ipsvd: make udpsvd work similar to tcpsvd (multiple parallel

children for several streams of udp packets tested to work)
code size: -509 bytes


git-svn-id: svn://busybox.net/trunk/busybox@18316 69ca8d6d-28ef-0310-b511-8ec308f3f277

3 files changed, 131 insertions, 335 deletions

diff --git a/include/applets.h b/include/applets.h
index 386f4b110..00d3aee1e 100644
--- a/include/applets.h
+++ b/include/applets.h
@@ -132,8 +132,8 @@ USE_FSCK(APPLET(fsck, _BB_DIR_SBIN, _BB_SUID_NEVER))
 //USE_E2FSCK(APPLET_NOUSAGE(fsck.ext2, e2fsck, _BB_DIR_SBIN, _BB_SUID_NEVER))
 //USE_E2FSCK(APPLET_NOUSAGE(fsck.ext3, e2fsck, _BB_DIR_SBIN, _BB_SUID_NEVER))
 USE_FSCK_MINIX(APPLET_ODDNAME(fsck.minix, fsck_minix, _BB_DIR_SBIN, _BB_SUID_NEVER, fsck_minix))
-USE_FTPGET(APPLET_ODDNAME(ftpget, ftpgetput, _BB_DIR_USR_BIN, _BB_SUID_NEVER,ftpget))
-USE_FTPPUT(APPLET_ODDNAME(ftpput, ftpgetput, _BB_DIR_USR_BIN, _BB_SUID_NEVER,ftpput))
+USE_FTPGET(APPLET_ODDNAME(ftpget, ftpgetput, _BB_DIR_USR_BIN, _BB_SUID_NEVER, ftpget))
+USE_FTPPUT(APPLET_ODDNAME(ftpput, ftpgetput, _BB_DIR_USR_BIN, _BB_SUID_NEVER, ftpput))
 USE_FUSER(APPLET(fuser, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
 USE_GETENFORCE(APPLET(getenforce, _BB_DIR_USR_SBIN, _BB_SUID_NEVER))
 USE_GETOPT(APPLET(getopt, _BB_DIR_BIN, _BB_SUID_NEVER))
@@ -293,7 +293,7 @@ USE_SYSLOGD(APPLET(syslogd, _BB_DIR_SBIN, _BB_SUID_NEVER))
 USE_TAIL(APPLET(tail, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
 USE_TAR(APPLET(tar, _BB_DIR_BIN, _BB_SUID_NEVER))
 USE_TASKSET(APPLET(taskset, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
-USE_TCPSVD(APPLET(tcpsvd, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
+USE_TCPSVD(APPLET_ODDNAME(tcpsvd, tcpudpsvd, _BB_DIR_USR_BIN, _BB_SUID_NEVER, tcpsvd))
 USE_TEE(APPLET(tee, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
 USE_TELNET(APPLET(telnet, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
 USE_TELNETD(APPLET(telnetd, _BB_DIR_USR_SBIN, _BB_SUID_NEVER))
@@ -311,7 +311,7 @@ USE_TTY(APPLET(tty, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
 //USE_TUNE2FS(APPLET(tune2fs, _BB_DIR_SBIN, _BB_SUID_NEVER))
 USE_APP_UDHCPC(APPLET(udhcpc, _BB_DIR_SBIN, _BB_SUID_NEVER))
 USE_APP_UDHCPD(APPLET(udhcpd, _BB_DIR_USR_SBIN, _BB_SUID_NEVER))
-USE_UDPSVD(APPLET(udpsvd, _BB_DIR_USR_BIN, _BB_SUID_NEVER))
+USE_UDPSVD(APPLET_ODDNAME(udpsvd, tcpudpsvd, _BB_DIR_USR_BIN, _BB_SUID_NEVER, udpsvd))
 USE_UMOUNT(APPLET(umount, _BB_DIR_BIN, _BB_SUID_NEVER))
 USE_UNAME(APPLET(uname, _BB_DIR_BIN, _BB_SUID_NEVER))
 USE_UNCOMPRESS(APPLET(uncompress, _BB_DIR_BIN, _BB_SUID_NEVER))
diff --git a/include/usage.h b/include/usage.h
index bab14f5c3..5f1bf24cb 100644
--- a/include/usage.h
+++ b/include/usage.h
@@ -3331,7 +3331,7 @@ USE_FEATURE_RUN_PARTS_FANCY("\n	-l	Prints names of all matching files even when
 /*     "[-hpEvv] [-c n] [-C n:msg] [-b n] [-u user] [-l name] [-i dir|-x cdb] [ -t sec] ip port prog..." */
 #define tcpsvd_full_usage \
        "Creates TCP socket, binds it to host:port and listens on in\n" \
-       "for incoming connections. For each connection it runs prog" \
+       "for incoming connections. For each connection it runs prog." \
      "\n" \
      "\nip              IP to listen on. '0' = all" \
      "\nport            Port to listen on" \
@@ -3339,27 +3339,29 @@ USE_FEATURE_RUN_PARTS_FANCY("\n	-l	Prints names of all matching files even when
      "\n-l name         Local hostname (else looks up local hostname in DNS)" \
      "\n-u user[:group] Change to user/group after bind" \
      "\n-c n            Handle up to n connections simultaneously" \
+     "\n-b n            Allow a backlog of approximately n TCP SYNs" \
      "\n-C n[:msg]      Allow only up to n connections from the same IP" \
      "\n                New connections from this IP address are closed" \
      "\n                immediately. 'msg' is written to the peer before close" \
      "\n-h              Look up peer's hostname" \
-     "\n-b n            Allow a backlog of approximately n TCP SYNs" \
      "\n-E              Do not set up TCP-related environment variables" \
      "\n-v              Verbose"
 
 #define udpsvd_trivial_usage \
-       "[-hv] [-u user] [-l name] host port prog"
+       "[-hEv] [-u user] [-l name] host port prog"
 #define udpsvd_full_usage \
        "Creates UDP socket, binds it to host:port and listens on in\n" \
-       "for incoming packets. When packet arrives it runs prog.\n" \
-       "When prog exits, it start to listen on the socket again" \
+       "for incoming packets. For each packet it runs prog\n" \
+       "(redirecting all further packets with same peer ip:port to it)." \
      "\n" \
      "\nip              IP to listen on. '0' = all" \
      "\nport            Port to listen on" \
      "\nprog [arg]      Program to run" \
      "\n-l name         Local hostname (else looks up local hostname in DNS)" \
      "\n-u user[:group] Change to user/group after bind" \
+     "\n-c n            Handle up to n connections simultaneously" \
      "\n-h              Look up peer's hostname" \
+     "\n-E              Do not set up TCP-related environment variables" \
      "\n-v              Verbose"
 
 #define tftp_trivial_usage \
diff --git a/ipsvd/tcpudp.c b/ipsvd/tcpudp.c
index 419551d8d..6e8ec323c 100644
--- a/ipsvd/tcpudp.c
+++ b/ipsvd/tcpudp.c
@@ -7,12 +7,51 @@
  * Licensed under GPLv2, see file LICENSE in this tarball for details.
  */
 
-/* TCP and UDP server are using a lot of same string constants
- * We reuse them by keeping both in one source file */
+/* Based on ipsvd ipsvd-0.12.1. This tcpsvd accepts all options
+ * which are supported by one from ipsvd-0.12.1, but not all are
+ * functional. See help text at the end of this file for details.
+ *
+ * Code inside "#ifdef SSLSVD" is for sslsvd and is currently unused.
+ *
+ * Output of verbose mode matches original (modulo bugs and
+ * unimplemented stuff). Unnatural splitting of IP and PORT
+ * is retained (personally I prefer one-value "IP:PORT" notation -
+ * it is a natural string representation of struct sockaddr_XX).
+ *
+ * TCPORIGDST{IP,PORT} is busybox-specific addition
+ *
+ * udp server is hacked up by reusing TCP code. It has the following
+ * limitation inherent in Unix DGRAM sockets implementation:
+ * - local IP address is reptrieved (using recvmsg voodoo) but
+ *   child's socket is not bound to it (bind cannot be called on
+ *   already bound socket). Thus you still can get outgoing packets
+ *   with wrong sorce IP...
+ * - don't know how to retrieve ORIGDST for udp.
+ */
+
+#include <limits.h>
+#include <linux/netfilter_ipv4.h> /* wants <limits.h> */
 
 #include "busybox.h"
 
+#include "udp_io.c"
+#include "ipsvd_perhost.h"
+
+#ifdef SSLSVD
+#include "matrixSsl.h"
+#include "ssl_io.h"
+#endif
+
 static unsigned verbose;
+static unsigned max_per_host;
+static unsigned cur_per_host;
+static unsigned cnum;
+static unsigned cmax = 30;
+
+static void xsetenv_proto(const char *proto, const char *n, const char *v)
+{
+        putenv(xasprintf("%s%s=%s", proto, n, v));
+}
 
 static void sig_term_handler(int sig)
 {
@@ -38,287 +77,6 @@ static void print_waitstat(unsigned pid, int wstat)
         printf("%s: info: end %d %s %d\n", applet_name, pid, cause, e);
 }
 
-
-#if ENABLE_UDPSVD
-/* Based on ipsvd ipsvd-0.12.1. This udpsvd accepts all options
- * which are supported by one from ipsvd-0.12.1, but not all are
- * functional. See help text at the end of this file for details.
- *
- * Output of verbose mode matches original (modulo bugs and
- * unimplemented stuff). Unnatural splitting of IP and PORT
- * is retained (personally I prefer one-value "IP:PORT" notation -
- * it is a natural string representation of struct sockaddr_XX).
- */
-
-#include "udp_io.c"
-
-int udpsvd_main(int argc, char **argv);
-int udpsvd_main(int argc, char **argv)
-{
-        const char *instructs;
-        char *str_t, *user;
-        unsigned opt;
-
-        char *remote_hostname = (char*)""; /* used if no -h */
-        char *local_hostname = NULL;
-        char *remote_ip;
-        char *local_ip;// = local_ip; /* gcc */
-        uint16_t local_port, remote_port;
-        len_and_sockaddr remote;
-        len_and_sockaddr *localp;
-        int wstat;
-        unsigned pid;
-        struct bb_uidgid_t ugid;
-
-        enum {
-                OPT_v = (1 << 0),
-                OPT_u = (1 << 1),
-                OPT_l = (1 << 2),
-                OPT_h = (1 << 3),
-                OPT_p = (1 << 4),
-                OPT_i = (1 << 5),
-                OPT_x = (1 << 6),
-                OPT_t = (1 << 7),
-        };
-
-        opt_complementary = "-3:ph:vv";
-        opt = getopt32(argc, argv, "vu:l:hpi:x:t:",
-                        &user, &local_hostname, &instructs, &instructs, &str_t, &verbose);
-        if (opt & OPT_u) {
-                if (!get_uidgid(&ugid, user, 1))
-                        bb_error_msg_and_die("unknown user/group: %s", user);
-        }
-        argv += optind;
-        if (!argv[0][0] || LONE_CHAR(argv[0], '0'))
-                argv[0] = (char*)"0.0.0.0";
-
-        /* stdout is used for logging, don't buffer */
-        setlinebuf(stdout);
-        bb_sanitize_stdio(); /* fd# 1,2 must be opened */
-
-        signal(SIGTERM, sig_term_handler);
-        signal(SIGPIPE, SIG_IGN);
-
-        local_port = bb_lookup_port(argv[1], "udp", 0);
-        localp = xhost2sockaddr(argv[0], local_port);
-        /* fd #0 is the open UDP socket */
-        xmove_fd(xsocket(localp->sa.sa_family, SOCK_DGRAM, 0), 0);
-        setsockopt_reuseaddr(0); /* crucial */
-        xbind(0, &localp->sa, localp->len);
-        socket_want_pktinfo(0); /* needed for recv_from_to to work */
-
-        if (opt & OPT_u) { /* drop permissions */
-                xsetgid(ugid.gid);
-                xsetuid(ugid.uid);
-        }
-
-        if (verbose) {
-                /* we do it only for ":port" cosmetics... oh well */
-                char *addr = xmalloc_sockaddr2dotted(&localp->sa, localp->len);
-
-                printf("%s: info: listening on %s", applet_name, addr);
-                free(addr);
-                if (option_mask32 & OPT_u)
-                        printf(", uid %u, gid %u",
-                                (unsigned)ugid.uid, (unsigned)ugid.gid);
-                puts(", starting");
-        }
-
- again:
-        /* if (recvfrom(0, NULL, 0, MSG_PEEK, &remote.sa, &localp->len) < 0) { */
-        if (recv_from_to(0, NULL, 0, MSG_PEEK, &remote.sa, &localp->sa, localp->len) < 0) {
-                bb_perror_msg("recvfrom");
-                goto again;
-        }
-
-        while ((pid = fork()) < 0) {
-                bb_perror_msg("fork failed, sleeping");
-                sleep(5);
-        }
-        if (pid > 0) { /* parent */
-                while (wait_pid(&wstat, pid) < 0)
-                        bb_perror_msg("error waiting for child");
-                if (verbose)
-                        print_waitstat(pid, wstat);
-                goto again;
-        }
-
-        /* Child */
-
-        if (verbose) {
-                remote_ip = xmalloc_sockaddr2dotted_noport(&remote.sa, localp->len);
-                local_ip = xmalloc_sockaddr2dotted_noport(&localp->sa, localp->len);
-
-                pid = getpid();
-                printf("%s: info: pid %u from %s\n", applet_name, pid, remote_ip);
-
-                if (!local_hostname) {
-                        local_hostname = xmalloc_sockaddr2host_noport(&localp->sa, localp->len);
-                        if (!local_hostname)
-                                bb_error_msg_and_die("cannot look up local hostname for %s", local_ip);
-                }
-                if (opt & OPT_h) {
-                        remote_hostname = xmalloc_sockaddr2host(&remote.sa, localp->len);
-                        if (!remote_hostname) {
-                                bb_error_msg("warning: cannot look up hostname for %s", remote_ip);
-                                remote_hostname = (char*)"";
-                        }
-                }
-
-                remote_port = get_nport(&remote.sa);
-                remote_port = ntohs(remote_port);
-                printf("%s: info: %u %s:%s :%s:%s:%u\n",
-                                applet_name, pid, local_hostname, local_ip,
-                                remote_hostname, remote_ip, remote_port);
-        }
-
-        /* Doesn't work:
-         * we cannot replace fd #0 - we will lose pending packet
-         * which is already buffered for us! And we cannot use fd #1
-         * instead - it will "intercept" all following packets, but child
-         * do not expect data coming *from fd #1*! */
-#if 0
-        /* Make it so that local addr is fixed to localp->sa
-         * and we don't accidentally accept packets to other local IPs. */
-        /* NB: we possibly bind to the _very_ same_ address & port as the one
-         * already bound in parent! This seems to work in Linux.
-         * (otherwise we can move socket to fd #0 only if bind succeeds) */
-        close(0);
-        set_nport(localp, htons(local_port));
-        xmove_fd(xsocket(localp->sa.sa_family, SOCK_DGRAM, 0), 0);
-        setsockopt_reuseaddr(0); /* crucial */
-        xbind(0, &localp->sa, localp->len);
-#endif
-
-        /* Make plain write to fd #1 work for the child by supplying default
-         * destination address. This also restricts incoming packets
-         * to ones coming from this remote IP. */
-        xconnect(0, &remote.sa, localp->len);
-        dup2(0 ,1);
-
-        signal(SIGTERM, SIG_DFL);
-        signal(SIGPIPE, SIG_DFL);
-
-        argv += 2;
-        BB_EXECVP(argv[0], argv);
-        bb_perror_msg_and_die("exec '%s'", argv[0]);
-}
-
-
-/*
-udpsvd [-hpvv] [-u user] [-l name] [-i dir|-x cdb] [-t sec] host port prog
-
-udpsvd creates an UDP/IP socket, binds it to the address host:port,
-and listens on the socket for incoming datagrams.
-
-If a datagram is available on the socket, udpsvd conditionally starts
-a program, with standard input reading from the socket, and standard
-output redirected to standard error, to handle this, and possibly
-more datagrams. udpsvd does not start the program if another program
-that it has started before still is running. If the program exits,
-udpsvd again listens to the socket until a new datagram is available.
-If there are still datagrams available on the socket, the program
-is restarted immediately.
-
-udpsvd optionally checks for special intructions depending on
-the IP address or hostname of the client sending the datagram which
-not yet was handled by a running program, see ipsvd-instruct(5)
-for details.
-
-Attention:
-UDP is a connectionless protocol. Most programs that handle user datagrams,
-such as talkd(8), keep running after receiving a datagram, and process
-subsequent datagrams sent to the socket until a timeout is reached.
-udpsvd only checks special instructions for a datagram that causes a startup
-of the program; not if a program handling datagrams already is running.
-It doesn't make much sense to restrict access through special instructions
-when using such a program.
-
-On the other hand, it makes perfectly sense with programs like tftpd(8),
-that fork to establish a separate connection to the client when receiving
-the datagram. In general it's adequate to set up special instructions for
-programs that support being run by tcpwrapper.
-Options
-
-host
-    host either is a hostname, or a dotted-decimal IP address, or 0.
-    If host is 0, udpsvd accepts datagrams to any local IP address.
-port
-    udpsvd accepts datagrams to host:port. port may be a name from
-    /etc/services or a number.
-prog
-    prog consists of one or more arguments. udpsvd normally runs prog
-    to handle a datagram, and possibly more, that is sent to the socket,
-    if there is no program that was started before by udpsvd still running
-    and handling datagrams.
--i dir
-    read instructions for handling new connections from the instructions
-    directory dir. See ipsvd-instruct(5) for details.
--x cdb
-    read instructions for handling new connections from the constant
-    database cdb. The constant database normally is created from
-    an instructions directory by running ipsvd-cdb(8).
--t sec
-    timeout. This option only takes effect if the -i option is given.
-    While checking the instructions directory, check the time of last
-    access of the file that matches the clients address or hostname if any,
-    discard and remove the file if it wasn't accessed within the last
-    sec seconds; udpsvd does not discard or remove a file if the user's
-    write permission is not set, for those files the timeout is disabled.
-    Default is 0, which means that the timeout is disabled.
--l name
-    local hostname. Do not look up the local hostname in DNS, but use name
-    as hostname. By default udpsvd looks up the local hostname once at startup.
--u user[:group]
-    drop permissions. Switch user ID to user's UID, and group ID to user's
-    primary GID after creating and binding to the socket. If user
-    is followed by a colon and a group name, the group ID is switched
-    to the GID of group instead. All supplementary groups are removed.
--h
-    Look up the client's hostname in DNS.
--p
-    paranoid. After looking up the client's hostname in DNS, look up
-    the IP addresses in DNS for that hostname, and forget the hostname
-    if none of the addresses match the client's IP address. You should
-    set this option if you use hostname based instructions. The -p option
-    implies the -h option.
--v
-    verbose. Print verbose messages to standard output.
--vv
-    more verbose. Print more verbose messages to standard output.
-*/
-#endif
-
-
-#if ENABLE_TCPSVD
-/* Based on ipsvd ipsvd-0.12.1. This tcpsvd accepts all options
- * which are supported by one from ipsvd-0.12.1, but not all are
- * functional. See help text at the end of this file for details.
- *
- * Code inside "#ifdef SSLSVD" is for sslsvd and is currently unused.
- *
- * Output of verbose mode matches original (modulo bugs and
- * unimplemented stuff). Unnatural splitting of IP and PORT
- * is retained (personally I prefer one-value "IP:PORT" notation -
- * it is a natural string representation of struct sockaddr_XX).
- *
- * TCPORIGDST{IP,PORT} is busybox-specific addition
- */
-
-#include <limits.h>
-#include <linux/netfilter_ipv4.h> /* wants <limits.h> */
-#include "ipsvd_perhost.h"
-
-#ifdef SSLSVD
-#include "matrixSsl.h"
-#include "ssl_io.h"
-#endif
-
-static unsigned max_per_host; /* originally in ipsvd_check.c */
-static unsigned cur_per_host;
-static unsigned cnum;
-static unsigned cmax = 30;
-
 /* Must match getopt32 in main! */
 enum {
         OPT_c = (1 << 0),
@@ -342,7 +100,9 @@ enum {
 
 static void connection_status(void)
 {
-        printf("%s: info: status %u/%u\n", applet_name, cnum, cmax);
+        /* UDP and "only 1 client max" TCP don't need this */
+        if (cmax > 1)
+                printf("%s: info: status %u/%u\n", applet_name, cnum, cmax);
 }
 
 static void sig_child_handler(int sig)
@@ -362,8 +122,8 @@ static void sig_child_handler(int sig)
                 connection_status();
 }
 
-int tcpsvd_main(int argc, char **argv);
-int tcpsvd_main(int argc, char **argv)
+int tcpudpsvd_main(int argc, char **argv);
+int tcpudpsvd_main(int argc, char **argv)
 {
         char *str_c, *str_C, *str_b, *str_t;
         char *user;
@@ -372,11 +132,13 @@ int tcpsvd_main(int argc, char **argv)
         char *msg_per_host = NULL;
         unsigned len_per_host = len_per_host; /* gcc */
         int need_hostnames, need_remote_ip;
+        int tcp;
         int pid;
         int sock;
         int conn;
         unsigned backlog = 20;
         len_and_sockaddr *lsa;
+        len_and_sockaddr local, remote;
         uint16_t local_port;
         uint16_t remote_port = remote_port; /* gcc */
         char *local_hostname = NULL;
@@ -386,6 +148,7 @@ int tcpsvd_main(int argc, char **argv)
 #ifndef SSLSVD
         struct bb_uidgid_t ugid;
 #endif
+        tcp = (applet_name[0] == 't');
 
         /* 3+ args, -i at most once, -p implies -h, -v is counter */
         opt_complementary = "-3:?:i--i:ph:vv";
@@ -420,18 +183,22 @@ int tcpsvd_main(int argc, char **argv)
         if (option_mask32 & OPT_b)
                 backlog = xatou(str_b);
 #ifdef SSLSVD
-        if (option_mask32 & OPT_U) ssluser = (char*)optarg; break;
-        if (option_mask32 & OPT_slash) root = (char*)optarg; break;
-        if (option_mask32 & OPT_Z) cert = (char*)optarg; break;
-        if (option_mask32 & OPT_K) key = (char*)optarg; break;
+        if (option_mask32 & OPT_U) ssluser = optarg;
+        if (option_mask32 & OPT_slash) root = optarg;
+        if (option_mask32 & OPT_Z) cert = optarg;
+        if (option_mask32 & OPT_K) key = optarg;
 #endif
         argv += optind;
         if (!argv[0][0] || LONE_CHAR(argv[0], '0'))
                 argv[0] = (char*)"0.0.0.0";
 
+        /* Per-IP flood protection is not thought-out for UDP */
+        if (!tcp)
+                max_per_host = 0;
+
         /* stdout is used for logging, don't buffer */
         setlinebuf(stdout);
-        bb_sanitize_stdio(); /* fd# 1,2 must be opened */
+        bb_sanitize_stdio(); /* fd# 0,1,2 must be opened */
 
         need_hostnames = verbose || !(option_mask32 & OPT_E);
         need_remote_ip = max_per_host || need_hostnames;
@@ -473,12 +240,15 @@ int tcpsvd_main(int argc, char **argv)
         if (max_per_host)
                 ipsvd_perhost_init(cmax);
 
-        local_port = bb_lookup_port(argv[1], "tcp", 0);
+        local_port = bb_lookup_port(argv[1], tcp ? "tcp" : "udp", 0);
         lsa = xhost2sockaddr(argv[0], local_port);
-        sock = xsocket(lsa->sa.sa_family, SOCK_STREAM, 0);
-        setsockopt_reuseaddr(sock); /* desirable */
+        sock = xsocket(lsa->sa.sa_family, tcp ? SOCK_STREAM : SOCK_DGRAM, 0);
+        setsockopt_reuseaddr(sock);
         xbind(sock, &lsa->sa, lsa->len);
-        xlisten(sock, backlog);
+        if (tcp)
+                xlisten(sock, backlog);
+        else /* udp: needed for recv_from_to to work: */
+                socket_want_pktinfo(sock);
         /* ndelay_off(sock); - it is the default I think? */
 
 #ifndef SSLSVD
@@ -503,7 +273,7 @@ int tcpsvd_main(int argc, char **argv)
                 puts(", starting");
         }
 
-        /* The rest is a main accept() loop */
+        /* Main accept() loop */
 
  again:
         hccp = NULL;
@@ -516,19 +286,23 @@ int tcpsvd_main(int argc, char **argv)
         close(0);
  again2:
         sig_unblock(SIGCHLD);
-        conn = accept(sock, &lsa->sa, &lsa->len);
+        if (tcp) {
+                remote.len = lsa->len;
+                conn = accept(sock, &remote.sa, &remote.len);
+        } else
+                conn = recv_from_to(sock, NULL, 0, MSG_PEEK, &remote.sa, &local.sa, lsa->len);
         sig_block(SIGCHLD);
         if (conn < 0) {
                 if (errno != EINTR)
-                        bb_perror_msg("accept");
+                        bb_perror_msg(tcp ? "accept" : "recv");
                 goto again2;
         }
-        xmove_fd(conn, 0);
+        xmove_fd(tcp ? conn : sock, 0);
 
         if (max_per_host) {
                 /* Drop connection immediately if cur_per_host > max_per_host
                  * (minimizing load under SYN flood) */
-                remote_ip = xmalloc_sockaddr2dotted_noport(&lsa->sa, lsa->len);
+                remote_ip = xmalloc_sockaddr2dotted_noport(&remote.sa, lsa->len);
                 cur_per_host = ipsvd_perhost_add(remote_ip, max_per_host, &hccp);
                 if (cur_per_host > max_per_host) {
                         /* ipsvd_perhost_add detected that max is exceeded
@@ -543,17 +317,33 @@ int tcpsvd_main(int argc, char **argv)
                 }
         }
 
-        cnum++;
-        if (verbose)
-                connection_status();
+        if (!tcp) {
+                /* Voodoo magic: making udp sockets each receive its own
+                 * packets is not trivial */
+
+                /* Make plain write work for this socket by supplying default
+                 * destination address. This also restricts incoming packets
+                 * to ones coming from this remote IP. */
+                xconnect(0, &remote.sa, lsa->len);
+                /* Open new non-connected UDP socket for further clients */
+                sock = xsocket(lsa->sa.sa_family, tcp ? SOCK_STREAM : SOCK_DGRAM, 0);
+                setsockopt_reuseaddr(sock);
+                xbind(sock, &lsa->sa, lsa->len);
+                socket_want_pktinfo(sock);
+        }
 
         pid = fork();
         if (pid == -1) {
                 bb_perror_msg("fork");
                 goto again;
         }
+
+
         if (pid != 0) {
                 /* parent */
+                cnum++;
+                if (verbose)
+                        connection_status();
                 if (hccp)
                         hccp->pid = pid;
                 goto again;
@@ -561,35 +351,38 @@ int tcpsvd_main(int argc, char **argv)
 
         /* Child: prepare env, log, and exec prog */
 
-        close(sock); /* listening socket */
-        /* Find out local IP peer connected to.
-         * Errors ignored (I'm not paranoid enough to imagine kernel
-         * which doesn't know local IP). */
-        getsockname(0, &lsa->sa, &lsa->len);
+        /* Closing tcp listening socket */
+        if (tcp)
+                close(sock);
 
         if (need_remote_ip) {
                 if (!max_per_host)
-                        remote_ip = xmalloc_sockaddr2dotted_noport(&lsa->sa, lsa->len);
+                        remote_ip = xmalloc_sockaddr2dotted_noport(&remote.sa, lsa->len);
                 /* else it is already done */
-                remote_port = get_nport(&lsa->sa);
+                remote_port = get_nport(&remote.sa);
                 remote_port = ntohs(remote_port);
         }
 
         if (need_hostnames) {
                 if (option_mask32 & OPT_h) {
-                        remote_hostname = xmalloc_sockaddr2host(&lsa->sa, lsa->len);
+                        remote_hostname = xmalloc_sockaddr2host(&remote.sa, lsa->len);
                         if (!remote_hostname) {
                                 bb_error_msg("warning: cannot look up hostname for %s", remote_ip);
                                 remote_hostname = (char*)"";
                         }
                 }
-                local_ip = xmalloc_sockaddr2dotted_noport(&lsa->sa, lsa->len);
-                local_port = get_nport(&lsa->sa);
+                /* Find out local IP peer connected to.
+                 * Errors ignored (I'm not paranoid enough to imagine kernel
+                 * which doesn't know local IP). */
+                if (tcp)
+                        getsockname(0, &local.sa, &local.len);
+                local_ip = xmalloc_sockaddr2dotted_noport(&local.sa, lsa->len);
+                local_port = get_nport(&local.sa);
                 local_port = ntohs(local_port);
                 if (!local_hostname) {
-                        local_hostname = xmalloc_sockaddr2host_noport(&lsa->sa, lsa->len);
+                        local_hostname = xmalloc_sockaddr2host_noport(&local.sa, lsa->len);
                         if (!local_hostname)
-                                bb_error_msg_and_die("cannot look up local hostname for %s", local_ip);
+                                bb_error_msg_and_die("warning: cannot look up hostname for %s"+9, local_ip);
                 }
         }
 
@@ -605,14 +398,16 @@ int tcpsvd_main(int argc, char **argv)
                         remote_hostname, remote_ip, (unsigned)remote_port);
         }
 
+// TODO: stop splitiing port# from IP?
         if (!(option_mask32 & OPT_E)) {
                 /* setup ucspi env */
+                const char *proto = tcp ? "TCP" : "UDP";
 
                 /* Extract "original" destination addr:port
                  * from Linux firewall. Useful when you redirect
                  * an outbond connection to local handler, and it needs
                  * to know where it originally tried to connect */
-                if (getsockopt(0, SOL_IP, SO_ORIGINAL_DST, &lsa->sa, &lsa->len) == 0) {
+                if (tcp && getsockopt(0, SOL_IP, SO_ORIGINAL_DST, &lsa->sa, &lsa->len) == 0) {
                         char *ip = xmalloc_sockaddr2dotted_noport(&lsa->sa, lsa->len);
                         unsigned port = get_nport(&lsa->sa);
                         port = ntohs(port);
@@ -620,18 +415,18 @@ int tcpsvd_main(int argc, char **argv)
                         xsetenv("TCPORIGDSTPORT", utoa(port));
                         free(ip);
                 }
-                xsetenv("PROTO", "TCP");
-                xsetenv("TCPLOCALIP", local_ip);
-                xsetenv("TCPLOCALPORT", utoa(local_port));
-                xsetenv("TCPLOCALHOST", local_hostname);
-                xsetenv("TCPREMOTEIP", remote_ip);
-                xsetenv("TCPREMOTEPORT", utoa(remote_port));
+                xsetenv("PROTO", proto);
+                xsetenv_proto(proto, "LOCALIP", local_ip);
+                xsetenv_proto(proto, "LOCALPORT", utoa(local_port));
+                xsetenv_proto(proto, "LOCALHOST", local_hostname);
+                xsetenv_proto(proto, "REMOTEIP", remote_ip);
+                xsetenv_proto(proto, "REMOTEPORT", utoa(remote_port));
                 if (option_mask32 & OPT_h) {
-                        xsetenv("TCPREMOTEHOST", remote_hostname);
+                        xsetenv_proto(proto, "REMOTEHOST", remote_hostname);
                 }
-                xsetenv("TCPREMOTEINFO", "");
+                xsetenv_proto(proto, "REMOTEINFO", "");
                 /* additional */
-                if (cur_per_host > 0)
+                if (cur_per_host > 0) /* can not be true for udp */
                         xsetenv("TCPCONCURRENCY", utoa(cur_per_host));
         }
 
@@ -747,4 +542,3 @@ prog
     more verbose. Print more verbose messages to standard output.
     * no difference between -v and -vv in busyboxed version
 */
-#endif