1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /*
3 * Copyright (c) 1995 Danny Gasparovski.
4 */
5
6 #include "slirp.h"
7 #include "ip_icmp.h"
8 #ifdef __sun__
9 #include <sys/filio.h>
10 #endif
11 #ifdef __linux__
12 #include <linux/errqueue.h>
13 #endif
14
15 static void sofcantrcvmore(struct socket *so);
16 static void sofcantsendmore(struct socket *so);
17
solookup(struct socket ** last,struct socket * head,struct sockaddr_storage * lhost,struct sockaddr_storage * fhost)18 struct socket *solookup(struct socket **last, struct socket *head,
19 struct sockaddr_storage *lhost,
20 struct sockaddr_storage *fhost)
21 {
22 struct socket *so = *last;
23
24 /* Optimisation */
25 if (so != head && sockaddr_equal(&(so->lhost.ss), lhost) &&
26 (!fhost || sockaddr_equal(&so->fhost.ss, fhost))) {
27 return so;
28 }
29
30 for (so = head->so_next; so != head; so = so->so_next) {
31 if (sockaddr_equal(&(so->lhost.ss), lhost) &&
32 (!fhost || sockaddr_equal(&so->fhost.ss, fhost))) {
33 *last = so;
34 return so;
35 }
36 }
37
38 return (struct socket *)NULL;
39 }
40
41 /*
42 * Create a new socket, initialise the fields
43 * It is the responsibility of the caller to
44 * insque() it into the correct linked-list
45 */
socreate(Slirp * slirp)46 struct socket *socreate(Slirp *slirp)
47 {
48 struct socket *so = g_new(struct socket, 1);
49
50 memset(so, 0, sizeof(struct socket));
51 so->so_state = SS_NOFDREF;
52 so->s = -1;
53 so->slirp = slirp;
54 so->pollfds_idx = -1;
55
56 return so;
57 }
58
59 /*
60 * Remove references to so from the given message queue.
61 */
soqfree(struct socket * so,struct quehead * qh)62 static void soqfree(struct socket *so, struct quehead *qh)
63 {
64 struct mbuf *ifq;
65
66 for (ifq = (struct mbuf *)qh->qh_link; (struct quehead *)ifq != qh;
67 ifq = ifq->ifq_next) {
68 if (ifq->ifq_so == so) {
69 struct mbuf *ifm;
70 ifq->ifq_so = NULL;
71 for (ifm = ifq->ifs_next; ifm != ifq; ifm = ifm->ifs_next) {
72 ifm->ifq_so = NULL;
73 }
74 }
75 }
76 }
77
78 /*
79 * remque and free a socket, clobber cache
80 */
sofree(struct socket * so)81 void sofree(struct socket *so)
82 {
83 Slirp *slirp = so->slirp;
84
85 soqfree(so, &slirp->if_fastq);
86 soqfree(so, &slirp->if_batchq);
87
88 if (so == slirp->tcp_last_so) {
89 slirp->tcp_last_so = &slirp->tcb;
90 } else if (so == slirp->udp_last_so) {
91 slirp->udp_last_so = &slirp->udb;
92 } else if (so == slirp->icmp_last_so) {
93 slirp->icmp_last_so = &slirp->icmp;
94 }
95 m_free(so->so_m);
96
97 if (so->so_next && so->so_prev)
98 remque(so); /* crashes if so is not in a queue */
99
100 if (so->so_tcpcb) {
101 g_free(so->so_tcpcb);
102 }
103 g_free(so);
104 }
105
sopreprbuf(struct socket * so,struct iovec * iov,int * np)106 size_t sopreprbuf(struct socket *so, struct iovec *iov, int *np)
107 {
108 int n, lss, total;
109 struct sbuf *sb = &so->so_snd;
110 int len = sb->sb_datalen - sb->sb_cc;
111 int mss = so->so_tcpcb->t_maxseg;
112
113 DEBUG_CALL("sopreprbuf");
114 DEBUG_ARG("so = %p", so);
115
116 if (len <= 0)
117 return 0;
118
119 iov[0].iov_base = sb->sb_wptr;
120 iov[1].iov_base = NULL;
121 iov[1].iov_len = 0;
122 if (sb->sb_wptr < sb->sb_rptr) {
123 iov[0].iov_len = sb->sb_rptr - sb->sb_wptr;
124 /* Should never succeed, but... */
125 if (iov[0].iov_len > len)
126 iov[0].iov_len = len;
127 if (iov[0].iov_len > mss)
128 iov[0].iov_len -= iov[0].iov_len % mss;
129 n = 1;
130 } else {
131 iov[0].iov_len = (sb->sb_data + sb->sb_datalen) - sb->sb_wptr;
132 /* Should never succeed, but... */
133 if (iov[0].iov_len > len)
134 iov[0].iov_len = len;
135 len -= iov[0].iov_len;
136 if (len) {
137 iov[1].iov_base = sb->sb_data;
138 iov[1].iov_len = sb->sb_rptr - sb->sb_data;
139 if (iov[1].iov_len > len)
140 iov[1].iov_len = len;
141 total = iov[0].iov_len + iov[1].iov_len;
142 if (total > mss) {
143 lss = total % mss;
144 if (iov[1].iov_len > lss) {
145 iov[1].iov_len -= lss;
146 n = 2;
147 } else {
148 lss -= iov[1].iov_len;
149 iov[0].iov_len -= lss;
150 n = 1;
151 }
152 } else
153 n = 2;
154 } else {
155 if (iov[0].iov_len > mss)
156 iov[0].iov_len -= iov[0].iov_len % mss;
157 n = 1;
158 }
159 }
160 if (np)
161 *np = n;
162
163 return iov[0].iov_len + (n - 1) * iov[1].iov_len;
164 }
165
166 /*
167 * Read from so's socket into sb_snd, updating all relevant sbuf fields
168 * NOTE: This will only be called if it is select()ed for reading, so
169 * a read() of 0 (or less) means it's disconnected
170 */
soread(struct socket * so)171 int soread(struct socket *so)
172 {
173 int n, nn;
174 size_t buf_len;
175 struct sbuf *sb = &so->so_snd;
176 struct iovec iov[2];
177
178 DEBUG_CALL("soread");
179 DEBUG_ARG("so = %p", so);
180
181 /*
182 * No need to check if there's enough room to read.
183 * soread wouldn't have been called if there weren't
184 */
185 buf_len = sopreprbuf(so, iov, &n);
186 assert(buf_len != 0);
187
188 nn = recv(so->s, iov[0].iov_base, iov[0].iov_len, 0);
189 if (nn <= 0) {
190 if (nn < 0 && (errno == EINTR || errno == EAGAIN))
191 return 0;
192 else {
193 int err;
194 socklen_t elen = sizeof err;
195 struct sockaddr_storage addr;
196 struct sockaddr *paddr = (struct sockaddr *)&addr;
197 socklen_t alen = sizeof addr;
198
199 err = errno;
200 if (nn == 0) {
201 int shutdown_wr = so->so_state & SS_FCANTSENDMORE;
202
203 if (!shutdown_wr && getpeername(so->s, paddr, &alen) < 0) {
204 err = errno;
205 } else {
206 getsockopt(so->s, SOL_SOCKET, SO_ERROR, &err, &elen);
207 }
208 }
209
210 DEBUG_MISC(" --- soread() disconnected, nn = %d, errno = %d-%s", nn,
211 errno, strerror(errno));
212 sofcantrcvmore(so);
213
214 if (err == ECONNRESET || err == ECONNREFUSED || err == ENOTCONN ||
215 err == EPIPE) {
216 tcp_drop(sototcpcb(so), err);
217 } else {
218 tcp_sockclosed(sototcpcb(so));
219 }
220 return -1;
221 }
222 }
223
224 /*
225 * If there was no error, try and read the second time round
226 * We read again if n = 2 (ie, there's another part of the buffer)
227 * and we read as much as we could in the first read
228 * We don't test for <= 0 this time, because there legitimately
229 * might not be any more data (since the socket is non-blocking),
230 * a close will be detected on next iteration.
231 * A return of -1 won't (shouldn't) happen, since it didn't happen above
232 */
233 if (n == 2 && nn == iov[0].iov_len) {
234 int ret;
235 ret = recv(so->s, iov[1].iov_base, iov[1].iov_len, 0);
236 if (ret > 0)
237 nn += ret;
238 }
239
240 DEBUG_MISC(" ... read nn = %d bytes", nn);
241
242 /* Update fields */
243 sb->sb_cc += nn;
244 sb->sb_wptr += nn;
245 if (sb->sb_wptr >= (sb->sb_data + sb->sb_datalen))
246 sb->sb_wptr -= sb->sb_datalen;
247 return nn;
248 }
249
soreadbuf(struct socket * so,const char * buf,int size)250 int soreadbuf(struct socket *so, const char *buf, int size)
251 {
252 int n, nn, copy = size;
253 struct sbuf *sb = &so->so_snd;
254 struct iovec iov[2];
255
256 DEBUG_CALL("soreadbuf");
257 DEBUG_ARG("so = %p", so);
258
259 /*
260 * No need to check if there's enough room to read.
261 * soread wouldn't have been called if there weren't
262 */
263 assert(size > 0);
264 if (sopreprbuf(so, iov, &n) < size)
265 goto err;
266
267 nn = MIN(iov[0].iov_len, copy);
268 memcpy(iov[0].iov_base, buf, nn);
269
270 copy -= nn;
271 buf += nn;
272
273 if (copy == 0)
274 goto done;
275
276 memcpy(iov[1].iov_base, buf, copy);
277
278 done:
279 /* Update fields */
280 sb->sb_cc += size;
281 sb->sb_wptr += size;
282 if (sb->sb_wptr >= (sb->sb_data + sb->sb_datalen))
283 sb->sb_wptr -= sb->sb_datalen;
284 return size;
285 err:
286
287 sofcantrcvmore(so);
288 tcp_sockclosed(sototcpcb(so));
289 g_critical("soreadbuf buffer too small");
290 return -1;
291 }
292
293 /*
294 * Get urgent data
295 *
296 * When the socket is created, we set it SO_OOBINLINE,
297 * so when OOB data arrives, we soread() it and everything
298 * in the send buffer is sent as urgent data
299 */
sorecvoob(struct socket * so)300 int sorecvoob(struct socket *so)
301 {
302 struct tcpcb *tp = sototcpcb(so);
303 int ret;
304
305 DEBUG_CALL("sorecvoob");
306 DEBUG_ARG("so = %p", so);
307
308 /*
309 * We take a guess at how much urgent data has arrived.
310 * In most situations, when urgent data arrives, the next
311 * read() should get all the urgent data. This guess will
312 * be wrong however if more data arrives just after the
313 * urgent data, or the read() doesn't return all the
314 * urgent data.
315 */
316 ret = soread(so);
317 if (ret > 0) {
318 tp->snd_up = tp->snd_una + so->so_snd.sb_cc;
319 tp->t_force = 1;
320 tcp_output(tp);
321 tp->t_force = 0;
322 }
323
324 return ret;
325 }
326
327 /*
328 * Send urgent data
329 * There's a lot duplicated code here, but...
330 */
sosendoob(struct socket * so)331 int sosendoob(struct socket *so)
332 {
333 struct sbuf *sb = &so->so_rcv;
334 char buff[2048]; /* XXX Shouldn't be sending more oob data than this */
335
336 int n;
337
338 DEBUG_CALL("sosendoob");
339 DEBUG_ARG("so = %p", so);
340 DEBUG_ARG("sb->sb_cc = %d", sb->sb_cc);
341
342 if (so->so_urgc > sizeof(buff))
343 so->so_urgc = sizeof(buff); /* XXXX */
344
345 if (sb->sb_rptr < sb->sb_wptr) {
346 /* We can send it directly */
347 n = slirp_send(so, sb->sb_rptr, so->so_urgc,
348 (MSG_OOB)); /* |MSG_DONTWAIT)); */
349 } else {
350 /*
351 * Since there's no sendv or sendtov like writev,
352 * we must copy all data to a linear buffer then
353 * send it all
354 */
355 uint32_t urgc = so->so_urgc; /* Amount of room left in buff */
356 int len = (sb->sb_data + sb->sb_datalen) - sb->sb_rptr;
357 if (len > urgc) {
358 len = urgc;
359 }
360 memcpy(buff, sb->sb_rptr, len);
361 urgc -= len;
362 if (urgc) {
363 /* We still have some room for the rest */
364 n = sb->sb_wptr - sb->sb_data;
365 if (n > urgc) {
366 n = urgc;
367 }
368 memcpy((buff + len), sb->sb_data, n);
369 len += n;
370 }
371 n = slirp_send(so, buff, len, (MSG_OOB)); /* |MSG_DONTWAIT)); */
372 #ifdef DEBUG
373 if (n != len) {
374 DEBUG_ERROR("Didn't send all data urgently XXXXX");
375 }
376 #endif
377 }
378
379 if (n < 0) {
380 return n;
381 }
382 so->so_urgc -= n;
383 DEBUG_MISC(" ---2 sent %d bytes urgent data, %d urgent bytes left", n,
384 so->so_urgc);
385
386 sb->sb_cc -= n;
387 sb->sb_rptr += n;
388 if (sb->sb_rptr >= (sb->sb_data + sb->sb_datalen))
389 sb->sb_rptr -= sb->sb_datalen;
390
391 return n;
392 }
393
394 /*
395 * Write data from so_rcv to so's socket,
396 * updating all sbuf field as necessary
397 */
sowrite(struct socket * so)398 int sowrite(struct socket *so)
399 {
400 int n, nn;
401 struct sbuf *sb = &so->so_rcv;
402 int len = sb->sb_cc;
403 struct iovec iov[2];
404
405 DEBUG_CALL("sowrite");
406 DEBUG_ARG("so = %p", so);
407
408 if (so->so_urgc) {
409 uint32_t expected = so->so_urgc;
410 if (sosendoob(so) < expected) {
411 /* Treat a short write as a fatal error too,
412 * rather than continuing on and sending the urgent
413 * data as if it were non-urgent and leaving the
414 * so_urgc count wrong.
415 */
416 goto err_disconnected;
417 }
418 if (sb->sb_cc == 0)
419 return 0;
420 }
421
422 /*
423 * No need to check if there's something to write,
424 * sowrite wouldn't have been called otherwise
425 */
426
427 iov[0].iov_base = sb->sb_rptr;
428 iov[1].iov_base = NULL;
429 iov[1].iov_len = 0;
430 if (sb->sb_rptr < sb->sb_wptr) {
431 iov[0].iov_len = sb->sb_wptr - sb->sb_rptr;
432 /* Should never succeed, but... */
433 if (iov[0].iov_len > len)
434 iov[0].iov_len = len;
435 n = 1;
436 } else {
437 iov[0].iov_len = (sb->sb_data + sb->sb_datalen) - sb->sb_rptr;
438 if (iov[0].iov_len > len)
439 iov[0].iov_len = len;
440 len -= iov[0].iov_len;
441 if (len) {
442 iov[1].iov_base = sb->sb_data;
443 iov[1].iov_len = sb->sb_wptr - sb->sb_data;
444 if (iov[1].iov_len > len)
445 iov[1].iov_len = len;
446 n = 2;
447 } else
448 n = 1;
449 }
450 /* Check if there's urgent data to send, and if so, send it */
451
452 nn = slirp_send(so, iov[0].iov_base, iov[0].iov_len, 0);
453 /* This should never happen, but people tell me it does *shrug* */
454 if (nn < 0 && (errno == EAGAIN || errno == EINTR))
455 return 0;
456
457 if (nn <= 0) {
458 goto err_disconnected;
459 }
460
461 if (n == 2 && nn == iov[0].iov_len) {
462 int ret;
463 ret = slirp_send(so, iov[1].iov_base, iov[1].iov_len, 0);
464 if (ret > 0)
465 nn += ret;
466 }
467 DEBUG_MISC(" ... wrote nn = %d bytes", nn);
468
469 /* Update sbuf */
470 sb->sb_cc -= nn;
471 sb->sb_rptr += nn;
472 if (sb->sb_rptr >= (sb->sb_data + sb->sb_datalen))
473 sb->sb_rptr -= sb->sb_datalen;
474
475 /*
476 * If in DRAIN mode, and there's no more data, set
477 * it CANTSENDMORE
478 */
479 if ((so->so_state & SS_FWDRAIN) && sb->sb_cc == 0)
480 sofcantsendmore(so);
481
482 return nn;
483
484 err_disconnected:
485 DEBUG_MISC(" --- sowrite disconnected, so->so_state = %x, errno = %d",
486 so->so_state, errno);
487 sofcantsendmore(so);
488 tcp_sockclosed(sototcpcb(so));
489 return -1;
490 }
491
492 /*
493 * recvfrom() a UDP socket
494 */
sorecvfrom(struct socket * so)495 void sorecvfrom(struct socket *so)
496 {
497 struct sockaddr_storage addr;
498 struct sockaddr_storage saddr, daddr;
499 socklen_t addrlen = sizeof(struct sockaddr_storage);
500 char buff[256];
501
502 #ifdef __linux__
503 ssize_t size;
504 struct msghdr msg;
505 struct iovec iov;
506 char control[1024];
507
508 /* First look for errors */
509 memset(&msg, 0, sizeof(msg));
510 msg.msg_name = &saddr;
511 msg.msg_namelen = sizeof(saddr);
512 msg.msg_control = control;
513 msg.msg_controllen = sizeof(control);
514 iov.iov_base = buff;
515 iov.iov_len = sizeof(buff);
516 msg.msg_iov = &iov;
517 msg.msg_iovlen = 1;
518
519 size = recvmsg(so->s, &msg, MSG_ERRQUEUE);
520 if (size >= 0) {
521 struct cmsghdr *cmsg;
522 for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
523
524 if (cmsg->cmsg_level == IPPROTO_IP &&
525 cmsg->cmsg_type == IP_RECVERR) {
526 struct sock_extended_err *ee =
527 (struct sock_extended_err *) CMSG_DATA(cmsg);
528
529 if (ee->ee_origin == SO_EE_ORIGIN_ICMP) {
530 /* Got an ICMP error, forward it */
531 struct sockaddr_in *sin;
532
533 sin = (struct sockaddr_in *) SO_EE_OFFENDER(ee);
534 icmp_forward_error(so->so_m, ee->ee_type, ee->ee_code,
535 0, NULL, &sin->sin_addr);
536 }
537 }
538 else if (cmsg->cmsg_level == IPPROTO_IPV6 &&
539 cmsg->cmsg_type == IPV6_RECVERR) {
540 struct sock_extended_err *ee =
541 (struct sock_extended_err *) CMSG_DATA(cmsg);
542
543 if (ee->ee_origin == SO_EE_ORIGIN_ICMP6) {
544 /* Got an ICMPv6 error, forward it */
545 struct sockaddr_in6 *sin6;
546
547 sin6 = (struct sockaddr_in6 *) SO_EE_OFFENDER(ee);
548 icmp6_forward_error(so->so_m, ee->ee_type, ee->ee_code,
549 &sin6->sin6_addr);
550 }
551 }
552 }
553 return;
554 }
555 #endif
556
557 DEBUG_CALL("sorecvfrom");
558 DEBUG_ARG("so = %p", so);
559
560 if (so->so_type == IPPROTO_ICMP) { /* This is a "ping" reply */
561 int len;
562
563 len = recvfrom(so->s, buff, 256, 0, (struct sockaddr *)&addr, &addrlen);
564 /* XXX Check if reply is "correct"? */
565
566 if (len == -1 || len == 0) {
567 uint8_t code = ICMP_UNREACH_PORT;
568
569 if (errno == EHOSTUNREACH)
570 code = ICMP_UNREACH_HOST;
571 else if (errno == ENETUNREACH)
572 code = ICMP_UNREACH_NET;
573
574 DEBUG_MISC(" udp icmp rx errno = %d-%s", errno, strerror(errno));
575 icmp_send_error(so->so_m, ICMP_UNREACH, code, 0, strerror(errno));
576 } else {
577 icmp_reflect(so->so_m);
578 so->so_m = NULL; /* Don't m_free() it again! */
579 }
580 /* No need for this socket anymore, udp_detach it */
581 udp_detach(so);
582 } else { /* A "normal" UDP packet */
583 struct mbuf *m;
584 int len;
585 #ifdef _WIN32
586 unsigned long n;
587 #else
588 int n;
589 #endif
590
591 if (ioctlsocket(so->s, FIONREAD, &n) != 0) {
592 DEBUG_MISC(" ioctlsocket errno = %d-%s\n", errno, strerror(errno));
593 return;
594 }
595
596 m = m_get(so->slirp);
597 if (!m) {
598 return;
599 }
600 switch (so->so_ffamily) {
601 case AF_INET:
602 m->m_data += IF_MAXLINKHDR + sizeof(struct udpiphdr);
603 break;
604 case AF_INET6:
605 m->m_data +=
606 IF_MAXLINKHDR + sizeof(struct ip6) + sizeof(struct udphdr);
607 break;
608 default:
609 g_assert_not_reached();
610 }
611
612 /*
613 * XXX Shouldn't FIONREAD packets destined for port 53,
614 * but I don't know the max packet size for DNS lookups
615 */
616 len = M_FREEROOM(m);
617 /* if (so->so_fport != htons(53)) { */
618
619 if (n > len) {
620 n = (m->m_data - m->m_dat) + m->m_len + n + 1;
621 m_inc(m, n);
622 len = M_FREEROOM(m);
623 }
624 /* } */
625
626 m->m_len = recvfrom(so->s, m->m_data, len, 0, (struct sockaddr *)&addr,
627 &addrlen);
628 DEBUG_MISC(" did recvfrom %d, errno = %d-%s", m->m_len, errno,
629 strerror(errno));
630 if (m->m_len < 0) {
631 /* Report error as ICMP */
632 switch (so->so_lfamily) {
633 uint8_t code;
634 case AF_INET:
635 code = ICMP_UNREACH_PORT;
636
637 if (errno == EHOSTUNREACH) {
638 code = ICMP_UNREACH_HOST;
639 } else if (errno == ENETUNREACH) {
640 code = ICMP_UNREACH_NET;
641 }
642
643 DEBUG_MISC(" rx error, tx icmp ICMP_UNREACH:%i", code);
644 icmp_send_error(so->so_m, ICMP_UNREACH, code, 0,
645 strerror(errno));
646 break;
647 case AF_INET6:
648 code = ICMP6_UNREACH_PORT;
649
650 if (errno == EHOSTUNREACH) {
651 code = ICMP6_UNREACH_ADDRESS;
652 } else if (errno == ENETUNREACH) {
653 code = ICMP6_UNREACH_NO_ROUTE;
654 }
655
656 DEBUG_MISC(" rx error, tx icmp6 ICMP_UNREACH:%i", code);
657 icmp6_send_error(so->so_m, ICMP6_UNREACH, code);
658 break;
659 default:
660 g_assert_not_reached();
661 }
662 m_free(m);
663 } else {
664 /*
665 * Hack: domain name lookup will be used the most for UDP,
666 * and since they'll only be used once there's no need
667 * for the 4 minute (or whatever) timeout... So we time them
668 * out much quicker (10 seconds for now...)
669 */
670 if (so->so_expire) {
671 if (so->so_fport == htons(53))
672 so->so_expire = curtime + SO_EXPIREFAST;
673 else
674 so->so_expire = curtime + SO_EXPIRE;
675 }
676
677 /*
678 * If this packet was destined for CTL_ADDR,
679 * make it look like that's where it came from
680 */
681 saddr = addr;
682 sotranslate_in(so, &saddr);
683
684 /* Perform lazy guest IP address resolution if needed. */
685 if (so->so_state & SS_HOSTFWD) {
686 if (soassign_guest_addr_if_needed(so) < 0) {
687 DEBUG_MISC(" guest address not available yet");
688 switch (so->so_lfamily) {
689 case AF_INET:
690 icmp_send_error(so->so_m, ICMP_UNREACH,
691 ICMP_UNREACH_HOST, 0,
692 "guest address not available yet");
693 break;
694 case AF_INET6:
695 icmp6_send_error(so->so_m, ICMP6_UNREACH,
696 ICMP6_UNREACH_ADDRESS);
697 break;
698 default:
699 g_assert_not_reached();
700 }
701 m_free(m);
702 return;
703 }
704 }
705 daddr = so->lhost.ss;
706
707 switch (so->so_ffamily) {
708 case AF_INET:
709 udp_output(so, m, (struct sockaddr_in *)&saddr,
710 (struct sockaddr_in *)&daddr, so->so_iptos);
711 break;
712 case AF_INET6:
713 udp6_output(so, m, (struct sockaddr_in6 *)&saddr,
714 (struct sockaddr_in6 *)&daddr);
715 break;
716 default:
717 g_assert_not_reached();
718 }
719 } /* rx error */
720 } /* if ping packet */
721 }
722
723 /*
724 * sendto() a socket
725 */
sosendto(struct socket * so,struct mbuf * m)726 int sosendto(struct socket *so, struct mbuf *m)
727 {
728 int ret;
729 struct sockaddr_storage addr;
730
731 DEBUG_CALL("sosendto");
732 DEBUG_ARG("so = %p", so);
733 DEBUG_ARG("m = %p", m);
734
735 addr = so->fhost.ss;
736 DEBUG_CALL(" sendto()ing)");
737 if (sotranslate_out(so, &addr) < 0) {
738 return -1;
739 }
740
741 /* Don't care what port we get */
742 ret = sendto(so->s, m->m_data, m->m_len, 0, (struct sockaddr *)&addr,
743 sockaddr_size(&addr));
744 if (ret < 0)
745 return -1;
746
747 /*
748 * Kill the socket if there's no reply in 4 minutes,
749 * but only if it's an expirable socket
750 */
751 if (so->so_expire)
752 so->so_expire = curtime + SO_EXPIRE;
753 so->so_state &= SS_PERSISTENT_MASK;
754 so->so_state |= SS_ISFCONNECTED; /* So that it gets select()ed */
755 return 0;
756 }
757
758 /*
759 * Listen for incoming TCP connections
760 * On failure errno contains the reason.
761 */
tcpx_listen(Slirp * slirp,const struct sockaddr * haddr,socklen_t haddrlen,const struct sockaddr * laddr,socklen_t laddrlen,int flags)762 struct socket *tcpx_listen(Slirp *slirp,
763 const struct sockaddr *haddr, socklen_t haddrlen,
764 const struct sockaddr *laddr, socklen_t laddrlen,
765 int flags)
766 {
767 struct socket *so;
768 int s, opt = 1;
769 socklen_t addrlen;
770
771 DEBUG_CALL("tcpx_listen");
772 /* AF_INET6 addresses are bigger than AF_INET, so this is big enough. */
773 char addrstr[INET6_ADDRSTRLEN];
774 char portstr[6];
775 int ret;
776 ret = getnameinfo(haddr, haddrlen, addrstr, sizeof(addrstr), portstr, sizeof(portstr), NI_NUMERICHOST|NI_NUMERICSERV);
777 g_assert(ret == 0);
778 DEBUG_ARG("haddr = %s", addrstr);
779 DEBUG_ARG("hport = %s", portstr);
780 ret = getnameinfo(laddr, laddrlen, addrstr, sizeof(addrstr), portstr, sizeof(portstr), NI_NUMERICHOST|NI_NUMERICSERV);
781 g_assert(ret == 0);
782 DEBUG_ARG("laddr = %s", addrstr);
783 DEBUG_ARG("lport = %s", portstr);
784 DEBUG_ARG("flags = %x", flags);
785
786 /*
787 * SS_HOSTFWD sockets can be accepted multiple times, so they can't be
788 * SS_FACCEPTONCE. Also, SS_HOSTFWD connections can be accepted and
789 * immediately closed if the guest address isn't available yet, which is
790 * incompatible with the "accept once" concept. Correct code will never
791 * request both, so disallow their combination by assertion.
792 */
793 g_assert(!((flags & SS_HOSTFWD) && (flags & SS_FACCEPTONCE)));
794
795 so = socreate(slirp);
796
797 /* Don't tcp_attach... we don't need so_snd nor so_rcv */
798 so->so_tcpcb = tcp_newtcpcb(so);
799 insque(so, &slirp->tcb);
800
801 /*
802 * SS_FACCEPTONCE sockets must time out.
803 */
804 if (flags & SS_FACCEPTONCE)
805 so->so_tcpcb->t_timer[TCPT_KEEP] = TCPTV_KEEP_INIT * 2;
806
807 so->so_state &= SS_PERSISTENT_MASK;
808 so->so_state |= (SS_FACCEPTCONN | flags);
809
810 sockaddr_copy(&so->lhost.sa, sizeof(so->lhost), laddr, laddrlen);
811
812 s = slirp_socket(haddr->sa_family, SOCK_STREAM, 0);
813 if ((s < 0) ||
814 (haddr->sa_family == AF_INET6 && slirp_socket_set_v6only(s, (flags & SS_HOSTFWD_V6ONLY) != 0) < 0) ||
815 (slirp_socket_set_fast_reuse(s) < 0) ||
816 (bind(s, haddr, haddrlen) < 0) ||
817 (listen(s, 1) < 0)) {
818 int tmperrno = errno; /* Don't clobber the real reason we failed */
819 if (s >= 0) {
820 closesocket(s);
821 }
822 sofree(so);
823 /* Restore the real errno */
824 #ifdef _WIN32
825 WSASetLastError(tmperrno);
826 #else
827 errno = tmperrno;
828 #endif
829 return NULL;
830 }
831 setsockopt(s, SOL_SOCKET, SO_OOBINLINE, &opt, sizeof(int));
832 slirp_socket_set_nodelay(s);
833
834 addrlen = sizeof(so->fhost);
835 getsockname(s, &so->fhost.sa, &addrlen);
836 sotranslate_accept(so);
837
838 so->s = s;
839 return so;
840 }
841
tcp_listen(Slirp * slirp,uint32_t haddr,unsigned hport,uint32_t laddr,unsigned lport,int flags)842 struct socket *tcp_listen(Slirp *slirp, uint32_t haddr, unsigned hport,
843 uint32_t laddr, unsigned lport, int flags)
844 {
845 struct sockaddr_in hsa, lsa;
846
847 memset(&hsa, 0, sizeof(hsa));
848 hsa.sin_family = AF_INET;
849 hsa.sin_addr.s_addr = haddr;
850 hsa.sin_port = hport;
851
852 memset(&lsa, 0, sizeof(lsa));
853 lsa.sin_family = AF_INET;
854 lsa.sin_addr.s_addr = laddr;
855 lsa.sin_port = lport;
856
857 return tcpx_listen(slirp, (const struct sockaddr *) &hsa, sizeof(hsa), (struct sockaddr *) &lsa, sizeof(lsa), flags);
858 }
859
860 /*
861 * Various session state calls
862 * XXX Should be #define's
863 * The socket state stuff needs work, these often get call 2 or 3
864 * times each when only 1 was needed
865 */
soisfconnecting(struct socket * so)866 void soisfconnecting(struct socket *so)
867 {
868 so->so_state &= ~(SS_NOFDREF | SS_ISFCONNECTED | SS_FCANTRCVMORE |
869 SS_FCANTSENDMORE | SS_FWDRAIN);
870 so->so_state |= SS_ISFCONNECTING; /* Clobber other states */
871 }
872
soisfconnected(struct socket * so)873 void soisfconnected(struct socket *so)
874 {
875 so->so_state &= ~(SS_ISFCONNECTING | SS_FWDRAIN | SS_NOFDREF);
876 so->so_state |= SS_ISFCONNECTED; /* Clobber other states */
877 }
878
sofcantrcvmore(struct socket * so)879 static void sofcantrcvmore(struct socket *so)
880 {
881 if ((so->so_state & SS_NOFDREF) == 0) {
882 shutdown(so->s, 0);
883 }
884 so->so_state &= ~(SS_ISFCONNECTING);
885 if (so->so_state & SS_FCANTSENDMORE) {
886 so->so_state &= SS_PERSISTENT_MASK;
887 so->so_state |= SS_NOFDREF; /* Don't select it */
888 } else {
889 so->so_state |= SS_FCANTRCVMORE;
890 }
891 }
892
sofcantsendmore(struct socket * so)893 static void sofcantsendmore(struct socket *so)
894 {
895 if ((so->so_state & SS_NOFDREF) == 0) {
896 shutdown(so->s, 1); /* send FIN to fhost */
897 }
898 so->so_state &= ~(SS_ISFCONNECTING);
899 if (so->so_state & SS_FCANTRCVMORE) {
900 so->so_state &= SS_PERSISTENT_MASK;
901 so->so_state |= SS_NOFDREF; /* as above */
902 } else {
903 so->so_state |= SS_FCANTSENDMORE;
904 }
905 }
906
907 /*
908 * Set write drain mode
909 * Set CANTSENDMORE once all data has been write()n
910 */
sofwdrain(struct socket * so)911 void sofwdrain(struct socket *so)
912 {
913 if (so->so_rcv.sb_cc)
914 so->so_state |= SS_FWDRAIN;
915 else
916 sofcantsendmore(so);
917 }
918
sotranslate_out4(Slirp * s,struct socket * so,struct sockaddr_in * sin)919 static bool sotranslate_out4(Slirp *s, struct socket *so, struct sockaddr_in *sin)
920 {
921 if (!s->disable_dns && so->so_faddr.s_addr == s->vnameserver_addr.s_addr) {
922 return so->so_fport == htons(53) && get_dns_addr(&sin->sin_addr) >= 0;
923 }
924
925 if (so->so_faddr.s_addr == s->vhost_addr.s_addr ||
926 so->so_faddr.s_addr == 0xffffffff) {
927 if (s->disable_host_loopback) {
928 return false;
929 }
930
931 sin->sin_addr = loopback_addr;
932 }
933
934 return true;
935 }
936
sotranslate_out6(Slirp * s,struct socket * so,struct sockaddr_in6 * sin)937 static bool sotranslate_out6(Slirp *s, struct socket *so, struct sockaddr_in6 *sin)
938 {
939 if (!s->disable_dns && in6_equal(&so->so_faddr6, &s->vnameserver_addr6)) {
940 uint32_t scope_id;
941 if (so->so_fport == htons(53) && get_dns6_addr(&sin->sin6_addr, &scope_id) >= 0) {
942 sin->sin6_scope_id = scope_id;
943 return true;
944 }
945 return false;
946 }
947
948 if (in6_equal_net(&so->so_faddr6, &s->vprefix_addr6, s->vprefix_len) ||
949 in6_equal(&so->so_faddr6, &(struct in6_addr)ALLNODES_MULTICAST)) {
950 if (s->disable_host_loopback) {
951 return false;
952 }
953
954 sin->sin6_addr = in6addr_loopback;
955 }
956
957 return true;
958 }
959
960
961 /*
962 * Translate addr in host addr when it is a virtual address
963 */
sotranslate_out(struct socket * so,struct sockaddr_storage * addr)964 int sotranslate_out(struct socket *so, struct sockaddr_storage *addr)
965 {
966 bool ok = true;
967
968 switch (addr->ss_family) {
969 case AF_INET:
970 ok = sotranslate_out4(so->slirp, so, (struct sockaddr_in *)addr);
971 break;
972 case AF_INET6:
973 ok = sotranslate_out6(so->slirp, so, (struct sockaddr_in6 *)addr);
974 break;
975 }
976
977 if (!ok) {
978 errno = EPERM;
979 return -1;
980 }
981
982 return 0;
983 }
984
sotranslate_in(struct socket * so,struct sockaddr_storage * addr)985 void sotranslate_in(struct socket *so, struct sockaddr_storage *addr)
986 {
987 Slirp *slirp = so->slirp;
988 struct sockaddr_in *sin = (struct sockaddr_in *)addr;
989 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr;
990
991 switch (addr->ss_family) {
992 case AF_INET:
993 if ((so->so_faddr.s_addr & slirp->vnetwork_mask.s_addr) ==
994 slirp->vnetwork_addr.s_addr) {
995 uint32_t inv_mask = ~slirp->vnetwork_mask.s_addr;
996
997 if ((so->so_faddr.s_addr & inv_mask) == inv_mask) {
998 sin->sin_addr = slirp->vhost_addr;
999 } else if (sin->sin_addr.s_addr == loopback_addr.s_addr ||
1000 so->so_faddr.s_addr != slirp->vhost_addr.s_addr) {
1001 sin->sin_addr = so->so_faddr;
1002 }
1003 }
1004 break;
1005
1006 case AF_INET6:
1007 if (in6_equal_net(&so->so_faddr6, &slirp->vprefix_addr6,
1008 slirp->vprefix_len)) {
1009 if (in6_equal(&sin6->sin6_addr, &in6addr_loopback) ||
1010 !in6_equal(&so->so_faddr6, &slirp->vhost_addr6)) {
1011 sin6->sin6_addr = so->so_faddr6;
1012 }
1013 }
1014 break;
1015
1016 default:
1017 break;
1018 }
1019 }
1020
1021 /*
1022 * Translate connections from localhost to the real hostname
1023 */
sotranslate_accept(struct socket * so)1024 void sotranslate_accept(struct socket *so)
1025 {
1026 Slirp *slirp = so->slirp;
1027
1028 switch (so->so_ffamily) {
1029 case AF_INET:
1030 if (so->so_faddr.s_addr == INADDR_ANY ||
1031 (so->so_faddr.s_addr & loopback_mask) ==
1032 (loopback_addr.s_addr & loopback_mask)) {
1033 so->so_faddr = slirp->vhost_addr;
1034 }
1035 break;
1036
1037 case AF_INET6:
1038 if (in6_equal(&so->so_faddr6, &in6addr_any) ||
1039 in6_equal(&so->so_faddr6, &in6addr_loopback)) {
1040 so->so_faddr6 = slirp->vhost_addr6;
1041 }
1042 break;
1043
1044 default:
1045 break;
1046 }
1047 }
1048
sodrop(struct socket * s,int num)1049 void sodrop(struct socket *s, int num)
1050 {
1051 if (sbdrop(&s->so_snd, num)) {
1052 s->slirp->cb->notify(s->slirp->opaque);
1053 }
1054 }
1055
1056 /*
1057 * Translate "addr-any" in so->lhost to the guest's actual address.
1058 * Returns 0 for success, or -1 if the guest doesn't have an address yet
1059 * with errno set to EHOSTUNREACH.
1060 *
1061 * The guest address is taken from the first entry in the ARP table for IPv4
1062 * and the first entry in the NDP table for IPv6.
1063 * Note: The IPv4 path isn't exercised yet as all hostfwd "" guest translations
1064 * are handled immediately by using slirp->vdhcp_startaddr.
1065 */
soassign_guest_addr_if_needed(struct socket * so)1066 int soassign_guest_addr_if_needed(struct socket *so)
1067 {
1068 Slirp *slirp = so->slirp;
1069 /* AF_INET6 addresses are bigger than AF_INET, so this is big enough. */
1070 char addrstr[INET6_ADDRSTRLEN];
1071 char portstr[6];
1072
1073 g_assert(so->so_state & SS_HOSTFWD);
1074
1075 switch (so->so_ffamily) {
1076 case AF_INET:
1077 if (so->so_laddr.s_addr == INADDR_ANY) {
1078 g_assert_not_reached();
1079 }
1080 break;
1081
1082 case AF_INET6:
1083 if (in6_zero(&so->so_laddr6)) {
1084 int ret;
1085 if (in6_zero(&slirp->ndp_table.guest_in6_addr)) {
1086 errno = EHOSTUNREACH;
1087 return -1;
1088 }
1089 so->so_laddr6 = slirp->ndp_table.guest_in6_addr;
1090 ret = getnameinfo((const struct sockaddr *) &so->lhost.ss,
1091 sizeof(so->lhost.ss), addrstr, sizeof(addrstr),
1092 portstr, sizeof(portstr),
1093 NI_NUMERICHOST|NI_NUMERICSERV);
1094 g_assert(ret == 0);
1095 DEBUG_MISC("%s: new ip = [%s]:%s", __func__, addrstr, portstr);
1096 }
1097 break;
1098
1099 default:
1100 break;
1101 }
1102
1103 return 0;
1104 }
1105