]>
Commit | Line | Data |
---|---|---|
9d90e665 | 1 | /* |
77b1029d | 2 | * Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
e25c139f | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
9d90e665 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 42 ICMP Pinger program */ |
10 | ||
128fe1c6 | 11 | #define SQUID_HELPER 1 |
12 | ||
63be0a78 | 13 | /** |
14 | \defgroup pinger pinger | |
15 | \ingroup ExternalPrograms | |
16 | \par | |
17 | * Although it would be possible for Squid to send and receive | |
18 | * ICMP messages directly, we use an external process for | |
19 | * two important reasons: | |
20 | * | |
21 | \li Because squid handles many filedescriptors simultaneously, | |
22 | * we get much more accurate RTT measurements when ICMP is | |
23 | * handled by a separate process. | |
24 | * | |
25 | \li Superuser privileges are required to send and receive ICMP. | |
26 | * Rather than require Squid to be started as root, we prefer | |
27 | * to have the smaller and simpler pinger program installed | |
28 | * with setuid permissions. | |
29 | * | |
30 | \par | |
31 | * If you want to use Squid's ICMP features (highly recommended!) | |
32 | * When USE_ICMP is defined, Squid will send ICMP pings | |
33 | * to origin server sites. | |
34 | * This information is used in numerous ways: | |
35 | \li - Sent in ICP replies so neighbor caches know how close | |
36 | * you are to the source. | |
37 | \li - For finding the closest instance of a URN. | |
38 | \li - With the 'test_reachability' option. Squid will return | |
39 | * ICP_OP_MISS_NOFETCH for sites which it cannot ping. | |
40 | */ | |
41 | ||
582c2af2 FC |
42 | #include "squid.h" |
43 | #include "Debug.h" | |
985c86bc | 44 | #include "SquidTime.h" |
9d90e665 | 45 | |
43426991 | 46 | #if USE_ICMP |
47 | ||
663ff9aa AJ |
48 | #include "Icmp4.h" |
49 | #include "Icmp6.h" | |
50 | #include "IcmpPinger.h" | |
059d13ed | 51 | #include "ip/tools.h" |
0ab98d6b | 52 | |
7aa9bb3e | 53 | #if _SQUID_WINDOWS_ |
bdb741f4 | 54 | |
bfe8dedf | 55 | #if HAVE_WINSOCK2_H |
bdb741f4 | 56 | #include <winsock2.h> |
fcabe077 FC |
57 | #elif HAVE_WINSOCK_H |
58 | #include <winsock.h> | |
bfe8dedf | 59 | #endif |
bdb741f4 | 60 | #include <process.h> |
cc192b50 | 61 | #include "fde.h" |
bdb741f4 | 62 | |
63 | #define PINGER_TIMEOUT 5 | |
64 | ||
cc192b50 | 65 | /* windows uses the control socket for feedback to squid */ |
66 | #define LINK_TO_SQUID squid_link | |
bdb741f4 | 67 | |
cc192b50 | 68 | // windows still requires WSAFD but there are too many dependancy problems |
69 | // to just link to win32.cc where it is normally defined. | |
bdb741f4 | 70 | |
cc192b50 | 71 | int |
72 | Win32__WSAFDIsSet(int fd, fd_set FAR * set) | |
bdb741f4 | 73 | { |
cc192b50 | 74 | fde *F = &fd_table[fd]; |
75 | SOCKET s = F->win32.handle; | |
bdb741f4 | 76 | |
cc192b50 | 77 | return __WSAFDIsSet(s, set); |
bdb741f4 | 78 | } |
79 | ||
cc192b50 | 80 | #else |
bdb741f4 | 81 | |
cc192b50 | 82 | #define PINGER_TIMEOUT 10 |
bdb741f4 | 83 | |
cc192b50 | 84 | /* non-windows use STDOUT for feedback to squid */ |
f53969cc | 85 | #define LINK_TO_SQUID 1 |
bdb741f4 | 86 | |
f53969cc | 87 | #endif /* _SQUID_WINDOWS_ */ |
bdb741f4 | 88 | |
cc192b50 | 89 | // ICMP Engines are declared global here so they can call each other easily. |
663ff9aa AJ |
90 | IcmpPinger control; |
91 | Icmp4 icmp4; | |
663ff9aa | 92 | Icmp6 icmp6; |
62e76326 | 93 | |
5be53f2d | 94 | int icmp_pkts_sent = 0; |
9d90e665 | 95 | |
63be0a78 | 96 | /** |
97 | \ingroup pinger | |
98 | \par This is the pinger external process. | |
99 | * | |
100 | \param argc Ignored. | |
101 | \param argv Ignored. | |
102 | */ | |
cc192b50 | 103 | int |
104 | main(int argc, char *argv[]) | |
9d90e665 | 105 | { |
cc192b50 | 106 | fd_set R; |
bdb741f4 | 107 | int x; |
cc192b50 | 108 | int max_fd = 0; |
bdb741f4 | 109 | |
cc192b50 | 110 | struct timeval tv; |
111 | const char *debug_args = "ALL,10"; | |
112 | char *t; | |
113 | time_t last_check_time = 0; | |
bdb741f4 | 114 | |
cc192b50 | 115 | /* |
116 | * cevans - do this first. It grabs a raw socket. After this we can | |
117 | * drop privs | |
118 | */ | |
119 | int icmp4_worker = -1; | |
cc192b50 | 120 | int icmp6_worker = -1; |
cc192b50 | 121 | int squid_link = -1; |
62e76326 | 122 | |
63be0a78 | 123 | /** start by initializing the pinger debug cache.log-pinger. */ |
cc192b50 | 124 | if ((t = getenv("SQUID_DEBUG"))) |
125 | debug_args = xstrdup(t); | |
bdb741f4 | 126 | |
127 | getCurrentTime(); | |
62e76326 | 128 | |
059d13ed AJ |
129 | // determine IPv4 or IPv6 capabilities before using sockets. |
130 | Ip::ProbeTransport(); | |
131 | ||
cc192b50 | 132 | _db_init(NULL, debug_args); |
b6a2f15e | 133 | |
fa84c01d | 134 | debugs(42, DBG_CRITICAL, "pinger: Initialising ICMP pinger ..."); |
62e76326 | 135 | |
cc192b50 | 136 | icmp4_worker = icmp4.Open(); |
26ac0430 | 137 | if (icmp4_worker < 0) { |
fa84c01d | 138 | debugs(42, DBG_CRITICAL, "pinger: Unable to start ICMP pinger."); |
b6a2f15e | 139 | } |
cc192b50 | 140 | max_fd = max(max_fd, icmp4_worker); |
62e76326 | 141 | |
cc192b50 | 142 | #if USE_IPV6 |
143 | icmp6_worker = icmp6.Open(); | |
26ac0430 | 144 | if (icmp6_worker <0 ) { |
fa84c01d | 145 | debugs(42, DBG_CRITICAL, "pinger: Unable to start ICMPv6 pinger."); |
9d90e665 | 146 | } |
cc192b50 | 147 | max_fd = max(max_fd, icmp6_worker); |
d20b1cd0 | 148 | #endif |
62e76326 | 149 | |
63be0a78 | 150 | /** abort if neither worker could open a socket. */ |
055421ee | 151 | if (icmp4_worker < 0 && icmp6_worker < 0) { |
fa84c01d | 152 | debugs(42, DBG_CRITICAL, "FATAL: pinger: Unable to open any ICMP sockets."); |
24885773 | 153 | exit(EXIT_FAILURE); |
b6a2f15e | 154 | } |
62e76326 | 155 | |
26ac0430 | 156 | if ( (squid_link = control.Open()) < 0) { |
fa84c01d | 157 | debugs(42, DBG_CRITICAL, "FATAL: pinger: Unable to setup Pinger control sockets."); |
cc192b50 | 158 | icmp4.Close(); |
cc192b50 | 159 | icmp6.Close(); |
24885773 | 160 | exit(EXIT_FAILURE); // fatal error if the control channel fails. |
365a4bce | 161 | } |
cc192b50 | 162 | max_fd = max(max_fd, squid_link); |
62e76326 | 163 | |
77468ee5 | 164 | if (setgid(getgid()) < 0) { |
23c38c73 YK |
165 | int xerrno = errno; |
166 | debugs(42, DBG_CRITICAL, "FATAL: pinger: setgid(" << getgid() << ") failed: " << xstrerr(xerrno)); | |
77468ee5 AJ |
167 | icmp4.Close(); |
168 | icmp6.Close(); | |
24885773 | 169 | exit(EXIT_FAILURE); |
77468ee5 AJ |
170 | } |
171 | if (setuid(getuid()) < 0) { | |
23c38c73 YK |
172 | int xerrno = errno; |
173 | debugs(42, DBG_CRITICAL, "FATAL: pinger: setuid(" << getuid() << ") failed: " << xstrerr(xerrno)); | |
77468ee5 AJ |
174 | icmp4.Close(); |
175 | icmp6.Close(); | |
24885773 | 176 | exit(EXIT_FAILURE); |
77468ee5 | 177 | } |
b6a2f15e | 178 | |
23c38c73 YK |
179 | #if USE_LIBCAP |
180 | // Drop remaining capabilities (if installed as non-setuid setcap cap_net_raw=ep). | |
181 | // If pinger binary was installed setuid root, setuid() above already dropped all | |
182 | // capabilities, and this is no-op. | |
183 | cap_t caps; | |
184 | caps = cap_init(); | |
185 | if (!caps) { | |
186 | int xerrno = errno; | |
187 | debugs(42, DBG_CRITICAL, "FATAL: pinger: cap_init() failed: " << xstrerr(xerrno)); | |
188 | icmp4.Close(); | |
189 | icmp6.Close(); | |
24885773 | 190 | exit(EXIT_FAILURE); |
23c38c73 YK |
191 | } else { |
192 | if (cap_set_proc(caps) != 0) { | |
193 | int xerrno = errno; | |
194 | // cap_set_proc(cap_init()) is expected to never fail | |
195 | debugs(42, DBG_CRITICAL, "FATAL: pinger: cap_set_proc(none) failed: " << xstrerr(xerrno)); | |
196 | cap_free(caps); | |
197 | icmp4.Close(); | |
198 | icmp6.Close(); | |
24885773 | 199 | exit(EXIT_FAILURE); |
23c38c73 YK |
200 | } |
201 | cap_free(caps); | |
202 | } | |
203 | #endif | |
204 | ||
ad25ac5d AJ |
205 | last_check_time = squid_curtime; |
206 | ||
9d90e665 | 207 | for (;;) { |
bdb741f4 | 208 | tv.tv_sec = PINGER_TIMEOUT; |
62e76326 | 209 | tv.tv_usec = 0; |
210 | FD_ZERO(&R); | |
26ac0430 | 211 | if (icmp4_worker >= 0) { |
cc192b50 | 212 | FD_SET(icmp4_worker, &R); |
213 | } | |
26ac0430 | 214 | if (icmp6_worker >= 0) { |
cc192b50 | 215 | FD_SET(icmp6_worker, &R); |
216 | } | |
055421ee | 217 | |
cc192b50 | 218 | FD_SET(squid_link, &R); |
eb7e3b07 | 219 | x = select(max_fd+1, &R, NULL, NULL, &tv); |
62e76326 | 220 | getCurrentTime(); |
221 | ||
bdb741f4 | 222 | if (x < 0) { |
23c38c73 YK |
223 | int xerrno = errno; |
224 | debugs(42, DBG_CRITICAL, HERE << " FATAL Shutdown. select()==" << x << ", ERR: " << xstrerr(xerrno)); | |
cc192b50 | 225 | control.Close(); |
24885773 | 226 | exit(EXIT_FAILURE); |
bdb741f4 | 227 | } |
62e76326 | 228 | |
cc192b50 | 229 | if (FD_ISSET(squid_link, &R)) { |
230 | control.Recv(); | |
231 | } | |
62e76326 | 232 | |
cc192b50 | 233 | if (icmp6_worker >= 0 && FD_ISSET(icmp6_worker, &R)) { |
234 | icmp6.Recv(); | |
235 | } | |
cc192b50 | 236 | if (icmp4_worker >= 0 && FD_ISSET(icmp4_worker, &R)) { |
237 | icmp4.Recv(); | |
238 | } | |
62e76326 | 239 | |
bdb741f4 | 240 | if (PINGER_TIMEOUT + last_check_time < squid_curtime) { |
cc192b50 | 241 | if (send(LINK_TO_SQUID, &tv, 0, 0) < 0) { |
fa84c01d | 242 | debugs(42, DBG_CRITICAL, "pinger: Closing. No requests in last " << PINGER_TIMEOUT << " seconds."); |
cc192b50 | 243 | control.Close(); |
24885773 | 244 | exit(EXIT_FAILURE); |
bdb741f4 | 245 | } |
62e76326 | 246 | |
247 | last_check_time = squid_curtime; | |
248 | } | |
9d90e665 | 249 | } |
62e76326 | 250 | |
145766ef | 251 | /* NOTREACHED */ |
24885773 | 252 | return EXIT_SUCCESS; |
9d90e665 | 253 | } |
365a4bce | 254 | |
5e66b1a6 | 255 | #else /* !USE_ICMP */ |
074d6a40 AJ |
256 | |
257 | #include <ostream> | |
9d90e665 | 258 | int |
259 | main(int argc, char *argv[]) | |
260 | { | |
074d6a40 | 261 | std::cerr << argv[0] << ": ICMP support not compiled in." << std::endl; |
24885773 | 262 | return EXIT_FAILURE; |
9d90e665 | 263 | } |
62e76326 | 264 | |
9d90e665 | 265 | #endif /* USE_ICMP */ |
f53969cc | 266 |