2 * tcp.c TCP-specific functions.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright (C) 2009 Dante http://dante.net
23 #include <freeradius-devel/ident.h>
26 #include <freeradius-devel/libradius.h>
27 #include <freeradius-devel/tcp.h>
31 /* FIXME: into common RADIUS header? */
32 #define MAX_PACKET_LEN 4096
35 * Open a socket on the given IP and port.
37 int fr_tcp_socket(fr_ipaddr_t *ipaddr, int port)
41 struct sockaddr_storage salocal;
44 if ((port < 0) || (port > 65535)) {
45 fr_strerror_printf("Port %d is out of allowed bounds", port);
49 sockfd = socket(ipaddr->af, SOCK_STREAM, 0);
54 if (fr_nonblock(sockfd) < 0) {
59 if (!fr_ipaddr2sockaddr(ipaddr, port, &salocal, &salen)) {
64 #ifdef HAVE_STRUCT_SOCKADDR_IN6
65 if (ipaddr->af == AF_INET6) {
67 * Listening on '::' does NOT get you IPv4 to
68 * IPv6 mapping. You've got to listen on an IPv4
69 * address, too. This makes the rest of the server
70 * design a little simpler.
74 if (IN6_IS_ADDR_UNSPECIFIED(&ipaddr->ipaddr.ip6addr)) {
75 setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY,
76 (char *)&on, sizeof(on));
78 #endif /* IPV6_V6ONLY */
80 #endif /* HAVE_STRUCT_SOCKADDR_IN6 */
82 if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0) {
83 fr_strerror_printf("Failed in setsockopt(): %s", strerror(errno));
88 if (bind(sockfd, (struct sockaddr *) &salocal, salen) < 0) {
89 fr_strerror_printf("Failed in bind(): %s", strerror(errno));
94 if (listen(sockfd, 8) < 0) {
95 fr_strerror_printf("Failed in listen(): %s", strerror(errno));
105 * Open a socket TO the given IP and port.
107 int fr_tcp_client_socket(fr_ipaddr_t *src_ipaddr,
108 fr_ipaddr_t *dst_ipaddr, int dst_port)
111 struct sockaddr_storage salocal;
114 if ((dst_port < 0) || (dst_port > 65535)) {
115 fr_strerror_printf("Port %d is out of allowed bounds",
120 if (!dst_ipaddr) return -1;
122 sockfd = socket(dst_ipaddr->af, SOCK_STREAM, 0);
132 if ((flags = fcntl(sockfd, F_GETFL, NULL)) < 0) {
133 fr_strerror_printf("Failure getting socket flags: %s",
140 if( fcntl(sockfd, F_SETFL, flags) < 0) {
141 fr_strerror_printf("Failure setting socket flags: %s",
150 * Allow the caller to bind us to a specific source IP.
152 if (src_ipaddr && (src_ipaddr->af != AF_UNSPEC)) {
153 if (!fr_ipaddr2sockaddr(src_ipaddr, 0, &salocal, &salen)) {
158 if (bind(sockfd, (struct sockaddr *) &salocal, salen) < 0) {
159 fr_strerror_printf("Failure binding to IP: %s",
166 if (!fr_ipaddr2sockaddr(dst_ipaddr, dst_port, &salocal, &salen)) {
172 * FIXME: If EINPROGRESS, then tell the caller that
173 * somehow. The caller can then call connect() when the
176 if (connect(sockfd, (struct sockaddr *) &salocal, salen) < 0) {
177 fr_strerror_printf("Failed in connect(): %s", strerror(errno));
186 RADIUS_PACKET *fr_tcp_recv(int sockfd, int flags)
188 RADIUS_PACKET *packet = rad_alloc(0);
190 if (!packet) return NULL;
192 packet->sockfd = sockfd;
194 if (fr_tcp_read_packet(packet, flags) != 1) {
204 * Receives a packet, assuming that the RADIUS_PACKET structure
205 * has been filled out already.
207 * This ASSUMES that the packet is allocated && fields
210 * This ASSUMES that the socket is marked as O_NONBLOCK, which
211 * the function above does set, if your system supports it.
213 * Calling this function MAY change sockfd,
214 * if src_ipaddr.af == AF_UNSPEC.
216 int fr_tcp_read_packet(RADIUS_PACKET *packet, int flags)
221 * No data allocated. Read the 4-byte header into
222 * a temporary buffer.
227 len = recv(packet->sockfd, packet->vector + packet->data_len,
228 4 - packet->data_len, 0);
229 if (len == 0) return -2; /* clean close */
232 if ((len < 0) && (errno == ECONNRESET)) { /* forced */
238 fr_strerror_printf("Error receiving packet: %s",
243 packet->data_len += len;
244 if (packet->data_len < 4) { /* want more data */
248 packet_len = (packet->vector[2] << 8) | packet->vector[3];
250 if (packet_len < AUTH_HDR_LEN) {
251 fr_strerror_printf("Discarding packet: Smaller than RFC minimum of 20 bytes.");
256 * If the packet is too big, then the socket is bad.
258 if (packet_len > MAX_PACKET_LEN) {
259 fr_strerror_printf("Discarding packet: Larger than RFC limitation of 4096 bytes.");
263 packet->data = malloc(packet_len);
265 fr_strerror_printf("Out of memory");
269 packet->data_len = packet_len;
271 memcpy(packet->data, packet->vector, 4);
275 * Try to read more data.
277 len = recv(packet->sockfd, packet->data + packet->partial,
278 packet->data_len - packet->partial, 0);
279 if (len == 0) return -2; /* clean close */
282 if ((len < 0) && (errno == ECONNRESET)) { /* forced */
288 fr_strerror_printf("Error receiving packet: %s", strerror(errno));
292 packet->partial += len;
294 if (packet->partial < packet->data_len) {
299 * See if it's a well-formed RADIUS packet.
301 if (!rad_packet_ok(packet, flags)) {
306 * Explicitly set the VP list to empty.
311 char ip_buf[128], buffer[256];
313 if (packet->src_ipaddr.af != AF_UNSPEC) {
314 inet_ntop(packet->src_ipaddr.af,
315 &packet->src_ipaddr.ipaddr,
316 ip_buf, sizeof(ip_buf));
317 snprintf(buffer, sizeof(buffer), "host %s port %d",
318 ip_buf, packet->src_port);
320 snprintf(buffer, sizeof(buffer), "socket %d",
325 if ((packet->code > 0) && (packet->code < FR_MAX_PACKET_CODE)) {
326 DEBUG("rad_recv: %s packet from %s",
327 fr_packet_codes[packet->code], buffer);
329 DEBUG("rad_recv: Packet from %s code=%d",
330 buffer, packet->code);
332 DEBUG(", id=%d, length=%zd\n", packet->id, packet->data_len);
335 return 1; /* done reading the packet */
338 RADIUS_PACKET *fr_tcp_accept(int sockfd)
342 RADIUS_PACKET *packet;
343 struct sockaddr_storage src;
347 newfd = accept(sockfd, (struct sockaddr *) &src, &salen);
350 * Non-blocking sockets must handle this.
353 if (errno == EWOULDBLOCK) {
354 packet = rad_alloc(0);
355 if (!packet) return NULL;
357 packet->sockfd = sockfd;
358 packet->src_ipaddr.af = AF_UNSPEC;
366 packet = rad_alloc(0);
367 if (!packet) return NULL;
369 if (src.ss_family == AF_INET) {
370 struct sockaddr_in s4;
372 memcpy(&s4, &src, sizeof(s4));
373 packet->src_ipaddr.af = AF_INET;
374 packet->src_ipaddr.ipaddr.ip4addr = s4.sin_addr;
375 packet->src_port = ntohs(s4.sin_port);
377 #ifdef HAVE_STRUCT_SOCKADDR_IN6
378 } else if (src.ss_family == AF_INET6) {
379 struct sockaddr_in6 s6;
381 memcpy(&s6, &src, sizeof(s6));
382 packet->src_ipaddr.af = AF_INET6;
383 packet->src_ipaddr.ipaddr.ip6addr = s6.sin6_addr;
384 packet->src_port = ntohs(s6.sin6_port);
392 packet->sockfd = newfd;
395 * Note: Caller has to set dst_ipaddr && dst_port.
402 * Writes a packet, assuming it's already been encoded.
404 * It returns the number of bytes written, which MAY be less than
405 * the packet size (data_len). It is the caller's responsibility
406 * to check the return code, and to schedule writes again.
408 ssize_t fr_tcp_write_packet(RADIUS_PACKET *packet)
412 if (!packet || !packet->data) return 0;
414 if (packet->partial >= packet->data_len) return packet->data_len;
416 rcode = write(packet->sockfd, packet->data + packet->partial,
417 packet->data_len - packet->partial);
418 if (rcode < 0) return packet->partial; /* ignore most errors */
420 packet->partial += rcode;
422 return packet->partial;
424 #endif /* WITH_TCP */
projects / freeradius.git / blob