From 01a1935ec1e2ebf0601a6ff55ac957c92d6cbfa5 Mon Sep 17 00:00:00 2001 From: AdrianStoenescu <51166009+AdrianStoenescu@users.noreply.github.com> Date: Thu, 25 Jul 2019 13:36:49 +0300 Subject: Add option in dlt.conf for bindAddress to specific IPs (#130) Add the possibility to have in dlt.conf an option that specifies a set of IP addresses. The daemon will do a socket bind only for this list, therefore external connections will be limited to this set of IP addresses. If this option is not given, the default INADDR_ANY is used ("0.0.0.0") as before. The option in dlt.conf can look like this: BindAddress = 160.48.199.98;160.48.199.97;160.48.199.226,160.48.199.186;160.48.199.139;172.16.222.99 There can be as many addresses but only specified on one single line. They have to be delimited by ',' or ';'. ' ' (space) delimiter does not work. IPv6 addresses are supported as well. For instance: BindAddress = fe80::255:7bff:feb5:7df7 IPv6 addresses are acceptable only if DLT_USE_IPv6 flag is ON at compile time. IPv4 addresses are acceptable only if DLT_USE_IPv6 flag is OFF at compile time. One cannot have both IPv4 and IPv6 format in the same time. Signed-off-by: Adrian Stoenescu Adrian.Stoenescu@harman.com --- include/dlt/dlt_common.h | 12 ++++ src/daemon/dlt-daemon.c | 121 ++++++++++++++++++++++++++++++++--------- src/daemon/dlt-daemon.h | 1 + src/daemon/dlt.conf | 9 +++ src/daemon/dlt_daemon_socket.c | 92 ++++++++++++++++--------------- src/daemon/dlt_daemon_socket.h | 2 +- 6 files changed, 167 insertions(+), 70 deletions(-) diff --git a/include/dlt/dlt_common.h b/include/dlt/dlt_common.h index 4f030a5..2eec4d2 100644 --- a/include/dlt/dlt_common.h +++ b/include/dlt/dlt_common.h @@ -73,6 +73,7 @@ \{ */ +# include # include # ifdef __linux__ # include @@ -817,6 +818,17 @@ typedef struct int size; } DltBufferBlockHead; +# ifdef DLT_USE_IPv6 +# define DLT_IP_SIZE (INET6_ADDRSTRLEN) +# else +# define DLT_IP_SIZE (INET_ADDRSTRLEN) +# endif +typedef struct DltBindAddress +{ + char ip[DLT_IP_SIZE]; + struct DltBindAddress *next; +} DltBindAddress_t; + # define DLT_MESSAGE_ERROR_OK 0 # define DLT_MESSAGE_ERROR_UNKNOWN -1 # define DLT_MESSAGE_ERROR_SIZE -2 diff --git a/src/daemon/dlt-daemon.c b/src/daemon/dlt-daemon.c index cbb85cc..c37553a 100644 --- a/src/daemon/dlt-daemon.c +++ b/src/daemon/dlt-daemon.c @@ -210,8 +210,9 @@ int option_handling(DltDaemonLocal *daemon_local, int argc, char *argv[]) fprintf (stderr, "Invalid option, this should never occur!\n"); return -1; } - } /* switch() */ + } + /* switch() */ #ifndef DLT_USE_UNIX_SOCKET_IPC snprintf(daemon_local->flags.userPipesDir, DLT_PATH_MAX, @@ -297,6 +298,7 @@ int option_file_parser(DltDaemonLocal *daemon_local) strncpy(daemon_local->UDPMulticastIPAddress, MULTICASTIPADDRESS, MULTICASTIP_MAX_SIZE - 1); daemon_local->UDPMulticastIPPort = MULTICASTIPPORT; #endif + daemon_local->flags.ipNodes = NULL; /* open configuration file */ if (daemon_local->flags.cvalue[0]) @@ -633,6 +635,50 @@ int option_file_parser(DltDaemonLocal *daemon_local) daemon_local->UDPMulticastIPPort = strtol(value, NULL, 10); } #endif + else if (strcmp(token, "BindAddress") == 0) + { + DltBindAddress_t *newNode = NULL; + DltBindAddress_t *temp = NULL; + + char *tok = strtok(value, ",;"); + + if (tok != NULL) { + daemon_local->flags.ipNodes = calloc(1, sizeof(DltBindAddress_t)); + + if (daemon_local->flags.ipNodes == NULL) { + dlt_vlog(LOG_ERR, "Could not allocate for IP list\n"); + return -1; + } + else { + strncpy(daemon_local->flags.ipNodes->ip, + tok, + sizeof(daemon_local->flags.ipNodes->ip) - 1); + daemon_local->flags.ipNodes->next = NULL; + temp = daemon_local->flags.ipNodes; + + tok = strtok(NULL, ",;"); + + while (tok != NULL) { + newNode = calloc(1, sizeof(DltBindAddress_t)); + + if (newNode == NULL) { + dlt_vlog(LOG_ERR, "Could not allocate for IP list\n"); + return -1; + } + else { + strncpy(newNode->ip, tok, sizeof(newNode->ip) - 1); + } + + temp->next = newNode; + temp = temp->next; + tok = strtok(NULL, ",;"); + } + } + } + else { + dlt_vlog(LOG_WARNING, "BindAddress option is empty\n"); + } + } else { fprintf(stderr, "Unknown option: %s=%s\n", token, value); } @@ -775,7 +821,7 @@ int main(int argc, char *argv[]) /* --- Daemon init phase 2 end --- */ - if (daemon_local.flags.offlineLogstorageDirPath[0]) { + if (daemon_local.flags.offlineLogstorageDirPath[0]) if (dlt_daemon_logstorage_setup_internal_storage( &daemon, &daemon_local, @@ -783,7 +829,6 @@ int main(int argc, char *argv[]) daemon_local.flags.vflag) == -1) dlt_log(LOG_INFO, "Setting up internal offline log storage failed!\n"); - } /* create fd for watchdog */ #ifdef DLT_SYSTEMD_WATCHDOG_ENABLE @@ -1181,6 +1226,7 @@ int dlt_daemon_local_connection_init(DltDaemon *daemon, { int fd = -1; int mask = 0; + DltBindAddress_t *head = daemon_local->flags.ipNodes; PRINT_FUNCTION_VERBOSE(verbose); @@ -1224,19 +1270,43 @@ int dlt_daemon_local_connection_init(DltDaemon *daemon, /* create and open socket to receive incoming connections from client */ daemon_local->client_connections = 0; - if (dlt_daemon_socket_open(&fd, daemon_local->flags.port) == DLT_RETURN_OK) { - if (dlt_connection_create(daemon_local, - &daemon_local->pEvent, - fd, - POLLIN, - DLT_CONNECTION_CLIENT_CONNECT)) { + if (head == NULL) { /* no IP set in BindAddress option, will use "0.0.0.0" as default */ + + if (dlt_daemon_socket_open(&fd, daemon_local->flags.port, "0.0.0.0") == DLT_RETURN_OK) { + if (dlt_connection_create(daemon_local, + &daemon_local->pEvent, + fd, + POLLIN, + DLT_CONNECTION_CLIENT_CONNECT)) { + dlt_log(LOG_ERR, "Could not initialize main socket.\n"); + return DLT_RETURN_ERROR; + } + } + else { dlt_log(LOG_ERR, "Could not initialize main socket.\n"); return DLT_RETURN_ERROR; } } else { - dlt_log(LOG_ERR, "Could not initialize main socket.\n"); - return DLT_RETURN_ERROR; + while (head != NULL) { /* open socket for each IP in the bindAddress list */ + + if (dlt_daemon_socket_open(&fd, daemon_local->flags.port, head->ip) == DLT_RETURN_OK) { + if (dlt_connection_create(daemon_local, + &daemon_local->pEvent, + fd, + POLLIN, + DLT_CONNECTION_CLIENT_CONNECT)) { + dlt_log(LOG_ERR, "Could not initialize main socket.\n"); + return DLT_RETURN_ERROR; + } + } + else { + dlt_log(LOG_ERR, "Could not initialize main socket.\n"); + return DLT_RETURN_ERROR; + } + + head = head->next; + } } #ifdef UDP_CONNECTION_SUPPORT @@ -1407,6 +1477,8 @@ void dlt_daemon_local_cleanup(DltDaemon *daemon, DltDaemonLocal *daemon_local, i unlink(daemon_local->flags.ctrlSockPath); + /* free IP list */ + free(daemon_local->flags.ipNodes); } void dlt_daemon_exit_trigger() @@ -1594,17 +1666,15 @@ int dlt_daemon_log_internal(DltDaemon *daemon, DltDaemonLocal *daemon_local, cha } /* look if TCP connection to client is available */ - if ((daemon->mode == DLT_USER_MODE_EXTERNAL) || (daemon->mode == DLT_USER_MODE_BOTH)) { + if ((daemon->mode == DLT_USER_MODE_EXTERNAL) || (daemon->mode == DLT_USER_MODE_BOTH)) if ((ret = dlt_daemon_client_send(DLT_DAEMON_SEND_TO_ALL, daemon, daemon_local, msg.headerbuffer, sizeof(DltStorageHeader), msg.headerbuffer + sizeof(DltStorageHeader), msg.headersize - sizeof(DltStorageHeader), - msg.databuffer, msg.datasize, verbose))) { + msg.databuffer, msg.datasize, verbose))) if (ret == DLT_DAEMON_ERROR_BUFFER_FULL) daemon->overflow_counter++; - } - } } free(msg.databuffer); @@ -2409,9 +2479,8 @@ int dlt_daemon_process_user_message_register_context(DltDaemon *daemon, } /* Set log level */ - if (userctxt.log_level == DLT_USER_LOG_LEVEL_NOT_SET) { + if (userctxt.log_level == DLT_USER_LOG_LEVEL_NOT_SET) userctxt.log_level = DLT_LOG_DEFAULT; - } else /* Plausibility check */ if ((userctxt.log_level < DLT_LOG_DEFAULT) || @@ -2419,9 +2488,8 @@ int dlt_daemon_process_user_message_register_context(DltDaemon *daemon, return -1; /* Set trace status */ - if (userctxt.trace_status == DLT_USER_TRACE_STATUS_NOT_SET) { + if (userctxt.trace_status == DLT_USER_TRACE_STATUS_NOT_SET) userctxt.trace_status = DLT_TRACE_STATUS_DEFAULT; - } else /* Plausibility check */ if ((userctxt.trace_status < DLT_TRACE_STATUS_DEFAULT) || @@ -2761,7 +2829,8 @@ int dlt_daemon_process_user_message_log(DltDaemon *daemon, return DLT_DAEMON_ERROR_UNKNOWN; } } - else if (dlt_set_storageheader(daemon_local->msg.storageheader, daemon->ecuid) == DLT_RETURN_ERROR) { + else if (dlt_set_storageheader(daemon_local->msg.storageheader, daemon->ecuid) == DLT_RETURN_ERROR) + { dlt_log(LOG_WARNING, "Can't set storage header in process user message log\n"); return DLT_DAEMON_ERROR_UNKNOWN; } @@ -2800,10 +2869,9 @@ int dlt_daemon_process_user_message_log(DltDaemon *daemon, sizeof(DltStorageHeader), daemon_local->msg.headerbuffer + sizeof(DltStorageHeader), daemon_local->msg.headersize - sizeof(DltStorageHeader), - daemon_local->msg.databuffer, daemon_local->msg.datasize, verbose))) { + daemon_local->msg.databuffer, daemon_local->msg.datasize, verbose))) if (ret == DLT_DAEMON_ERROR_BUFFER_FULL) daemon->overflow_counter++; - } } /* keep not read data in buffer */ @@ -2899,7 +2967,8 @@ int dlt_daemon_process_user_message_log_shm(DltDaemon *daemon, return -1; } } - else if (dlt_set_storageheader(daemon_local->msg.storageheader, daemon->ecuid) == -1) { + else if (dlt_set_storageheader(daemon_local->msg.storageheader, daemon->ecuid) == -1) + { dlt_log(LOG_WARNING, "Can't set storage header in process user message log\n"); dlt_shm_remove(&(daemon_local->dlt_shm)); return -1; @@ -3195,14 +3264,14 @@ int create_timer_fd(DltDaemonLocal *daemon_local, return -1; } - if (period_sec <= 0 || starts_in <= 0 ) { + if ((period_sec <= 0) || (starts_in <= 0)) { /* timer not activated via the service file */ dlt_vlog(LOG_INFO, "<%s> not set: period=0\n", timer_name); local_fd = -1; } + #ifdef linux - else - { + else { struct itimerspec l_timer_spec; local_fd = timerfd_create(CLOCK_MONOTONIC, 0); diff --git a/src/daemon/dlt-daemon.h b/src/daemon/dlt-daemon.h index 2520988..59bac6a 100644 --- a/src/daemon/dlt-daemon.h +++ b/src/daemon/dlt-daemon.h @@ -135,6 +135,7 @@ typedef struct int contextLogLevel; /**< (int) log level sent to context if registered with default log-level or if enforced*/ int contextTraceStatus; /**< (int) trace status sent to context if registered with default trace status or if enforced*/ int enforceContextLLAndTS; /**< (Boolean) Enforce log-level, trace-status not to exceed contextLogLevel, contextTraceStatus */ + DltBindAddress_t *ipNodes; /**< (String: BindAddress) The daemon accepts connections only on this list of IP addresses */ } DltDaemonFlags; /** * The global parameters of a dlt daemon. diff --git a/src/daemon/dlt.conf b/src/daemon/dlt.conf index 47e9b6d..ab5883f 100644 --- a/src/daemon/dlt.conf +++ b/src/daemon/dlt.conf @@ -195,3 +195,12 @@ UDPMulticastIPAddress = 225.0.0.37 # UDP multicast port(default:3491) UDPMulticastIPPort = 3491 + +############################################################################## +# BindAddress Limitation # +############################################################################## +# Accept connections only on this list of IP addresses (Default: "0.0.0.0" INADDR_ANY) +# The IP addresses must be separated with ',' or ';' but not with space character ' ' +# If DLT_USE_IPv6 flag is ON, then only IPv6 addresses are accepted +# If DLT_USE_IPv6 flag is OFF, then only IPv4 addresses are accepted +# BindAddress = 160.48.199.97;160.48.199.98 diff --git a/src/daemon/dlt_daemon_socket.c b/src/daemon/dlt_daemon_socket.c index 6dfc264..2e4f9ea 100644 --- a/src/daemon/dlt_daemon_socket.c +++ b/src/daemon/dlt_daemon_socket.c @@ -57,66 +57,72 @@ #include "dlt_daemon_socket.h" -int dlt_daemon_socket_open(int *sock, unsigned int servPort) +int dlt_daemon_socket_open(int *sock, unsigned int servPort, char *ip) { int yes = 1; - char portnumbuffer[33]; - struct addrinfo hints, *servinfo, *p; - int rv; + int ret_inet_pton = 0; - memset(&hints, 0, sizeof hints); #ifdef DLT_USE_IPv6 - hints.ai_family = AF_INET6; /* force IPv6 - will still work with IPv4 */ -#else - hints.ai_family = AF_INET; -#endif - hints.ai_socktype = SOCK_STREAM; - hints.ai_flags = AI_PASSIVE; /* use my IP address */ - - snprintf(portnumbuffer, 32, "%d", servPort); - if ((rv = getaddrinfo(NULL, portnumbuffer, &hints, &servinfo)) != 0) { - dlt_vlog(LOG_WARNING, "getaddrinfo error %d: %s\n", rv, gai_strerror(rv)); - return -1; + /* create socket */ + if ((*sock = socket(AF_INET6, SOCK_STREAM, 0)) == -1) { + const int lastErrno = errno; + dlt_vlog(LOG_WARNING, "dlt_daemon_socket_open: socket() error %d: %s\n", lastErrno, strerror(lastErrno)); } - for (p = servinfo; p != NULL; p = p->ai_next) { - if ((*sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) { - const int lastErrno = errno; - dlt_vlog(LOG_WARNING, "dlt_daemon_socket_open: socket() error %d: %s\n", lastErrno, strerror(lastErrno)); - continue; - } +#else - dlt_vlog(LOG_INFO, "%s: Socket created - socket_family:%i, socket_type:%i, protocol:%i\n", - __FUNCTION__, p->ai_family, p->ai_socktype, p->ai_protocol); + if ((*sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + const int lastErrno = errno; + dlt_vlog(LOG_WARNING, "dlt_daemon_socket_open: socket() error %d: %s\n", lastErrno, strerror(lastErrno)); + } - if (setsockopt(*sock, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1) { - const int lastErrno = errno; - dlt_vlog(LOG_WARNING, - "dlt_daemon_socket_open: Setsockopt error %d in dlt_daemon_local_connection_init: %s\n", - lastErrno, - strerror(lastErrno)); - continue; - } +#endif - if (bind(*sock, p->ai_addr, p->ai_addrlen) == -1) { - const int lastErrno = errno; /*close() may set errno too */ - close(*sock); - dlt_vlog(LOG_WARNING, "dlt_daemon_socket_open: bind() error %d: %s\n", lastErrno, strerror(lastErrno)); - continue; - } + dlt_vlog(LOG_INFO, "%s: Socket created\n", __FUNCTION__); - break; + /* setsockpt SO_REUSEADDR */ + if (setsockopt(*sock, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1) { + const int lastErrno = errno; + dlt_vlog(LOG_WARNING, + "dlt_daemon_socket_open: Setsockopt error %d in dlt_daemon_local_connection_init: %s\n", + lastErrno, + strerror(lastErrno)); } - if (p == NULL) { - dlt_log(LOG_WARNING, "failed to bind socket\n"); + /* bind */ +#ifdef DLT_USE_IPv6 + struct sockaddr_in6 forced_addr; + memset(&forced_addr, 0, sizeof(forced_addr)); + forced_addr.sin6_family = AF_INET6; + forced_addr.sin6_port = htons(servPort); + ret_inet_pton = inet_pton(AF_INET6, ip, &forced_addr.sin6_addr); +#else + struct sockaddr_in forced_addr; + memset(&forced_addr, 0, sizeof(forced_addr)); + forced_addr.sin_family = AF_INET; + forced_addr.sin_port = htons(servPort); + ret_inet_pton = inet_pton(AF_INET, ip, &forced_addr.sin_addr); +#endif + + /* inet_pton returns 1 on success */ + if (ret_inet_pton != 1) { + dlt_vlog(LOG_WARNING, + "dlt_daemon_socket_open: inet_pton() error %d: %s. Cannot convert IP address: %s\n", + errno, + strerror(errno), + ip); return -1; } - freeaddrinfo(servinfo); + if (bind(*sock, (struct sockaddr *)&forced_addr, sizeof(forced_addr)) == -1) { + const int lastErrno = errno; /*close() may set errno too */ + close(*sock); + dlt_vlog(LOG_WARNING, "dlt_daemon_socket_open: bind() error %d: %s\n", lastErrno, strerror(lastErrno)); + } - dlt_vlog(LOG_INFO, "%s: Listening on port: %u\n", __func__, servPort); + /*listen */ + dlt_vlog(LOG_INFO, "%s: Listening on ip %s and port: %u\n", __FUNCTION__, ip, servPort); /* get socket buffer size */ dlt_vlog(LOG_INFO, "dlt_daemon_socket_open: Socket send queue size: %d\n", diff --git a/src/daemon/dlt_daemon_socket.h b/src/daemon/dlt_daemon_socket.h index cca8306..a180529 100644 --- a/src/daemon/dlt_daemon_socket.h +++ b/src/daemon/dlt_daemon_socket.h @@ -60,7 +60,7 @@ #include "dlt_common.h" #include "dlt_user.h" -int dlt_daemon_socket_open(int *sock, unsigned int servPort); +int dlt_daemon_socket_open(int *sock, unsigned int servPort, char *ip); int dlt_daemon_socket_close(int sock); int dlt_daemon_socket_get_send_qeue_max_size(int sock); -- cgit v1.2.1