to->sa_family = AF_INET6;
+                        ((struct sockaddr_in6*)to)->sin6_addr = pktinfo(cmsgptr)->ipi6_addr;
+                        /* ((struct sockaddr_in6*)to)->sin6_port = 123; */
+#undef pktinfo
+                        break;
+                }
+#endif
+        }
+        return recv_length;
+#endif
+}
diff --git a/ipsvd/udpsvd.c b/ipsvd/udpsvd.c
index 06c4f2e88..700e1aff4 100644
--- a/ipsvd/udpsvd.c
+++ b/ipsvd/udpsvd.c
@@ -22,12 +22,14 @@
 
 #include "busybox.h"
 
+#include "udp_io.c"
+
 unsigned verbose;
 
 static void sig_term_handler(int sig)
 {
         if (verbose)
-                printf("udpsvd: info: sigterm received, exit\n");
+                printf("%s: info: sigterm received, exit\n", applet_name);
         exit(0);
 }
 
@@ -37,21 +39,14 @@ int udpsvd_main(int argc, char **argv)
         const char *instructs;
         char *str_t, *user;
         unsigned opt;
-//      unsigned lookuphost = 0;
-//      unsigned paranoid = 0;
-//      unsigned long timeout = 0;
 
         char *remote_hostname;
-        char *local_hostname = local_hostname; /* gcc */
+        char *local_hostname = NULL;
         char *remote_ip;
         char *local_ip = local_ip; /* gcc */
         uint16_t local_port, remote_port;
-        union {
-                struct sockaddr sa;
-                struct sockaddr_in sin;
-                USE_FEATURE_IPV6(struct sockaddr_in6 sin6;)
-        } sock_adr;
-        socklen_t sockadr_size;
+        len_and_sockaddr remote;
+        len_and_sockaddr *localp;
         int sock;
         int wstat;
         unsigned pid;
@@ -68,7 +63,7 @@ int udpsvd_main(int argc, char **argv)
                 OPT_t = (1 << 7),
         };
 
-        opt_complementary = "ph:vv";
+        opt_complementary = "-3:ph:vv";
         opt = getopt32(argc, argv, "vu:l:hpi:x:t:",
                         &user, &local_hostname, &instructs, &instructs, &str_t, &verbose);
         //if (opt & OPT_x) iscdb =1;
@@ -83,26 +78,29 @@ int udpsvd_main(int argc, char **argv)
         if (!argv[0][0] || LONE_CHAR(argv[0], '0'))
                 argv[0] = (char*)"0.0.0.0";
 
+        /* stdout is used for logging, don't buffer */
         setlinebuf(stdout);
+        bb_sanitize_stdio(); /* fd# 1,2 must be opened */
 
         signal(SIGTERM, sig_term_handler);
         signal(SIGPIPE, SIG_IGN);
 
         local_port = bb_lookup_port(argv[1], "udp", 0);
-        sock = create_and_bind_dgram_or_die(argv[0], local_port);
+        localp = xhost2sockaddr(argv[0], local_port);
+        sock = xsocket(localp->sa.sa_family, SOCK_DGRAM, 0);
+        xmove_fd(sock, 0); /* fd# 0 is the open UDP socket */
+        xbind(0, &localp->sa, localp->len);
+        socket_want_pktinfo(0);
 
         if (opt & OPT_u) { /* drop permissions */
                 xsetgid(ugid.gid);
                 xsetuid(ugid.uid);
         }
-        bb_sanitize_stdio(); /* fd# 1,2 must be opened */
-        close(0);
 
         if (verbose) {
                 /* we do it only for ":port" cosmetics... oh well */
-                len_and_sockaddr *lsa = xhost2sockaddr(argv[0], local_port);
-                char *addr = xmalloc_sockaddr2dotted(&lsa->sa, lsa->len);
-                printf("udpsvd: info: listening on %s", addr);
+                char *addr = xmalloc_sockaddr2dotted(&localp->sa, localp->len);
+                printf("%s: info: listening on %s", applet_name, addr);
                 free(addr);
                 if (option_mask32 & OPT_u)
                         printf(", uid %u, gid %u",
@@ -111,19 +109,8 @@ int udpsvd_main(int argc, char **argv)
         }
 
  again:
-/*      io[0].fd = s;
-        io[0].events = IOPAUSE_READ;
-        io[0].revents = 0;
-        taia_now(&now);
-        taia_uint(&deadline, 3600);
-        taia_add(&deadline, &now, &deadline);
-        iopause(io, 1, &deadline, &now);
-        if (!(io[0].revents | IOPAUSE_READ))
-                goto again;
-        io[0].revents = 0;
-*/
-        sockadr_size = sizeof(sock_adr);
-        if (recvfrom(sock, NULL, 0, MSG_PEEK, &sock_adr.sa, &sockadr_size) == -1) {
+        /* if (recvfrom(0, NULL, 0, MSG_PEEK, &remote.sa, &localp->len) < 0) { */
+        if (recv_from_to(0, NULL, 0, MSG_PEEK, &remote.sa, &localp->sa, localp->len) < 0) {
                 bb_perror_msg("recvfrom");
                 goto again;
         }
@@ -136,28 +123,38 @@ int udpsvd_main(int argc, char **argv)
                 while (wait_pid(&wstat, pid) == -1)
                         bb_perror_msg("error waiting for child");
                 if (verbose)
-                        printf("udpsvd: info: end %u\n", pid);
+                        printf("%s: info: end %u\n", applet_name, pid);
                 goto again;
         }
 
         /* Child */
 
-/*      if (recvfrom(sock, 0, 0, MSG_PEEK, (struct sockaddr *)&sock_adr, &sockadr_size) == -1)
-                drop("unable to read from socket");
-*/
+#if 0
+        /* I'd like to make it so that local addr is fixed to localp->sa,
+         * but how? The below trick doesn't work... */
+        close(0);
+        set_nport(localp, htons(local_port));
+        xmove_fd(xsocket(localp->sa.sa_family, SOCK_DGRAM, 0), 0);
+        xbind(0, &localp->sa, localp->len);
+#endif
+
         if (verbose) {
-                local_ip = argv[0]; // TODO: recv_from_to!
-                local_hostname = (char*)"localhost";
+                local_ip = xmalloc_sockaddr2dotted_noport(&localp->sa, localp->len);
+                if (!local_hostname) {
+                        local_hostname = xmalloc_sockaddr2host_noport(&localp->sa, localp->len);
+                        if (!local_hostname)
+                                bb_error_msg_and_die("cannot look up local hostname for %s", local_ip);
+                }
         }
 
-        remote_ip = xmalloc_sockaddr2dotted_noport(&sock_adr.sa, sockadr_size);
-        remote_port = get_nport(&sock_adr.sa);
+        remote_ip = xmalloc_sockaddr2dotted_noport(&remote.sa, localp->len);
+        remote_port = get_nport(&remote.sa);
         remote_port = ntohs(remote_port);
-        if (verbose) {
-                printf("udpsvd: info: pid %u from %s\n", pid, remote_ip);
-        }
+        if (verbose)
+                printf("%s: info: pid %u from %s\n", applet_name, pid, remote_ip);
+
         if (opt & OPT_h) {
-                remote_hostname = xmalloc_sockaddr2host(&sock_adr.sa, sizeof(sock_adr));
+                remote_hostname = xmalloc_sockaddr2host(&remote.sa, localp->len);
                 if (!remote_hostname) {
                         bb_error_msg("warning: cannot look up hostname for %s", remote_ip);
                         remote_hostname = (char*)"";
@@ -176,15 +173,15 @@ int udpsvd_main(int argc, char **argv)
 
         if (verbose) {
 #if 0
-                out("udpsvd: info: ");
+                out("%s: info: ", applet_name);
                 switch(ac) {
                 case IPSVD_DENY: out("deny "); break;
                 case IPSVD_DEFAULT: case IPSVD_INSTRUCT: out("start "); break;
                 case IPSVD_EXEC: out("exec "); break;
                 }
 #endif
-                printf("udpsvd: info: %u %s:%s :%s:%s:%u\n",
-                                pid, local_hostname, local_ip,
+                printf("%s: info: %u %s:%s :%s:%s:%u\n",
+                                applet_name, pid, local_hostname, local_ip,
                                 remote_hostname, remote_ip, remote_port);
 #if 0
                 if (instructs) {
@@ -202,7 +199,7 @@ int udpsvd_main(int argc, char **argv)
 
 #if 0
         if (ac == IPSVD_DENY) {
-                recv(s, 0, 0, 0);
+                recv(0, 0, 0, 0);
                 _exit(100);
         }
         if (ac == IPSVD_EXEC) {
@@ -213,14 +210,98 @@ int udpsvd_main(int argc, char **argv)
                 run = args;
         } else run = prog;
 #endif
-
-        xmove_fd(sock, 0);
+        /* Make plain write(1) work for the child by supplying default
+         * destination address */
+        xconnect(0, &remote.sa, localp->len);
         dup2(0, 1);
 
         signal(SIGTERM, SIG_DFL);
         signal(SIGPIPE, SIG_DFL);
-        argv += 2;
 
+        argv += 2;
         BB_EXECVP(argv[0], argv);
         bb_perror_msg_and_die("exec '%s'", argv[0]);
 }
+
+/*
+udpsvd [-hpvv] [-u user] [-l name] [-i dir|-x cdb] [-t sec] host port prog
+
+udpsvd creates an UDP/IP socket, binds it to the address host:port,
+and listens on the socket for incoming datagrams.
+
+If a datagram is available on the socket, udpsvd conditionally starts
+a program, with standard input reading from the socket, and standard
+output redirected to standard error, to handle this, and possibly
+more datagrams. udpsvd does not start the program if another program
+that it has started before still is running. If the program exits,
+udpsvd again listens to the socket until a new datagram is available.
+If there are still datagrams available on the socket, the program
+is restarted immediately.
+
+udpsvd optionally checks for special intructions depending on
+the IP address or hostname of the client sending the datagram which
+not yet was handled by a running program, see ipsvd-instruct(5)
+for details.
+
+Attention:
+UDP is a connectionless protocol. Most programs that handle user datagrams,
+such as talkd(8), keep running after receiving a datagram, and process
+subsequent datagrams sent to the socket until a timeout is reached.
+udpsvd only checks special instructions for a datagram that causes a startup
+of the program; not if a program handling datagrams already is running.
+It doesn't make much sense to restrict access through special instructions
+when using such a program.
+
+On the other hand, it makes perfectly sense with programs like tftpd(8),
+that fork to establish a separate connection to the client when receiving
+the datagram. In general it's adequate to set up special instructions for
+programs that support being run by tcpwrapper.
+Options
+
+host
+    host either is a hostname, or a dotted-decimal IP address, or 0.
+    If host is 0, udpsvd accepts datagrams to any local IP address.
+port
+    udpsvd accepts datagrams to host:port. port may be a name from
+    /etc/services or a number.
+prog
+    prog consists of one or more arguments. udpsvd normally runs prog
+    to handle a datagram, and possibly more, that is sent to the socket,
+    if there is no program that was started before by udpsvd still running
+    and handling datagrams.
+-i dir
+    read instructions for handling new connections from the instructions
+    directory dir. See ipsvd-instruct(5) for details.
+-x cdb
+    read instructions for handling new connections from the constant
+    database cdb. The constant database normally is created from
+    an instructions directory by running ipsvd-cdb(8).
+-t sec
+    timeout. This option only takes effect if the -i option is given.
+    While checking the instructions directory, check the time of last
+    access of the file that matches the clients address or hostname if any,
+    discard and remove the file if it wasn't accessed within the last
+    sec seconds; udpsvd does not discard or remove a file if the user's
+    write permission is not set, for those files the timeout is disabled.
+    Default is 0, which means that the timeout is disabled.
+-l name
+    local hostname. Do not look up the local hostname in DNS, but use name
+    as hostname. By default udpsvd looks up the local hostname once at startup.
+-u user[:group]
+    drop permissions. Switch user ID to user's UID, and group ID to user's
+    primary GID after creating and binding to the socket. If user
+    is followed by a colon and a group name, the group ID is switched
+    to the GID of group instead. All supplementary groups are removed.
+-h
+    Look up the client's hostname in DNS.
+-p
+    paranoid. After looking up the client's hostname in DNS, look up
+    the IP addresses in DNS for that hostname, and forget the hostname
+    if none of the addresses match the client's IP address. You should
+    set this option if you use hostname based instructions. The -p option
+    implies the -h option.
+-v
+    verbose. Print verbose messages to standard output.
+-vv
+    more verbose. Print more verbose messages to standard output.
+*/