1 #include <uwsgi.h> 2 3 #ifdef __linux__ 4 #include <linux/if_tun.h> 5 #define UWSGI_TUNTAP_DEVICE "/dev/net/tun" 6 #endif 7 8 /* 9 10 a peer is a client connected to the router. It has 2 queue, one for read 11 and one for write. The write queue can be filled up. If the write queue is full, packets are dropped. 12 13 */ 14 15 struct uwsgi_tuntap_peer_rule { 16 uint8_t direction; 17 uint32_t src; 18 uint32_t src_mask; 19 uint32_t dst; 20 uint32_t dst_mask; 21 uint8_t action; 22 uint32_t target; 23 uint16_t target_port; 24 } __attribute__ ((__packed__)); 25 26 struct uwsgi_tuntap_peer { 27 int fd; 28 uint32_t addr; 29 char ip[INET_ADDRSTRLEN+1]; 30 int wait_for_write; 31 int blocked_read; 32 size_t written; 33 char header[4]; 34 uint8_t header_pos; 35 char *buf; 36 uint16_t buf_pktsize; 37 uint16_t buf_pos; 38 char *write_buf; 39 uint16_t write_buf_pktsize; 40 uint16_t write_buf_pos; 41 struct uwsgi_tuntap_peer *prev; 42 struct uwsgi_tuntap_peer *next; 43 // counters 44 uint64_t tx; 45 uint64_t rx; 46 uint64_t dropped; 47 uint8_t sent_credentials; 48 pid_t pid; 49 uid_t uid; 50 gid_t gid; 51 struct uwsgi_tuntap_peer_rule *rules; 52 int rules_cnt; 53 }; 54 55 struct uwsgi_tuntap_firewall_rule { 56 uint8_t action; 57 uint32_t src; 58 uint32_t src_mask; 59 uint32_t dst; 60 uint32_t dst_mask; 61 // for gateway 62 struct sockaddr_in dest_addr; 63 socklen_t addrlen; 64 struct uwsgi_tuntap_firewall_rule *next; 65 }; 66 67 struct uwsgi_tuntap_router { 68 int fd; 69 int server_fd; 70 int queue; 71 char *buf; 72 char *write_buf; 73 struct uwsgi_tuntap_peer *peers_head; 74 struct uwsgi_tuntap_peer *peers_tail; 75 uint16_t write_pktsize; 76 uint16_t write_pos; 77 int wait_for_write; 78 char *stats_server; 79 int stats_server_fd; 80 char *gateway; 81 int gateway_fd; 82 char *gateway_buf; 83 char *subscription_server; 84 int subscription_server_fd; 85 }; 86 87 struct uwsgi_tuntap { 88 struct uwsgi_string_list *routers; 89 struct uwsgi_string_list *devices; 90 uint16_t buffer_size; 91 struct uwsgi_tuntap_firewall_rule *fw_in; 92 struct uwsgi_tuntap_firewall_rule *fw_out; 93 struct uwsgi_tuntap_firewall_rule *routes; 94 struct uwsgi_string_list *device_rules; 95 char *stats_server; 96 char *use_credentials; 97 uint32_t (*addr_by_credentials)(pid_t, uid_t, gid_t); 98 }; 99 100 int uwsgi_tuntap_peer_dequeue(struct uwsgi_tuntap_router *, struct uwsgi_tuntap_peer *, int); 101 int uwsgi_tuntap_peer_enqueue(struct uwsgi_tuntap_router *, struct uwsgi_tuntap_peer *); 102 void uwsgi_tuntap_enqueue(struct uwsgi_tuntap_router *); 103 104 int uwsgi_tuntap_firewall_check(struct uwsgi_tuntap_firewall_rule *, char *, uint16_t); 105 int uwsgi_tuntap_route_check(int , char *, uint16_t); 106 107 struct uwsgi_tuntap_peer *uwsgi_tuntap_peer_create(struct uwsgi_tuntap_router *, int, int); 108 struct uwsgi_tuntap_peer *uwsgi_tuntap_peer_get_by_addr(struct uwsgi_tuntap_router *,uint32_t); 109 void uwsgi_tuntap_peer_destroy(struct uwsgi_tuntap_router *, struct uwsgi_tuntap_peer *); 110 111 int uwsgi_tuntap_device(char *); 112 113 void uwsgi_tuntap_opt_firewall(char *, char *, void *); 114 void uwsgi_tuntap_opt_route(char *, char *, void *); 115 int uwsgi_tuntap_register_addr(struct uwsgi_tuntap_router *, struct uwsgi_tuntap_peer *); 116 117 void uwsgi_tuntap_peer_send_rules(int, struct uwsgi_tuntap_peer *); 118 int uwsgi_tuntap_peer_rules_check(struct uwsgi_tuntap_router *, struct uwsgi_tuntap_peer *, char *, size_t, int); 119 #define uwsgi_tuntap_error(x, y) uwsgi_tuntap_error_do(x, y, __FILE__, __LINE__) 120 void uwsgi_tuntap_error_do(struct uwsgi_tuntap_peer *, char *, char *, int); 121