2 * Copyright (c) 2008 The DragonFly Project. All rights reserved.
4 * This code is derived from software contributed to The DragonFly Project
5 * by Matthew Dillon <dillon@backplane.com>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * 3. Neither the name of The DragonFly Project nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific, prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
25 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
27 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
28 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
29 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
30 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
31 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * vknet [-cdU] [-b bridgeN] [-p socket_path] [-t tapN] [address/cidrbits]
37 * Create a named unix-domain socket which userland vkernels can open
38 * to gain access to a local network. All connections to the socket
39 * are bridged together and the local network can also be bridged onto
40 * a TAP interface by specifying the -t option.
44 static ioinfo_t vknet_tap(const char *tapName, const char *bridgeName);
45 static int vknet_listener(const char *pathName);
46 static void vknet_acceptor(int net_fd);
47 static void *vknet_io(void *arg);
48 static int vknet_connect(const char *pathName);
49 static void vknet_monitor(int net_fd);
50 static void usage(void);
51 static void writepid(void);
52 static void cleanup(int);
54 pthread_mutex_t BridgeMutex;
59 const char *pidfile = "/var/run/vknetd.pid";
61 struct in_addr NetAddress;
62 struct in_addr NetMask;
65 main(int ac, char **av)
67 const char *pathName = "/var/run/vknet";
68 const char *tapName = "auto";
69 const char *bridgeName = NULL;
76 while ((c = getopt(ac, av, "b:cdp:i:t:U")) != -1) {
109 * Ignore SIGPIPE to prevent write() races against disconnecting
110 * clients from killing vknetd. Should be inherited by all I/O
113 signal(SIGPIPE, SIG_IGN);
116 * Special connect/debug mode
119 net_fd = vknet_connect(pathName);
124 vknet_monitor(net_fd);
129 * In secure mode (the default), a network address/mask must be
130 * specified. e.g. 10.1.0.0/16. Any traffic going out the TAP
131 * interface will be filtered.
133 * If non-secure mode the network address/mask is optional.
135 if (SecureOpt || SetAddrOpt) {
140 if (ac == 0 || strchr(av[0], '/') == NULL)
143 if (inet_pton(AF_INET, strtok(str, "/"), &NetAddress) <= 0)
145 masklen = strtoul(strtok(NULL, "/"), NULL, 10);
146 mask = (1 << (32 - masklen)) - 1;
147 NetMask.s_addr = htonl(~mask);
151 * Normal operation, create the tap/bridge and listener. This
152 * part is not threaded.
156 if ((tap_info = vknet_tap(tapName, bridgeName)) == NULL) {
160 if ((net_fd = vknet_listener(pathName)) < 0) {
161 perror("listener: ");
166 * Now make us a demon and start the threads going.
173 signal(SIGINT, cleanup);
174 signal(SIGHUP, cleanup);
175 signal(SIGTERM, cleanup);
176 if (tap_info && tap_info->fd >= 0) {
178 ioctl(tap_info->fd, FIOSETOWN, &pid);
181 pthread_mutex_init(&BridgeMutex, NULL);
182 pthread_create(&dummy_td, NULL, vknet_io, tap_info);
183 vknet_acceptor(net_fd);
188 #define TAPDEV_MINOR(x) ((int)((x) & 0xffff00ff))
191 vknet_tap(const char *tapName, const char *bridgeName)
194 struct ifaliasreq ifra;
203 if (strcmp(tapName, "auto") == 0) {
204 tap_fd = open("/dev/tap", O_RDWR);
205 } else if (strncmp(tapName, "tap", 3) == 0) {
206 asprintf(&buf, "/dev/%s", tapName);
207 tap_fd = open(buf, O_RDWR | O_NONBLOCK);
210 tap_fd = open(tapName, O_RDWR | O_NONBLOCK);
216 * Figure out the tap unit number
218 if (fstat(tap_fd, &st) < 0) {
222 tap_unit = TAPDEV_MINOR(st.st_rdev);
225 * Output the tap interface before detaching for any script
226 * that might be using vknetd.
228 printf("/dev/tap%d\n", tap_unit);
234 fcntl(tap_fd, F_SETFL, 0);
235 bzero(&ifr, sizeof(ifr));
236 bzero(&ifra, sizeof(ifra));
237 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tap%d", tap_unit);
238 snprintf(ifra.ifra_name, sizeof(ifra.ifra_name), "tap%d", tap_unit);
240 s = socket(AF_INET, SOCK_DGRAM, 0);
243 * Set the interface address if in Secure mode.
246 struct sockaddr_in *in;
248 in = (void *)&ifra.ifra_addr;
249 in->sin_family = AF_INET;
250 in->sin_len = sizeof(ifra.ifra_addr);
251 in->sin_addr = NetAddress;
252 in = (void *)&ifra.ifra_mask;
253 in->sin_family = AF_INET;
254 in->sin_len = sizeof(ifra.ifra_mask);
255 in->sin_addr = NetMask;
256 if (ioctl(s, SIOCAIFADDR, &ifra) < 0) {
257 perror("Unable to set address on tap interface");
263 * Turn up the interface
266 if (ioctl(s, SIOCGIFFLAGS, &ifr) >= 0) {
267 bzero(&ifr, sizeof(ifr));
268 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "tap%d", tap_unit);
269 ifr.ifr_flags |= flags & 0xFFFF;
270 ifr.ifr_flagshigh |= flags >> 16;
271 if (ioctl(s, SIOCSIFFLAGS, &ifr) < 0) {
272 perror("Unable to set IFF_UP on tap interface");
282 * Create the bridge if necessary.
284 bzero(&ifr, sizeof(ifr));
285 snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", bridgeName);
286 if (ioctl(s, SIOCIFCREATE, &ifr) < 0) {
287 if (errno != EEXIST) {
288 perror("Unable to create bridge interface");
295 * Add the tap interface to the bridge
297 bzero(&ifbr, sizeof(ifbr));
298 snprintf(ifbr.ifbr_ifsname, sizeof(ifbr.ifbr_ifsname),
301 bzero(&ifd, sizeof(ifd));
302 snprintf(ifd.ifd_name, sizeof(ifd.ifd_name), "%s", bridgeName);
303 ifd.ifd_cmd = BRDGADD;
304 ifd.ifd_len = sizeof(ifbr);
305 ifd.ifd_data = &ifbr;
307 if (ioctl(s, SIOCSDRVSPEC, &ifd) < 0) {
308 if (errno != EEXIST) {
309 perror("Unable to add tap ifc to bridge!");
316 info = malloc(sizeof(*info));
317 bzero(info, sizeof(*info));
326 vknet_listener(const char *pathName)
328 struct sockaddr_un sunx;
335 * Group access to our named unix domain socket.
337 if ((grp = getgrnam("vknet")) == NULL) {
338 fprintf(stderr, "The 'vknet' group must exist\n");
347 snprintf(sunx.sun_path, sizeof(sunx.sun_path), "%s", pathName);
348 len = offsetof(struct sockaddr_un, sun_path[strlen(sunx.sun_path)]);
349 ++len; /* include nul */
350 sunx.sun_family = AF_UNIX;
353 net_fd = socket(AF_UNIX, SOCK_SEQPACKET, 0);
357 if (bind(net_fd, (void *)&sunx, len) < 0) {
361 if (listen(net_fd, 1024) < 0) {
365 if (chown(pathName, (uid_t)-1, gid) < 0) {
369 if (chmod(pathName, 0660) < 0) {
378 vknet_acceptor(int net_fd)
380 struct sockaddr_un sunx;
387 sunx_len = sizeof(sunx);
388 rfd = accept(net_fd, (void *)&sunx, &sunx_len);
391 info = malloc(sizeof(*info));
392 bzero(info, sizeof(*info));
395 pthread_create(&dummy_td, NULL, vknet_io, info);
400 * This I/O thread implements the core of the bridging code.
411 pthread_detach(pthread_self());
414 * Assign as a bridge slot using our thread id.
416 pthread_mutex_lock(&BridgeMutex);
417 bridge = bridge_add(info);
418 pthread_mutex_unlock(&BridgeMutex);
421 * Read packet loop. Writing is handled by the bridge code.
423 pkt = malloc(MAXPKT);
424 while ((bytes = read(info->fd, pkt, MAXPKT)) > 0) {
425 pthread_mutex_lock(&BridgeMutex);
426 bridge_packet(bridge, pkt, bytes);
427 pthread_mutex_unlock(&BridgeMutex);
433 pthread_mutex_lock(&BridgeMutex);
435 pthread_mutex_unlock(&BridgeMutex);
446 vknet_connect(const char *pathName)
448 struct sockaddr_un sunx;
452 snprintf(sunx.sun_path, sizeof(sunx.sun_path), "%s", pathName);
453 len = offsetof(struct sockaddr_un, sun_path[strlen(sunx.sun_path)]);
454 ++len; /* include nul */
455 sunx.sun_family = AF_UNIX;
458 net_fd = socket(AF_UNIX, SOCK_SEQPACKET, 0);
461 if (connect(net_fd, (void *)&sunx, len) < 0) {
469 vknet_monitor(int net_fd)
475 pkt = malloc(MAXPKT);
476 while ((bytes = read(net_fd, pkt, MAXPKT)) > 0) {
477 printf("%02x:%02x:%02x:%02x:%02x:%02x <- "
478 "%02x:%02x:%02x:%02x:%02x:%02x",
479 pkt[0], pkt[1], pkt[2], pkt[3], pkt[4], pkt[5],
480 pkt[6], pkt[7], pkt[8], pkt[9], pkt[10], pkt[11]);
481 for (i = 12; i < bytes; ++i) {
482 if (((i - 12) & 15) == 0) {
485 printf(" %02x", pkt[i]);
500 if ((pf = fopen(pidfile, "w+")) == NULL)
501 errx(1, "Failed to create pidfile %s", pidfile);
503 if ((fprintf(pf, "%d\n", getpid())) < 1)
510 cleanup(int __unused sig)
520 fprintf(stderr, "usage: vknet [-cdU] [-b bridgeN] [-p socket_path] [-i pidfile] [-t tapN] [address/cidrbits]\n");
521 fprintf(stderr, "address/cidrbits must be specified in default secure mode.\n");