HardenedBSD/usr.sbin/ppp/netgraph.c
Warner Losh b3e7694832 Remove $FreeBSD$: two-line .h pattern
Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
2023-08-16 11:54:16 -06:00

744 lines
21 KiB
C

/*-
* SPDX-License-Identifier: BSD-2-Clause
*
* Copyright (c) 2000 Brian Somers <brian@Awfulhak.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <netgraph.h>
#include <net/ethernet.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netgraph/ng_ether.h>
#include <netgraph/ng_message.h>
#include <netgraph/ng_socket.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sysexits.h>
#include <sys/fcntl.h>
#include <sys/uio.h>
#include <termios.h>
#include <sys/time.h>
#include <unistd.h>
#include "layer.h"
#include "defs.h"
#include "mbuf.h"
#include "log.h"
#include "timer.h"
#include "lqr.h"
#include "hdlc.h"
#include "throughput.h"
#include "fsm.h"
#include "lcp.h"
#include "ccp.h"
#include "link.h"
#include "async.h"
#include "descriptor.h"
#include "physical.h"
#include "main.h"
#include "mp.h"
#include "chat.h"
#include "auth.h"
#include "chap.h"
#include "cbcp.h"
#include "datalink.h"
#include "slcompress.h"
#include "iplist.h"
#include "ncpaddr.h"
#include "ipcp.h"
#include "ipv6cp.h"
#include "ncp.h"
#include "filter.h"
#ifndef NORADIUS
#include "radius.h"
#endif
#include "bundle.h"
#include "id.h"
#include "netgraph.h"
struct ngdevice {
struct device dev; /* What struct physical knows about */
int cs; /* Control socket */
char hook[NG_HOOKSIZ]; /* Our socket node hook */
};
#define device2ng(d) ((d)->type == NG_DEVICE ? (struct ngdevice *)d : NULL)
#define NG_MSGBUFSZ 4096
#define NETGRAPH_PREFIX "netgraph:"
unsigned
ng_DeviceSize(void)
{
return sizeof(struct ngdevice);
}
static int
ng_MessageOut(struct ngdevice *dev, const char *data)
{
char path[NG_PATHSIZ];
char *fmt;
size_t len;
int pos, dpos;
/*
* We expect a node path, one or more spaces, a command, one or more
* spaces and an ascii netgraph structure.
*/
data += strspn(data, " \t");
len = strcspn(data, " \t");
if (len >= sizeof path) {
log_Printf(LogWARN, "%s: %.*s: Node path too long\n",
dev->dev.name, len, data);
return 0;
}
memcpy(path, data, len);
path[len] = '\0';
data += len;
data += strspn(data, " \t");
len = strcspn(data, " \t");
for (pos = len; pos >= 0; pos--)
if (data[pos] == '%')
len++;
if ((fmt = alloca(len + 4)) == NULL) {
log_Printf(LogWARN, "%s: alloca(%d) failure... %s\n",
dev->dev.name, len + 4, strerror(errno));
return 0;
}
/*
* This is probably a waste of time, but we really don't want to end
* up stuffing unexpected % escapes into the kernel....
*/
for (pos = dpos = 0; pos < (int)len;) {
if (data[dpos] == '%')
fmt[pos++] = '%';
fmt[pos++] = data[dpos++];
}
strcpy(fmt + pos, " %s");
data += dpos;
data += strspn(data, " \t");
if (NgSendAsciiMsg(dev->cs, path, fmt, data) < 0) {
log_Printf(LogDEBUG, "%s: NgSendAsciiMsg (to %s): \"%s\", \"%s\": %s\n",
dev->dev.name, path, fmt, data, strerror(errno));
return 0;
}
return 1;
}
/*
* Get a netgraph message
*/
static ssize_t
ng_MessageIn(struct physical *p, char *buf, size_t sz)
{
char msgbuf[sizeof(struct ng_mesg) * 2 + NG_MSGBUFSZ];
struct ngdevice *dev = device2ng(p->handler);
struct ng_mesg *rep = (struct ng_mesg *)msgbuf;
char path[NG_PATHSIZ];
size_t len;
#ifdef BROKEN_SELECT
struct timeval t;
fd_set *r;
int ret;
if (dev->cs < 0)
return 0;
if ((r = mkfdset()) == NULL) {
log_Printf(LogERROR, "DoLoop: Cannot create fd_set\n");
return -1;
}
zerofdset(r);
FD_SET(dev->cs, r);
t.tv_sec = t.tv_usec = 0;
ret = select(dev->cs + 1, r, NULL, NULL, &t);
free(r);
if (ret <= 0)
return 0;
#endif
if (NgRecvAsciiMsg(dev->cs, rep, sizeof msgbuf, path)) {
log_Printf(LogWARN, "%s: NgRecvAsciiMsg: %s\n",
dev->dev.name, strerror(errno));
return -1;
}
/* XXX: Should we check rep->header.version ? */
if (sz == 0)
log_Printf(LogWARN, "%s: Unexpected message: %s\n", dev->dev.name,
rep->header.cmdstr);
else {
log_Printf(LogDEBUG, "%s: Received message: %s\n", dev->dev.name,
rep->header.cmdstr);
len = strlen(rep->header.cmdstr);
if (sz > len)
sz = len;
memcpy(buf, rep->header.cmdstr, sz);
}
return sz;
}
static ssize_t
ng_Write(struct physical *p, const void *v, size_t n)
{
struct ngdevice *dev = device2ng(p->handler);
switch (p->dl->state) {
case DATALINK_DIAL:
case DATALINK_LOGIN:
return ng_MessageOut(dev, v) ? (ssize_t)n : -1;
}
return NgSendData(p->fd, dev->hook, v, n) == -1 ? -1 : (ssize_t)n;
}
static ssize_t
ng_Read(struct physical *p, void *v, size_t n)
{
char hook[NG_HOOKSIZ];
switch (p->dl->state) {
case DATALINK_DIAL:
case DATALINK_LOGIN:
return ng_MessageIn(p, v, n);
}
return NgRecvData(p->fd, v, n, hook);
}
static int
ng_RemoveFromSet(struct physical *p, fd_set *r, fd_set *w, fd_set *e)
{
struct ngdevice *dev = device2ng(p->handler);
int result;
if (r && dev->cs >= 0 && FD_ISSET(dev->cs, r)) {
FD_CLR(dev->cs, r);
log_Printf(LogTIMER, "%s: fdunset(ctrl) %d\n", p->link.name, dev->cs);
result = 1;
} else
result = 0;
/* Careful... physical_RemoveFromSet() called us ! */
p->handler->removefromset = NULL;
result += physical_RemoveFromSet(p, r, w, e);
p->handler->removefromset = ng_RemoveFromSet;
return result;
}
static void
ng_Free(struct physical *p)
{
struct ngdevice *dev = device2ng(p->handler);
physical_SetDescriptor(p);
if (dev->cs != -1)
close(dev->cs);
free(dev);
}
static void
ng_device2iov(struct device *d, struct iovec *iov, int *niov,
int maxiov __unused, int *auxfd, int *nauxfd)
{
struct ngdevice *dev;
int sz = physical_MaxDeviceSize();
iov[*niov].iov_base = d = realloc(d, sz);
if (d == NULL) {
log_Printf(LogALERT, "Failed to allocate memory: %d\n", sz);
AbortProgram(EX_OSERR);
}
iov[*niov].iov_len = sz;
(*niov)++;
dev = device2ng(d);
*auxfd = dev->cs;
(*nauxfd)++;
}
static const struct device basengdevice = {
NG_DEVICE,
"netgraph",
0,
{ CD_REQUIRED, DEF_NGCDDELAY },
NULL,
ng_RemoveFromSet,
NULL,
NULL,
NULL,
NULL,
NULL,
ng_Free,
ng_Read,
ng_Write,
ng_device2iov,
NULL,
NULL,
NULL
};
struct device *
ng_iov2device(int type, struct physical *p, struct iovec *iov, int *niov,
int maxiov __unused, int *auxfd, int *nauxfd)
{
if (type == NG_DEVICE) {
struct ngdevice *dev = (struct ngdevice *)iov[(*niov)++].iov_base;
dev = realloc(dev, sizeof *dev); /* Reduce to the correct size */
if (dev == NULL) {
log_Printf(LogALERT, "Failed to allocate memory: %d\n",
(int)(sizeof *dev));
AbortProgram(EX_OSERR);
}
if (*nauxfd) {
dev->cs = *auxfd;
(*nauxfd)--;
} else
dev->cs = -1;
/* Refresh function pointers etc */
memcpy(&dev->dev, &basengdevice, sizeof dev->dev);
/* XXX: Are netgraph always synchronous ? */
physical_SetupStack(p, dev->dev.name, PHYSICAL_FORCE_SYNCNOACF);
return &dev->dev;
}
return NULL;
}
static int
ng_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)
{
struct physical *p = descriptor2physical(d);
struct ngdevice *dev = device2ng(p->handler);
int result;
switch (p->dl->state) {
case DATALINK_DIAL:
case DATALINK_LOGIN:
if (r) {
FD_SET(dev->cs, r);
log_Printf(LogTIMER, "%s(ctrl): fdset(r) %d\n", p->link.name, dev->cs);
result = 1;
} else
result = 0;
break;
default:
result = physical_doUpdateSet(d, r, w, e, n, 0);
break;
}
return result;
}
static int
ng_IsSet(struct fdescriptor *d, const fd_set *fdset)
{
struct physical *p = descriptor2physical(d);
struct ngdevice *dev = device2ng(p->handler);
int result;
result = dev->cs >= 0 && FD_ISSET(dev->cs, fdset);
result += physical_IsSet(d, fdset);
return result;
}
static void
ng_DescriptorRead(struct fdescriptor *d, struct bundle *bundle,
const fd_set *fdset)
{
struct physical *p = descriptor2physical(d);
struct ngdevice *dev = device2ng(p->handler);
if (dev->cs >= 0 && FD_ISSET(dev->cs, fdset))
ng_MessageIn(p, NULL, 0);
if (physical_IsSet(d, fdset))
physical_DescriptorRead(d, bundle, fdset);
}
static struct device *
ng_Abandon(struct ngdevice *dev, struct physical *p)
{
/* Abandon our node construction */
close(dev->cs);
close(p->fd);
p->fd = -2; /* Nobody else need try.. */
free(dev);
return NULL;
}
/*
* Populate the ``word'' (of size ``sz'') named ``what'' from ``from''
* ending with any character from ``sep''. Point ``endp'' at the next
* word.
*/
#define GETSEGMENT(what, from, sep, endp) \
getsegment(#what, (what), sizeof(what), from, sep, endp)
static int
getsegment(const char *what, char *word, size_t sz, const char *from,
const char *sep, const char **endp)
{
size_t len;
if ((len = strcspn(from, sep)) == 0) {
log_Printf(LogWARN, "%s name should not be empty !\n", what);
return 0;
}
if (len >= sz) {
log_Printf(LogWARN, "%s name too long, max %d !\n", what, sz - 1);
return 0;
}
strncpy(word, from, len);
word[len] = '\0';
*endp = from + len;
*endp += strspn(*endp, sep);
return 1;
}
struct device *
ng_Create(struct physical *p)
{
struct sockaddr_ng ngsock;
u_char rbuf[2048];
struct sockaddr *sock = (struct sockaddr *)&ngsock;
const struct hooklist *hlist;
const struct nodeinfo *ninfo;
const struct linkinfo *nlink;
struct ngdevice *dev;
struct ng_mesg *resp;
struct ngm_mkpeer mkp;
struct ngm_connect ngc;
const char *devp, *endp;
char lasthook[NG_HOOKSIZ];
char hook[NG_HOOKSIZ];
char nodetype[NG_TYPESIZ + NG_NODESIZ];
char modname[NG_TYPESIZ + 3];
char path[NG_PATHSIZ];
char *nodename;
int len, sz, done;
unsigned f;
dev = NULL;
if (p->fd < 0 && !strncasecmp(p->name.full, NETGRAPH_PREFIX,
sizeof NETGRAPH_PREFIX - 1)) {
p->fd--; /* We own the device - change fd */
if ((dev = malloc(sizeof *dev)) == NULL)
return NULL;
loadmodules(LOAD_VERBOSLY, "netgraph", "ng_socket", NULL);
/* Create a socket node */
if (ID0NgMkSockNode(NULL, &dev->cs, &p->fd) == -1) {
log_Printf(LogWARN, "Cannot create netgraph socket node: %s\n",
strerror(errno));
free(dev);
p->fd = -2;
return NULL;
}
devp = p->name.full + sizeof NETGRAPH_PREFIX - 1;
*lasthook = *path = '\0';
log_Printf(LogDEBUG, "%s: Opening netgraph device \"%s\"\n",
p->link.name, devp);
done = 0;
while (*devp != '\0' && !done) {
if (*devp != '[') {
if (*lasthook == '\0') {
log_Printf(LogWARN, "%s: Netgraph devices must start with"
" [nodetype:nodename]\n", p->link.name);
return ng_Abandon(dev, p);
}
/* Get the hook name of the new node */
if (!GETSEGMENT(hook, devp, ".[", &endp))
return ng_Abandon(dev, p);
log_Printf(LogDEBUG, "%s: Got hook \"%s\"\n", p->link.name, hook);
devp = endp;
if (*devp == '\0') {
log_Printf(LogWARN, "%s: Netgraph device must not end with a second"
" hook\n", p->link.name);
return ng_Abandon(dev, p);
}
if (devp[-1] != '[') {
log_Printf(LogWARN, "%s: Expected a [nodetype:nodename] at device"
" pos %d\n", p->link.name, devp - p->link.name - 1);
return ng_Abandon(dev, p);
}
} else {
/* Use lasthook as the hook name */
strcpy(hook, lasthook);
devp++;
}
/* We've got ``lasthook'' and ``hook'', get the node type */
if (!GETSEGMENT(nodetype, devp, "]", &endp))
return ng_Abandon(dev, p);
log_Printf(LogDEBUG, "%s: Got node \"%s\"\n", p->link.name, nodetype);
if ((nodename = strchr(nodetype, ':')) != NULL) {
*nodename++ = '\0';
if (*nodename == '\0' && *nodetype == '\0') {
log_Printf(LogWARN, "%s: Empty [nodetype:nodename] at device"
" pos %d\n", p->link.name, devp - p->link.name - 1);
return ng_Abandon(dev, p);
}
}
/* Ignore optional colons after nodes */
devp = *endp == ':' ? endp + 1 : endp;
if (*devp == '.')
devp++;
if (*lasthook == '\0') {
/* This is the first node in the chain */
if (nodename == NULL || *nodename == '\0') {
log_Printf(LogWARN, "%s: %s: No initial device nodename\n",
p->link.name, devp);
return ng_Abandon(dev, p);
}
if (*nodetype != '\0') {
/* Attempt to load the module */
snprintf(modname, sizeof modname, "ng_%s", nodetype);
log_Printf(LogDEBUG, "%s: Attempting to load %s.ko\n",
p->link.name, modname);
loadmodules(LOAD_QUIETLY, modname, NULL);
}
snprintf(path, sizeof path, "%s:", nodename);
/* XXX: If we have a node type, ensure it's correct */
} else {
/*
* Ask for a list of hooks attached to the previous node. If we
* find the one we're interested in, and if it's connected to a
* node of the right type using the correct hook, use that.
* If we find the hook connected to something else, fail.
* If we find no match, mkpeer the new node.
*/
if (*nodetype == '\0') {
log_Printf(LogWARN, "%s: Nodetype missing at device offset %d\n",
p->link.name,
devp - p->name.full + sizeof NETGRAPH_PREFIX - 1);
return ng_Abandon(dev, p);
}
/* Get a list of node hooks */
if (NgSendMsg(dev->cs, path, NGM_GENERIC_COOKIE, NGM_LISTHOOKS,
NULL, 0) < 0) {
log_Printf(LogWARN, "%s: %s Cannot send a LISTHOOOKS message: %s\n",
p->link.name, path, strerror(errno));
return ng_Abandon(dev, p);
}
/* Get our list back */
resp = (struct ng_mesg *)rbuf;
if (NgRecvMsg(dev->cs, resp, sizeof rbuf, NULL) <= 0) {
log_Printf(LogWARN, "%s: Cannot get netgraph response: %s\n",
p->link.name, strerror(errno));
return ng_Abandon(dev, p);
}
hlist = (const struct hooklist *)resp->data;
ninfo = &hlist->nodeinfo;
log_Printf(LogDEBUG, "List of netgraph node ``%s'' (id %x) hooks:\n",
path, ninfo->id);
/* look for a hook already attached. */
for (f = 0; f < ninfo->hooks; f++) {
nlink = &hlist->link[f];
log_Printf(LogDEBUG, " Found %s -> %s (type %s)\n", nlink->ourhook,
nlink->peerhook, nlink->nodeinfo.type);
if (!strcmp(nlink->ourhook, lasthook)) {
if (strcmp(nlink->peerhook, hook) ||
strcmp(nlink->nodeinfo.type, nodetype)) {
log_Printf(LogWARN, "%s: hook %s:%s is already in use\n",
p->link.name, nlink->ourhook, path);
return ng_Abandon(dev, p);
}
/* The node is already hooked up nicely.... reuse it */
break;
}
}
if (f == ninfo->hooks) {
/* Attempt to load the module */
snprintf(modname, sizeof modname, "ng_%s", nodetype);
log_Printf(LogDEBUG, "%s: Attempting to load %s.ko\n",
p->link.name, modname);
loadmodules(LOAD_QUIETLY, modname, NULL);
/* Create (mkpeer) the new node */
snprintf(mkp.type, sizeof mkp.type, "%s", nodetype);
snprintf(mkp.ourhook, sizeof mkp.ourhook, "%s", lasthook);
snprintf(mkp.peerhook, sizeof mkp.peerhook, "%s", hook);
log_Printf(LogDEBUG, "%s: Doing MKPEER %s%s -> %s (type %s)\n",
p->link.name, path, mkp.ourhook, mkp.peerhook, nodetype);
if (NgSendMsg(dev->cs, path, NGM_GENERIC_COOKIE,
NGM_MKPEER, &mkp, sizeof mkp) < 0) {
log_Printf(LogWARN, "%s Cannot create %s netgraph node: %s\n",
path, nodetype, strerror(errno));
return ng_Abandon(dev, p);
}
}
len = strlen(path);
snprintf(path + len, sizeof path - len, "%s%s",
path[len - 1] == ':' ? "" : ".", lasthook);
}
/* Get a list of node hooks */
if (NgSendMsg(dev->cs, path, NGM_GENERIC_COOKIE, NGM_LISTHOOKS,
NULL, 0) < 0) {
log_Printf(LogWARN, "%s: %s Cannot send a LISTHOOOKS message: %s\n",
p->link.name, path, strerror(errno));
return ng_Abandon(dev, p);
}
/* Get our list back */
resp = (struct ng_mesg *)rbuf;
if (NgRecvMsg(dev->cs, resp, sizeof rbuf, NULL) <= 0) {
log_Printf(LogWARN, "%s: Cannot get netgraph response: %s\n",
p->link.name, strerror(errno));
return ng_Abandon(dev, p);
}
hlist = (const struct hooklist *)resp->data;
ninfo = &hlist->nodeinfo;
if (*lasthook != '\0' && nodename != NULL && *nodename != '\0' &&
strcmp(ninfo->name, nodename) &&
NgNameNode(dev->cs, path, "%s", nodename) < 0) {
log_Printf(LogWARN, "%s: %s: Cannot name netgraph node: %s\n",
p->link.name, path, strerror(errno));
return ng_Abandon(dev, p);
}
if (!GETSEGMENT(lasthook, devp, " \t.[", &endp))
return ng_Abandon(dev, p);
log_Printf(LogDEBUG, "%s: Got hook \"%s\"\n", p->link.name, lasthook);
len = strlen(lasthook);
done = strchr(" \t", devp[len]) ? 1 : 0;
devp = endp;
if (*devp != '\0') {
if (devp[-1] == '[')
devp--;
} /* else should moan about devp[-1] being '[' ? */
}
snprintf(dev->hook, sizeof dev->hook, "%s", lasthook);
/* Connect the node to our socket node */
snprintf(ngc.path, sizeof ngc.path, "%s", path);
snprintf(ngc.ourhook, sizeof ngc.ourhook, "%s", dev->hook);
memcpy(ngc.peerhook, ngc.ourhook, sizeof ngc.peerhook);
log_Printf(LogDEBUG, "Connecting netgraph socket .:%s -> %s.%s\n",
ngc.ourhook, ngc.path, ngc.peerhook);
if (NgSendMsg(dev->cs, ".:", NGM_GENERIC_COOKIE,
NGM_CONNECT, &ngc, sizeof ngc) < 0) {
log_Printf(LogWARN, "Cannot connect %s and socket netgraph "
"nodes: %s\n", path, strerror(errno));
return ng_Abandon(dev, p);
}
/* Hook things up so that we monitor dev->cs */
p->desc.UpdateSet = ng_UpdateSet;
p->desc.IsSet = ng_IsSet;
p->desc.Read = ng_DescriptorRead;
memcpy(&dev->dev, &basengdevice, sizeof dev->dev);
} else {
/* See if we're a netgraph socket */
sz = sizeof ngsock;
if (getsockname(p->fd, sock, &sz) != -1 && sock->sa_family == AF_NETGRAPH) {
/*
* It's a netgraph node... We can't determine hook names etc, so we
* stay pretty impartial....
*/
log_Printf(LogPHASE, "%s: Link is a netgraph node\n", p->link.name);
if ((dev = malloc(sizeof *dev)) == NULL) {
log_Printf(LogWARN, "%s: Cannot allocate an ether device: %s\n",
p->link.name, strerror(errno));
return NULL;
}
memcpy(&dev->dev, &basengdevice, sizeof dev->dev);
dev->cs = -1;
*dev->hook = '\0';
}
}
if (dev) {
physical_SetupStack(p, dev->dev.name, PHYSICAL_FORCE_SYNCNOACF);
return &dev->dev;
}
return NULL;
}