| | varnish-cache/lib/libvarnish/vsa.c |
0 |
|
/*- |
1 |
|
* Copyright (c) 2013-2015 Varnish Software AS |
2 |
|
* All rights reserved. |
3 |
|
* |
4 |
|
* Author: Poul-Henning Kamp <phk@phk.freebsd.dk> |
5 |
|
* |
6 |
|
* SPDX-License-Identifier: BSD-2-Clause |
7 |
|
* |
8 |
|
* Redistribution and use in source and binary forms, with or without |
9 |
|
* modification, are permitted provided that the following conditions |
10 |
|
* are met: |
11 |
|
* 1. Redistributions of source code must retain the above copyright |
12 |
|
* notice, this list of conditions and the following disclaimer. |
13 |
|
* 2. Redistributions in binary form must reproduce the above copyright |
14 |
|
* notice, this list of conditions and the following disclaimer in the |
15 |
|
* documentation and/or other materials provided with the distribution. |
16 |
|
* |
17 |
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
18 |
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
19 |
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
20 |
|
* ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE |
21 |
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
22 |
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
23 |
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
24 |
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
25 |
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
26 |
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
27 |
|
* SUCH DAMAGE. |
28 |
|
* |
29 |
|
* Struct sockaddr_* is not even close to a convenient API. |
30 |
|
* |
31 |
|
* These functions try to mitigate the madness, at the cost of actually |
32 |
|
* knowing something about address families. |
33 |
|
*/ |
34 |
|
|
35 |
|
#include "config.h" |
36 |
|
|
37 |
|
#include <string.h> |
38 |
|
#include <stdint.h> |
39 |
|
#include <stdlib.h> |
40 |
|
#include <sys/socket.h> |
41 |
|
#include <sys/un.h> |
42 |
|
#include <sys/types.h> |
43 |
|
#include <netinet/in.h> |
44 |
|
|
45 |
|
#include "vdef.h" |
46 |
|
#include "vas.h" |
47 |
|
#include "vsa.h" |
48 |
|
#include "miniobj.h" |
49 |
|
|
50 |
|
/* |
51 |
|
* Struct sockaddr{|_in|_in6|_storage} is absolutely the worst data |
52 |
|
* structure I have ever seen gold-plated in international standards. |
53 |
|
* |
54 |
|
* Network addresses have multiple different forms, many fewer today |
55 |
|
* than in last century, but imagine that in addition to IPv4 and IPv6 |
56 |
|
* we had 40 other protocols. Actually, you don't need to imagine that |
57 |
|
* just count the AF_* macros in /usr/include/sys/socket.h. |
58 |
|
* |
59 |
|
* So what do we pass the kernel API for an address to bind(2), connect(2) & |
60 |
|
* listen(2) etc. etc ? |
61 |
|
* |
62 |
|
* We could define a struct which is big enough to hold any and all |
63 |
|
* of these addresses. That would make it a fixed size argument. |
64 |
|
* obviously the struct would have to be something like: |
65 |
|
* struct bla { |
66 |
|
* int family; |
67 |
|
* char address[MAX_ADDR_LEN]; |
68 |
|
* } |
69 |
|
* and MAX_ADDR_LEN would have to be quite large, 128 byte or so. |
70 |
|
* |
71 |
|
* Back in last century that was TOTALLY unacceptable waste of space. |
72 |
|
* |
73 |
|
* The way which was chosen instead, was to make a "generic" address, |
74 |
|
* and have per protocol "specific" addresses, and pass the length |
75 |
|
* argument explicitly to the KPI functions. |
76 |
|
* |
77 |
|
* The generic address was called "struct sockaddr", and the specific |
78 |
|
* were called "struct sockaddr_${whatever}". All of these must have |
79 |
|
* a "family" field as first element, so the kernel can figure out |
80 |
|
* which protocol it is. |
81 |
|
* |
82 |
|
* The generic struct sockaddr was made big enough for all protocols |
83 |
|
* supported in the kernel, so it would have different sizes depending |
84 |
|
* on your machine and kernel configuration. |
85 |
|
* |
86 |
|
* However, that allowed you to write protocol-agnostic programs, by |
87 |
|
* using "struct sockaddr" throughout, and relying on libray APIs for |
88 |
|
* things like name to address (and vice versa) resolution, and since |
89 |
|
* nobody were in the business of shipping random UNIX binaries around |
90 |
|
* the lack of binary portability didn't matter. |
91 |
|
* |
92 |
|
* Along the way the BSD people figured out that it was a bother |
93 |
|
* to carry the length argument separately, and added that to the |
94 |
|
* format of sockaddr, but other groups found this unclean, as |
95 |
|
* the length was already an explicit parameter. |
96 |
|
* |
97 |
|
* The net result of this is that your "portable" code, must take |
98 |
|
* care to handle the "sa_len" member on kernels which have it, |
99 |
|
* while still tracking the separate length argument for all other |
100 |
|
* kernels. |
101 |
|
* |
102 |
|
* Needless to say, there were no neat #define to tell you which |
103 |
|
* was which, so each programmer found a different heuristic to |
104 |
|
* decide, often not understanding it fully, which caused the kind |
105 |
|
* of portability issues which lead to the autocrap tools. |
106 |
|
* |
107 |
|
* Then all the other protocols died, we were left with IP and |
108 |
|
* life were good, the dot-com madness multiplied the IT-business |
109 |
|
* by a factor 1000, by making any high-school student who had |
110 |
|
* programmed PERL for 6 weeks a "senior web-programmer". |
111 |
|
* |
112 |
|
* Next IPv6 happened, in a rush even, (no seriously, I'm not kidding!), |
113 |
|
* and since IPv6 addresses were HUGE, like 16 bytes HUGE, the generic |
114 |
|
* struct sockaddr was not increased in size. |
115 |
|
* |
116 |
|
* At least "not yet", because it would break all the shitty code written |
117 |
|
* by the dot-com generation. |
118 |
|
* |
119 |
|
* Nobody used IPv6 anyway so that didn't matter that much. |
120 |
|
* |
121 |
|
* Then people actually started using IPv6 and its struct sockaddr_in6, |
122 |
|
* and realized that all the code which used "struct sockaddr" to allocate |
123 |
|
* space at compile time were broken. |
124 |
|
* |
125 |
|
* Some people took to using sockaddr_in6, since that was known to |
126 |
|
* be big enough for both IPv4 and IPv6, but "purist" found that |
127 |
|
* ugly and "prone to future trouble". |
128 |
|
* |
129 |
|
* So instead they came up with a "clean solution": The added |
130 |
|
* "struct sockaddr_storage" which is defined to be "Large enough |
131 |
|
* to accommodate all supported protocol-specific address structures". |
132 |
|
* |
133 |
|
* Since we cannot possibly know what zany protocols will exist in |
134 |
|
* the future, and since some people think that we will add future |
135 |
|
* protocols, while retaining ABI compatibility, (totally overlooking |
136 |
|
* the fact that no code for name-resolution supports that) it is |
137 |
|
* usually defined so it can cope with 128 byte addresses. |
138 |
|
* |
139 |
|
* Does that ring a bell ? |
140 |
|
* |
141 |
|
* Only, not quite: Remember that all APIs require you to track |
142 |
|
* the address and the length separately, so you only get the |
143 |
|
* size of the specific protocols sockaddr_${whatever} from API |
144 |
|
* functions, not a full sockaddr_storage, and besides the |
145 |
|
* prototype for the KPI is still "struct sockaddr *", so you |
146 |
|
* cannot gain C type-safety back by using sockaddr_storage |
147 |
|
* as the "generic network address" type. |
148 |
|
* |
149 |
|
* So we have come full circle, while causing maximum havoc along |
150 |
|
* the way and for the forseeable future. |
151 |
|
* |
152 |
|
* Do I need to tell you that static code analysis tools have a |
153 |
|
* really hard time coping with this, and that they give a lot of |
154 |
|
* false negatives which confuse people ? |
155 |
|
* |
156 |
|
* I have decided to try to contain this crap in this single |
157 |
|
* source-file, with only minimum leakage into the rest of Varnish, |
158 |
|
* which will only know of pointers to "struct suckaddr", the naming |
159 |
|
* of which is my of the historical narrative above. |
160 |
|
* |
161 |
|
* And you don't need to take my word for this, you can see it all |
162 |
|
* in various #include files on your own system. If you are on |
163 |
|
* a Solaris derivative, don't miss the beautiful horror hidden in the |
164 |
|
* variant definition of IPv6 addresses between kernel and userland. |
165 |
|
* |
166 |
|
*/ |
167 |
|
|
168 |
|
struct suckaddr { |
169 |
|
unsigned magic; |
170 |
|
#define SUCKADDR_MAGIC 0x4b1e9335 |
171 |
|
union { |
172 |
|
struct sockaddr sa; |
173 |
|
struct sockaddr_in sa4; |
174 |
|
struct sockaddr_in6 sa6; |
175 |
|
} u; |
176 |
|
}; |
177 |
|
|
178 |
|
const size_t vsa_suckaddr_len = sizeof(struct suckaddr); |
179 |
|
|
180 |
|
/* |
181 |
|
* Bogus IPv4 address 0.0.0.0:0 to be used for VCL *.ip variables when the |
182 |
|
* "real" address is not IP (such as UDS addresses). |
183 |
|
*/ |
184 |
|
static struct suckaddr bogo_ip_vsa; |
185 |
|
const struct suckaddr *bogo_ip = &bogo_ip_vsa; |
186 |
|
/* same in IPv6 */ |
187 |
|
static struct suckaddr bogo_ip6_vsa; |
188 |
|
const struct suckaddr *bogo_ip6 = &bogo_ip6_vsa; |
189 |
|
|
190 |
|
void |
191 |
39600 |
VSA_Init(void) |
192 |
|
{ |
193 |
39600 |
AN(VSA_BuildFAP(&bogo_ip_vsa, PF_INET, NULL, 0, NULL, 0)); |
194 |
39600 |
AN(VSA_BuildFAP(&bogo_ip6_vsa, PF_INET6, NULL, 0, NULL, 0)); |
195 |
39600 |
} |
196 |
|
|
197 |
|
/* |
198 |
|
* This VRT interface is for the VCC generated ACL code, which needs |
199 |
|
* to know the address family and a pointer to the actual address. |
200 |
|
*/ |
201 |
|
|
202 |
|
int |
203 |
3863560 |
VSA_GetPtr(const struct suckaddr *sua, const unsigned char ** dst) |
204 |
|
{ |
205 |
|
|
206 |
3863560 |
AN(dst); |
207 |
3863560 |
if (sua == NULL) |
208 |
0 |
return (-1); |
209 |
3863560 |
CHECK_OBJ_NOTNULL(sua, SUCKADDR_MAGIC); |
210 |
|
|
211 |
3863560 |
switch (sua->u.sa.sa_family) { |
212 |
|
case PF_INET: |
213 |
9200 |
assert(sua->u.sa.sa_family == sua->u.sa4.sin_family); |
214 |
9200 |
*dst = (const unsigned char *)&sua->u.sa4.sin_addr; |
215 |
9200 |
return (sua->u.sa4.sin_family); |
216 |
|
case PF_INET6: |
217 |
3854360 |
assert(sua->u.sa.sa_family == sua->u.sa6.sin6_family); |
218 |
3854360 |
*dst = (const unsigned char *)&sua->u.sa6.sin6_addr; |
219 |
3854360 |
return (sua->u.sa6.sin6_family); |
220 |
|
default: |
221 |
0 |
*dst = NULL; |
222 |
0 |
return (-1); |
223 |
|
} |
224 |
3863560 |
} |
225 |
|
|
226 |
|
/* |
227 |
|
* Return the size of a struct sockaddr in a struck suckaddr |
228 |
|
* or 0 if unknown family |
229 |
|
*/ |
230 |
|
static inline |
231 |
6473763 |
socklen_t sua_len(const struct sockaddr *sa) |
232 |
|
{ |
233 |
|
|
234 |
6473763 |
switch (sa->sa_family) { |
235 |
|
case PF_INET: |
236 |
2363483 |
return (sizeof(struct sockaddr_in)); |
237 |
|
case PF_INET6: |
238 |
4110240 |
return (sizeof(struct sockaddr_in6)); |
239 |
|
case AF_UNIX: |
240 |
40 |
return (sizeof(struct sockaddr_un)); |
241 |
|
default: |
242 |
0 |
return (0); |
243 |
|
} |
244 |
6473763 |
} |
245 |
|
|
246 |
|
/* |
247 |
|
* Malloc a suckaddr from a sockaddr of some kind. |
248 |
|
*/ |
249 |
|
|
250 |
|
const struct suckaddr * |
251 |
455677 |
VSA_Malloc(const void *s, unsigned sal) |
252 |
|
{ |
253 |
|
|
254 |
455677 |
return (VSA_Build(NULL, s, sal)); |
255 |
|
} |
256 |
|
|
257 |
|
/* |
258 |
|
* 'd' SHALL point to vsa_suckaddr_len aligned bytes of storage |
259 |
|
* |
260 |
|
* fam: address family |
261 |
|
* a / al : address and length |
262 |
|
* p / pl : port and length |
263 |
|
* |
264 |
|
* NULL or 0 length argument are ignored. |
265 |
|
* argument of the wrong length are an error (NULL return value, EINVAL) |
266 |
|
*/ |
267 |
|
const struct suckaddr * |
268 |
81640 |
VSA_BuildFAP(void *d, sa_family_t fam, const void *a, unsigned al, |
269 |
|
const void *p, unsigned pl) |
270 |
|
{ |
271 |
|
struct sockaddr_in sin4; |
272 |
|
struct sockaddr_in6 sin6; |
273 |
|
|
274 |
81640 |
switch (fam) { |
275 |
|
case PF_INET: |
276 |
41520 |
memset(&sin4, 0, sizeof sin4); |
277 |
41520 |
sin4.sin_family = fam; |
278 |
41520 |
if (a != NULL && al > 0) { |
279 |
1920 |
if (al != sizeof(sin4.sin_addr)) |
280 |
0 |
break; |
281 |
1920 |
memcpy(&sin4.sin_addr, a, al); |
282 |
1920 |
} |
283 |
41520 |
if (p != NULL && pl > 0) { |
284 |
1680 |
if (pl != sizeof(sin4.sin_port)) |
285 |
0 |
break; |
286 |
1680 |
memcpy(&sin4.sin_port, p, pl); |
287 |
1680 |
} |
288 |
41520 |
return (VSA_Build(d, &sin4, sizeof sin4)); |
289 |
|
case PF_INET6: |
290 |
40120 |
memset(&sin6, 0, sizeof sin6); |
291 |
40120 |
sin6.sin6_family = fam; |
292 |
40120 |
if (a != NULL && al > 0) { |
293 |
520 |
if (al != sizeof(sin6.sin6_addr)) |
294 |
0 |
break; |
295 |
520 |
memcpy(&sin6.sin6_addr, a, al); |
296 |
520 |
} |
297 |
40120 |
if (p != NULL && pl > 0) { |
298 |
400 |
if (pl != sizeof(sin6.sin6_port)) |
299 |
0 |
break; |
300 |
400 |
memcpy(&sin6.sin6_port, p, pl); |
301 |
400 |
} |
302 |
40120 |
return (VSA_Build(d, &sin6, sizeof sin6)); |
303 |
|
default: |
304 |
0 |
errno = EAFNOSUPPORT; |
305 |
0 |
return (NULL); |
306 |
|
} |
307 |
0 |
errno = EINVAL; |
308 |
0 |
return (NULL); |
309 |
81640 |
} |
310 |
|
|
311 |
|
const struct suckaddr * |
312 |
616842 |
VSA_Build(void *d, const void *s, unsigned sal) |
313 |
|
{ |
314 |
|
struct suckaddr *sua; |
315 |
616842 |
const struct sockaddr *sa = s; |
316 |
|
unsigned l; // for flexelint |
317 |
|
|
318 |
616842 |
AN(s); |
319 |
616842 |
l = sua_len(sa); |
320 |
616842 |
if (l == 0 || l != sal) |
321 |
51 |
return (NULL); |
322 |
|
|
323 |
616801 |
if (d == NULL) { |
324 |
455677 |
d = malloc(vsa_suckaddr_len); |
325 |
455677 |
AN(d); |
326 |
455677 |
} |
327 |
|
|
328 |
616801 |
sua = d; |
329 |
|
|
330 |
616801 |
INIT_OBJ(sua, SUCKADDR_MAGIC); |
331 |
616801 |
switch (l) { |
332 |
|
case sizeof sua->u.sa4: |
333 |
492041 |
memcpy(&sua->u.sa4, s, l); |
334 |
492041 |
break; |
335 |
|
case sizeof sua->u.sa6: |
336 |
124760 |
memcpy(&sua->u.sa6, s, l); |
337 |
124760 |
break; |
338 |
|
default: |
339 |
0 |
WRONG("VSA protocol vs. size"); |
340 |
0 |
} |
341 |
|
#ifdef HAVE_STRUCT_SOCKADDR_SA_LEN |
342 |
616801 |
sua->u.sa.sa_len = (unsigned char)l; |
343 |
|
#endif |
344 |
616801 |
return (sua); |
345 |
616852 |
} |
346 |
|
|
347 |
|
const void * |
348 |
1577228 |
VSA_Get_Sockaddr(const struct suckaddr *sua, socklen_t *slp) |
349 |
|
{ |
350 |
|
socklen_t sl; |
351 |
|
|
352 |
1577228 |
CHECK_OBJ_NOTNULL(sua, SUCKADDR_MAGIC); |
353 |
1577228 |
AN(slp); |
354 |
1577228 |
sl = sua_len(&sua->u.sa); |
355 |
1577228 |
if (sl == 0) |
356 |
0 |
return (NULL); |
357 |
1577228 |
*slp = sl; |
358 |
1577228 |
return (&sua->u.sa); |
359 |
1577228 |
} |
360 |
|
|
361 |
|
int |
362 |
536219 |
VSA_Get_Proto(const struct suckaddr *sua) |
363 |
|
{ |
364 |
|
|
365 |
536219 |
CHECK_OBJ_NOTNULL(sua, SUCKADDR_MAGIC); |
366 |
536219 |
return (sua->u.sa.sa_family); |
367 |
|
} |
368 |
|
|
369 |
|
int |
370 |
4279710 |
VSA_Sane(const struct suckaddr *sua) |
371 |
|
{ |
372 |
4279710 |
return (VALID_OBJ(sua, SUCKADDR_MAGIC) && sua_len(&sua->u.sa) != 0); |
373 |
|
} |
374 |
|
|
375 |
|
int |
376 |
8494 |
VSA_Compare(const struct suckaddr *sua1, const struct suckaddr *sua2) |
377 |
|
{ |
378 |
|
|
379 |
8494 |
CHECK_OBJ_NOTNULL(sua1, SUCKADDR_MAGIC); |
380 |
8494 |
CHECK_OBJ_NOTNULL(sua2, SUCKADDR_MAGIC); |
381 |
8494 |
return (memcmp(sua1, sua2, vsa_suckaddr_len)); |
382 |
|
} |
383 |
|
|
384 |
|
int |
385 |
939 |
VSA_Compare_IP(const struct suckaddr *sua1, const struct suckaddr *sua2) |
386 |
|
{ |
387 |
|
|
388 |
939 |
assert(VSA_Sane(sua1)); |
389 |
939 |
assert(VSA_Sane(sua2)); |
390 |
|
|
391 |
939 |
if (sua1->u.sa.sa_family != sua2->u.sa.sa_family) |
392 |
0 |
return (-1); |
393 |
|
|
394 |
939 |
switch (sua1->u.sa.sa_family) { |
395 |
|
case PF_INET: |
396 |
1878 |
return (memcmp(&sua1->u.sa4.sin_addr, |
397 |
939 |
&sua2->u.sa4.sin_addr, sizeof(struct in_addr))); |
398 |
|
case PF_INET6: |
399 |
0 |
return (memcmp(&sua1->u.sa6.sin6_addr, |
400 |
0 |
&sua2->u.sa6.sin6_addr, sizeof(struct in6_addr))); |
401 |
|
default: |
402 |
0 |
WRONG("Just plain insane"); |
403 |
0 |
} |
404 |
0 |
NEEDLESS(return (-1)); |
405 |
939 |
} |
406 |
|
|
407 |
|
const struct suckaddr * |
408 |
131080 |
VSA_Clone(const struct suckaddr *sua) |
409 |
|
{ |
410 |
|
struct suckaddr *sua2; |
411 |
|
|
412 |
131080 |
assert(VSA_Sane(sua)); |
413 |
131080 |
sua2 = calloc(1, vsa_suckaddr_len); |
414 |
131080 |
XXXAN(sua2); |
415 |
131080 |
memcpy(sua2, sua, vsa_suckaddr_len); |
416 |
131080 |
return (sua2); |
417 |
|
} |
418 |
|
|
419 |
|
unsigned |
420 |
42800 |
VSA_Port(const struct suckaddr *sua) |
421 |
|
{ |
422 |
|
|
423 |
42800 |
CHECK_OBJ_NOTNULL(sua, SUCKADDR_MAGIC); |
424 |
42800 |
switch (sua->u.sa.sa_family) { |
425 |
|
case PF_INET: |
426 |
40880 |
return (ntohs(sua->u.sa4.sin_port)); |
427 |
|
case PF_INET6: |
428 |
1920 |
return (ntohs(sua->u.sa6.sin6_port)); |
429 |
|
default: |
430 |
0 |
return (0); |
431 |
|
} |
432 |
42800 |
} |
433 |
|
|
434 |
|
#define VSA_getname(which) \ |
435 |
|
const struct suckaddr * \ |
436 |
|
VSA_get ## which ## name(int fd, void *d, size_t l) \ |
437 |
|
{ \ |
438 |
|
struct suckaddr *sua; \ |
439 |
|
socklen_t sl; \ |
440 |
|
int r; \ |
441 |
|
\ |
442 |
|
AN(d); \ |
443 |
|
if (l != vsa_suckaddr_len) { \ |
444 |
|
errno = EINVAL; \ |
445 |
|
return (NULL); \ |
446 |
|
} \ |
447 |
|
\ |
448 |
|
sua = d; \ |
449 |
|
\ |
450 |
|
INIT_OBJ(sua, SUCKADDR_MAGIC); \ |
451 |
|
sl = sizeof(sua->u); \ |
452 |
|
r = get ## which ## name(fd, &sua->u.sa, &sl); \ |
453 |
|
\ |
454 |
|
return (r == 0 ? sua : NULL); \ |
455 |
|
} \ |
456 |
|
|
457 |
613623 |
VSA_getname(sock) |
458 |
310988 |
VSA_getname(peer) |
459 |
|
#undef VSA_getname |
460 |
|
|
461 |
|
void |
462 |
548275 |
VSA_free(const struct suckaddr **vsap) |
463 |
|
{ |
464 |
|
const struct suckaddr *vsa; |
465 |
|
|
466 |
548275 |
TAKE_OBJ_NOTNULL(vsa, vsap, SUCKADDR_MAGIC); |
467 |
548275 |
free(TRUST_ME(vsa)); |
468 |
548275 |
} |