1 /* $KAME: faithd.c,v 1.67 2003/10/16 05:26:21 itojun Exp $ */
4 * Copyright (C) 1997 and 1998 WIDE Project.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * User level translator from IPv6 to IPv4.
37 * Usage: faithd [<port> <progpath> <arg1(progname)> <arg2> ...]
38 * e.g. faithd telnet /usr/libexec/telnetd telnetd
41 #include <sys/param.h>
42 #include <sys/types.h>
43 #include <sys/sysctl.h>
44 #include <sys/socket.h>
48 #include <sys/ioctl.h>
65 #include <net/if_types.h>
69 # include <net/route.h>
70 # include <net/if_dl.h>
73 #include <netinet/in.h>
74 #include <arpa/inet.h>
81 char *serverpath = NULL;
82 char *serverarg[MAXARGV + 1];
83 static char *faithdname = NULL;
85 char procname[BUFSIZ];
89 struct sockaddr *addr;
91 struct myaddrs *myaddrs = NULL;
93 static const char *service;
95 static int sockfd = 0;
100 static char *configfile = NULL;
102 int main __P((int, char **));
103 static int inetd_main __P((int, char **));
104 static int daemon_main __P((int, char **));
105 static void play_service __P((int));
106 static void play_child __P((int, struct sockaddr *));
107 static int faith_prefix __P((struct sockaddr *));
108 static int map6to4 __P((struct sockaddr_in6 *, struct sockaddr_in *));
109 static void sig_child __P((int));
110 static void sig_terminate __P((int));
111 static void start_daemon __P((void));
112 static void exit_stderr __P((const char *, ...))
113 __attribute__((__format__(__printf__, 1, 2)));
114 static void grab_myaddrs __P((void));
115 static void free_myaddrs __P((void));
116 static void update_myaddrs __P((void));
117 static void usage __P((void));
120 main(int argc, char **argv)
127 faithdname = strrchr(argv[0], '/');
131 faithdname = argv[0];
133 if (strcmp(faithdname, "faithd") != 0) {
135 return inetd_main(argc, argv);
137 return daemon_main(argc, argv);
141 inetd_main(int argc, char **argv)
143 char path[MAXPATHLEN];
144 struct sockaddr_storage me;
145 struct sockaddr_storage from;
146 socklen_t melen, fromlen;
150 char sbuf[NI_MAXSERV], snum[NI_MAXSERV];
152 if (config_load(configfile) < 0 && configfile) {
153 exit_failure("could not load config file");
157 if (strrchr(argv[0], '/') == NULL)
158 snprintf(path, sizeof(path), "%s/%s", DEFAULT_DIR, argv[0]);
160 snprintf(path, sizeof(path), "%s", argv[0]);
165 sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC);
167 exit_failure("socket(PF_ROUTE): %s", strerror(errno));
173 if (getsockname(STDIN_FILENO, (struct sockaddr *)&me, &melen) < 0) {
174 exit_failure("getsockname: %s", strerror(errno));
177 fromlen = sizeof(from);
178 if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) {
179 exit_failure("getpeername: %s", strerror(errno));
182 if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0,
183 sbuf, sizeof(sbuf), NI_NUMERICHOST) == 0)
186 service = DEFAULT_PORT_NAME;
187 if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0,
188 snum, sizeof(snum), NI_NUMERICHOST) != 0)
189 snprintf(snum, sizeof(snum), "?");
191 snprintf(logname, sizeof(logname), "faithd %s", snum);
192 snprintf(procname, sizeof(procname), "accepting port %s", snum);
193 openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);
195 if (argc >= MAXARGV) {
196 exit_failure("too many arguments");
199 serverarg[0] = serverpath = path;
200 for (i = 1; i < argc; i++)
201 serverarg[i] = argv[i];
204 error = setsockopt(STDIN_FILENO, SOL_SOCKET, SO_OOBINLINE, &on,
207 exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno));
211 play_child(STDIN_FILENO, (struct sockaddr *)&from);
212 exit_failure("should not reach here");
217 daemon_main(int argc, char **argv)
219 struct addrinfo hints, *res;
220 int s_wld, error, i, serverargc, on = 1;
221 int family = AF_INET6;
224 while ((c = getopt(argc, argv, "df:p")) != -1) {
243 if (config_load(configfile) < 0 && configfile) {
244 exit_failure("could not load config file");
258 serverargc = argc - NUMARG;
259 if (serverargc >= MAXARGV)
260 exit_stderr("too many arguments");
262 serverpath = strdup(argv[NUMPRG]);
264 exit_stderr("not enough core");
265 for (i = 0; i < serverargc; i++) {
266 serverarg[i] = strdup(argv[i + NUMARG]);
268 exit_stderr("not enough core");
272 case 1: /* no local service */
273 service = argv[NUMPRT];
280 * Opening wild card socket for this service.
283 memset(&hints, 0, sizeof(hints));
284 hints.ai_flags = AI_PASSIVE;
285 hints.ai_family = family;
286 hints.ai_socktype = SOCK_STREAM;
287 hints.ai_protocol = IPPROTO_TCP; /* SCTP? */
288 error = getaddrinfo(NULL, service, &hints, &res);
290 exit_failure("getaddrinfo: %s", gai_strerror(error));
292 s_wld = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
294 exit_failure("socket: %s", strerror(errno));
297 if (res->ai_family == AF_INET6) {
298 error = setsockopt(s_wld, IPPROTO_IPV6, IPV6_FAITH, &on, sizeof(on));
300 exit_failure("setsockopt(IPV6_FAITH): %s",
305 error = setsockopt(s_wld, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
307 exit_failure("setsockopt(SO_REUSEADDR): %s", strerror(errno));
309 error = setsockopt(s_wld, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on));
311 exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno));
314 error = setsockopt(s_wld, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on));
316 exit_failure("setsockopt(IPV6_V6ONLY): %s", strerror(errno));
319 error = bind(s_wld, (struct sockaddr *)res->ai_addr, res->ai_addrlen);
321 exit_failure("bind: %s", strerror(errno));
323 error = listen(s_wld, 5);
325 exit_failure("listen: %s", strerror(errno));
328 sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC);
330 exit_failure("socket(PF_ROUTE): %s", strerror(errno));
339 snprintf(logname, sizeof(logname), "faithd %s", service);
340 snprintf(procname, sizeof(procname), "accepting port %s", service);
341 openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);
342 syslog(LOG_INFO, "Staring faith daemon for %s port", service);
346 exit(1); /*pacify gcc*/
350 play_service(int s_wld)
352 struct sockaddr_storage srcaddr;
357 struct pollfd pfd[2];
365 * Wait, accept, fork, faith....
368 setproctitle("%s", procname);
372 pfd[0].events = POLLIN;
377 if (s_wld >= FD_SETSIZE)
378 exit_failure("descriptor too big");
379 FD_SET(s_wld, &rfds);
386 pfd[1].events = POLLIN;
388 if (sockfd >= FD_SETSIZE)
389 exit_failure("descriptor too big");
390 FD_SET(sockfd, &rfds);
391 maxfd = (maxfd < sockfd) ? sockfd : maxfd;
397 error = poll(pfd, sizeof(pfd)/sizeof(pfd[0]), INFTIM);
399 error = select(maxfd + 1, &rfds, NULL, NULL, NULL);
404 exit_failure("select: %s", strerror(errno));
410 if (pfd[1].revents & POLLIN)
412 if (FD_ISSET(sockfd, &rfds))
419 if (pfd[0].revents & POLLIN)
421 if (FD_ISSET(s_wld, &rfds))
424 len = sizeof(srcaddr);
425 s_src = accept(s_wld, (struct sockaddr *)&srcaddr, &len);
427 if (errno == ECONNABORTED)
429 exit_failure("socket: %s", strerror(errno));
432 if (srcaddr.ss_family == AF_INET6 &&
433 IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&srcaddr)->sin6_addr)) {
435 syslog(LOG_ERR, "connection from IPv4 mapped address?");
441 if (child_pid == 0) {
445 openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON);
446 play_child(s_src, (struct sockaddr *)&srcaddr);
447 exit_failure("should never reach here");
453 syslog(LOG_ERR, "can't fork");
460 play_child(int s_src, struct sockaddr *srcaddr)
462 struct sockaddr_storage dstaddr6;
463 struct sockaddr_storage dstaddr4;
464 char src[NI_MAXHOST];
465 char dst6[NI_MAXHOST];
466 char dst4[NI_MAXHOST];
467 socklen_t len = sizeof(dstaddr6);
468 int s_dst, error, hport, nresvport, on = 1;
470 struct sockaddr *sa4;
471 const struct config *conf;
476 getnameinfo(srcaddr, srcaddr->sa_len,
477 src, sizeof(src), NULL, 0, NI_NUMERICHOST);
478 syslog(LOG_INFO, "accepted a client from %s", src);
480 error = getsockname(s_src, (struct sockaddr *)&dstaddr6, &len);
482 exit_failure("getsockname: %s", strerror(errno));
486 getnameinfo((struct sockaddr *)&dstaddr6, len,
487 dst6, sizeof(dst6), NULL, 0, NI_NUMERICHOST);
488 syslog(LOG_INFO, "the client is connecting to %s", dst6);
490 if (!faith_prefix((struct sockaddr *)&dstaddr6)) {
495 syslog(LOG_INFO, "executing local %s", serverpath);
502 execv(serverpath, serverarg);
503 syslog(LOG_ERR, "execv %s: %s", serverpath,
508 exit_success("no local service for %s", service);
513 * Act as a translator
516 switch (((struct sockaddr *)&dstaddr6)->sa_family) {
518 if (!map6to4((struct sockaddr_in6 *)&dstaddr6,
519 (struct sockaddr_in *)&dstaddr4)) {
521 exit_failure("map6to4 failed");
524 syslog(LOG_INFO, "translating from v6 to v4");
528 exit_failure("family not supported");
532 sa4 = (struct sockaddr *)&dstaddr4;
533 getnameinfo(sa4, sa4->sa_len,
534 dst4, sizeof(dst4), NULL, 0, NI_NUMERICHOST);
536 conf = config_match(srcaddr, sa4);
537 if (!conf || !conf->permit) {
540 exit_failure("translation to %s not permitted for %s",
541 dst4, prefix_string(&conf->match));
544 exit_failure("translation to %s not permitted", dst4);
549 syslog(LOG_INFO, "the translator is connecting to %s", dst4);
551 setproctitle("port %s, %s -> %s", service, src, dst4);
553 if (sa4->sa_family == AF_INET6)
554 hport = ntohs(((struct sockaddr_in6 *)&dstaddr4)->sin6_port);
556 hport = ntohs(((struct sockaddr_in *)&dstaddr4)->sin_port);
559 s_dst = rresvport_af(&nresvport, sa4->sa_family);
561 s_dst = socket(sa4->sa_family, SOCK_STREAM, 0);
563 exit_failure("socket: %s", strerror(errno));
567 if (conf->src.a.ss_family) {
568 if (bind(s_dst, (const struct sockaddr *)&conf->src.a,
569 conf->src.a.ss_len) < 0) {
570 exit_failure("bind: %s", strerror(errno));
575 error = setsockopt(s_dst, SOL_SOCKET, SO_OOBINLINE, &on, sizeof(on));
577 exit_failure("setsockopt(SO_OOBINLINE): %s", strerror(errno));
581 error = setsockopt(s_src, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
583 exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno));
586 error = setsockopt(s_dst, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
588 exit_failure("setsockopt(SO_SNDTIMEO): %s", strerror(errno));
592 error = connect(s_dst, sa4, sa4->sa_len);
594 exit_failure("connect: %s", strerror(errno));
600 ftp_relay(s_src, s_dst);
603 tcp_relay(s_src, s_dst, service);
610 /* 0: non faith, 1: faith */
612 faith_prefix(struct sockaddr *dst)
616 struct in6_addr faith_prefix;
617 struct sockaddr_in6 *dst6 = (struct sockaddr_in *)dst;
619 if (dst->sa_family != AF_INET6)
624 mib[2] = IPPROTO_IPV6;
625 mib[3] = IPV6CTL_FAITH_PREFIX;
626 size = sizeof(struct in6_addr);
627 if (sysctl(mib, 4, &faith_prefix, &size, NULL, 0) < 0) {
628 exit_failure("sysctl: %s", strerror(errno));
632 if (memcmp(dst, &faith_prefix,
633 sizeof(struct in6_addr) - sizeof(struct in_addr) == 0) {
639 struct sockaddr_in6 *sin6;
640 struct sockaddr_in *sin4;
641 struct sockaddr_in6 *dst6;
642 struct sockaddr_in *dst4;
643 struct sockaddr_in dstmap;
645 dst6 = (struct sockaddr_in6 *)dst;
646 if (dst->sa_family == AF_INET6
647 && IN6_IS_ADDR_V4MAPPED(&dst6->sin6_addr)) {
649 memset(&dstmap, 0, sizeof(dstmap));
650 dstmap.sin_family = AF_INET;
651 dstmap.sin_len = sizeof(dstmap);
652 memcpy(&dstmap.sin_addr, &dst6->sin6_addr.s6_addr[12],
653 sizeof(dstmap.sin_addr));
654 dst = (struct sockaddr *)&dstmap;
657 dst6 = (struct sockaddr_in6 *)dst;
658 dst4 = (struct sockaddr_in *)dst;
660 for (p = myaddrs; p; p = p->next) {
661 sin6 = (struct sockaddr_in6 *)p->addr;
662 sin4 = (struct sockaddr_in *)p->addr;
664 if (p->addr->sa_len != dst->sa_len
665 || p->addr->sa_family != dst->sa_family)
668 switch (dst->sa_family) {
670 if (sin6->sin6_scope_id == dst6->sin6_scope_id
671 && IN6_ARE_ADDR_EQUAL(&sin6->sin6_addr, &dst6->sin6_addr))
675 if (sin4->sin_addr.s_addr == dst4->sin_addr.s_addr)
684 /* 0: non faith, 1: faith */
686 map6to4(struct sockaddr_in6 *dst6, struct sockaddr_in *dst4)
688 memset(dst4, 0, sizeof(*dst4));
689 dst4->sin_len = sizeof(*dst4);
690 dst4->sin_family = AF_INET;
691 dst4->sin_port = dst6->sin6_port;
692 memcpy(&dst4->sin_addr, &dst6->sin6_addr.s6_addr[12],
693 sizeof(dst4->sin_addr));
695 if (dst4->sin_addr.s_addr == INADDR_ANY
696 || dst4->sin_addr.s_addr == INADDR_BROADCAST
697 || IN_MULTICAST(ntohl(dst4->sin_addr.s_addr)))
710 while ((pid = wait3(&status, WNOHANG, (struct rusage *)0)) > 0)
711 if (WEXITSTATUS(status))
712 syslog(LOG_WARNING, "child %ld exit status 0x%x",
717 sig_terminate(int sig)
719 syslog(LOG_INFO, "Terminating faith daemon");
730 if (daemon(0, 0) == -1)
731 exit_stderr("daemon: %s", strerror(errno));
734 memset(&sa, 0, sizeof(sa));
735 sa.sa_handler = sig_child;
736 sa.sa_flags = SA_NOCLDWAIT;
737 sigemptyset(&sa.sa_mask);
738 sigaction(SIGCHLD, &sa, (struct sigaction *)0);
740 if (signal(SIGCHLD, sig_child) == SIG_ERR) {
741 exit_failure("signal CHLD: %s", strerror(errno));
746 if (signal(SIGTERM, sig_terminate) == SIG_ERR) {
747 exit_failure("signal TERM: %s", strerror(errno));
753 exit_stderr(const char *fmt, ...)
759 vsnprintf(buf, sizeof(buf), fmt, ap);
761 fprintf(stderr, "%s\n", buf);
766 exit_failure(const char *fmt, ...)
772 vsnprintf(buf, sizeof(buf), fmt, ap);
774 syslog(LOG_ERR, "%s", buf);
779 exit_success(const char *fmt, ...)
785 vsnprintf(buf, sizeof(buf), fmt, ap);
787 syslog(LOG_INFO, "%s", buf);
795 struct ifaddrs *ifap, *ifa;
797 struct sockaddr_in6 *sin6;
799 if (getifaddrs(&ifap) != 0) {
800 exit_failure("getifaddrs");
804 for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
805 switch (ifa->ifa_addr->sa_family) {
813 p = (struct myaddrs *)malloc(sizeof(struct myaddrs) +
814 ifa->ifa_addr->sa_len);
816 exit_failure("not enough core");
819 memcpy(p + 1, ifa->ifa_addr, ifa->ifa_addr->sa_len);
821 p->addr = (struct sockaddr *)(p + 1);
823 if (ifa->ifa_addr->sa_family == AF_INET6) {
824 sin6 = (struct sockaddr_in6 *)p->addr;
825 if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)
826 || IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) {
827 sin6->sin6_scope_id =
828 ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]);
829 sin6->sin6_addr.s6_addr[2] = 0;
830 sin6->sin6_addr.s6_addr[3] = 0;
836 char hbuf[NI_MAXHOST];
837 getnameinfo(p->addr, p->addr->sa_len,
838 hbuf, sizeof(hbuf), NULL, 0,
840 syslog(LOG_INFO, "my interface: %s %s", hbuf,
851 struct myaddrs *p, *q;
867 struct rt_msghdr *rtm;
869 len = read(sockfd, msg, sizeof(msg));
871 syslog(LOG_ERR, "read(PF_ROUTE) failed");
874 rtm = (struct rt_msghdr *)msg;
875 if (len < 4 || len < rtm->rtm_msglen) {
876 syslog(LOG_ERR, "read(PF_ROUTE) short read");
879 if (rtm->rtm_version != RTM_VERSION) {
880 syslog(LOG_ERR, "routing socket version mismatch");
885 switch (rtm->rtm_type) {
893 /* XXX more filters here? */
895 syslog(LOG_INFO, "update interface address list");
904 fprintf(stderr, "usage: %s [-dp] [-f conf] service [serverpath [serverargs]]\n",