GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: sbin/isakmpd/udp.c Lines: 0 213 0.0 %
Date: 2017-11-07 Branches: 0 113 0.0 %

Line Branch Exec Source
1
/* $OpenBSD: udp.c,v 1.95 2008/07/22 09:45:56 bluhm Exp $	 */
2
/* $EOM: udp.c,v 1.57 2001/01/26 10:09:57 niklas Exp $	 */
3
4
/*
5
 * Copyright (c) 1998, 1999, 2001 Niklas Hallqvist.  All rights reserved.
6
 * Copyright (c) 2000 Angelos D. Keromytis.  All rights reserved.
7
 * Copyright (c) 2003, 2004 Håkan Olsson.  All rights reserved.
8
 *
9
 * Redistribution and use in source and binary forms, with or without
10
 * modification, are permitted provided that the following conditions
11
 * are met:
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 * 2. Redistributions in binary form must reproduce the above copyright
15
 *    notice, this list of conditions and the following disclaimer in the
16
 *    documentation and/or other materials provided with the distribution.
17
 *
18
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
 */
29
30
/*
31
 * This code was written under funding by Ericsson Radio Systems.
32
 */
33
34
#include <sys/types.h>
35
#include <sys/ioctl.h>
36
#include <sys/socket.h>
37
#include <sys/sockio.h>
38
#include <net/if.h>
39
#include <netinet/in.h>
40
#include <arpa/inet.h>
41
#include <ctype.h>
42
#include <limits.h>
43
#include <netdb.h>
44
#include <stdlib.h>
45
#include <string.h>
46
#include <unistd.h>
47
48
#include "conf.h"
49
#include "if.h"
50
#include "isakmp.h"
51
#include "log.h"
52
#include "message.h"
53
#include "monitor.h"
54
#include "transport.h"
55
#include "udp.h"
56
#include "util.h"
57
#include "virtual.h"
58
59
#define UDP_SIZE 65536
60
61
/* If a system doesn't have SO_REUSEPORT, SO_REUSEADDR will have to do. */
62
#ifndef SO_REUSEPORT
63
#define SO_REUSEPORT SO_REUSEADDR
64
#endif
65
66
/* These are reused by udp_encap.c, thus not 'static' here.  */
67
struct transport *udp_clone(struct transport *, struct sockaddr *);
68
int		  udp_fd_set(struct transport *, fd_set *, int);
69
int		  udp_fd_isset(struct transport *, fd_set *);
70
void		  udp_get_dst(struct transport *, struct sockaddr **);
71
void		  udp_get_src(struct transport *, struct sockaddr **);
72
char		 *udp_decode_ids(struct transport *);
73
void		  udp_remove(struct transport *);
74
75
static struct transport *udp_create(char *);
76
static void     udp_report(struct transport *);
77
static void     udp_handle_message(struct transport *);
78
static struct transport *udp_make(struct sockaddr *);
79
static int      udp_send_message(struct message *, struct transport *);
80
81
static struct transport_vtbl udp_transport_vtbl = {
82
	{0}, "udp_physical",
83
	udp_create,
84
	0,
85
	udp_remove,
86
	udp_report,
87
	udp_fd_set,
88
	udp_fd_isset,
89
	udp_handle_message,
90
	udp_send_message,
91
	udp_get_dst,
92
	udp_get_src,
93
	udp_decode_ids,
94
	udp_clone,
95
	0
96
};
97
98
char		*udp_default_port = 0;
99
int		 bind_family = 0;
100
101
void
102
udp_init(void)
103
{
104
	transport_method_add(&udp_transport_vtbl);
105
}
106
107
/* Create a UDP transport structure bound to LADDR just for listening.  */
108
static struct transport *
109
udp_make(struct sockaddr *laddr)
110
{
111
	struct udp_transport *t = 0;
112
	int	s, on, wildcardaddress = 0;
113
	char	*tstr;
114
115
	t = calloc(1, sizeof *t);
116
	if (!t) {
117
		log_print("udp_make: calloc (1, %lu) failed",
118
		    (unsigned long)sizeof *t);
119
		free(laddr);
120
		return 0;
121
	}
122
	t->src = laddr;
123
124
	s = socket(laddr->sa_family, SOCK_DGRAM, IPPROTO_UDP);
125
	if (s == -1) {
126
		log_error("udp_make: socket (%d, %d, %d)", laddr->sa_family,
127
		    SOCK_DGRAM, IPPROTO_UDP);
128
		goto err;
129
	}
130
	/* Make sure we don't get our traffic encrypted.  */
131
	if (sysdep_cleartext(s, laddr->sa_family) == -1)
132
		goto err;
133
134
	/* Wildcard address ?  */
135
	switch (laddr->sa_family) {
136
	case AF_INET:
137
		if (((struct sockaddr_in *)laddr)->sin_addr.s_addr ==
138
		    INADDR_ANY)
139
			wildcardaddress = 1;
140
		break;
141
	case AF_INET6:
142
		if (IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)laddr)->sin6_addr))
143
			wildcardaddress = 1;
144
		break;
145
	}
146
147
	/*
148
	 * In order to have several bound specific address-port combinations
149
	 * with the same port SO_REUSEADDR is needed.  If this is a wildcard
150
	 * socket and we are not listening there, but only sending from it
151
	 * make sure it is entirely reuseable with SO_REUSEPORT.
152
	 */
153
	on = 1;
154
	if (setsockopt(s, SOL_SOCKET,
155
	    wildcardaddress ? SO_REUSEPORT : SO_REUSEADDR,
156
	    (void *)&on, sizeof on) == -1) {
157
		log_error("udp_make: setsockopt (%d, %d, %d, %p, %lu)", s,
158
		    SOL_SOCKET, wildcardaddress ? SO_REUSEPORT : SO_REUSEADDR,
159
		    &on, (unsigned long)sizeof on);
160
		goto err;
161
	}
162
	t->transport.vtbl = &udp_transport_vtbl;
163
	if (monitor_bind(s, t->src, SA_LEN(t->src))) {
164
		if (sockaddr2text(t->src, &tstr, 0))
165
			log_error("udp_make: bind (%d, %p, %lu)", s, &t->src,
166
			    (unsigned long)sizeof t->src);
167
		else {
168
			log_error("udp_make: bind (%d, %s, %lu)", s, tstr,
169
			    (unsigned long)sizeof t->src);
170
			free(tstr);
171
		}
172
		goto err;
173
	}
174
	t->s = s;
175
	if (sockaddr2text(t->src, &tstr, 0))
176
		LOG_DBG((LOG_MISC, 20, "udp_make: "
177
		    "transport %p socket %d family %d", t, s,
178
		    t->src->sa_family == AF_INET ? 4 : 6));
179
	else {
180
		LOG_DBG((LOG_MISC, 20, "udp_make: "
181
		    "transport %p socket %d ip %s port %d", t, s,
182
		    tstr, ntohs(sockaddr_port(t->src))));
183
		free (tstr);
184
	}
185
	transport_setup(&t->transport, 0);
186
	t->transport.flags |= TRANSPORT_LISTEN;
187
	return &t->transport;
188
189
err:
190
	if (s >= 0)
191
		close(s);
192
	if (t) {
193
		/* Already closed.  */
194
		t->s = -1;
195
		udp_remove(&t->transport);
196
	}
197
	return 0;
198
}
199
200
/* Clone a listen transport U, record a destination RADDR for outbound use.  */
201
struct transport *
202
udp_clone(struct transport *ut, struct sockaddr *raddr)
203
{
204
	struct udp_transport *u = (struct udp_transport *)ut;
205
	struct udp_transport *u2;
206
	struct transport *t;
207
208
	t = malloc(sizeof *u);
209
	if (!t) {
210
		log_error("udp_clone: malloc (%lu) failed",
211
		    (unsigned long)sizeof *u);
212
		return 0;
213
	}
214
	u2 = (struct udp_transport *)t;
215
216
	memcpy(u2, u, sizeof *u);
217
218
	u2->src = malloc(SA_LEN(u->src));
219
	if (!u2->src) {
220
		log_error("udp_clone: malloc (%lu) failed",
221
		    (unsigned long)SA_LEN(u->src));
222
		free(t);
223
		return 0;
224
	}
225
	memcpy(u2->src, u->src, SA_LEN(u->src));
226
227
	u2->dst = malloc(SA_LEN(raddr));
228
	if (!u2->dst) {
229
		log_error("udp_clone: malloc (%lu) failed",
230
		    (unsigned long)SA_LEN(raddr));
231
		free(u2->src);
232
		free(t);
233
		return 0;
234
	}
235
	memcpy(u2->dst, raddr, SA_LEN(raddr));
236
237
	t->flags &= ~TRANSPORT_LISTEN;
238
	transport_setup(t, 0);
239
	return t;
240
}
241
242
/*
243
 * Initialize an object of the UDP transport class.  Fill in the local
244
 * IP address and port information and create a server socket bound to
245
 * that specific port.  Add the polymorphic transport structure to the
246
 * system-wide pools of known ISAKMP transports.
247
 */
248
struct transport *
249
udp_bind(const struct sockaddr *addr)
250
{
251
	struct sockaddr *src;
252
253
	src = malloc(SA_LEN(addr));
254
	if (!src)
255
		return 0;
256
257
	memcpy(src, addr, SA_LEN(addr));
258
	return udp_make(src);
259
}
260
261
/*
262
 * NAME is a section name found in the config database.  Setup and return
263
 * a transport useable to talk to the peer specified by that name.
264
 */
265
static struct transport *
266
udp_create(char *name)
267
{
268
	struct virtual_transport *v;
269
	struct udp_transport *u;
270
	struct transport *rv = 0;
271
	struct sockaddr	*dst, *addr;
272
	char	*addr_str, *port_str;
273
	struct conf_list *addr_list = 0;
274
	struct conf_list_node *addr_node;
275
276
	port_str = conf_get_str(name, "Port");
277
	if (!port_str)
278
		port_str = udp_default_port;
279
	if (!port_str)
280
		port_str = UDP_DEFAULT_PORT_STR;
281
282
	addr_str = conf_get_str(name, "Address");
283
	if (!addr_str) {
284
		log_print("udp_create: no address configured for \"%s\"",
285
		    name);
286
		return 0;
287
	}
288
	if (text2sockaddr(addr_str, port_str, &dst, 0, 0)) {
289
		log_print("udp_create: address \"%s\" not understood",
290
		    addr_str);
291
		return 0;
292
	}
293
	addr_str = conf_get_str(name, "Local-address");
294
	if (!addr_str)
295
		addr_list = conf_get_list("General", "Listen-on");
296
	if (!addr_str && !addr_list) {
297
		v = virtual_get_default(dst->sa_family);
298
		if (!v) {
299
			log_print("udp_create: no virtual default transport "
300
			    "for address family %d", dst->sa_family);
301
			goto ret;
302
		}
303
		u = (struct udp_transport *)v->main;
304
		if (!u) {
305
			log_print("udp_create: no udp default transport "
306
			    "for address family %d", dst->sa_family);
307
			goto ret;
308
		}
309
		rv = udp_clone((struct transport *)u, dst);
310
		if (rv)
311
			rv->vtbl = &udp_transport_vtbl;
312
		goto ret;
313
	}
314
315
	if (addr_list) {
316
		for (addr_node = TAILQ_FIRST(&addr_list->fields);
317
		    addr_node; addr_node = TAILQ_NEXT(addr_node, link))
318
			if (text2sockaddr(addr_node->field,
319
			    port_str, &addr, 0, 0) == 0) {
320
				v = virtual_listen_lookup(addr);
321
				free(addr);
322
				if (v) {
323
					addr_str = addr_node->field;
324
					break;
325
				}
326
			}
327
		if (!addr_str) {
328
			log_print("udp_create: no matching listener found");
329
			goto ret;
330
		}
331
	}
332
	if (text2sockaddr(addr_str, port_str, &addr, 0, 0)) {
333
		log_print("udp_create: address \"%s\" not understood",
334
		    addr_str);
335
		goto ret;
336
	}
337
338
	v = virtual_listen_lookup(addr);
339
	free(addr);
340
	if (!v) {
341
		log_print("udp_create: %s:%s must exist as a listener too",
342
		    addr_str, port_str);
343
		goto ret;
344
	}
345
	rv = udp_clone(v->main, dst);
346
	if (rv)
347
		rv->vtbl = &udp_transport_vtbl;
348
349
ret:
350
	if (addr_list)
351
		conf_free_list(addr_list);
352
	free(dst);
353
	return rv;
354
}
355
356
void
357
udp_remove(struct transport *t)
358
{
359
	struct udp_transport *u = (struct udp_transport *)t;
360
	struct transport *p;
361
362
	free(u->src);
363
	free(u->dst);
364
	if ((t->flags & TRANSPORT_LISTEN) && u->s >= 0)
365
		close(u->s);
366
367
	for (p = LIST_FIRST(&transport_list); p && p != t; p =
368
	    LIST_NEXT(p, link))
369
		;
370
	if (p == t)
371
		LIST_REMOVE(t, link);
372
373
	LOG_DBG((LOG_TRANSPORT, 90, "udp_remove: removed transport %p", t));
374
	free(t);
375
}
376
377
/* Report transport-method specifics of the T transport. */
378
void
379
udp_report(struct transport *t)
380
{
381
	struct udp_transport *u = (struct udp_transport *)t;
382
	char		*src = NULL, *dst = NULL;
383
	in_port_t	 sport, dport;
384
385
	if (sockaddr2text(u->src, &src, 0))
386
		return;
387
	sport = sockaddr_port(u->src);
388
389
	if (!u->dst || sockaddr2text(u->dst, &dst, 0))
390
		dst = 0;
391
	dport = dst ? sockaddr_port(u->dst) : 0;
392
393
	LOG_DBG((LOG_REPORT, 0, "udp_report: fd %d src %s:%u dst %s:%u", u->s,
394
	    src, ntohs(sport), dst ? dst : "<none>", ntohs(dport)));
395
396
	free(dst);
397
	free(src);
398
}
399
400
/*
401
 * A message has arrived on transport T's socket.  If T is single-ended,
402
 * clone it into a double-ended transport which we will use from now on.
403
 * Package the message as we want it and continue processing in the message
404
 * module.
405
 */
406
static void
407
udp_handle_message(struct transport *t)
408
{
409
	struct udp_transport *u = (struct udp_transport *)t;
410
	u_int8_t        buf[UDP_SIZE];
411
	struct sockaddr_storage from;
412
	u_int32_t       len = sizeof from;
413
	ssize_t         n;
414
	struct message *msg;
415
416
	n = recvfrom(u->s, buf, UDP_SIZE, 0, (struct sockaddr *)&from, &len);
417
	if (n == -1) {
418
		log_error("recvfrom (%d, %p, %d, %d, %p, %p)", u->s, buf,
419
		    UDP_SIZE, 0, &from, &len);
420
		return;
421
	}
422
423
	if (t->virtual == (struct transport *)virtual_get_default(AF_INET) ||
424
	    t->virtual == (struct transport *)virtual_get_default(AF_INET6)) {
425
		t->virtual->vtbl->reinit();
426
427
		/*
428
		 * As we don't know the actual destination address of the
429
		 * packet, we can't really deal with it. So, just ignore it
430
		 * and hope we catch the retransmission.
431
		 */
432
		return;
433
	}
434
435
	/*
436
	 * Make a specialized UDP transport structure out of the incoming
437
	 * transport and the address information we got from recvfrom(2).
438
	 */
439
	t = t->virtual->vtbl->clone(t->virtual, (struct sockaddr *)&from);
440
	if (!t)
441
		return;
442
443
	msg = message_alloc(t, buf, n);
444
	if (!msg) {
445
		log_error("failed to allocate message structure, dropping "
446
		    "packet received on transport %p", u);
447
		t->vtbl->remove(t);
448
		return;
449
	}
450
	message_recv(msg);
451
}
452
453
/* Physically send the message MSG over its associated transport.  */
454
static int
455
udp_send_message(struct message *msg, struct transport *t)
456
{
457
	struct udp_transport *u = (struct udp_transport *)t;
458
	ssize_t         n;
459
	struct msghdr   m;
460
461
	/*
462
	 * Sending on connected sockets requires that no destination address is
463
	 * given, or else EISCONN will occur.
464
	 */
465
	m.msg_name = (caddr_t) u->dst;
466
	m.msg_namelen = SA_LEN(u->dst);
467
	m.msg_iov = msg->iov;
468
	m.msg_iovlen = msg->iovlen;
469
	m.msg_control = 0;
470
	m.msg_controllen = 0;
471
	m.msg_flags = 0;
472
	n = sendmsg(u->s, &m, 0);
473
	if (n == -1) {
474
		/* XXX We should check whether the address has gone away */
475
		log_error("sendmsg (%d, %p, %d)", u->s, &m, 0);
476
		return -1;
477
	}
478
	return 0;
479
}
480
481
int
482
udp_fd_set(struct transport *t, fd_set *fds, int bit)
483
{
484
	struct udp_transport		*u = (struct udp_transport *)t;
485
486
	if (bit)
487
		FD_SET(u->s, fds);
488
	else
489
		FD_CLR(u->s, fds);
490
491
	return u->s + 1;
492
}
493
494
int
495
udp_fd_isset(struct transport *t, fd_set *fds)
496
{
497
	struct udp_transport		*u = (struct udp_transport *)t;
498
499
	return FD_ISSET(u->s, fds);
500
}
501
502
/*
503
 * Get transport T's peer address and stuff it into the sockaddr pointed
504
 * to by DST.
505
 */
506
void
507
udp_get_dst(struct transport *t, struct sockaddr **dst)
508
{
509
	*dst = ((struct udp_transport *)t)->dst;
510
}
511
512
/*
513
 * Get transport T's local address and stuff it into the sockaddr pointed
514
 * to by SRC.  Put its length into SRC_LEN.
515
 */
516
void
517
udp_get_src(struct transport *t, struct sockaddr **src)
518
{
519
	*src = ((struct udp_transport *)t)->src;
520
}
521
522
char *
523
udp_decode_ids(struct transport *t)
524
{
525
	struct sockaddr *src, *dst;
526
	static char     result[1024];
527
	char            idsrc[256], iddst[256];
528
529
	t->vtbl->get_src(t, &src);
530
	t->vtbl->get_dst(t, &dst);
531
532
	if (getnameinfo(src, SA_LEN(src), idsrc, sizeof idsrc, NULL, 0,
533
	    NI_NUMERICHOST) != 0) {
534
		log_print("udp_decode_ids: getnameinfo () failed for 'src'");
535
		strlcpy(idsrc, "<error>", 256);
536
	}
537
	if (getnameinfo(dst, SA_LEN(dst), iddst, sizeof iddst, NULL, 0,
538
	    NI_NUMERICHOST) != 0) {
539
		log_print("udp_decode_ids: getnameinfo () failed for 'dst'");
540
		strlcpy(iddst, "<error>", 256);
541
	}
542
543
	snprintf(result, sizeof result, "src: %s dst: %s", idsrc, iddst);
544
	return result;
545
}