1 /* $KAME: faithd.c,v 1.46 2002/01/24 16:40:42 sumikawa Exp $ */
4 * Copyright (C) 1997 and 1998 WIDE Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * $FreeBSD: src/usr.sbin/faithd/faithd.c,v 1.2.2.7 2002/04/28 08:01:39 ume Exp $
35 * User level translator from IPv6 to IPv4.
37 * Usage: faithd [<port> <progpath> <arg1(progname)> <arg2> ...]
38 * e.g. faithd telnet /usr/libexec/telnetd telnetd
41 #include <sys/param.h>
42 #include <sys/types.h>
43 #include <sys/sysctl.h>
44 #include <sys/socket.h>
48 #include <sys/ioctl.h>
64 #include <net/if_types.h>
68 # include <net/route.h>
69 # include <net/if_dl.h>
72 #include <netinet/in.h>
73 #include <arpa/inet.h>
79 #include <arpa/nameser.h>
81 #define FAITH_NS "FAITH_NS"
88 char *serverpath = NULL;
89 char *serverarg[MAXARGV + 1];
90 static char *faithdname = NULL;
92 char procname[BUFSIZ];
95 struct sockaddr *addr;
97 struct myaddrs *myaddrs = NULL;
98 static const char *service;
100 static int sockfd = 0;
103 static int pflag = 0;
104 static int inetd = 0;
105 static char *configfile = NULL;
107 int main __P((int, char **));
108 static int inetd_main __P((int, char **));
109 static int daemon_main __P((int, char **));
110 static void play_service __P((int));
111 static void play_child __P((int, struct sockaddr *));
112 static int faith_prefix __P((struct sockaddr *));
113 static int map6to4 __P((struct sockaddr_in6 *, struct sockaddr_in *));
115 static int map4to6 __P((struct sockaddr_in *, struct sockaddr_in6 *));
117 static void sig_child __P((int));
118 static void sig_terminate __P((int));
119 static void start_daemon __P((void));
120 static void exit_stderr __P((const char *, ...))
121 __attribute__((__format__(__printf__, 1, 2)));
122 static void grab_myaddrs __P((void));
123 static void free_myaddrs __P((void));
124 static void update_myaddrs __P((void));
125 static void usage __P((void));
128 main(int argc, char **argv)
135 faithdname = strrchr(argv[0], '/');
139 faithdname = argv[0];
141 if (strcmp(faithdname, "faithd") != 0) {
143 return inetd_main(argc, argv);
145 return daemon_main(argc, argv);
149 inetd_main(int argc, char **argv)
151 char path[MAXPATHLEN];
152 struct sockaddr_storage me;
153 struct sockaddr_storage from;
158 char sbuf[NI_MAXSERV], snum[NI_MAXSERV];
160 if (config_load(configfile) < 0 && configfile) {
161 exit_failure("could not load config file");
165 if (strrchr(argv[0], '/') == NULL)
166 snprintf(path, sizeof(path), "%s/%s", DEFAULT_DIR, argv[0]);
168 snprintf(path, sizeof(path), "%s", argv[0]);
173 sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC);
175 exit_failure("socket(PF_ROUTE): %s", strerror(errno));
181 if (getsockname(STDIN_FILENO, (struct sockaddr *)&me, &melen) < 0) {
182 exit_failure("getsockname: %s", strerror(errno));
185 fromlen = sizeof(from);
186 if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) {
187 exit_failure("getpeername: %s", strerror(errno));
190 if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0,
191 sbuf, sizeof(sbuf), NI_NUMERICHOST) == 0)
194 service = DEFAULT_PORT_NAME;
195 if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0,
196 snum, sizeof(snum), NI_NUMERICHOST) != 0)
197 snprintf(snum, sizeof(snum), "?");
199 snprintf(logname, sizeof(logname), "faithd %s", snum);
200 snprintf(procname, sizeof(procname), "accepting port %s", snum);
201 openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);
203 if (argc >= MAXARGV) {
204 exit_failure("too many arguments");
207 serverarg[0] = serverpath = path;
208 for (i = 1; i < argc; i++)
209 serverarg[i] = argv[i];
212 error = setsockopt(STDIN_FILENO, SOL_SOCKET, SO_OOBINLINE, &on,
215 exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno));
219 play_child(STDIN_FILENO, (struct sockaddr *)&from);
220 exit_failure("should not reach here");
225 daemon_main(int argc, char **argv)
227 struct addrinfo hints, *res;
228 int s_wld, error, i, serverargc, on = 1;
229 int family = AF_INET6;
233 #endif /* FAITH_NS */
235 while ((c = getopt(argc, argv, "df:p46")) != -1) {
262 if (config_load(configfile) < 0 && configfile) {
263 exit_failure("could not load config file");
268 if ((ns = getenv(FAITH_NS)) != NULL) {
269 struct sockaddr_storage ss;
270 struct addrinfo hints, *res;
271 char serv[NI_MAXSERV];
273 memset(&ss, 0, sizeof(ss));
274 memset(&hints, 0, sizeof(hints));
275 snprintf(serv, sizeof(serv), "%u", NAMESERVER_PORT);
276 hints.ai_flags = AI_NUMERICHOST;
277 if (getaddrinfo(ns, serv, &hints, &res) == 0) {
279 memcpy(&_res_ext.nsaddr, res->ai_addr, res->ai_addrlen);
283 #endif /* FAITH_NS */
294 serverargc = argc - NUMARG;
295 if (serverargc >= MAXARGV)
296 exit_stderr("too many arguments");
298 serverpath = malloc(strlen(argv[NUMPRG]) + 1);
299 strcpy(serverpath, argv[NUMPRG]);
300 for (i = 0; i < serverargc; i++) {
301 serverarg[i] = malloc(strlen(argv[i + NUMARG]) + 1);
302 strcpy(serverarg[i], argv[i + NUMARG]);
306 case 1: /* no local service */
307 service = argv[NUMPRT];
312 * Opening wild card socket for this service.
315 memset(&hints, 0, sizeof(hints));
316 hints.ai_flags = AI_PASSIVE;
317 hints.ai_family = family;
318 hints.ai_socktype = SOCK_STREAM;
319 hints.ai_protocol = 0;
320 error = getaddrinfo(NULL, service, &hints, &res);
322 exit_failure("getaddrinfo: %s", gai_strerror(error));
324 s_wld = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
326 exit_failure("socket: %s", strerror(errno));
329 if (res->ai_family == AF_INET6) {
330 error = setsockopt(s_wld, IPPROTO_IPV6, IPV6_FAITH, &on, sizeof(on));
332 exit_failure("setsockopt(IPV6_FAITH): %s",
338 if (res->ai_family == AF_INET) {
339 error = setsockopt(s_wld, IPPROTO_IP, IP_FAITH, &on, sizeof(on));
341 exit_failure("setsockopt(IP_FAITH): %s",
347 error = setsockopt(s_wld, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
349 exit_failure("setsockopt(SO_REUSEADDR): %s", strerror(errno));
351 error = setsockopt(s_wld, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on));
353 exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno));
355 error = bind(s_wld, (struct sockaddr *)res->ai_addr, res->ai_addrlen);
357 exit_failure("bind: %s", strerror(errno));
359 error = listen(s_wld, 5);
361 exit_failure("listen: %s", strerror(errno));
364 sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC);
366 exit_failure("socket(PF_ROUTE): %s", strerror(errno));
377 snprintf(logname, sizeof(logname), "faithd %s", service);
378 snprintf(procname, sizeof(procname), "accepting port %s", service);
379 openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);
380 syslog(LOG_INFO, "Staring faith daemon for %s port", service);
384 exit(1); /*pacify gcc*/
388 play_service(int s_wld)
390 struct sockaddr_storage srcaddr;
399 * Wait, accept, fork, faith....
402 setproctitle("%s", procname);
405 FD_SET(s_wld, &rfds);
409 FD_SET(sockfd, &rfds);
410 maxfd = (maxfd < sockfd) ? sockfd : maxfd;
414 error = select(maxfd + 1, &rfds, NULL, NULL, NULL);
418 exit_failure("select: %s", strerror(errno));
423 if (FD_ISSET(sockfd, &rfds)) {
427 if (FD_ISSET(s_wld, &rfds)) {
428 len = sizeof(srcaddr);
429 s_src = accept(s_wld, (struct sockaddr *)&srcaddr,
432 if (errno == ECONNABORTED)
434 exit_failure("socket: %s", strerror(errno));
440 if (child_pid == 0) {
444 openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);
445 play_child(s_src, (struct sockaddr *)&srcaddr);
446 exit_failure("should never reach here");
452 syslog(LOG_ERR, "can't fork");
459 play_child(int s_src, struct sockaddr *srcaddr)
461 struct sockaddr_storage dstaddr6;
462 struct sockaddr_storage dstaddr4;
463 char src[NI_MAXHOST];
464 char dst6[NI_MAXHOST];
465 char dst4[NI_MAXHOST];
466 int len = sizeof(dstaddr6);
467 int s_dst, error, hport, nresvport, on = 1;
469 struct sockaddr *sa4;
470 const struct config *conf;
475 getnameinfo(srcaddr, srcaddr->sa_len,
476 src, sizeof(src), NULL, 0, NI_NUMERICHOST);
477 syslog(LOG_INFO, "accepted a client from %s", src);
479 error = getsockname(s_src, (struct sockaddr *)&dstaddr6, &len);
481 exit_failure("getsockname: %s", strerror(errno));
485 getnameinfo((struct sockaddr *)&dstaddr6, len,
486 dst6, sizeof(dst6), NULL, 0, NI_NUMERICHOST);
487 syslog(LOG_INFO, "the client is connecting to %s", dst6);
489 if (!faith_prefix((struct sockaddr *)&dstaddr6)) {
494 syslog(LOG_INFO, "executing local %s", serverpath);
501 execv(serverpath, serverarg);
502 syslog(LOG_ERR, "execv %s: %s", serverpath,
507 exit_success("no local service for %s", service);
512 * Act as a translator
515 switch (((struct sockaddr *)&dstaddr6)->sa_family) {
517 if (!map6to4((struct sockaddr_in6 *)&dstaddr6,
518 (struct sockaddr_in *)&dstaddr4)) {
520 exit_failure("map6to4 failed");
523 syslog(LOG_INFO, "translating from v6 to v4");
527 if (!map4to6((struct sockaddr_in *)&dstaddr6,
528 (struct sockaddr_in6 *)&dstaddr4)) {
530 exit_failure("map4to6 failed");
533 syslog(LOG_INFO, "translating from v4 to v6");
538 exit_failure("family not supported");
542 sa4 = (struct sockaddr *)&dstaddr4;
543 getnameinfo(sa4, sa4->sa_len,
544 dst4, sizeof(dst4), NULL, 0, NI_NUMERICHOST);
546 conf = config_match(srcaddr, sa4);
547 if (!conf || !conf->permit) {
550 exit_failure("translation to %s not permitted for %s",
551 dst4, prefix_string(&conf->match));
554 exit_failure("translation to %s not permitted", dst4);
559 syslog(LOG_INFO, "the translator is connecting to %s", dst4);
561 setproctitle("port %s, %s -> %s", service, src, dst4);
563 if (sa4->sa_family == AF_INET6)
564 hport = ntohs(((struct sockaddr_in6 *)&dstaddr4)->sin6_port);
566 hport = ntohs(((struct sockaddr_in *)&dstaddr4)->sin_port);
571 s_dst = rresvport_af(&nresvport, sa4->sa_family);
575 s_dst = rresvport_af(&nresvport, sa4->sa_family);
577 s_dst = socket(sa4->sa_family, SOCK_STREAM, 0);
581 exit_failure("socket: %s", strerror(errno));
585 if (conf->src.a.ss_family) {
586 if (bind(s_dst, (const struct sockaddr *)&conf->src.a,
587 conf->src.a.ss_len) < 0) {
588 exit_failure("bind: %s", strerror(errno));
593 error = setsockopt(s_dst, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on));
595 exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno));
599 error = setsockopt(s_src, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
601 exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno));
604 error = setsockopt(s_dst, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
606 exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno));
610 error = connect(s_dst, sa4, sa4->sa_len);
612 exit_failure("connect: %s", strerror(errno));
618 ftp_relay(s_src, s_dst);
622 "WARINNG: it is insecure to relay rsh port");
623 rsh_relay(s_src, s_dst);
627 "WARINNG: it is insecure to relay rlogin port");
630 tcp_relay(s_src, s_dst, service);
637 /* 0: non faith, 1: faith */
639 faith_prefix(struct sockaddr *dst)
643 struct in6_addr faith_prefix;
644 struct sockaddr_in6 *dst6 = (struct sockaddr_in *)dst;
646 if (dst->sa_family != AF_INET6)
651 mib[2] = IPPROTO_IPV6;
652 mib[3] = IPV6CTL_FAITH_PREFIX;
653 size = sizeof(struct in6_addr);
654 if (sysctl(mib, 4, &faith_prefix, &size, NULL, 0) < 0) {
655 exit_failure("sysctl: %s", strerror(errno));
659 if (memcmp(dst, &faith_prefix,
660 sizeof(struct in6_addr) - sizeof(struct in_addr) == 0) {
666 struct sockaddr_in6 *sin6;
667 struct sockaddr_in *sin4;
668 struct sockaddr_in6 *dst6;
669 struct sockaddr_in *dst4;
670 struct sockaddr_in dstmap;
672 dst6 = (struct sockaddr_in6 *)dst;
673 if (dst->sa_family == AF_INET6
674 && IN6_IS_ADDR_V4MAPPED(&dst6->sin6_addr)) {
676 memset(&dstmap, 0, sizeof(dstmap));
677 dstmap.sin_family = AF_INET;
678 dstmap.sin_len = sizeof(dstmap);
679 memcpy(&dstmap.sin_addr, &dst6->sin6_addr.s6_addr[12],
680 sizeof(dstmap.sin_addr));
681 dst = (struct sockaddr *)&dstmap;
684 dst6 = (struct sockaddr_in6 *)dst;
685 dst4 = (struct sockaddr_in *)dst;
687 for (p = myaddrs; p; p = p->next) {
688 sin6 = (struct sockaddr_in6 *)p->addr;
689 sin4 = (struct sockaddr_in *)p->addr;
691 if (p->addr->sa_len != dst->sa_len
692 || p->addr->sa_family != dst->sa_family)
695 switch (dst->sa_family) {
697 if (sin6->sin6_scope_id == dst6->sin6_scope_id
698 && IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &dst6->sin6_addr))
702 if (sin4->sin_addr.s_addr == dst4->sin_addr.s_addr)
711 /* 0: non faith, 1: faith */
713 map6to4(struct sockaddr_in6 *dst6, struct sockaddr_in *dst4)
715 memset(dst4, 0, sizeof(*dst4));
716 dst4->sin_len = sizeof(*dst4);
717 dst4->sin_family = AF_INET;
718 dst4->sin_port = dst6->sin6_port;
719 memcpy(&dst4->sin_addr, &dst6->sin6_addr.s6_addr[12],
720 sizeof(dst4->sin_addr));
722 if (dst4->sin_addr.s_addr == INADDR_ANY
723 || dst4->sin_addr.s_addr == INADDR_BROADCAST
724 || IN_MULTICAST(ntohl(dst4->sin_addr.s_addr)))
731 /* 0: non faith, 1: faith */
733 map4to6(struct sockaddr_in *dst4, struct sockaddr_in6 *dst6)
735 char host[NI_MAXHOST];
736 char serv[NI_MAXSERV];
737 struct addrinfo hints, *res;
740 if (getnameinfo((struct sockaddr *)dst4, dst4->sin_len, host, sizeof(host),
741 serv, sizeof(serv), NI_NAMEREQD|NI_NUMERICSERV) != 0)
744 memset(&hints, 0, sizeof(hints));
746 hints.ai_family = AF_INET6;
747 hints.ai_socktype = SOCK_STREAM;
748 hints.ai_protocol = 0;
750 if ((ai_errno = getaddrinfo(host, serv, &hints, &res)) != 0) {
751 syslog(LOG_INFO, "%s %s: %s", host, serv,
752 gai_strerror(ai_errno));
756 memcpy(dst6, res->ai_addr, res->ai_addrlen);
770 pid = wait3(&status, WNOHANG, (struct rusage *)0);
771 if (pid && WEXITSTATUS(status))
772 syslog(LOG_WARNING, "child %d exit status 0x%x", pid, status);
776 sig_terminate(int sig)
778 syslog(LOG_INFO, "Terminating faith daemon");
789 if (daemon(0, 0) == -1)
790 exit_stderr("daemon: %s", strerror(errno));
793 memset(&sa, 0, sizeof(sa));
794 sa.sa_handler = sig_child;
795 sa.sa_flags = SA_NOCLDWAIT;
796 sigemptyset(&sa.sa_mask);
797 sigaction(SIGCHLD, &sa, (struct sigaction *)0);
799 if (signal(SIGCHLD, sig_child) == SIG_ERR) {
800 exit_failure("signal CHLD: %s", strerror(errno));
805 if (signal(SIGTERM, sig_terminate) == SIG_ERR) {
806 exit_failure("signal TERM: %s", strerror(errno));
812 exit_stderr(const char *fmt, ...)
818 vsnprintf(buf, sizeof(buf), fmt, ap);
820 fprintf(stderr, "%s\n", buf);
825 exit_failure(const char *fmt, ...)
831 vsnprintf(buf, sizeof(buf), fmt, ap);
833 syslog(LOG_ERR, "%s", buf);
838 exit_success(const char *fmt, ...)
844 vsnprintf(buf, sizeof(buf), fmt, ap);
846 syslog(LOG_INFO, "%s", buf);
854 struct ifaddrs *ifap, *ifa;
856 struct sockaddr_in6 *sin6;
858 if (getifaddrs(&ifap) != 0) {
859 exit_failure("getifaddrs");
863 for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
864 switch (ifa->ifa_addr->sa_family) {
872 p = (struct myaddrs *)malloc(sizeof(struct myaddrs) +
873 ifa->ifa_addr->sa_len);
875 exit_failure("not enough core");
878 memcpy(p + 1, ifa->ifa_addr, ifa->ifa_addr->sa_len);
880 p->addr = (struct sockaddr *)(p + 1);
882 if (ifa->ifa_addr->sa_family == AF_INET6) {
883 sin6 = (struct sockaddr_in6 *)p->addr;
884 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)
885 || IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
886 sin6->sin6_scope_id =
887 ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]);
888 sin6->sin6_addr.s6_addr[2] = 0;
889 sin6->sin6_addr.s6_addr[3] = 0;
895 char hbuf[NI_MAXHOST];
896 getnameinfo(p->addr, p->addr->sa_len,
897 hbuf, sizeof(hbuf), NULL, 0,
899 syslog(LOG_INFO, "my interface: %s %s", hbuf,
910 struct myaddrs *p, *q;
926 struct rt_msghdr *rtm;
928 len = read(sockfd, msg, sizeof(msg));
930 syslog(LOG_ERR, "read(PF_ROUTE) failed");
933 rtm = (struct rt_msghdr *)msg;
934 if (len < 4 || len < rtm->rtm_msglen) {
935 syslog(LOG_ERR, "read(PF_ROUTE) short read");
938 if (rtm->rtm_version != RTM_VERSION) {
939 syslog(LOG_ERR, "routing socket version mismatch");
944 switch (rtm->rtm_type) {
952 /* XXX more filters here? */
954 syslog(LOG_INFO, "update interface address list");
963 fprintf(stderr, "usage: %s [-dp] [-f conf] service [serverpath [serverargs]]\n",
projects / dragonfly.git / blob