Changeset 87449 in vbox for trunk/src/VBox/NetworkServices

Timestamp:

Jan 27, 2021 1:05:45 AM (4 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

142467

Message:

NAT/Net: Refactor some more. Move the code to create raw sockets out
of main into their own methods, call them during initialization. Get
rid of the now unused global pointer to the singleton nat object
(where we need the back-reference, we have it via a callback cookie).
Do not allocate the singleton dynamically.

File:

• trunk/src/VBox/NetworkServices/NAT/VBoxNetLwipNAT.cpp (modified) (12 diffs)

trunk/src/VBox/NetworkServices/NAT/VBoxNetLwipNAT.cpp

@@ -167 +167 @@
 
 
-  public:
-    VBoxNetLwipNAT(SOCKET icmpsock4, SOCKET icmpsock6);
+public:
+    VBoxNetLwipNAT();
     virtual ~VBoxNetLwipNAT();
 
@@ -179 +179 @@
 
     virtual int init();
+    virtual int run();
+
+private:
+    void createRawSock4();
+    void createRawSock6();
 
     static DECLCALLBACK(void) onLwipTcpIpInit(void *arg);
     static DECLCALLBACK(void) onLwipTcpIpFini(void *arg);
     static err_t netifInit(netif *pNetif) RT_NOTHROW_PROTO;
-
-    virtual int run();
 
     HRESULT HandleEvent(VBoxEventType_T aEventType, IEvent *pEvent);
@@ -205 +208 @@
 INTNETSEG VBoxNetLwipNAT::aXmitSeg[64];
 
-static VBoxNetLwipNAT *g_pLwipNat;
-
-
-
-VBoxNetLwipNAT::VBoxNetLwipNAT(SOCKET icmpsock4, SOCKET icmpsock6)
+
+
+VBoxNetLwipNAT::VBoxNetLwipNAT()
   : VBoxNetBaseService("VBoxNetNAT", "nat-network")
 {
@@ -216 +217 @@
     m_ProxyOptions.ipv6_enabled = 0;
     m_ProxyOptions.ipv6_defroute = 0;
-    m_ProxyOptions.icmpsock4 = icmpsock4;
-    m_ProxyOptions.icmpsock6 = icmpsock6;
+    m_ProxyOptions.icmpsock4 = INVALID_SOCKET;
+    m_ProxyOptions.icmpsock6 = INVALID_SOCKET;
     m_ProxyOptions.tftp_root = NULL;
     m_ProxyOptions.src4 = NULL;
@@ -376 +377 @@
 
     /*
-     * Bind outgoing connections to the specified IP.
+     * IPv4 source address, if configured.
      */
-    com::Bstr bstrSourceIpX;
-
-    /* IPv4 */
+    com::Bstr bstrSourceIp4;
     com::Bstr bstrSourceIp4Key = com::BstrFmt("NAT/%s/SourceIp4", networkName.c_str());
-    hrc = virtualbox->GetExtraData(bstrSourceIp4Key.raw(), bstrSourceIpX.asOutParam());
-    if (SUCCEEDED(hrc) && bstrSourceIpX.isNotEmpty())
+    hrc = virtualbox->GetExtraData(bstrSourceIp4Key.raw(), bstrSourceIp4.asOutParam());
+    if (SUCCEEDED(hrc) && bstrSourceIp4.isNotEmpty())
     {
         RTNETADDRIPV4 addr;
-        rc = RTNetStrToIPv4Addr(com::Utf8Str(bstrSourceIpX).c_str(), &addr);
+        rc = RTNetStrToIPv4Addr(com::Utf8Str(bstrSourceIp4).c_str(), &addr);
         if (RT_SUCCESS(rc))
         {
@@ -398 +397 @@
         {
             LogRel(("Failed to parse \"%s\" IPv4 source address specification\n",
-                    com::Utf8Str(bstrSourceIpX).c_str()));
-        }
-
-        bstrSourceIpX.setNull();
-    }
-
-    /* IPv6 */
-    com::Bstr bstrSourceIp6Key = com::BstrFmt("NAT/%s/SourceIp6", networkName.c_str());
-    hrc = virtualbox->GetExtraData(bstrSourceIp6Key.raw(), bstrSourceIpX.asOutParam());
-    if (SUCCEEDED(hrc) && bstrSourceIpX.isNotEmpty())
-    {
-        RTNETADDRIPV6 addr;
-        char *pszZone = NULL;
-        rc = RTNetStrToIPv6Addr(com::Utf8Str(bstrSourceIpX).c_str(), &addr, &pszZone);
-        if (RT_SUCCESS(rc))
-        {
-            memcpy(&m_src6.sin6_addr, &addr, sizeof(addr));
-            m_ProxyOptions.src6 = &m_src6;
-
-            LogRel(("Will use %RTnaipv6 as IPv6 source address\n",
-                    &m_src6.sin6_addr));
-        }
-        else
-        {
-            LogRel(("Failed to parse \"%s\" IPv6 source address specification\n",
-                    com::Utf8Str(bstrSourceIpX).c_str()));
-        }
-
-        bstrSourceIpX.setNull();
-    }
+                    com::Utf8Str(bstrSourceIp4).c_str()));
+        }
+    }
+
+    /*
+     * IPv6 source address, if configured.
+     */
+    if (fIPv6Enabled)
+    {
+        com::Bstr bstrSourceIp6;
+        com::Bstr bstrSourceIp6Key = com::BstrFmt("NAT/%s/SourceIp6", networkName.c_str());
+        hrc = virtualbox->GetExtraData(bstrSourceIp6Key.raw(), bstrSourceIp6.asOutParam());
+        if (SUCCEEDED(hrc) && bstrSourceIp6.isNotEmpty())
+        {
+            RTNETADDRIPV6 addr;
+            char *pszZone = NULL;
+            rc = RTNetStrToIPv6Addr(com::Utf8Str(bstrSourceIp6).c_str(), &addr, &pszZone);
+            if (RT_SUCCESS(rc))
+            {
+                memcpy(&m_src6.sin6_addr, &addr, sizeof(addr));
+                m_ProxyOptions.src6 = &m_src6;
+
+                LogRel(("Will use %RTnaipv6 as IPv6 source address\n",
+                        &m_src6.sin6_addr));
+            }
+            else
+            {
+                LogRel(("Failed to parse \"%s\" IPv6 source address specification\n",
+                        com::Utf8Str(bstrSourceIp6).c_str()));
+            }
+        }
+    }
+
+
+    createRawSock4();
+    if (fIPv6Enabled)
+        createRawSock6();
 
 
@@ -481 +487 @@
     LogFlowFuncLeaveRC(rc);
     return rc;
+}
+
+
+/**
+ * Create raw IPv4 socket for sending and snooping ICMP.
+ */
+void VBoxNetLwipNAT::createRawSock4()
+{
+    SOCKET icmpsock4 = INVALID_SOCKET;
+
+#ifndef RT_OS_DARWIN
+    const int icmpstype = SOCK_RAW;
+#else
+    /* on OS X it's not privileged */
+    const int icmpstype = SOCK_DGRAM;
+#endif
+
+    icmpsock4 = socket(AF_INET, icmpstype, IPPROTO_ICMP);
+    if (icmpsock4 == INVALID_SOCKET)
+    {
+        perror("IPPROTO_ICMP");
+#ifdef VBOX_RAWSOCK_DEBUG_HELPER
+        icmpsock4 = getrawsock(AF_INET);
+#endif
+    }
+
+    if (icmpsock4 != INVALID_SOCKET)
+    {
+#ifdef ICMP_FILTER              //  Linux specific
+        struct icmp_filter flt = {
+            ~(uint32_t)(
+                  (1U << ICMP_ECHOREPLY)
+                | (1U << ICMP_DEST_UNREACH)
+                | (1U << ICMP_TIME_EXCEEDED)
+            )
+        };
+
+        int status = setsockopt(icmpsock4, SOL_RAW, ICMP_FILTER,
+                                &flt, sizeof(flt));
+        if (status < 0)
+        {
+            perror("ICMP_FILTER");
+        }
+#endif
+    }
+
+    m_ProxyOptions.icmpsock4 = icmpsock4;
+}
+
+
+/**
+ * Create raw IPv6 socket for sending and snooping ICMP6.
+ */
+void VBoxNetLwipNAT::createRawSock6()
+{
+    SOCKET icmpsock6 = INVALID_SOCKET;
+
+#ifndef RT_OS_DARWIN
+    const int icmpstype = SOCK_RAW;
+#else
+    /* on OS X it's not privileged */
+    const int icmpstype = SOCK_DGRAM;
+#endif
+
+    icmpsock6 = socket(AF_INET6, icmpstype, IPPROTO_ICMPV6);
+    if (icmpsock6 == INVALID_SOCKET)
+    {
+        perror("IPPROTO_ICMPV6");
+#ifdef VBOX_RAWSOCK_DEBUG_HELPER
+        icmpsock6 = getrawsock(AF_INET6);
+#endif
+    }
+
+    if (icmpsock6 != INVALID_SOCKET)
+    {
+#ifdef ICMP6_FILTER             // Windows doesn't support RFC 3542 API
+        /*
+         * XXX: We do this here for now, not in pxping.c, to avoid
+         * name clashes between lwIP and system headers.
+         */
+        struct icmp6_filter flt;
+        ICMP6_FILTER_SETBLOCKALL(&flt);
+
+        ICMP6_FILTER_SETPASS(ICMP6_ECHO_REPLY, &flt);
+
+        ICMP6_FILTER_SETPASS(ICMP6_DST_UNREACH, &flt);
+        ICMP6_FILTER_SETPASS(ICMP6_PACKET_TOO_BIG, &flt);
+        ICMP6_FILTER_SETPASS(ICMP6_TIME_EXCEEDED, &flt);
+        ICMP6_FILTER_SETPASS(ICMP6_PARAM_PROB, &flt);
+
+        int status = setsockopt(icmpsock6, IPPROTO_ICMPV6, ICMP6_FILTER,
+                                &flt, sizeof(flt));
+        if (status < 0)
+        {
+            perror("ICMP6_FILTER");
+        }
+#endif
+    }
+
+    m_ProxyOptions.icmpsock6 = icmpsock6;
 }
 
@@ -922 +1028 @@
 
 /**
- * Fetch port-forwarding rules from the API.
+ * Read the list of host's resolvers via the API.
+ *
+ * Called during initialization and in response to the
+ * VBoxEventType_OnHostNameResolutionConfigurationChange event.
+ */
+const char **VBoxNetLwipNAT::getHostNameservers()
+{
+    if (m_host.isNull())
+        return NULL;
+
+    com::SafeArray<BSTR> aNameServers;
+    HRESULT hrc = m_host->COMGETTER(NameServers)(ComSafeArrayAsOutParam(aNameServers));
+    if (FAILED(hrc))
+        return NULL;
+
+    const size_t cNameServers = aNameServers.size();
+    if (cNameServers == 0)
+        return NULL;
+
+    const char **ppcszNameServers =
+        (const char **)RTMemAllocZ(sizeof(char *) * (cNameServers + 1));
+    if (ppcszNameServers == NULL)
+        return NULL;
+
+    size_t idxLast = 0;
+    for (size_t i = 0; i < cNameServers; ++i)
+    {
+        com::Utf8Str strNameServer(aNameServers[i]);
+        ppcszNameServers[idxLast] = RTStrDup(strNameServer.c_str());
+        if (ppcszNameServers[idxLast] != NULL)
+            ++idxLast;
+    }
+
+    if (idxLast == 0)
+    {
+        RTMemFree(ppcszNameServers);
+        return NULL;
+    }
+
+    return ppcszNameServers;
+}
+
+
+/**
+ * Fetch port-forwarding rules via the API.
  *
  * Reads the initial sets of rules from VBoxSVC.  The rules will be
@@ -1051 +1201 @@
                 natPf.Pfr.szPfrName));
     return VERR_IGNORED;
-}
-
-
-const char **VBoxNetLwipNAT::getHostNameservers()
-{
-    if (m_host.isNull())
-        return NULL;
-
-    com::SafeArray<BSTR> aNameServers;
-    HRESULT hrc = m_host->COMGETTER(NameServers)(ComSafeArrayAsOutParam(aNameServers));
-    if (FAILED(hrc))
-        return NULL;
-
-    const size_t cNameServers = aNameServers.size();
-    if (cNameServers == 0)
-        return NULL;
-
-    const char **ppcszNameServers =
-        (const char **)RTMemAllocZ(sizeof(char *) * (cNameServers + 1));
-    if (ppcszNameServers == NULL)
-        return NULL;
-
-    size_t idxLast = 0;
-    for (size_t i = 0; i < cNameServers; ++i)
-    {
-        com::Utf8Str strNameServer(aNameServers[i]);
-        ppcszNameServers[idxLast] = RTStrDup(strNameServer.c_str());
-        if (ppcszNameServers[idxLast] != NULL)
-            ++idxLast;
-    }
-
-    if (idxLast == 0)
-    {
-        RTMemFree(ppcszNameServers);
-        return NULL;
-    }
-
-    return ppcszNameServers;
 }
 
@@ -1366 +1478 @@
     {
         fprintf(stderr, "wsastartup: failed (%d)\n", err);
-        return 1;
+        return RTEXITCODE_INIT;
     }
 #endif
@@ -1382 +1494 @@
             if (RT_SUCCESS(vrc))
             {
-                return RTMsgErrorExit(RTEXITCODE_FAILURE,
+                return RTMsgErrorExit(RTEXITCODE_INIT,
                                       "Failed to initialize COM: %s: %Rhrf",
                                       szHome, hrc);
@@ -1388 +1500 @@
         }
 #endif  // VBOX_WITH_XPCOM
-        return RTMsgErrorExit(RTEXITCODE_FAILURE,
+        return RTMsgErrorExit(RTEXITCODE_INIT,
                               "Failed to initialize COM: %Rhrf", hrc);
     }
 
-
-    SOCKET icmpsock4 = INVALID_SOCKET;
-    SOCKET icmpsock6 = INVALID_SOCKET;
-#ifndef RT_OS_DARWIN
-    const int icmpstype = SOCK_RAW;
-#else
-    /* on OS X it's not privileged */
-    const int icmpstype = SOCK_DGRAM;
-#endif
-
-    icmpsock4 = socket(AF_INET, icmpstype, IPPROTO_ICMP);
-    if (icmpsock4 == INVALID_SOCKET)
-    {
-        perror("IPPROTO_ICMP");
-#ifdef VBOX_RAWSOCK_DEBUG_HELPER
-        icmpsock4 = getrawsock(AF_INET);
-#endif
-    }
-
-    if (icmpsock4 != INVALID_SOCKET)
-    {
-#ifdef ICMP_FILTER              //  Linux specific
-        struct icmp_filter flt = {
-            ~(uint32_t)(
-                  (1U << ICMP_ECHOREPLY)
-                | (1U << ICMP_DEST_UNREACH)
-                | (1U << ICMP_TIME_EXCEEDED)
-            )
-        };
-
-        int status = setsockopt(icmpsock4, SOL_RAW, ICMP_FILTER,
-                                &flt, sizeof(flt));
-        if (status < 0)
-        {
-            perror("ICMP_FILTER");
-        }
-#endif
-    }
-
-    icmpsock6 = socket(AF_INET6, icmpstype, IPPROTO_ICMPV6);
-    if (icmpsock6 == INVALID_SOCKET)
-    {
-        perror("IPPROTO_ICMPV6");
-#ifdef VBOX_RAWSOCK_DEBUG_HELPER
-        icmpsock6 = getrawsock(AF_INET6);
-#endif
-    }
-
-    if (icmpsock6 != INVALID_SOCKET)
-    {
-#ifdef ICMP6_FILTER             // Windows doesn't support RFC 3542 API
-        /*
-         * XXX: We do this here for now, not in pxping.c, to avoid
-         * name clashes between lwIP and system headers.
-         */
-        struct icmp6_filter flt;
-        ICMP6_FILTER_SETBLOCKALL(&flt);
-
-        ICMP6_FILTER_SETPASS(ICMP6_ECHO_REPLY, &flt);
-
-        ICMP6_FILTER_SETPASS(ICMP6_DST_UNREACH, &flt);
-        ICMP6_FILTER_SETPASS(ICMP6_PACKET_TOO_BIG, &flt);
-        ICMP6_FILTER_SETPASS(ICMP6_TIME_EXCEEDED, &flt);
-        ICMP6_FILTER_SETPASS(ICMP6_PARAM_PROB, &flt);
-
-        int status = setsockopt(icmpsock6, IPPROTO_ICMPV6, ICMP6_FILTER,
-                                &flt, sizeof(flt));
-        if (status < 0)
-        {
-            perror("ICMP6_FILTER");
-        }
-#endif
-    }
-
-
-    g_pLwipNat = new VBoxNetLwipNAT(icmpsock4, icmpsock6);
+    VBoxNetLwipNAT NAT;
 
     Log2(("NAT: initialization\n"));
-    rc = g_pLwipNat->parseArgs(argc - 1, argv + 1);
+    rc = NAT.parseArgs(argc - 1, argv + 1);
     rc = (rc == 0) ? VINF_SUCCESS : VERR_GENERAL_FAILURE; /* XXX: FIXME */
 
     if (RT_SUCCESS(rc))
-        rc = g_pLwipNat->init();
+        rc = NAT.init();
 
     if (RT_SUCCESS(rc))
-        g_pLwipNat->run();
-
-    delete g_pLwipNat;
-    return 0;
+        NAT.run();
+
+    return RTEXITCODE_SUCCESS;
 }