1 // SPDX-License-Identifier: GPL-2.0
2 /* nettest - used for functional tests of networking APIs
3 *
4 * Copyright (c) 2013-2019 David Ahern <dsahern@gmail.com>. All rights reserved.
5 */
6
7 #define _GNU_SOURCE
8 #include <features.h>
9 #include <sys/types.h>
10 #include <sys/ioctl.h>
11 #include <sys/socket.h>
12 #include <sys/wait.h>
13 #include <linux/tcp.h>
14 #include <linux/udp.h>
15 #include <arpa/inet.h>
16 #include <net/if.h>
17 #include <netinet/in.h>
18 #include <netinet/ip.h>
19 #include <netdb.h>
20 #include <fcntl.h>
21 #include <libgen.h>
22 #include <limits.h>
23 #include <sched.h>
24 #include <stdarg.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <unistd.h>
29 #include <time.h>
30 #include <errno.h>
31 #include <getopt.h>
32
33 #include <linux/xfrm.h>
34 #include <linux/ipsec.h>
35 #include <linux/pfkeyv2.h>
36
37 #ifndef IPV6_UNICAST_IF
38 #define IPV6_UNICAST_IF 76
39 #endif
40 #ifndef IPV6_MULTICAST_IF
41 #define IPV6_MULTICAST_IF 17
42 #endif
43
44 #define DEFAULT_PORT 12345
45
46 #define NS_PREFIX "/run/netns/"
47
48 #ifndef MAX
49 #define MAX(a, b) ((a) > (b) ? (a) : (b))
50 #endif
51 #ifndef MIN
52 #define MIN(a, b) ((a) < (b) ? (a) : (b))
53 #endif
54
55 struct sock_args {
56 /* local address */
57 const char *local_addr_str;
58 const char *client_local_addr_str;
59 union {
60 struct in_addr in;
61 struct in6_addr in6;
62 } local_addr;
63
64 /* remote address */
65 const char *remote_addr_str;
66 union {
67 struct in_addr in;
68 struct in6_addr in6;
69 } remote_addr;
70 int scope_id; /* remote scope; v6 send only */
71
72 struct in_addr grp; /* multicast group */
73
74 unsigned int has_local_ip:1,
75 has_remote_ip:1,
76 has_grp:1,
77 has_expected_laddr:1,
78 has_expected_raddr:1,
79 bind_test_only:1;
80
81 unsigned short port;
82
83 int type; /* DGRAM, STREAM, RAW */
84 int protocol;
85 int version; /* AF_INET/AF_INET6 */
86
87 int use_setsockopt;
88 int use_cmsg;
89 const char *dev;
90 const char *server_dev;
91 int ifindex;
92
93 const char *clientns;
94 const char *serverns;
95
96 const char *password;
97 const char *client_pw;
98 /* prefix for MD5 password */
99 const char *md5_prefix_str;
100 union {
101 struct sockaddr_in v4;
102 struct sockaddr_in6 v6;
103 } md5_prefix;
104 unsigned int prefix_len;
105 /* 0: default, -1: force off, +1: force on */
106 int bind_key_ifindex;
107
108 /* expected addresses and device index for connection */
109 const char *expected_dev;
110 const char *expected_server_dev;
111 int expected_ifindex;
112
113 /* local address */
114 const char *expected_laddr_str;
115 union {
116 struct in_addr in;
117 struct in6_addr in6;
118 } expected_laddr;
119
120 /* remote address */
121 const char *expected_raddr_str;
122 union {
123 struct in_addr in;
124 struct in6_addr in6;
125 } expected_raddr;
126
127 /* ESP in UDP encap test */
128 int use_xfrm;
129 };
130
131 static int server_mode;
132 static unsigned int prog_timeout = 5;
133 static unsigned int interactive;
134 static int iter = 1;
135 static char *msg = "Hello world!";
136 static int msglen;
137 static int quiet;
138 static int try_broadcast = 1;
139
timestamp(char * timebuf,int buflen)140 static char *timestamp(char *timebuf, int buflen)
141 {
142 time_t now;
143
144 now = time(NULL);
145 if (strftime(timebuf, buflen, "%T", localtime(&now)) == 0) {
146 memset(timebuf, 0, buflen);
147 strncpy(timebuf, "00:00:00", buflen-1);
148 }
149
150 return timebuf;
151 }
152
log_msg(const char * format,...)153 static void log_msg(const char *format, ...)
154 {
155 char timebuf[64];
156 va_list args;
157
158 if (quiet)
159 return;
160
161 fprintf(stdout, "%s %s:",
162 timestamp(timebuf, sizeof(timebuf)),
163 server_mode ? "server" : "client");
164 va_start(args, format);
165 vfprintf(stdout, format, args);
166 va_end(args);
167
168 fflush(stdout);
169 }
170
log_error(const char * format,...)171 static void log_error(const char *format, ...)
172 {
173 char timebuf[64];
174 va_list args;
175
176 if (quiet)
177 return;
178
179 fprintf(stderr, "%s %s:",
180 timestamp(timebuf, sizeof(timebuf)),
181 server_mode ? "server" : "client");
182 va_start(args, format);
183 vfprintf(stderr, format, args);
184 va_end(args);
185
186 fflush(stderr);
187 }
188
log_err_errno(const char * fmt,...)189 static void log_err_errno(const char *fmt, ...)
190 {
191 char timebuf[64];
192 va_list args;
193
194 if (quiet)
195 return;
196
197 fprintf(stderr, "%s %s: ",
198 timestamp(timebuf, sizeof(timebuf)),
199 server_mode ? "server" : "client");
200 va_start(args, fmt);
201 vfprintf(stderr, fmt, args);
202 va_end(args);
203
204 fprintf(stderr, ": %d: %s\n", errno, strerror(errno));
205 fflush(stderr);
206 }
207
log_address(const char * desc,struct sockaddr * sa)208 static void log_address(const char *desc, struct sockaddr *sa)
209 {
210 char addrstr[64];
211
212 if (quiet)
213 return;
214
215 if (sa->sa_family == AF_INET) {
216 struct sockaddr_in *s = (struct sockaddr_in *) sa;
217
218 log_msg("%s %s:%d\n",
219 desc,
220 inet_ntop(AF_INET, &s->sin_addr, addrstr,
221 sizeof(addrstr)),
222 ntohs(s->sin_port));
223
224 } else if (sa->sa_family == AF_INET6) {
225 struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) sa;
226
227 log_msg("%s [%s]:%d\n",
228 desc,
229 inet_ntop(AF_INET6, &s6->sin6_addr, addrstr,
230 sizeof(addrstr)),
231 ntohs(s6->sin6_port));
232 }
233
234 fflush(stdout);
235 }
236
switch_ns(const char * ns)237 static int switch_ns(const char *ns)
238 {
239 char path[PATH_MAX];
240 int fd, ret;
241
242 if (geteuid())
243 log_error("warning: likely need root to set netns %s!\n", ns);
244
245 snprintf(path, sizeof(path), "%s%s", NS_PREFIX, ns);
246 fd = open(path, 0);
247 if (fd < 0) {
248 log_err_errno("Failed to open netns path; can not switch netns");
249 return 1;
250 }
251
252 ret = setns(fd, CLONE_NEWNET);
253 close(fd);
254
255 return ret;
256 }
257
tcp_md5sig(int sd,void * addr,socklen_t alen,struct sock_args * args)258 static int tcp_md5sig(int sd, void *addr, socklen_t alen, struct sock_args *args)
259 {
260 int keylen = strlen(args->password);
261 struct tcp_md5sig md5sig = {};
262 int opt = TCP_MD5SIG;
263 int rc;
264
265 md5sig.tcpm_keylen = keylen;
266 memcpy(md5sig.tcpm_key, args->password, keylen);
267
268 if (args->prefix_len) {
269 opt = TCP_MD5SIG_EXT;
270 md5sig.tcpm_flags |= TCP_MD5SIG_FLAG_PREFIX;
271
272 md5sig.tcpm_prefixlen = args->prefix_len;
273 addr = &args->md5_prefix;
274 }
275 memcpy(&md5sig.tcpm_addr, addr, alen);
276
277 if ((args->ifindex && args->bind_key_ifindex >= 0) || args->bind_key_ifindex >= 1) {
278 opt = TCP_MD5SIG_EXT;
279 md5sig.tcpm_flags |= TCP_MD5SIG_FLAG_IFINDEX;
280
281 md5sig.tcpm_ifindex = args->ifindex;
282 log_msg("TCP_MD5SIG_FLAG_IFINDEX set tcpm_ifindex=%d\n", md5sig.tcpm_ifindex);
283 } else {
284 log_msg("TCP_MD5SIG_FLAG_IFINDEX off\n", md5sig.tcpm_ifindex);
285 }
286
287 rc = setsockopt(sd, IPPROTO_TCP, opt, &md5sig, sizeof(md5sig));
288 if (rc < 0) {
289 /* ENOENT is harmless. Returned when a password is cleared */
290 if (errno == ENOENT)
291 rc = 0;
292 else
293 log_err_errno("setsockopt(TCP_MD5SIG)");
294 }
295
296 return rc;
297 }
298
tcp_md5_remote(int sd,struct sock_args * args)299 static int tcp_md5_remote(int sd, struct sock_args *args)
300 {
301 struct sockaddr_in sin = {
302 .sin_family = AF_INET,
303 };
304 struct sockaddr_in6 sin6 = {
305 .sin6_family = AF_INET6,
306 };
307 void *addr;
308 int alen;
309
310 switch (args->version) {
311 case AF_INET:
312 sin.sin_port = htons(args->port);
313 sin.sin_addr = args->md5_prefix.v4.sin_addr;
314 addr = &sin;
315 alen = sizeof(sin);
316 break;
317 case AF_INET6:
318 sin6.sin6_port = htons(args->port);
319 sin6.sin6_addr = args->md5_prefix.v6.sin6_addr;
320 addr = &sin6;
321 alen = sizeof(sin6);
322 break;
323 default:
324 log_error("unknown address family\n");
325 exit(1);
326 }
327
328 if (tcp_md5sig(sd, addr, alen, args))
329 return -1;
330
331 return 0;
332 }
333
get_ifidx(const char * ifname)334 static int get_ifidx(const char *ifname)
335 {
336 struct ifreq ifdata;
337 int sd, rc;
338
339 if (!ifname || *ifname == '\0')
340 return -1;
341
342 memset(&ifdata, 0, sizeof(ifdata));
343
344 strcpy(ifdata.ifr_name, ifname);
345
346 sd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
347 if (sd < 0) {
348 log_err_errno("socket failed");
349 return -1;
350 }
351
352 rc = ioctl(sd, SIOCGIFINDEX, (char *)&ifdata);
353 close(sd);
354 if (rc != 0) {
355 log_err_errno("ioctl(SIOCGIFINDEX) failed");
356 return -1;
357 }
358
359 return ifdata.ifr_ifindex;
360 }
361
bind_to_device(int sd,const char * name)362 static int bind_to_device(int sd, const char *name)
363 {
364 int rc;
365
366 rc = setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, name, strlen(name)+1);
367 if (rc < 0)
368 log_err_errno("setsockopt(SO_BINDTODEVICE)");
369
370 return rc;
371 }
372
get_bind_to_device(int sd,char * name,size_t len)373 static int get_bind_to_device(int sd, char *name, size_t len)
374 {
375 int rc;
376 socklen_t optlen = len;
377
378 name[0] = '\0';
379 rc = getsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, name, &optlen);
380 if (rc < 0)
381 log_err_errno("setsockopt(SO_BINDTODEVICE)");
382
383 return rc;
384 }
385
check_device(int sd,struct sock_args * args)386 static int check_device(int sd, struct sock_args *args)
387 {
388 int ifindex = 0;
389 char name[32];
390
391 if (get_bind_to_device(sd, name, sizeof(name)))
392 *name = '\0';
393 else
394 ifindex = get_ifidx(name);
395
396 log_msg(" bound to device %s/%d\n",
397 *name ? name : "<none>", ifindex);
398
399 if (!args->expected_ifindex)
400 return 0;
401
402 if (args->expected_ifindex != ifindex) {
403 log_error("Device index mismatch: expected %d have %d\n",
404 args->expected_ifindex, ifindex);
405 return 1;
406 }
407
408 log_msg("Device index matches: expected %d have %d\n",
409 args->expected_ifindex, ifindex);
410
411 return 0;
412 }
413
set_pktinfo_v4(int sd)414 static int set_pktinfo_v4(int sd)
415 {
416 int one = 1;
417 int rc;
418
419 rc = setsockopt(sd, SOL_IP, IP_PKTINFO, &one, sizeof(one));
420 if (rc < 0 && rc != -ENOTSUP)
421 log_err_errno("setsockopt(IP_PKTINFO)");
422
423 return rc;
424 }
425
set_recvpktinfo_v6(int sd)426 static int set_recvpktinfo_v6(int sd)
427 {
428 int one = 1;
429 int rc;
430
431 rc = setsockopt(sd, SOL_IPV6, IPV6_RECVPKTINFO, &one, sizeof(one));
432 if (rc < 0 && rc != -ENOTSUP)
433 log_err_errno("setsockopt(IPV6_RECVPKTINFO)");
434
435 return rc;
436 }
437
set_recverr_v4(int sd)438 static int set_recverr_v4(int sd)
439 {
440 int one = 1;
441 int rc;
442
443 rc = setsockopt(sd, SOL_IP, IP_RECVERR, &one, sizeof(one));
444 if (rc < 0 && rc != -ENOTSUP)
445 log_err_errno("setsockopt(IP_RECVERR)");
446
447 return rc;
448 }
449
set_recverr_v6(int sd)450 static int set_recverr_v6(int sd)
451 {
452 int one = 1;
453 int rc;
454
455 rc = setsockopt(sd, SOL_IPV6, IPV6_RECVERR, &one, sizeof(one));
456 if (rc < 0 && rc != -ENOTSUP)
457 log_err_errno("setsockopt(IPV6_RECVERR)");
458
459 return rc;
460 }
461
set_unicast_if(int sd,int ifindex,int version)462 static int set_unicast_if(int sd, int ifindex, int version)
463 {
464 int opt = IP_UNICAST_IF;
465 int level = SOL_IP;
466 int rc;
467
468 ifindex = htonl(ifindex);
469
470 if (version == AF_INET6) {
471 opt = IPV6_UNICAST_IF;
472 level = SOL_IPV6;
473 }
474 rc = setsockopt(sd, level, opt, &ifindex, sizeof(ifindex));
475 if (rc < 0)
476 log_err_errno("setsockopt(IP_UNICAST_IF)");
477
478 return rc;
479 }
480
set_multicast_if(int sd,int ifindex)481 static int set_multicast_if(int sd, int ifindex)
482 {
483 struct ip_mreqn mreq = { .imr_ifindex = ifindex };
484 int rc;
485
486 rc = setsockopt(sd, SOL_IP, IP_MULTICAST_IF, &mreq, sizeof(mreq));
487 if (rc < 0)
488 log_err_errno("setsockopt(IP_MULTICAST_IF)");
489
490 return rc;
491 }
492
set_membership(int sd,uint32_t grp,uint32_t addr,int ifindex)493 static int set_membership(int sd, uint32_t grp, uint32_t addr, int ifindex)
494 {
495 uint32_t if_addr = addr;
496 struct ip_mreqn mreq;
497 int rc;
498
499 if (addr == htonl(INADDR_ANY) && !ifindex) {
500 log_error("Either local address or device needs to be given for multicast membership\n");
501 return -1;
502 }
503
504 mreq.imr_multiaddr.s_addr = grp;
505 mreq.imr_address.s_addr = if_addr;
506 mreq.imr_ifindex = ifindex;
507
508 rc = setsockopt(sd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
509 if (rc < 0) {
510 log_err_errno("setsockopt(IP_ADD_MEMBERSHIP)");
511 return -1;
512 }
513
514 return 0;
515 }
516
set_broadcast(int sd)517 static int set_broadcast(int sd)
518 {
519 unsigned int one = 1;
520 int rc = 0;
521
522 if (setsockopt(sd, SOL_SOCKET, SO_BROADCAST, &one, sizeof(one)) != 0) {
523 log_err_errno("setsockopt(SO_BROADCAST)");
524 rc = -1;
525 }
526
527 return rc;
528 }
529
set_reuseport(int sd)530 static int set_reuseport(int sd)
531 {
532 unsigned int one = 1;
533 int rc = 0;
534
535 if (setsockopt(sd, SOL_SOCKET, SO_REUSEPORT, &one, sizeof(one)) != 0) {
536 log_err_errno("setsockopt(SO_REUSEPORT)");
537 rc = -1;
538 }
539
540 return rc;
541 }
542
set_reuseaddr(int sd)543 static int set_reuseaddr(int sd)
544 {
545 unsigned int one = 1;
546 int rc = 0;
547
548 if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) != 0) {
549 log_err_errno("setsockopt(SO_REUSEADDR)");
550 rc = -1;
551 }
552
553 return rc;
554 }
555
str_to_uint(const char * str,int min,int max,unsigned int * value)556 static int str_to_uint(const char *str, int min, int max, unsigned int *value)
557 {
558 int number;
559 char *end;
560
561 errno = 0;
562 number = (unsigned int) strtoul(str, &end, 0);
563
564 /* entire string should be consumed by conversion
565 * and value should be between min and max
566 */
567 if (((*end == '\0') || (*end == '\n')) && (end != str) &&
568 (errno != ERANGE) && (min <= number) && (number <= max)) {
569 *value = number;
570 return 0;
571 }
572
573 return -1;
574 }
575
resolve_devices(struct sock_args * args)576 static int resolve_devices(struct sock_args *args)
577 {
578 if (args->dev) {
579 args->ifindex = get_ifidx(args->dev);
580 if (args->ifindex < 0) {
581 log_error("Invalid device name\n");
582 return 1;
583 }
584 }
585
586 if (args->expected_dev) {
587 unsigned int tmp;
588
589 if (str_to_uint(args->expected_dev, 0, INT_MAX, &tmp) == 0) {
590 args->expected_ifindex = (int)tmp;
591 } else {
592 args->expected_ifindex = get_ifidx(args->expected_dev);
593 if (args->expected_ifindex < 0) {
594 fprintf(stderr, "Invalid expected device\n");
595 return 1;
596 }
597 }
598 }
599
600 return 0;
601 }
602
expected_addr_match(struct sockaddr * sa,void * expected,const char * desc)603 static int expected_addr_match(struct sockaddr *sa, void *expected,
604 const char *desc)
605 {
606 char addrstr[64];
607 int rc = 0;
608
609 if (sa->sa_family == AF_INET) {
610 struct sockaddr_in *s = (struct sockaddr_in *) sa;
611 struct in_addr *exp_in = (struct in_addr *) expected;
612
613 if (s->sin_addr.s_addr != exp_in->s_addr) {
614 log_error("%s address does not match expected %s\n",
615 desc,
616 inet_ntop(AF_INET, exp_in,
617 addrstr, sizeof(addrstr)));
618 rc = 1;
619 }
620 } else if (sa->sa_family == AF_INET6) {
621 struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) sa;
622 struct in6_addr *exp_in = (struct in6_addr *) expected;
623
624 if (memcmp(&s6->sin6_addr, exp_in, sizeof(*exp_in))) {
625 log_error("%s address does not match expected %s\n",
626 desc,
627 inet_ntop(AF_INET6, exp_in,
628 addrstr, sizeof(addrstr)));
629 rc = 1;
630 }
631 } else {
632 log_error("%s address does not match expected - unknown family\n",
633 desc);
634 rc = 1;
635 }
636
637 if (!rc)
638 log_msg("%s address matches expected\n", desc);
639
640 return rc;
641 }
642
show_sockstat(int sd,struct sock_args * args)643 static int show_sockstat(int sd, struct sock_args *args)
644 {
645 struct sockaddr_in6 local_addr, remote_addr;
646 socklen_t alen = sizeof(local_addr);
647 struct sockaddr *sa;
648 const char *desc;
649 int rc = 0;
650
651 desc = server_mode ? "server local:" : "client local:";
652 sa = (struct sockaddr *) &local_addr;
653 if (getsockname(sd, sa, &alen) == 0) {
654 log_address(desc, sa);
655
656 if (args->has_expected_laddr) {
657 rc = expected_addr_match(sa, &args->expected_laddr,
658 "local");
659 }
660 } else {
661 log_err_errno("getsockname failed");
662 }
663
664 sa = (struct sockaddr *) &remote_addr;
665 desc = server_mode ? "server peer:" : "client peer:";
666 if (getpeername(sd, sa, &alen) == 0) {
667 log_address(desc, sa);
668
669 if (args->has_expected_raddr) {
670 rc |= expected_addr_match(sa, &args->expected_raddr,
671 "remote");
672 }
673 } else {
674 log_err_errno("getpeername failed");
675 }
676
677 return rc;
678 }
679
680 enum addr_type {
681 ADDR_TYPE_LOCAL,
682 ADDR_TYPE_REMOTE,
683 ADDR_TYPE_MCAST,
684 ADDR_TYPE_EXPECTED_LOCAL,
685 ADDR_TYPE_EXPECTED_REMOTE,
686 ADDR_TYPE_MD5_PREFIX,
687 };
688
convert_addr(struct sock_args * args,const char * _str,enum addr_type atype)689 static int convert_addr(struct sock_args *args, const char *_str,
690 enum addr_type atype)
691 {
692 int pfx_len_max = args->version == AF_INET6 ? 128 : 32;
693 int family = args->version;
694 char *str, *dev, *sep;
695 struct in6_addr *in6;
696 struct in_addr *in;
697 const char *desc;
698 void *addr;
699 int rc = 0;
700
701 str = strdup(_str);
702 if (!str)
703 return -ENOMEM;
704
705 switch (atype) {
706 case ADDR_TYPE_LOCAL:
707 desc = "local";
708 addr = &args->local_addr;
709 break;
710 case ADDR_TYPE_REMOTE:
711 desc = "remote";
712 addr = &args->remote_addr;
713 break;
714 case ADDR_TYPE_MCAST:
715 desc = "mcast grp";
716 addr = &args->grp;
717 break;
718 case ADDR_TYPE_EXPECTED_LOCAL:
719 desc = "expected local";
720 addr = &args->expected_laddr;
721 break;
722 case ADDR_TYPE_EXPECTED_REMOTE:
723 desc = "expected remote";
724 addr = &args->expected_raddr;
725 break;
726 case ADDR_TYPE_MD5_PREFIX:
727 desc = "md5 prefix";
728 if (family == AF_INET) {
729 args->md5_prefix.v4.sin_family = AF_INET;
730 addr = &args->md5_prefix.v4.sin_addr;
731 } else if (family == AF_INET6) {
732 args->md5_prefix.v6.sin6_family = AF_INET6;
733 addr = &args->md5_prefix.v6.sin6_addr;
734 } else
735 return 1;
736
737 sep = strchr(str, '/');
738 if (sep) {
739 *sep = '\0';
740 sep++;
741 if (str_to_uint(sep, 1, pfx_len_max,
742 &args->prefix_len) != 0) {
743 fprintf(stderr, "Invalid port\n");
744 return 1;
745 }
746 } else {
747 args->prefix_len = 0;
748 }
749 break;
750 default:
751 log_error("unknown address type\n");
752 exit(1);
753 }
754
755 switch (family) {
756 case AF_INET:
757 in = (struct in_addr *) addr;
758 if (str) {
759 if (inet_pton(AF_INET, str, in) == 0) {
760 log_error("Invalid %s IP address\n", desc);
761 rc = -1;
762 goto out;
763 }
764 } else {
765 in->s_addr = htonl(INADDR_ANY);
766 }
767 break;
768
769 case AF_INET6:
770 dev = strchr(str, '%');
771 if (dev) {
772 *dev = '\0';
773 dev++;
774 }
775
776 in6 = (struct in6_addr *) addr;
777 if (str) {
778 if (inet_pton(AF_INET6, str, in6) == 0) {
779 log_error("Invalid %s IPv6 address\n", desc);
780 rc = -1;
781 goto out;
782 }
783 } else {
784 *in6 = in6addr_any;
785 }
786 if (dev) {
787 args->scope_id = get_ifidx(dev);
788 if (args->scope_id < 0) {
789 log_error("Invalid scope on %s IPv6 address\n",
790 desc);
791 rc = -1;
792 goto out;
793 }
794 }
795 break;
796
797 default:
798 log_error("Invalid address family\n");
799 }
800
801 out:
802 free(str);
803 return rc;
804 }
805
validate_addresses(struct sock_args * args)806 static int validate_addresses(struct sock_args *args)
807 {
808 if (args->local_addr_str &&
809 convert_addr(args, args->local_addr_str, ADDR_TYPE_LOCAL) < 0)
810 return 1;
811
812 if (args->remote_addr_str &&
813 convert_addr(args, args->remote_addr_str, ADDR_TYPE_REMOTE) < 0)
814 return 1;
815
816 if (args->md5_prefix_str &&
817 convert_addr(args, args->md5_prefix_str,
818 ADDR_TYPE_MD5_PREFIX) < 0)
819 return 1;
820
821 if (args->expected_laddr_str &&
822 convert_addr(args, args->expected_laddr_str,
823 ADDR_TYPE_EXPECTED_LOCAL))
824 return 1;
825
826 if (args->expected_raddr_str &&
827 convert_addr(args, args->expected_raddr_str,
828 ADDR_TYPE_EXPECTED_REMOTE))
829 return 1;
830
831 return 0;
832 }
833
get_index_from_cmsg(struct msghdr * m)834 static int get_index_from_cmsg(struct msghdr *m)
835 {
836 struct cmsghdr *cm;
837 int ifindex = 0;
838 char buf[64];
839
840 for (cm = (struct cmsghdr *)CMSG_FIRSTHDR(m);
841 m->msg_controllen != 0 && cm;
842 cm = (struct cmsghdr *)CMSG_NXTHDR(m, cm)) {
843
844 if (cm->cmsg_level == SOL_IP &&
845 cm->cmsg_type == IP_PKTINFO) {
846 struct in_pktinfo *pi;
847
848 pi = (struct in_pktinfo *)(CMSG_DATA(cm));
849 inet_ntop(AF_INET, &pi->ipi_addr, buf, sizeof(buf));
850 ifindex = pi->ipi_ifindex;
851 } else if (cm->cmsg_level == SOL_IPV6 &&
852 cm->cmsg_type == IPV6_PKTINFO) {
853 struct in6_pktinfo *pi6;
854
855 pi6 = (struct in6_pktinfo *)(CMSG_DATA(cm));
856 inet_ntop(AF_INET6, &pi6->ipi6_addr, buf, sizeof(buf));
857 ifindex = pi6->ipi6_ifindex;
858 }
859 }
860
861 if (ifindex) {
862 log_msg(" pktinfo: ifindex %d dest addr %s\n",
863 ifindex, buf);
864 }
865 return ifindex;
866 }
867
send_msg_no_cmsg(int sd,void * addr,socklen_t alen)868 static int send_msg_no_cmsg(int sd, void *addr, socklen_t alen)
869 {
870 int err;
871
872 again:
873 err = sendto(sd, msg, msglen, 0, addr, alen);
874 if (err < 0) {
875 if (errno == EACCES && try_broadcast) {
876 try_broadcast = 0;
877 if (!set_broadcast(sd))
878 goto again;
879 errno = EACCES;
880 }
881
882 log_err_errno("sendto failed");
883 return 1;
884 }
885
886 return 0;
887 }
888
send_msg_cmsg(int sd,void * addr,socklen_t alen,int ifindex,int version)889 static int send_msg_cmsg(int sd, void *addr, socklen_t alen,
890 int ifindex, int version)
891 {
892 unsigned char cmsgbuf[64];
893 struct iovec iov[2];
894 struct cmsghdr *cm;
895 struct msghdr m;
896 int err;
897
898 iov[0].iov_base = msg;
899 iov[0].iov_len = msglen;
900 m.msg_iov = iov;
901 m.msg_iovlen = 1;
902 m.msg_name = (caddr_t)addr;
903 m.msg_namelen = alen;
904
905 memset(cmsgbuf, 0, sizeof(cmsgbuf));
906 cm = (struct cmsghdr *)cmsgbuf;
907 m.msg_control = (caddr_t)cm;
908
909 if (version == AF_INET) {
910 struct in_pktinfo *pi;
911
912 cm->cmsg_level = SOL_IP;
913 cm->cmsg_type = IP_PKTINFO;
914 cm->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo));
915 pi = (struct in_pktinfo *)(CMSG_DATA(cm));
916 pi->ipi_ifindex = ifindex;
917
918 m.msg_controllen = cm->cmsg_len;
919
920 } else if (version == AF_INET6) {
921 struct in6_pktinfo *pi6;
922
923 cm->cmsg_level = SOL_IPV6;
924 cm->cmsg_type = IPV6_PKTINFO;
925 cm->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
926
927 pi6 = (struct in6_pktinfo *)(CMSG_DATA(cm));
928 pi6->ipi6_ifindex = ifindex;
929
930 m.msg_controllen = cm->cmsg_len;
931 }
932
933 again:
934 err = sendmsg(sd, &m, 0);
935 if (err < 0) {
936 if (errno == EACCES && try_broadcast) {
937 try_broadcast = 0;
938 if (!set_broadcast(sd))
939 goto again;
940 errno = EACCES;
941 }
942
943 log_err_errno("sendmsg failed");
944 return 1;
945 }
946
947 return 0;
948 }
949
950
send_msg(int sd,void * addr,socklen_t alen,struct sock_args * args)951 static int send_msg(int sd, void *addr, socklen_t alen, struct sock_args *args)
952 {
953 if (args->type == SOCK_STREAM) {
954 if (write(sd, msg, msglen) < 0) {
955 log_err_errno("write failed sending msg to peer");
956 return 1;
957 }
958 } else if (args->ifindex && args->use_cmsg) {
959 if (send_msg_cmsg(sd, addr, alen, args->ifindex, args->version))
960 return 1;
961 } else {
962 if (send_msg_no_cmsg(sd, addr, alen))
963 return 1;
964 }
965
966 log_msg("Sent message:\n");
967 log_msg(" %.24s%s\n", msg, msglen > 24 ? " ..." : "");
968
969 return 0;
970 }
971
socket_read_dgram(int sd,struct sock_args * args)972 static int socket_read_dgram(int sd, struct sock_args *args)
973 {
974 unsigned char addr[sizeof(struct sockaddr_in6)];
975 struct sockaddr *sa = (struct sockaddr *) addr;
976 socklen_t alen = sizeof(addr);
977 struct iovec iov[2];
978 struct msghdr m = {
979 .msg_name = (caddr_t)addr,
980 .msg_namelen = alen,
981 .msg_iov = iov,
982 .msg_iovlen = 1,
983 };
984 unsigned char cmsgbuf[256];
985 struct cmsghdr *cm = (struct cmsghdr *)cmsgbuf;
986 char buf[16*1024];
987 int ifindex;
988 int len;
989
990 iov[0].iov_base = (caddr_t)buf;
991 iov[0].iov_len = sizeof(buf);
992
993 memset(cmsgbuf, 0, sizeof(cmsgbuf));
994 m.msg_control = (caddr_t)cm;
995 m.msg_controllen = sizeof(cmsgbuf);
996
997 len = recvmsg(sd, &m, 0);
998 if (len == 0) {
999 log_msg("peer closed connection.\n");
1000 return 0;
1001 } else if (len < 0) {
1002 log_msg("failed to read message: %d: %s\n",
1003 errno, strerror(errno));
1004 return -1;
1005 }
1006
1007 buf[len] = '\0';
1008
1009 log_address("Message from:", sa);
1010 log_msg(" %.24s%s\n", buf, len > 24 ? " ..." : "");
1011
1012 ifindex = get_index_from_cmsg(&m);
1013 if (args->expected_ifindex) {
1014 if (args->expected_ifindex != ifindex) {
1015 log_error("Device index mismatch: expected %d have %d\n",
1016 args->expected_ifindex, ifindex);
1017 return -1;
1018 }
1019 log_msg("Device index matches: expected %d have %d\n",
1020 args->expected_ifindex, ifindex);
1021 }
1022
1023 if (!interactive && server_mode) {
1024 if (sa->sa_family == AF_INET6) {
1025 struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) sa;
1026 struct in6_addr *in6 = &s6->sin6_addr;
1027
1028 if (IN6_IS_ADDR_V4MAPPED(in6)) {
1029 const uint32_t *pa = (uint32_t *) &in6->s6_addr;
1030 struct in_addr in4;
1031 struct sockaddr_in *sin;
1032
1033 sin = (struct sockaddr_in *) addr;
1034 pa += 3;
1035 in4.s_addr = *pa;
1036 sin->sin_addr = in4;
1037 sin->sin_family = AF_INET;
1038 if (send_msg_cmsg(sd, addr, alen,
1039 ifindex, AF_INET) < 0)
1040 goto out_err;
1041 }
1042 }
1043 again:
1044 iov[0].iov_len = len;
1045
1046 if (args->version == AF_INET6) {
1047 struct sockaddr_in6 *s6 = (struct sockaddr_in6 *) sa;
1048
1049 if (args->dev) {
1050 /* avoid PKTINFO conflicts with bindtodev */
1051 if (sendto(sd, buf, len, 0,
1052 (void *) addr, alen) < 0)
1053 goto out_err;
1054 } else {
1055 /* kernel is allowing scope_id to be set to VRF
1056 * index for LLA. for sends to global address
1057 * reset scope id
1058 */
1059 s6->sin6_scope_id = ifindex;
1060 if (sendmsg(sd, &m, 0) < 0)
1061 goto out_err;
1062 }
1063 } else {
1064 int err;
1065
1066 err = sendmsg(sd, &m, 0);
1067 if (err < 0) {
1068 if (errno == EACCES && try_broadcast) {
1069 try_broadcast = 0;
1070 if (!set_broadcast(sd))
1071 goto again;
1072 errno = EACCES;
1073 }
1074 goto out_err;
1075 }
1076 }
1077 log_msg("Sent message:\n");
1078 log_msg(" %.24s%s\n", buf, len > 24 ? " ..." : "");
1079 }
1080
1081 return 1;
1082 out_err:
1083 log_err_errno("failed to send msg to peer");
1084 return -1;
1085 }
1086
socket_read_stream(int sd)1087 static int socket_read_stream(int sd)
1088 {
1089 char buf[1024];
1090 int len;
1091
1092 len = read(sd, buf, sizeof(buf)-1);
1093 if (len == 0) {
1094 log_msg("client closed connection.\n");
1095 return 0;
1096 } else if (len < 0) {
1097 log_msg("failed to read message\n");
1098 return -1;
1099 }
1100
1101 buf[len] = '\0';
1102 log_msg("Incoming message:\n");
1103 log_msg(" %.24s%s\n", buf, len > 24 ? " ..." : "");
1104
1105 if (!interactive && server_mode) {
1106 if (write(sd, buf, len) < 0) {
1107 log_err_errno("failed to send buf");
1108 return -1;
1109 }
1110 log_msg("Sent message:\n");
1111 log_msg(" %.24s%s\n", buf, len > 24 ? " ..." : "");
1112 }
1113
1114 return 1;
1115 }
1116
socket_read(int sd,struct sock_args * args)1117 static int socket_read(int sd, struct sock_args *args)
1118 {
1119 if (args->type == SOCK_STREAM)
1120 return socket_read_stream(sd);
1121
1122 return socket_read_dgram(sd, args);
1123 }
1124
stdin_to_socket(int sd,int type,void * addr,socklen_t alen)1125 static int stdin_to_socket(int sd, int type, void *addr, socklen_t alen)
1126 {
1127 char buf[1024];
1128 int len;
1129
1130 if (fgets(buf, sizeof(buf), stdin) == NULL)
1131 return 0;
1132
1133 len = strlen(buf);
1134 if (type == SOCK_STREAM) {
1135 if (write(sd, buf, len) < 0) {
1136 log_err_errno("failed to send buf");
1137 return -1;
1138 }
1139 } else {
1140 int err;
1141
1142 again:
1143 err = sendto(sd, buf, len, 0, addr, alen);
1144 if (err < 0) {
1145 if (errno == EACCES && try_broadcast) {
1146 try_broadcast = 0;
1147 if (!set_broadcast(sd))
1148 goto again;
1149 errno = EACCES;
1150 }
1151 log_err_errno("failed to send msg to peer");
1152 return -1;
1153 }
1154 }
1155 log_msg("Sent message:\n");
1156 log_msg(" %.24s%s\n", buf, len > 24 ? " ..." : "");
1157
1158 return 1;
1159 }
1160
set_recv_attr(int sd,int version)1161 static void set_recv_attr(int sd, int version)
1162 {
1163 if (version == AF_INET6) {
1164 set_recvpktinfo_v6(sd);
1165 set_recverr_v6(sd);
1166 } else {
1167 set_pktinfo_v4(sd);
1168 set_recverr_v4(sd);
1169 }
1170 }
1171
msg_loop(int client,int sd,void * addr,socklen_t alen,struct sock_args * args)1172 static int msg_loop(int client, int sd, void *addr, socklen_t alen,
1173 struct sock_args *args)
1174 {
1175 struct timeval timeout = { .tv_sec = prog_timeout }, *ptval = NULL;
1176 fd_set rfds;
1177 int nfds;
1178 int rc;
1179
1180 if (args->type != SOCK_STREAM)
1181 set_recv_attr(sd, args->version);
1182
1183 if (msg) {
1184 msglen = strlen(msg);
1185
1186 /* client sends first message */
1187 if (client) {
1188 if (send_msg(sd, addr, alen, args))
1189 return 1;
1190 }
1191 if (!interactive) {
1192 ptval = &timeout;
1193 if (!prog_timeout)
1194 timeout.tv_sec = 5;
1195 }
1196 }
1197
1198 nfds = interactive ? MAX(fileno(stdin), sd) + 1 : sd + 1;
1199 while (1) {
1200 FD_ZERO(&rfds);
1201 FD_SET(sd, &rfds);
1202 if (interactive)
1203 FD_SET(fileno(stdin), &rfds);
1204
1205 rc = select(nfds, &rfds, NULL, NULL, ptval);
1206 if (rc < 0) {
1207 if (errno == EINTR)
1208 continue;
1209
1210 rc = 1;
1211 log_err_errno("select failed");
1212 break;
1213 } else if (rc == 0) {
1214 log_error("Timed out waiting for response\n");
1215 rc = 2;
1216 break;
1217 }
1218
1219 if (FD_ISSET(sd, &rfds)) {
1220 rc = socket_read(sd, args);
1221 if (rc < 0) {
1222 rc = 1;
1223 break;
1224 }
1225 if (rc == 0)
1226 break;
1227 }
1228
1229 rc = 0;
1230
1231 if (FD_ISSET(fileno(stdin), &rfds)) {
1232 if (stdin_to_socket(sd, args->type, addr, alen) <= 0)
1233 break;
1234 }
1235
1236 if (interactive)
1237 continue;
1238
1239 if (iter != -1) {
1240 --iter;
1241 if (iter == 0)
1242 break;
1243 }
1244
1245 log_msg("Going into quiet mode\n");
1246 quiet = 1;
1247
1248 if (client) {
1249 if (send_msg(sd, addr, alen, args)) {
1250 rc = 1;
1251 break;
1252 }
1253 }
1254 }
1255
1256 return rc;
1257 }
1258
msock_init(struct sock_args * args,int server)1259 static int msock_init(struct sock_args *args, int server)
1260 {
1261 uint32_t if_addr = htonl(INADDR_ANY);
1262 struct sockaddr_in laddr = {
1263 .sin_family = AF_INET,
1264 .sin_port = htons(args->port),
1265 };
1266 int one = 1;
1267 int sd;
1268
1269 if (!server && args->has_local_ip)
1270 if_addr = args->local_addr.in.s_addr;
1271
1272 sd = socket(PF_INET, SOCK_DGRAM, 0);
1273 if (sd < 0) {
1274 log_err_errno("socket");
1275 return -1;
1276 }
1277
1278 if (setsockopt(sd, SOL_SOCKET, SO_REUSEADDR,
1279 (char *)&one, sizeof(one)) < 0) {
1280 log_err_errno("Setting SO_REUSEADDR error");
1281 goto out_err;
1282 }
1283
1284 if (setsockopt(sd, SOL_SOCKET, SO_BROADCAST,
1285 (char *)&one, sizeof(one)) < 0)
1286 log_err_errno("Setting SO_BROADCAST error");
1287
1288 if (args->dev && bind_to_device(sd, args->dev) != 0)
1289 goto out_err;
1290 else if (args->use_setsockopt &&
1291 set_multicast_if(sd, args->ifindex))
1292 goto out_err;
1293
1294 laddr.sin_addr.s_addr = if_addr;
1295
1296 if (bind(sd, (struct sockaddr *) &laddr, sizeof(laddr)) < 0) {
1297 log_err_errno("bind failed");
1298 goto out_err;
1299 }
1300
1301 if (server &&
1302 set_membership(sd, args->grp.s_addr,
1303 args->local_addr.in.s_addr, args->ifindex))
1304 goto out_err;
1305
1306 return sd;
1307 out_err:
1308 close(sd);
1309 return -1;
1310 }
1311
msock_server(struct sock_args * args)1312 static int msock_server(struct sock_args *args)
1313 {
1314 return msock_init(args, 1);
1315 }
1316
msock_client(struct sock_args * args)1317 static int msock_client(struct sock_args *args)
1318 {
1319 return msock_init(args, 0);
1320 }
1321
bind_socket(int sd,struct sock_args * args)1322 static int bind_socket(int sd, struct sock_args *args)
1323 {
1324 struct sockaddr_in serv_addr = {
1325 .sin_family = AF_INET,
1326 };
1327 struct sockaddr_in6 serv6_addr = {
1328 .sin6_family = AF_INET6,
1329 };
1330 void *addr;
1331 socklen_t alen;
1332
1333 if (!args->has_local_ip && args->type == SOCK_RAW)
1334 return 0;
1335
1336 switch (args->version) {
1337 case AF_INET:
1338 serv_addr.sin_port = htons(args->port);
1339 serv_addr.sin_addr = args->local_addr.in;
1340 addr = &serv_addr;
1341 alen = sizeof(serv_addr);
1342 break;
1343
1344 case AF_INET6:
1345 serv6_addr.sin6_port = htons(args->port);
1346 serv6_addr.sin6_addr = args->local_addr.in6;
1347 addr = &serv6_addr;
1348 alen = sizeof(serv6_addr);
1349 break;
1350
1351 default:
1352 log_error("Invalid address family\n");
1353 return -1;
1354 }
1355
1356 if (bind(sd, addr, alen) < 0) {
1357 log_err_errno("error binding socket");
1358 return -1;
1359 }
1360
1361 return 0;
1362 }
1363
config_xfrm_policy(int sd,struct sock_args * args)1364 static int config_xfrm_policy(int sd, struct sock_args *args)
1365 {
1366 struct xfrm_userpolicy_info policy = {};
1367 int type = UDP_ENCAP_ESPINUDP;
1368 int xfrm_af = IP_XFRM_POLICY;
1369 int level = SOL_IP;
1370
1371 if (args->type != SOCK_DGRAM) {
1372 log_error("Invalid socket type. Only DGRAM could be used for XFRM\n");
1373 return 1;
1374 }
1375
1376 policy.action = XFRM_POLICY_ALLOW;
1377 policy.sel.family = args->version;
1378 if (args->version == AF_INET6) {
1379 xfrm_af = IPV6_XFRM_POLICY;
1380 level = SOL_IPV6;
1381 }
1382
1383 policy.dir = XFRM_POLICY_OUT;
1384 if (setsockopt(sd, level, xfrm_af, &policy, sizeof(policy)) < 0)
1385 return 1;
1386
1387 policy.dir = XFRM_POLICY_IN;
1388 if (setsockopt(sd, level, xfrm_af, &policy, sizeof(policy)) < 0)
1389 return 1;
1390
1391 if (setsockopt(sd, IPPROTO_UDP, UDP_ENCAP, &type, sizeof(type)) < 0) {
1392 log_err_errno("Failed to set xfrm encap");
1393 return 1;
1394 }
1395
1396 return 0;
1397 }
1398
lsock_init(struct sock_args * args)1399 static int lsock_init(struct sock_args *args)
1400 {
1401 long flags;
1402 int sd;
1403
1404 sd = socket(args->version, args->type, args->protocol);
1405 if (sd < 0) {
1406 log_err_errno("Error opening socket");
1407 return -1;
1408 }
1409
1410 if (set_reuseaddr(sd) != 0)
1411 goto err;
1412
1413 if (set_reuseport(sd) != 0)
1414 goto err;
1415
1416 if (args->dev && bind_to_device(sd, args->dev) != 0)
1417 goto err;
1418 else if (args->use_setsockopt &&
1419 set_unicast_if(sd, args->ifindex, args->version))
1420 goto err;
1421
1422 if (bind_socket(sd, args))
1423 goto err;
1424
1425 if (args->bind_test_only)
1426 goto out;
1427
1428 if (args->type == SOCK_STREAM && listen(sd, 1) < 0) {
1429 log_err_errno("listen failed");
1430 goto err;
1431 }
1432
1433 flags = fcntl(sd, F_GETFL);
1434 if ((flags < 0) || (fcntl(sd, F_SETFL, flags|O_NONBLOCK) < 0)) {
1435 log_err_errno("Failed to set non-blocking option");
1436 goto err;
1437 }
1438
1439 if (fcntl(sd, F_SETFD, FD_CLOEXEC) < 0)
1440 log_err_errno("Failed to set close-on-exec flag");
1441
1442 if (args->use_xfrm && config_xfrm_policy(sd, args)) {
1443 log_err_errno("Failed to set xfrm policy");
1444 goto err;
1445 }
1446
1447 out:
1448 return sd;
1449
1450 err:
1451 close(sd);
1452 return -1;
1453 }
1454
ipc_write(int fd,int message)1455 static void ipc_write(int fd, int message)
1456 {
1457 /* Not in both_mode, so there's no process to signal */
1458 if (fd < 0)
1459 return;
1460
1461 if (write(fd, &message, sizeof(message)) < 0)
1462 log_err_errno("Failed to send client status");
1463 }
1464
do_server(struct sock_args * args,int ipc_fd)1465 static int do_server(struct sock_args *args, int ipc_fd)
1466 {
1467 /* ipc_fd = -1 if no parent process to signal */
1468 struct timeval timeout = { .tv_sec = prog_timeout }, *ptval = NULL;
1469 unsigned char addr[sizeof(struct sockaddr_in6)] = {};
1470 socklen_t alen = sizeof(addr);
1471 int lsd, csd = -1;
1472
1473 fd_set rfds;
1474 int rc;
1475
1476 if (args->serverns) {
1477 if (switch_ns(args->serverns)) {
1478 log_error("Could not set server netns to %s\n",
1479 args->serverns);
1480 goto err_exit;
1481 }
1482 log_msg("Switched server netns\n");
1483 }
1484
1485 args->dev = args->server_dev;
1486 args->expected_dev = args->expected_server_dev;
1487 if (resolve_devices(args) || validate_addresses(args))
1488 goto err_exit;
1489
1490 if (prog_timeout)
1491 ptval = &timeout;
1492
1493 if (args->has_grp)
1494 lsd = msock_server(args);
1495 else
1496 lsd = lsock_init(args);
1497
1498 if (lsd < 0)
1499 goto err_exit;
1500
1501 if (args->bind_test_only) {
1502 close(lsd);
1503 ipc_write(ipc_fd, 1);
1504 return 0;
1505 }
1506
1507 if (args->type != SOCK_STREAM) {
1508 ipc_write(ipc_fd, 1);
1509 rc = msg_loop(0, lsd, (void *) addr, alen, args);
1510 close(lsd);
1511 return rc;
1512 }
1513
1514 if (args->password && tcp_md5_remote(lsd, args)) {
1515 close(lsd);
1516 goto err_exit;
1517 }
1518
1519 ipc_write(ipc_fd, 1);
1520 while (1) {
1521 log_msg("waiting for client connection.\n");
1522 FD_ZERO(&rfds);
1523 FD_SET(lsd, &rfds);
1524
1525 rc = select(lsd+1, &rfds, NULL, NULL, ptval);
1526 if (rc == 0) {
1527 rc = 2;
1528 break;
1529 }
1530
1531 if (rc < 0) {
1532 if (errno == EINTR)
1533 continue;
1534
1535 log_err_errno("select failed");
1536 break;
1537 }
1538
1539 if (FD_ISSET(lsd, &rfds)) {
1540
1541 csd = accept(lsd, (void *) addr, &alen);
1542 if (csd < 0) {
1543 log_err_errno("accept failed");
1544 break;
1545 }
1546
1547 rc = show_sockstat(csd, args);
1548 if (rc)
1549 break;
1550
1551 rc = check_device(csd, args);
1552 if (rc)
1553 break;
1554 }
1555
1556 rc = msg_loop(0, csd, (void *) addr, alen, args);
1557 close(csd);
1558
1559 if (!interactive)
1560 break;
1561 }
1562
1563 close(lsd);
1564
1565 return rc;
1566 err_exit:
1567 ipc_write(ipc_fd, 0);
1568 return 1;
1569 }
1570
wait_for_connect(int sd)1571 static int wait_for_connect(int sd)
1572 {
1573 struct timeval _tv = { .tv_sec = prog_timeout }, *tv = NULL;
1574 fd_set wfd;
1575 int val = 0, sz = sizeof(val);
1576 int rc;
1577
1578 FD_ZERO(&wfd);
1579 FD_SET(sd, &wfd);
1580
1581 if (prog_timeout)
1582 tv = &_tv;
1583
1584 rc = select(FD_SETSIZE, NULL, &wfd, NULL, tv);
1585 if (rc == 0) {
1586 log_error("connect timed out\n");
1587 return -2;
1588 } else if (rc < 0) {
1589 log_err_errno("select failed");
1590 return -3;
1591 }
1592
1593 if (getsockopt(sd, SOL_SOCKET, SO_ERROR, &val, (socklen_t *)&sz) < 0) {
1594 log_err_errno("getsockopt(SO_ERROR) failed");
1595 return -4;
1596 }
1597
1598 if (val != 0) {
1599 log_error("connect failed: %d: %s\n", val, strerror(val));
1600 return -1;
1601 }
1602
1603 return 0;
1604 }
1605
connectsock(void * addr,socklen_t alen,struct sock_args * args)1606 static int connectsock(void *addr, socklen_t alen, struct sock_args *args)
1607 {
1608 int sd, rc = -1;
1609 long flags;
1610
1611 sd = socket(args->version, args->type, args->protocol);
1612 if (sd < 0) {
1613 log_err_errno("Failed to create socket");
1614 return -1;
1615 }
1616
1617 flags = fcntl(sd, F_GETFL);
1618 if ((flags < 0) || (fcntl(sd, F_SETFL, flags|O_NONBLOCK) < 0)) {
1619 log_err_errno("Failed to set non-blocking option");
1620 goto err;
1621 }
1622
1623 if (set_reuseport(sd) != 0)
1624 goto err;
1625
1626 if (args->dev && bind_to_device(sd, args->dev) != 0)
1627 goto err;
1628 else if (args->use_setsockopt &&
1629 set_unicast_if(sd, args->ifindex, args->version))
1630 goto err;
1631
1632 if (args->has_local_ip && bind_socket(sd, args))
1633 goto err;
1634
1635 if (args->type != SOCK_STREAM)
1636 goto out;
1637
1638 if (args->password && tcp_md5sig(sd, addr, alen, args))
1639 goto err;
1640
1641 if (args->bind_test_only)
1642 goto out;
1643
1644 if (connect(sd, addr, alen) < 0) {
1645 if (errno != EINPROGRESS) {
1646 log_err_errno("Failed to connect to remote host");
1647 rc = -1;
1648 goto err;
1649 }
1650 rc = wait_for_connect(sd);
1651 if (rc < 0)
1652 goto err;
1653 }
1654 out:
1655 return sd;
1656
1657 err:
1658 close(sd);
1659 return rc;
1660 }
1661
do_client(struct sock_args * args)1662 static int do_client(struct sock_args *args)
1663 {
1664 struct sockaddr_in sin = {
1665 .sin_family = AF_INET,
1666 };
1667 struct sockaddr_in6 sin6 = {
1668 .sin6_family = AF_INET6,
1669 };
1670 void *addr;
1671 int alen;
1672 int rc = 0;
1673 int sd;
1674
1675 if (!args->has_remote_ip && !args->has_grp) {
1676 fprintf(stderr, "remote IP or multicast group not given\n");
1677 return 1;
1678 }
1679
1680 if (args->clientns) {
1681 if (switch_ns(args->clientns)) {
1682 log_error("Could not set client netns to %s\n",
1683 args->clientns);
1684 return 1;
1685 }
1686 log_msg("Switched client netns\n");
1687 }
1688
1689 args->local_addr_str = args->client_local_addr_str;
1690 if (resolve_devices(args) || validate_addresses(args))
1691 return 1;
1692
1693 if ((args->use_setsockopt || args->use_cmsg) && !args->ifindex) {
1694 fprintf(stderr, "Device binding not specified\n");
1695 return 1;
1696 }
1697 if (args->use_setsockopt || args->use_cmsg)
1698 args->dev = NULL;
1699
1700 switch (args->version) {
1701 case AF_INET:
1702 sin.sin_port = htons(args->port);
1703 if (args->has_grp)
1704 sin.sin_addr = args->grp;
1705 else
1706 sin.sin_addr = args->remote_addr.in;
1707 addr = &sin;
1708 alen = sizeof(sin);
1709 break;
1710 case AF_INET6:
1711 sin6.sin6_port = htons(args->port);
1712 sin6.sin6_addr = args->remote_addr.in6;
1713 sin6.sin6_scope_id = args->scope_id;
1714 addr = &sin6;
1715 alen = sizeof(sin6);
1716 break;
1717 }
1718
1719 args->password = args->client_pw;
1720
1721 if (args->has_grp)
1722 sd = msock_client(args);
1723 else
1724 sd = connectsock(addr, alen, args);
1725
1726 if (sd < 0)
1727 return -sd;
1728
1729 if (args->bind_test_only)
1730 goto out;
1731
1732 if (args->type == SOCK_STREAM) {
1733 rc = show_sockstat(sd, args);
1734 if (rc != 0)
1735 goto out;
1736 }
1737
1738 rc = msg_loop(1, sd, addr, alen, args);
1739
1740 out:
1741 close(sd);
1742
1743 return rc;
1744 }
1745
random_msg(int len)1746 static char *random_msg(int len)
1747 {
1748 int i, n = 0, olen = len + 1;
1749 char *m;
1750
1751 if (len <= 0)
1752 return NULL;
1753
1754 m = malloc(olen);
1755 if (!m)
1756 return NULL;
1757
1758 while (len > 26) {
1759 i = snprintf(m + n, olen - n, "%.26s",
1760 "abcdefghijklmnopqrstuvwxyz");
1761 n += i;
1762 len -= i;
1763 }
1764 i = snprintf(m + n, olen - n, "%.*s", len,
1765 "abcdefghijklmnopqrstuvwxyz");
1766 return m;
1767 }
1768
ipc_child(int fd,struct sock_args * args)1769 static int ipc_child(int fd, struct sock_args *args)
1770 {
1771 char *outbuf, *errbuf;
1772 int rc = 1;
1773
1774 outbuf = malloc(4096);
1775 errbuf = malloc(4096);
1776 if (!outbuf || !errbuf) {
1777 fprintf(stderr, "server: Failed to allocate buffers for stdout and stderr\n");
1778 goto out;
1779 }
1780
1781 setbuffer(stdout, outbuf, 4096);
1782 setbuffer(stderr, errbuf, 4096);
1783
1784 server_mode = 1; /* to tell log_msg in case we are in both_mode */
1785
1786 /* when running in both mode, address validation applies
1787 * solely to client side
1788 */
1789 args->has_expected_laddr = 0;
1790 args->has_expected_raddr = 0;
1791
1792 rc = do_server(args, fd);
1793
1794 out:
1795 free(outbuf);
1796 free(errbuf);
1797
1798 return rc;
1799 }
1800
ipc_parent(int cpid,int fd,struct sock_args * args)1801 static int ipc_parent(int cpid, int fd, struct sock_args *args)
1802 {
1803 int client_status;
1804 int status;
1805 int buf;
1806
1807 /* do the client-side function here in the parent process,
1808 * waiting to be told when to continue
1809 */
1810 if (read(fd, &buf, sizeof(buf)) <= 0) {
1811 log_err_errno("Failed to read IPC status from status");
1812 return 1;
1813 }
1814 if (!buf) {
1815 log_error("Server failed; can not continue\n");
1816 return 1;
1817 }
1818 log_msg("Server is ready\n");
1819
1820 client_status = do_client(args);
1821 log_msg("parent is done!\n");
1822
1823 if (kill(cpid, 0) == 0)
1824 kill(cpid, SIGKILL);
1825
1826 wait(&status);
1827 return client_status;
1828 }
1829
1830 #define GETOPT_STR "sr:l:c:p:t:g:P:DRn:M:X:m:d:I:BN:O:SCi6xL:0:1:2:3:Fbq"
1831 #define OPT_FORCE_BIND_KEY_IFINDEX 1001
1832 #define OPT_NO_BIND_KEY_IFINDEX 1002
1833
1834 static struct option long_opts[] = {
1835 {"force-bind-key-ifindex", 0, 0, OPT_FORCE_BIND_KEY_IFINDEX},
1836 {"no-bind-key-ifindex", 0, 0, OPT_NO_BIND_KEY_IFINDEX},
1837 {0, 0, 0, 0}
1838 };
1839
print_usage(char * prog)1840 static void print_usage(char *prog)
1841 {
1842 printf(
1843 "usage: %s OPTS\n"
1844 "Required:\n"
1845 " -r addr remote address to connect to (client mode only)\n"
1846 " -p port port to connect to (client mode)/listen on (server mode)\n"
1847 " (default: %d)\n"
1848 " -s server mode (default: client mode)\n"
1849 " -t timeout seconds (default: none)\n"
1850 "\n"
1851 "Optional:\n"
1852 " -B do both client and server via fork and IPC\n"
1853 " -N ns set client to network namespace ns (requires root)\n"
1854 " -O ns set server to network namespace ns (requires root)\n"
1855 " -F Restart server loop\n"
1856 " -6 IPv6 (default is IPv4)\n"
1857 " -P proto protocol for socket: icmp, ospf (default: none)\n"
1858 " -D|R datagram (D) / raw (R) socket (default stream)\n"
1859 " -l addr local address to bind to in server mode\n"
1860 " -c addr local address to bind to in client mode\n"
1861 " -x configure XFRM policy on socket\n"
1862 "\n"
1863 " -d dev bind socket to given device name\n"
1864 " -I dev bind socket to given device name - server mode\n"
1865 " -S use setsockopt (IP_UNICAST_IF or IP_MULTICAST_IF)\n"
1866 " to set device binding\n"
1867 " -C use cmsg and IP_PKTINFO to specify device binding\n"
1868 "\n"
1869 " -L len send random message of given length\n"
1870 " -n num number of times to send message\n"
1871 "\n"
1872 " -M password use MD5 sum protection\n"
1873 " -X password MD5 password for client mode\n"
1874 " -m prefix/len prefix and length to use for MD5 key\n"
1875 " --no-bind-key-ifindex: Force TCP_MD5SIG_FLAG_IFINDEX off\n"
1876 " --force-bind-key-ifindex: Force TCP_MD5SIG_FLAG_IFINDEX on\n"
1877 " (default: only if -I is passed)\n"
1878 "\n"
1879 " -g grp multicast group (e.g., 239.1.1.1)\n"
1880 " -i interactive mode (default is echo and terminate)\n"
1881 "\n"
1882 " -0 addr Expected local address\n"
1883 " -1 addr Expected remote address\n"
1884 " -2 dev Expected device name (or index) to receive packet\n"
1885 " -3 dev Expected device name (or index) to receive packets - server mode\n"
1886 "\n"
1887 " -b Bind test only.\n"
1888 " -q Be quiet. Run test without printing anything.\n"
1889 , prog, DEFAULT_PORT);
1890 }
1891
main(int argc,char * argv[])1892 int main(int argc, char *argv[])
1893 {
1894 struct sock_args args = {
1895 .version = AF_INET,
1896 .type = SOCK_STREAM,
1897 .port = DEFAULT_PORT,
1898 };
1899 struct protoent *pe;
1900 int both_mode = 0;
1901 unsigned int tmp;
1902 int forever = 0;
1903 int fd[2];
1904 int cpid;
1905
1906 /* process inputs */
1907 extern char *optarg;
1908 int rc = 0;
1909
1910 /*
1911 * process input args
1912 */
1913
1914 while ((rc = getopt_long(argc, argv, GETOPT_STR, long_opts, NULL)) != -1) {
1915 switch (rc) {
1916 case 'B':
1917 both_mode = 1;
1918 break;
1919 case 's':
1920 server_mode = 1;
1921 break;
1922 case 'F':
1923 forever = 1;
1924 break;
1925 case 'l':
1926 args.has_local_ip = 1;
1927 args.local_addr_str = optarg;
1928 break;
1929 case 'r':
1930 args.has_remote_ip = 1;
1931 args.remote_addr_str = optarg;
1932 break;
1933 case 'c':
1934 args.has_local_ip = 1;
1935 args.client_local_addr_str = optarg;
1936 break;
1937 case 'p':
1938 if (str_to_uint(optarg, 1, 65535, &tmp) != 0) {
1939 fprintf(stderr, "Invalid port\n");
1940 return 1;
1941 }
1942 args.port = (unsigned short) tmp;
1943 break;
1944 case 't':
1945 if (str_to_uint(optarg, 0, INT_MAX,
1946 &prog_timeout) != 0) {
1947 fprintf(stderr, "Invalid timeout\n");
1948 return 1;
1949 }
1950 break;
1951 case 'D':
1952 args.type = SOCK_DGRAM;
1953 break;
1954 case 'R':
1955 args.type = SOCK_RAW;
1956 args.port = 0;
1957 if (!args.protocol)
1958 args.protocol = IPPROTO_RAW;
1959 break;
1960 case 'P':
1961 pe = getprotobyname(optarg);
1962 if (pe) {
1963 args.protocol = pe->p_proto;
1964 } else {
1965 if (str_to_uint(optarg, 0, 0xffff, &tmp) != 0) {
1966 fprintf(stderr, "Invalid protocol\n");
1967 return 1;
1968 }
1969 args.protocol = tmp;
1970 }
1971 break;
1972 case 'n':
1973 iter = atoi(optarg);
1974 break;
1975 case 'N':
1976 args.clientns = optarg;
1977 break;
1978 case 'O':
1979 args.serverns = optarg;
1980 break;
1981 case 'L':
1982 msg = random_msg(atoi(optarg));
1983 break;
1984 case 'M':
1985 args.password = optarg;
1986 break;
1987 case OPT_FORCE_BIND_KEY_IFINDEX:
1988 args.bind_key_ifindex = 1;
1989 break;
1990 case OPT_NO_BIND_KEY_IFINDEX:
1991 args.bind_key_ifindex = -1;
1992 break;
1993 case 'X':
1994 args.client_pw = optarg;
1995 break;
1996 case 'm':
1997 args.md5_prefix_str = optarg;
1998 break;
1999 case 'S':
2000 args.use_setsockopt = 1;
2001 break;
2002 case 'C':
2003 args.use_cmsg = 1;
2004 break;
2005 case 'd':
2006 args.dev = optarg;
2007 break;
2008 case 'I':
2009 args.server_dev = optarg;
2010 break;
2011 case 'i':
2012 interactive = 1;
2013 break;
2014 case 'g':
2015 args.has_grp = 1;
2016 if (convert_addr(&args, optarg, ADDR_TYPE_MCAST) < 0)
2017 return 1;
2018 args.type = SOCK_DGRAM;
2019 break;
2020 case '6':
2021 args.version = AF_INET6;
2022 break;
2023 case 'b':
2024 args.bind_test_only = 1;
2025 break;
2026 case '0':
2027 args.has_expected_laddr = 1;
2028 args.expected_laddr_str = optarg;
2029 break;
2030 case '1':
2031 args.has_expected_raddr = 1;
2032 args.expected_raddr_str = optarg;
2033 break;
2034 case '2':
2035 args.expected_dev = optarg;
2036 break;
2037 case '3':
2038 args.expected_server_dev = optarg;
2039 break;
2040 case 'q':
2041 quiet = 1;
2042 break;
2043 case 'x':
2044 args.use_xfrm = 1;
2045 break;
2046 default:
2047 print_usage(argv[0]);
2048 return 1;
2049 }
2050 }
2051
2052 if (args.password &&
2053 ((!args.has_remote_ip && !args.md5_prefix_str) ||
2054 args.type != SOCK_STREAM)) {
2055 log_error("MD5 passwords apply to TCP only and require a remote ip for the password\n");
2056 return 1;
2057 }
2058
2059 if (args.md5_prefix_str && !args.password) {
2060 log_error("Prefix range for MD5 protection specified without a password\n");
2061 return 1;
2062 }
2063
2064 if (iter == 0) {
2065 fprintf(stderr, "Invalid number of messages to send\n");
2066 return 1;
2067 }
2068
2069 if (args.type == SOCK_STREAM && !args.protocol)
2070 args.protocol = IPPROTO_TCP;
2071 if (args.type == SOCK_DGRAM && !args.protocol)
2072 args.protocol = IPPROTO_UDP;
2073
2074 if ((args.type == SOCK_STREAM || args.type == SOCK_DGRAM) &&
2075 args.port == 0) {
2076 fprintf(stderr, "Invalid port number\n");
2077 return 1;
2078 }
2079
2080 if ((both_mode || !server_mode) && !args.has_grp &&
2081 !args.has_remote_ip && !args.has_local_ip) {
2082 fprintf(stderr,
2083 "Local (server mode) or remote IP (client IP) required\n");
2084 return 1;
2085 }
2086
2087 if (interactive) {
2088 prog_timeout = 0;
2089 msg = NULL;
2090 }
2091
2092 if (both_mode) {
2093 if (pipe(fd) < 0) {
2094 perror("pipe");
2095 exit(1);
2096 }
2097
2098 cpid = fork();
2099 if (cpid < 0) {
2100 perror("fork");
2101 exit(1);
2102 }
2103 if (cpid)
2104 return ipc_parent(cpid, fd[0], &args);
2105
2106 return ipc_child(fd[1], &args);
2107 }
2108
2109 if (server_mode) {
2110 do {
2111 rc = do_server(&args, -1);
2112 } while (forever);
2113
2114 return rc;
2115 }
2116 return do_client(&args);
2117 }
2118