2 * tcp.c TCP-specific functions.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright (C) 2009 Dante http://dante.net
23 #include <freeradius-devel/ident.h>
26 #include <freeradius-devel/libradius.h>
27 #include <freeradius-devel/tcp.h>
31 /* FIXME: into common RADIUS header? */
32 #define MAX_PACKET_LEN 4096
35 * Open a socket on the given IP and port.
37 int fr_tcp_socket(fr_ipaddr_t *ipaddr, int port)
41 struct sockaddr_storage salocal;
44 if ((port < 0) || (port > 65535)) {
45 fr_strerror_printf("Port %d is out of allowed bounds", port);
49 sockfd = socket(ipaddr->af, SOCK_STREAM, 0);
54 if (fr_nonblock(sockfd) < 0) {
59 if (!fr_ipaddr2sockaddr(ipaddr, port, &salocal, &salen)) {
64 #ifdef HAVE_STRUCT_SOCKADDR_IN6
65 if (ipaddr->af == AF_INET6) {
67 * Listening on '::' does NOT get you IPv4 to
68 * IPv6 mapping. You've got to listen on an IPv4
69 * address, too. This makes the rest of the server
70 * design a little simpler.
74 if (IN6_IS_ADDR_UNSPECIFIED(&ipaddr->ipaddr.ip6addr)) {
75 setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY,
76 (char *)&on, sizeof(on));
78 #endif /* IPV6_V6ONLY */
80 #endif /* HAVE_STRUCT_SOCKADDR_IN6 */
82 if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
83 fr_strerror_printf("Failed in setsockopt(): %s", strerror(errno));
88 if (bind(sockfd, (struct sockaddr *) &salocal, salen) < 0) {
89 fr_strerror_printf("Failed in bind(): %s", strerror(errno));
94 if (listen(sockfd, 8) < 0) {
95 fr_strerror_printf("Failed in listen(): %s", strerror(errno));
105 * Open a socket TO the given IP and port.
107 int fr_tcp_client_socket(fr_ipaddr_t *src_ipaddr,
108 fr_ipaddr_t *dst_ipaddr, int dst_port)
111 struct sockaddr_storage salocal;
114 if ((dst_port < 0) || (dst_port > 65535)) {
115 fr_strerror_printf("Port %d is out of allowed bounds",
120 if (!dst_ipaddr) return -1;
122 sockfd = socket(dst_ipaddr->af, SOCK_STREAM, 0);
132 if ((flags = fcntl(sockfd, F_GETFL, NULL)) < 0) {
133 fr_strerror_printf("Failure getting socket flags: %s",
140 if( fcntl(sockfd, F_SETFL, flags) < 0) {
141 fr_strerror_printf("Failure setting socket flags: %s",
150 * Allow the caller to bind us to a specific source IP.
152 if (src_ipaddr && (src_ipaddr->af != AF_UNSPEC)) {
153 if (!fr_ipaddr2sockaddr(src_ipaddr, 0, &salocal, &salen)) {
158 if (bind(sockfd, (struct sockaddr *) &salocal, salen) < 0) {
159 fr_strerror_printf("Failure binding to IP: %s",
166 if (!fr_ipaddr2sockaddr(dst_ipaddr, dst_port, &salocal, &salen)) {
172 * FIXME: If EINPROGRESS, then tell the caller that
173 * somehow. The caller can then call connect() when the
176 if (connect(sockfd, (struct sockaddr *) &salocal, salen) < 0) {
177 fr_strerror_printf("Failed in connect(): %s", strerror(errno));
186 RADIUS_PACKET *fr_tcp_recv(int sockfd, int flags)
188 RADIUS_PACKET *packet = rad_alloc(0);
190 if (!packet) return NULL;
192 packet->sockfd = sockfd;
194 if (fr_tcp_read_packet(packet, flags) != 1) {
204 * Receives a packet, assuming that the RADIUS_PACKET structure
205 * has been filled out already.
207 * This ASSUMES that the packet is allocated && fields
210 * This ASSUMES that the socket is marked as O_NONBLOCK, which
211 * the function above does set, if your system supports it.
213 * Calling this function MAY change sockfd,
214 * if src_ipaddr.af == AF_UNSPEC.
216 int fr_tcp_read_packet(RADIUS_PACKET *packet, int flags)
221 * No data allocated. Read the 4-byte header into
222 * a temporary buffer.
227 len = recv(packet->sockfd, packet->vector + packet->data_len,
228 4 - packet->data_len, 0);
229 if ((len == 0) || /* clean close */
230 ((len < 0) && (errno == ECONNRESET))) { /* forced */
235 fr_strerror_printf("Error receiving packet: %s",
240 packet->data_len += len;
241 if (packet->data_len < 4) { /* want more data */
245 packet_len = (packet->vector[2] << 8) | packet->vector[3];
247 if (packet_len < AUTH_HDR_LEN) {
248 fr_strerror_printf("Discarding packet: Smaller than RFC minimum of 20 bytes.");
253 * If the packet is too big, then the socket is bad.
255 if (packet_len > MAX_PACKET_LEN) {
256 fr_strerror_printf("Discarding packet: Larger than RFC limitation of 4096 bytes.");
260 packet->data = malloc(packet_len);
262 fr_strerror_printf("Out of memory");
266 packet->data_len = packet_len;
268 memcpy(packet->data, packet->vector, 4);
272 * Try to read more data.
274 len = recv(packet->sockfd, packet->data + packet->partial,
275 packet->data_len - packet->partial, 0);
276 if ((len == 0) || /* clean close */
277 ((len < 0) && (errno == ECONNRESET))) { /* forced */
282 fr_strerror_printf("Error receiving packet: %s", strerror(errno));
286 packet->partial += len;
288 if (packet->partial < packet->data_len) {
293 * See if it's a well-formed RADIUS packet.
295 if (!rad_packet_ok(packet, flags)) {
300 * Explicitly set the VP list to empty.
305 char ip_buf[128], buffer[256];
307 if (packet->src_ipaddr.af != AF_UNSPEC) {
308 inet_ntop(packet->src_ipaddr.af,
309 &packet->src_ipaddr.ipaddr,
310 ip_buf, sizeof(ip_buf));
311 snprintf(buffer, sizeof(buffer), "host %s port %d",
312 ip_buf, packet->src_port);
314 snprintf(buffer, sizeof(buffer), "socket %d",
319 if ((packet->code > 0) && (packet->code < FR_MAX_PACKET_CODE)) {
320 DEBUG("rad_recv: %s packet from %s",
321 fr_packet_codes[packet->code], buffer);
323 DEBUG("rad_recv: Packet from %s code=%d",
324 buffer, packet->code);
326 DEBUG(", id=%d, length=%ld\n", packet->id, packet->data_len);
329 return 1; /* done reading the packet */
332 RADIUS_PACKET *fr_tcp_accept(int sockfd)
336 RADIUS_PACKET *packet;
337 struct sockaddr_storage src;
341 newfd = accept(sockfd, (struct sockaddr *) &src, &salen);
344 * Non-blocking sockets must handle this.
346 if (errno == EWOULDBLOCK) {
347 packet = rad_alloc(0);
348 if (!packet) return NULL;
350 packet->sockfd = sockfd;
351 packet->src_ipaddr.af = AF_UNSPEC;
358 packet = rad_alloc(0);
359 if (!packet) return NULL;
361 if (src.ss_family == AF_INET) {
362 struct sockaddr_in s4;
364 memcpy(&s4, &src, sizeof(s4));
365 packet->src_ipaddr.af = AF_INET;
366 packet->src_ipaddr.ipaddr.ip4addr = s4.sin_addr;
367 packet->src_port = ntohs(s4.sin_port);
369 #ifdef HAVE_STRUCT_SOCKADDR_IN6
370 } else if (src.ss_family == AF_INET6) {
371 struct sockaddr_in6 s6;
373 memcpy(&s6, &src, sizeof(s6));
374 packet->src_ipaddr.af = AF_INET6;
375 packet->src_ipaddr.ipaddr.ip6addr = s6.sin6_addr;
376 packet->src_port = ntohs(s6.sin6_port);
384 packet->sockfd = newfd;
387 * Note: Caller has to set dst_ipaddr && dst_port.
394 * Writes a packet, assuming it's already been encoded.
396 * It returns the number of bytes written, which MAY be less than
397 * the packet size (data_len). It is the caller's responsibility
398 * to check the return code, and to schedule writes again.
400 ssize_t fr_tcp_write_packet(RADIUS_PACKET *packet)
404 if (!packet || !packet->data) return 0;
406 if (packet->partial >= packet->data_len) return packet->data_len;
408 rcode = write(packet->sockfd, packet->data + packet->partial,
409 packet->data_len - packet->partial);
410 if (rcode < 0) return packet->partial; /* ignore most errors */
412 packet->partial += rcode;
414 return packet->partial;
416 #endif /* WITH_TCP */