diff options
author | kris <kris@FreeBSD.org> | 2000-07-05 21:54:07 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-07-05 21:54:07 +0000 |
commit | 13d90d944f154efa9feb5a06266329c85d01f979 (patch) | |
tree | 7fc107473d0c5c157c2ac2603e6628db258d9159 /usr.sbin | |
parent | 8a5ba0ae5fe6fbf7d2335ae09e1f86c01e466bbf (diff) | |
download | FreeBSD-src-13d90d944f154efa9feb5a06266329c85d01f979.zip FreeBSD-src-13d90d944f154efa9feb5a06266329c85d01f979.tar.gz |
Sync with latest KAME.
Obtained from: KAME
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/faithd/README | 31 | ||||
-rw-r--r-- | usr.sbin/faithd/faithd.8 | 223 | ||||
-rw-r--r-- | usr.sbin/faithd/faithd.c | 231 | ||||
-rw-r--r-- | usr.sbin/faithd/faithd.h | 9 | ||||
-rw-r--r-- | usr.sbin/faithd/ftp.c | 25 | ||||
-rw-r--r-- | usr.sbin/faithd/rsh.c | 12 | ||||
-rw-r--r-- | usr.sbin/faithd/tcp.c | 6 |
7 files changed, 388 insertions, 149 deletions
diff --git a/usr.sbin/faithd/README b/usr.sbin/faithd/README index 47d7a2d..4808b4a 100644 --- a/usr.sbin/faithd/README +++ b/usr.sbin/faithd/README @@ -1,14 +1,13 @@ Configuring FAITH IPv6-to-IPv4 TCP relay Kazu Yamamoto and Jun-ichiro itojun Hagino -$Id: README,v 1.1.1.1 1999/08/08 23:29:27 itojun Exp $ +$KAME: README,v 1.4 2000/05/31 03:16:14 itojun Exp $ $FreeBSD$ - Introduction ============ -FAITH is a IPv6-to-IPv4 TCP relay. It performs TCP relay just as some of +FAITH is a IPv6-to-IPv4 TCP relay. It performs tcp relay just as some of firewall-oriented gateway does, but between IPv6 and IPv4 with address translation. TCP connections has to be made from IPv6 node to IPv4 node. FAITH will @@ -34,7 +33,7 @@ FAITH will make it possible to make a IPv6 TCP connection From IPv6 node "src", toward IPv4 node "dest", by specifying FAITH-mapped address 3ffe:0501:1234:ffff::123.4.5.6 (which is, 3ffe:0501:1234:ffff:0000:0000:7b04:0506). -The address mapping can be performed by hand:-), by special nameserver on +The address mapping can be performed by hand:-), by speical nameserver on the network, or by special resolver on the source node. @@ -42,7 +41,7 @@ Setup ===== The following example assumes: -- You have assigned 3ffe:0501:1234:ffff:: as FAITH address prefix. +- You have assigned 3ffe:0501:1234:ffff:: as FAITH adderss prefix. - You are willing to provide IPv6-to IPv4 TCP relay for telnet. <<On the translating router on which faithd runs>> @@ -58,13 +57,8 @@ The following example assumes: (3) Route packets toward FAITH prefix into "faith0" interface. # ifconfig faith0 up - # route add -inet6 3ffe:0501:1234:ffff:: -prefixlen 64 -interface faith0 - - or, on platforms that has problem with "-interface": - # ifconfig faith0 up # route add -inet6 3ffe:0501:1234:ffff:: -prefixlen 64 \ - fe80:q::xxxx:yyyy:zzzz:wwww - (the last one is link-local address assigned for faith0) + fe80::xxxx:yyyy:zzzz:wwww%faith0 (4) Execute "faithd" by root as follows: @@ -82,7 +76,7 @@ The following example assumes: # faithd login /usr/local/v6/libexec/rlogin rlogind # faithd shell /usr/local/v6/libexec/rshd rshd # faithd ftpd /usr/local/v6/libexec/ftpd ftpd -l - # faithd ssh + # faithd sshd <<Routing>> @@ -96,13 +90,12 @@ There are two ways to translate IPv4 address to IPv6 address: (a) Faked by DNS (b) Faked by /etc/hosts. -(5.a) Install "newbie" and set up FAITH mode. See kit/ports/newbie of - KAME package. KAME package is obtained from www.kame.net. +(5.a) Install "newbie" and set up FAITH mode. See kit/ports/newbie. (5.b) Add an entry into /etc/hosts so that you can resolve hostname into -faked IPv6 address. For example, add the following line for www.freebsd.org: +faked IPv6 addrss. For example, add the following line for www.netbsd.org: - 3ffe:0501:1234:ffff::204.216.27.21 www.freebsd.org + 3ffe:0501:1234:ffff::140.160.140.252 www.netbsd.org <<On the translating router on which faithd runs.>> @@ -125,16 +118,16 @@ want to do the following: By this way, you can restrict IPv4 destination to 123.0.0.0/8. You may also want to reject packets toward 3ffe:0501:1234:ffff::/64 which -is not in 3ffe:0501:1234:ffff::123.0.0.0/104. This will be left as exercise +is not in 3ffe:0501:1234:ffff::123.0.0.0/104. This will be left as excerside for the reader. By doing this, you will be able to provide your IPv4 web server to outside IPv6 customers, without risks of unwanted open relays. - [[[[ IPv6 network outside ]]]] | + [[[[ IPv6 network outside ]]]] | | | connection node that runs FAITH-daemon (usually a router) v | - ========+======== IPv4/v6 network in your site + ========+======== IPv4/v6 network in your site | (123.0.0.0/8) IPv4 web server diff --git a/usr.sbin/faithd/faithd.8 b/usr.sbin/faithd/faithd.8 index 62c721a..6e42f27 100644 --- a/usr.sbin/faithd/faithd.8 +++ b/usr.sbin/faithd/faithd.8 @@ -1,6 +1,8 @@ +.\" $KAME: faithd.8,v 1.12 2000/07/04 13:15:01 itojun Exp $ +.\" .\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. .\" All rights reserved. -.\" +.\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: @@ -12,7 +14,7 @@ .\" 3. Neither the name of the project nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. -.\" +.\" .\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -25,10 +27,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: faithd.8,v 1.3 1999/10/07 04:22:14 itojun Exp $ .\" $FreeBSD$ .\" -.Dd January 27, 2000 +.Dd May 17, 1998 .Dt FAITHD 8 .Os .Sh NAME @@ -38,35 +39,18 @@ .Nm .Op Fl dp .Op Ar service Op Ar serverpath Op Ar serverargs +.Nm "" .Sh DESCRIPTION .Nm -provides IPv6/v4 TCP relay for the specified -.Ar service . -.Pp +provides IPv6-to-IPv4 TCP relay. .Nm -must be invoked on IPv4/v6 -dual stack router. -The router must be configured to capture all the TCP traffic -toward reserved -.Tn IPv6 -address prefix, by using -.Xr route 8 -and -.Xr sysctl 8 -commands. -.Nm -will daemonize itself on invocation. +must be used on an IPv4/v6 dual stack router. .Pp +When .Nm -will listen to +receives .Tn TCPv6 -port -.Ar service . -If -.Tn TCPv6 -traffic to port -.Ar service -is found, +traffic, .Nm will relay the .Tn TCPv6 @@ -88,20 +72,47 @@ destination address is the traffic will be relayed to IPv4 destination .Li 10.1.1.1 . .Pp -If -.Ar service -is not given, -.Li telnet -is assumed, and +To use .Nm -will relay TCP traffic on TCP port -.Li telnet . -With -.Ar service , +translation service, +an IPv6 address prefix must be reserved for mapping IPv4 addresses into. +Kernel must be properly configured to route all the TCP connection +toward the reserved IPv6 address prefix into the +.Xr faith 4 +pseudo interface, by using +.Xr route 8 +command. +Also, +.Xr sysctl 8 +should be used to configure +.Dv net.inet6.ip6.keepfaith +to +.Dv 1 . +.Pp +The router must be configured to capture all the TCP traffic +toward reserved +.Tn IPv6 +address prefix, by using +.Xr route 8 +and +.Xr sysctl 8 +commands. +.Ss Daemon mode +When .Nm -will work as TCP relaying daemon for specified +is invoked as a standalone program, +.Nm +will daemonize itself. +.Nm +will listen to +.Tn TCPv6 +port +.Ar service . +If +.Tn TCPv6 +traffic to port .Ar service -as described above. +is found, it relays the connection. .Pp Since .Nm @@ -126,22 +137,20 @@ You can also specify .Ar serverargs for the arguments for the local daemon. .Pp -To use +If +.Ar service +is not given, +.Li telnet +is assumed, and .Nm -translation service, -an IPv6 address prefix must be reserved for mapping IPv4 addresses into. -Kernel must be properly configured to route all the TCP connection -toward the reserved IPv6 address prefix into the -.Dv faith -pseudo interface, by using -.Xr route 8 -command. -Also, -.Xr sysctl 8 -should be used to configure -.Dv net.inet6.ip6.keepfaith -to -.Dv 1 . +will relay TCP traffic on TCP port +.Li telnet . +With +.Ar service , +.Nm +will work as TCP relaying daemon for specified +.Ar service +as described above. .Pp If .Fl d @@ -160,7 +169,7 @@ and .Fl p is not necessary as special program code is supplied. .Pp -.Nm +.Nm will relay both normal and out-of-band TCP data. It is capable of emulating TCP half close as well. .Nm @@ -187,12 +196,50 @@ Inactive sessions will be disconnected in 30 minutes, to avoid stale sessions from chewing up resources. This may be inappropriate for some of the services .Pq should this be configurable? . +.Ss inetd mode +When +.Nm +is invoked via +.Xr inetd 8 , +.Nm +will handle connection passed from standard input. +If it the connection endpoint is in the reserved IPv6 address prefix. +.Nm +will relay the connection. +Otherwise, +.Nm +will invoke service-specific daemon like +.Xr telnetd 8 , +by using the command argument passed from +.Xr inetd 8 . +.Pp +.Nm +determines operation mode by the local TCP port number, +and enables special protocol handling whenever necessary/possible. +For example, if +.Nm +is invoked via +.Xr inetd 8 +on FTP port, it will operate as a FTP relay. +.Pp +The operation mode requires special support for +.Nm +in +.Xr inetd 8 . .Sh EXAMPLES Before invoking .Nm Ns , .Xr faith 4 interface has to be configured properly. -.Pp +.Bd -literal -offset +# sysctl -w net.inet6.ip6.accept_rtadv=0 +# sysctl -w net.inet6.ip6.forwarding=1 +# sysctl -w net.inet6.ip6.keepfaith=1 +# ifconfig faith0 up +# route add -inet6 3ffe:501:4819:ffff:: -prefixlen 96 ::1 +# route change -inet6 3ffe:501:4819:ffff:: -prefixlen 96 -ifp faith0 +.Ed +.Ss Daemon mode samples To translate .Li telnet service, and provide no local telnet service, invoke @@ -200,29 +247,60 @@ service, and provide no local telnet service, invoke as either of the following: .Bd -literal -offset # faithd -# faithd telnet +# faithd telnet .Ed .Pp If you would like to provide local telnet service via .Xr telnetd 8 on -.Pa /usr/libexec/telnetd , -user the following command line: +.Pa /usr/local/v6/libexec/telnetd , +use the following command line: .Bd -literal -offset -# faithd telnet /usr/libexec/telnetd telnetd +# faithd telnet /usr/local/v6/libexec/telnetd telnetd .Ed .Pp If you would like to pass extra arguments to the local daemon: .Bd -literal -offset -# faithd ftpd /usr/libexec/ftpd ftpd -l +# faithd ftpd /usr/local/v6/libexec/ftpd ftpd -l .Ed .Pp -Here are some other examples: +Here are some other examples. +You may need +.Fl p +to translate rsh/rlogin services. .Bd -literal -offset -# faithd login /usr/libexec/rlogin rlogind -# faithd shell /usr/libexec/rshd rshd # faithd sshd +# faithd login /usr/local/v6/libexec/rlogin rlogind +# faithd shell /usr/local/v6/libexec/rshd rshd .Ed +.Pp +However, you should be careful when translating rlogin or rsh +connections. See +.Sx SECURITY NOTICE +for more details. +.Ss inetd mode samples +Add the following lines into +.Xr inetd.conf 5 . +Syntax may vary depending upon your operating system. +.Bd -literal -offset +telnet stream faith/tcp6 nowait root faithd telnetd +ftp stream faith/tcp6 nowait root faithd ftpd -l +ssh stream faith/tcp6 nowait root faithd /usr/pkg/bin/sshd -i +.Ed +.Pp +.Xr inetd 8 +will open listening sockets with enabling kernel TCP relay support. +Whenever connection comes in, +.Nm +will be invoked by +.Xr inetd 8 . +If it the connection endpoint is in the reserved IPv6 address prefix. +.Nm +will relay the connection. +Otherwise, +.Nm +will invoke service-specific daemon like +.Xr telnetd 8 . .Sh RETURN VALUES .Nm exits with @@ -240,8 +318,8 @@ on error. .%A Jun-ichiro itojun Hagino .%A Kazu Yamamoto .%T "An IPv6-to-IPv4 transport relay translator" -.%R Internet draft -.%N draft-ietf-ngtrans-tcpudp-relay-00.txt +.%R internet draft +.%N draft-ietf-ngtrans-tcpudp-relay-01.txt .%O work in progress material .Re .Sh SECURITY NOTICE @@ -250,6 +328,21 @@ It is very insecure to use and other IP-address based authentication, for connections relayed by .Nm .Pq and any other TCP relaying services . +.Pp +.Nm +itself does not implement access controls, as +it intends to implement transparent TCP relay services. +Administrators are advised to filter packets based on IPv6 address. +IPv6 destination address can be limited by +carefully configuring routing entries that points to +.Xr faith 4 , +using +.Xr route 8 . +IPv6 source address needs to be filtered by using packet filters. +Documents listed in +.Sx SEE ALSO +have more discussions on this topic. +.\" .Sh HISTORY The .Nm diff --git a/usr.sbin/faithd/faithd.c b/usr.sbin/faithd/faithd.c index 6c4a6a4..4d4f19e 100644 --- a/usr.sbin/faithd/faithd.c +++ b/usr.sbin/faithd/faithd.c @@ -1,7 +1,9 @@ +/* $KAME: faithd.c,v 1.20 2000/07/01 11:40:45 itojun Exp $ */ + /* * Copyright (C) 1997 and 1998 WIDE Project. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -13,7 +15,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -35,6 +37,7 @@ * Usage: faithd [<port> <progpath> <arg1(progname)> <arg2> ...] * e.g. faithd telnet /usr/local/v6/sbin/telnetd telnetd */ +#define HAVE_GETIFADDRS #include <sys/param.h> #include <sys/types.h> @@ -44,7 +47,9 @@ #include <sys/stat.h> #include <sys/time.h> #include <sys/ioctl.h> +#ifdef __FreeBSD__ #include <libutil.h> +#endif #include <stdio.h> #include <stdlib.h> @@ -68,6 +73,9 @@ #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> +#ifdef HAVE_GETIFADDRS +#include <ifaddrs.h> +#endif #ifdef FAITH4 #include <resolv.h> @@ -95,8 +103,11 @@ static int sockfd = 0; #endif int dflag = 0; static int pflag = 0; +static int inetd = 0; int main __P((int, char **)); +static int inetd_main __P((int, char **)); +static int daemon_main __P((int, char **)); static void play_service __P((int)); static void play_child __P((int, struct sockaddr *)); static int faith_prefix __P((struct sockaddr *)); @@ -107,24 +118,17 @@ static int map4to6 __P((struct sockaddr_in *, struct sockaddr_in6 *)); static void sig_child __P((int)); static void sig_terminate __P((int)); static void start_daemon __P((void)); +#ifndef HAVE_GETIFADDRS static unsigned int if_maxindex __P((void)); +#endif static void grab_myaddrs __P((void)); static void free_myaddrs __P((void)); static void update_myaddrs __P((void)); static void usage __P((void)); int -main(int argc, char *argv[]) +main(int argc, char **argv) { - struct addrinfo hints, *res; - int s_wld, error, i, serverargc, on = 1; - int family = AF_INET6; - int c; -#ifdef FAITH_NS - char *ns; -#endif /* FAITH_NS */ - extern int optind; - extern char *optarg; /* * Initializing stuff @@ -136,6 +140,87 @@ main(int argc, char *argv[]) else faithdname = argv[0]; + if (strcmp(faithdname, "faithd") != 0) { + inetd = 1; + return inetd_main(argc, argv); + } else + return daemon_main(argc, argv); +} + +static int +inetd_main(int argc, char **argv) +{ + char path[MAXPATHLEN]; + struct sockaddr_storage me; + struct sockaddr_storage from; + int melen, fromlen; + int i; + int error; + const int on = 1; + char sbuf[NI_MAXSERV], snum[NI_MAXSERV]; + + if (strrchr(argv[0], '/') == NULL) + snprintf(path, sizeof(path), "%s/%s", DEFAULT_DIR, argv[0]); + else + snprintf(path, sizeof(path), "%s", argv[0]); + +#ifdef USE_ROUTE + grab_myaddrs(); + + sockfd = socket(PF_ROUTE, SOCK_RAW, PF_UNSPEC); + if (sockfd < 0) { + exit_error("socket(PF_ROUTE): %s", ERRSTR); + /*NOTREACHED*/ + } +#endif + + melen = sizeof(me); + if (getsockname(STDIN_FILENO, (struct sockaddr *)&me, &melen) < 0) + exit_error("getsockname"); + fromlen = sizeof(from); + if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) + exit_error("getpeername"); + if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0, + sbuf, sizeof(sbuf), NI_NUMERICHOST) == 0) + service = sbuf; + else + service = DEFAULT_PORT_NAME; + if (getnameinfo((struct sockaddr *)&me, melen, NULL, 0, + snum, sizeof(snum), NI_NUMERICHOST) != 0) + snprintf(snum, sizeof(snum), "?"); + + snprintf(logname, sizeof(logname), "faithd %s", snum); + snprintf(procname, sizeof(procname), "accepting port %s", snum); + openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); + + if (argc >= MAXARGV) + exit_failure("too many augments"); + serverarg[0] = serverpath = path; + for (i = 1; i < argc; i++) + serverarg[i] = argv[i]; + serverarg[i] = NULL; + + error = setsockopt(STDIN_FILENO, SOL_SOCKET, SO_OOBINLINE, &on, + sizeof(on)); + if (error < 0) + exit_error("setsockopt(SO_OOBINLINE): %s", ERRSTR); + + play_child(STDIN_FILENO, (struct sockaddr *)&from); + exit_failure("should not reach here"); + return 0; /*dummy!*/ +} + +static int +daemon_main(int argc, char **argv) +{ + struct addrinfo hints, *res; + int s_wld, error, i, serverargc, on = 1; + int family = AF_INET6; + int c; +#ifdef FAITH_NS + char *ns; +#endif /* FAITH_NS */ + while ((c = getopt(argc, argv, "dp46")) != -1) { switch (c) { case 'd': @@ -191,17 +276,17 @@ main(int argc, char *argv[]) break; default: serverargc = argc - NUMARG; - if (serverargc > MAXARGV) - exit_error("too many arguments"); + if (serverargc >= MAXARGV) + exit_error("too many augments"); - serverpath = malloc(strlen(argv[NUMPRG])); + serverpath = malloc(strlen(argv[NUMPRG]) + 1); strcpy(serverpath, argv[NUMPRG]); for (i = 0; i < serverargc; i++) { - serverarg[i] = malloc(strlen(argv[i + NUMARG])); + serverarg[i] = malloc(strlen(argv[i + NUMARG]) + 1); strcpy(serverarg[i], argv[i + NUMARG]); } serverarg[i] = NULL; - /* FALLTHROUGH */ + /* fall throuth */ case 1: /* no local service */ service = argv[NUMPRT]; break; @@ -217,12 +302,8 @@ main(int argc, char *argv[]) hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = 0; error = getaddrinfo(NULL, service, &hints, &res); - if (error) { - fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(error)); - if (error == EAI_SYSTEM) - exit_error("getaddrinfo: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } + if (error) + exit_error("getaddrinfo: %s", gai_strerror(error)); s_wld = socket(res->ai_family, res->ai_socktype, res->ai_protocol); if (s_wld == -1) @@ -278,10 +359,10 @@ main(int argc, char *argv[]) snprintf(logname, sizeof(logname), "faithd %s", service); snprintf(procname, sizeof(procname), "accepting port %s", service); openlog(logname, LOG_PID | LOG_NOWAIT, LOG_DAEMON); - syslog(LOG_INFO, "starting faith daemon for %s port", service); + syslog(LOG_INFO, "Staring faith daemon for %s port", service); play_service(s_wld); - /*NOTREACHED*/ + /*NOTRECHED*/ exit(1); /*pacify gcc*/ } @@ -354,7 +435,7 @@ again: static void play_child(int s_src, struct sockaddr *srcaddr) { - struct sockaddr_storage dstaddr6; + struct sockaddr_storage dstaddr6; struct sockaddr_storage dstaddr4; char src[MAXHOSTNAMELEN]; char dst6[MAXHOSTNAMELEN]; @@ -385,10 +466,12 @@ play_child(int s_src, struct sockaddr *srcaddr) * Local service */ syslog(LOG_INFO, "executing local %s", serverpath); - dup2(s_src, 0); - close(s_src); - dup2(0, 1); - dup2(0, 2); + if (!inetd) { + dup2(s_src, 0); + close(s_src); + dup2(0, 1); + dup2(0, 2); + } execv(serverpath, serverarg); syslog(LOG_ERR, "execv %s: %s", serverpath, ERRSTR); _exit(EXIT_FAILURE); @@ -597,9 +680,6 @@ map4to6(struct sockaddr_in *dst4, struct sockaddr_in6 *dst6) if ((ai_errno = getaddrinfo(host, serv, &hints, &res)) != 0) { syslog(LOG_INFO, "%s %s: %s", host, serv, gai_strerror(ai_errno)); - if (ai_errno == EAI_SYSTEM) - syslog(LOG_INFO, "%s %s: %s", host, serv, - strerror(errno)); return 0; } @@ -625,7 +705,7 @@ sig_child(int sig) void sig_terminate(int sig) { - syslog(LOG_INFO, "terminating faith daemon"); + syslog(LOG_INFO, "Terminating faith daemon"); exit(EXIT_SUCCESS); } @@ -664,7 +744,7 @@ exit_failure(const char *fmt, ...) va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); - syslog(LOG_ERR, buf); + syslog(LOG_ERR, "%s", buf); exit(EXIT_FAILURE); } @@ -677,11 +757,12 @@ exit_success(const char *fmt, ...) va_start(ap, fmt); vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); - syslog(LOG_INFO, buf); + syslog(LOG_INFO, "%s", buf); exit(EXIT_SUCCESS); } #ifdef USE_ROUTE +#ifndef HAVE_GETIFADDRS static unsigned int if_maxindex() { @@ -696,17 +777,73 @@ if_maxindex() if_freenameindex(p0); return max; } +#endif static void grab_myaddrs() { +#ifdef HAVE_GETIFADDRS + struct ifaddrs *ifap, *ifa; + struct myaddrs *p; + struct sockaddr_in6 *sin6; + + if (getifaddrs(&ifap) != 0) { + exit_failure("getifaddrs"); + /*NOTREACHED*/ + } + + for (ifa = ifap; ifa; ifa = ifa->ifa_next) { + switch (ifa->ifa_addr->sa_family) { + case AF_INET: + case AF_INET6: + break; + default: + continue; + } + + p = (struct myaddrs *)malloc(sizeof(struct myaddrs) + + ifa->ifa_addr->sa_len); + if (!p) { + exit_failure("not enough core"); + /*NOTREACHED*/ + } + memcpy(p + 1, ifa->ifa_addr, ifa->ifa_addr->sa_len); + p->next = myaddrs; + p->addr = (struct sockaddr *)(p + 1); +#ifdef __KAME__ + if (ifa->ifa_addr->sa_family == AF_INET6) { + sin6 = (struct sockaddr_in6 *)p->addr; + if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr) + || IN6_IS_ADDR_SITELOCAL(&sin6->sin6_addr)) { + sin6->sin6_scope_id = + ntohs(*(u_int16_t *)&sin6->sin6_addr.s6_addr[2]); + sin6->sin6_addr.s6_addr[2] = 0; + sin6->sin6_addr.s6_addr[3] = 0; + } + } +#endif + myaddrs = p; + if (dflag) { + char hbuf[NI_MAXHOST]; + getnameinfo(p->addr, p->addr->sa_len, + hbuf, sizeof(hbuf), NULL, 0, + NI_NUMERICHOST); + syslog(LOG_INFO, "my interface: %s %s", hbuf, + ifa->ifa_name); + } + } + + freeifaddrs(ifap); +#else int s; unsigned int maxif; struct ifreq *iflist; struct ifconf ifconf; - struct ifreq *ifr, *ifr_end; + struct ifreq *ifr, *ifrp, *ifr_end; struct myaddrs *p; struct sockaddr_in6 *sin6; + size_t siz; + char ifrbuf[sizeof(struct ifreq) + 1024]; maxif = if_maxindex() + 1; iflist = (struct ifreq *)malloc(maxif * BUFSIZ); /* XXX */ @@ -730,10 +867,21 @@ grab_myaddrs() /* Look for this interface in the list */ ifr_end = (struct ifreq *) (ifconf.ifc_buf + ifconf.ifc_len); - for (ifr = ifconf.ifc_req; - ifr < ifr_end; - ifr = (struct ifreq *) ((char *) &ifr->ifr_addr - + ifr->ifr_addr.sa_len)) { + for (ifrp = ifconf.ifc_req; + ifrp < ifr_end; + ifrp = (struct ifreq *)((char *)ifrp + siz)) { + memcpy(ifrbuf, ifrp, sizeof(*ifrp)); + ifr = (struct ifreq *)ifrbuf; + siz = ifr->ifr_addr.sa_len; + if (siz < sizeof(ifr->ifr_addr)) + siz = sizeof(ifr->ifr_addr); + siz += (sizeof(*ifrp) - sizeof(ifr->ifr_addr)); + if (siz > sizeof(ifrbuf)) { + /* ifr too big */ + break; + } + memcpy(ifrbuf, ifrp, siz); + switch (ifr->ifr_addr.sa_family) { case AF_INET: case AF_INET6: @@ -773,6 +921,7 @@ grab_myaddrs() } free(iflist); +#endif } static void diff --git a/usr.sbin/faithd/faithd.h b/usr.sbin/faithd/faithd.h index 55566ed..b882aad 100644 --- a/usr.sbin/faithd/faithd.h +++ b/usr.sbin/faithd/faithd.h @@ -1,7 +1,9 @@ +/* $KAME: faithd.h,v 1.2 2000/05/31 03:06:07 itojun Exp $ */ + /* * Copyright (C) 1997 and 1998 WIDE Project. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -13,7 +15,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -43,8 +45,9 @@ extern void exit_success __P((const char *fmt, ...)); extern void exit_failure __P((const char *fmt, ...)); #define DEFAULT_PORT_NAME "telnet" -#define DEFAULT_PATH "/usr/local/v6/libexec/telnetd" +#define DEFAULT_DIR "/usr/local/v6/libexec" #define DEFAULT_NAME "telnetd" +#define DEFAULT_PATH (DEFAULT_DIR "/" DEFAULT_NAME) #define FTP_PORT 21 #define RLOGIN_PORT 513 diff --git a/usr.sbin/faithd/ftp.c b/usr.sbin/faithd/ftp.c index b45017a..53f94f1 100644 --- a/usr.sbin/faithd/ftp.c +++ b/usr.sbin/faithd/ftp.c @@ -1,7 +1,9 @@ +/* $KAME$ */ + /* * Copyright (C) 1997 and 1998 WIDE Project. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -13,7 +15,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -405,7 +407,7 @@ ftp_copyresult(int src, int dst, enum state state) if (!passivemode && rbuf[0] == '1') { if (ftp_activeconn() < 0) { n = snprintf(rbuf, sizeof(rbuf), - "425 Cannot open data connection\r\n"); + "425 Cannot open data connetion\r\n"); } } write(dst, rbuf, n); @@ -555,10 +557,10 @@ passivefail: p = (char *)&sin6->sin6_port; n = snprintf(sbuf, sizeof(sbuf), "228 Entering Long Passive Mode (%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d)\r\n", - 6, 16, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), - UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]), - UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]), - UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]), + 6, 16, UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), + UC(a[4]), UC(a[5]), UC(a[6]), UC(a[7]), + UC(a[8]), UC(a[9]), UC(a[10]), UC(a[11]), + UC(a[12]), UC(a[13]), UC(a[14]), UC(a[15]), 2, UC(p[0]), UC(p[1])); write(dst, sbuf, n); passivemode = 1; @@ -676,7 +678,7 @@ passivefail2: p = (char *)&sin->sin_port; n = snprintf(sbuf, sizeof(sbuf), "227 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n", - UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), + UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); write(dst, sbuf, n); passivemode = 1; @@ -921,12 +923,7 @@ eprtparamfail: error = getaddrinfo(hostp, portp, &hints, &res); if (error) { n = snprintf(sbuf, sizeof(sbuf), - "501 EPRT: %s", gai_strerror(error)); - if (error == EAI_SYSTEM) - n += snprintf(sbuf, sizeof(sbuf), - ": %s", strerror(errno)); - n += snprintf(sbuf, sizeof(sbuf), "\r\n"); - + "501 EPRT: %s\r\n", gai_strerror(error)); write(src, sbuf, n); return n; } diff --git a/usr.sbin/faithd/rsh.c b/usr.sbin/faithd/rsh.c index e66ced1..735f01e 100644 --- a/usr.sbin/faithd/rsh.c +++ b/usr.sbin/faithd/rsh.c @@ -1,7 +1,9 @@ +/* $KAME$ */ + /* * Copyright (C) 1997 and 1998 WIDE Project. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -13,7 +15,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -69,7 +71,7 @@ rsh_relay(int s_src, int s_dst) if (error == -1) exit_failure("select %d: %s", s_src, ERRSTR); else if (error == 0) - exit_failure("connection timeout"); + exit_failure("connecion timeout"); n = read(s_src, rshbuf, sizeof(rshbuf)); if (rshbuf[0] != 0) { @@ -112,7 +114,7 @@ relay(int src, int dst) close(dst); close(s_ctl); close(s_ctl6); - exit_success("terminating rsh/control connections"); + exit_success("terminating rsh/contorol connections"); break; default: write(s_snd, rshbuf, n); @@ -180,7 +182,7 @@ rsh_dual_relay(int s_src, int s_dst) if (error == -1) exit_failure("select 4 sockets: %s", ERRSTR); else if (error == 0) - exit_failure("connection timeout"); + exit_failure("connecion timeout"); if (half == NO && FD_ISSET(s_src, &readfds)) { s_rcv = s_src; diff --git a/usr.sbin/faithd/tcp.c b/usr.sbin/faithd/tcp.c index e1e1b32..004686f 100644 --- a/usr.sbin/faithd/tcp.c +++ b/usr.sbin/faithd/tcp.c @@ -1,7 +1,9 @@ +/* $KAME$ */ + /* * Copyright (C) 1997 and 1998 WIDE Project. * All rights reserved. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -13,7 +15,7 @@ * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. - * + * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |