diff options
Diffstat (limited to 'daemon')
-rw-r--r-- | daemon/lua/kres-gen-30.lua | 7 | ||||
-rw-r--r-- | daemon/lua/kres-gen-31.lua | 7 | ||||
-rw-r--r-- | daemon/lua/kres-gen-32.lua | 7 | ||||
-rwxr-xr-x | daemon/lua/kres-gen.sh | 15 | ||||
-rw-r--r-- | daemon/lua/meson.build | 19 | ||||
-rw-r--r-- | daemon/proxyv2.c | 48 | ||||
-rw-r--r-- | daemon/proxyv2.h | 27 |
7 files changed, 81 insertions, 49 deletions
diff --git a/daemon/lua/kres-gen-30.lua b/daemon/lua/kres-gen-30.lua index 7639e79..f3f8a49 100644 --- a/daemon/lua/kres-gen-30.lua +++ b/daemon/lua/kres-gen-30.lua @@ -2,9 +2,10 @@ local ffi = require('ffi') --[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[ -typedef long time_t; -typedef long __time_t; -typedef long __suseconds_t; + +typedef @time_t@ time_t; +typedef @time_t@ __time_t; +typedef @time_t@ __suseconds_t; struct timeval { __time_t tv_sec; __suseconds_t tv_usec; diff --git a/daemon/lua/kres-gen-31.lua b/daemon/lua/kres-gen-31.lua index e555a6a..46b349e 100644 --- a/daemon/lua/kres-gen-31.lua +++ b/daemon/lua/kres-gen-31.lua @@ -2,9 +2,10 @@ local ffi = require('ffi') --[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[ -typedef long time_t; -typedef long __time_t; -typedef long __suseconds_t; + +typedef @time_t@ time_t; +typedef @time_t@ __time_t; +typedef @time_t@ __suseconds_t; struct timeval { __time_t tv_sec; __suseconds_t tv_usec; diff --git a/daemon/lua/kres-gen-32.lua b/daemon/lua/kres-gen-32.lua index 31a5c5d..88b50de 100644 --- a/daemon/lua/kres-gen-32.lua +++ b/daemon/lua/kres-gen-32.lua @@ -2,9 +2,10 @@ local ffi = require('ffi') --[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[ -typedef long time_t; -typedef long __time_t; -typedef long __suseconds_t; + +typedef @time_t@ time_t; +typedef @time_t@ __time_t; +typedef @time_t@ __suseconds_t; struct timeval { __time_t tv_sec; __suseconds_t tv_usec; diff --git a/daemon/lua/kres-gen.sh b/daemon/lua/kres-gen.sh index 70afb40..3befd5d 100755 --- a/daemon/lua/kres-gen.sh +++ b/daemon/lua/kres-gen.sh @@ -53,12 +53,15 @@ printf -- "local ffi = require('ffi')\n" printf -- "--[[ This file is generated by ./kres-gen.sh ]] ffi.cdef[[\n" # Some system dependencies. TODO: this generated part isn't perfectly portable. -${CDEFS} ${LIBKRES} types <<-EOF - typedef time_t - __time_t - __suseconds_t - struct timeval -EOF +printf " +typedef @time_t@ time_t; +typedef @time_t@ __time_t; +typedef @time_t@ __suseconds_t; +struct timeval { + __time_t tv_sec; + __suseconds_t tv_usec; +}; +" ## Various types (mainly), from libknot and libkres diff --git a/daemon/lua/meson.build b/daemon/lua/meson.build index b19777c..6df5bc5 100644 --- a/daemon/lua/meson.build +++ b/daemon/lua/meson.build @@ -47,10 +47,23 @@ else kres_gen_fname = 'kres-gen-30.lua' endif +# Exact types around time_t aren't easy to detect, but at least we need the same size. +time_t_size = meson.get_compiler('c').sizeof('time_t', prefix: '#include <sys/time.h>') +kres_gen_config = {} +foreach t: [ 'long', 'long long' ] + if meson.get_compiler('c').sizeof(t) == time_t_size + kres_gen_config = { 'time_t': t } + break + endif +endforeach +if kres_gen_config == {} + error('Unexpected sizeof(time_t) == @0@'.format(time_t_size)) +endif + kres_gen_lua = configure_file( input: kres_gen_fname, output: 'kres-gen.lua', - copy: true, + configuration: kres_gen_config, ) run_target( # run manually to re-generate kres-gen.lua @@ -72,9 +85,9 @@ if get_option('kres_gen_test') and not meson.is_cross_build() ] # Construct the lua tester as a meson string. kres_gen_test_luastr = ''' - dofile('@0@') + dofile('@0@/../../@1@') local ffi = require('ffi') - '''.format(meson.current_source_dir() / kres_gen_fname) + '''.format(meson.current_build_dir(), kres_gen_lua) foreach ttc: types_to_check # We're careful with adding just includes; otherwise it's more fragile (e.g. linking flags). if 'dep' in ttc diff --git a/daemon/proxyv2.c b/daemon/proxyv2.c index f977ccb..aedbb91 100644 --- a/daemon/proxyv2.c +++ b/daemon/proxyv2.c @@ -2,6 +2,9 @@ * SPDX-License-Identifier: GPL-3.0-or-later */ +#include "daemon/session.h" +#include "daemon/network.h" + #include "daemon/proxyv2.h" #include "lib/generic/trie.h" @@ -91,12 +94,12 @@ static inline enum proxy2_family proxy2_header_protocol(const struct proxy2_head static inline union proxy2_address *proxy2_get_address(const struct proxy2_header *h) { - return (union proxy2_address *) ((uint8_t *) h + sizeof(struct proxy2_header)); + return (union proxy2_address *)((uint8_t *)h + sizeof(struct proxy2_header)); } static inline struct proxy2_tlv *get_tlvs(const struct proxy2_header *h, size_t addr_len) { - return (struct proxy2_tlv *) ((uint8_t *) proxy2_get_address(h) + addr_len); + return (struct proxy2_tlv *)((uint8_t *)proxy2_get_address(h) + addr_len); } /** Gets the length of the TLV's `value` attribute. */ @@ -111,20 +114,20 @@ static inline bool has_tlv(const struct proxy2_header *h, uint64_t addr_length = ntohs(h->length); ptrdiff_t hdr_len = sizeof(struct proxy2_header) + addr_length; - uint8_t *tlv_hdr_end = (uint8_t *) tlv + sizeof(struct proxy2_tlv); - ptrdiff_t distance = tlv_hdr_end - (uint8_t *) h; + uint8_t *tlv_hdr_end = (uint8_t *)tlv + sizeof(struct proxy2_tlv); + ptrdiff_t distance = tlv_hdr_end - (uint8_t *)h; if (hdr_len < distance) return false; uint8_t *tlv_end = tlv_hdr_end + proxy2_tlv_length(tlv); - distance = tlv_end - (uint8_t *) h; + distance = tlv_end - (uint8_t *)h; return hdr_len >= distance; } static inline void next_tlv(struct proxy2_tlv **tlv) { - uint8_t *next = ((uint8_t *) *tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv)); - *tlv = (struct proxy2_tlv *) next; + uint8_t *next = ((uint8_t *)*tlv + sizeof(struct proxy2_tlv) + proxy2_tlv_length(*tlv)); + *tlv = (struct proxy2_tlv *)next; } @@ -140,7 +143,7 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr) trie = net->proxy_addrs4; addr_size = sizeof(addr.ip4); - addr.ip4 = ((struct sockaddr_in *) saddr)->sin_addr; + addr.ip4 = ((struct sockaddr_in *)saddr)->sin_addr; break; case AF_INET6: if (net->proxy_all6) @@ -148,7 +151,7 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr) trie = net->proxy_addrs6; addr_size = sizeof(addr.ip6); - addr.ip6 = ((struct sockaddr_in6 *) saddr)->sin6_addr; + addr.ip6 = ((struct sockaddr_in6 *)saddr)->sin6_addr; break; default: kr_assert(false); // Only IPv4 and IPv6 proxy addresses supported @@ -156,14 +159,14 @@ bool proxy_allowed(const struct network *net, const struct sockaddr *saddr) } trie_val_t *val; - int ret = trie_get_leq(trie, (char *) &addr, addr_size, &val); + int ret = trie_get_leq(trie, (char *)&addr, addr_size, &val); if (ret != kr_ok() && ret != 1) return false; kr_assert(val); const struct net_proxy_data *found = *val; kr_assert(found); - return kr_bitcmp((char *) &addr, (char *) &found->addr, found->netmask) == 0; + return kr_bitcmp((char *)&addr, (char *)&found->addr, found->netmask) == 0; } ssize_t proxy_process_header(struct proxy_result *out, struct session *s, @@ -172,7 +175,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, if (!buf) return kr_error(EINVAL); - const struct proxy2_header *hdr = (struct proxy2_header *) buf; + const struct proxy2_header *hdr = (struct proxy2_header *)buf; uint64_t content_length = ntohs(hdr->length); ssize_t hdr_len = sizeof(struct proxy2_header) + content_length; @@ -191,7 +194,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, enum proxy2_command command = proxy2_header_command(hdr); if (command == PROXY2_CMD_LOCAL) { /* Addresses for LOCAL are to be discarded */ - *out = (struct proxy_result) { .command = PROXY2_CMD_LOCAL }; + *out = (struct proxy_result){ .command = PROXY2_CMD_LOCAL }; goto fill_wirebuf; } @@ -200,13 +203,14 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, return kr_error(KNOT_EMALF); } - *out = (struct proxy_result) { .command = PROXY2_CMD_PROXY }; + *out = (struct proxy_result){ .command = PROXY2_CMD_PROXY }; /* Parse flags */ enum proxy2_family family = proxy2_header_family(hdr); switch(family) { case PROXY2_AF_UNSPEC: - case PROXY2_AF_UNIX: /* UNIX is unsupported, fall back to UNSPEC */ + case PROXY2_AF_UNIX: + /* UNIX is unsupported, fall back to UNSPEC */ out->family = AF_UNSPEC; break; case PROXY2_AF_INET: @@ -215,7 +219,8 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, case PROXY2_AF_INET6: out->family = AF_INET6; break; - default: /* PROXYv2 prohibits other values */ + default: + /* PROXYv2 prohibits other values */ return kr_error(KNOT_EMALF); } @@ -227,7 +232,8 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, case PROXY2_PROTOCOL_STREAM: out->protocol = SOCK_STREAM; break; - default: /* PROXYv2 prohibits other values */ + default: + /* PROXYv2 prohibits other values */ return kr_error(KNOT_EMALF); } @@ -240,12 +246,12 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, if (content_length < addr_length) return kr_error(KNOT_EMALF); - out->src_addr.ip4 = (struct sockaddr_in) { + out->src_addr.ip4 = (struct sockaddr_in){ .sin_family = AF_INET, .sin_addr = { .s_addr = addr->ipv4_addr.src_addr }, .sin_port = addr->ipv4_addr.src_port, }; - out->dst_addr.ip4 = (struct sockaddr_in) { + out->dst_addr.ip4 = (struct sockaddr_in){ .sin_family = AF_INET, .sin_addr = { .s_addr = addr->ipv4_addr.dst_addr }, .sin_port = addr->ipv4_addr.dst_port, @@ -256,7 +262,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, if (content_length < addr_length) return kr_error(KNOT_EMALF); - out->src_addr.ip6 = (struct sockaddr_in6) { + out->src_addr.ip6 = (struct sockaddr_in6){ .sin6_family = AF_INET6, .sin6_port = addr->ipv6_addr.src_port }; @@ -264,7 +270,7 @@ ssize_t proxy_process_header(struct proxy_result *out, struct session *s, &out->src_addr.ip6.sin6_addr.s6_addr, &addr->ipv6_addr.src_addr, sizeof(out->src_addr.ip6.sin6_addr.s6_addr)); - out->dst_addr.ip6 = (struct sockaddr_in6) { + out->dst_addr.ip6 = (struct sockaddr_in6){ .sin6_family = AF_INET6, .sin6_port = addr->ipv6_addr.dst_port }; diff --git a/daemon/proxyv2.h b/daemon/proxyv2.h index 2d57744..fdee126 100644 --- a/daemon/proxyv2.h +++ b/daemon/proxyv2.h @@ -6,10 +6,11 @@ #include <stdint.h> -#include "daemon/session.h" -#include "daemon/network.h" #include "lib/utils.h" +struct network; +struct session; + extern const char PROXY2_SIGNATURE[12]; #define PROXY2_MIN_SIZE 16 @@ -21,14 +22,20 @@ enum proxy2_command { /** Parsed result of the PROXY protocol */ struct proxy_result { - enum proxy2_command command; /**< Proxy command - PROXY or LOCAL. */ - int family; /**< Address family from netinet library (e.g. AF_INET6). */ - int protocol; /**< Protocol type from socket library (e.g. SOCK_STREAM). */ - union kr_sockaddr src_addr; /**< Parsed source address and port. */ - union kr_sockaddr dst_addr; /**< Parsed destination address and port. */ - bool has_tls : 1; /**< `true` = client has used TLS with the proxy. - If TLS padding is enabled, it will be used even if - the proxy did not use TLS with kresd. */ + /** Proxy command - PROXY or LOCAL. */ + enum proxy2_command command; + /** Address family from netinet library (e.g. AF_INET6). */ + int family; + /** Protocol type from socket library (e.g. SOCK_STREAM). */ + int protocol; + /** Parsed source address and port. */ + union kr_sockaddr src_addr; + /** Parsed destination address and port. */ + union kr_sockaddr dst_addr; + /** `true` = client has used TLS with the proxy. If TLS padding is + * enabled, it will be used even if the communication between kresd and + * the proxy is unencrypted. */ + bool has_tls : 1; }; /** Checks for a PROXY protocol version 2 signature in the specified buffer. */ |