Switch to using a socket for ndhc/sockd IPC so that fd passing works.
This commit is contained in:
parent
9622640698
commit
5212e0dfc5
34
ndhc/ndhc.c
34
ndhc/ndhc.c
@ -343,10 +343,8 @@ int pToNdhcW;
|
||||
int pToIfchR;
|
||||
int pToIfchW;
|
||||
|
||||
int psToNdhcR;
|
||||
int psToNdhcW;
|
||||
int pToSockdR;
|
||||
int pToSockdW;
|
||||
int sockdSock[2];
|
||||
int sockdPipe[2];
|
||||
|
||||
static void create_ifch_ipc_pipes(void) {
|
||||
int niPipe[2];
|
||||
@ -371,22 +369,10 @@ static void create_ifch_ipc_pipes(void) {
|
||||
}
|
||||
|
||||
static void create_sockd_ipc_pipes(void) {
|
||||
int nsPipe[2];
|
||||
int snPipe[2];
|
||||
|
||||
if (pipe2(nsPipe, 0))
|
||||
suicide("FATAL - can't create ndhc -> ndhc-sockd pipe: %s",
|
||||
strerror(errno));
|
||||
psToNdhcR = nsPipe[0];
|
||||
psToNdhcW = nsPipe[1];
|
||||
if (pipe2(snPipe, 0))
|
||||
suicide("FATAL - can't create ndhc-sockd -> ndhc pipe: %s",
|
||||
strerror(errno));
|
||||
if (fcntl(snPipe[0], F_SETFL, fcntl(snPipe[0], F_GETFL) | O_NONBLOCK) < 0)
|
||||
suicide("FATAL - failed to set ndhc-sockd -> ndhc read-side nonblocking: %s",
|
||||
strerror(errno));
|
||||
pToSockdR = snPipe[0];
|
||||
pToSockdW = snPipe[1];
|
||||
if (pipe2(sockdPipe, 0))
|
||||
suicide("FATAL - can't create ndhc/sockd pipe: %s", strerror(errno));
|
||||
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sockdSock) < 0)
|
||||
suicide("FATAL - can't create ndhc/sockd socket: %s", strerror(errno));
|
||||
}
|
||||
|
||||
static void spawn_ifch(void)
|
||||
@ -411,14 +397,14 @@ static void spawn_sockd(void)
|
||||
create_sockd_ipc_pipes();
|
||||
pid_t sockd_pid = fork();
|
||||
if (sockd_pid == 0) {
|
||||
close(psToNdhcR);
|
||||
close(pToSockdW);
|
||||
close(sockdPipe[0]);
|
||||
close(sockdSock[0]);
|
||||
// Don't share the RNG state with the master process.
|
||||
nk_random_u32_init(&cs.rnd32_state);
|
||||
sockd_main();
|
||||
} else if (sockd_pid > 0) {
|
||||
close(pToSockdR);
|
||||
close(psToNdhcW);
|
||||
close(sockdSock[1]);
|
||||
close(sockdPipe[1]);
|
||||
} else
|
||||
suicide("failed to fork ndhc-sockd: %s", strerror(errno));
|
||||
}
|
||||
|
@ -71,10 +71,8 @@ extern int pToIfchR;
|
||||
extern int pToIfchW;
|
||||
extern int pToNdhcR;
|
||||
extern int pToNdhcW;
|
||||
extern int psToNdhcR;
|
||||
extern int psToNdhcW;
|
||||
extern int pToSockdR;
|
||||
extern int pToSockdW;
|
||||
extern int sockdSock[2];
|
||||
extern int sockdPipe[2];
|
||||
extern char state_dir[PATH_MAX];
|
||||
extern char chroot_dir[PATH_MAX];
|
||||
extern char resolv_conf_d[PATH_MAX];
|
||||
|
13
ndhc/sockd.c
13
ndhc/sockd.c
@ -70,7 +70,7 @@ int request_sockd_fd(char *buf, size_t buflen, char *response)
|
||||
{
|
||||
if (!buflen)
|
||||
return -1;
|
||||
ssize_t r = safe_write(pToSockdW, buf, buflen);
|
||||
ssize_t r = safe_write(sockdSock[0], buf, buflen);
|
||||
if (r < 0 || (size_t)r != buflen)
|
||||
suicide("%s: (%s) write failed: %d", client_config.interface,
|
||||
__func__, r);
|
||||
@ -87,7 +87,7 @@ int request_sockd_fd(char *buf, size_t buflen, char *response)
|
||||
.msg_controllen = sizeof control
|
||||
};
|
||||
retry:
|
||||
r = recvmsg(psToNdhcR, &msg, 0);
|
||||
r = recvmsg(sockdSock[0], &msg, 0);
|
||||
if (r == 0) {
|
||||
suicide("%s: (%s) recvmsg received EOF", client_config.interface,
|
||||
__func__);
|
||||
@ -405,7 +405,7 @@ static void xfer_fd(int fd, char cmd)
|
||||
*cmsg_fd = fd;
|
||||
msg.msg_controllen = cmsg->cmsg_len;
|
||||
retry:
|
||||
if (sendmsg(psToNdhcW, &msg, 0) < 0) {
|
||||
if (sendmsg(sockdSock[1], &msg, 0) < 0) {
|
||||
if (errno == EINTR)
|
||||
goto retry;
|
||||
suicide("%s: (%s) sendmsg failed: %s", client_config.interface,
|
||||
@ -451,7 +451,8 @@ static void process_client_pipe(void)
|
||||
suicide("%s: (%s) receive buffer exhausted", client_config.interface,
|
||||
__func__);
|
||||
|
||||
int r = safe_read(pToSockdR, buf + buflen, sizeof buf - buflen);
|
||||
int r = safe_recv(sockdSock[1], buf + buflen, sizeof buf - buflen,
|
||||
MSG_DONTWAIT);
|
||||
if (r == 0) {
|
||||
// Remote end hung up.
|
||||
exit(EXIT_SUCCESS);
|
||||
@ -474,7 +475,7 @@ static void do_sockd_work(void)
|
||||
if (enforce_seccomp_sockd())
|
||||
log_line("sockd seccomp filter cannot be installed");
|
||||
|
||||
epoll_add(epollfd, pToSockdR);
|
||||
epoll_add(epollfd, sockdSock[1]);
|
||||
epoll_add(epollfd, signalFd);
|
||||
|
||||
for (;;) {
|
||||
@ -487,7 +488,7 @@ static void do_sockd_work(void)
|
||||
}
|
||||
for (int i = 0; i < r; ++i) {
|
||||
int fd = events[i].data.fd;
|
||||
if (fd == pToSockdR)
|
||||
if (fd == sockdSock[1])
|
||||
process_client_pipe();
|
||||
else if (fd == signalFd)
|
||||
signal_dispatch();
|
||||
|
Loading…
Reference in New Issue
Block a user