1 /* SPDX-License-Identifier: LGPL-2.1+ */
10 #include <sys/socket.h>
14 #include "sd-daemon.h"
16 #include "sd-resolve.h"
18 #include "alloc-util.h"
19 #include "errno-util.h"
22 #include "main-func.h"
23 #include "parse-util.h"
24 #include "path-util.h"
25 #include "pretty-print.h"
26 #include "resolve-private.h"
28 #include "socket-util.h"
29 #include "string-util.h"
32 #define BUFFER_SIZE (256 * 1024)
34 static unsigned arg_connections_max
= 256;
35 static const char *arg_remote_host
= NULL
;
37 typedef struct Context
{
45 typedef struct Connection
{
48 int server_fd
, client_fd
;
49 int server_to_client_buffer
[2]; /* a pipe */
50 int client_to_server_buffer
[2]; /* a pipe */
52 size_t server_to_client_buffer_full
, client_to_server_buffer_full
;
53 size_t server_to_client_buffer_size
, client_to_server_buffer_size
;
55 sd_event_source
*server_event_source
, *client_event_source
;
57 sd_resolve_query
*resolve_query
;
60 static void connection_free(Connection
*c
) {
64 set_remove(c
->context
->connections
, c
);
66 sd_event_source_unref(c
->server_event_source
);
67 sd_event_source_unref(c
->client_event_source
);
69 safe_close(c
->server_fd
);
70 safe_close(c
->client_fd
);
72 safe_close_pair(c
->server_to_client_buffer
);
73 safe_close_pair(c
->client_to_server_buffer
);
75 sd_resolve_query_unref(c
->resolve_query
);
80 static void context_clear(Context
*context
) {
83 set_free_with_destructor(context
->listen
, sd_event_source_unref
);
84 set_free_with_destructor(context
->connections
, connection_free
);
86 sd_event_unref(context
->event
);
87 sd_resolve_unref(context
->resolve
);
90 static int connection_create_pipes(Connection
*c
, int buffer
[static 2], size_t *sz
) {
100 r
= pipe2(buffer
, O_CLOEXEC
|O_NONBLOCK
);
102 return log_error_errno(errno
, "Failed to allocate pipe buffer: %m");
104 (void) fcntl(buffer
[0], F_SETPIPE_SZ
, BUFFER_SIZE
);
106 r
= fcntl(buffer
[0], F_GETPIPE_SZ
);
108 return log_error_errno(errno
, "Failed to get pipe buffer size: %m");
116 static int connection_shovel(
118 int *from
, int buffer
[2], int *to
,
119 size_t *full
, size_t *sz
,
120 sd_event_source
**from_source
, sd_event_source
**to_source
) {
127 assert(buffer
[0] >= 0);
128 assert(buffer
[1] >= 0);
140 if (*full
< *sz
&& *from
>= 0 && *to
>= 0) {
141 z
= splice(*from
, NULL
, buffer
[1], NULL
, *sz
- *full
, SPLICE_F_MOVE
|SPLICE_F_NONBLOCK
);
145 } else if (z
== 0 || ERRNO_IS_DISCONNECT(errno
)) {
146 *from_source
= sd_event_source_unref(*from_source
);
147 *from
= safe_close(*from
);
148 } else if (!IN_SET(errno
, EAGAIN
, EINTR
))
149 return log_error_errno(errno
, "Failed to splice: %m");
152 if (*full
> 0 && *to
>= 0) {
153 z
= splice(buffer
[0], NULL
, *to
, NULL
, *full
, SPLICE_F_MOVE
|SPLICE_F_NONBLOCK
);
157 } else if (z
== 0 || ERRNO_IS_DISCONNECT(errno
)) {
158 *to_source
= sd_event_source_unref(*to_source
);
159 *to
= safe_close(*to
);
160 } else if (!IN_SET(errno
, EAGAIN
, EINTR
))
161 return log_error_errno(errno
, "Failed to splice: %m");
168 static int connection_enable_event_sources(Connection
*c
);
170 static int traffic_cb(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
171 Connection
*c
= userdata
;
178 r
= connection_shovel(c
,
179 &c
->server_fd
, c
->server_to_client_buffer
, &c
->client_fd
,
180 &c
->server_to_client_buffer_full
, &c
->server_to_client_buffer_size
,
181 &c
->server_event_source
, &c
->client_event_source
);
185 r
= connection_shovel(c
,
186 &c
->client_fd
, c
->client_to_server_buffer
, &c
->server_fd
,
187 &c
->client_to_server_buffer_full
, &c
->client_to_server_buffer_size
,
188 &c
->client_event_source
, &c
->server_event_source
);
192 /* EOF on both sides? */
193 if (c
->server_fd
== -1 && c
->client_fd
== -1)
196 /* Server closed, and all data written to client? */
197 if (c
->server_fd
== -1 && c
->server_to_client_buffer_full
<= 0)
200 /* Client closed, and all data written to server? */
201 if (c
->client_fd
== -1 && c
->client_to_server_buffer_full
<= 0)
204 r
= connection_enable_event_sources(c
);
212 return 0; /* ignore errors, continue serving */
215 static int connection_enable_event_sources(Connection
*c
) {
216 uint32_t a
= 0, b
= 0;
221 if (c
->server_to_client_buffer_full
> 0)
223 if (c
->server_to_client_buffer_full
< c
->server_to_client_buffer_size
)
226 if (c
->client_to_server_buffer_full
> 0)
228 if (c
->client_to_server_buffer_full
< c
->client_to_server_buffer_size
)
231 if (c
->server_event_source
)
232 r
= sd_event_source_set_io_events(c
->server_event_source
, a
);
233 else if (c
->server_fd
>= 0)
234 r
= sd_event_add_io(c
->context
->event
, &c
->server_event_source
, c
->server_fd
, a
, traffic_cb
, c
);
239 return log_error_errno(r
, "Failed to set up server event source: %m");
241 if (c
->client_event_source
)
242 r
= sd_event_source_set_io_events(c
->client_event_source
, b
);
243 else if (c
->client_fd
>= 0)
244 r
= sd_event_add_io(c
->context
->event
, &c
->client_event_source
, c
->client_fd
, b
, traffic_cb
, c
);
249 return log_error_errno(r
, "Failed to set up client event source: %m");
254 static int connection_complete(Connection
*c
) {
259 r
= connection_create_pipes(c
, c
->server_to_client_buffer
, &c
->server_to_client_buffer_size
);
263 r
= connection_create_pipes(c
, c
->client_to_server_buffer
, &c
->client_to_server_buffer_size
);
267 r
= connection_enable_event_sources(c
);
275 return 0; /* ignore errors, continue serving */
278 static int connect_cb(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
279 Connection
*c
= userdata
;
287 solen
= sizeof(error
);
288 r
= getsockopt(fd
, SOL_SOCKET
, SO_ERROR
, &error
, &solen
);
290 log_error_errno(errno
, "Failed to issue SO_ERROR: %m");
295 log_error_errno(error
, "Failed to connect to remote host: %m");
299 c
->client_event_source
= sd_event_source_unref(c
->client_event_source
);
301 return connection_complete(c
);
305 return 0; /* ignore errors, continue serving */
308 static int connection_start(Connection
*c
, struct sockaddr
*sa
, socklen_t salen
) {
315 c
->client_fd
= socket(sa
->sa_family
, SOCK_STREAM
|SOCK_NONBLOCK
|SOCK_CLOEXEC
, 0);
316 if (c
->client_fd
< 0) {
317 log_error_errno(errno
, "Failed to get remote socket: %m");
321 r
= connect(c
->client_fd
, sa
, salen
);
323 if (errno
== EINPROGRESS
) {
324 r
= sd_event_add_io(c
->context
->event
, &c
->client_event_source
, c
->client_fd
, EPOLLOUT
, connect_cb
, c
);
326 log_error_errno(r
, "Failed to add connection socket: %m");
330 r
= sd_event_source_set_enabled(c
->client_event_source
, SD_EVENT_ONESHOT
);
332 log_error_errno(r
, "Failed to enable oneshot event source: %m");
336 log_error_errno(errno
, "Failed to connect to remote host: %m");
340 r
= connection_complete(c
);
349 return 0; /* ignore errors, continue serving */
352 static int resolve_handler(sd_resolve_query
*q
, int ret
, const struct addrinfo
*ai
, Connection
*c
) {
357 log_error("Failed to resolve host: %s", gai_strerror(ret
));
361 c
->resolve_query
= sd_resolve_query_unref(c
->resolve_query
);
363 return connection_start(c
, ai
->ai_addr
, ai
->ai_addrlen
);
367 return 0; /* ignore errors, continue serving */
370 static int resolve_remote(Connection
*c
) {
372 static const struct addrinfo hints
= {
373 .ai_family
= AF_UNSPEC
,
374 .ai_socktype
= SOCK_STREAM
,
375 .ai_flags
= AI_ADDRCONFIG
378 union sockaddr_union sa
= {};
379 const char *node
, *service
;
382 if (IN_SET(arg_remote_host
[0], '/', '@')) {
385 salen
= sockaddr_un_set_path(&sa
.un
, arg_remote_host
);
387 log_error_errno(salen
, "Specified address doesn't fit in an AF_UNIX address, refusing: %m");
391 return connection_start(c
, &sa
.sa
, salen
);
394 service
= strrchr(arg_remote_host
, ':');
396 node
= strndupa(arg_remote_host
, service
- arg_remote_host
);
399 node
= arg_remote_host
;
403 log_debug("Looking up address info for %s:%s", node
, service
);
404 r
= resolve_getaddrinfo(c
->context
->resolve
, &c
->resolve_query
, node
, service
, &hints
, resolve_handler
, NULL
, c
);
406 log_error_errno(r
, "Failed to resolve remote host: %m");
414 return 0; /* ignore errors, continue serving */
417 static int add_connection_socket(Context
*context
, int fd
) {
424 if (set_size(context
->connections
) > arg_connections_max
) {
425 log_warning("Hit connection limit, refusing connection.");
430 r
= set_ensure_allocated(&context
->connections
, NULL
);
436 c
= new0(Connection
, 1);
442 c
->context
= context
;
445 c
->server_to_client_buffer
[0] = c
->server_to_client_buffer
[1] = -1;
446 c
->client_to_server_buffer
[0] = c
->client_to_server_buffer
[1] = -1;
448 r
= set_put(context
->connections
, c
);
455 return resolve_remote(c
);
458 static int accept_cb(sd_event_source
*s
, int fd
, uint32_t revents
, void *userdata
) {
459 _cleanup_free_
char *peer
= NULL
;
460 Context
*context
= userdata
;
465 assert(revents
& EPOLLIN
);
468 nfd
= accept4(fd
, NULL
, NULL
, SOCK_NONBLOCK
|SOCK_CLOEXEC
);
470 if (errno
!= -EAGAIN
)
471 log_warning_errno(errno
, "Failed to accept() socket: %m");
473 getpeername_pretty(nfd
, true, &peer
);
474 log_debug("New connection from %s", strna(peer
));
476 r
= add_connection_socket(context
, nfd
);
478 log_error_errno(r
, "Failed to accept connection, ignoring: %m");
483 r
= sd_event_source_set_enabled(s
, SD_EVENT_ONESHOT
);
485 log_error_errno(r
, "Error while re-enabling listener with ONESHOT: %m");
486 sd_event_exit(context
->event
, r
);
493 static int add_listen_socket(Context
*context
, int fd
) {
494 sd_event_source
*source
;
500 r
= set_ensure_allocated(&context
->listen
, NULL
);
506 r
= sd_is_socket(fd
, 0, SOCK_STREAM
, 1);
508 return log_error_errno(r
, "Failed to determine socket type: %m");
510 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
511 "Passed in socket is not a stream socket.");
513 r
= fd_nonblock(fd
, true);
515 return log_error_errno(r
, "Failed to mark file descriptor non-blocking: %m");
517 r
= sd_event_add_io(context
->event
, &source
, fd
, EPOLLIN
, accept_cb
, context
);
519 return log_error_errno(r
, "Failed to add event source: %m");
521 r
= set_put(context
->listen
, source
);
523 log_error_errno(r
, "Failed to add source to set: %m");
524 sd_event_source_unref(source
);
528 /* Set the watcher to oneshot in case other processes are also
529 * watching to accept(). */
530 r
= sd_event_source_set_enabled(source
, SD_EVENT_ONESHOT
);
532 return log_error_errno(r
, "Failed to enable oneshot mode: %m");
537 static int help(void) {
538 _cleanup_free_
char *link
= NULL
;
541 r
= terminal_urlify_man("systemd-socket-proxyd", "8", &link
);
545 printf("%1$s [HOST:PORT]\n"
547 "Bidirectionally proxy local sockets to another (possibly remote) socket.\n\n"
548 " -c --connections-max= Set the maximum number of connections to be accepted\n"
549 " -h --help Show this help\n"
550 " --version Show package version\n"
551 "\nSee the %2$s for details.\n"
552 , program_invocation_short_name
559 static int parse_argv(int argc
, char *argv
[]) {
566 static const struct option options
[] = {
567 { "connections-max", required_argument
, NULL
, 'c' },
568 { "help", no_argument
, NULL
, 'h' },
569 { "version", no_argument
, NULL
, ARG_VERSION
},
578 while ((c
= getopt_long(argc
, argv
, "c:h", options
, NULL
)) >= 0)
589 r
= safe_atou(optarg
, &arg_connections_max
);
591 log_error("Failed to parse --connections-max= argument: %s", optarg
);
595 if (arg_connections_max
< 1)
596 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
597 "Connection limit is too low.");
605 assert_not_reached("Unhandled option");
609 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
610 "Not enough parameters.");
612 if (argc
!= optind
+1)
613 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
614 "Too many parameters.");
616 arg_remote_host
= argv
[optind
];
620 static int run(int argc
, char *argv
[]) {
621 _cleanup_(context_clear
) Context context
= {};
624 log_parse_environment();
627 r
= parse_argv(argc
, argv
);
631 r
= sd_event_default(&context
.event
);
633 return log_error_errno(r
, "Failed to allocate event loop: %m");
635 r
= sd_resolve_default(&context
.resolve
);
637 return log_error_errno(r
, "Failed to allocate resolver: %m");
639 r
= sd_resolve_attach_event(context
.resolve
, context
.event
, 0);
641 return log_error_errno(r
, "Failed to attach resolver: %m");
643 sd_event_set_watchdog(context
.event
, true);
645 r
= sd_listen_fds(1);
647 return log_error_errno(r
, "Failed to receive sockets from parent.");
649 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Didn't get any sockets passed in.");
653 for (fd
= SD_LISTEN_FDS_START
; fd
< SD_LISTEN_FDS_START
+ n
; fd
++) {
654 r
= add_listen_socket(&context
, fd
);
659 r
= sd_event_loop(context
.event
);
661 return log_error_errno(r
, "Failed to run event loop: %m");
666 DEFINE_MAIN_FUNCTION(run
);