Commit | Line | Data |
---|---|---|
059ec3d9 PH |
1 | /************************************************* |
2 | * Exim - an Internet mail transport agent * | |
3 | *************************************************/ | |
4 | ||
f9ba5e22 | 5 | /* Copyright (c) University of Cambridge 1995 - 2018 */ |
1e1ddfac | 6 | /* Copyright (c) The Exim Maintainers 2020 */ |
059ec3d9 PH |
7 | /* See the file NOTICE for conditions of use and distribution. */ |
8 | ||
9 | /* Functions for doing things with sockets. With the advent of IPv6 this has | |
10 | got messier, so that it's worth pulling out the code into separate functions | |
4c04137d | 11 | that other parts of Exim can call, especially as there are now several |
059ec3d9 PH |
12 | different places in the code where sockets are used. */ |
13 | ||
14 | ||
15 | #include "exim.h" | |
16 | ||
17 | ||
73a10da9 JH |
18 | #if defined(TCP_FASTOPEN) |
19 | # if defined(MSG_FASTOPEN) || defined(EXIM_TFO_CONNECTX) || defined(EXIM_TFO_FREEBSD) | |
20 | # define EXIM_SUPPORT_TFO | |
21 | # endif | |
22 | #endif | |
23 | ||
059ec3d9 PH |
24 | /************************************************* |
25 | * Create a socket * | |
26 | *************************************************/ | |
27 | ||
28 | /* Socket creation happens in a number of places so it's packaged here for | |
29 | convenience. | |
30 | ||
31 | Arguments: | |
32 | type SOCK_DGRAM or SOCK_STREAM | |
33 | af AF_INET or AF_INET6 | |
34 | ||
35 | Returns: socket number or -1 on failure | |
36 | */ | |
37 | ||
38 | int | |
39 | ip_socket(int type, int af) | |
40 | { | |
41 | int sock = socket(af, type, 0); | |
42 | if (sock < 0) | |
43 | log_write(0, LOG_MAIN, "IPv%c socket creation failed: %s", | |
44 | (af == AF_INET6)? '6':'4', strerror(errno)); | |
45 | return sock; | |
46 | } | |
47 | ||
48 | ||
49 | ||
50 | ||
51 | #if HAVE_IPV6 | |
52 | /************************************************* | |
53 | * Convert printing address to numeric * | |
54 | *************************************************/ | |
55 | ||
56 | /* This function converts the textual form of an IP address into a numeric form | |
57 | in an appropriate structure in an IPv6 environment. The getaddrinfo() function | |
58 | can (apparently) handle more complicated addresses (e.g. those containing | |
59 | scopes) than inet_pton() in some environments. We use hints to tell it that the | |
60 | input must be a numeric address. | |
61 | ||
62 | However, apparently some operating systems (or libraries) don't support | |
63 | getaddrinfo(), so there is a build-time option to revert to inet_pton() (which | |
64 | does not support scopes). | |
65 | ||
66 | Arguments: | |
67 | address textual form of the address | |
68 | addr where to copy back the answer | |
69 | ||
70 | Returns: nothing - failure provokes a panic-die | |
71 | */ | |
72 | ||
73 | static void | |
a56cc2b8 | 74 | ip_addrinfo(const uschar *address, struct sockaddr_in6 *saddr) |
059ec3d9 PH |
75 | { |
76 | #ifdef IPV6_USE_INET_PTON | |
77 | ||
a56cc2b8 | 78 | if (inet_pton(AF_INET6, CCS address, &saddr->sin6_addr) != 1) |
059ec3d9 PH |
79 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an " |
80 | "IP address", address); | |
81 | saddr->sin6_family = AF_INET6; | |
82 | ||
83 | #else | |
84 | ||
85 | int rc; | |
86 | struct addrinfo hints, *res; | |
87 | memset(&hints, 0, sizeof(hints)); | |
88 | hints.ai_family = AF_INET6; | |
89 | hints.ai_socktype = SOCK_STREAM; | |
90 | hints.ai_flags = AI_NUMERICHOST; | |
a56cc2b8 | 91 | if ((rc = getaddrinfo(CCS address, NULL, &hints, &res)) != 0 || res == NULL) |
059ec3d9 PH |
92 | log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unable to parse \"%s\" as an " |
93 | "IP address: %s", address, | |
94 | (rc == 0)? "NULL result returned" : gai_strerror(rc)); | |
95 | memcpy(saddr, res->ai_addr, res->ai_addrlen); | |
96 | freeaddrinfo(res); | |
97 | ||
98 | #endif | |
99 | } | |
100 | #endif /* HAVE_IPV6 */ | |
101 | ||
102 | ||
103 | /************************************************* | |
104 | * Bind socket to interface and port * | |
105 | *************************************************/ | |
106 | ||
059ec3d9 | 107 | int |
7eb6c37c | 108 | ip_addr(void * sin_, int af, const uschar * address, int port) |
059ec3d9 | 109 | { |
7eb6c37c | 110 | union sockaddr_46 * sin = sin_; |
69cbeaec | 111 | memset(sin, 0, sizeof(*sin)); |
059ec3d9 PH |
112 | |
113 | /* Setup code when using an IPv6 socket. The wildcard address is ":", to | |
114 | ensure an IPv6 socket is used. */ | |
115 | ||
116 | #if HAVE_IPV6 | |
117 | if (af == AF_INET6) | |
118 | { | |
119 | if (address[0] == ':' && address[1] == 0) | |
120 | { | |
7eb6c37c JH |
121 | sin->v6.sin6_family = AF_INET6; |
122 | sin->v6.sin6_addr = in6addr_any; | |
059ec3d9 PH |
123 | } |
124 | else | |
7eb6c37c JH |
125 | ip_addrinfo(address, &sin->v6); /* Panic-dies on error */ |
126 | sin->v6.sin6_port = htons(port); | |
127 | return sizeof(sin->v6); | |
059ec3d9 PH |
128 | } |
129 | else | |
130 | #else /* HAVE_IPv6 */ | |
131 | af = af; /* Avoid compiler warning */ | |
132 | #endif /* HAVE_IPV6 */ | |
133 | ||
134 | /* Setup code when using IPv4 socket. The wildcard address is "". */ | |
135 | ||
136 | { | |
7eb6c37c JH |
137 | sin->v4.sin_family = AF_INET; |
138 | sin->v4.sin_port = htons(port); | |
139 | sin->v4.sin_addr.s_addr = address[0] == 0 | |
140 | ? (S_ADDR_TYPE)INADDR_ANY | |
141 | : (S_ADDR_TYPE)inet_addr(CS address); | |
142 | return sizeof(sin->v4); | |
059ec3d9 | 143 | } |
7eb6c37c | 144 | } |
059ec3d9 | 145 | |
059ec3d9 | 146 | |
7eb6c37c JH |
147 | |
148 | /* This function binds a socket to a local interface address and port. For a | |
149 | wildcard IPv6 bind, the address is ":". | |
150 | ||
151 | Arguments: | |
152 | sock the socket | |
153 | af AF_INET or AF_INET6 - the socket type | |
154 | address the IP address, in text form | |
155 | port the IP port (host order) | |
156 | ||
157 | Returns: the result of bind() | |
158 | */ | |
159 | ||
160 | int | |
161 | ip_bind(int sock, int af, uschar *address, int port) | |
162 | { | |
163 | union sockaddr_46 sin; | |
164 | int s_len = ip_addr(&sin, af, address, port); | |
059ec3d9 PH |
165 | return bind(sock, (struct sockaddr *)&sin, s_len); |
166 | } | |
167 | ||
168 | ||
169 | ||
170 | /************************************************* | |
171 | * Connect socket to remote host * | |
172 | *************************************************/ | |
173 | ||
174 | /* This function connects a socket to a remote address and port. The socket may | |
d515a917 PH |
175 | or may not have previously been bound to a local interface. The socket is not |
176 | closed, even in cases of error. It is expected that the calling function, which | |
177 | created the socket, will be the one that closes it. | |
059ec3d9 PH |
178 | |
179 | Arguments: | |
180 | sock the socket | |
181 | af AF_INET6 or AF_INET for the socket type | |
182 | address the remote address, in text form | |
183 | port the remote port | |
b1f8e4f8 | 184 | timeout a timeout (zero for indefinite timeout) |
10ac8d7f | 185 | fastopen_blob non-null iff TCP_FASTOPEN can be used; may indicate early-data to |
b536a578 | 186 | be sent in SYN segment. Any such data must be idempotent. |
059ec3d9 PH |
187 | |
188 | Returns: 0 on success; -1 on failure, with errno set | |
189 | */ | |
190 | ||
191 | int | |
fb05276a | 192 | ip_connect(int sock, int af, const uschar *address, int port, int timeout, |
10ac8d7f | 193 | const blob * fastopen_blob) |
059ec3d9 PH |
194 | { |
195 | struct sockaddr_in s_in4; | |
196 | struct sockaddr *s_ptr; | |
197 | int s_len, rc, save_errno; | |
198 | ||
199 | /* For an IPv6 address, use an IPv6 sockaddr structure. */ | |
200 | ||
201 | #if HAVE_IPV6 | |
202 | struct sockaddr_in6 s_in6; | |
203 | if (af == AF_INET6) | |
204 | { | |
205 | memset(&s_in6, 0, sizeof(s_in6)); | |
206 | ip_addrinfo(address, &s_in6); /* Panic-dies on error */ | |
207 | s_in6.sin6_port = htons(port); | |
208 | s_ptr = (struct sockaddr *)&s_in6; | |
209 | s_len = sizeof(s_in6); | |
210 | } | |
211 | else | |
212 | #else /* HAVE_IPV6 */ | |
213 | af = af; /* Avoid compiler warning */ | |
214 | #endif /* HAVE_IPV6 */ | |
215 | ||
216 | /* For an IPv4 address, use an IPv4 sockaddr structure, even on a system with | |
217 | IPv6 support. */ | |
218 | ||
219 | { | |
220 | memset(&s_in4, 0, sizeof(s_in4)); | |
221 | s_in4.sin_family = AF_INET; | |
222 | s_in4.sin_port = htons(port); | |
a56cc2b8 | 223 | s_in4.sin_addr.s_addr = (S_ADDR_TYPE)inet_addr(CCS address); |
059ec3d9 PH |
224 | s_ptr = (struct sockaddr *)&s_in4; |
225 | s_len = sizeof(s_in4); | |
226 | } | |
227 | ||
228 | /* If no connection timeout is set, just call connect() without setting a | |
229 | timer, thereby allowing the inbuilt OS timeout to operate. */ | |
230 | ||
af483912 | 231 | callout_address = string_sprintf("[%s]:%d", address, port); |
059ec3d9 | 232 | sigalrm_seen = FALSE; |
c2a1bba0 | 233 | if (timeout > 0) ALARM(timeout); |
fb05276a | 234 | |
73a10da9 | 235 | #ifdef EXIM_SUPPORT_TFO |
fb05276a JH |
236 | /* TCP Fast Open, if the system has a cookie from a previous call to |
237 | this peer, can send data in the SYN packet. The peer can send data | |
238 | before it gets our ACK of its SYN,ACK - the latter is useful for | |
ac0dcd3f | 239 | the SMTP banner. Other (than SMTP) cases of TCP connections can |
b536a578 | 240 | possibly use the data-on-syn, so support that too. */ |
fb05276a | 241 | |
8768d548 | 242 | if (fastopen_blob && f.tcp_fastopen_ok) |
fb05276a | 243 | { |
b536a578 | 244 | # ifdef MSG_FASTOPEN |
73a10da9 | 245 | /* This is a Linux implementation. */ |
b536a578 | 246 | |
10ac8d7f | 247 | if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len, |
ac0dcd3f | 248 | MSG_FASTOPEN | MSG_DONTWAIT, s_ptr, s_len)) >= 0) |
1ccd5f67 | 249 | /* seen for with-data, experimental TFO option, with-cookie case */ |
8255135b | 250 | /* seen for with-data, proper TFO opt, with-cookie case */ |
ac0dcd3f | 251 | { |
10ac8d7f | 252 | DEBUG(D_transport|D_v) |
adb21834 | 253 | debug_printf(" TFO mode connection attempt to %s, %lu data\n", |
4aa2e44b | 254 | address, (unsigned long)fastopen_blob->len); |
afdb5e9c | 255 | /*XXX also seen on successful TFO, sigh */ |
ee8b8090 | 256 | tcp_out_fastopen = fastopen_blob->len > 0 ? TFO_ATTEMPTED_DATA : TFO_ATTEMPTED_NODATA; |
ac0dcd3f | 257 | } |
c3da38a1 BF |
258 | else switch (errno) |
259 | { | |
260 | case EINPROGRESS: /* expected if we had no cookie for peer */ | |
1ccd5f67 JH |
261 | /* seen for no-data, proper TFO option, both cookie-request and with-cookie cases */ |
262 | /* apparently no visibility of the diffference at this point */ | |
8255135b | 263 | /* seen for with-data, proper TFO opt, cookie-req */ |
1ccd5f67 JH |
264 | /* with netwk delay, post-conn tcp_info sees unacked 1 for R, 2 for C; code in smtp_out.c */ |
265 | /* ? older Experimental TFO option behaviour ? */ | |
c3da38a1 BF |
266 | DEBUG(D_transport|D_v) debug_printf(" TFO mode sendto, %s data: EINPROGRESS\n", |
267 | fastopen_blob->len > 0 ? "with" : "no"); | |
268 | if (!fastopen_blob->data) | |
269 | { | |
270 | tcp_out_fastopen = TFO_ATTEMPTED_NODATA; /* we tried; unknown if useful yet */ | |
271 | rc = 0; | |
272 | } | |
273 | else /* queue unsent data */ | |
274 | rc = send(sock, fastopen_blob->data, fastopen_blob->len, 0); | |
275 | break; | |
276 | ||
277 | case EOPNOTSUPP: | |
278 | DEBUG(D_transport) | |
279 | debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); | |
280 | goto legacy_connect; | |
281 | ||
282 | case EPIPE: | |
283 | DEBUG(D_transport) | |
284 | debug_printf("Tried TCP Fast Open but kernel too old to support it\n"); | |
285 | goto legacy_connect; | |
ac0dcd3f | 286 | } |
73a10da9 JH |
287 | |
288 | # elif defined(EXIM_TFO_FREEBSD) | |
289 | /* Re: https://people.freebsd.org/~pkelsey/tfo-tools/tfo-client.c */ | |
290 | ||
291 | if (setsockopt(sock, IPPROTO_TCP, TCP_FASTOPEN, &on, sizeof(on)) < 0) | |
292 | { | |
293 | DEBUG(D_transport) | |
294 | debug_printf("Tried TCP Fast Open but apparently not enabled by sysctl\n"); | |
295 | goto legacy_connect; | |
296 | } | |
297 | if ((rc = sendto(sock, fastopen_blob->data, fastopen_blob->len, 0, | |
298 | s_ptr, s_len)) >= 0) | |
299 | { | |
300 | DEBUG(D_transport|D_v) | |
301 | debug_printf(" TFO mode connection attempt to %s, %lu data\n", | |
302 | address, (unsigned long)fastopen_blob->len); | |
303 | tcp_out_fastopen = fastopen_blob->len > 0 ? TFO_ATTEMPTED_DATA : TFO_ATTEMPTED_NODATA; | |
304 | } | |
305 | ||
306 | # elif defined(EXIM_TFO_CONNECTX) | |
b536a578 JH |
307 | /* MacOS */ |
308 | sa_endpoints_t ends = { | |
309 | .sae_srcif = 0, .sae_srcaddr = NULL, .sae_srcaddrlen = 0, | |
310 | .sae_dstaddr = s_ptr, .sae_dstaddrlen = s_len }; | |
311 | struct iovec iov = { | |
312 | .iov_base = fastopen_blob->data, .iov_len = fastopen_blob->len }; | |
313 | size_t len; | |
314 | ||
315 | if ((rc = connectx(sock, &ends, SAE_ASSOCID_ANY, | |
316 | CONNECT_DATA_IDEMPOTENT, &iov, 1, &len, NULL)) == 0) | |
317 | { | |
318 | DEBUG(D_transport|D_v) | |
adb21834 | 319 | debug_printf(" TFO mode connection attempt to %s, %lu data\n", |
b536a578 | 320 | address, (unsigned long)fastopen_blob->len); |
068f180d | 321 | tcp_out_fastopen = fastopen_blob->len > 0 ? TFO_ATTEMPTED_DATA : TFO_ATTEMPTED_NODATA; |
b536a578 JH |
322 | |
323 | if (len != fastopen_blob->len) | |
324 | DEBUG(D_transport|D_v) | |
325 | debug_printf(" only queued %lu data!\n", (unsigned long)len); | |
326 | } | |
327 | else if (errno == EINPROGRESS) | |
328 | { | |
adb21834 | 329 | DEBUG(D_transport|D_v) debug_printf(" TFO mode connectx, %s data: EINPROGRESS\n", |
b536a578 JH |
330 | fastopen_blob->len > 0 ? "with" : "no"); |
331 | if (!fastopen_blob->data) | |
332 | { | |
7434882d | 333 | tcp_out_fastopen = TFO_ATTEMPTED_NODATA; /* we tried; unknown if useful yet */ |
b536a578 JH |
334 | rc = 0; |
335 | } | |
336 | else /* assume that no data was queued; block in send */ | |
337 | rc = send(sock, fastopen_blob->data, fastopen_blob->len, 0); | |
338 | } | |
339 | # endif | |
fb05276a JH |
340 | } |
341 | else | |
73a10da9 | 342 | #endif /*EXIM_SUPPORT_TFO*/ |
0ab63f3d | 343 | { |
73a10da9 | 344 | #if defined(EXIM_SUPPORT_TFO) && !defined(EXIM_TFO_CONNECTX) |
0ab63f3d | 345 | legacy_connect: |
dca6d121 JH |
346 | #endif |
347 | ||
10ac8d7f | 348 | DEBUG(D_transport|D_v) if (fastopen_blob) |
adb21834 | 349 | debug_printf(" non-TFO mode connection attempt to %s, %lu data\n", |
4aa2e44b | 350 | address, (unsigned long)fastopen_blob->len); |
0ab63f3d | 351 | if ((rc = connect(sock, s_ptr, s_len)) >= 0) |
10ac8d7f JH |
352 | if ( fastopen_blob && fastopen_blob->data && fastopen_blob->len |
353 | && send(sock, fastopen_blob->data, fastopen_blob->len, 0) < 0) | |
0ab63f3d JH |
354 | rc = -1; |
355 | } | |
fb05276a | 356 | |
059ec3d9 | 357 | save_errno = errno; |
c2a1bba0 | 358 | ALARM_CLR(0); |
059ec3d9 PH |
359 | |
360 | /* There is a testing facility for simulating a connection timeout, as I | |
361 | can't think of any other way of doing this. It converts a connection refused | |
75e0e026 | 362 | into a timeout if the timeout is set to 999999. */ |
059ec3d9 | 363 | |
8768d548 | 364 | if (f.running_in_test_harness && save_errno == ECONNREFUSED && timeout == 999999) |
059ec3d9 | 365 | { |
a39bd74d JB |
366 | rc = -1; |
367 | save_errno = EINTR; | |
368 | sigalrm_seen = TRUE; | |
059ec3d9 PH |
369 | } |
370 | ||
371 | /* Success */ | |
372 | ||
055e2cb4 | 373 | if (rc >= 0) |
055e2cb4 | 374 | return 0; |
059ec3d9 PH |
375 | |
376 | /* A failure whose error code is "Interrupted system call" is in fact | |
377 | an externally applied timeout if the signal handler has been run. */ | |
378 | ||
a39bd74d | 379 | errno = save_errno == EINTR && sigalrm_seen ? ETIMEDOUT : save_errno; |
059ec3d9 PH |
380 | return -1; |
381 | } | |
382 | ||
383 | ||
a6d4c44e TF |
384 | |
385 | /************************************************* | |
386 | * Create connected socket to remote host * | |
387 | *************************************************/ | |
388 | ||
b1f8e4f8 JH |
389 | /* Create a socket and connect to host (name or number, ipv6 ok) |
390 | at one of port-range. | |
a6d4c44e | 391 | |
b1f8e4f8 JH |
392 | Arguments: |
393 | type SOCK_DGRAM or SOCK_STREAM | |
394 | af AF_INET6 or AF_INET for the socket type | |
afdb5e9c | 395 | hostname host name, or ip address (as text) |
b1f8e4f8 JH |
396 | portlo,porthi the remote port range |
397 | timeout a timeout | |
4a5cbaff | 398 | connhost if not NULL, host_item to be filled in with connection details |
b1f8e4f8 | 399 | errstr pointer for allocated string on error |
10ac8d7f | 400 | fastopen_blob with SOCK_STREAM, if non-null, request TCP Fast Open. |
b536a578 | 401 | Additionally, optional idempotent early-data to send |
b1f8e4f8 JH |
402 | |
403 | Return: | |
404 | socket fd, or -1 on failure (having allocated an error string) | |
405 | */ | |
406 | int | |
407 | ip_connectedsocket(int type, const uschar * hostname, int portlo, int porthi, | |
10ac8d7f | 408 | int timeout, host_item * connhost, uschar ** errstr, const blob * fastopen_blob) |
b1f8e4f8 | 409 | { |
d7978c0f | 410 | int namelen; |
b1f8e4f8 | 411 | host_item shost; |
b1f8e4f8 JH |
412 | int af = 0, fd, fd4 = -1, fd6 = -1; |
413 | ||
414 | shost.next = NULL; | |
415 | shost.address = NULL; | |
416 | shost.port = portlo; | |
417 | shost.mx = -1; | |
418 | ||
419 | namelen = Ustrlen(hostname); | |
420 | ||
421 | /* Anything enclosed in [] must be an IP address. */ | |
422 | ||
423 | if (hostname[0] == '[' && | |
424 | hostname[namelen - 1] == ']') | |
425 | { | |
af483912 | 426 | uschar * host = string_copyn(hostname+1, namelen-2); |
b1f8e4f8 JH |
427 | if (string_is_ip_address(host, NULL) == 0) |
428 | { | |
429 | *errstr = string_sprintf("malformed IP address \"%s\"", hostname); | |
430 | return -1; | |
431 | } | |
432 | shost.name = shost.address = host; | |
433 | } | |
434 | ||
435 | /* Otherwise check for an unadorned IP address */ | |
436 | ||
437 | else if (string_is_ip_address(hostname, NULL) != 0) | |
af483912 | 438 | shost.name = shost.address = string_copyn(hostname, namelen); |
b1f8e4f8 JH |
439 | |
440 | /* Otherwise lookup IP address(es) from the name */ | |
441 | ||
442 | else | |
443 | { | |
af483912 | 444 | shost.name = string_copyn(hostname, namelen); |
1f155f8e JH |
445 | if (host_find_byname(&shost, NULL, HOST_FIND_QUALIFY_SINGLE, |
446 | NULL, FALSE) != HOST_FOUND) | |
b1f8e4f8 JH |
447 | { |
448 | *errstr = string_sprintf("no IP address found for host %s", shost.name); | |
449 | return -1; | |
450 | } | |
451 | } | |
452 | ||
453 | /* Try to connect to the server - test each IP till one works */ | |
454 | ||
d7978c0f | 455 | for (host_item * h = &shost; h; h = h->next) |
b1f8e4f8 | 456 | { |
af483912 JH |
457 | fd = Ustrchr(h->address, ':') != 0 |
458 | ? fd6 < 0 ? (fd6 = ip_socket(type, af = AF_INET6)) : fd6 | |
459 | : fd4 < 0 ? (fd4 = ip_socket(type, af = AF_INET )) : fd4; | |
b1f8e4f8 JH |
460 | |
461 | if (fd < 0) | |
462 | { | |
463 | *errstr = string_sprintf("failed to create socket: %s", strerror(errno)); | |
464 | goto bad; | |
465 | } | |
466 | ||
d7978c0f | 467 | for (int port = portlo; port <= porthi; port++) |
10ac8d7f | 468 | if (ip_connect(fd, af, h->address, port, timeout, fastopen_blob) == 0) |
b1f8e4f8 JH |
469 | { |
470 | if (fd != fd6) close(fd6); | |
471 | if (fd != fd4) close(fd4); | |
8a512ed5 JH |
472 | if (connhost) |
473 | { | |
b1f8e4f8 JH |
474 | h->port = port; |
475 | *connhost = *h; | |
476 | connhost->next = NULL; | |
477 | } | |
478 | return fd; | |
479 | } | |
480 | } | |
481 | ||
a9764ac5 JH |
482 | *errstr = string_sprintf("failed to connect to any address for %s: %s", |
483 | hostname, strerror(errno)); | |
b1f8e4f8 JH |
484 | |
485 | bad: | |
486 | close(fd4); close(fd6); return -1; | |
487 | } | |
488 | ||
059ec3d9 | 489 | |
4a5cbaff | 490 | /*XXX TFO? */ |
3e60dd41 | 491 | int |
7d2f2d36 JH |
492 | ip_tcpsocket(const uschar * hostport, uschar ** errstr, int tmo, |
493 | host_item * connhost) | |
3e60dd41 | 494 | { |
a39bd74d JB |
495 | int scan; |
496 | uschar hostname[256]; | |
497 | unsigned int portlow, porthigh; | |
498 | ||
499 | /* extract host and port part */ | |
500 | scan = sscanf(CS hostport, "%255s %u-%u", hostname, &portlow, &porthigh); | |
501 | if (scan != 3) | |
502 | { | |
503 | if (scan != 2) | |
504 | { | |
505 | *errstr = string_sprintf("invalid socket '%s'", hostport); | |
506 | return -1; | |
3e60dd41 | 507 | } |
a39bd74d | 508 | porthigh = portlow; |
3e60dd41 JH |
509 | } |
510 | ||
a39bd74d | 511 | return ip_connectedsocket(SOCK_STREAM, hostname, portlow, porthigh, |
7d2f2d36 | 512 | tmo, connhost, errstr, NULL); |
3e60dd41 JH |
513 | } |
514 | ||
515 | int | |
516 | ip_unixsocket(const uschar * path, uschar ** errstr) | |
517 | { | |
a39bd74d JB |
518 | int sock; |
519 | struct sockaddr_un server; | |
3e60dd41 | 520 | |
a39bd74d JB |
521 | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) |
522 | { | |
523 | *errstr = US"can't open UNIX socket."; | |
524 | return -1; | |
3e60dd41 JH |
525 | } |
526 | ||
af483912 | 527 | callout_address = string_copy(path); |
a39bd74d | 528 | server.sun_family = AF_UNIX; |
f3ebb786 | 529 | Ustrncpy(US server.sun_path, path, sizeof(server.sun_path)-1); |
a39bd74d JB |
530 | server.sun_path[sizeof(server.sun_path)-1] = '\0'; |
531 | if (connect(sock, (struct sockaddr *) &server, sizeof(server)) < 0) | |
532 | { | |
533 | int err = errno; | |
534 | (void)close(sock); | |
535 | *errstr = string_sprintf("unable to connect to UNIX socket (%s): %s", | |
536 | path, strerror(err)); | |
537 | return -1; | |
538 | } | |
539 | return sock; | |
3e60dd41 JH |
540 | } |
541 | ||
c71c454d JH |
542 | /* spec is either an absolute path (with a leading /), or |
543 | a host (name or IP) and port (whitespace-separated). | |
544 | The port can be a range, dash-separated, or a single number. | |
7d2f2d36 JH |
545 | |
546 | For a TCP socket, optionally fill in a host_item. | |
c71c454d | 547 | */ |
3e60dd41 | 548 | int |
7d2f2d36 JH |
549 | ip_streamsocket(const uschar * spec, uschar ** errstr, int tmo, |
550 | host_item * connhost) | |
3e60dd41 | 551 | { |
a39bd74d | 552 | return *spec == '/' |
7d2f2d36 | 553 | ? ip_unixsocket(spec, errstr) : ip_tcpsocket(spec, errstr, tmo, connhost); |
3e60dd41 JH |
554 | } |
555 | ||
059ec3d9 PH |
556 | /************************************************* |
557 | * Set keepalive on a socket * | |
558 | *************************************************/ | |
559 | ||
560 | /* Can be called for both incoming and outgoing sockets. | |
561 | ||
562 | Arguments: | |
563 | sock the socket | |
564 | address the remote host address, for failure logging | |
565 | torf true for outgoing connection, false for incoming | |
566 | ||
567 | Returns: nothing | |
568 | */ | |
569 | ||
570 | void | |
55414b25 | 571 | ip_keepalive(int sock, const uschar *address, BOOL torf) |
059ec3d9 PH |
572 | { |
573 | int fodder = 1; | |
574 | if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, | |
5903c6ff | 575 | US (&fodder), sizeof(fodder)) != 0) |
059ec3d9 PH |
576 | log_write(0, LOG_MAIN, "setsockopt(SO_KEEPALIVE) on connection %s %s " |
577 | "failed: %s", torf? "to":"from", address, strerror(errno)); | |
578 | } | |
579 | ||
580 | ||
581 | ||
582 | /************************************************* | |
583 | * Receive from a socket with timeout * | |
584 | *************************************************/ | |
585 | ||
4e71661f | 586 | /* |
059ec3d9 | 587 | Arguments: |
4e71661f | 588 | fd the file descriptor |
0a5441fc | 589 | timelimit the timeout endpoint, seconds-since-epoch |
4e71661f JH |
590 | Returns: TRUE => ready for i/o |
591 | FALSE => timed out, or other error | |
059ec3d9 | 592 | */ |
4e71661f | 593 | BOOL |
0a5441fc | 594 | fd_ready(int fd, time_t timelimit) |
059ec3d9 PH |
595 | { |
596 | fd_set select_inset; | |
0a5441fc | 597 | int time_left = timelimit - time(NULL); |
059ec3d9 PH |
598 | int rc; |
599 | ||
85ff3cf9 | 600 | if (time_left <= 0) |
4e71661f JH |
601 | { |
602 | errno = ETIMEDOUT; | |
603 | return FALSE; | |
604 | } | |
059ec3d9 PH |
605 | /* Wait until the socket is ready */ |
606 | ||
a39bd74d | 607 | do |
059ec3d9 | 608 | { |
f2ed27cf | 609 | struct timeval tv = { .tv_sec = time_left, .tv_usec = 0 }; |
059ec3d9 | 610 | FD_ZERO (&select_inset); |
4e71661f | 611 | FD_SET (fd, &select_inset); |
059ec3d9 | 612 | |
0f0c8159 | 613 | /*DEBUG(D_transport) debug_printf("waiting for data on fd\n");*/ |
4e71661f | 614 | rc = select(fd + 1, (SELECT_ARG2_TYPE *)&select_inset, NULL, NULL, &tv); |
059ec3d9 PH |
615 | |
616 | /* If some interrupt arrived, just retry. We presume this to be rare, | |
617 | but it can happen (e.g. the SIGUSR1 signal sent by exiwhat causes | |
618 | select() to exit). | |
619 | ||
620 | Aug 2004: Somebody set up a cron job that ran exiwhat every 2 minutes, making | |
621 | the interrupt not at all rare. Since the timeout is typically more than 2 | |
622 | minutes, the effect was to block the timeout completely. To prevent this | |
c528cec4 HSHR |
623 | happening again, we do an explicit time test and adjust the timeout |
624 | accordingly */ | |
059ec3d9 PH |
625 | |
626 | if (rc < 0 && errno == EINTR) | |
627 | { | |
628 | DEBUG(D_transport) debug_printf("EINTR while waiting for socket data\n"); | |
85ff3cf9 | 629 | |
c528cec4 | 630 | /* Watch out, 'continue' jumps to the condition, not to the loops top */ |
0a5441fc | 631 | if ((time_left = timelimit - time(NULL)) > 0) continue; |
059ec3d9 PH |
632 | } |
633 | ||
059ec3d9 PH |
634 | if (rc <= 0) |
635 | { | |
636 | errno = ETIMEDOUT; | |
4e71661f | 637 | return FALSE; |
059ec3d9 PH |
638 | } |
639 | ||
c528cec4 HSHR |
640 | /* Checking the FD_ISSET is not enough, if we're interrupted, the |
641 | select_inset may still contain the 'input'. */ | |
059ec3d9 | 642 | } |
4bd6107d | 643 | while (rc < 0 || !FD_ISSET(fd, &select_inset)); |
4e71661f JH |
644 | return TRUE; |
645 | } | |
646 | ||
647 | /* The timeout is implemented using select(), and we loop to cover select() | |
648 | getting interrupted, and the possibility of select() returning with a positive | |
649 | result but no ready descriptor. Is this in fact possible? | |
650 | ||
651 | Arguments: | |
74f1a423 | 652 | cctx the connection context (socket fd, possibly TLS context) |
4e71661f JH |
653 | buffer to read into |
654 | bufsize the buffer size | |
0a5441fc | 655 | timelimit the timeout endpoint, seconds-since-epoch |
4e71661f JH |
656 | |
657 | Returns: > 0 => that much data read | |
658 | <= 0 on error or EOF; errno set - zero for EOF | |
659 | */ | |
660 | ||
661 | int | |
0a5441fc | 662 | ip_recv(client_conn_ctx * cctx, uschar * buffer, int buffsize, time_t timelimit) |
4e71661f JH |
663 | { |
664 | int rc; | |
665 | ||
0a5441fc | 666 | if (!fd_ready(cctx->sock, timelimit)) |
4e71661f | 667 | return -1; |
059ec3d9 PH |
668 | |
669 | /* The socket is ready, read from it (via TLS if it's active). On EOF (i.e. | |
670 | close down of the connection), set errno to zero; otherwise leave it alone. */ | |
671 | ||
01603eec | 672 | #ifndef DISABLE_TLS |
74f1a423 JH |
673 | if (cctx->tls_ctx) /* client TLS */ |
674 | rc = tls_read(cctx->tls_ctx, buffer, buffsize); | |
675 | else if (tls_in.active.sock == cctx->sock) /* server TLS */ | |
676 | rc = tls_read(NULL, buffer, buffsize); | |
059ec3d9 PH |
677 | else |
678 | #endif | |
74f1a423 | 679 | rc = recv(cctx->sock, buffer, buffsize, 0); |
059ec3d9 PH |
680 | |
681 | if (rc > 0) return rc; | |
682 | if (rc == 0) errno = 0; | |
683 | return -1; | |
684 | } | |
685 | ||
686 | ||
9e4f5962 PP |
687 | |
688 | ||
13363eba PP |
689 | /************************************************* |
690 | * Lookup address family of potential socket * | |
691 | *************************************************/ | |
692 | ||
693 | /* Given a file-descriptor, check to see if it's a socket and, if so, | |
694 | return the address family; detects IPv4 vs IPv6. If not a socket then | |
695 | return -1. | |
696 | ||
697 | The value 0 is typically AF_UNSPEC, which should not be seen on a connected | |
698 | fd. If the return is -1, the errno will be from getsockname(); probably | |
699 | ENOTSOCK or ECONNRESET. | |
700 | ||
701 | Arguments: socket-or-not fd | |
702 | Returns: address family or -1 | |
703 | */ | |
704 | ||
705 | int | |
706 | ip_get_address_family(int fd) | |
707 | { | |
708 | struct sockaddr_storage ss; | |
709 | socklen_t sslen = sizeof(ss); | |
710 | ||
711 | if (getsockname(fd, (struct sockaddr *) &ss, &sslen) < 0) | |
712 | return -1; | |
713 | ||
714 | return (int) ss.ss_family; | |
715 | } | |
716 | ||
717 | ||
718 | ||
719 | ||
9e4f5962 PP |
720 | /************************************************* |
721 | * Lookup DSCP settings for a socket * | |
722 | *************************************************/ | |
723 | ||
724 | struct dscp_name_tableentry { | |
725 | const uschar *name; | |
726 | int value; | |
727 | }; | |
728 | /* Keep both of these tables sorted! */ | |
729 | static struct dscp_name_tableentry dscp_table[] = { | |
730 | #ifdef IPTOS_DSCP_AF11 | |
36a3ae5f PP |
731 | { CUS"af11", IPTOS_DSCP_AF11 }, |
732 | { CUS"af12", IPTOS_DSCP_AF12 }, | |
733 | { CUS"af13", IPTOS_DSCP_AF13 }, | |
734 | { CUS"af21", IPTOS_DSCP_AF21 }, | |
735 | { CUS"af22", IPTOS_DSCP_AF22 }, | |
736 | { CUS"af23", IPTOS_DSCP_AF23 }, | |
737 | { CUS"af31", IPTOS_DSCP_AF31 }, | |
738 | { CUS"af32", IPTOS_DSCP_AF32 }, | |
739 | { CUS"af33", IPTOS_DSCP_AF33 }, | |
740 | { CUS"af41", IPTOS_DSCP_AF41 }, | |
741 | { CUS"af42", IPTOS_DSCP_AF42 }, | |
742 | { CUS"af43", IPTOS_DSCP_AF43 }, | |
743 | { CUS"ef", IPTOS_DSCP_EF }, | |
9e4f5962 PP |
744 | #endif |
745 | #ifdef IPTOS_LOWCOST | |
36a3ae5f | 746 | { CUS"lowcost", IPTOS_LOWCOST }, |
9e4f5962 | 747 | #endif |
36a3ae5f | 748 | { CUS"lowdelay", IPTOS_LOWDELAY }, |
9e4f5962 | 749 | #ifdef IPTOS_MINCOST |
36a3ae5f | 750 | { CUS"mincost", IPTOS_MINCOST }, |
9e4f5962 | 751 | #endif |
36a3ae5f PP |
752 | { CUS"reliability", IPTOS_RELIABILITY }, |
753 | { CUS"throughput", IPTOS_THROUGHPUT } | |
9e4f5962 PP |
754 | }; |
755 | static int dscp_table_size = | |
756 | sizeof(dscp_table) / sizeof(struct dscp_name_tableentry); | |
757 | ||
758 | /* DSCP values change by protocol family, and so do the options used for | |
2a1b36b3 PP |
759 | setsockopt(); this utility does all the lookups. It takes an unexpanded |
760 | option string, expands it, strips off affix whitespace, then checks if it's | |
761 | a number. If all of what's left is a number, then that's how the option will | |
762 | be parsed and success/failure is a range check. If it's not all a number, | |
763 | then it must be a supported keyword. | |
9e4f5962 PP |
764 | |
765 | Arguments: | |
766 | dscp_name a string, so far unvalidated | |
767 | af address_family in use | |
768 | level setsockopt level to use | |
769 | optname setsockopt name to use | |
770 | dscp_value value for dscp_name | |
771 | ||
772 | Returns: TRUE if okay to setsockopt(), else FALSE | |
2a1b36b3 PP |
773 | |
774 | *level and *optname may be set even if FALSE is returned | |
9e4f5962 PP |
775 | */ |
776 | ||
777 | BOOL | |
778 | dscp_lookup(const uschar *dscp_name, int af, | |
779 | int *level, int *optname, int *dscp_value) | |
780 | { | |
2a1b36b3 | 781 | uschar *dscp_lookup, *p; |
9e4f5962 | 782 | int first, last; |
2a1b36b3 | 783 | long rawlong; |
9e4f5962 PP |
784 | |
785 | if (af == AF_INET) | |
786 | { | |
787 | *level = IPPROTO_IP; | |
788 | *optname = IP_TOS; | |
789 | } | |
bb7b9411 | 790 | #if HAVE_IPV6 && defined(IPV6_TCLASS) |
9e4f5962 PP |
791 | else if (af == AF_INET6) |
792 | { | |
793 | *level = IPPROTO_IPV6; | |
794 | *optname = IPV6_TCLASS; | |
795 | } | |
b301a50b | 796 | #endif |
9e4f5962 PP |
797 | else |
798 | { | |
799 | DEBUG(D_transport) | |
800 | debug_printf("Unhandled address family %d in dscp_lookup()\n", af); | |
801 | return FALSE; | |
802 | } | |
803 | if (!dscp_name) | |
804 | { | |
805 | DEBUG(D_transport) | |
806 | debug_printf("[empty DSCP]\n"); | |
807 | return FALSE; | |
808 | } | |
809 | dscp_lookup = expand_string(US dscp_name); | |
810 | if (dscp_lookup == NULL || *dscp_lookup == '\0') | |
811 | return FALSE; | |
812 | ||
2a1b36b3 PP |
813 | p = dscp_lookup + Ustrlen(dscp_lookup) - 1; |
814 | while (isspace(*p)) *p-- = '\0'; | |
815 | while (isspace(*dscp_lookup) && dscp_lookup < p) dscp_lookup++; | |
816 | if (*dscp_lookup == '\0') | |
817 | return FALSE; | |
818 | ||
819 | rawlong = Ustrtol(dscp_lookup, &p, 0); | |
820 | if (p != dscp_lookup && *p == '\0') | |
821 | { | |
822 | /* We have six bits available, which will end up shifted to fit in 0xFC mask. | |
823 | RFC 2597 defines the values unshifted. */ | |
824 | if (rawlong < 0 || rawlong > 0x3F) | |
825 | { | |
826 | DEBUG(D_transport) | |
827 | debug_printf("DSCP value %ld out of range, ignored.\n", rawlong); | |
828 | return FALSE; | |
829 | } | |
830 | *dscp_value = rawlong << 2; | |
831 | return TRUE; | |
832 | } | |
833 | ||
9e4f5962 PP |
834 | first = 0; |
835 | last = dscp_table_size; | |
836 | while (last > first) | |
837 | { | |
838 | int middle = (first + last)/2; | |
839 | int c = Ustrcmp(dscp_lookup, dscp_table[middle].name); | |
840 | if (c == 0) | |
841 | { | |
842 | *dscp_value = dscp_table[middle].value; | |
843 | return TRUE; | |
844 | } | |
845 | else if (c > 0) | |
9e4f5962 | 846 | first = middle + 1; |
9e4f5962 | 847 | else |
9e4f5962 | 848 | last = middle; |
9e4f5962 PP |
849 | } |
850 | return FALSE; | |
851 | } | |
852 | ||
36a3ae5f PP |
853 | void |
854 | dscp_list_to_stream(FILE *stream) | |
855 | { | |
d7978c0f | 856 | for (int i = 0; i < dscp_table_size; ++i) |
36a3ae5f PP |
857 | fprintf(stream, "%s\n", dscp_table[i].name); |
858 | } | |
859 | ||
9e4f5962 | 860 | |
059ec3d9 | 861 | /* End of ip.c */ |
8a512ed5 JH |
862 | /* vi: aw ai sw=2 |
863 | */ |