aboutgitcodebugslistschat
path: root/passt.c
blob: 51b76c921ce384cacf5deb5bc71559ab6cbb35e2 (plain) (tree)
1
2
3
4
5
6
7
8
9

                                             
                                         
  
                                  
  
                                       
                                              
  



                                                                                





                       
                      
                         
                   


                            
                     


                       
                         









                          

                            
                 
                   
 
                  

                 
                
                 
                 

                
 

                                  
                                                                           

   
                                                                  


                                                        
                          
 
                                                 


                                           
          
 
                     
                                      


                                   
                               
                                                                         
                                           

                                   



                  



























                                                                           



                             


                     











                                                                  
   











                                                
                                                             

                                                      

                                                                                



                                                    


                                                                   
                                                                               






                                                                               

                         
                                                                   

                                                                          

                         










                                                  




                 
                                            
                                              





                                                                              
                                 
   
                                    
 


                                              
                                     
                              


                                        
                         

         
                                                      
                                            
                                              
 
                                                  




                                   











                                                                         
 

                                               

         
                            
 


                                       
















                                                         
                                                             








                                                                   

                                   


                                           
                                                          


                                                


                                          

                                                             

                                                              


                  
                         

                       
                                                   



                           
                                                                       



                                         
                                                             
 

                                                     

                                                     



                                                
 
                                             

                       


                                            
                                            


                                                                             
                

                                                         


                                                                     





                                                                            

         
                                         
                                                                   
                                              
                                                                   

                                                                    


   




                                                               
                                                             


                                                          

                                                     
                      
                  
 



                                              

                       


                                                                          
                                                                   


                                     
 
                                            

                                      


                                                                               
                

                                                         


                                                                     





                                                                              

         



                                                                     

                                                                      

 
   
                                                         
                                 

                                                              
   
                                     
 





                                  
 

























                                                                                


   
                                                
                                 

                                                   
   
                                                                
 

                     
 
                        
 


                                                              
                                                                             



                                                       
                                                
                                   
                                                


   
                                                                
                                 
                                                        
   
                                                               
 
                            
 
                                             

                                                          
 
                           
 
                    


   










                                             







                                                  
                                                

                                       
                                      
                                  
                             
                             
                            
 
                      
                               
 




                                                         





                                        









                                               


                                                 




                                                                    
      




                       




                                                                         
























                                                                                

                           






                                                                                         
 
                                                
                                                                         

                                                            
 

                                                   
     
                                                                           
                                           




                                     
                                                     
                                            
                                            

                                                                              
                 

         
                                      
 

                  

                 
// SPDX-License-Identifier: AGPL-3.0-or-later

/* PASST - Plug A Simple Socket Transport
 *
 * passt.c - Daemon implementation
 *
 * Copyright (c) 2020-2021 Red Hat GmbH
 * Author: Stefano Brivio <sbrivio@redhat.com>
 *
 * Grab Ethernet frames via AF_UNIX socket, build SOCK_DGRAM/SOCK_STREAM sockets
 * for each 5-tuple from TCP, UDP packets, perform connection tracking and
 * forward them. Forward packets received on sockets back to the UNIX domain
 * socket (typically, a socket virtio_net file descriptor from qemu).
 */

#include <stdio.h>
#include <sys/epoll.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/resource.h>
#include <sys/un.h>
#include <ifaddrs.h>
#include <linux/if_ether.h>
#include <linux/if_packet.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <linux/icmpv6.h>
#include <linux/if_link.h>
#include <net/ethernet.h>
#include <stdlib.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <netdb.h>
#include <string.h>
#include <errno.h>
#include <linux/ip.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
#include <time.h>
#include <syslog.h>

#include "passt.h"
#include "arp.h"
#include "dhcp.h"
#include "ndp.h"
#include "util.h"
#include "icmp.h"
#include "tcp.h"
#include "udp.h"

#define EPOLL_EVENTS		10

#define TIMER_INTERVAL		20 /* ms, for protocol periodic handlers */

/**
 * sock_unix() - Create and bind AF_UNIX socket, add to epoll list
 *
 * Return: newly created socket, doesn't return on error
 */
static int sock_unix(void)
{
	int fd = socket(AF_UNIX, SOCK_STREAM, 0);
	struct sockaddr_un addr = {
		.sun_family = AF_UNIX,
		.sun_path = UNIX_SOCK_PATH,
	};

	if (fd < 0) {
		perror("UNIX socket");
		exit(EXIT_FAILURE);
	}

	unlink(UNIX_SOCK_PATH);
	if (bind(fd, (const struct sockaddr *)&addr, sizeof(addr)) < 0) {
		perror("UNIX socket bind");
		exit(EXIT_FAILURE);
	}
	return fd;
}

/**
 * struct nl_request - Netlink request filled and sent by get_routes()
 * @nlh:	Netlink message header
 * @rtm:	Routing Netlink message
 */
struct nl_request {
	struct nlmsghdr nlh;
	struct rtmsg rtm;
};

/**
 * get_routes() - Get default route and fill in routable interface name
 * @c:		Execution context
 */
static void get_routes(struct ctx *c)
{
	struct nl_request req = {
		.nlh.nlmsg_type = RTM_GETROUTE,
		.nlh.nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP | NLM_F_EXCL,
		.nlh.nlmsg_len = sizeof(struct nl_request),
		.nlh.nlmsg_seq = 1,
		.rtm.rtm_family = AF_INET,
		.rtm.rtm_table = RT_TABLE_MAIN,
		.rtm.rtm_scope = RT_SCOPE_UNIVERSE,
		.rtm.rtm_type = RTN_UNICAST,
	};
	struct sockaddr_nl addr = {
		.nl_family = AF_NETLINK,
	};
	struct nlmsghdr *nlh;
	struct rtattr *rta;
	struct rtmsg *rtm;
	char buf[BUFSIZ];
	int s, n, na;

	c->v6 = -1;

	s = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
	if (s < 0) {
		perror("netlink socket");
		goto out;
	}

	if (bind(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
		perror("netlink bind");
		goto out;
	}

v6:
	if (send(s, &req, sizeof(req), 0) < 0) {
		perror("netlink send");
		goto out;
	}

	n = recv(s, &buf, sizeof(buf), 0);
	if (n < 0) {
		perror("netlink recv");
		goto out;
	}

	nlh = (struct nlmsghdr *)buf;
	for ( ; NLMSG_OK(nlh, n); nlh = NLMSG_NEXT(nlh, n)) {
		rtm = (struct rtmsg *)NLMSG_DATA(nlh);

		if (rtm->rtm_dst_len ||
		    (rtm->rtm_family != AF_INET && rtm->rtm_family != AF_INET6))
			continue;

		rta = (struct rtattr *)RTM_RTA(rtm);
		na = RTM_PAYLOAD(nlh);
		for ( ; RTA_OK(rta, na); rta = RTA_NEXT(rta, na)) {
			if (rta->rta_type == RTA_GATEWAY &&
			    rtm->rtm_family == AF_INET && !c->v4) {
				memcpy(&c->gw4, RTA_DATA(rta), sizeof(c->gw4));
				c->v4 = 1;
			}

			if (rta->rta_type == RTA_GATEWAY &&
			    rtm->rtm_family == AF_INET6 && !c->v6) {
				memcpy(&c->gw6, RTA_DATA(rta), sizeof(c->gw6));
				c->v6 = 1;
			}

			if (rta->rta_type == RTA_OIF && !*c->ifn) {
				if_indextoname(*(unsigned *)RTA_DATA(rta),
					       c->ifn);
			}
		}

		if (nlh->nlmsg_type == NLMSG_DONE)
			break;
	}

	if (c->v6 == -1) {
		c->v6 = 0;
		req.rtm.rtm_family = AF_INET6;
		req.nlh.nlmsg_seq++;
		recv(s, &buf, sizeof(buf), 0);
		goto v6;
	}

out:
	close(s);

	if (!(c->v4 || c->v6) || !*c->ifn) {
		err("No routing information");
		exit(EXIT_FAILURE);
	}
}

/**
 * get_addrs() - Fetch MAC, IP addresses, masks of external routable interface
 * @c:		Execution context
 */
static void get_addrs(struct ctx *c)
{
	struct ifreq ifr = {
		.ifr_addr.sa_family = AF_INET,
	};
	struct ifaddrs *ifaddr, *ifa;
	int s, v4 = 0, v6 = 0;

	if (getifaddrs(&ifaddr) == -1) {
		perror("getifaddrs");
		goto out;
	}

	for (ifa = ifaddr; ifa; ifa = ifa->ifa_next) {
		struct sockaddr_in *in_addr;
		struct sockaddr_in6 *in6_addr;

		if (strcmp(ifa->ifa_name, c->ifn))
			continue;

		if (!ifa->ifa_addr)
			continue;

		if (ifa->ifa_addr->sa_family == AF_INET && !v4) {
			in_addr = (struct sockaddr_in *)ifa->ifa_addr;
			c->addr4 = in_addr->sin_addr.s_addr;
			in_addr = (struct sockaddr_in *)ifa->ifa_netmask;
			c->mask4 = in_addr->sin_addr.s_addr;
			v4 = 1;
		} else if (ifa->ifa_addr->sa_family == AF_INET6 && !v6) {
			in6_addr = (struct sockaddr_in6 *)ifa->ifa_addr;
			memcpy(&c->addr6, &in6_addr->sin6_addr,
			       sizeof(c->addr6));
			v6 = 1;
		}

		if (v4 == c->v4 && v6 == c->v6)
			break;
	}

	freeifaddrs(ifaddr);

	if (v4 != c->v4 || v6 != c->v6)
		goto out;

	s = socket(AF_INET, SOCK_DGRAM, 0);
	if (s < 0) {
		perror("socket SIOCGIFHWADDR");
		goto out;
	}

	strncpy(ifr.ifr_name, c->ifn, IF_NAMESIZE);
	if (ioctl(s, SIOCGIFHWADDR, &ifr) < 0) {
		perror("SIOCGIFHWADDR");
		goto out;
	}

	close(s);
	memcpy(c->mac, ifr.ifr_hwaddr.sa_data, ETH_ALEN);

	return;
out:
	err("Couldn't get addresses for routable interface");
	exit(EXIT_FAILURE);
}

/**
 * get_dns() - Get nameserver addresses from local /etc/resolv.conf
 * @c:		Execution context
 */
static void get_dns(struct ctx *c)
{
	char buf[BUFSIZ], *p, *end;
	int dns4 = 0, dns6 = 0;
	FILE *r;

	r = fopen("/etc/resolv.conf", "r");
	while (fgets(buf, BUFSIZ, r) && !(dns4 && dns6)) {
		if (!strstr(buf, "nameserver "))
			continue;
		p = strrchr(buf, ' ');
		end = strpbrk(buf, "%\n");
		if (end)
			*end = 0;
		if (p && inet_pton(AF_INET, p + 1, &c->dns4))
			dns4 = 1;
		if (p && inet_pton(AF_INET6, p + 1, &c->dns6))
			dns6 = 1;
	}

	fclose(r);
	if (dns4 || dns6)
		return;

	err("Couldn't get any nameserver address");
	exit(EXIT_FAILURE);
}

/**
 * tap4_handler() - IPv4 and ARP packet handler for tap file descriptor
 * @c:		Execution context
 * @len:	Total L2 packet length
 * @in:		Packet buffer, L2 headers
 */
static void tap4_handler(struct ctx *c, char *in, size_t len)
{
	struct ethhdr *eh = (struct ethhdr *)in;
	struct iphdr *iph = (struct iphdr *)(eh + 1);
	char buf_s[BUFSIZ] __attribute((__unused__));
	char buf_d[BUFSIZ] __attribute((__unused__));
	char *l4h;

	if (arp(c, eh, len) || dhcp(c, eh, len))
		return;

	if (len < sizeof(*eh) + sizeof(*iph))
		return;

	l4h = (char *)iph + iph->ihl * 4;
	len -= (intptr_t)l4h - (intptr_t)eh;

	if (iph->protocol == IPPROTO_ICMP) {
		debug("icmp from tap: %s -> %s",
		      inet_ntop(AF_INET, &iph->saddr, buf_s, sizeof(buf_s)),
		      inet_ntop(AF_INET, &iph->daddr, buf_d, sizeof(buf_d)));
	} else {
		struct tcphdr *th = (struct tcphdr *)l4h;

		if (len < sizeof(*th) && len < sizeof(struct udphdr))
			return;

		debug("%s from tap: %s:%i -> %s:%i",
		      getprotobynumber(iph->protocol)->p_name,
		      inet_ntop(AF_INET, &iph->saddr, buf_s, sizeof(buf_s)),
		      ntohs(th->source),
		      inet_ntop(AF_INET, &iph->daddr, buf_d, sizeof(buf_d)),
		      ntohs(th->dest));
	}

	if (iph->protocol == IPPROTO_TCP)
		tcp_tap_handler(c, AF_INET, &iph->daddr, l4h, len);
	else if (iph->protocol == IPPROTO_UDP)
		udp_tap_handler(c, AF_INET, &iph->daddr, l4h, len);
	else if (iph->protocol == IPPROTO_ICMP)
		icmp_tap_handler(c, AF_INET, &iph->daddr, l4h, len);
}

/**
 * tap6_handler() - IPv6 packet handler for tap file descriptor
 * @c:		Execution context
 * @len:	Total L2 packet length
 * @in:		Packet buffer, L2 headers
 */
static void tap6_handler(struct ctx *c, char *in, size_t len)
{
	struct ethhdr *eh = (struct ethhdr *)in;
	struct ipv6hdr *ip6h = (struct ipv6hdr *)(eh + 1);
	char buf_s[BUFSIZ] __attribute((__unused__));
	char buf_d[BUFSIZ] __attribute((__unused__));
	uint8_t proto;
	char *l4h;

	if (len < sizeof(*eh) + sizeof(*ip6h))
		return;

	if (ndp(c, eh, len))
		return;

	l4h = ipv6_l4hdr(ip6h, &proto);

	/* TODO: Assign MAC address to guest so that, together with prefix
	 * assigned via NDP, address matches the one from the host.
	 */
	c->addr6_guest = ip6h->saddr;
	ip6h->saddr = c->addr6;

	len -= (intptr_t)l4h - (intptr_t)eh;

	if (proto == IPPROTO_ICMPV6) {
		debug("icmpv6 from tap: %s ->\n\t%s",
		      inet_ntop(AF_INET6, &ip6h->saddr, buf_s, sizeof(buf_s)),
		      inet_ntop(AF_INET6, &ip6h->daddr, buf_d, sizeof(buf_d)));
	} else {
		struct tcphdr *th = (struct tcphdr *)l4h;

		if (len < sizeof(*th) && len < sizeof(struct udphdr))
			return;

		debug("%s from tap: [%s]:%i\n\t-> [%s]:%i",
		      getprotobynumber(proto)->p_name,
		      inet_ntop(AF_INET6, &ip6h->saddr, buf_s, sizeof(buf_s)),
		      ntohs(th->source),
		      inet_ntop(AF_INET6, &ip6h->daddr, buf_d, sizeof(buf_d)),
		      ntohs(th->dest));
	}

	if (proto == IPPROTO_TCP)
		tcp_tap_handler(c, AF_INET6, &ip6h->daddr, l4h, len);
	else if (proto == IPPROTO_UDP)
		udp_tap_handler(c, AF_INET6, &ip6h->daddr, l4h, len);
	else if (proto == IPPROTO_ICMPV6)
		icmp_tap_handler(c, AF_INET6, &ip6h->daddr, l4h, len);
}

/**
 * tap_handler() - Packet handler for tap file descriptor
 * @c:		Execution context
 *
 * Return: -ECONNRESET if tap connection was lost, 0 otherwise
 */
static int tap_handler(struct ctx *c)
{
	char buf[ETH_MAX_MTU];
	struct ethhdr *eh;
	uint32_t vnet_len;
	ssize_t n;

	eh = (struct ethhdr *)buf;

	while ((n = recv(c->fd_unix, &vnet_len, 4, MSG_DONTWAIT)) == 4) {
		n = recv(c->fd_unix, buf, ntohl(vnet_len), MSG_DONTWAIT);

		if (n < (ssize_t)sizeof(*eh))
			break;

		switch (ntohs(eh->h_proto)) {
		case ETH_P_IP:
		case ETH_P_ARP:
			tap4_handler(c, buf, n);
			break;
		case ETH_P_IPV6:
			tap6_handler(c, buf, n);
			break;
		default:
			break;
		}
	}

	if (n >= 0 || errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)
		return 0;

	epoll_ctl(c->epollfd, EPOLL_CTL_DEL, c->fd_unix, NULL);
	close(c->fd_unix);

	return -ECONNRESET;
}

/**
 * sock_handler() - Event handler for L4 sockets
 * @c:		Execution context
 * @fd:		File descriptor associated to event
 * @events	epoll events
 */
static void sock_handler(struct ctx *c, int fd, uint32_t events)
{
	socklen_t sl;
	int so;

	sl = sizeof(so);

	if (getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &so, &sl))
		return;

	debug("%s: packet from socket %i", getprotobynumber(so)->p_name, fd);

	if (so == IPPROTO_ICMP || so == IPPROTO_ICMPV6)
		icmp_sock_handler(c, fd, events);
	else if (so == IPPROTO_TCP)
		tcp_sock_handler(c, fd, events);
	else if (so == IPPROTO_UDP)
		udp_sock_handler(c, fd, events);
}

/**
 * timer_handler() - Run periodic tasks for L4 protocol handlers
 * @c:		Execution context
 * @last:	Timestamp of last run, updated on return
 */
static void timer_handler(struct ctx *c, struct timespec *last)
{
	struct timespec tmp;

	clock_gettime(CLOCK_MONOTONIC, &tmp);
	if (timespec_diff_ms(&tmp, last) < TIMER_INTERVAL)
		return;

	tcp_timer(c, &tmp);

	*last = tmp;
}

/**
 * usage() - Print usage and exit
 * @name:	Executable name
 */
void usage(const char *name)
{
	fprintf(stderr, "Usage: %s\n", name);

	exit(EXIT_FAILURE);
}

/**
 * main() - Entry point and main loop
 * @argc:	Argument count
 * @argv:	Interface names
 *
 * Return: 0 once interrupted, non-zero on failure
 */
int main(int argc, char **argv)
{
	struct epoll_event events[EPOLL_EVENTS];
	char buf6[3][INET6_ADDRSTRLEN];
	char buf4[4][INET_ADDRSTRLEN];
	struct epoll_event ev = { 0 };
	struct timespec last_time;
	struct ctx c = { 0 };
	int nfds, i, fd_unix;
	struct rlimit limit;

	if (argc != 1)
		usage(argv[0]);

	if (clock_gettime(CLOCK_MONOTONIC, &last_time)) {
		perror("clock_gettime");
		exit(EXIT_FAILURE);
	}

	c.epollfd = epoll_create1(0);
	if (c.epollfd == -1) {
		perror("epoll_create1");
		exit(EXIT_FAILURE);
	}

	if (getrlimit(RLIMIT_NOFILE, &limit)) {
		perror("getrlimit");
		exit(EXIT_FAILURE);
	}
	limit.rlim_cur = limit.rlim_max;
	if (setrlimit(RLIMIT_NOFILE, &limit)) {
		perror("setrlimit");
		exit(EXIT_FAILURE);
	}

#if DEBUG
	openlog("passt", LOG_PERROR, LOG_DAEMON);
#else
	openlog("passt", 0, LOG_DAEMON);
	if (daemon(0, 0)) {
		fprintf(stderr, "Failed to fork into background\n");
		exit(EXIT_FAILURE);
	}
#endif

	get_routes(&c);
	get_addrs(&c);
	get_dns(&c);

	fd_unix = sock_unix();

	if (icmp_sock_init(&c) || tcp_sock_init(&c) || udp_sock_init(&c))
		exit(EXIT_FAILURE);

	if (c.v4) {
		info("ARP:");
		info("    address: %02x:%02x:%02x:%02x:%02x:%02x from %s",
		     c.mac[0], c.mac[1], c.mac[2], c.mac[3], c.mac[4], c.mac[5],
		     c.ifn);
		info("DHCP:");
		info("    assign: %s",
		     inet_ntop(AF_INET, &c.addr4, buf4[0], sizeof(buf4[0])));
		info("    mask: %s",
		     inet_ntop(AF_INET, &c.mask4, buf4[0], sizeof(buf4[0])));
		info("    router: %s",
		     inet_ntop(AF_INET, &c.gw4,   buf4[2], sizeof(buf4[2])));
		info("    DNS: %s",
		     inet_ntop(AF_INET, &c.dns4,  buf4[3], sizeof(buf4[3])));
	}
	if (c.v6) {
		info("NDP:");
		info("    assign: %s",
		     inet_ntop(AF_INET6, &c.addr6, buf6[0], sizeof(buf6[0])));
		info("    router: %s",
		     inet_ntop(AF_INET6, &c.gw6,   buf6[1], sizeof(buf6[1])));
		info("    DNS: %s",
		     inet_ntop(AF_INET6, &c.dns6,  buf6[2], sizeof(buf6[2])));
	}

listen:
	listen(fd_unix, 1);
	info("You can now start qrap:");
	info("    ./qrap 5 kvm ... -net socket,fd=5 -net nic,model=virtio");
	info("or directly qemu, patched with:");
	info("    qemu/0001-net-Allow-also-UNIX-domain-sockets-to-be-used-as-net.patch");
	info("as follows:");
	info("kvm ... -net socket,connect="
	     UNIX_SOCK_PATH " -net nic,model=virtio");

	c.fd_unix = accept(fd_unix, NULL, NULL);
	ev.events = EPOLLIN | EPOLLET | EPOLLRDHUP | EPOLLERR | EPOLLHUP;
	ev.data.fd = c.fd_unix;
	epoll_ctl(c.epollfd, EPOLL_CTL_ADD, c.fd_unix, &ev);

	clock_gettime(CLOCK_MONOTONIC, &last_time);

loop:
	nfds = epoll_wait(c.epollfd, events, EPOLL_EVENTS, TIMER_INTERVAL);
	if (nfds == -1 && errno != EINTR) {
		perror("epoll_wait");
		exit(EXIT_FAILURE);
	}

	for (i = 0; i < nfds; i++) {
		if (events[i].data.fd == c.fd_unix) {
			if (tap_handler(&c))
				goto listen;
		} else {
			sock_handler(&c, events[i].data.fd, events[i].events);
		}
	}

	timer_handler(&c, &last_time);

	goto loop;

	return 0;
}