proxy.c@ 54739

Last change on this file since 54739 was 54124, checked in by vboxsync, 10 years ago
NAT/Network: Add missing Id/@file/copyright headers.
Property svn:eol-style set to `native` Property svn:keywords set to `Id Revision`
File size: 17.1 KB

Line
1	/* $Id: proxy.c 54124 2015-02-10 11:22:04Z vboxsync $ */
2	/** @file
3	* NAT Network - proxy setup and utilities.
4	*/
5
6	/*
7	* Copyright (C) 2013-2014 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*/
17
18	#define LOG_GROUP LOG_GROUP_NAT_SERVICE
19
20	#include "winutils.h"
21
22	#include "proxy.h"
23	#include "proxy_pollmgr.h"
24	#include "portfwd.h"
25
26	#include "lwip/opt.h"
27
28	#include "lwip/sys.h"
29	#include "lwip/tcpip.h"
30
31	#ifndef RT_OS_WINDOWS
32	#include <sys/poll.h>
33	#include <sys/socket.h>
34	#include <netinet/in.h>
35	#include <arpa/inet.h>
36	#include <fcntl.h>
37	#include <stdio.h>
38	#include <iprt/string.h>
39	#include <unistd.h>
40	#include <err.h>
41	#else
42	# include <iprt/string.h>
43	#endif
44
45	#if defined(SOCK_NONBLOCK) && defined(RT_OS_NETBSD) /* XXX: PR kern/47569 */
46	# undef SOCK_NONBLOCK
47	#endif
48
49	#ifndef __arraycount
50	# define __arraycount(a) (sizeof(a)/sizeof(a[0]))
51	#endif
52
53	static FNRTSTRFORMATTYPE proxy_sockerr_rtstrfmt;
54
55	static SOCKET proxy_create_socket(int, int);
56
57	volatile struct proxy_options *g_proxy_options;
58	static sys_thread_t pollmgr_tid;
59
60	/* XXX: for mapping loopbacks to addresses in our network (ip4) */
61	struct netif *g_proxy_netif;
62
63
64	/*
65	* Called on the lwip thread (aka tcpip thread) from tcpip_init() via
66	* its "tcpip_init_done" callback. Raw API is ok to use here
67	* (e.g. rtadvd), but netconn API is not.
68	*/
69	void
70	proxy_init(struct netif proxy_netif, struct proxy_options opts)
71	{
72	int status;
73
74	LWIP_ASSERT1(opts != NULL);
75	LWIP_UNUSED_ARG(proxy_netif);
76
77	status = RTStrFormatTypeRegister("sockerr", proxy_sockerr_rtstrfmt, NULL);
78	AssertRC(status);
79
80	g_proxy_options = opts;
81	g_proxy_netif = proxy_netif;
82
83	#if 1
84	proxy_rtadvd_start(proxy_netif);
85	#endif
86
87	/*
88	* XXX: We use stateless DHCPv6 only to report IPv6 address(es) of
89	* nameserver(s). Since we don't yet support IPv6 addresses in
90	* HostDnsService, there's no point in running DHCPv6.
91	*/
92	#if 0
93	dhcp6ds_init(proxy_netif);
94	#endif
95
96	if (opts->tftp_root != NULL) {
97	tftpd_init(proxy_netif, opts->tftp_root);
98	}
99
100	status = pollmgr_init();
101	if (status < 0) {
102	errx(EXIT_FAILURE, "failed to initialize poll manager");
103	/* NOTREACHED */
104	}
105
106	pxtcp_init();
107	pxudp_init();
108
109	portfwd_init();
110
111	pxdns_init(proxy_netif);
112
113	pxping_init(proxy_netif, opts->icmpsock4, opts->icmpsock6);
114
115	pollmgr_tid = sys_thread_new("pollmgr_thread",
116	pollmgr_thread, NULL,
117	DEFAULT_THREAD_STACKSIZE,
118	DEFAULT_THREAD_PRIO);
119	if (!pollmgr_tid) {
120	errx(EXIT_FAILURE, "failed to create poll manager thread");
121	/* NOTREACHED */
122	}
123	}
124
125
126	#if !defined(RT_OS_WINDOWS)
127	/**
128	* Formatter for %R[sockerr] - unix strerror_r() version.
129	*/
130	static DECLCALLBACK(size_t)
131	proxy_sockerr_rtstrfmt(PFNRTSTROUTPUT pfnOutput, void *pvArgOutput,
132	const char pszType, const void pvValue,
133	int cchWidth, int cchPrecision, unsigned int fFlags,
134	void *pvUser)
135	{
136	const int error = (int)(intptr_t)pvValue;
137	size_t cb = 0;
138
139	const char *msg = NULL;
140	char buf[128];
141
142	NOREF(cchWidth);
143	NOREF(cchPrecision);
144	NOREF(fFlags);
145	NOREF(pvUser);
146
147	AssertReturn(strcmp(pszType, "sockerr") == 0, 0);
148
149	/* make sure return type mismatch is caught */
150	#if defined(RT_OS_LINUX) && defined(_GNU_SOURCE)
151	msg = strerror_r(error, buf, sizeof(buf));
152	#else
153	{
154	int status = strerror_r(error, buf, sizeof(buf));
155	msg = buf;
156	}
157	#endif
158	return RTStrFormat(pfnOutput, pvArgOutput, NULL, NULL, "%s", msg);
159	}
160
161	#else /* RT_OS_WINDOWS */
162
163	/**
164	* Formatter for %R[sockerr] - windows FormatMessage() version.
165	*/
166	static DECLCALLBACK(size_t)
167	proxy_sockerr_rtstrfmt(PFNRTSTROUTPUT pfnOutput, void *pvArgOutput,
168	const char pszType, const void pvValue,
169	int cchWidth, int cchPrecision, unsigned int fFlags,
170	void *pvUser)
171	{
172	const int error = (int)(intptr_t)pvValue;
173	size_t cb = 0;
174
175	NOREF(cchWidth);
176	NOREF(cchPrecision);
177	NOREF(fFlags);
178	NOREF(pvUser);
179
180	AssertReturn(strcmp(pszType, "sockerr") == 0, 0);
181
182	/*
183	* XXX: Windows strerror() doesn't handle posix error codes, but
184	* since winsock uses its own, it shouldn't be much of a problem.
185	* If you see a strange error message, it's probably from
186	* FormatMessage() for an error from <WinError.h> that has the
187	* same numeric value.
188	*/
189	if (error < _sys_nerr) {
190	char buf[128] = "";
191	int status;
192
193	status = strerror_s(buf, sizeof(buf), error);
194	if (status == 0) {
195	if (strcmp(buf, "Unknown error") == 0) {
196	/* windows strerror() doesn't add the numeric value */
197	cb += RTStrFormat(pfnOutput, pvArgOutput, NULL, NULL,
198	"Unknown error: %d", error);
199	}
200	else {
201	cb += RTStrFormat(pfnOutput, pvArgOutput, NULL, NULL,
202	"%s", buf);
203	}
204	}
205	else {
206	cb += RTStrFormat(pfnOutput, pvArgOutput, NULL, NULL,
207	"Unknown error: %d", error);
208	}
209	}
210	else {
211	DWORD nchars;
212	char *msg = NULL;
213
214	nchars = FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM
215	\| FORMAT_MESSAGE_ALLOCATE_BUFFER,
216	NULL, error, LANG_NEUTRAL,
217	(LPSTR)&msg, 0,
218	NULL);
219	if (nchars == 0 \|\| msg == NULL) {
220	cb += RTStrFormat(pfnOutput, pvArgOutput, NULL, NULL,
221	"Unknown error: %d", error);
222	}
223	else {
224	/* FormatMessage() "helpfully" adds newline; get rid of it */
225	char *crpos = strchr(msg, '\r');
226	if (crpos != NULL) {
227	*crpos = '\0';
228	}
229
230	cb += RTStrFormat(pfnOutput, pvArgOutput, NULL, NULL,
231	"%s", msg);
232	}
233
234	if (msg != NULL) {
235	LocalFree(msg);
236	}
237	}
238
239	return cb;
240	}
241	#endif /* RT_OS_WINDOWS */
242
243
244	/**
245	* Send static callback message from poll manager thread to lwip
246	* thread, scheduling a function call in lwip thread context.
247	*
248	* XXX: Existing lwip api only provides non-blocking version for this.
249	* It may fail when lwip thread is not running (mbox invalid) or if
250	* post failed (mbox full). How to handle these?
251	*/
252	void
253	proxy_lwip_post(struct tcpip_msg *msg)
254	{
255	struct tcpip_callback_msg *m;
256	err_t error;
257
258	LWIP_ASSERT1(msg != NULL);
259
260	/*
261	* lwip plays games with fake incomplete struct tag to enforce API
262	*/
263	m = (struct tcpip_callback_msg *)msg;
264	error = tcpip_callbackmsg(m);
265
266	if (error == ERR_VAL) {
267	/* XXX: lwip thread is not running (mbox invalid) */
268	LWIP_ASSERT1(error != ERR_VAL);
269	}
270
271	LWIP_ASSERT1(error == ERR_OK);
272	}
273
274
275	/**
276	* Create a non-blocking socket. Disable SIGPIPE for TCP sockets if
277	* possible. On Linux it's not possible and should be disabled for
278	* each send(2) individually.
279	*/
280	static SOCKET
281	proxy_create_socket(int sdom, int stype)
282	{
283	SOCKET s;
284	int stype_and_flags;
285	int status;
286
287	LWIP_UNUSED_ARG(status); /* depends on ifdefs */
288
289
290	stype_and_flags = stype;
291
292	#if defined(SOCK_NONBLOCK)
293	stype_and_flags \|= SOCK_NONBLOCK;
294	#endif
295
296	/*
297	* Disable SIGPIPE on disconnected socket. It might be easier to
298	* forgo it and just use MSG_NOSIGNAL on each send*(2), since we
299	* have to do it for Linux anyway, but Darwin does NOT have that
300	* flag (but has SO_NOSIGPIPE socket option).
301	*/
302	#if !defined(SOCK_NOSIGPIPE) && !defined(SO_NOSIGPIPE) && !defined(MSG_NOSIGNAL)
303	#if 0 /* XXX: Solaris has neither, the program should ignore SIGPIPE globally */
304	#error Need a way to disable SIGPIPE on connection oriented sockets!
305	#endif
306	#endif
307
308	#if defined(SOCK_NOSIGPIPE)
309	if (stype == SOCK_STREAM) {
310	stype_and_flags \|= SOCK_NOSIGPIPE;
311	}
312	#endif
313
314	s = socket(sdom, stype_and_flags, 0);
315	if (s == INVALID_SOCKET) {
316	DPRINTF(("socket: %R[sockerr]\n", SOCKERRNO()));
317	return INVALID_SOCKET;
318	}
319
320	#if !defined(SOCK_NONBLOCK) && !defined(RT_OS_WINDOWS)
321	{
322	int sflags;
323
324	sflags = fcntl(s, F_GETFL, 0);
325	if (sflags < 0) {
326	DPRINTF(("F_GETFL: %R[sockerr]\n", SOCKERRNO()));
327	closesocket(s);
328	return INVALID_SOCKET;
329	}
330
331	status = fcntl(s, F_SETFL, sflags \| O_NONBLOCK);
332	if (status < 0) {
333	DPRINTF(("O_NONBLOCK: %R[sockerr]\n", SOCKERRNO()));
334	closesocket(s);
335	return INVALID_SOCKET;
336	}
337	}
338	#endif
339
340	#if !defined(SOCK_NOSIGPIPE) && defined(SO_NOSIGPIPE)
341	if (stype == SOCK_STREAM) {
342	int on = 1;
343	const socklen_t onlen = sizeof(on);
344
345	status = setsockopt(s, SOL_SOCKET, SO_NOSIGPIPE, &on, onlen);
346	if (status < 0) {
347	DPRINTF(("SO_NOSIGPIPE: %R[sockerr]\n", SOCKERRNO()));
348	closesocket(s);
349	return INVALID_SOCKET;
350	}
351	}
352	#endif
353
354	#if defined(RT_OS_WINDOWS)
355	{
356	u_long mode = 1;
357	status = ioctlsocket(s, FIONBIO, &mode);
358	if (status == SOCKET_ERROR) {
359	DPRINTF(("FIONBIO: %R[sockerr]\n", SOCKERRNO()));
360	closesocket(s);
361	return INVALID_SOCKET;
362	}
363	}
364	#endif
365
366	return s;
367	}
368
369
370	/**
371	* Create a socket for outbound connection to dst_addr:dst_port.
372	*
373	* The socket is non-blocking and TCP sockets has SIGPIPE disabled if
374	* possible. On Linux it's not possible and should be disabled for
375	* each send(2) individually.
376	*/
377	SOCKET
378	proxy_connected_socket(int sdom, int stype,
379	ipX_addr_t *dst_addr, u16_t dst_port)
380	{
381	struct sockaddr_in6 dst_sin6;
382	struct sockaddr_in dst_sin;
383	struct sockaddr *pdst_sa;
384	socklen_t dst_sa_len;
385	void *pdst_addr;
386	const struct sockaddr *psrc_sa;
387	socklen_t src_sa_len;
388	int status;
389	int sockerr;
390	SOCKET s;
391
392	LWIP_ASSERT1(sdom == PF_INET \|\| sdom == PF_INET6);
393	LWIP_ASSERT1(stype == SOCK_STREAM \|\| stype == SOCK_DGRAM);
394
395	DPRINTF(("---> %s ", stype == SOCK_STREAM ? "TCP" : "UDP"));
396	if (sdom == PF_INET6) {
397	pdst_sa = (struct sockaddr *)&dst_sin6;
398	pdst_addr = (void *)&dst_sin6.sin6_addr;
399
400	memset(&dst_sin6, 0, sizeof(dst_sin6));
401	#if HAVE_SA_LEN
402	dst_sin6.sin6_len =
403	#endif
404	dst_sa_len = sizeof(dst_sin6);
405	dst_sin6.sin6_family = AF_INET6;
406	memcpy(&dst_sin6.sin6_addr, &dst_addr->ip6, sizeof(ip6_addr_t));
407	dst_sin6.sin6_port = htons(dst_port);
408
409	DPRINTF(("[%RTnaipv6]:%d ", &dst_sin6.sin6_addr, dst_port));
410	}
411	else { /* sdom = PF_INET */
412	pdst_sa = (struct sockaddr *)&dst_sin;
413	pdst_addr = (void *)&dst_sin.sin_addr;
414
415	memset(&dst_sin, 0, sizeof(dst_sin));
416	#if HAVE_SA_LEN
417	dst_sin.sin_len =
418	#endif
419	dst_sa_len = sizeof(dst_sin);
420	dst_sin.sin_family = AF_INET;
421	dst_sin.sin_addr.s_addr = dst_addr->ip4.addr; /* byte-order? */
422	dst_sin.sin_port = htons(dst_port);
423
424	DPRINTF(("%RTnaipv4:%d ", dst_sin.sin_addr.s_addr, dst_port));
425	}
426
427	s = proxy_create_socket(sdom, stype);
428	if (s == INVALID_SOCKET) {
429	return INVALID_SOCKET;
430	}
431	DPRINTF(("socket %d\n", s));
432
433	/* TODO: needs locking if dynamic modifyvm is allowed */
434	if (sdom == PF_INET6) {
435	psrc_sa = (const struct sockaddr *)g_proxy_options->src6;
436	src_sa_len = sizeof(struct sockaddr_in6);
437	}
438	else {
439	psrc_sa = (const struct sockaddr *)g_proxy_options->src4;
440	src_sa_len = sizeof(struct sockaddr_in);
441	}
442	if (psrc_sa != NULL) {
443	status = bind(s, psrc_sa, src_sa_len);
444	if (status == SOCKET_ERROR) {
445	sockerr = SOCKERRNO();
446	DPRINTF(("socket %d: bind: %R[sockerr]\n", s, sockerr));
447	closesocket(s);
448	SET_SOCKERRNO(sockerr);
449	return INVALID_SOCKET;
450	}
451	}
452
453	status = connect(s, pdst_sa, dst_sa_len);
454	if (status == SOCKET_ERROR
455	#if !defined(RT_OS_WINDOWS)
456	&& SOCKERRNO() != EINPROGRESS
457	#else
458	&& SOCKERRNO() != EWOULDBLOCK
459	#endif
460	)
461	{
462	sockerr = SOCKERRNO();
463	DPRINTF(("socket %d: connect: %R[sockerr]\n", s, sockerr));
464	closesocket(s);
465	SET_SOCKERRNO(sockerr);
466	return INVALID_SOCKET;
467	}
468
469	return s;
470	}
471
472
473	/**
474	* Create a socket for inbound (port-forwarded) connections to
475	* src_addr (port is part of sockaddr, so not a separate argument).
476	*
477	* The socket is non-blocking and TCP sockets has SIGPIPE disabled if
478	* possible. On Linux it's not possible and should be disabled for
479	* each send(2) individually.
480	*
481	* TODO?: Support v6-mapped v4 so that user can specify she wants
482	* "udp" and get both versions?
483	*/
484	SOCKET
485	proxy_bound_socket(int sdom, int stype, struct sockaddr *src_addr)
486	{
487	SOCKET s;
488	int on;
489	const socklen_t onlen = sizeof(on);
490	int status;
491	int sockerr;
492
493	s = proxy_create_socket(sdom, stype);
494	if (s == INVALID_SOCKET) {
495	return INVALID_SOCKET;
496	}
497	DPRINTF(("socket %d\n", s));
498
499	on = 1;
500	status = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, onlen);
501	if (status < 0) { /* not good, but not fatal */
502	DPRINTF(("SO_REUSEADDR: %R[sockerr]\n", SOCKERRNO()));
503	}
504
505	status = bind(s, src_addr,
506	sdom == PF_INET ?
507	sizeof(struct sockaddr_in)
508	: sizeof(struct sockaddr_in6));
509	if (status == SOCKET_ERROR) {
510	sockerr = SOCKERRNO();
511	DPRINTF(("bind: %R[sockerr]\n", sockerr));
512	closesocket(s);
513	SET_SOCKERRNO(sockerr);
514	return INVALID_SOCKET;
515	}
516
517	if (stype == SOCK_STREAM) {
518	status = listen(s, 5);
519	if (status == SOCKET_ERROR) {
520	sockerr = SOCKERRNO();
521	DPRINTF(("listen: %R[sockerr]\n", sockerr));
522	closesocket(s);
523	SET_SOCKERRNO(sockerr);
524	return INVALID_SOCKET;
525	}
526	}
527
528	return s;
529	}
530
531
532	void
533	proxy_reset_socket(SOCKET s)
534	{
535	struct linger linger;
536
537	linger.l_onoff = 1;
538	linger.l_linger = 0;
539
540	/* On Windows we can run into issue here, perhaps SO_LINGER isn't enough, and
541	* we should use WSA{Send,Recv}Disconnect instead.
542	*
543	* Links for the reference:
544	* http://msdn.microsoft.com/en-us/library/windows/desktop/ms738547%28v=vs.85%29.aspx
545	* http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4468997
546	*/
547	setsockopt(s, SOL_SOCKET, SO_LINGER, (char *)&linger, sizeof(linger));
548
549	closesocket(s);
550	}
551
552
553	int
554	proxy_sendto(SOCKET sock, struct pbuf p, void name, size_t namelen)
555	{
556	struct pbuf *q;
557	size_t i, clen;
558	#ifndef RT_OS_WINDOWS
559	struct msghdr mh;
560	ssize_t nsent;
561	#else
562	DWORD nsent;
563	#endif
564	int rc;
565	IOVEC fixiov[8]; /* fixed size (typical case) */
566	const size_t fixiovsize = sizeof(fixiov)/sizeof(fixiov[0]);
567	IOVEC dyniov; / dynamically sized */
568	IOVEC *iov;
569	int error = 0;
570
571	/*
572	* Static iov[] is usually enough since UDP protocols use small
573	* datagrams to avoid fragmentation, but be prepared.
574	*/
575	clen = pbuf_clen(p);
576	if (clen > fixiovsize) {
577	/*
578	* XXX: TODO: check that clen is shorter than IOV_MAX
579	*/
580	dyniov = (IOVEC )malloc(clen sizeof(*dyniov));
581	if (dyniov == NULL) {
582	error = -errno; /* sic: not a socket error */
583	goto out;
584	}
585	iov = dyniov;
586	}
587	else {
588	dyniov = NULL;
589	iov = fixiov;
590	}
591
592
593	for (q = p, i = 0; i < clen; q = q->next, ++i) {
594	LWIP_ASSERT1(q != NULL);
595
596	IOVEC_SET_BASE(iov[i], q->payload);
597	IOVEC_SET_LEN(iov[i], q->len);
598	}
599
600	#ifndef RT_OS_WINDOWS
601	memset(&mh, 0, sizeof(mh));
602	mh.msg_name = name;
603	mh.msg_namelen = namelen;
604	mh.msg_iov = iov;
605	mh.msg_iovlen = clen;
606
607	nsent = sendmsg(sock, &mh, 0);
608	rc = (nsent >= 0) ? 0 : SOCKET_ERROR;
609	#else
610	rc = WSASendTo(sock, iov, (DWORD)clen, &nsent, 0,
611	name, (int)namelen, NULL, NULL);
612	#endif
613	if (rc == SOCKET_ERROR) {
614	error = SOCKERRNO();
615	DPRINTF(("%s: socket %d: sendmsg: %R[sockerr]\n",
616	__func__, sock, error));
617	error = -error;
618	}
619
620	out:
621	if (dyniov != NULL) {
622	free(dyniov);
623	}
624	return error;
625	}
626
627
628	static const char *lwiperr[] = {
629	"ERR_OK",
630	"ERR_MEM",
631	"ERR_BUF",
632	"ERR_TIMEOUT",
633	"ERR_RTE",
634	"ERR_INPROGRESS",
635	"ERR_VAL",
636	"ERR_WOULDBLOCK",
637	"ERR_USE",
638	"ERR_ISCONN",
639	"ERR_ABRT",
640	"ERR_RST",
641	"ERR_CLSD",
642	"ERR_CONN",
643	"ERR_ARG",
644	"ERR_IF"
645	};
646
647
648	const char *
649	proxy_lwip_strerr(err_t error)
650	{
651	static char buf[32];
652	int e = -error;
653
654	if (0 <= e && e < (int)__arraycount(lwiperr)) {
655	return lwiperr[e];
656	}
657	else {
658	RTStrPrintf(buf, sizeof(buf), "unknown error %d", error);
659	return buf;
660	}
661	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/VBox/NetworkServices/NAT/proxy.c@ 54739

Download in other formats: