Repository: troglobit/smcroute Branch: master Commit: e36897c76410 Files: 95 Total size: 414.1 KB Directory structure: gitextract_5o0vch3v/ ├── .github/ │ ├── CONTRIBUTING.md │ ├── FUNDING.yml │ ├── SECURITY.md │ └── workflows/ │ ├── build.yml │ ├── coverity.yml │ └── release.yml ├── .gitignore ├── COPYING ├── ChangeLog.md ├── Makefile.am ├── README.md ├── autogen.sh ├── configure.ac ├── doc/ │ ├── AUTHORS │ └── TODO.md ├── lib/ │ ├── malloc.c │ ├── strlcat.c │ ├── strlcpy.c │ ├── tempfile.c │ └── utimensat.c ├── m4/ │ ├── misc.m4 │ └── mroute.m4 ├── man/ │ ├── Makefile.am │ ├── smcroute.conf.5 │ ├── smcroutectl.8 │ └── smcrouted.8 ├── smcroute ├── smcroute.conf ├── smcroute.default ├── smcroute.init ├── smcroute.service.in ├── src/ │ ├── Makefile.am │ ├── cap.c │ ├── cap.h │ ├── conf.c │ ├── conf.h │ ├── iface.c │ ├── iface.h │ ├── inet.c │ ├── inet.h │ ├── ip_mroute.h │ ├── ipc.c │ ├── ipc.h │ ├── kern.c │ ├── kern.h │ ├── log.c │ ├── log.h │ ├── mcgroup.c │ ├── mcgroup.h │ ├── mrdisc.c │ ├── mrdisc.h │ ├── mroute.c │ ├── mroute.h │ ├── msg.c │ ├── msg.h │ ├── notify.c │ ├── notify.h │ ├── pidfile.c │ ├── queue.h │ ├── script.c │ ├── script.h │ ├── smcroutectl.c │ ├── smcrouted.c │ ├── socket.c │ ├── socket.h │ ├── systemd.c │ ├── timer.c │ ├── timer.h │ └── util.h └── test/ ├── .gitignore ├── Makefile.am ├── README.md ├── adv.sh ├── basic.sh ├── batch.sh ├── bridge.sh ├── dyn.sh ├── expire.sh ├── gre.sh ├── include.sh ├── ipv6.sh ├── isolated.sh ├── join.sh ├── joinlen.sh ├── lib.sh ├── lost.sh ├── mem.sh ├── mrcache.sh ├── mrdisc.sh ├── multi.sh ├── poison.sh ├── reload.sh ├── reload6.sh ├── vlan.sh └── vrfy.sh ================================================ FILE CONTENTS ================================================ ================================================ FILE: .github/CONTRIBUTING.md ================================================ Contributing to SMCRoute ======================== Thank you for considering contributing back to [Free Software][1]! There are a few things we would like you to consider when filing an issue or pull request with this project: 1. If you are filing a bug report or feature request Please take the time to check if an issue already has been filed matching your problem 2. What version are you running, have you tried the latest release? UNIX distributions often package and test software for their particular brand. If you are using a pre-packaged version, then please file a bug with that distribution instead. 3. Coding Style Lines are allowed to be longer than 72 characters these days, there is no enforced max. length. > **Tip:** Always submit code that follows the style of surrounding code! The coding style itself is strictly Linux [KNF][], like GIT it is becoming a de facto standard for C programming https://www.kernel.org/doc/Documentation/CodingStyle 4. Logical Change Sets Changes should be broken down into logical units that add a feature or fix a bug. Keep changes separate from each other and do not mix a bug fix with a whitespace cleanup or a new feature addition. This is important not only for readilibity, or for the possibility of maintainers to revert changes, but does also increase your chances of having a change accepted. 5. Commit messages Commit messages exist to track *why* a change was made. Try to be as clear and concise as possible in your commit messages, and always, be proud of your work and set up a proper GIT identity for your commits: git config --global user.name "J. Random Hacker" git config --global user.email random.j.hacker@example.com See this helpful guide for how to write simple, readable commit messages, or have at least a look at the below example. http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html Example ------- Example commit message from the [Pro Git][gitbook] online book, notice how `git commit -s` is used to automatically add a `Signed-off-by`: Capitalized, short (50 chars or less) summary More detailed explanatory text, if necessary. Wrap it to about 72 characters or so. In some contexts, the first line is treated as the subject of an email and the rest of the text as the body. The blank line separating the summary from the body is critical (unless you omit the body entirely); tools like rebase can get confused if you run the two together. Write your commit message in the imperative: "Fix bug" and not "Fixed bug" or "Fixes bug." This convention matches up with commit messages generated by commands like git merge and git revert. Further paragraphs come after blank lines. - Bullet points are okay, too - Typically a hyphen or asterisk is used for the bullet, followed by a single space, with blank lines in between, but conventions vary here - Use a hanging indent Signed-off-by: J. Random Hacker [1]: http://www.gnu.org/philosophy/free-sw.en.html [KNF]: https://en.wikipedia.org/wiki/Kernel_Normal_Form [gitbook]: https://git-scm.com/book/ch5-2.html ================================================ FILE: .github/FUNDING.yml ================================================ # These are supported funding model platforms github: [troglobit] ================================================ FILE: .github/SECURITY.md ================================================ # Security Policy ## Supported Versions SMCRoute is a small project, as such we have no possibility to support older versions. The only supported version is the latest released on GitHub: ## Reporting a Vulnerability Contact the project's main author and owner to report and discuss vulnerabilities. ================================================ FILE: .github/workflows/build.yml ================================================ name: Bob the Builder # Run on all branches, including all pull requests, except the 'dev' # branch since that's where we run Coverity Scan (limited tokens/day) on: push: branches: - '**' - '!dev' pull_request: branches: - '**' jobs: build: # Verify we can build on latest Ubuntu with both gcc and clang name: ${{ matrix.compiler }} runs-on: ubuntu-latest strategy: matrix: compiler: [gcc, clang] fail-fast: false env: MAKEFLAGS: -j3 CC: ${{ matrix.compiler }} steps: - name: Install dependencies run: | sudo modprobe ip_gre sudo apt-get -y update sudo apt-get -y install pkg-config libsystemd-dev libcap-dev tshark iptables valgrind - uses: actions/checkout@v6 - name: Configure # Build in a sub-directory so we can safely set a+w on all # directories. Needed for `make check` since it runs with # root dropped and wants to write .trs and .log files. run: | set -x OPTS="--cache-file=/tmp/config.cache --prefix= --enable-mrdisc --enable-test" ./autogen.sh if [ "$CC" = "clang" ]; then compat_valgrind="-gdwarf-4" fi ./configure $OPTS CFLAGS="$compat_valgrind" make dist && archive=$(ls *.tar.gz) if [ -n "$archive" -a -f "$archive" ]; then tar xf "$archive" dir=$(echo "$archive" |rev |cut -f3- -d. |rev) cd "$dir" fi mkdir -p .build/dir cd .build/dir ../../configure $OPTS CFLAGS="$compat_valgrind" chmod -R a+w . - name: Build run: | make - name: Install to ~/tmp and Inspect run: | DESTDIR=~/tmp make install-strip tree ~/tmp ldd ~/tmp/sbin/smcrouted size ~/tmp/sbin/smcrouted ldd ~/tmp/sbin/smcroutectl size ~/tmp/sbin/smcroutectl ~/tmp/sbin/smcrouted -h ~/tmp/sbin/smcroutectl -h - name: Enable unprivileged userns (unshare) run: | sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 - name: Run Unit Tests run: | make check || (cat test/test-suite.log; false) - name: Upload Test Results uses: actions/upload-artifact@v7 with: name: smcroute-test-${{ matrix.compiler }} path: test/* ================================================ FILE: .github/workflows/coverity.yml ================================================ name: Coverity Scan on: push: branches: - 'dev' workflow_dispatch: env: PROJECT_NAME: smcroute CONTACT_EMAIL: troglobit@gmail.com COVERITY_NAME: troglobit-smcroute COVERITY_PROJ: troglobit%2Fsmcroute jobs: coverity: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - name: Fetch latest Coverity Scan MD5 id: var env: TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} run: | wget -q https://scan.coverity.com/download/cxx/linux64 \ --post-data "token=$TOKEN&project=${COVERITY_PROJ}&md5=1" \ -O coverity-latest.tar.gz.md5 echo "md5=$(cat coverity-latest.tar.gz.md5)" | tee -a $GITHUB_OUTPUT - uses: actions/cache@v5 id: cache with: path: coverity-latest.tar.gz key: ${{ runner.os }}-coverity-${{ steps.var.outputs.md5 }} restore-keys: | ${{ runner.os }}-coverity-${{ steps.var.outputs.md5 }} ${{ runner.os }}-coverity- ${{ runner.os }}-coverity - name: Download Coverity Scan env: TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} run: | if [ ! -f coverity-latest.tar.gz ]; then wget -q https://scan.coverity.com/download/cxx/linux64 \ --post-data "token=$TOKEN&project=${COVERITY_PROJ}" \ -O coverity-latest.tar.gz else echo "Latest Coverity Scan available from cache :-)" md5sum coverity-latest.tar.gz fi mkdir coverity tar xzf coverity-latest.tar.gz --strip 1 -C coverity - name: Install dependencies run: | sudo apt-get -y update sudo apt-get -y install pkg-config libsystemd-dev libcap-dev - name: Configure run: | ./autogen.sh ./configure --prefix= --enable-mrdisc - name: Build run: | export PATH=`pwd`/coverity/bin:$PATH cov-build --dir cov-int make - name: Submit results to Coverity Scan env: TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} run: | tar czvf ${PROJECT_NAME}.tgz cov-int curl \ --form project=${COVERITY_NAME} \ --form token=$TOKEN \ --form email=${CONTACT_EMAIL} \ --form file=@${PROJECT_NAME}.tgz \ --form version=trunk \ --form description="${PROJECT_NAME} $(git rev-parse HEAD)" \ https://scan.coverity.com/builds?project=${COVERITY_PROJ} - name: Upload build.log uses: actions/upload-artifact@v7 with: name: coverity-build.log path: cov-int/build-log.txt ================================================ FILE: .github/workflows/release.yml ================================================ name: Release General on: push: tags: - '[0-9]+.[0-9]+.[0-9]+' jobs: release: name: Build and upload release tarball if: startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - name: Installing dependencies ... run: | sudo modprobe ip_gre sudo apt-get -y update sudo apt-get -y install pkg-config libsystemd-dev libcap-dev tshark iptables valgrind - name: Creating Makefiles ... run: | ./autogen.sh ./configure --prefix= --enable-mrdisc --enable-test - name: Enable unprivileged userns (unshare) run: | sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 - name: Build release ... run: | make release || (cat test/test-suite.log; false) ls -lF ../ mkdir -p artifacts/ mv ../*.tar.* artifacts/ - name: Extract ChangeLog entry ... run: | awk '/-----*/{if (x == 1) exit; x=1;next}x' ChangeLog.md \ |head -n -1 > release.md cat release.md - uses: ncipollo/release-action@v1 with: name: SMCRoute v${{ github.ref_name }} bodyFile: "release.md" artifacts: "artifacts/*" ================================================ FILE: .gitignore ================================================ .deps *~ *.o *.log *.status ID GPATH GRTAGS GSYMS GTAGS Makefile Makefile.in aclocal.m4 autom4te.cache aux/ compile config.h config.h.in configure depcomp install-sh mcsender missing smcrouted smcroutectl smcroute.service stamp-h1 *.tar.* .dirstamp .gdb_history ================================================ FILE: COPYING ================================================ GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. ================================================ FILE: ChangeLog.md ================================================ ChangeLog ========= All notable changes to the project are documented in this file. [v2.5.7][] - 2024-05-09 ----------------------- ### Fixes - Fix #207: crash when adding IPv6 multicast route on a kernel without IPv6 multicast support [v2.5.6][] - 2022-11-28 ----------------------- Despite the new `smcroutectl` batch mode feature, this is primarily a bug fix release. Most notably #183 and #187. ### Changes - Add `smcroutectl` batch support, issue #189. Based on the IPC support added in issue #185, by Alexey Smirnov: ~$ sudo smcroutectl -b <<-EOF join eth0 225.1.2.3 add eth0 192.168.1.42 225.1.2.3 eth1 eth2 rem eth1 225.3.4.5 eth3 leave eth1 225.3.4.5 EOF ~$ ### Fixes - Fix #178: invalid systemd daemon type Simple/Notify vs simple/notify - Fix #179: typo in wildcard routes section of README - Fix #180: minor typo in file and directory names in documentation - Fix #183: casting in IPC code hides error handling of `recv()` - Fix #186: NULL pointer dereference in `utimensat()` replacement function. Found accidentally by Alexey Smirnov. Only triggered on systems that don't have a native `utimensat()` in their C-library, or if you try to build SMCRoute without using its own build system ... - Fix #187: strange behavior joining/leaving the same group - Fix #192: typo in README [v2.5.5][] - 2021-11-21 ----------------------- ### Changes - Revert extraction of version from GIT tag. Incompatible with systems that do `autoreconf` on a dist. tarball ### Fixes - Fix #175: Parse error in `/etc/smcroute.conf`. SMCRoute fails to start on interfaces with `mrdisc` disabled, when built with mrdisc support and `-N` passed on command line [v2.5.4][] - 2021-11-13 ----------------------- ### Changes - Automatically extract new version from GIT tag ### Fixes - Avoid trying to delete inactive VIFs. Fixing an annoying bogus error: *"Failed deleting VIF for iface lo: Resource temporarily unavailable"* - Fix #171: too small string buffer for IPv6 address causing garbled output in periodic expiry callback - Fix too small buffer for IPv6 address in mroute display functions [v2.5.3][] - 2021-09-23 ----------------------- ### Changes - New tests to verify add/del of IPv4/IPv6 routes in kernel MFC ### Fixes - Fix #166: build warning with gcc 10.2.1: "comparison is always true due to limited range of data type" - Fix build warning with `--disable-mrdisc` configure option - Fix #167: cannot remove routes added with `smcroutectl add`, only affects add/del at runtime with smcroutectl, not .conf reload - Fix #168: build problem on Debian/kFreeBSD, used wrong queue.h [v2.5.2][] - 2021-08-27 ----------------------- ### Changes - Allow installing routes with no outbound interfaces - Reinitialize VIFs on reload in case of new interfaces - Handle cases when interfaces change ifindex, i.e. they've first been removed and then re-added with the same name ### Fixes - Fix VIF leak when deleting interfaces with MRDISC enabled - Fix handling when an (S,G) moves to another IIF. This fixes issues where the SMCRoute kernel cache was out of sync with the kernel MFC - Fix handling of lost/disabled interfaces at reload. This fixes a couple of issues where routes were not updated properly at runtime - Update interface flags on reload, this fixes issues when SMCRoute failed to detect interfaces that had their MULTICAST flag set or cleared at runtime . Skip `setsockopt()` for IPC sockets. This fixes warnings in syslog about failing to disable `MULTICAST_LOOP` and `MULTICAST_ALL` [v2.5.1][] - 2021-08-22 ----------------------- ### Changes - Add .sha256 checksum to dist files, useful for packagers ### Fixes - Fix #155: systemd Notify integration, restore `NotifyAccess=main` - Fix #165: ftbfs on older compilers, e.g. gcc 4.8.3, use -std=gnu99 - Fix Documentation refs in systemd unit file, new man pages [v2.5.0][] - 2021-08-19 ----------------------- **Highlights:** native `/etc/smcroute.d/*.conf` support and seamless update/removal of routes and groups by reloading `.conf` files or using `smcroutectl`. Tested on Linux 5.11 and FreeBSD 12.2 ### Changes - Fully automated test suite with 15 tests covering many use cases - Support for `/etc/smcroute.d/*.conf`, issue #103 - Support for applying changes to `.conf` files without disturbing established flows -- i.e., seamless addition or removal of outbound interfaces in existing rules, or add/remove routes, without ever affecting other routes, issue #103 - Support for route replacement/update `smcroutectl`, issue #115 - Full `(*,G)` wildcard route matching, for IPv4 and IPv6, issue #31 - Variant wildcard route matching with source and group range matching. This may of course waste a lot of resources, so handle with care: - `(*,G/LEN)`, issue #135 (IPv4), and issue #162 (IPv6) - `(S/LEN,G)`, issue #81 - `(S/LEN,G/LEN)` - Full SSM/ASM group join support, for both IPv4 and IPv6. Including joining group ranges from both `smcroutectl` and `.conf`, issue #118 Please note, no SSM support on FreeBSD, only Linux - New command line option, `-F file.conf` to verify file syntax, issue #100 - The `-I NAME` command line option has changed to `-i NAME`, compat support for the previous option remains - The `mrdisc` flag to the `phyint` directive is now what solely controls the functionality per interface. Previously a mechanism to enable/disable the functionality (if enabled) if active routes were in place. However, this did not cover `(*,G)` routes so that has been removed to simplify and guarantee full function - Output format from `smcroutectl` has been extensively changed. E.g, new `/LEN` support means wider columns, but heading have also changed - The `.tar.xz` archive has been has been dropped as distribution format, keeping only `tar.gz` ### Fixes - Fix #120: failed ASM/SSM IGMP join if interface has no address - Fix #130: dynamic IPv6 routes are not flushed (like IPv4 `(*,G)`) - Fix #149: `(*,G)` cache timeout callback stops, or never starts - Fix #151: same log entries - Fix #156: `smcruotectl show` does not show IPv6 routes - Fix stochastic timer behavior, e.g. mrdisc announcements experienced interference with the `(*,G)` cache timer [v2.4.4][] - 2019-02-11 ----------------------- ### Changes - Allow same outbound interface as inbound for routes, only warn user - systemd unit file hardening, recommended by Debian - Discontinued GPG signing, unused and signed with only one dev key ### Fixes - Fix #104: IGMP header checksum missing from mrdisc frames - Fix #105: Unblock *all* matching, and currently blocked, (S,G) to a newly installed (*,G) route, only the first know was unblocked - Fix #106: Timer nanosecond bug causing loss of address refresh on DHCP interfaces. Interface monitoring feature introduced in v2.4.3 - Fix #108: Calling init script with `stop` does not stop `smcrouted` - Fix #109: ifindex in UNIX/POSIX is an interger, not unsigned short [v2.4.3][] - 2018-11-06 ----------------------- The Lyon release. ### Changes - Add `strlcat()` replacement from OpenBSD, use instead of `strcat()` - `smcrouted` should never log to system console, proposed by Westermo ### Fixes - `smcrouted` fails to join multicast groups on interfaces that do not yet have an IP address when `smcrouted` starts up, or when it receives `SIGHUP`, e.g. DHCP client interfaces. This patch release adds a timer refresh of interface addresses that retries multicast group joins until an address is set. This is similar to issue #55, but does not handle interfaces that do not exist yet - Make sure Linux alias interfaces (baseif:num) are registered as baseif. Westermo found that use of alias interfaces cause multiple VIFs to be registered for the same base interface causing multicast routes to use the wrong inbound or outbound VIF. Alias interfaces use the same underlying physical interface so only one VIF needed - Fix display of route counters and column alignment - Minor spelling fixes, found by Debian - Add missing status command to SysV init script, found by Debian - Simplify `utimensat()` replacement, `AT_SYMLINK_NOFOLLOW` unused [v2.4.2][] - 2018-09-09 ----------------------- ### Changes - Add wrapper script `smcroute` for use with old style startup scripts - Add symlinks to man pages for `smcrouted.8 and` `smcroutectl.8` - Update SysV init script, daemon now called `smcrouted` ### Fixes - Fix #96: A `.conf` line may be missing final newline, this is fine - Spellcheck `smcroute.conf` example - Fix Lintian warning (Debian) for unbreakable line in man page [v2.4.1][] - 2018-06-16 ----------------------- ### Changes - Update and spellecheck documentation and example `.conf` file ### Fixes - Fix #91: Allow re-configuration of unprivileged `smcrouted`. Courtesy of Marcel Patzlaff [v2.4.0][] - 2018-02-11 ----------------------- ### Changes - Interface wildcard support, Linux `iptables` like syntax, `eth+` matches `eth0`, `eth1`, `eth32`. It can be used where an interface name is used: `phyint`, `mroute`, `mgroup`, and even on the command line to `smcroutectl`. Contributed by Martin Buck - Disable IPv4 [mrdisc][] by default, enable per `phyint` in the `.conf` file instead. When *not* started with `smcrouted -N` mrdisc would otherwise be enabled on *all* interfaces found at startup - Minor doc updates, e.g. clarify need for root or `CAP_NET_ADMIN` including some minor man page fixes ### Fixes - Fix #75: Not possible to remove (*,G) routes using `smcroutectl` - Fix #76: When removing a kernel route, also remove from internal lists otherwise route is shown in `smcroutectl show`. Conversely, adding a route to internal list shall only be done after successful kernel add - Fix #77: Counter overflow due to wrong type used in `smcroutectl show` - Fix #78: Document interface wildcard feature - Fix #80: `smcroutectl` argument parser fixes by Pawel Rozlach - Fix #84: Check return value of `sigaction()` - Fix #85: Signal handling is async-signal-unsafe - Fix #86: Document how to use `iptables` on Linux to modify TTL - Fix #87: Possible buffer overrun in `ipc_receive()` - Fix #89: Adding similar (S,G) route should replace existing one if inbound interface differs [v2.3.1][] - 2017-06-13 ----------------------- Bug fix release courtesy of the Westermo WeOS automated testing framework. Many thanks to Johan Askerin at Westermo for working on integrating SMCRoute v2.3 into WeOS v4.22! ### Changes - Add `utimensat()` replacement for systems that don't have it - Ignore error messages from `send()` on interface link down ### Fixes - Fix build error(s) on FreeBSD 9/9.3-RELEASE - Fix possible invalid interface name reference in new mrdisc support - Fix log macro bug in the .conf parser - Fix buggy interface and VIF re-initialization on `SIGHUP` [v2.3.0][] - 2017-05-28 ----------------------- ### Changes - Support GROUP/LEN matching for IPv4 (*,G) routes - Support for IPv4 [mrdisc][], [RFC4286][] - Support for multiple routing tables on Linux, `-t ID` - `ssmgroup` code folded into general code, now with optional source - Separation of daemon and client into `smcrouted` and `smcroutectl` - Complete new client user interface, `smcroutectl` - Support for disabling IPC and client, `--disable-client` - Support for disabling `.conf` file support, `--disable-config` - Show multicast routes and joined groups in client, including stats: `smcroutectl show [groups|routes]` - Support for `-d SEC` startup delay in `smcrouted` - Unknown (*,G) multicast now blocked by default - Flush timer, `-c SEC`, for (*,G) routes now enabled by default, 60 sec - Build ID removed from `configure` script - Massive code cleanup, refactor and separation into stand-alone modules - Default system paths are no longer taken from `/usr/include/paths.h`, instead the settings from `configure --prefix` are used - Use of `libcap` for privilige separation is now auto-detected ### Fixes - Allow use of loopback interface for multicast routes - Fix IPv4-only build, by Martin Buck - Fix IPv4 network interface address identification, by Martin Buck - Support unlimited number of network interfaces, by Martin Buck [v2.2.2][] - 2017-02-02 ----------------------- ### Changes - New client command, `-F`, for immediately flushing dynamically learned (*,G) routes from the cache. ### Fixes - Fix issue #51: New cache flush timeout option causes endless `select()` loop. Reported by Ramon Fried, @mellowcandle [v2.2.1][] - 2017-01-09 ----------------------- ### Changes - Add support for a new command line option, `-c SEC`, for timing out dynamically learned (*,G) routes. Issue #17 ### Fixes - Portability, replace use of non-std `__progname` with small function - Issue #49: systemd unit file missing `-d` to start daemon [v2.2.0][] - 2016-12-03 ----------------------- ### Changes - Support for dropping root privileges after opening the multicast routing socket and creating the PID file - Support for Source Specific Multicast group subscription (only IPv4) - Support for systemd, service file included and installed by default ### Fixes - Remove GNUisms to be able to build and run on Alpine Linux (musl libc) - Add OpenBSD `queue.h` for systems that do not have any *BSD `sys/queue.h` - Coding style cleanup and minor refactor [v2.1.1][] - 2016-08-19 ----------------------- ### Changes - When `SIGHUP` is received SMCRoute now touches its PID file as an acknowledgement. This is used by some process supervision daemons, like [Finit](https://github.com/troglobit/finit), on system configuration changes to detect when a daemon is done. The mtime is set using the `utimensat()` function to ensure nanosecond resolution. ### Fixes - Fix issue #38: Minor memory leak at exit. The Valgrind tool warns that all memory is not freed when smcroute exits. On most modern UNIX systems, on platforms with MMU, this is not a problem, but on older systems, or uClinux, memory is not freed at program exit. - Fix issue #39: Removing wildcard route at runtime does not work if no kernel routes have been set. - Fix issue #44: IPv6 disabled by default, despite what `configure` says in its help text. Enabling it disables it ... fixed by enabling IPv6 by default. [v2.1.0][] - 2016-02-17 ----------------------- ### Changes - Allow more interfaces to be used for multicast routing, in particular on Linux, where interfaces without an IP address can now be used! Making it possible to run SMCRoute on DHCP/PPP interaces, issue #13 - Add support for TTL scoping on interfaces, very useful for filtering multicast without a firewall: `phyint IFNAME ttl-threshold TTL` - On Linux a socket filter now filters out ALL traffic on the helper sockets where SMCRoute does IGMP/MLD join/leave on multicast groups. This should eliminate the extra overhad required to, not only route streams, but also send a copy of each packet to SMCRoute. - Add support for limiting the amount of multicast interfaces (VIFs) SMCRoute creates at startup. Two options are now available, by default all multicast capable interfaces are given a VIF and the user can selectively disable them one by one. However, if the `-N` command line option is given SMCRoute does *not* enable any VIFs by default, the user must then selectively enable interface one by one. The syntax in the config file is: phyint IFNAME Use `enable` per interface with `-N` option, or `disable` by default. - Make build ID optional. SMCRoute has always had the build date hard coded in the binary. This change makes this optional, and defaults to disabled, to facilitate reproducible builds. For more info, see https://wiki.debian.org/ReproducibleBuilds - Remove generated files from GIT. Files generated by GNU autotools are now only part of the distribution archive, not the GIT repository. Use `./autogen.sh` to create the required files when using GIT. - Updated man page and example `smcroute.conf` with limitations on the amount of mgroup rules. - Add support for executing an external script on config reload and when installing a multicast route. Issue #14 smcroute -e /path/to/cmd The script is called when SMCRoute has started up, or has received `SIGHUP` and just reloaded the configuration file, and when a new source-less rule have been installed. See the documentation for more information on set environment variables etc. Issue #14 - Add `--disable-ipv6` option to `configure` script. Disables IPv6 support in SMCRoute even though the kernel may support it - Replaced `-D` option with `-L LVL` to alter log level, issue #24 - The smcroute daemon now behaves more like a regular UNIX daemon. It defaults to using syslog when running in the background and stderr when running in the foreground. A new option `-s` can be used to enable syslog when running in the foreground, issue #25 - The smcroute client no longer use syslog, only stderr, issue #25 - When starting the smcroute daemon it is no longer possible to also send client commands on the same command line. - Remove the (unmaintained) in-tree `mcsender` tool. Both ping(8) and iperf(1) can be used in its stead. The omping(8) tool is another tool, engineered specifically for testing multicast. Issue #30 ### Fixes - Fix issue #10: `smcroute` client loops forever on command if no `smcroute` daemon is running - Install binaries to `/usr/sbin` rather than `/usr/bin`, regression introduced in [v2.0.0][]. Fixed by Micha Lenk - Cleanup fix for no-MMU systems. Multicast groups were not properly cleaned up in the `atexit()` handler -- *only* affects no-MMU systems. - Do not force automake v1.11, only require *at least* v.11 - SMCRoute operates fine without a config file, so use a less obtrusive warning message for missing `/etc/smcroute.conf` [v2.0.0][] - 2014-09-30 ----------------------- ### Changes - Migrate to full GNU Configure and Build system, add Makefile.am, GitHub issue #6 -- heads up, packagers! - Add standard SysV init script, from Debian. GitHub issue #9 ### Fixes - Multiple fixes of nasty bugs thanks to Coverity static code analysis! - Cleanup of Linux system anachronisms to make FreeBSD work again, GitHub issue #5 [v1.99.2][] - 2013-07-16 ------------------------ ### Fixes * Fix issue #2: Loop forever bug when deleting new (*,G) sourceless routes Bug report and patch by Jean-Baptiste Maillet [v1.99.1][] - 2013-07-11 ------------------------ ### Fixes - Fix possible memory leak on Linux - Fix missing #ifdefs when building on systems w/o IPv6 - Fix possible race in Makefile when building in (massive) parallel - Fix build problems on RedHat EL5/CentOS5, i.e., Linux <= 2.6.25 [v1.99.0][] - 2012-05-13 ------------------------- ### Changes - Feature: Experimental source-less `(*,G)` IPv4 multicast routing. Most UNIX kernels are (S,G) based, i.e., you need to supply the source address with the multicast group to setup a kernel routing rule. However, daemons like mrouted and pimd emulate `(*,G)` by listening for IGMPMSG_NOCACHE messages from the kernel. SMCRoute now also implements this, for IPv4 only atm, by placing all `(*,G)` routes in a list and adding matching (S,G) routes on-demand at runtime. All routes matching this (*,G) are removed when reloading the conf file on SIGHUP or when the user sends an IPC (-r) command to remove the (*,G) rule. ### Fixes - Bugfix: SMCRoute segfaults when starting on interface that is up but has no valid IPv4 address yet. Bug introduced in 1.98.3 - Improved error messages including some minor cleanup and readability improvements - Bugfix: Actually check if running as root at startup [v1.98.3][] - 2011-11-05 ------------------------ ### Changes - Check for existence of `asprintf()` to `pidfile()` and add `-D_GNU_SOURCE` to `CPPFLAGS` using `AC_GNU_SOURCE` in `configure.ac` - Cleanup IPv6 `#ifdefs` and replace `IN6_MULTICAST()` with standard `IN6_IS_ADDR_MULTICAST()`. This commit cleans up a lot of the IPv6 related `#ifdefs`, some minor function name refactoring and squash of some `_init` and `_enable` funcs into one for clarity and clearer error messages to the user ### Fixes - Fixes FTBFS when host lacks IPv6 support. [v1.98.1][] - 2011-11-05 ------------------------ ### Fixes - Bugfix: Client failed to send commands to daemon. - Bugfix: Several FTBFS fixed for GCC 4.6.x and -W -Wall [v1.98.0][] - 2011-11-04 ------------------------ SMCRoute2 Announced! ### Changes - Feature: Support for `smcroute.conf` configuration file for daemon. Add support for reading multicast routes and multicast groups from a configuration file. mgroup from IFNAME group MCGROUP mroute from IFNAME source ADDRESS group MCGROUP to IFNAME [IFNAME ...] Both IPv4 and IPv6 address formats are supported - Feature: Support for signals, reload conf file on `SIGHUP` - Feature: Add -n switch to support running smcroute in foreground. - Refactor: Insecure handling of pointers potentially outside array boundaries. - Refactor: Major cleanup, reindent to Linux C-style, for improved maintainability. ### Fixes - Bugfix: Invalid use of varargs in call to `snprintf()`, use `vsnprintf()` instead - Bugfix: Invalid `MRouterFD6` fd crashes smcroute, always check for valid fd - Bugfix: Several minor bugfixes; type mismatches and unused return values [v0.95][] - 2011-08-08 ---------------------- ### Changes - Feature request #313278: Added support for FreeBSD SMCRoute now builds and runs on FreeBSD kernels. This was successfully tested with the FreeBSD port of Debian using FreeBSD 8.1. Other BSD flavours or versions might work too. Any feedback is appreciated. https://alioth.debian.org/tracker/index.php?func=detail&aid=313278 - Feature request #313190: Debug logging is now disabled by default. If you want to enable debug logging again, start the daemon with parameter '-D'. https://alioth.debian.org/tracker/index.php?func=detail&aid=313190 [v0.94.1][] - 2010-01-13 ------------------------ ### Fixes - Bugfix: In case the kernel refuses write access to the file /proc/sys/net/ipv6/conf/all/mc_forwarding, don't let smcroute exit with an error, but proceed with normal operation without writing a "1" to this file. Apparently newer Linux kernels take care for the correct content of this file automatically whenever the IPv6 multicast routing API is initialized by a process. [v0.94][] - 2009-11-01 ---------------------- ### Changes - Added support for IPv6 multicast routing in smcroute. SMCRoute now supports addition and removal of IPv6 multicast routes. It will automatically detect which type of route to add or delete based on the type (IPv4/IPv6) of addresses provided for the add and remove commands. - Added support for joins and leaves ('j'/'l') to IPv6 multicast groups. - Added support for sending to IPv6 multicast addresses to mcsender tool. - Added command line option to mcsender tool to allow user to specify the outgoing interface for datagrams sent. - Added autoconf support for smcroute build. v0.93 - UNRELEASED ------------------ ### Fixes - Fixed the "smcroute looses output interfaces" bug. Carsten Schill, 0.93 unreleased v0.92 - July 2002 ----------------- ### Changes - Increased the number of supported interfaces The 16 interface limit of version 0.90 (interfaces as listed with ifconfig) was to small, especially when alias interfaces where defined. - up to 40 interfaces are no recognized by smcroute - this does not change the number of 'virtual interfaces' supported by the kernel (32) - not all interfaces recognized by smcroute (40) results in a 'virtual interface' of the kernel (32) ### Fixes - Fixed the 'mroute: pending queue full, dropping entries' error Smcroute 0.90 didn't care about the IGMP messages delivered to the UDP socket that establish the MC-Router API. After some time the queue for the sockets filled up and the 'pending queue full' message was send from the kernel. To my knowledge this didn't affect smcroute or the operating system. - version 0.92 reads the ICMP messages now from the UDP socket and logs them to syslog with daemon/debug - smcroute does no further processing of this messages v0.9 - September 2001 --------------------- ### Changes * Added MC group join (-j) and leave (-l) functionality - the options enable/disable the sending of IGMP join messages for a multicast group on a specific interface * Removed the ' [] ...' for the '-r' option - they are not used by the kernel to identify the route to remove - smcroute will not complain about extra arguments for the '-r' option to stay compatible with releases <= 0.80 * Improved error handling for some typical error situations * Added a test script (tst-smcroute.pl) * Added a man page ### Fixes * Fixed some minor bugs v0.8 - August 2001 ------------------ Initial public release by Carsten Schill. [mrdisc]: https://github.com/troglobit/mrdisc [RFC4286]: https://tools.ietf.org/html/rfc4286 [UNRELEASED]: https://github.com/troglobit/smcroute/compare/2.5.7...HEAD [v2.5.7]: https://github.com/troglobit/smcroute/compare/2.5.6...2.5.7 [v2.5.6]: https://github.com/troglobit/smcroute/compare/2.5.5...2.5.6 [v2.5.5]: https://github.com/troglobit/smcroute/compare/2.5.4...2.5.5 [v2.5.4]: https://github.com/troglobit/smcroute/compare/2.5.3...2.5.4 [v2.5.3]: https://github.com/troglobit/smcroute/compare/2.5.2...2.5.3 [v2.5.2]: https://github.com/troglobit/smcroute/compare/2.5.1...2.5.2 [v2.5.1]: https://github.com/troglobit/smcroute/compare/2.5.0...2.5.1 [v2.5.0]: https://github.com/troglobit/smcroute/compare/2.4.4...2.5.0 [v2.4.4]: https://github.com/troglobit/smcroute/compare/2.4.3...2.4.4 [v2.4.3]: https://github.com/troglobit/smcroute/compare/2.4.2...2.4.3 [v2.4.2]: https://github.com/troglobit/smcroute/compare/2.4.1...2.4.2 [v2.4.1]: https://github.com/troglobit/smcroute/compare/2.4.1...2.4.1 [v2.4.0]: https://github.com/troglobit/smcroute/compare/2.3.1...2.4.0 [v2.3.1]: https://github.com/troglobit/smcroute/compare/2.3.0...2.3.1 [v2.3.0]: https://github.com/troglobit/smcroute/compare/2.2.2...2.3.0 [v2.2.2]: https://github.com/troglobit/smcroute/compare/2.2.1...2.2.2 [v2.2.1]: https://github.com/troglobit/smcroute/compare/2.2.0...2.2.1 [v2.2.0]: https://github.com/troglobit/smcroute/compare/2.1.1...2.2.0 [v2.1.1]: https://github.com/troglobit/smcroute/compare/2.1.0...2.1.1 [v2.1.0]: https://github.com/troglobit/smcroute/compare/2.0.0...2.1.0 [v2.0.0]: https://github.com/troglobit/smcroute/compare/1.99.2...2.0.0 [v1.99.2]: https://github.com/troglobit/smcroute/compare/1.99.1...1.99.2 [v1.99.1]: https://github.com/troglobit/smcroute/compare/1.99.0...1.99.1 [v1.99.0]: https://github.com/troglobit/smcroute/compare/1.98.3...1.99.0 [v1.98.3]: https://github.com/troglobit/smcroute/compare/1.98.2...1.98.3 [v1.98.2]: https://github.com/troglobit/smcroute/compare/1.98.1...1.98.2 [v1.98.1]: https://github.com/troglobit/smcroute/compare/1.98.0...1.98.1 [v1.98.0]: https://github.com/troglobit/smcroute/compare/0.95...1.98.0 [v0.95]: https://github.com/troglobit/smcroute/compare/0.94.1...0.95 [v0.94.1]: https://github.com/troglobit/smcroute/compare/0.94...0.94.1 [v0.94]: https://github.com/troglobit/smcroute/compare/0.94.1...0.95 ================================================ FILE: Makefile.am ================================================ ## SMCRoute - A static multicast routing tool -*-Makefile-*- ACLOCAL_AMFLAGS = -I m4 SUBDIRS = man src DISTCLEANFILES = *~ DEADJOE semantic.cache *.gdb *.elf core core.* *.d dist_sbin_SCRIPTS = smcroute doc_DATA = README.md COPYING smcroute.conf EXTRA_DIST = README.md ChangeLog.md autogen.sh smcroute.conf smcroute.default smcroute.init if ENABLE_TEST SUBDIRS += test endif if HAVE_SYSTEMD systemd_DATA = smcroute.service endif ## Check if tagged in git release-hook: @if [ ! `git tag -l $(PACKAGE_VERSION) | grep $(PACKAGE_VERSION)` ]; then \ echo; \ printf "\e[1m\e[41mCannot find release tag $(PACKAGE_VERSION)\e[0m\n"; \ printf "\e[1m\e[5mDo release anyway?\e[0m "; read yorn; \ if [ "$$yorn" != "y" -a "$$yorn" != "Y" ]; then \ printf "OK, aborting release.\n"; \ exit 1; \ fi; \ echo; \ else \ echo; \ printf "\e[1m\e[42mFound GIT release tag $(PACKAGE_VERSION)\e[0m\n"; \ printf "\e[1m\e[44m>>Remember to push tags!\e[0m\n"; \ echo; \ fi ## Target to run when building a release release: release-hook distcheck @for file in $(DIST_ARCHIVES); do \ md5sum $$file > ../$$file.md5; \ sha256sum $$file > ../$$file.sha256; \ done @mv $(DIST_ARCHIVES) ../ @echo @echo "Resulting release files =======================================================================" @for file in $(DIST_ARCHIVES); do \ printf "%-30s Distribution tarball\n" $$file; \ printf "%-30s " $$file.md5; cat ../$$file.md5 | cut -f1 -d' '; \ printf "%-30s " $$file.sha256; cat ../$$file.sha256 | cut -f1 -d' '; \ done # Workaround for systemd unit file duing distcheck DISTCHECK_CONFIGURE_FLAGS = --with-systemd=$$dc_install_base/$(systemd) --enable-mrdisc --enable-test ================================================ FILE: README.md ================================================ SMCRoute - A static multicast routing daemon ============================================ [![License Badge][]][License] [![GitHub Status][]][GitHub] [![Coverity Status][]][Coverity Scan] Table of Contents ----------------- * [About](#about) * [Features](#features) * [Usage](#usage) * [Caveat](#caveat) * [Actions Scripts](#action-scripts) * [Many Interfaces](#many-interfaces) * [Multiple Routing Tables](#multiple-routing-tables) * [Client Tool](#client-tool) * [Wildcard Routes](#wildcard-routes) * [Multicast Router Discovery](#multicast-router-discovery) * [Build & Install](#build--install) * [Linux Requirements](#linux-requirements) * [*BSD Requirements](#bsd-requirements) * [General Requirements](#general-requirements) * [Configure & Build](#configure--build) * [Integration with systemd](#integration-with-systemd) * [Static Build](#static-build) * [Building from GIT](#building-from-git) * [Origin & References](#origin--references) About ----- SMCRoute is a static multicast routing daemon providing fine grained control over the multicast forwarding cache (MFC) in the UNIX kernel. Both IPv4 and IPv6 are fully supported. SMCRoute can be used as an alternative to dynamic multicast routers like [mrouted][], [pimd][], or [pim6sd][] in setups where static multicast routes should be maintained and/or no proper IGMP or MLD signaling exists. Multicast routes exist in the UNIX kernel as long as a multicast routing daemon runs. On Linux, multiple multicast routers can run simultaneously using different multicast routing tables. The full documentation of SMCRoute is available in the manual pages, see [smcrouted(8)][], [smcroutectl(8)][], and [smcroute.conf(5)][]. Features -------- All features, except [mrdisc][], are supported for both IPv4 and IPv6. Please note, some features may not be available on systems other than Linux. E.g., FreeBSD does not have SSM group join support. - Configuration file support, `/etc/smcroute.conf` - Configuration snippet include support, `/etc/smcroute.d/*.conf` - Daemon startup options support, `/etc/default/smcroute` - Support for seamless reloading of the configuration on `SIGHUP` - Source-less on-demand routing, a.k.a. wildcard `(*,G)` based static routing, including support for `(*,G/LEN)` and `(S/LEN,G/LEN)` - Optional built-in [mrdisc][] support for IPv4, [RFC4286][] - Support for multiple routing tables on Linux - Client to add/remove routes, join/leave groups, and built-in support to show both routes and joined groups - Interface wildcard matching, `eth+` matches `eth0, eth15` > **Note:** `smcroutectl` can be used to freely modify the runtime state > of `smcrouted`, but any changes made (routes/groups) are > lost when the configuration is reloaded. This is by design. Usage ----- smcrouted [-nNhsv] [-c SEC] [-d SEC] [-e CMD] [-f FILE] [-i NAME] [-l LVL] [-p USER:GROUP] [-P FILE] [-t ID] [-u FILE] smcroutectl [-dptv] [-i NAME] [-u FILE] [COMMAND] smcroutectl ⟨kill | reload⟩ smcroutectl ⟨add | rem⟩ ⟨ROUTE⟩ smcroutectl ⟨join | leave⟩ ⟨GROUP⟩ smcroutectl show [ routes | groups] To set multicast routes and join groups you must first start the daemon, which needs *root privileges*, or `CAP_NET_ADMIN`. Use `smcrouted -n` to run the daemon in the foreground, as required by modern init daemons like systemd and [Finit][]. When started from systemd, `smcrouted` runs with the `-n -s` options, i.e. supervised in the foreground and uses syslog for logging output. The default log level is `INFO`, this can be adjusted using the file `/etc/default/smcroute`: SMCROUTED_OPTS=-l debug When configured with `--sysconfdir=/etc`, like most Linux distributions do, `smcrouted` reads `/etc/smcroute.conf`, which can look something like this: mgroup from eth0 group 225.1.2.3 mgroup from eth0 group 225.1.2.3 source 192.168.1.42 mroute from eth0 group 225.1.2.3 source 192.168.1.42 to eth1 eth2 The first line means "Join multicast group 225.1.2.3 on interface eth0". Useful if `eth0` is not directly connected to the source, but to a LAN with switches with IGMP snooping. Joining the group opens up multicast for that group towards `eth0`. See below Caveat for limitations. The second `mgroup` is for source specific group join, i.e. the host specifies that it wants packets from 192.168.1.42 and no other source. The third `mroute` line is the actual layer-3 routing entry. Here we say that multicast data originating from 192.168.1.42 on `eth0` to the multicast group 225.1.2.3 should be forwarded to interfaces `eth1` and `eth2`. **Note:** To test the above you can use ping from another device. The multicast should be visible as long as your IP# matches the source above and you ping 225.1.2.3 -- **REMEMBER TO SET THE TTL >1** ping -I eth0 -t 2 225.1.2.3 The TTL is what usually bites people first trying out multicast routing. Most TCP/IP stacks default to a TTL of 1 for multicast frames, e.g. ping above requires `-t 2`, or greater. This limitation is intentional and reduces the risk of someone accidentally flooding multicast. Remember, multicast *behaves like broadcast* unless limited. The TTL should preferably be set on the sender side, e.g. the camera, but can also be modified in the firewall on a router. Be careful though because the TTL is the only thing that helps prevent routing loops! On Linux the following `iptables` command can be used to change the TTL: iptables -t mangle -A PREROUTING -i eth0 -d 225.1.2.3 -j TTL --ttl-inc 1 Some commands, like this one, must usually be run with root privileges or the correct set of capabilities. ### Caveat On some platforms there is a limit of 20 groups per socket. This stems from a limit in BSD UNIX, which also affects Linux. The setting that controls this is `IP_MAX_MEMBERSHIPTS`, defined in the system header file `netinet/in.h`. Linux users can tweak this with the following `/proc` setting: echo 40 > /proc/sys/net/ipv4/igmp_max_memberships `smcrouted` probes this at runtime by attempting to join as many groups as possible (as have been requested), when the kernel accepts no further joins on a socket, `smcrouted` opens a new one. For large setups it is recommended to investigate enabling multicast router ports in the switches, either statically or by enabling support for multicast router discovery, RFC 4286, or possibly use a dynamic multicast routing protocol. ### Action Scripts smcrouted -e /path/to/script With `-e CMD` a user script or command can be called when `smcrouted` receives a `SIGHUP` or installs a multicast route to the kernel. This is useful if you, for instance, also run a NAT firewall and need to flush connection tracking after installing a multicast route. ### Many Interfaces smcrouted -N With the `-N` command line option SMCRoute does *not* prepare all system interfaces for multicast routing. Very useful if your system has a lot of interfaces but only a select few are required for multicast routing. Use the following in `/etc/smcroute.conf` to enable interfaces: phyint eth0 enable phyint eth1 enable phyint eth2 enable It is possible to use any interface that supports the `MULTICAST` flag. Note, however, that depending on the UNIX kernel in use, you may have to have an interface address set, in the relevant address family, and the interface may likely also have to be `UP`. ### Multiple Routing Tables On Linux it is possible to run multiple multicast routing daemons due to its support for multiple multicast routing tables. In such setups it may be useful to change the default identity of SMCRoute: smcrouted -i mrt1 -t 1 smcrouted -i mrt2 -t 2 The `-i NAME` option alters the default syslog name, config file, PID file, and client socket file name used. In the first instance above, `smcrouted` will use: - `/etc/mrt1.conf` - `/var/run/mrt1.pid` - `/var/run/mrt1.sock` and syslog messages will use the `mrt1` identity as well. Remember to use the same `-i NAME` also to `smcroutectl`. ### Client Tool SMCRoute also has a client interface to interact with the daemon: smcroutectl join eth0 225.1.2.3 smcroutectl add eth0 192.168.1.42 225.1.2.3 eth1 eth2 If the daemon runs with a different identity the client needs to be called using the same identity: smcrouted -i mrt smcroutectl -i mrt show There are more commands. See the man page or the online help for details: smcroutectl help > **Note:** Root privileges are required by default for `smcroutectl` due > to the IPC socket permissions. Wildcard Routes --------------- Multicast often originates from different sources but usually not at the same time. For a more generic setup, and to reduce the number of rules required, it is possible to set `(*,G)` multicast routes for both IPv4 and IPv6. Variants include `(*,G/LEN)` and `(S/LEN,G/LEN`. These wildcard routes are used as "templates" to match against and install proper `(S,G)` routes when the kernel informs `smcrouted` of inbound multicast from new sources. Example `smcroute.conf`: phyint eth0 enable mrdisc phyint eth1 enable phyint eth2 enable mgroup from eth0 group 225.1.2.3 mroute from eth0 group 225.1.2.3 to eth1 eth2 or, from the command line: # smcroutectl join eth0 225.1.2.3 # smcroutectl add eth0 225.1.2.3 eth1 eth2 Also, see the `smcrouted -c SEC` option for periodic flushing of learned `(*,G)` rules, including the automatic blocking of unknown multicast, and the `smcroutectl flush` command. Multicast Router Discovery -------------------------- Another interesting feature is multicast router discovery, [mrdisc][], described in [RFC4286][]. This feature is disabled by default, enable with `configure --enable-mrdisc`. When enabled it periodically sends out an IGMP message on inbound interfaces¹ to alert switches to open up multicast in that direction. Not many managed switches have support for this yet. > **Note:** [mrdisc][] only works on Linux due to `SO_BINDTODEVICE`. ____ ¹ Notice the `mrdisc` flag to the above `phyint eth0` directive, which is missing for `eth1` and `eth2`. Build & Install --------------- SMCRoute should in theory work on any UNIX like operating system which supports the BSD MROUTING API. Both Linux and FreeBSD are tested on a regular basis. ### Linux Requirements On Linux the following kernel config is required: CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_IP_MROUTE_MULTIPLE_TABLES=y # For multiple routing tables CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y # For multiple routing tables ### *BSD Requirements On *BSD the following kernel config is required: options MROUTING # Multicast routing options PIM # pimd extensions used for (*,G) support FreeBSD support module loading, `kldload(8)`, edit `/boot/loader.conf`: ip_mroute_load="yes" ip_mroute6_load="yes" ### General Requirements Check the list of multicast capable interfaces: cat /proc/net/dev_mcast or look for interfaces with the `MULTICAST` flag in the output from: ifconfig Some interfaces have the `MULTICAST` flag disabled by default, like `lo` and `greN`. Usually this flag can be enabled administratively. ### Configure & Build The GNU Configure & Build system use `/usr/local` as the default install prefix. In many cases this is useful, but this means the configuration files, cache, and PID files will also use that prefix. Most users have come to expect those files in `/etc/` and `/var/` and configure has a few useful options that are recommended to use. For SMCRoute you may want to use something like this: ./configure --prefix=/usr --sysconfdir=/etc --runstatedir=/var/run make -j5 sudo make install-strip Usually your system reserves `/usr` for native pacakges, so most users drop `--prefix`, installing to `/usr/local`, or use `--prefix=/opt`. **Note:** On some systems `--runstatedir` may not be available in the configure script, try `--localstatedir=/var` instead. ### Privilege Separation As of SMCRoute v2.2 support for privilege separation using the `libcap` library was added. It is used to drop full root privileges at startup, retaining only `CAP_NET_ADMIN` for managing the multicast routes. The build system searches for the `libcap` library and header file(s). Both `libcap-dev` and `pkg-config` are required. **Note:** Although support is automatically detected, the build system will issue a warning if `libcap` is missing. This can be silenced with `configure --without-libcap` ### Integration with systemd For systemd integration `libsystemd-dev` and `pkg-config` are required. When the unit file is installed, `systemctl` can be used to enable and start `smcrouted`: $ sudo systemctl enable smcroute.service $ sudo systemctl start smcroute.service Check that it started properly by inspecting the system log, or: $ sudo systemctl status smcroute.service ### Static Build Some people want to build statically, to do this with `autoconf` add the following `LDFLAGS=` *after* the configure script. You may also need to add `LIBS=...`, which will depend on your particular system: ./configure LDFLAGS="-static" ... ### Building from GIT The `configure` script and the `Makefile.in` files are generated and not stored in GIT. So if you checkout the sources from GitHub you first need to generated these files using `./autogen.sh`. Origin & References ------------------- SMCRoute is maintained collaboratively at [GitHub][Home]. Bug reports, feature requests, patches/pull requests, and documentation fixes are most welcome. The project was previously hosted and maintained by Debian at [Alioth][] and before that by [Carsten Schill][], the original author. [smcrouted(8)]: https://man.troglobit.com/man8/smcrouted.8.html [smcroutectl(8)]: https://man.troglobit.com/man8/smcroutectl.8.html [smcroute.conf(5)]:https://man.troglobit.com/man5/smcroute.conf.5.html [Finit]: https://github.com/troglobit/finit [mrouted]: https://github.com/troglobit/mrouted [pimd]: https://github.com/troglobit/pimd [pim6sd]: https://github.com/troglobit/pim6sd [mrdisc]: https://github.com/troglobit/mrdisc [RFC4286]: https://tools.ietf.org/html/rfc4286 [Home]: https://github.com/troglobit/smcroute [Alioth]: https://alioth.debian.org/projects/smcroute [Carsten Schill]: http://www.cschill.de/smcroute/ [License]: https://en.wikipedia.org/wiki/GPL_license [License Badge]: https://img.shields.io/badge/License-GPL%20v2-blue.svg [GitHub]: https://github.com/troglobit/smcroute/actions/workflows/build.yml/ [GitHub Status]: https://github.com/troglobit/smcroute/actions/workflows/build.yml/badge.svg [Coverity Scan]: https://scan.coverity.com/projects/3061 [Coverity Status]: https://scan.coverity.com/projects/3061/badge.svg ================================================ FILE: autogen.sh ================================================ #!/bin/sh autoreconf -W portability -visfm ================================================ FILE: configure.ac ================================================ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. AC_PREREQ(2.61) AC_INIT([SMCRoute], [2.5.7], [https://github.com/troglobit/smcroute/issues], [smcroute], [https://troglobit.com/smcroute.html]) AC_CONFIG_AUX_DIR(aux) AM_INIT_AUTOMAKE([1.11 foreign]) AM_SILENT_RULES([yes]) AC_CONFIG_SRCDIR([src/smcrouted.c]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_FILES([Makefile man/Makefile src/Makefile test/Makefile smcroute.service]) # Older versions of autoconf (<2.58) do not have AC_CONFIG_MACRO_DIR() m4_include([m4/misc.m4]) m4_include([m4/mroute.m4]) AC_CONFIG_MACRO_DIR([m4]) # Checks for programs. AC_PROG_CC AC_PROG_LN_S AC_PROG_INSTALL # The pidfile() code needs asprintf(), which relies on -D_GNU_SOURCE AC_USE_SYSTEM_EXTENSIONS # Checks for typedefs, structures, and compiler characteristics. AC_C_CONST AC_C_INLINE AC_TYPE_MODE_T AC_TYPE_SIZE_T AC_TYPE_SSIZE_T AC_TYPE_UID_T AC_TYPE_UINT8_T AC_TYPE_UINT16_T AC_TYPE_UINT32_T # Checks for library functions. AC_FUNC_FORK AC_FUNC_CHOWN AC_FUNC_MALLOC AC_CHECK_FUNCS([atexit clock_gettime dup2 memset select setenv socket strchr \ strdup strerror strncasecmp strrchr asprintf]) # Check for usually missing API's AC_REPLACE_FUNCS([strlcpy strlcat tempfile utimensat]) AC_CONFIG_LIBOBJ_DIR([lib]) # Check for sun_len in struct sockaddr_un and sin_len in sockaddr_in # These are used on *BSD UNIX and don't exist on Linux AC_CHECK_SUN_LEN() AC_CHECK_SIN_LEN() # Check user options AC_ARG_ENABLE([mrdisc], AS_HELP_STRING([--enable-mrdisc], [enable IPv4 multicast router discovery])) AC_ARG_ENABLE(test, [AS_HELP_STRING([--enable-test], [enable tests, requries unshare, tshark, etc.])], [ac_enable_test="$enableval"], [ac_enable_test="no"]) AC_ARG_ENABLE([ipv6], AS_HELP_STRING([--disable-ipv6], [disable IPv6 support])) AC_ARG_WITH([libcap], AS_HELP_STRING([--without-libcap], [disable libcap, -p USER:GROUP drop-privs support]),, [with_libcap=auto]) AC_ARG_WITH([systemd], [AS_HELP_STRING([--with-systemd=DIR], [Directory for systemd service files])],, [with_systemd=auto]) # Checks for header files. AC_CHECK_HEADERS([arpa/inet.h fcntl.h glob.h ifaddrs.h limits.h linux/sockios.h \ net/if.h netinet/in.h netinet/in_var.h net/route.h paths.h stddef.h \ sys/capability.h sys/ioctl.h sys/param.h sys/prctl.h sys/socket.h \ sys/stat.h sys/time.h sys/types.h syslog.h termios.h unistd.h], [], [],[ #ifdef HAVE_SYS_SOCKET_H # include #endif #ifdef HAVE_NET_IF_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif ]) # Build w/ mrdisc support? AS_IF([test "x$enable_mrdisc" = "xyes"], AC_DEFINE([ENABLE_MRDISC], 1, [Enable IPv4 multicast router discovery protocol]), enable_mrdisc=no) AM_CONDITIONAL([USE_MRDISC], [test "x$enable_mrdisc" = "xyes"]) # Required to check for libsystemd-dev PKG_PROG_PKG_CONFIG # Check where to install the systemd .service file AS_IF([test "x$PKG_CONFIG" = "x"], [ with_systemd=no AC_MSG_WARN([Cannot find pkg-config tool, disabling systemd check.])]) with_libsystemd=no AS_IF([test "x$with_systemd" = "xyes" -o "x$with_systemd" = "xauto"], [ def_systemd=$($PKG_CONFIG --variable=systemdsystemunitdir systemd) AS_IF([test "x$def_systemd" = "x"], [ AS_IF([test "x$with_systemd" = "xyes"],[ AC_MSG_ERROR([systemd support requested but pkg-config unable to query systemd package])]) with_systemd=no], [with_systemd="$def_systemd"])]) AS_IF([test "x$with_systemd" != "xno"], [ PKG_CHECK_MODULES([libsystemd], [libsystemd], [with_libsystemd=yes], [true]) AC_SUBST([systemddir], [$with_systemd])]) AM_CONDITIONAL([HAVE_SYSTEMD], [test "x$with_systemd" != "xno"]) AS_IF([test "x$with_libsystemd" != "xno"], [ AC_DEFINE([HAVE_LIBSYSTEMD], [1], [Define to 1 if you have libsystemd-dev]) AC_SUBST([DAEMON_TYPE], "notify")], [ AC_SUBST([DAEMON_TYPE], "simple")]) AM_CONDITIONAL([HAVE_LIBSYSTEMD], [test "x$with_libsystemd" != "xno"]) # Check if we need -lpthread (building statically) and -lrt (older GLIBC) # Unset cached values when retrying with -lpthread and reset LIBS for each API need_librt=no need_pthread=no old_LIBS=$LIBS AC_SEARCH_LIBS([clock_gettime], [rt], need_librt=yes) LIBS=$old_LIBS AC_SEARCH_LIBS([timer_create], [rt], need_librt=yes, [ unset ac_cv_search_timer_create AC_SEARCH_LIBS([timer_create], [rt], need_pthread=yes,,[-lpthread])]) LIBS=$old_LIBS AC_SEARCH_LIBS([timer_settime], [rt], need_librt=yes, [ unset ac_cv_search_timer_settime AC_SEARCH_LIBS([timer_settime], [rt], need_pthread=yes,,[-lpthread])]) # Check for libcap to not trigger false positives on FreeBSD et al LIBS=$old_LIBS AC_SEARCH_LIBS([cap_set_flag], [cap],, ac_cv_header_sys_capability_h=no) LIBS=$old_LIBS # Check for RFC 3678-style struct group_req (Linux, FreeBSD, Solaris, macOS, AIX) AC_CHECK_MEMBER([struct group_req.gr_interface], AC_DEFINE([HAVE_STRUCT_GROUP_REQ], [1], [Define to 1 if you have RFC 3678 struct group_req]), [], [[#include ]]) # Check for Linux-style extension struct ip_mreqn (Linux, FreeBSD) AC_CHECK_MEMBER([struct ip_mreqn.imr_ifindex], AC_DEFINE([HAVE_STRUCT_IP_MREQN], [1], [Define to 1 if you have a Linux-style struct ip_mreqn]), [], [[#include ]]) # Check for IPv4 support AC_CHECK_MROUTE() # If IPv6 is enabled we must probe the system some more AS_IF([test "x$enable_ipv6" != "xno"], AC_CHECK_MROUTE6()) # Only enable support for dropping root privileges if auto/yes && header exists AS_IF([test "x$with_libcap" != "xno" -a "x$ac_cv_header_sys_capability_h" = "xyes"], [ with_libcap=yes AC_DEFINE([ENABLE_LIBCAP], [], [Define to enable support for libcap.])]) AM_CONDITIONAL(USE_LIBCAP, [test "x$with_libcap" != "xno" -a "x$ac_cv_header_sys_capability_h" = "xyes"]) AM_CONDITIONAL([ENABLE_TEST], [test "x$ac_enable_test" != "xno"]) # Mac OS does not (yet) support SOCK_CLOEXEC AC_CACHE_CHECK([for SOCK_CLOEXEC support], [ac_cv_sock_cloexec], [AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include int main() { return socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0) == -1; }]])],[ac_cv_sock_cloexec=yes],[ac_cv_sock_cloexec=no],[ac_cv_sock_cloexec=no])]) AS_IF([test "$ac_cv_sock_cloexec" = "yes" ], AC_DEFINE([HAVE_SOCK_CLOEXEC], 1, [Define if the SOCK_CLOEXEC flag is supported])) AS_IF([test "$need_librt" != "no"], LIB_RT=-lrt) AC_SUBST([LIB_RT]) AS_IF([test "$need_pthread" != "no"], LIB_PTHREAD=-lpthread) AC_SUBST([LIB_PTHREAD]) # Expand $sbindir early, into $SBINDIR, for systemd unit file # NOTE: This does *not* take prefix/exec_prefix override at "make # install" into account, unfortunately. test "x$prefix" = xNONE && prefix=$ac_default_prefix test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' SYSCONFDIR=`eval echo $sysconfdir` SYSCONFDIR=`eval echo $SYSCONFDIR` AC_SUBST(SYSCONFDIR) SBINDIR=`eval echo $sbindir` SBINDIR=`eval echo $SBINDIR` AC_SUBST(SBINDIR) DOCDIR=`eval echo $docdir` DOCDIR=`eval echo $DOCDIR` AC_SUBST(DOCDIR) AS_IF([test "x$ac_cv_header_sys_capability_h" = "xno"], [ AS_IF([test "x$with_libcap" = "xyes"], [ dnl configure: error: ... AC_MSG_ERROR( [Cannot find libcap or its headers, install libcap-dev first.] [CentOS/RHEL 6: libcap is broken, recommended to disable it.] [Use --without-libcap to disable this feature.]) ]) AS_IF([test "x$with_libcap" = "xauto"], [ dnl configure: WARNING: ... AC_MSG_WARN( [As a safety measure, SMCRoute use libcap to drop root privs] [after startup. Install libcap and headers from libcap-dev,] [or similar, to enable this feature.]) AC_MSG_NOTICE([Use --without-libcap to disable this message.]) ]) with_libcap=no]) # Workaround for as-of-yet unreleased runstatedir support, planned for # autoconf 2.70, which some major distros have backported. AS_IF([test -z "$runstatedir"], runstatedir="$localstatedir/run") AC_SUBST(runstatedir) AC_OUTPUT # Expand directories for configuration summary, unexpanded defaults: # sysconfdir => ${prefix}/etc # runstatedir => ${localstatedir}/run SYSCONFDIR=`eval echo $sysconfdir` RUNSTATEDIR=`eval echo $runstatedir` RUNSTATEDIR=`eval echo $RUNSTATEDIR` cat <, original author Releases: --> 0.92 URL: http://www.cschill.de/smcroute/ Year: 2006-2011 Releases: Version 0.93 --> 0.95 Authors: Julien BLACHE , Todd Hayton , and Micha Lenk URL: http://alioth.debian.org/projects/smcroute Year: 2011- Releases: 1.93.0 --> Authors: Joachim Wiberg , Todd Hayton , Micha Lenk , and Julien BLACHE URL: https://github.com/troglobit/smcroute ================================================ FILE: doc/TODO.md ================================================ Refactor MRDISC Support ----------------------- The current MRDISC implementation is fragile (see issue #175 for an example), and it also does not work on non-Linux systems. So the implementation really needs to be refactored, not just for this but also for adding IPv6 support (below). Add Support for IPv6 MRDISC --------------------------- [RFC4286][1] details both IPv4 and IPv6, which should not be problem to support in SMCRoute. Anyone with Wireshark and a bit of patience could add it. Your patch is welcome! :) [1]: https://datatracker.ietf.org/doc/html/rfc4286 Tests must have uniquely named netns (if any) --------------------------------------------- I've had to rename the R1/R2 netns used in test/gre.sh, because it turns out these names are shared when we run in the unshare and gre.sh's names clashed with multi.sh's. I.e., they were stomping hard on each other's toes and often the gre.sh test completed before multi.sh, thus causing the latter to lose both R1 and R2 and the test failed (of course). We may be able to work around this by running each test in its own root netns. Something that could be set up by lib.sh. I have not verified this yet, hence this TODO. Add support for WRONGVIF, somehow --------------------------------- When an (S,G) for an already installed kernel MFC route suddenly appears on another inbound interface, the kernel sends a WRONGVIF upcall message to smcrouted. Currently we don't act on it, mostly because there is no clear idea how to deal with such cases from a small routing daemon that knows nothing of the rest of the layer-3 topology (which may have been reconfigured due to link loss by, e.g. OSPF). It can be a valid change of inbound interface, or looped back traffic that we don't want. For now, users are recommended to install multiast snooping switches on their outbound interfaces, and/or leverage to `phyint foo ttl-threshold` setting to prevent already routed multicast from being looped back. One idea is to delegate the behavior to our external script facility. Investigate why MIF thresholds don't seem to work on Linux 5.11.0 ------------------------------------------------------------------ Here smcrouted has managed to set the TTL thresholds of three OIFs to values != 1, but the kernel still lists all of them as `:1`. See test `reload6.sh` Group Origin Iif Pkts Bytes Wrong Oifs ff2e:0000:0000:0000:0000:0000:0000:0042 fc00:0000:0000:0000:0000:0000:0000:0001 0 0 0 0 2:1 4:1 5:1 Possibly Exit with Error if Multicast Socket is Busy ---------------------------------------------------- Currently we only log this state and then continue. Not sure what is the best approach, but everything read from a .conf will fail so not much point really continuing? smcroute[2359]: IPv4 multicast routing API already in use: Address in use Proposal: exit with error if either mrouting socket is busy. We need to consider this a configuration error. Support for (re-)enumerating VIFs at runtime -------------------------------------------- Currently the `-t SEC` startup delay option has to be used if not all interfaces are available when `smcrouted` starts. Commonly a problem at boot, but also if adding a pluggable interface (PCMCIA/USB) at runtime. Hence, it would be a great addition to SMCRoute if new interface VIF/MIF mappings could be at least added at runtime. Support for filtering based on source ADDRESS/LEN ------------------------------------------------- When setting up a (*,G/LEN) route it may be necessary to filter out some senders of multicast. The following is a suggestion for how that might look, notice the omitted `source` argument: mroute from eth0 except 192.168.1.0/24 group 225.1.2.0/24 to eth1 eth2 Filtering multiple sources: mroute from eth0 except 192.168.1.0/24,192.168.2.3 group 225.1.2.0/24 to eth1 eth2 This is sometimes also referred to as Administrative Scoping (RFC2365). Basic support for IGMP/MLD proxying ----------------------------------- In some setups a semi-dynamic behavior is required, but the only signaling available is IGMP/MLD. There exist tools like [igmpproxy][] and [mcproxy][] for this purpose, which do a great job, but why should you need to go elsewhere for your basic multicast routing needs? The idea itself is simple, listen for IGMP/MLD join/leave messages on enabled interfaces and add/remove routes dynamically from an `upstream` marked interface. Possibly an `igmp` flag may be needed as well, for downstream interfaces we should proxy for. Resulting `smcroute.conf` may then look like this: phyint eth0 upstream phyint eth1 igmp **Note:** the IGMP/MLD signaling may also need to be "proxied" to the `upstream` interface, although this could be an optional second step enabled by also setting the `igmp` flag on that `upstream` interface. For more information, see the above mentioned tools and [RFC4605][], which details exactly this use-case. [igmpproxy]: https://github.com/pali/igmpproxy [mcproxy]: https://github.com/mcproxy/mcproxy [RFC4605]: https://www.ietf.org/rfc/rfc4605.txt ================================================ FILE: lib/malloc.c ================================================ #if HAVE_CONFIG_H # include #endif #undef malloc #include void *malloc (); /* * Allocate an N-byte block of memory from the heap. * If N is zero, allocate a 1-byte block. */ void *rpl_malloc (size_t n) { if (n == 0) n = 1; return malloc (n); } ================================================ FILE: lib/strlcat.c ================================================ /* $OpenBSD: strlcat.c,v 1.15 2015/03/02 21:41:08 millert Exp $ */ /* * Copyright (c) 1998, 2015 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include /* * Appends src to string dst of size dsize (unlike strncat, dsize is the * full size of dst, not space left). At most dsize-1 characters * will be copied. Always NUL terminates (unless dsize <= strlen(dst)). * Returns strlen(src) + MIN(dsize, strlen(initial dst)). * If retval >= dsize, truncation occurred. */ size_t strlcat(char *dst, const char *src, size_t dsize) { const char *odst = dst; const char *osrc = src; size_t n = dsize; size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end. */ while (n-- != 0 && *dst != '\0') dst++; dlen = dst - odst; n = dsize - dlen; if (n-- == 0) return(dlen + strlen(src)); while (*src != '\0') { if (n != 0) { *dst++ = *src; n--; } src++; } *dst = '\0'; return(dlen + (src - osrc)); /* count does not include NUL */ } ================================================ FILE: lib/strlcpy.c ================================================ /* $OpenBSD: strlcpy.c,v 1.12 2015/01/15 03:54:12 millert Exp $ */ /* * Copyright (c) 1998, 2015 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include /* * Copy string src to buffer dst of size dsize. At most dsize-1 * chars will be copied. Always NUL terminates (unless dsize == 0). * Returns strlen(src); if retval >= dsize, truncation occurred. */ size_t strlcpy(char *dst, const char *src, size_t dsize) { const char *osrc = src; size_t nleft = dsize; /* Copy as many bytes as will fit. */ if (nleft != 0) { while (--nleft != 0) { if ((*dst++ = *src++) == '\0') break; } } /* Not enough room in dst, add NUL and traverse rest of src. */ if (nleft == 0) { if (dsize != 0) *dst = '\0'; /* NUL-terminate dst */ while (*src++) ; } return(src - osrc - 1); /* count does not include NUL */ } ================================================ FILE: lib/tempfile.c ================================================ /* A secure tmpfile() replacement. * * Copyright (c) 2015-2020 Joachim Wiberg * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include /* O_TMPFILE requires -D_GNU_SOURCE */ #include /* fdopen() */ #include /* umask() */ #include /** * tempfile - A secure tmpfile() replacement * * This is the secure replacement for tmpfile() that does not exist in * GLIBC. The function uses the Linux specific %O_TMPFILE and %O_EXCL * for security. When the %FILE is fclose()'ed the file contents is * lost. The file is hidden in the %_PATH_TMP directory on the system. * * This function requires Linux 3.11, or later, due to %O_TMPFILE. * * Returns: * An open %FILE pointer, or %NULL on error. */ FILE *tempfile(void) { #ifdef O_TMPFILE /* Only on Linux, with fairly recent (G)LIBC */ mode_t oldmask; int fd; oldmask = umask(0077); fd = open(_PATH_TMP, O_TMPFILE | O_RDWR | O_EXCL | O_CLOEXEC, S_IRUSR | S_IWUSR); umask(oldmask); if (fd == -1) { /* Fall back to tmpfile() if O_TMPFILE is not supported */ if (errno == EOPNOTSUPP) return tmpfile(); return NULL; } return fdopen(fd, "w+"); #else return tmpfile(); /* Fallback on older GLIBC/Linux and actual UNIX systems */ #endif } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: lib/utimensat.c ================================================ /* Replacement in case utimensat(2) is missing * * Copyright (C) 2017-2021 Joachim Wiberg * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "config.h" #include #ifdef HAVE_FCNTL_H #include #endif #include #include /* lutimes(), utimes(), utimensat() */ int utimensat(int dirfd, const char *pathname, const struct timespec times[2], int flags) { struct timespec ts[2]; struct timeval tv[2]; int ret = -1; if (dirfd != 0) { errno = ENOTSUP; return -1; } if (!times) { clock_gettime(CLOCK_REALTIME, &ts[0]); ts[1] = ts[0]; } else { ts[0] = times[0]; ts[1] = times[1]; } TIMESPEC_TO_TIMEVAL(&tv[0], &ts[0]); TIMESPEC_TO_TIMEVAL(&tv[1], &ts[1]); #ifdef AT_SYMLINK_NOFOLLOW if ((flags & AT_SYMLINK_NOFOLLOW) == AT_SYMLINK_NOFOLLOW) ret = lutimes(pathname, tv); else #endif ret = utimes(pathname, tv); return ret; } #ifdef UNITTEST #include #include #include int main(int argc, char *argv[]) { char *fn; if (argc < 2) errx(1, "Usage: touch FILENAME"); fn = argv[1]; if (access(fn, F_OK)) { FILE *fp; fp = fopen(fn, "w"); if (!fp) err(1, "Failed creating %s", fn); fclose(fp); } utimensat(0, fn, NULL, 0); return 0; } #endif /** * Local Variables: * compile-command: "gcc -W -Wall -Wextra -I.. -DUNITTEST -o touch utimensat.c" * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: m4/misc.m4 ================================================ # Misc. helper macros AC_DEFUN([AC_CHECK_SUN_LEN],[ AC_MSG_CHECKING(for sun_len member in struct sockaddr_un) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #include ]],[[ struct sockaddr_un dummy; dummy.sun_len = 0; ]])],[ AC_DEFINE(HAVE_SOCKADDR_UN_SUN_LEN, 1, [Define if the struct sockaddr_un has a member sun_len on your OS]) AC_MSG_RESULT(yes)],[ AC_MSG_RESULT(no)]) ]) AC_DEFUN([AC_CHECK_SIN_LEN],[ AC_MSG_CHECKING(for sin_len member in struct sockaddr_in) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #include ]],[[ struct sockaddr_in dummy; dummy.sin_len = 0; ]])],[ AC_DEFINE(HAVE_SOCKADDR_IN_SIN_LEN, 1, [Define if the struct sockaddr_in has a member sin_len on your OS]) AC_MSG_RESULT(yes)],[ AC_MSG_RESULT(no)]) ]) ================================================ FILE: m4/mroute.m4 ================================================ # Macros to probe for multicast headers and IPv4/IPv6 support AC_DEFUN([AC_CHECK_MROUTE_HEADERS],[ AC_CHECK_HEADERS([linux/mroute.h linux/filter.h], [], [],[ #ifdef HAVE_SYS_SOCKET_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif #define _LINUX_IN_H /* For Linux <= 2.6.25 */ #include ]) AC_CHECK_HEADERS([netinet/ip_mroute.h], [], [],[ #ifdef HAVE_SYS_SOCKET_H # include #endif #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif #ifdef HAVE_NET_ROUTE_H # include #endif ]) ]) AC_DEFUN([AC_CHECK_MROUTE],[ AC_CHECK_MROUTE_HEADERS() ]) AC_DEFUN([AC_CHECK_MROUTE6_HEADERS],[ AC_CHECK_HEADERS([linux/mroute6.h], [], [],[ #ifdef HAVE_SYS_SOCKET_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif ]) AC_CHECK_HEADERS([netinet6/ip6_mroute.h], [], [],[ #ifdef HAVE_NETINET_IN_H # include #endif #ifdef HAVE_SYS_PARAM_H # include #endif ]) ]) AC_DEFUN([AC_CHECK_MROUTE6],[ AC_CHECK_MROUTE6_HEADERS() AC_MSG_CHECKING(for IPv6 multicast host support) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #ifdef HAVE_SYS_SOCKET_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif ]],[[ struct ipv6_mreq mreq; ]])],[ AC_DEFINE(HAVE_IPV6_MULTICAST_HOST, 1, [Define if your OS supports acting as an IPv6 multicast host]) AC_MSG_RESULT(yes)],[ AC_MSG_RESULT(no)]) AC_MSG_CHECKING(for IPv6 multicast routing support) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #ifdef HAVE_SYS_SOCKET_H # include #endif #ifdef HAVE_NETINET_IN_H # include #endif #ifdef HAVE_LINUX_MROUTE6_H # include #endif #ifdef HAVE_SYS_PARAM_H # include #endif #ifdef HAVE_NETINET6_IP6_MROUTE_H # include #endif ]],[[ int dummy = MRT6_INIT; ]])],[ AC_DEFINE(HAVE_IPV6_MULTICAST_ROUTING, 1, [Define if your OS supports IPv6 multicast routing]) AC_MSG_RESULT(yes) enable_ipv6=yes],[ AC_MSG_RESULT(no) enable_ipv6=no]) AC_MSG_CHECKING(for vifc_rate_limit member in struct mif6ctl) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #ifdef HAVE_LINUX_MROUTE6_H # include #endif #ifdef HAVE_NETINET6_IP6_MROUTE_H # include #endif ]],[[ struct mif6ctl dummy; dummy.vifc_rate_limit = 1; ]])],[ AC_DEFINE(HAVE_MIF6CTL_VIFC_RATE_LIMIT, 1, [Define if the struct mif6ctl has a member vifc_rate_limit on your OS]) AC_MSG_RESULT(yes)],[ AC_MSG_RESULT(no)]) AC_MSG_CHECKING(for vifc_threshold member in struct mif6ctl) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #ifdef HAVE_LINUX_MROUTE6_H #include #endif #ifdef HAVE_NETINET6_IP6_MROUTE_H #include #endif ]],[[ struct mif6ctl dummy; dummy.vifc_threshold = 1; ]])],[ AC_DEFINE(HAVE_MIF6CTL_VIFC_THRESHOLD, 1, [Define if the struct mif6ctl has a member vifc_threshold on your OS]) AC_MSG_RESULT(yes)],[ AC_MSG_RESULT(no)]) ]) ================================================ FILE: man/Makefile.am ================================================ dist_man5_MANS = smcroute.conf.5 dist_man8_MANS = smcrouted.8 smcroutectl.8 ================================================ FILE: man/smcroute.conf.5 ================================================ .\" -*- nroff -*- .Dd August 15, 2021 .Dt SMCROUTE.CONF 5 .Os .Sh NAME .Nm smcroute.conf .Nd smcrouted configuration file format .Sh DESCRIPTION The file .Nm is, strictly speaking, not critical to the operation of .Nm smcrouted . Some warnings may be logged, and provided the daemon is .Sy not started with .Fl N , it enables VIFs for all interfaces it can find and then waits for commands from .Xr smcroutectl 8 . As you can tell from that caveat, any non-trivial setup requires an .Nm . .Pp On most systems the configuration file(s) are available in: .Bl -tag -offset indent .It Pa /etc/smcroute.conf The traditional location, with all routes, group joins, and interfaces. .It Pa /etc/smcroute.d/*.conf Recently an .Cm include directive was added to .Nm , which allows for including other files. By convention .Pa /etc/smcroute.d/ has been selected as the default in the bundled example .Nm . See more about the .Cm include directive below. .El .Pp In debug mode, .Nm smcrouted logs the success of parsing each line and setting up a route. There is also a basic syntax validator built-in, see .Xr smcrouted 8 for more information. .Sh SYNTAX This section details the syntax of each of the available configuration file directives. .Pp Comments start with .Dq #\& and run to the end of line. See the .Sx EXAMPLE below. .Bl -tag -offset indent .It Cm phyint Ar IFNAME Oo Cm enable | Cm disable Oc Oo Cm mrdisc Oc Oo Cm ttl-threshold Ar TTL Oc By default all interfaces on the system are enabled and possible to route between, provided they have the .Cm MULTICAST interface flag set. The .Cm phyint directive can be used to selectively enable, or disable, interfaces from being mapped to virtual interfaces (VIFs), which the multicast routing stack actually employs. VIFs are limited, most operating systems only have 32, it is recommended to disable all interfaces by default, with .Ql Cm smcrouted Fl N , and enable them one by one using this directive. .Pp .Cm mrdisc is an IPv4 specific feature flag to enable Multicast Router Discovery protocol, RFC4286, announcement. This standard is supported by some switch (and router) manufacturers and may be used instead of having .Cm mgroup statements for all possible multicast groups you may want to forward. .Pp .Cm ttl-threshold is a very useful setting to help implement "TTL scoping". I.e., the minimum TTL level a multicast stream must exceed for the kernel to consider it to be routed. The default value (1) means a TTL of 2 or higher is needed for a frame to be forwarded to the routing stack, otherwise it is considered link-local. See .Xr smcrouted 8 for more information on multicast scoping. .Pp .Sy Note: all .Cm phyint directives must be read by .Nm smcrouted before any .Cm mgroup or .Cm mroute that refer to them! Hence, either place all .Cm phyint directives in the main .Nm or, if .Pa /etc/smcroute.d/*.conf is used, first in a file named, .Pa 00-phyint.conf , or similar. .It Cm mgroup from Ar IIF Oo Cm source Ar SOURCE[/LEN] Oc Cm group Ar GROUP[/LEN] Join a multicast group, with optional prefix length, on a given inbound interface (IIF). The source address is optional, but if given a source specific (SSM) join is performed. Every .Cm /LEN is translated to as many sources and groups as specified. To attempt to overcome (configured) kernel limitations, .Nm smcrouted probes the amount of joins available per socket. When the socket has been exhausted, another one is opened. At most 2048 sockets are opened. .Pp The purpose of joining groups is to use layer-2 signaling to inform switches, and other routers, to open up multicast traffic to your interfaces. Leaving a group is not supported from the configuration file, instead remove the .Cm mgroup, or trim its arguments, .Cm SIGHUP or .Cm smcroutectl reload your daemon. .Pp .Sy Note: use of the .Cm mgroup command should be avoided if possible. Instead configure "router ports" or similar on the switches (bridges) on your LAN. This to have them direct all the multicast to your router, or direct select groups if they have such capabilities. Usually MAC multicast filters exist. .It Cm mroute from Ar IIF Oo Cm source Ar SOURCE[/LEN] Oc Cm group Ar GROUP[/LEN] Cm to Ar OIF Op Ar OIF ... Add a multicast route for packets received on network interface .Cm IIF , originating from IP address .Cm SOURCE , and sent to the multicast group address .Cm GROUP , to the outbound network interface(s) .Cm OIF Op Cm OIF ... . .Pp The interfaces provided as .Cm IIF and .Cm OIF can be any network interface name available in the system, as long as it has the .Cm MULTICAST flag set. Furthermore, the kernel usually only forwards traffic if the interface(s) have an IP address. These are limitations posed by the kernel, not .Nm smcrouted . .Pp To add a (*,G) route, either leave SOURCE out completely or set it to 0.0.0.0, and if you want to specify a range, set GROUP/LEN, e.g. 225.0.0.0/24. .It Cm include Ar PATH Include another .Nm file, or set of files. Matching is performed using .Xr glob 3 , and matches are sorted alphabetically. By convention, the example .Nm bundled with .Nm smcrouted includes .Pa /etc/smcroute.d/*.conf . .El .Sh EXAMPLE .Nm smcrouted supports reading and setting up multicast routes from a config file. The default location is .Ar /etc/smcroute.conf , but this can be overridden using the .Fl f Ar FILE command line option. .Pp The .Ar IIF and .Ar OIF arguments below are interface names, or interface wildcards of the form .Ar eth+ , which matches .Ar eth0 , eth10 , etc. Wildcards are available for inbound interfaces. .Pp .Bd -unfilled -offset indent # # smcroute.conf example # # Syntax: # phyint IFNAME [mrdisc] [ttl-threshold <1-255>] # mgroup from IIF [source ADDR[/LEN]] group GROUP[/LEN] # mroute from IIF [source ADDR[/LEN]] group GROUP[/LEN] to OIF [OIF ...] # include /path/to/*.conf # Assuming smcrouted was started with the `-N` flag. Enable interfaces # required for inbound and outbound traffic. TTL scoping is enabled on # all interfaces, e.g., to use eth0 as n outbound interface (OIF), all # multicast frames must have a TTL of 12 or greater when ingressing. phyint eth0 enable ttl-threshold 11 phyint eth1 enable ttl-threshold 3 phyint eth2 enable ttl-threshold 5 phyint virbr0 enable ttl-threshold 5 # Instruct the kernel to join the multicast group 225.1.2.3 on interface # eth0. Then add an mroute of the same multicast stream, from the host # 192.168.1.42 on interface eth0 and forward to eth1 and eth2. mgroup from eth0 group 225.1.2.3 mroute from eth0 source 192.168.1.42 group 225.1.2.3 to eth1 eth2 # Similarly, but using source-specific group join mgroup from virbr0 source 192.168.123.110 group 225.1.2.4 mroute from virbr0 source 192.168.123.110 group 225.1.2.4 to eth0 # Allow multicast for group 225.3.2.1, from ANY source, ingressing on # interface eth0 to be forwarded to eth1 and eth2. When the kernel # receives a frame from unknown multicast sender, it asks smcrouted who # use this "template" to match against, if the ingressing interface and # group matches, smcrouted installs an (S,G) route in the kernel MFC. mgroup from eth0 group 225.3.2.1 mroute from eth0 group 225.3.2.1 to eth1 eth2 # The previous is an example of the (*,G) support. It is also possible # to specify a range of such rules. mgroup from eth0 group 225.0.0.0/24 mroute from eth0 group 225.0.0.0/24 to eth1 eth2 # Include any snippet in /etc/smcroute.d/, but please remember that # all phyint statements must be read first. include /etc/smcroute.d/*.conf .Ed .Sh CAVEATS The source address is optional for both IPv4 and IPv6 multicast routes, this is called (*,G) routing. When omitted, .Nm smcrouted dynamically installs (S,G) routes, matching the group and inbound interface, to the kernel when it learns of new inbound multicast. This feature was inherited from .Xr mrouted 8 , and may not work as intended in all use-cases. Also, depending on kernel and CPU load, account for the setup time to detect and install the route, expect at least one initial frame to be lost when using (*,G) rules. .Sh FILES .Pa /etc/smcroute.conf , .Pa /etc/smcroute.d/*.conf .Sh SEE ALSO .Xr smcrouted 8 , .Xr smcroute.conf 5 .Sh AUTHORS .An -nosplit SMCRoute was originally created by .An Carsten Schill Aq Mt carsten@cschill.de . Initial IPv6 support by .An Todd Hayton Aq Mt todd.hayton@gmail.com . Initial FreeBSD support by .An Micha Lenk Aq Mt micha@debian.org . .Pp SMCRoute is currently maintained by .An Joachim Wiberg Aq Mt troglobit@gmail.com , and .An Micha Lenk Aq Mt micha@debian.org at .Lk https://github.com/troglobit/smcroute "GitHub" . ================================================ FILE: man/smcroutectl.8 ================================================ .\" -*- nroff -*- .Dd November 28, 2021 .Dt SMCROUTECTL 8 SMM .Os .Sh NAME .Nm smcroutectl .Nd Control and status tool for .Xr smcrouted 8 .Sh SYNOPSIS .Nm smcroutectl .Op Fl bdptv .Op Fl i Ar NAME .Op Fl u Ar FILE .Op Ar COMMAND .Pp .Nm smcroutectl .Ao help | flush | kill | reload | version Ac .Nm smcroutectl .Ao show Ac .Op groups | routes .Nm smcroutectl .Ao add \ | \ \ rem Ac IIF Oo SOURCE Oc Ar GROUP[/LEN] OIF Op OIF ... .Nm smcroutectl .Ao join | leave Ac IIF Oo SOURCE Oc Ar GROUP[/LEN] .Sh DESCRIPTION .Nm is the control tool for .Xr smcrouted 8 . It can be used to query status, debug, modify the kernel multicast forwarding cache (MFC), manage group interface memberships, reload .Nm smcroute.conf , and kill a running .Nm smcrouted . .Sh OPTIONS The following .Nm options are available: .Bl -tag -width Ds .It Fl b Batch mode, read commands from stdin. .Bd -unfilled -offset indent $ sudo smcroutectl -b <<-EOF join eth0 225.1.2.3 add eth0 192.168.1.42 225.1.2.3 eth1 eth2 rem eth1 225.3.4.5 eth3 leave eth1 225.3.4.5 EOF .Ed .It Fl d Enable detailed output in show commands. .It Fl i Ar NAME Connect to an .Nm smcrouted instance that runs with another identity, .Ar NAME . .Pp This option is required for both .Nm smcrouted and .Nm smcroutectl when running multiple .Nm smcrouted instances, e.g., when using multiple routing tables, on Linux. .It Fl p Use plain table headings in .Cm show command output. No ANSI control characters are used, not even for probing screen width. .It Fl t Skip table headings entirely in .Cm show command output. .It Fl u Ar FILE UNIX domain socket path, used for the IPC between .Nm smcrouted and .Nm . Use this to override the default socket path, otherwise derived from the identity, .Fl i Ar NAME . This option can be useful when overriding the identity is not sufficient, e.g. for testing. The default depends on how .Nm is configured at build time, see .Sx FILES . .El .Sh OPERATION The .Ar IIF and .Ar OIF arguments in the below .Nm smcroutectl commands are the interface names, or interface wildcards of the form .Ar eth+ , which matches .Ar eth0 , eth10 , etc. Wildcards are available for both inbound and outbound interfaces. .Pp A multicast route is defined by an input interface .Ar IIF , the sender's unicast IP address .Ar SOURCE , which is optional, the multicast group .Ar GROUP and a list of, at least one, output interface .Ar OIF [OIF ...] . .Pp Please refer to .Xr smcrouted 8 for more details on the operation and how ASM/SSM multicast works. .Sh COMMANDS Commands can be abbreviated to the minimum unambiguous prefix; for example, .Cm s g for .Cm show groups . The following commands are available: .Bl -tag -width Ds .It Nm add Ar IIF [SOURCE[/LEN]] GROUP[/LEN] OIF [OIF ...] Add a new multicast route the the kernel MFC, or modify the outbound interfaces (OIF) an existing route. .Pp The arguments are, in order: .Ar IIF the inbound interface, .Ar SOURCE originating IP address (may need to be reachable in the unicast routing table to be allowed by the kernel reverse-path check), .Ar GROUP the multicast group address, and .Ar OIF Oo Ar OIF ... Oc the outbound network interface(s). .Pp The interfaces provided as .Ar IIF and .Ar OIF can be any multicast capable network interface as listed by .Ql Cm ifconfig or .Ql Cm ip link list , including tunnel interfaces and loopback. Provided .Nm smcrouted has "enumerated" them. See .Xr smcrouted 8 , in particular the command line option .Fl N , and the .Xr smcroute.conf 5 .Ql Cm phyint directive. .Pp To add a (*,G) route, either omit the .Ar SOURCE argument completely, or set it to .Ar 0.0.0.0 for IPv4, and if you want to specify a range of groups, use the .Ql GROUP/LEN modifier, e.g. .Ql 225.0.0.0/24 . .It Nm remove Ar IIF [SOURCE[/LEN]] GROUP[/LEN] [OIF [OIF ...]] Remove or modify the outbound interfaces of a multicast route in the kernel MFC. .Pp When no .Ar OIF argument is given, this command removes the entire route. With one or more .Ar OIF arguments, each outbound interface listed is removed. Skipping any unmatched or invalid interface names. When no more outbound interfaces exist, the route will have been transformed into a "stop filter". To remove the route entirely, the command must be given with no .Ar OIF arguments. .It Nm flush Flush dynamic (*,G) multicast routes now. Similar to how .Fl c Ar SEC works in .Nm smcrouted , this command initiates an immediate flush of all dynamically installed (*,G) multicast routes. Useful when a topology change has been detected and need to be propagated to .Nm smcrouted. .It Nm join Ar IIF [SOURCE[/LEN]] GROUP[/LEN] Join a multicast group, with an optional prefix length, on the given (inbound) interface. The source address is optional, but if given a source specific (SSM) join is performed. Note, joining groups is only ever necessary on the inbound interface, never on the outbound. Unless, two-way routing the same group. .Pp Note, as mentioned in .Xr smcrouted 8 , joining a group to open up traffic in layer-2 network switches is only a workaround to direct multicast towards SMCRoute. When routing lots of traffic it is advised to avoid this mechanism. Instead, use multicast router ports, or similar settings on the switches, or if they support multicast router discovery (MRDISC), see RFC4286. .It Nm leave Ar IIF [SOURCE[/LEN]] GROUP[/LEN] Leave a multicast group, with optional prefix length, on a given (inbound) interface. As with the join command, above, the source address is optional, but if the group was subscribed to with source it must be unsubscribed with source as well. .It Nm help [cmd] Print a usage information message. .It Nm kill Tell a running .Nm smcrouted to exit gracefully, same as .Ar SIGTERM . .It Nm reload Tell .Nm smcrouted to reload its configuration and activate the changes. Same as .Ar SIGHUP . Note, any routes or groups added or removed with .Nm smcroutectl will be lost. Only the configuration set in the file .Pa smcroute.conf is activated. .It Nm show [groups|routes] Show joined multicast groups or multicast routes, defaults to show routes. Can be combined with the .Fl d option to get details for each multicast route. .It Nm version Show program version and support information. .El .Sh SEE ALSO .Xr smcrouted 8 , .Xr smcroute.conf 5 .Sh AUTHORS .An -nosplit SMCRoute was originally created by .An Carsten Schill Aq Mt carsten@cschill.de . Initial IPv6 support by .An Todd Hayton Aq Mt todd.hayton@gmail.com . Initial FreeBSD support by .An Micha Lenk Aq Mt micha@debian.org . .Pp SMCRoute is currently maintained by .An Joachim Wiberg Aq Mt troglobit@gmail.com , and .An Micha Lenk Aq Mt micha@debian.org at .Lk https://github.com/troglobit/smcroute "GitHub" . ================================================ FILE: man/smcrouted.8 ================================================ .\" -*- nroff -*- .Dd November 28, 2021 .Dt SMCROUTED 8 SMM .Os .Sh NAME .Nm smcrouted .Nd SMCRoute, a static multicast router .Sh SYNOPSIS .Nm smcrouted .Op Fl nNhsv .Op Fl c Ar SEC .Op Fl d Ar SEC .Op Fl e Ar CMD .Op Fl f Ar FILE .Op Fl F Ar FILE .Op Fl i Ar NAME .Op Fl l Ar LVL .Op Fl m Ar SEC .Op Fl p Ar USER:GROUP .Op Fl P Ar FILE .Op Fl t Ar ID .Op Fl u Ar FILE .Sh DESCRIPTION .Nm is a static multicast routing daemon providing fine grained control over the multicast forwarding cache (MFC) in the UNIX kernel. Both IPv4 and IPv6 are fully supported. .Pp .Nm can be used as an alternative to dynamic multicast daemons like .Xr mrouted 8 , .Xr pimd 8 or .Xr pim6sd 8 in situations where static multicast routes should be maintained and/or no proper IGMP or MLD signaling exists. .Pp Multicast routes exist in the UNIX kernel only as long as a multicast routing daemon is running. On Linux, multiple multicast routers can run simultaneously using different multicast routing tables. To run .Nm and, .Nm mrouted at the same time, set the former to use a routing table other than the default (0). .Pp .Nm modifies the kernel routing table and needs either full .Ar superuser rights , or .Cm CAP_NET_ADMIN on Linux. This also applies to the friendly control tool .Xr smcroutectl 8 . .Ss Warning Be careful when creating multicast routes. You can easily flood your networks by inadvertently creating routing loops. Either direct loops listing an inbound interface also as an outbound, or indirect loops by going through other routers. .Sh OPTIONS The following command line options are available: .Bl -tag -width Ds .It Fl c Ar SEC Flush unused dynamic (*,G) multicast routes every .Ar SEC seconds. .Pp This option is intended for systems with topology changes, i.e., when inbound multicast may change both interface and source IP address. E.g. in a setup with at least two VRRP routers. If there is no way of detecting such a topology change this option makes sure to periodically flush all dynamically learned multicast routes so that traffic may resume. Flushing of a specific route only occurs if it was unused during the last flush interval, i.e. there was no traffic matching it. This avoids toggling between different inbound interfaces if traffic arrives on several interfaces simultaneously. In this case, the first selected inbound interface is retained until traffic on it ceases. .Pp Default is 60 sec, set to 0 to disable. See also the .Cm smcroutectl flush command, which can be called manually on topology changes. .It Fl d Ar SEC Daemon startup delay. Delays the probe of interfaces and parsing of the configuration file. Note, the PID file is also not created, since the daemon is not ready yet. .Pp This command line option, although useful in some use-cases, is fragile. It is almost always better to rely on an init or process supervisor that handles dependencies properly, like .Xr finit 8 , which can wait for interfaces to come up and files to be created before starting a service. .It Fl e Ar CMD Specify external script or command to be called when .Nm has loaded/reloaded all static multicast routes from the configuration file, or when a source-less (ANY) rule has been installed. .It Fl f Ar FILE Alternate configuration file, default .Pa /etc/smcroute.conf .It Fl F Ar FILE Check configuration file syntax, use .Fl l Ar LEVEL to increase verbosity. Returns non-zero on error. .It Fl h Show summary of command line options and exit. .It Fl i Ar NAME Set daemon identity. Used to create unique PID, IPC socket, and configuration file names, as well as set the syslog identity. E.g., .Fl I Ar foo would make .Nm look for .Cm /etc/foo.conf , write its PID to .Cm /var/run/foo.pid and create an IPC socket for .Nm smcroutectl in .Cm /var/run/foo.sock . .Pp For .Nm smcroutectl the same option can be used to select the proper .Nm instance to send IPC to. .Pp This option is required for both daemon and client when running multiple .Nm instances, using multiple routing tables, on Linux. .It Fl l Ar LEVEL Set log level: none, err, notice, info, debug. Default is notice. .It Fl m Ar SEC Modify Multicast Router Discovery (mrdisc) announcement interval. Default 20 sec. This option is only available when .Nm is built with mrdisc support (Linux, and IPv4, only). RFC4286. .It Fl n Run daemon in foreground, do not detach from controlling terminal .It Fl N By default .Nm enables multicast routing on all available, and multicast capable, interfaces in the system. These interfaces are enumerated as VIFs, virtual interfaces, of which most UNIX systems have a very limited amount, usually 32. This daemon option inverts the behavior so no interfaces are enabled by default. Useful on systems with many interfaces, where multicast routing only makes use of a few. .Pp The config file setting .Ar phyint IFNAME enable is required to enable the required interfaces. .It Fl p Ar USER Op :GROUP Drop root privileges to USER:GROUP after start and retain CAP_NET_ADMIN capabilities only. The :GROUP is optional. This option is only available when .Nm is built with libcap support. .It Fl P Ar FILE Set PID file name, and optionally full path, in case you need to override the default identity, or the identity set with .Fl i Ar NAME . Regardless, setting this option overrides all others, but it is recommended to use the ident option instead. .It Fl s Let daemon log to syslog, default unless running in foreground. .It Fl t Ar ID Set multicast routing table ID. Remember to also create routing rules directing packets to the table. This example uses routing table ID 123: .Bd -unfilled -offset left ip mrule add iif eth0 lookup 123 ip mrule add oif eth0 lookup 123 .Ed .Pp .Nm Note: Only available on Linux. .It Fl u Ar FILE UNIX domain socket path, used for the IPC between .Nm and .Nm smcroutectl . Use this to override the default socket path, derived from the daemon identity, .Fl i Ar NAME . This option can be useful when overriding the identity is not sufficient, e.g. for testing. The default depends on how .Nm is configured at build time, see .Sx FILES . .It Fl v Show program version and support information. .El .Pp The .Fl e Ar CMD option is useful if you want to trigger other processes to start when .Nm has completed installing dynamic multicast routes from (*,G) rules in .Pa /etc/smcroute.conf , or when a source-less (ANY) route, a.k.a (*,G) multicast rule, from .Pa /etc/smcroute.conf . is matched and installed. For instance, calling .Ar conntrack on Linux to flush firewall connection tracking when NAT:ing multicast. .Pp The script .Ar CMD is called with an argument .Ar reload or .Ar install to let the script know if it is called on SIGHUP/startup, or when a (*,G) rule is matched and installed. In the latter case .Nm also sets two environment variables: .Nm source , and .Nm group . Beware that these environment variables are unconditionally overwritten by .Nm and can thus not be used to pass information to the script from outside of .Nm . .Sh OPERATION .Ss Introduction When .Nm starts up it scans for available network interfaces that have the .Cm MULTICAST flag set. Provided the .Fl N flag is not set, each interface is enumerated as a virtual interface (VIF) which is what the kernel's multicast routing stack uses. The enumeration process on some operating systems also require each interface to have an IP address, but Linux and FreeBSD systems only require the ifindex and the MULTICAST flag. If the interface does not yet exist when .Nm starts, the .Fl d Ar SEC flag can be used to delay startup. Otherwise .Nm needs to be reloaded (e.g., using SIGHUP) when a new interface has been added to the system. .Pp Since VIFs are a limited resource, most operating systems only support 32 in total, the administrator may need to declare which interfaces to use for multicast routing using the .Pa /etc/smcroute.conf .Cm phyint directive. It is recommended to always start .Nm with the .Fl N flag, disabling VIF creation by default, and then selectively enable each of the interfaces you are going to route between. See .Xr smcroute.conf 5 for more information. .Ss Multicast Scoping Because multicast inherently is broadcast there is an obvious need to limit. On a LAN this is usually managed automatically by bridges (switches) with built-in multicast snooping (IGMP and MLD). Between LANs there is also the need to scope multicast, often the same multicast groups are used for different purposes on different LANs. This must be managed by administrators, at least three options exist: .Bl -tag -offset indent .It Cm TTL scoping The traditional way of "raising walls" between zones. The outbound interfaces of routers are given a TTL threshold greater than the hop it represents. The default TTL threshold is 1. Managing the routers is a lot easier than adjusting the TTL value of each multicast sender. The only real downside to this is that it scales poorly with the number of routers and it affects all multicast traversing the router's interfaces. .It Cm Administrative scoping (RFC2365) This is one of the current best practices, defining boundaries for sets of multicast groups instead of limiting all multicast (as TTL scoping does). In the case of .Nm this is left to the administrator to manage. See .Xr mrouted 8 , and .Xr mrouted.conf 5 , for more details. .It Cm Filtering Some sort of filtering mechanism, e.g., firewall (Linux netfilter) or low-level filter (Linux tc or eBPF) that may even have some hardware offloading support (TCAM). The firewall is likely the most common since it is also often used to set up SNAT or 1:1 NAT (Linux netmap). .El .Ss Multicast Routes .Pp A multicast route is defined by an input interface .Ar IFNAME , the sender's unicast IP address .Ar SOURCE , which is optional, the multicast group .Ar GROUP and a list of, at least one, output interface .Ar IFNAME [IFNAME ...] . .Pp .Bd -unfilled -offset indent mroute from eth0 group 225.1.2.3 to eth1 eth2 mroute from eth0 source 1.2.3.4 group 225.3.2.1 to eth1 eth2 mroute from eth0 group ff2e::42 to eth1 eth2 mroute from eth0 source 2001:3::1 group ff2e::43 to eth1 eth2 .Ed .Pp The sender address and multicast group must both be either IPv4 or IPv6 addresses. .Pp The output interfaces are not needed when removing routes using the .Cm smcroutectl remove command. The first three parameters are sufficient to identify the source of the multicast route. .Pp The intended purpose of .Nm is to aid in situations where dynamic multicast routing does not work properly. However, a dynamic multicast routing protocol is in nearly all cases the preferred solution. The reason for this is their ability to translate Layer-3 signaling to Layer-2 and vice versa (IGMP or MLD). .Pp .Sy Note: the optional source address multicast routes are not installed in the kernel multicast forwarding cache (MFC) by .Nm . Instead, it dynamically installs new routes to the kernel MFC, matching the group and inbound interface, when the kernel notifies .Nm using "upcalls" called .Cm NOCACHE messages. This feature was grafted onto .Nm from .Xr mrouted 8 , and may not work as intended in all use-cases. .Pp .Ss Multicast Groups .Nm is capable of simple group join and leave by sending commands to the kernel. The kernel then handles sending Layer-2 IGMP/MLD join and leave frames as needed. This can be used for testing but is also useful sometimes to open up multicast from the sender if located on a LAN with switches equipped with IGMP/MLD Snooping. Such devices will prevent forwarding of multicast unless an IGMP/MLD capable router or multicast client is located on the same physical port as you run .Nm on. However, this feature of .Nm is only intended as a workaround. Some platforms impose a limit on the maximum number of groups that can be joined, some of these systems can be tuned to increase this limit. For bigger installations it is strongly recommended to instead address the root cause, e.g. enable multicast router ports on intermediate switches, either statically or by enabling the multicast router discovery feature of .Nm . .Pp To emulate a multicast client using .Nm you use the .Nm join and .Nm leave commands to issue join and leave commands for a given multicast group on a given interface .Ar IFNAME . The .Ar GROUP may be given in an IPv4 or IPv6 address format. .Pp The command is passed to the daemon that passes it to the kernel. The kernel then tries to join the multicast group .Ar GROUP on interface .Ar IFNAME by starting IGMP, or MLD for IPv6 group address, signaling on the given interface. This signaling may be received by routers/switches connected on that network supporting IGMP/MLD multicast signaling and, in turn, start forwarding the requested multicast stream eventually reach your desired interface. .Pp .Ss Multiple Daemon Instances When running multiple .Nm instances, using the .Fl t Ar ID command line flag, one per routing table on Linux, it is required to use the .Fl i Ar NAME option to both daemon and client. This because the name of the IPC socket used for communicating is composed from the identity. .Sh DEBUGGING The most common problem when attempting to route multicast is the TTL. Always start by verifying that the TTL of your multicast stream is not set to 1, because the router decrements the TTL of an IP frame before routing it. Test your setup using .Xr ping 8 or .Xr iperf 1 . Either of which is capable of creating multicast traffic with an adjustable TTL. Iperf in particular is useful since it can act both as a multicast source (sender) and a multicast sink (receiver). For more advanced IP multicast testing the .Xr mcjoin 1 tool can be used. .Pp .Ss Note A lot of extra information is sent under the daemon facility and the debug priority to the syslog daemon. Use .Ql smcrouted -s -l debug to enable. .Sh SIGNALS For convenience in sending signals, .Nm writes its process ID to .Pa /var/run/smcroute.pid upon startup, unless the .Fl p Ar FILE or .Fl i Ar NAME options are used to change the identity or file name used. The following signals are supported: .Pp .Bl -tag -width TERM -compact .It Cm HUP Tell .Nm to reload its configuration file and activate the changes. .It Cm INT Terminates execution gracefully. .It Cm TERM The same as INT. .El .Sh FILES .Bl -tag -width /proc/net/ip6_mr_cache -compact .It Pa /etc/smcroute.conf Optional configuration file for .Nm . Defined interfaces to use, groups to join, and routes to set when starting, or reloading .Nm on .Ar SIGHUP . Like the PID file, the name of the configuration file may be different depending on command line options given to the daemon. Most notably, .Fl I Ar IDENT defines the full suite of files used by the .Nm daemon. See .Xr smcroute.conf 5 for details. .It Pa /etc/smcroute.d/*.conf Optional configuration directory, path defined by convention only, actual configuration directory, or file(s) to include, defined by .Pa /etc/smcroute.conf . See .Xr smcroute.conf 5 for details. .It Pa /var/run/smcroute.pid Default PID file (re)created by .Nm when it has started up and is ready to receive commands. See also the .Fl i Ar NAME or .Fl P Ar FILE options which can change the default name. .It Pa /var/run/smcroute.sock IPC socket created by .Nm for use by .Nm smcroutectl . Same caveats apply to this file as the previous two, command line options .Fl i Ar NAME and .Fl S Ar FILE to the daemon can be used to change the socket file name. .It Pa /proc/net/ip_mr_cache Linux specific, holds active IPv4 multicast routes. .It Pa /proc/net/ip_mr_vif Linux specific, holds the IPv4 virtual interfaces used by the active multicast routing daemon. .It Pa /proc/net/ip6_mr_cache Linux specific, holds active IPv6 multicast routes. .It Pa /proc/net/ip6_mr_vif Linux specific, holds the IPv6 virtual interfaces used by the active multicast routing daemon. .It Pa /proc/net/igmp Linux specific, holds active IGMP ASM (*,G) joins. .It Pa /proc/net/igmp6 Linux specific, holds active MLD ASM (*,G) joins. .It Pa /proc/net/mcfilter Linux specific, holds active IGMP SSM (S,G) joins. .It Pa /proc/net/mcfilter6 Linux specific, holds active MLD SSM (S,G) joins. .It Pa /proc/sys/net/ipv4/igmp_max_memberships Linux specific tuning of max IGMP ASM (*,G) per socket, default 20. .It Pa /proc/sys/net/ipv4/igmp_max_msf Linux specific tuning of max IGMP SSM (S,G) per socket, default 10. .El .Pp BSD systems may consult the .Xr netstat 1 tool for stats on virtual multicast interface tables and multicast forwarding caches, and VIF/MIF allocation, as well as the .Xr ifmcstat 8 tool for querying group membership. .Xr .Sh EXIT STATUS .Nm leverages BSD .Pa sysexits.h exit codes (64-78), which process supervisors like .Xr systemd 1 and .Xr finit 8 understands. The following table details what codes are used for and how to interpret them. .Bl -column "Status" "Symbolic Name" "Description" -offset indent .It Sy Status Ta Sy Symbolic Name Ta Sy Description .It 0 Ta EX_OK Ta Success .It 64 Ta EX_USAGE Ta Invalid command line option, or missing argument .It 69 Ta EX_UNAVAILABLE Ta Multicast routing socket (or table) already in use .It 79 Ta EX_SOFTWARE Ta Internal error, bug in .Nm .It 71 Ta EX_OSERR Ta Failed .Fn fork , .Fn daemon , .Fn getifaddrs , .Fn malloc , etc. .It 76 Ta EX_PROTOCOL Ta Kernel does not seem to support multicast routing .It 77 Ta EX_NOPERM Ta Not enough permissions to run .It 78 Ta EX_CONFIG Ta Parse error in configuration file .El .Sh SEE ALSO .Xr smcroute.conf 5 , .Xr smcroutectl 8 , .Xr mrouted 8 , .Xr pimd 8 , .Xr pim6sd 8 , .Xr ping 8 , .Xr mcjoin 1 , .Xr iperf 1 .Sh AUTHORS .An -nosplit SMCRoute was originally created by .An Carsten Schill Aq Mt carsten@cschill.de . Initial IPv6 support by .An Todd Hayton Aq Mt todd.hayton@gmail.com . Initial FreeBSD support by .An Micha Lenk Aq Mt micha@debian.org . .Pp SMCRoute is currently maintained by .An Joachim Wiberg Aq Mt troglobit@gmail.com , and .An Micha Lenk Aq Mt micha@debian.org at .Lk https://github.com/troglobit/smcroute "GitHub" . ================================================ FILE: smcroute ================================================ #!/bin/sh # Compatibility wrapper for users with old startup scripts # Written by Joachim Wiberg, placed in the public domain OP=$1 shift case "$OP" in -d) smcrouted $* ;; -h) echo "Usage: smcroute [OPTIONS] [ARGS]" echo echo " -d Start daemon" echo " -k Kill a running daemon" echo echo " -h This help text" echo " -v Show version" echo echo " -a ARGS Add a multicast route" echo " -r ARGS Remove a multicast route" echo echo " -j ARGS Join a multicast group" echo " -l ARGS Leave a multicast group" echo echo " <------------- INBOUND --------------> <----- OUTBOUND ------>" echo " -a [ ...]" echo " -r " echo echo " -j " echo " -l " echo echo "NOTE: This is a compatibility wrapper script for SMCRoute. Intended for" echo " use with old style startup scripts. It is recommended to migrate" echo " to /etc/smcroute.conf, see the smcroute(8) man page for help." return 0 ;; -k) smcroutectl kill ;; -v) smcroutectl version ;; -a) smcroutectl add $* ;; -r) smcroutectl remove $* ;; -j) smcroutectl join $* ;; *) echo "Unknown command or option to the SMCRoute compatiblity wrapper script." echo "See the smcroute(8) man page for help on available commands." return 1 ;; esac ================================================ FILE: smcroute.conf ================================================ # # smcroute.conf example # # The configuration file supports joining multicast groups, to use # Layer-2 signaling so that switches and routers open up multicast # traffic to your interfaces. Leave is not supported, remove the # mgroup and SIGHUP your daemon, or send a specific leave command. # # NOTE: Use of the mgroup command should be avoided if possible. # Instead configure "router ports" or similar on the switches # or bridges on your LAN. This to have them direct all the # multicast to your router, or select groups if they have # such capabilities. Usually MAC multicast filters exist. # # Some switch manufacturers support mrdisc, RFC4286, which # SMCRoute can use to advertise itself on source interfaces. # If availble, use that instead of mgroup. # # Similarly supported is setting mroutes. Removing mroutes is not # supported, remove/comment out the mroute from the .conf file, or # send a remove command with smcroutectl. # # Syntax: # phyint IFNAME [mrdisc] [ttl-threshold <1-255>] # mgroup from IIF [source ADDR[/LEN]] group GROUP[/LEN] # mroute from IIF [source ADDR[/LEN]] group GROUP[/LEN] to OIF [OIF ...] # include /path/to/*.conf # This example assumes smcrouted was started with the `-N` flag. # Only enable interfaces required for inbound and outbound traffic. phyint eth0 enable ttl-threshold 11 phyint eth1 enable ttl-threshold 3 phyint eth2 enable ttl-threshold 5 phyint virbr0 enable ttl-threshold 5 # Instruct the kernel to join the multicast group 225.1.2.3 on interface # eth0. Then add an mroute of the same multicast stream, from the host # 192.168.1.42 on interface eth0 and forward to eth1 and eth2. mgroup from eth0 group 225.1.2.3 mroute from eth0 source 192.168.1.42 group 225.1.2.3 to eth1 eth2 # Similar example, but using source-specific group join mgroup from virbr0 source 192.168.123.110 group 225.1.2.4 mroute from virbr0 source 192.168.123.110 group 225.1.2.4 to eth0 # Allow multicast for group 225.3.2.1, from ANY source, ingressing on # interface eth0 to be forwarded to eth1 and eth2. When the kernel # receives a frame from unknown multicast sender, it asks smcrouted who # use this "template" to match against, if the ingressing interface and # group matches, smcrouted installs an (S,G) route in the kernel MFC. mgroup from eth0 group 225.3.2.1 mroute from eth0 group 225.3.2.1 to eth1 eth2 # The previous is an example of the (*,G) support. It is also possible # to specify a range of such rules. mgroup from eth0 group 225.0.0.0/24 mroute from eth0 group 225.0.0.0/24 to eth1 eth2 # Include any snippet in /etc/smcroute.d/, but please remember that # all phyint statements must be read first. include /etc/smcroute.d/*.conf ================================================ FILE: smcroute.default ================================================ SMCROUTED_OPTS=-l debug ================================================ FILE: smcroute.init ================================================ #!/bin/sh # ### BEGIN INIT INFO # Provides: smcroute # Required-Start: $syslog $local_fs $network $remote_fs # Required-Stop: $syslog $local_fs $network $remote_fs # Should-Start: # Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Static multicast router daemon # Description: SMCRoute is a daemon and command line tool to manipulate # the multicast routing table of a UNIX kernel. It can be # used as an alternative to dynamic multicast routers like # pimd or mrouted in situations where static routes should # be maintained and/or no proper IGMP signaling exists. ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/smcrouted DAEMONCTL=/usr/sbin/smcroutectl DAEMON_OPTS= NAME=smcrouted DESC="static multicast router daemon" test -x $DAEMON || exit 0 # Include smcroute defaults if available if [ -f /etc/default/smcroute ] ; then . /etc/default/smcroute fi . /lib/lsb/init-functions start() { local error local result log_begin_msg "Starting $DESC: $NAME" error=$(start-stop-daemon --start --quiet \ --exec $DAEMON -- $DAEMON_OPTS 2>&1) result=$? if [ "$result" = "0" -a -x /etc/smcroute/startup.sh ]; then /etc/smcroute/startup.sh else log_progress_msg ${error#ERRO: } fi log_end_msg $result } stop() { local error local result log_begin_msg "Stopping $DESC: $NAME" error=$($DAEMONCTL kill 2>&1) result=$? log_progress_msg ${error#ERRO: } log_end_msg $result } case "$1" in start) start ;; stop) stop ;; restart|force-reload) # # If the "reload" option is implemented, move the "force-reload" # option to the "reload" entry above. If not, "force-reload" is # just the same as "restart". # stop start ;; status) status_of_proc "$DAEMON" "$DESC" && exit 0 || exit $? ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|force-reload}" >&2 exit 1 ;; esac exit 0 ================================================ FILE: smcroute.service.in ================================================ [Unit] Description=Static multicast routing daemon Documentation=man:smcrouted Documentation=man:smcroute.conf Documentation=man:smcroutectl Documentation=file:@DOCDIR@/README.md # ConditionPathExists=@SYSCONFDIR@/smcroute.conf After=network-online.target Requires=network-online.target [Service] Type=@DAEMON_TYPE@ EnvironmentFile=-@SYSCONFDIR@/default/smcroute ExecStart=@SBINDIR@/smcrouted -n -s $SMCROUTED_OPTS $SMCROUTED_ARGS ExecReload=@SBINDIR@/smcroutectl reload NotifyAccess=main # Hardening settings NoNewPrivileges=true ProtectControlGroups=true ProtectSystem=full ProtectHome=true [Install] WantedBy=multi-user.target ================================================ FILE: src/Makefile.am ================================================ AUTOMAKE_OPTIONS = subdir-objects sbin_PROGRAMS = smcrouted smcroutectl smcrouted_SOURCES = smcrouted.c conf.c conf.h mroute.c mroute.h iface.c \ iface.h inet.c inet.h ipc.c ipc.h kern.c kern.h \ log.c log.h mcgroup.c mcgroup.h msg.c msg.h \ notify.c notify.h pidfile.c queue.h script.c \ script.h socket.c socket.h timer.c timer.h util.h smcrouted_CFLAGS = -W -Wall -Wextra -Wno-deprecated-declarations -std=gnu99 smcrouted_CPPFLAGS = -D_ATFILE_SOURCE -D_INCOMPLETE_XOPEN_C063 smcrouted_CPPFLAGS += -DSYSCONFDIR=\"@sysconfdir@\" -DRUNSTATEDIR=\"@runstatedir@\" smcrouted_LDADD = $(LIBS) $(LIBOBJS) @LIB_RT@ @LIB_PTHREAD@ if USE_LIBCAP smcrouted_SOURCES += cap.c cap.h smcrouted_LDADD += -lcap endif if HAVE_LIBSYSTEMD smcrouted_SOURCES += systemd.c smcrouted_CFLAGS += $(libsystemd_CFLAGS) smcrouted_LDADD += $(libsystemd_LIBS) endif if USE_MRDISC smcrouted_SOURCES += mrdisc.c mrdisc.h endif smcroutectl_SOURCES = smcroutectl.c msg.h util.h smcroutectl_CFLAGS = -W -Wall -Wextra -std=gnu99 smcroutectl_CPPFLAGS = -DRUNSTATEDIR=\"@runstatedir@\" smcroutectl_LDADD = $(LIBS) $(LIBOBJS) ================================================ FILE: src/cap.c ================================================ /* Daemon capability API * * Copyright (C) 2016 Markus Palonen * Copyright (C) 2016-2020 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #ifdef HAVE_SYS_PRCTL_H # include #endif #include #include #include #include "log.h" static const char *username = NULL; static int whoami(const char *user, const char *group, uid_t *uid, gid_t *gid) { struct passwd *pw; struct group *gr; if (!user) return -1; /* Get target UID and target GID */ pw = getpwnam(user); if (!pw) { smclog(LOG_ERR, "User '%s' not found!", user); return -1; } *uid = pw->pw_uid; *gid = pw->pw_gid; if (group) { gr = getgrnam(group); if (!gr) { smclog(LOG_ERR, "Group '%s' not found!", group); return -1; } *gid = gr->gr_gid; } /* Valid user */ username = user; return 0; } static int setcaps(cap_value_t cv) { int result; cap_t caps = cap_get_proc(); cap_value_t cap_list = cv; cap_clear(caps); cap_set_flag(caps, CAP_PERMITTED, 1, &cap_list, CAP_SET); cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_list, CAP_SET); result = cap_set_proc(caps); cap_free(caps); return result; } /* * Drop root privileges except capability CAP_NET_ADMIN. This capability * enables the thread (among other networking related things) to add and * remove multicast routes */ static int drop_root(const char *user, uid_t uid, gid_t gid) { #ifdef HAVE_SYS_PRCTL_H /* Allow this process to preserve permitted capabilities */ if (prctl(PR_SET_KEEPCAPS, 1) == -1) { smclog(LOG_ERR, "Cannot preserve capabilities: %s", strerror(errno)); return -1; } #endif /* Set supplementary groups, GID and UID */ if (initgroups(user, gid) == -1) { smclog(LOG_ERR, "Failed setting supplementary groups: %s", strerror(errno)); return -1; } if (setgid(gid) == -1) { smclog(LOG_ERR, "Failed setting group ID %d: %s", gid, strerror(errno)); return -1; } if (setuid(uid) == -1) { smclog(LOG_ERR, "Failed setting user ID %d: %s", uid, strerror(errno)); return -1; } /* Clear all capabilities except CAP_NET_ADMIN */ if (setcaps(CAP_NET_ADMIN)) { smclog(LOG_ERR, "Failed setting `CAP_NET_ADMIN`: %s", strerror(errno)); return -1; } /* Try to regain root UID, should not work at this point. */ if (setuid(0) == 0) return -1; return 0; } void cap_drop_root(uid_t uid, gid_t gid) { if (username) { if (drop_root(username, uid, gid) == -1) smclog(LOG_WARNING, "Could not drop root privileges, continuing as root."); else smclog(LOG_INFO, "Root privileges dropped: Current UID %u, GID %u.", getuid(), getgid()); } } void cap_set_user(char *arg, uid_t *uid, gid_t *gid) { char *ptr; char *user; char *group; ptr = strdup(arg); if (!ptr) err(1, "Failed parsing user:group argument"); user = strtok(ptr, ":"); group = strtok(NULL, ":"); if (whoami(user, group, uid, gid)) err(1, "Invalid user:group argument"); free(ptr); } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/cap.h ================================================ /* Daemon capability API */ #ifndef SMCROUTE_CAP_H_ #define SMCROUTE_CAP_H_ #include "config.h" #ifdef ENABLE_LIBCAP void cap_drop_root (uid_t uid, gid_t gid); void cap_set_user (char *arg, uid_t *uid, gid_t *gid); #else #define cap_drop_root(uid, gid) #define cap_set_user(arg, uid, gid) warnx("Drop privs support not available.") #endif #endif /* SMCROUTE_CAP_H_ */ ================================================ FILE: src/conf.c ================================================ /* Simple .conf file parser for smcroute * * Copyright (C) 2011-2021 Joachim Wiberg * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include #include #include "log.h" #include "conf.h" #include "iface.h" #include "script.h" #include "mcgroup.h" #include "util.h" #define MAX_LINE_LEN 512 #define DEBUG(fmt, args...) do { \ if (conf) \ smclog(LOG_DEBUG, "%s line %d: " fmt, conf->file, \ conf->lineno, ##args); \ else \ smclog(LOG_DEBUG, "ipc: " fmt, ##args); \ } while (0) #define INFO(fmt, args...) do { \ if (conf) \ smclog(LOG_INFO, "%s line %d: " fmt, conf->file, \ conf->lineno, ##args); \ else \ smclog(LOG_INFO, "ipc: " fmt, ##args); \ } while (0) #define WARN(fmt, args...) do { \ if (conf) \ smclog(LOG_WARNING, "%s line %d: " fmt, conf->file, \ conf->lineno, ##args); \ else \ smclog(LOG_WARNING, "ipc: " fmt, ##args); \ if (conf_vrfy) \ rc++; \ } while (0) /* Used only for verifying .conf files */ static int conf_vrfy_vif; static char *pop_token(char **line) { char *end, *token; if (!line) return NULL; token = *line; if (!token) return NULL; /* Find start of token, skip whitespace. */ while (*token && isspace((int)*token)) token++; /* Find end of token. */ end = token; while (*end && !isspace((int)*end)) end++; if (end == token) { *line = NULL; return NULL; } *end = 0; /* Terminate token. */ *line = end + 1; return token; } static int match(char *keyword, char *token) { size_t len; if (!keyword || !token) return 0; len = strlen(keyword); return !strncmp(keyword, token, len); } int conf_mgroup(struct conf *conf, int cmd, char *iif, char *source, char *group) { inet_addr_t src = { 0 }, grp = { 0 }; int src_len = 0; int grp_len = 0; int len_max; int family; int rc = 0; if (!iif || !group) { errno = EINVAL; return 1; } grp_len = is_range(group); if (inet_str2addr(group, &grp) || !is_multicast(&grp)) { WARN("join: Invalid multicast group: %s", group); goto done; } family = grp.ss_family; #ifdef HAVE_IPV6_MULTICAST_HOST if (family == AF_INET6) len_max = 128; else #endif len_max = 32; if (grp_len < 0 || grp_len > len_max) { WARN("join: Invalid group prefix length (0-%d): %d", len_max, grp_len); goto done; } if (!grp_len) grp_len = len_max; if (source) { src_len = is_range(source); if (src_len < 0 || src_len > len_max) { WARN("join: Invalid source prefix length (0-%d): %d", len_max, src_len); goto done; } if (inet_str2addr(source, &src)) { WARN("join: Invalid multicast source: %s", source); goto done; } } else inet_anyaddr(family, &src); if (!src_len) src_len = len_max; if (!conf_vrfy) rc = mcgroup_action(cmd, iif, &src, src_len, &grp, grp_len); done: return rc; } int conf_mroute(struct conf *conf, int cmd, char *iif, char *source, char *group, char *oif[], int num) { struct ifmatch state_in, state_out; struct mroute mroute = { 0 }; struct iface *iface_in, *iface; int len_max; int family; int rc = 0; int vif; if (!iif || !group) { errno = EINVAL; return 1; } mroute.len = is_range(group); if (inet_str2addr(group, &mroute.group) || !is_multicast(&mroute.group)) { WARN("mroute: Invalid multicast group: %s", group); goto done; } family = mroute.group.ss_family; #ifdef HAVE_IPV6_MULTICAST_HOST if (family == AF_INET6) len_max = 128; else #endif len_max = 32; if (mroute.len < 0 || mroute.len > len_max) { WARN("mroute: Invalid multicast group prefix length, %d", mroute.len); goto done; } if (!mroute.len) mroute.len = len_max; if (source) { mroute.src_len = is_range(source); if (mroute.src_len < 0 || mroute.src_len > len_max) { WARN("mroute: invalid prefix length: %d", mroute.src_len); goto done; } if (inet_str2addr(source, &mroute.source)) { WARN("mroute: Invalid source address: %s", source); goto done; } } else { inet_anyaddr(family, &mroute.source); mroute.src_len = 0; } if (!mroute.src_len) mroute.src_len = len_max; iface_match_init(&state_in); DEBUG("mroute: checking for input iface %s ...", iif); while (iface_match_vif_by_name(iif, &state_in, &iface_in) != NO_VIF) { char src[INET_ADDRSTR_LEN], grp[INET_ADDRSTR_LEN]; vif = iface_get_vif(family, iface_in); DEBUG("mroute: input iface %s has vif %d", iif, vif); mroute.inbound = vif; for (int i = 0; i < num; i++) { iface_match_init(&state_out); DEBUG("mroute: checking for %s ...", oif[i]); while (iface_match_vif_by_name(oif[i], &state_out, &iface) != NO_VIF) { vif = iface_get_vif(family, iface); if (vif == NO_VIF) continue; if (vif == mroute.inbound && cmd) { /* In case of wildcard match in==out is normal, so don't complain */ if (!ifname_is_wildcard(iif) && !ifname_is_wildcard(oif[i])) INFO("mroute: Same outbound interface (%s) as inbound (%s) may cause routing loops.", oif[i], iface_in->ifname); } /* Use configured TTL threshold for the output phyint */ mroute.ttl[vif] = iface->threshold; } if (!state_out.match_count) WARN("mroute: outbound %s is not a known phyint, skipping", oif[i]); } if (conf_vrfy) continue; if (cmd) { smclog(LOG_DEBUG, "mroute: adding route from %s (%s/%u,%s/%u)", iface_in->ifname, inet_addr2str(&mroute.source, src, sizeof(src)), mroute.src_len, inet_addr2str(&mroute.group, grp, sizeof(grp)), mroute.len); if (mroute_add_route(&mroute)) rc = -1; } else { smclog(LOG_DEBUG, "mroute: deleting route from %s (%s/%u,%s/%u)", iface_in->ifname, inet_addr2str(&mroute.source, src, sizeof(src)), mroute.src_len, inet_addr2str(&mroute.group, grp, sizeof(grp)), mroute.len); if (mroute_del_route(&mroute)) rc = -1; } } if (!state_in.match_count) { WARN("mroute: inbound %s is not a known phyint", iif); rc = -1; } done: return rc; } static int conf_phyint(struct conf *conf, int enable, char *iif, int mrdisc, int threshold) { (void)conf; if (conf_vrfy) { struct iface *iface; struct ifmatch ifm; iface_match_init(&ifm); iface = iface_match_by_name(iif, 1, &ifm); if (!iface) return 1; iface->vif = conf_vrfy_vif; iface->mif = conf_vrfy_vif++; return 0; } if (enable) return mroute_add_vif(iif, mrdisc, threshold); return mroute_del_vif(iif); } /* * This function parses the given configuration file according to the * below format rules. Joins multicast groups and creates multicast * routes accordingly in the kernel. Whitespace is ignored. * * Format: * phyint IFNAME [ttl-threshold <1-255>] * mgroup from IFNAME [source ADDRESS] group MCGROUP * mroute from IFNAME source ADDRESS group MCGROUP to IFNAME [IFNAME ...] * include FILEPATTERN */ int conf_parse(struct conf *conf, int do_vifs) { char *linebuf, *line; int rc = 0; FILE *fp; fp = fopen(conf->file, "r"); if (!fp) { if (errno == ENOENT) smclog(LOG_NOTICE, "Configuration file %s does not exist", conf->file); else smclog(LOG_WARNING, "Failed opening %s: %s", conf->file, strerror(errno)); if (!conf_vrfy) smclog(LOG_NOTICE, "Continuing anyway, waiting for client to connect."); return 1; } linebuf = malloc(MAX_LINE_LEN * sizeof(char)); if (!linebuf) { int tmp = errno; fclose(fp); errno = tmp; smclog(LOG_ERR, "Failed allocating memory to read .conf file: %s", strerror(errno)); exit(EX_OSERR); } conf->lineno = 0; next: while ((line = fgets(linebuf, MAX_LINE_LEN, fp))) { int mrdisc = 0, threshold = DEFAULT_THRESHOLD; int op = 0, num = 0, enable = do_vifs; char *oif[MAX_MC_VIFS]; char *include = NULL; char *source = NULL; char *group = NULL; char *iif = NULL; char *ttl = NULL; char *token; glob_t gl; size_t i; /* Strip any line end character(s) */ chomp(line); conf->lineno++; DEBUG("%s", line); while ((token = pop_token(&line))) { /* Strip comments. */ if (match("#", token)) break; if (!op) { if (match("mgroup", token)) { op = MGROUP; } else if (match("ssmgroup", token)) { op = MGROUP; /* Compat */ } else if (match("mroute", token)) { op = MROUTE; } else if (match("phyint", token)) { op = PHYINT; iif = pop_token(&line); if (!iif) { WARN("phyint missing interface pattern"); goto next; } } else if (match("include", token)) { op = INCLUDE; include = pop_token(&line); smclog(LOG_DEBUG, "Found include --> %s", include); break; } else { WARN("Unknown command %s, skipping.", token); goto next; } } if (match("from", token)) { iif = pop_token(&line); } else if (match("source", token)) { source = pop_token(&line); } else if (match("group", token)) { group = pop_token(&line); } else if (match("to", token)) { while ((oif[num] = pop_token(&line))) num++; } else if (match("enable", token)) { enable = 1; } else if (match("disable", token)) { enable = 0; } else if (match("mrdisc", token)) { mrdisc = 1; } else if (match("ttl-threshold", token)) { ttl = pop_token(&line); } } if (iif && !iface_exist(iif)) { switch (op) { case MGROUP: WARN("mgroup from %s matches no valid phyint, skipping ...", iif); break; case MROUTE: WARN("mroute from %s matches no valid phyint, skipping ...", iif); break; default: WARN("phyint %s does not exist (yet?) on this system", iif); break; } continue; } if (ttl) { int val = atoi(ttl); if (val < 1 || val > 255) WARN("phyint %s ttl %s out of range (1-255)", iif ? iif : "", ttl); else threshold = val; } switch (op) { case EMPTY: break; case MGROUP: if (conf_mgroup(conf, 1, iif, source, group)) rc = -1; break; case MROUTE: if (conf_mroute(conf, 1, iif, source, group, oif, num)) rc = -1; break; case PHYINT: if (conf_phyint(conf, enable, iif, mrdisc, threshold)) rc = -1; break; case INCLUDE: glob(include, 0, NULL, &gl); for (i = 0; i < gl.gl_pathc; i++) { struct conf inc = { .file = gl.gl_pathv[i] }; smclog(LOG_DEBUG, "Glob expansion to %s ...", gl.gl_pathv[i]); if (conf_parse(&inc, do_vifs)) smclog(LOG_WARNING, "Failed reading %s: %s", gl.gl_pathv[i], strerror(errno)); } globfree(&gl); break; default: WARN("Unknown token %d", op); break; } } free(linebuf); fclose(fp); if (rc) { errno = EOPNOTSUPP; return 1; } return 0; } /* Parse .conf file and setup routes */ int conf_read(char *file, int do_vifs) { struct conf conf = { .file = file }; if (conf_parse(&conf, do_vifs)) { if (errno == EOPNOTSUPP) smclog(LOG_WARNING, "Parse error in %s", file); return EX_CONFIG; } if (conf_vrfy) return EX_OK; return script_exec(NULL); } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/conf.h ================================================ #ifndef SMCROUTE_CONF_H_ #define SMCROUTE_CONF_H_ #include "config.h" #define EMPTY 0 #define MGROUP 1 #define MROUTE 2 #define PHYINT 3 #define INCLUDE 4 struct conf { const char *file; unsigned int lineno; }; extern int conf_vrfy; int conf_mgroup (struct conf *conf, int cmd, char *iif, char *source, char *group); int conf_mroute (struct conf *conf, int cmd, char *iif, char *source, char *group, char *oif[], int num); int conf_parse (struct conf *conf, int do_vifs); int conf_read (char *file, int do_vifs); #endif /* SMCROUTE_CONF_H_ */ /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/iface.c ================================================ /* Physical and virtual interface API * * Copyright (C) 2001-2005 Carsten Schill * Copyright (C) 2006-2009 Julien BLACHE * Copyright (C) 2009 Todd Hayton * Copyright (C) 2009-2011 Micha Lenk * Copyright (C) 2011-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "queue.h" #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "ipc.h" #include "iface.h" #include "mcgroup.h" #include "timer.h" #include "util.h" static TAILQ_HEAD(iflist, iface) iface_list = TAILQ_HEAD_INITIALIZER(iface_list); extern int do_vifs; /** * iface_update - Check of new interfaces */ void iface_update(void) { struct ifaddrs *ifaddr, *ifa; if (getifaddrs(&ifaddr) == -1) { smclog(LOG_ERR, "Failed retrieving interface addresses: %s", strerror(errno)); exit(EX_OSERR); } for (ifa = ifaddr; ifa; ifa = ifa->ifa_next) { struct iface *iface; int ifindex; ifindex = if_nametoindex(ifa->ifa_name); /* Check if already added? */ iface = iface_find_by_name(ifa->ifa_name); if (iface) { smclog(LOG_DEBUG, "Found %s, updating ...", ifa->ifa_name); iface->flags = ifa->ifa_flags; if (ifindex != iface->ifindex || (iface->flags & IFF_MULTICAST) != IFF_MULTICAST) { mcgroup_prune(ifa->ifa_name); mroute_del_vif(ifa->ifa_name); } iface->ifindex = ifindex; if (!iface->inaddr.s_addr && ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET) iface->inaddr = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr; if (do_vifs) iface->unused = 0; continue; } smclog(LOG_DEBUG, "Found new interface %s, adding ...", ifa->ifa_name); iface = calloc(1, sizeof(struct iface)); if (!iface) { smclog(LOG_ERR, "Failed allocating space for interface: %s", strerror(errno)); exit(EX_OSERR); } /* * Only copy interface address if inteface has one. On * Linux we can enumerate VIFs using ifindex, useful for * DHCP interfaces w/o any address yet. Other UNIX * systems will fail on the MRT_ADD_VIF ioctl. if the * kernel cannot find a matching interface. */ if (ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET) iface->inaddr = ((struct sockaddr_in *)ifa->ifa_addr)->sin_addr; iface->flags = ifa->ifa_flags; strlcpy(iface->ifname, ifa->ifa_name, sizeof(iface->ifname)); iface->ifindex = if_nametoindex(iface->ifname); iface->vif = ALL_VIFS; iface->mif = ALL_MIFS; iface->mrdisc = 0; iface->threshold = DEFAULT_THRESHOLD; TAILQ_INSERT_TAIL(&iface_list, iface, link); } freeifaddrs(ifaddr); } /** * iface_init - Probe for interaces at startup * * Builds up a vector with active system interfaces. Must be called * before any other interface functions in this module! */ void iface_init(void) { iface_update(); } /** * iface_exit - Tear down interface list and clean up */ void iface_exit(void) { struct iface *iface, *tmp; TAILQ_FOREACH_SAFE(iface, &iface_list, link, tmp) { TAILQ_REMOVE(&iface_list, iface, link); free(iface); } } /** * iface_find - Find an interface by ifindex * @ifindex: Interface index * * Returns: * Pointer to a @struct iface of the matching interface, or %NULL if no * interface exists, or is up. If more than one interface exists, chose * the interface that corresponds to a virtual interface. */ struct iface *iface_find(int ifindex) { struct iface *iface; TAILQ_FOREACH(iface, &iface_list, link) { if (iface->ifindex == ifindex) return iface; } return NULL; } /** * iface_find_by_name - Find an interface by name * @ifname: Interface name * * Returns: * Pointer to a @struct iface of the matching interface, or %NULL if no * interface exists, or is up. If more than one interface exists, chose * the interface that corresponds to a virtual interface. */ struct iface *iface_find_by_name(const char *ifname) { struct iface *candidate = NULL; struct iface *iface; #ifdef __linux__ char *ptr; #endif char *nm; if (!ifname) return NULL; nm = strdup(ifname); if (!nm) return NULL; #ifdef __linux__ /* Linux alias interfaces should use the same VIF/MIF as parent */ ptr = strchr(nm, ':'); if (ptr) *ptr = 0; #endif TAILQ_FOREACH(iface, &iface_list, link) { if (!strcmp(nm, iface->ifname)) { if (iface->vif != NO_VIF) { free(nm); return iface; } candidate = iface; } } free(nm); return candidate; } static struct iface *find_by_vif(vifi_t vif) { struct iface *iface; TAILQ_FOREACH(iface, &iface_list, link) { if (iface->vif != NO_VIF && iface->vif == vif) return iface; } return NULL; } static struct iface *find_by_mif(mifi_t mif) { struct iface *iface; TAILQ_FOREACH(iface, &iface_list, link) { if (iface->mif != NO_VIF && iface->mif == mif) return iface; } return NULL; } /** * iface_find_by_inbound - Find iface by route's inbound VIF * @route: Route's inbound to use * * Returns: * Pointer to a @struct iface of the requested interface, or %NULL if no * interface matching @mif exists. */ struct iface *iface_find_by_inbound(struct mroute *route) { #ifdef HAVE_IPV6_MULTICAST_HOST if (route->group.ss_family == AF_INET6) return find_by_mif(route->inbound); #endif return find_by_vif(route->inbound); } /** * iface_match_init - Initialize interface matching iterator * @state: Iterator state to be initialized */ void iface_match_init(struct ifmatch *state) { state->iface = TAILQ_FIRST(&iface_list); state->match_count = 0; } /** * ifname_is_wildcard - Check whether interface name is a wildcard * * Returns: * %TRUE(1) if wildcard, %FALSE(0) if normal interface name */ int ifname_is_wildcard(const char *ifname) { return (ifname && ifname[0] && ifname[strlen(ifname) - 1] == '+'); } /** * iface_match_by_name - Find matching interfaces by name pattern * @ifname: Interface name pattern * @reload: Set while reloading .conf * @state: Iterator state * * Interface name patterns use iptables- syntax, i.e. perform prefix * match with a trailing '+' matching anything. * * Returns: * Pointer to a @struct iface of the next matching interface, or %NULL if no * (more) interfaces exist (or are up). */ struct iface *iface_match_by_name(const char *ifname, int reload, struct ifmatch *state) { unsigned int match_len = UINT_MAX; if (!ifname) return NULL; if (ifname_is_wildcard(ifname)) match_len = strlen(ifname) - 1; while (state->iface != TAILQ_END(&iface_list)) { struct iface *iface = state->iface; if (!strncmp(ifname, iface->ifname, match_len)) { if (reload || !iface->unused) { state->iface = TAILQ_NEXT(iface, link); state->match_count++; return iface; } } state->iface = TAILQ_NEXT(iface, link); } return NULL; } /** * iface_iterator - Interface iterator * @first: Set to start from beginning * * Returns: * Pointer to a @struct iface, or %NULL when no more interfaces exist. */ struct iface *iface_iterator(int first) { static struct iface *iface = NULL; if (first) iface = TAILQ_FIRST(&iface_list); else iface = TAILQ_NEXT(iface, link); return iface; } struct iface *iface_outbound_iterator(struct mroute *route, int first) { struct iface *iface = NULL; static vifi_t i = 0; if (first) i = 0; while (i < MAX_MC_VIFS) { vifi_t vif = i++; if (route->ttl[vif] == 0) continue; #ifdef HAVE_IPV6_MULTICAST_ROUTING if (route->group.ss_family == AF_INET6) iface = find_by_mif(vif); else #endif iface = find_by_vif(vif); if (!iface) continue; return iface; } return NULL; } vifi_t iface_get_vif(int af_family, struct iface *iface) { #ifdef HAVE_IPV6_MULTICAST_HOST if (af_family == AF_INET6) return iface->mif; #endif return iface->vif; } /** * iface_match_vif_by_name - Get matching virtual interface index by interface name pattern (IPv4) * @ifname: Interface name pattern * @state: Iterator state * * Returns: * The virtual interface index if the interface matches and is registered * with the kernel, or -1 if no (more) matching virtual interfaces are found. */ vifi_t iface_match_vif_by_name(const char *ifname, struct ifmatch *state, struct iface **found) { struct iface *iface; while ((iface = iface_match_by_name(ifname, 0, state))) { if (iface->vif != NO_VIF) { if (found) *found = iface; // smclog(LOG_DEBUG, " %s has VIF %d", iface->ifname, iface->vif); return iface->vif; } // smclog(LOG_DEBUG, " %s has NO VIF", iface->ifname); state->match_count--; } return NO_VIF; } /** * iface_match_mif_by_name - Get matching virtual interface index by interface name pattern (IPv6) * @ifname: Interface name pattern * @state: Iterator state * * Returns: * The virtual interface index if the interface matches and is registered * with the kernel, or -1 if no (more) matching virtual interfaces are found. */ mifi_t iface_match_mif_by_name(const char *ifname, struct ifmatch *state, struct iface **found) { struct iface *iface; while ((iface = iface_match_by_name(ifname, 0, state))) { if (iface->mif != NO_VIF) { if (found) *found = iface; smclog(LOG_DEBUG, " %s has MIF %d", iface->ifname, iface->mif); return iface->mif; } state->match_count--; } return NO_VIF; } /* Return all currently known interfaces */ int iface_show(int sd, int detail) { struct iface *iface; char *p = "PHYINT"; char line[120]; int inw; (void)detail; inw = iface_ifname_maxlen(); if (inw < (int)strlen(p)) inw = (int)strlen(p); snprintf(line, sizeof(line), " INDEX %-*s VIF MIF=\n", inw, p); ipc_send(sd, line, strlen(line)); iface = iface_iterator(1); while (iface) { char buf[256]; char vif[6]; char mif[6]; if (iface->vif < 65535) snprintf(vif, sizeof(vif), "%d", iface->vif); else snprintf(vif, sizeof(vif), "N/A"); if (iface->mif < 65535) snprintf(mif, sizeof(mif), "%d", iface->mif); else snprintf(mif, sizeof(mif), "N/A"); snprintf(buf, sizeof(buf), "%6d %-*s %4s %4s\n", iface->ifindex, inw, iface->ifname, vif, mif); if (ipc_send(sd, buf, strlen(buf)) < 0) { smclog(LOG_ERR, "Failed sending reply to client: %s", strerror(errno)); return -1; } iface = iface_iterator(0); } return 0; } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/iface.h ================================================ /* Physical and virtual interface API */ #ifndef SMCROUTE_IFACE_H_ #define SMCROUTE_IFACE_H_ #include "config.h" #include #include /* IFNAMSIZ */ #include /* struct in_addr */ #include "mroute.h" /* vifit_t + mifi_t */ #ifndef ALL_MIFS #define ALL_MIFS (vifi_t)-1 #endif #define DEFAULT_THRESHOLD 1 /* Packet TTL must be at least 1 to pass */ #define NO_VIF ALL_VIFS struct iface { TAILQ_ENTRY(iface) link; int unused; /* set on reload/SIGHUP only */ char ifname[IFNAMSIZ]; struct in_addr inaddr; /* == 0 for non IP interfaces */ int ifindex; /* Physical interface index */ short flags; vifi_t vif; mifi_t mif; uint8_t mrdisc; /* Enable multicast router discovery */ uint8_t threshold; /* TTL threshold: 1-255, default: 1 */ }; struct ifmatch { struct iface *iface; size_t match_count; }; void iface_init (void); void iface_exit (void); void iface_update (void); struct iface *iface_iterator (int first); struct iface *iface_outbound_iterator (struct mroute *route, int first); struct iface *iface_find (int ifindex); struct iface *iface_find_by_name (const char *ifname); struct iface *iface_find_by_inbound (struct mroute *route); void iface_match_init (struct ifmatch *state); struct iface *iface_match_by_name (const char *ifname, int reload, struct ifmatch *state); int ifname_is_wildcard (const char *ifname); vifi_t iface_get_vif (int af_family, struct iface *iface); vifi_t iface_match_vif_by_name (const char *ifname, struct ifmatch *state, struct iface **found); mifi_t iface_match_mif_by_name (const char *ifname, struct ifmatch *state, struct iface **found); int iface_show (int sd, int detail); /* * Check if interface exists, at all, on the system */ static inline int iface_exist(char *ifname) { struct ifmatch ifm; iface_match_init(&ifm); return iface_match_by_name(ifname, 1, &ifm) != NULL; } static inline int iface_ifname_maxlen(void) { struct iface *iface; int maxlen = 0; int first = 1; while ((iface = iface_iterator(first))) { first = 0; if ((int)strlen(iface->ifname) > maxlen) maxlen = (int)strlen(iface->ifname); } return maxlen; } #endif /* SMCROUTE_IFACE_H_ */ /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/inet.c ================================================ /* Housekeeping IPv4/IPv6 wrapper functions * * Copyright (C) 2017-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "inet.h" void inet_addr_set(inet_addr_t *addr, const struct in_addr *ina) { struct sockaddr_in *sin = (struct sockaddr_in *)addr; assert(addr && ina); sin->sin_family = AF_INET; #ifdef HAVE_SOCKADDR_IN_SIN_LEN sin->sin_len = sizeof(struct sockaddr_in); #endif sin->sin_addr = *ina; } struct in_addr *inet_addr_get(inet_addr_t *addr) { struct sockaddr_in *sin = (struct sockaddr_in *)addr; assert(addr); assert(sin->sin_family == AF_INET); return &sin->sin_addr; } #ifdef HAVE_IPV6_MULTICAST_HOST void inet_addr6_set(inet_addr_t *addr, const struct in6_addr *ina) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr; assert(addr && ina); sin6->sin6_family = AF_INET6; #ifdef HAVE_SOCKADDR_IN_SIN_LEN sin6->sin6_len = sizeof(struct sockaddr_in6); #endif sin6->sin6_addr = *ina; } struct sockaddr_in6 *inet_addr6_get(inet_addr_t *addr) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr; assert(addr); assert(sin6->sin6_family == AF_INET6); return sin6; } #endif /* HAVE_IPV6_MULTICAST_HOST */ void inet_anyaddr(sa_family_t family, inet_addr_t *addr) { struct sockaddr_in *sin = (struct sockaddr_in *)addr; #ifdef HAVE_IPV6_MULTICAST_HOST if (family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr; sin6->sin6_family = AF_INET6; #ifdef HAVE_SOCKADDR_IN_SIN_LEN sin6->sin6_len = sizeof(struct sockaddr_in6); #endif memcpy(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any)); return; } #endif sin->sin_family = AF_INET; #ifdef HAVE_SOCKADDR_IN_SIN_LEN sin->sin_len = sizeof(struct sockaddr_in); #endif sin->sin_addr.s_addr = htonl(INADDR_ANY); } inet_addr_t inet_netaddr(inet_addr_t *addr, int len) { inet_addr_t net = *addr; uint32_t bits; int max_len; assert(addr); #ifdef HAVE_IPV6_MULTICAST_HOST if (addr->ss_family == AF_INET6) max_len = 128; else #endif max_len = 32; assert(len > 0 && len <= max_len); bits = max_len - len; #ifdef HAVE_IPV6_MULTICAST_HOST if (addr->ss_family == AF_INET6) { struct sockaddr_in6 *sin6 = inet_addr6_get(&net); struct in6_addr s6 = sin6->sin6_addr; uint32_t pos = 3; while (bits >= 32) { s6.s6_addr32[pos--] = 0; bits -= 32; } s6.s6_addr32[pos] = htonl(ntohl(s6.s6_addr32[pos]) & ((0xffffffffU << bits) & 0xffffffffU)); sin6->sin6_addr = s6; } else #endif { struct in_addr *ina = inet_addr_get(&net); ina->s_addr = htonl(ntohl(ina->s_addr) & ((0xffffffffU << bits) & 0xffffffffU)); } return net; } int inet_addr_cmp(inet_addr_t *a, inet_addr_t *b) { if (!a || !b) { errno = EINVAL; return 1; } if (a->ss_family == AF_INET && b->ss_family == AF_INET) { struct sockaddr_in *sa = (struct sockaddr_in *)a; struct sockaddr_in *sb = (struct sockaddr_in *)b; return sa->sin_addr.s_addr - sb->sin_addr.s_addr; } #ifdef HAVE_IPV6_MULTICAST_HOST if (a->ss_family == AF_INET6 && b->ss_family == AF_INET6) { struct sockaddr_in6 *sa = (struct sockaddr_in6 *)a; struct sockaddr_in6 *sb = (struct sockaddr_in6 *)b; return memcmp(sa, sb, sizeof(*sa)); } #endif errno = EAFNOSUPPORT; return 1; } const char *inet_addr2str(inet_addr_t *addr, char *str, size_t len) { struct sockaddr_in *sin = (struct sockaddr_in *)addr; #ifdef HAVE_IPV6_MULTICAST_HOST if (addr->ss_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr; return inet_ntop(AF_INET6, &sin6->sin6_addr, str, len); } #endif return inet_ntop(AF_INET, &sin->sin_addr, str, len); } int inet_str2addr(const char *str, inet_addr_t *addr) { struct sockaddr_in *sin = (struct sockaddr_in *)addr; int rc; if (!str || !addr) { errno = EINVAL; return -1; } #ifdef HAVE_IPV6_MULTICAST_HOST if (strchr(str, ':')) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr; sin6->sin6_family = AF_INET6; #ifdef HAVE_SOCKADDR_IN_SIN_LEN sin6->sin6_len = sizeof(struct sockaddr_in6); #endif rc = inet_pton(AF_INET6, str, &sin6->sin6_addr); } else #endif { sin->sin_family = AF_INET; #ifdef HAVE_SOCKADDR_IN_SIN_LEN sin->sin_len = sizeof(struct sockaddr_in); #endif rc = inet_pton(AF_INET, str, &sin->sin_addr); } if (rc == 0 || rc == -1) return 1; return 0; } int is_multicast(inet_addr_t *addr) { struct sockaddr_in *sin = (struct sockaddr_in *)addr; #ifdef HAVE_IPV6_MULTICAST_HOST if (addr->ss_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr; return IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr); } #endif return IN_MULTICAST(ntohl(sin->sin_addr.s_addr)); } int is_anyaddr(inet_addr_t *addr) { struct sockaddr_in *sin = (struct sockaddr_in *)addr; #ifdef HAVE_IPV6_MULTICAST_HOST if (addr->ss_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)addr; return !memcmp(&sin6->sin6_addr, &in6addr_any, sizeof(in6addr_any)); } #endif return sin->sin_addr.s_addr == htonl(INADDR_ANY); } int inet_iter_init(struct inet_iter *iter, inet_addr_t *addr, int len) { int max_len; if (!iter) return errno = EINVAL; #ifdef HAVE_IPV6_MULTICAST_HOST if (addr->ss_family == AF_INET6) max_len = 128; else #endif max_len = 32; if (len < 0 || len > max_len) { iter->num = 0; return errno = EINVAL; } iter->orig = *addr; iter->len = len; iter->addr = inet_netaddr(addr, len); iter->num = 1 << (max_len - len); return 0; } int inet_iterator(struct inet_iter *iter, inet_addr_t *addr) { if (!iter) { errno = EINVAL; return 0; } if (iter->num-- == 0) return 0; *addr = iter->addr; /* prepared already */ #ifdef HAVE_IPV6_MULTICAST_HOST if (addr->ss_family == AF_INET6) { struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&iter->addr; struct in6_addr s6 = sin6->sin6_addr; uint32_t pos = 4; while (pos--) { uint32_t addr32 = ntohl(s6.s6_addr32[pos]); addr32++; s6.s6_addr32[pos] = htonl(addr32); if (addr32 > 0) break; } sin6->sin6_addr = s6; } else #endif { struct sockaddr_in *sin = (struct sockaddr_in *)&iter->addr; in_addr_t ina; ina = ntohl(sin->sin_addr.s_addr); sin->sin_addr.s_addr = htonl(++ina); } return 1; } #ifdef _UNIT_TEST #include #include int main(void) { char str[INET_ADDRSTR_LEN]; struct inet_iter iter; inet_addr_t addr; inet_anyaddr(AF_INET6, &addr); if (!is_anyaddr(&addr)) err(1, "FAIL"); puts("OK"); inet_str2addr("192.168.1.42", &addr); inet_iter_init(&iter, &addr, 24); printf("Got num: %u\n", iter.num); while (inet_iterator(&iter, &addr)) printf("%s num %u\n", inet_addr2str(&addr, str, sizeof(str)), iter.num); inet_str2addr("2001::1", &addr); inet_iter_init(&iter, &addr, 122); printf("Got num: %u -> initial str %s\n", iter.num, inet_addr2str(&addr, str, sizeof(str))); while (inet_iterator(&iter, &addr)) printf("%s num %u\n", inet_addr2str(&addr, str, sizeof(str)), iter.num); inet_str2addr("192.168.1.42", &addr); inet_iter_init(&iter, &addr, 1); printf("Got num: %u\n", iter.num); while (inet_iterator(&iter, &addr)) printf("%s num %u\n", inet_addr2str(&addr, str, sizeof(str)), iter.num); return 0; } #endif /** * Local Variables: * compile-command: "gcc -D_UNIT_TEST -I.. -I. -o unit_test inet.c && ./unit_test" * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/inet.h ================================================ /* Housekeeping IPv4/IPv6 wrapper functions * * Copyright (C) 2017-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef SMCROUTE_INET_H_ #define SMCROUTE_INET_H_ #include "config.h" #include #include #include #include /* inet_ntop() */ #include #include #ifdef HAVE_IPV6_MULTICAST_HOST #define INET_ADDRSTR_LEN INET6_ADDRSTRLEN #else #define INET_ADDRSTR_LEN INET_ADDRSTRLEN #endif typedef struct sockaddr_storage inet_addr_t; #ifndef s6_addr32 # if defined(__FreeBSD__) # define s6_addr32 __u6_addr.__u6_addr32 # elif defined(__linux__) # define s6_addr32 __in6_u.__u6_addr32 # else # error "IPv6 s6_addr32 is not defined, unknown operating system, build --without-ipv6" # endif #endif struct inet_iter { inet_addr_t orig; int len; inet_addr_t addr; uint32_t num; }; void inet_addr_set (inet_addr_t *addr, const struct in_addr *ina); struct in_addr *inet_addr_get (inet_addr_t *addr); #ifdef HAVE_IPV6_MULTICAST_HOST void inet_addr6_set (inet_addr_t *addr, const struct in6_addr *ina); struct sockaddr_in6 *inet_addr6_get (inet_addr_t *addr); #endif void inet_anyaddr (sa_family_t family, inet_addr_t *addr); inet_addr_t inet_netaddr (inet_addr_t *addr, int len); int inet_addr_cmp (inet_addr_t *a, inet_addr_t *b); const char *inet_addr2str (inet_addr_t *addr, char *str, size_t len); int inet_str2addr (const char *str, inet_addr_t *addr); int is_multicast (inet_addr_t *addr); int is_anyaddr (inet_addr_t *addr); int inet_iter_init (struct inet_iter *iter, inet_addr_t *addr, int len); int inet_iterator (struct inet_iter *iter, inet_addr_t *addr); static inline int inet_max_len (inet_addr_t *addr) { #ifdef HAVE_IPV6_MULTICAST_HOST if (addr->ss_family == AF_INET6) return 128; #endif return 32; } #endif /* SMCROUTE_INET_H_ */ ================================================ FILE: src/ip_mroute.h ================================================ /* Imported from Apple XNU sources, 2050.18.24 * https://opensource.apple.com/source/xnu/xnu-2050.18.24/bsd/netinet/ip_mroute.h * * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. The rights granted to you under the License * may not be used to create, or enable the creation or redistribution of, * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * Copyright (c) 1989 Stephen Deering. * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Stephen Deering of Stanford University. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)ip_mroute.h 8.1 (Berkeley) 6/10/93 */ #ifndef _NETINET_IP_MROUTE_H_ #define _NETINET_IP_MROUTE_H_ #include /* * Definitions for IP multicast forwarding. * * Written by David Waitzman, BBN Labs, August 1988. * Modified by Steve Deering, Stanford, February 1989. * Modified by Ajit Thyagarajan, PARC, August 1993. * Modified by Ajit Thyagarajan, PARC, August 1994. * * MROUTING Revision: 3.3.1.3 */ /* * Multicast Routing set/getsockopt commands. */ #define MRT_INIT 100 /* initialize forwarder */ #define MRT_DONE 101 /* shut down forwarder */ #define MRT_ADD_VIF 102 /* create virtual interface */ #define MRT_DEL_VIF 103 /* delete virtual interface */ #define MRT_ADD_MFC 104 /* insert forwarding cache entry */ #define MRT_DEL_MFC 105 /* delete forwarding cache entry */ #define MRT_VERSION 106 /* get kernel version number */ #define MRT_ASSERT 107 /* enable PIM assert processing */ #ifdef KERNEL_PRIVATE #define GET_TIME(t) microtime(&t) #endif /* KERNEL_PRIVATE */ #ifndef CONFIG_MAXVIFS #define CONFIG_MAXVIFS 32 /* 4635538 temp workaround */ #endif #ifndef CONFIG_MFCTBLSIZ #define CONFIG_MFCTBLSIZ 256 /* 4635538 temp workaround */ #endif /* * Types and macros for handling bitmaps with one bit per virtual interface. */ typedef u_int32_t vifbitmap_t; typedef u_short vifi_t; /* type of a vif index */ #define ALL_VIFS (vifi_t)-1 #define VIFM_SET(n, m) ((m) |= (1 << (n))) #define VIFM_CLR(n, m) ((m) &= ~(1 << (n))) #define VIFM_ISSET(n, m) ((m) & (1 << (n))) #define VIFM_CLRALL(m) ((m) = 0x00000000) #define VIFM_COPY(mfrom, mto) ((mto) = (mfrom)) #define VIFM_SAME(m1, m2) ((m1) == (m2)) /* * Argument structure for MRT_ADD_VIF. * (MRT_DEL_VIF takes a single vifi_t argument.) */ struct vifctl { vifi_t vifc_vifi; /* the index of the vif to be added */ u_char vifc_flags; /* VIFF_ flags defined below */ u_char vifc_threshold; /* min ttl required to forward on vif */ u_int vifc_rate_limit; /* max rate */ struct in_addr vifc_lcl_addr; /* local interface address */ struct in_addr vifc_rmt_addr; /* remote address (tunnels only) */ }; #define VIFF_TUNNEL 0x1 /* vif represents a tunnel end-point */ #define VIFF_SRCRT 0x2 /* tunnel uses IP source routing */ /* * Argument structure for MRT_ADD_MFC and MRT_DEL_MFC * (mfcc_tos to be added at a future point) */ struct mfcctl { struct in_addr mfcc_origin; /* ip origin of mcasts */ struct in_addr mfcc_mcastgrp; /* multicast group associated*/ vifi_t mfcc_parent; /* incoming vif */ u_char mfcc_ttls[CONFIG_MAXVIFS]; /* forwarding ttls on vifs */ }; /* * The kernel's multicast routing statistics. */ struct mrtstat { u_int32_t mrts_mfc_lookups; /* # forw. cache hash table hits */ u_int32_t mrts_mfc_misses; /* # forw. cache hash table misses */ u_int32_t mrts_upcalls; /* # calls to mrouted */ u_int32_t mrts_no_route; /* no route for packet's origin */ u_int32_t mrts_bad_tunnel; /* malformed tunnel options */ u_int32_t mrts_cant_tunnel; /* no room for tunnel options */ u_int32_t mrts_wrong_if; /* arrived on wrong interface */ u_int32_t mrts_upq_ovflw; /* upcall Q overflow */ u_int32_t mrts_cache_cleanups; /* # entries with no upcalls */ u_int32_t mrts_drop_sel; /* pkts dropped selectively */ u_int32_t mrts_q_overflow; /* pkts dropped - Q overflow */ u_int32_t mrts_pkt2large; /* pkts dropped - size > BKT SIZE */ u_int32_t mrts_upq_sockfull; /* upcalls dropped - socket full */ }; /* * Argument structure used by mrouted to get src-grp pkt counts */ struct sioc_sg_req { struct in_addr src; struct in_addr grp; u_int32_t pktcnt; u_int32_t bytecnt; u_int32_t wrong_if; }; /* * Argument structure used by mrouted to get vif pkt counts */ struct sioc_vif_req { vifi_t vifi; /* vif number */ u_int32_t icount; /* Input packet count on vif */ u_int32_t ocount; /* Output packet count on vif */ u_int32_t ibytes; /* Input byte count on vif */ u_int32_t obytes; /* Output byte count on vif */ }; #ifdef PRIVATE /* * The kernel's virtual-interface structure. */ struct tbf; struct ifnet; struct socket; struct vif { u_char v_flags; /* VIFF_ flags defined above */ u_char v_threshold; /* min ttl required to forward on vif*/ u_int v_rate_limit; /* max rate */ struct tbf *v_tbf; /* token bucket structure at intf. */ struct in_addr v_lcl_addr; /* local interface address */ struct in_addr v_rmt_addr; /* remote address (tunnels only) */ struct ifnet *v_ifp; /* pointer to interface */ u_int32_t v_pkt_in; /* # pkts in on interface */ u_int32_t v_pkt_out; /* # pkts out on interface */ u_int32_t v_bytes_in; /* # bytes in on interface */ u_int32_t v_bytes_out; /* # bytes out on interface */ struct route v_route; /* cached route if this is a tunnel */ u_int v_rsvp_on; /* RSVP listening on this vif */ struct socket *v_rsvpd; /* RSVP daemon socket */ }; #endif /* * The kernel's multicast forwarding cache entry structure * (A field for the type of service (mfc_tos) is to be added * at a future point) */ struct mfc { struct in_addr mfc_origin; /* IP origin of mcasts */ struct in_addr mfc_mcastgrp; /* multicast group associated*/ vifi_t mfc_parent; /* incoming vif */ u_char mfc_ttls[CONFIG_MAXVIFS]; /* forwarding ttls on vifs */ u_int32_t mfc_pkt_cnt; /* pkt count for src-grp */ u_int32_t mfc_byte_cnt; /* byte count for src-grp */ u_int32_t mfc_wrong_if; /* wrong if for src-grp */ int mfc_expire; /* time to clean entry up */ struct timeval mfc_last_assert; /* last time I sent an assert*/ struct rtdetq *mfc_stall; /* q of packets awaiting mfc */ struct mfc *mfc_next; /* next mfc entry */ }; /* * Struct used to communicate from kernel to multicast router * note the convenient similarity to an IP packet */ struct igmpmsg { u_int32_t unused1; u_int32_t unused2; u_char im_msgtype; /* what type of message */ #define IGMPMSG_NOCACHE 1 #define IGMPMSG_WRONGVIF 2 u_char im_mbz; /* must be zero */ u_char im_vif; /* vif rec'd on */ u_char unused3; struct in_addr im_src, im_dst; }; #define MFCTBLSIZ CONFIG_MFCTBLSIZ #ifdef KERNEL_PRIVATE /* * Argument structure used for pkt info. while upcall is made */ struct rtdetq { struct mbuf *m; /* A copy of the packet */ struct ifnet *ifp; /* Interface pkt came in on */ vifi_t xmt_vif; /* Saved copy of imo_multicast_vif */ #if UPCALL_TIMING struct timeval t; /* Timestamp */ #endif /* UPCALL_TIMING */ struct rtdetq *next; /* Next in list of packets */ }; #if (CONFIG_MFCTBLSIZ & (CONFIG_MFCTBLSIZ - 1)) == 0 /* from sys:route.h */ #define MFCHASHMOD(h) ((h) & (CONFIG_MFCTBLSIZ - 1)) #else #define MFCHASHMOD(h) ((h) % CONFIG_MFCTBLSIZ) #endif #define MAX_UPQ 4 /* max. no of pkts in upcall Q */ /* * Token Bucket filter code */ #define MAX_BKT_SIZE 10000 /* 10K bytes size */ #define MAXQSIZE 10 /* max # of pkts in queue */ /* * the token bucket filter at each vif */ struct tbf { struct timeval tbf_last_pkt_t; /* arr. time of last pkt */ u_int32_t tbf_n_tok; /* no of tokens in bucket */ u_int32_t tbf_q_len; /* length of queue at this vif */ u_int32_t tbf_max_q_len; /* max. queue length */ struct mbuf *tbf_q; /* Packet queue */ struct mbuf *tbf_t; /* tail-insertion pointer */ }; struct sockopt; extern int (*ip_mrouter_set)(struct socket *, struct sockopt *); extern int (*ip_mrouter_get)(struct socket *, struct sockopt *); extern int (*ip_mrouter_done)(void); #if MROUTING extern int (*mrt_ioctl)(u_long, caddr_t); #else extern int (*mrt_ioctl)(u_long, caddr_t, struct proc *); #endif #endif /* KERNEL_PRIVATE */ #endif /* _NETINET_IP_MROUTE_H_ */ ================================================ FILE: src/ipc.c ================================================ /* Daemon IPC API * * Copyright (C) 2001-2005 Carsten Schill * Copyright (C) 2006-2009 Julien BLACHE * Copyright (C) 2009 Todd Hayton * Copyright (C) 2009-2011 Micha Lenk * Copyright (C) 2011-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include #include #include #include #include #include #include #include #include #include "ipc.h" #include "log.h" #include "msg.h" #include "util.h" #include "socket.h" #include "mroute.h" extern char *ident; static struct sockaddr_un sun; static int ipc_socket = -1; /* * max word count in one command: * smcroutectl add in1 source group out1 out2 .. out32 */ #define CMD_MAX_WORDS (MAXVIFS + 3) /* Receive command from the smcroutectl */ static void ipc_read(int sd) { /* since command len must be limited by the max number of oifs preallocate ipc_msg only once in advance */ char msg_buf[sizeof(struct ipc_msg) + CMD_MAX_WORDS * sizeof(char *)]; char buf[MX_CMDPKT_SZ]; int first_call = 1; ssize_t pos = 0; memset(buf, 0, sizeof(buf)); /* * since client message would be big enough and couldn't fit * into buffer we have to make multiple iterations to receive * all data */ while (1) { const char* ptr; ssize_t rc; rc = ipc_receive(sd, buf + pos, sizeof(buf) - pos - 1, first_call); first_call = 0; if (rc <= 0) { if (errno == EAGAIN) /* no more data from client */ return; if (errno != ECONNRESET) /* Skip logging client disconnects */ smclog(LOG_WARNING, "Failed receiving IPC message from client: %s", strerror(errno)); return; } pos += rc; if (pos > (int)sizeof(buf) - 1) { smclog(LOG_WARNING, "Too large IPC message, unsupported."); return; } /* Make sure to always have at least one NUL, for strlen() */ buf[pos] = 0; ptr = buf; while (pos > 0) { struct ipc_msg* msg = (struct ipc_msg*)msg_buf; /* extract one command at a time */ if (ipc_parse(ptr, pos, msg)) { if (EAGAIN == errno) { /* * need more data from client? move last unused bytes (if any) to * the begging of the buffer and lets try to receive more data */ memmove(buf, ptr, pos); break; } smclog(LOG_WARNING, "Failed to parse IPC message from client: %s", strerror(errno)); return; } if (msg_do(sd, msg)) { if (EINVAL == errno) smclog(LOG_WARNING, "Unknown or malformed IPC message '%c' from client.", msg->cmd); errno = 0; ipc_send(sd, log_message, strlen(log_message) + 1); } else { ipc_send(sd, "", 1); } /* shift to the next command if any and reduce remaining bytes in buffer */ ptr += msg->len; pos -= msg->len; } } } static void ipc_accept(int sd, void *arg) { socklen_t socklen = 0; int client; (void)arg; client = accept(sd, NULL, &socklen); if (client < 0) return; ipc_read(client); close(client); } /** * ipc_init - Initialise an IPC server socket * @path: Path to UNIX domain socket * * Returns: * The socket descriptor, or -1 on error with @errno set. */ int ipc_init(char *path) { socklen_t len; int sd; if (strlen(RUNSTATEDIR) + strlen(ident) + 11 >= sizeof(sun.sun_path)) { smclog(LOG_ERR, "Too long socket path, max %zd chars", sizeof(sun.sun_path)); return -1; } sd = socket_create(AF_UNIX, SOCK_STREAM, 0, ipc_accept, NULL); if (sd < 0) { smclog(LOG_WARNING, "Failed creating IPC socket, client disabled: %s", strerror(errno)); return -1; } #ifdef HAVE_SOCKADDR_UN_SUN_LEN sun.sun_len = 0; /* <- correct length is set by the OS */ #endif sun.sun_family = AF_UNIX; strlcpy(sun.sun_path, path, sizeof(sun.sun_path)); unlink(sun.sun_path); smclog(LOG_DEBUG, "Binding IPC socket to %s", sun.sun_path); len = offsetof(struct sockaddr_un, sun_path) + strlen(sun.sun_path); if (bind(sd, (struct sockaddr *)&sun, len) < 0 || listen(sd, 1)) { smclog(LOG_WARNING, "Failed binding IPC socket, client disabled: %s", strerror(errno)); socket_close(sd); return -1; } ipc_socket = sd; return sd; } /** * ipc_exit - Tear down and cleanup IPC communication. */ void ipc_exit(void) { if (ipc_socket >= 0) socket_close(ipc_socket); unlink(sun.sun_path); } /** * ipc_send - Send message to peer * @sd: Client socket from ipc_accept() * @buf: Message to send * @len: Message length in bytes of @buf * * Sends the IPC message in @buf of the size @len to the peer. * * Returns: * Number of bytes successfully sent, or -1 with @errno on failure. */ int ipc_send(int sd, const char *buf, size_t len) { if (write(sd, buf, len) != (ssize_t)len) return -1; return len; } /** * ipc_server_read - Read IPC message from client * @sd: Client socket from ipc_accept() * @buf: Buffer for message * @len: Size of @buf in bytes * @first_call: non-zero set on first read after accept, 0 - subsequent calls * * Reads a message(s) from the IPC socket and stores in @buf, respecting * the size @len. Connects and resets connection as necessary. * * Returns: * Size of a successfuly read command packet in @buf, or 0 on error. */ ssize_t ipc_receive(int sd, char *buf, size_t len, int first_call) { ssize_t sz; /* since we can call this multiple times during receive of multipart command lets pass `don't wait` flag to not block forever when client finish transmission */ int flags = first_call ? 0 : MSG_DONTWAIT; sz = recv(sd, buf, len - 1, flags); if (!sz) errno = ECONNRESET; return sz; } /** * ipc_server_parse - Parse IPC message(s) from client * @buf: Buffer of message(s) * @sz: Size of @buf in bytes * @msg_buf: Preallocated ipc_msg * * Parse message(s) from the IPC socket, respecting * the size @sz. * * Returns: * POSIX OK(0) on a successfuly read command in @buf, or non-zero on error. */ int ipc_parse(const char *buf, size_t sz, void* msg_buf) { struct ipc_msg* msg; /* successful read */ if (sz >= sizeof(struct ipc_msg)) { memcpy(msg_buf, buf, sizeof(struct ipc_msg)); msg = (struct ipc_msg*)msg_buf; /* enough bytes to extract just one message? */ if (sz >= msg->len) { size_t i, count; const char *ptr; count = msg->count; if (count > CMD_MAX_WORDS) { errno = EINVAL; return 1; } ptr = buf + offsetof(struct ipc_msg, argv); for (i = 0; i < count; i++) { /* Verify ptr, attacker may set too large msg->count */ if (ptr >= (buf + msg->len)) { errno = EBADMSG; return 1; } msg->argv[i] = (char*)ptr; ptr += strlen(ptr) + 1; } return 0; } } /* we've parsed all commands or not enough bytes to parse next */ errno = EAGAIN; return 1; } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/ipc.h ================================================ /* Daemon IPC API */ #ifndef SMCROUTE_IPC_H_ #define SMCROUTE_IPC_H_ #include "config.h" int ipc_init (char *path); void ipc_exit (void); int ipc_send (int sd, const char *buf, size_t len); ssize_t ipc_receive(int sd, char *buf, size_t len, int first_call); int ipc_parse (const char *buf, size_t sz, void *msg_buf); #endif /* SMCROUTE_IPC_H_ */ /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/kern.c ================================================ /* Kernel API for join/leave multicast groups and add/del routes * * Copyright (C) 2011-2021 Joachim Wiberg * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "config.h" #include #ifdef HAVE_FCNTL_H #include #endif #include #include #include #include "iface.h" #include "kern.h" #include "log.h" #include "mrdisc.h" #include "socket.h" #include "util.h" /* * Raw IGMP socket used as interface for the IPv4 mrouted API. * Receives IGMP packets and upcall messages from the kernel. */ static int sd4 = -1; /* * Raw ICMPv6 socket used as interface for the IPv6 mrouted API. * Receives MLD packets and upcall messages from the kenrel. */ static int sd6 = -1; /* IPv4 internal virtual interfaces (VIF) descriptor vector */ static struct { struct iface *iface; } vif_list[MAX_MC_VIFS]; /* IPv6 internal virtual interfaces (VIF) descriptor vector */ static struct mif { struct iface *iface; } mif_list[MAX_MC_VIFS]; /* * This function handles both ASM and SSM join/leave for IPv4 and IPv6 * using the RFC 3678 API available on Linux, FreeBSD, and a few other * operating systems. * * On Linux this makes it possible to join a group on an interface that * is down and/or has no IP address assigned to it yet. The latter is * one of the most common causes of malfunction on Linux and IPv4 with * the old struct ip_mreq API. */ #ifdef HAVE_STRUCT_GROUP_REQ /* Prefer RFC 3678 */ static int group_req(int sd, int cmd, struct mcgroup *mcg) { char source[INET_ADDRSTR_LEN], group[INET_ADDRSTR_LEN]; struct group_source_req gsr = { 0 }; struct group_req gr = { 0 }; size_t len; void *arg; int op, proto; #ifdef HAVE_IPV6_MULTICAST_HOST if (mcg->group.ss_family == AF_INET6) proto = IPPROTO_IPV6; else #endif proto = IPPROTO_IP; if (is_anyaddr(&mcg->source)) { if (cmd) op = MCAST_JOIN_GROUP; else op = MCAST_LEAVE_GROUP; arg = &gr; len = sizeof(gr); gr.gr_interface = mcg->iface->ifindex; gr.gr_group = mcg->group; strncpy(source, "*", sizeof(source)); inet_addr2str(&gr.gr_group, group, sizeof(group)); } else { if (cmd) op = MCAST_JOIN_SOURCE_GROUP; else op = MCAST_LEAVE_SOURCE_GROUP; arg = &gsr; len = sizeof(gsr); gsr.gsr_interface = mcg->iface->ifindex; gsr.gsr_source = mcg->source; gsr.gsr_group = mcg->group; inet_addr2str(&gsr.gsr_source, source, sizeof(source)); inet_addr2str(&gsr.gsr_group, group, sizeof(group)); } smclog(LOG_DEBUG, "%s group (%s,%s) on ifindex %d and socket %d ...", cmd ? "Join" : "Leave", source, group, mcg->iface->ifindex, sd); return setsockopt(sd, proto, op, arg, len); } #else /* Assume we have old style struct ip_mreq */ static int group_req(int sd, int cmd, struct mcgroup *mcg) { char group[INET_ADDRSTR_LEN]; #ifdef HAVE_IPV6_MULTICAST_HOST struct ipv6_mreq ipv6mr = { 0 }; #endif #ifdef HAVE_STRUCT_IP_MREQN struct ip_mreqn imr = { 0 }; #else struct ip_mreq imr = { 0 }; #endif int op, proto; size_t len; void *arg; #ifdef HAVE_IPV6_MULTICAST_HOST if (mcg->group.ss_family == AF_INET6) { struct sockaddr_in6 *sin6; sin6 = inet_addr6_get(&mcg->group); ipv6mr.ipv6mr_multiaddr = sin6->sin6_addr; ipv6mr.ipv6mr_interface = mcg->iface->ifindex; proto = IPPROTO_IPV6; op = cmd ? IPV6_JOIN_GROUP : IPV6_LEAVE_GROUP; arg = &ipv6mr; len = sizeof(ipv6mr); } else #endif { imr.imr_multiaddr = *inet_addr_get(&mcg->group); #ifdef HAVE_STRUCT_IP_MREQN imr.imr_ifindex = mcg->iface->ifindex; #else imr.imr_interface = mcg->iface->inaddr; #endif proto = IPPROTO_IP; op = cmd ? IP_ADD_MEMBERSHIP : IP_DROP_MEMBERSHIP; arg = &imr; len = sizeof(imr); } smclog(LOG_DEBUG, "%s group (*,%s) on ifindex %d ...", cmd ? "Join" : "Leave", inet_addr2str(&mcg->group, group, sizeof(group)), mcg->iface->ifindex); return setsockopt(sd, proto, op, arg, len); } #endif int kern_join_leave(int sd, int cmd, struct mcgroup *mcg) { if (group_req(sd, cmd, mcg)) { char source[INET_ADDRSTR_LEN] = "*"; char group[INET_ADDRSTR_LEN]; int len; if (!is_anyaddr(&mcg->source)) inet_addr2str(&mcg->source, source, sizeof(source)); inet_addr2str(&mcg->group, group, sizeof(group)); len = mcg->len == 0 ? 32 : mcg->len; smclog(LOG_ERR, "Failed %s group (%s,%s/%d) on sd %d ... %d: %s", cmd ? "joining" : "leaving", source, group, len, sd, errno, strerror(errno)); return 1; } return 0; } int kern_mroute_init(int table_id, void (*cb)(int, void *), void *arg) { int val = 1; if (sd4 < 0) { sd4 = socket_create(AF_INET, SOCK_RAW, IPPROTO_IGMP, cb, arg); if (sd4 < 0) return -1; } #ifdef MRT_TABLE /* Currently only available on Linux */ if (table_id != 0) { smclog(LOG_INFO, "Setting IPv4 multicast routing table id %d", table_id); if (setsockopt(sd4, IPPROTO_IP, MRT_TABLE, &table_id, sizeof(table_id)) < 0) { errno = EPROTONOSUPPORT; goto error; } } #else (void)table_id; #endif if (setsockopt(sd4, IPPROTO_IP, MRT_INIT, &val, sizeof(val))) goto error; /* Enable "PIM" to get WRONGVIF messages */ if (setsockopt(sd4, IPPROTO_IP, MRT_PIM, &val, sizeof(val))) smclog(LOG_ERR, "Failed enabling PIM IGMPMSG_WRONGVIF, ignoring: %s", strerror(errno)); /* Initialize virtual interface table */ memset(&vif_list, 0, sizeof(vif_list)); return 0; error: socket_close(sd4); sd4 = -1; return -1; } int kern_mroute_exit(void) { if (sd4 == -1) return errno = EAGAIN; /* Drop all kernel routes set by smcroute */ if (setsockopt(sd4, IPPROTO_IP, MRT_DONE, NULL, 0)) smclog(LOG_WARNING, "Failed shutting down IPv4 multicast routing socket: %s", strerror(errno)); socket_close(sd4); sd4 = -1; return 0; } int kern_vif_add(struct iface *iface) { struct vifctl vifc = { 0 }; size_t i; int vif; if (!iface) return errno = EINVAL; if ((iface->flags & IFF_MULTICAST) != IFF_MULTICAST) return errno = ENOPROTOOPT; if (sd4 == -1) return errno = EAGAIN; if (iface->vif != NO_VIF) return errno = EEXIST; /* find a free vif */ for (i = 0, vif = -1; i < NELEMS(vif_list); i++) { if (!vif_list[i].iface) { vif = i; break; } } if (vif == -1) return errno = ENOMEM; memset(&vifc, 0, sizeof(vifc)); vifc.vifc_vifi = vif; vifc.vifc_flags = 0; /* no tunnel, no source routing, register ? */ vifc.vifc_threshold = iface->threshold; vifc.vifc_rate_limit = 0; /* hopefully no limit */ #ifdef VIFF_USE_IFINDEX /* Register VIF using ifindex, not lcl_addr, since Linux 2.6.33 */ vifc.vifc_flags |= VIFF_USE_IFINDEX; vifc.vifc_lcl_ifindex = iface->ifindex; #else vifc.vifc_lcl_addr.s_addr = iface->inaddr.s_addr; #endif vifc.vifc_rmt_addr.s_addr = htonl(INADDR_ANY); smclog(LOG_DEBUG, "Map iface %-16s => VIF %-2d ifindex %2d flags 0x%04x TTL threshold %u", iface->ifname, vifc.vifc_vifi, iface->ifindex, vifc.vifc_flags, iface->threshold); if (setsockopt(sd4, IPPROTO_IP, MRT_ADD_VIF, &vifc, sizeof(vifc))) return 1; iface->vif = vif; vif_list[vif].iface = iface; return 0; } int kern_vif_del(struct iface *iface) { struct vifctl vifc = { 0 }; int rc; if (sd4 == -1) return errno = EAGAIN; if (!iface) return errno = EINVAL; if (iface->vif == NO_VIF) return errno = ENOENT; smclog(LOG_DEBUG, "Removing %-16s => VIF %-2d", iface->ifname, iface->vif); vifc.vifc_vifi = iface->vif; #ifdef __linux__ rc = setsockopt(sd4, IPPROTO_IP, MRT_DEL_VIF, &vifc, sizeof(vifc)); #else rc = setsockopt(sd4, IPPROTO_IP, MRT_DEL_VIF, &vifc.vifc_vifi, sizeof(vifc.vifc_vifi)); #endif if (!rc) { vif_list[iface->vif].iface = NULL; iface->vif = -1; } return rc; } static int kern_mroute4(int cmd, struct mroute *route) { char origin[INET_ADDRSTRLEN], group[INET_ADDRSTRLEN]; int op = cmd ? MRT_ADD_MFC : MRT_DEL_MFC; struct mfcctl mfcc = { 0 }; size_t i; if (sd4 == -1) { smclog(LOG_DEBUG, "No IPv4 multicast socket"); return -1; } memset(&mfcc, 0, sizeof(mfcc)); mfcc.mfcc_origin = *inet_addr_get(&route->source); mfcc.mfcc_mcastgrp = *inet_addr_get(&route->group); mfcc.mfcc_parent = route->inbound; inet_addr2str(&route->source, origin, sizeof(origin)); inet_addr2str(&route->group, group, sizeof(group)); /* copy the TTL vector, as many as the kernel supports */ for (i = 0; i < NELEMS(mfcc.mfcc_ttls); i++) mfcc.mfcc_ttls[i] = route->ttl[i]; if (setsockopt(sd4, IPPROTO_IP, op, &mfcc, sizeof(mfcc))) { if (ENOENT == errno) smclog(LOG_DEBUG, "failed removing multicast route (%s,%s), does not exist.", origin, group); else smclog(LOG_WARNING, "failed %s IPv4 multicast route (%s,%s): %s", cmd ? "adding" : "removing", origin, group, strerror(errno)); return 1; } smclog(LOG_DEBUG, "%s %s -> %s from VIF %d", cmd ? "Add" : "Del", origin, group, route->inbound); return 0; } static int kern_stats4(struct mroute *route, struct mroute_stats *ms) { struct sioc_sg_req sg_req = { 0 }; if (sd4 == -1) return errno = EAGAIN; memset(&sg_req, 0, sizeof(sg_req)); sg_req.src = *inet_addr_get(&route->source); sg_req.grp = *inet_addr_get(&route->group); if (ioctl(sd4, SIOCGETSGCNT, &sg_req) < 0) { if (ms->ms_wrong_if) smclog(LOG_WARNING, "Failed getting MFC stats: %s", strerror(errno)); return errno; } ms->ms_pktcnt = sg_req.pktcnt; ms->ms_bytecnt = sg_req.bytecnt; ms->ms_wrong_if = sg_req.wrong_if; return 0; } #ifdef HAVE_IPV6_MULTICAST_HOST #ifdef __linux__ #define IPV6_ALL_MC_FORWARD "/proc/sys/net/ipv6/conf/all/mc_forwarding" static int proc_set_val(char *file, int val) { int fd, rc = 0; fd = open(file, O_WRONLY); if (fd < 0) return 1; if (-1 == write(fd, "1", val)) rc = 1; close(fd); return rc; } #endif /* Linux only */ int kern_mroute6_init(int table_id, void (*cb)(int, void *), void *arg) { int val = 1; if (sd6 < 0) { sd6 = socket_create(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6, cb, arg); if (sd6 < 0) return -1; } #ifdef MRT6_TABLE /* Currently only available on Linux */ if (table_id != 0) { smclog(LOG_INFO, "Setting IPv6 multicast routing table id %d", table_id); if (setsockopt(sd6, IPPROTO_IPV6, MRT6_TABLE, &table_id, sizeof(table_id)) < 0) { errno = EPROTONOSUPPORT; goto error; } } #else (void)table_id; #endif if (setsockopt(sd6, IPPROTO_IPV6, MRT6_INIT, &val, sizeof(val))) goto error; /* Initialize virtual interface table */ memset(&mif_list, 0, sizeof(mif_list)); #ifdef __linux__ /* * On Linux pre 2.6.29 kernels net.ipv6.conf.all.mc_forwarding * is not set on MRT6_INIT so we have to do this manually */ if (proc_set_val(IPV6_ALL_MC_FORWARD, 1)) { if (errno != EACCES) { smclog(LOG_ERR, "Failed enabling IPv6 multicast forwarding: %s", strerror(errno)); goto error; } } #endif return 0; error: socket_close(sd6); sd6 = -1; return -1; } int kern_mroute6_exit(void) { if (sd6 == -1) return errno = EAGAIN; if (setsockopt(sd6, IPPROTO_IPV6, MRT6_DONE, NULL, 0)) smclog(LOG_WARNING, "Failed shutting down IPv6 multicast routing socket: %s", strerror(errno)); socket_close(sd6); sd6 = -1; return 0; } /* Create a virtual interface from @iface so it can be used for IPv6 multicast routing. */ int kern_mif_add(struct iface *iface) { struct mif6ctl mif6c = { 0 }; int mif = -1; size_t i; if (sd6 == -1) return errno = EAGAIN; if (!iface) return errno = EINVAL; if ((iface->flags & IFF_MULTICAST) != IFF_MULTICAST) return errno = ENOPROTOOPT; if (iface->mif != NO_VIF) return errno = EEXIST; /* find a free mif */ for (i = 0; i < NELEMS(mif_list); i++) { if (!mif_list[i].iface) { mif = i; break; } } if (mif == -1) return errno = ENOMEM; memset(&mif6c, 0, sizeof(mif6c)); mif6c.mif6c_mifi = mif; mif6c.mif6c_flags = 0; /* no register */ #ifdef HAVE_MIF6CTL_VIFC_THRESHOLD mif6c.vifc_threshold = iface->threshold; #endif mif6c.mif6c_pifi = iface->ifindex; /* physical interface index */ #ifdef HAVE_MIF6CTL_VIFC_RATE_LIMIT mif6c.vifc_rate_limit = 0; /* hopefully no limit */ #endif smclog(LOG_DEBUG, "Map iface %-16s => MIF %-2d ifindex %2d flags 0x%04x TTL threshold %u", iface->ifname, mif6c.mif6c_mifi, mif6c.mif6c_pifi, mif6c.mif6c_flags, iface->threshold); if (setsockopt(sd6, IPPROTO_IPV6, MRT6_ADD_MIF, &mif6c, sizeof(mif6c))) return -1; iface->mif = mif; mif_list[mif].iface = iface; return 0; } int kern_mif_del(struct iface *iface) { int rc; if (sd6 == -1) return errno = EAGAIN; if (!iface) return errno = EINVAL; if (iface->mif == NO_VIF) return errno = ENOENT; smclog(LOG_DEBUG, "Removing %-16s => MIF %-2d", iface->ifname, iface->mif); rc = setsockopt(sd6, IPPROTO_IPV6, MRT6_DEL_MIF, &iface->mif, sizeof(iface->mif)); if (!rc) { mif_list[iface->mif].iface = NULL; iface->mif = -1; } return rc; } static int kern_mroute6(int cmd, struct mroute *route) { char origin[INET_ADDRSTR_LEN], group[INET_ADDRSTR_LEN]; int op = cmd ? MRT6_ADD_MFC : MRT6_DEL_MFC; struct mf6cctl mf6cc = { 0 }; size_t i; if (sd6 == -1) return errno = EAGAIN; if (!route) return errno = EINVAL; memset(&mf6cc, 0, sizeof(mf6cc)); mf6cc.mf6cc_origin = *inet_addr6_get(&route->source); mf6cc.mf6cc_mcastgrp = *inet_addr6_get(&route->group); mf6cc.mf6cc_parent = route->inbound; inet_addr2str(&route->source, origin, INET_ADDRSTR_LEN); inet_addr2str(&route->group, group, INET_ADDRSTR_LEN); IF_ZERO(&mf6cc.mf6cc_ifset); for (i = 0; i < NELEMS(route->ttl); i++) { if (route->ttl[i]) { IF_SET(i, &mf6cc.mf6cc_ifset); } } if (setsockopt(sd6, IPPROTO_IPV6, op, &mf6cc, sizeof(mf6cc))) { if (ENOENT == errno) smclog(LOG_DEBUG, "failed removing IPv6 multicast route (%s,%s), " "does not exist.", origin, group); else smclog(LOG_WARNING, "failed %s IPv6 multicast route (%s,%s): %s", cmd ? "adding" : "removing", origin, group, strerror(errno)); return 1; } smclog(LOG_DEBUG, "%s %s -> %s from VIF %d", cmd ? "Add" : "Del", origin, group, route->inbound); return 0; } static int kern_stats6(struct mroute *route, struct mroute_stats *ms) { struct sioc_sg_req6 sg_req = { 0 }; if (sd6 == -1) return errno = EAGAIN; sg_req.src = *inet_addr6_get(&route->source); sg_req.grp = *inet_addr6_get(&route->group); if (ioctl(sd6, SIOCGETSGCNT_IN6, &sg_req) < 0) { if (ms->ms_wrong_if) smclog(LOG_WARNING, "Failed getting MFC stats: %s", strerror(errno)); return errno; } ms->ms_pktcnt = sg_req.pktcnt; ms->ms_bytecnt = sg_req.bytecnt; ms->ms_wrong_if = sg_req.wrong_if; return 0; } #endif /* HAVE_IPV6_MULTICAST_HOST */ /* * Query kernel for route usage statistics */ int kern_stats(struct mroute *route, struct mroute_stats *ms) { if (!route || !ms) return errno = EINVAL; #ifdef HAVE_IPV6_MULTICAST_HOST if (route->group.ss_family == AF_INET6) return kern_stats6(route, ms); #endif return kern_stats4(route, ms); } int kern_mroute_add(struct mroute *route) { if (!route) return errno = EINVAL; #ifdef HAVE_IPV6_MULTICAST_HOST if (route->group.ss_family == AF_INET6) return kern_mroute6(1, route); #endif return kern_mroute4(1, route); } int kern_mroute_del(struct mroute *route) { if (!route) return errno = EINVAL; #ifdef HAVE_IPV6_MULTICAST_HOST if (route->group.ss_family == AF_INET6) return kern_mroute6(0, route); #endif return kern_mroute4(0, route); } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/kern.h ================================================ /* Kernel API for join/leave multicast groups and add/del routes * * Copyright (C) 2011-2021 Joachim Wiberg * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #ifndef SMCROUTE_KERN_H_ #define SMCROUTE_KERN_H_ #include "mcgroup.h" #include "mroute.h" struct mroute_stats { unsigned long ms_pktcnt; unsigned long ms_bytecnt; unsigned long ms_wrong_if; }; int kern_join_leave (int sd, int cmd, struct mcgroup *mcg); int kern_mroute_init (int table_id, void (*cb)(int, void *), void *arg); int kern_mroute_exit (void); int kern_mroute6_init(int table_id, void (*cb)(int, void *), void *arg); int kern_mroute6_exit(void); int kern_vif_add (struct iface *iface); int kern_vif_del (struct iface *iface); int kern_mif_add (struct iface *iface); int kern_mif_del (struct iface *iface); int kern_mroute_add (struct mroute *route); int kern_mroute_del (struct mroute *route); int kern_stats (struct mroute *route, struct mroute_stats *ms); #endif /* SMCROUTE_KERN_H_ */ ================================================ FILE: src/log.c ================================================ /* System logging API * * Copyright (C) 2011-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #define SYSLOG_NAMES #include #include #include #include "log.h" #include "conf.h" #include "util.h" int log_level = LOG_NOTICE; char log_message[128]; /** * loglvl - Convert log level string to value * @level: String from user, debug, error, warning, etc. * * Returns: * Matching %LOG_DEBUG, %LOG_ERR, etc. */ int loglvl(const char *level) { int i; for (i = 0; prioritynames[i].c_name; i++) { size_t len = MIN(strlen(prioritynames[i].c_name), strlen(level)); if (!strncasecmp(prioritynames[i].c_name, level, len)) return prioritynames[i].c_val; } return atoi(level); } /** * smclog - Log message to syslog or stderr * @severity: Standard syslog() severity levels * @fmt: Standard printf() formatted message to log * * Logs a standard printf() formatted message to syslog and stderr when * @severity is greater than the @log_level threshold. When @code is * set it is appended to the log, along with the error message. * * When @severity is %LOG_ERR or worse this function will call exit(). */ void smclog(int severity, const char *fmt, ...) { va_list args; va_start(args, fmt); if (!conf_vrfy) { vsnprintf(log_message, sizeof(log_message), fmt, args); } else { if (severity <= log_level) { vprintf(fmt, args); puts(""); } } va_end(args); syslog(severity, "%s", log_message); } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/log.h ================================================ /* System logging API */ #ifndef SMCROUTE_LOG_H_ #define SMCROUTE_LOG_H_ #include extern int log_level; extern char log_message[128]; int loglvl(const char *level); void smclog(int severity, const char *fmt, ...); #endif /* SMCROUTE_LOG_H_ */ ================================================ FILE: src/mcgroup.c ================================================ /* Multicast group management (join/leave) API * * Copyright (C) 2001-2005 Carsten Schill * Copyright (C) 2006-2009 Julien BLACHE * Copyright (C) 2009 Todd Hayton * Copyright (C) 2009-2011 Micha Lenk * Copyright (C) 2011-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include "queue.h" #include #include #include #include #include #include #ifdef HAVE_LINUX_FILTER_H #include #endif #include #include "log.h" #include "ipc.h" #include "util.h" #include "iface.h" #include "socket.h" #include "mcgroup.h" #include "kern.h" /* * Track IGMP join, any-source and source specific */ static TAILQ_HEAD(kmcglist, mcgroup) kern_list = TAILQ_HEAD_INITIALIZER(kern_list); static TAILQ_HEAD(cmcglist, mcgroup) conf_list = TAILQ_HEAD_INITIALIZER(conf_list); #ifdef HAVE_LINUX_FILTER_H /* * Extremely simple "drop everything" filter for Linux so we do not get * a copy each packet of every routed group we join. */ static struct sock_filter filter[] = { { 0x6, 0, 0, 0x00000000 }, }; static struct sock_fprog fprog = { sizeof(filter) / sizeof(filter[0]), filter }; #endif /* HAVE_LINUX_FILTER_H */ /* * Linux net.ipv4.igmp_max_memberships defaults to 20, but empiricism * suggests we can only ever get 10 from each socket on Linux 5.11. * We therefore calibrate for the current system this using ENOBUFS. */ #define MAX_GROUPS 20 static int max_groups = MAX_GROUPS; struct mc_sock { TAILQ_ENTRY(mc_sock) link; int family; /* address family */ int sd; /* socket for join/leave ops */ int cnt; /* max 20 on linux */ }; TAILQ_HEAD(mcslist, mc_sock) mc_sock_list= TAILQ_HEAD_INITIALIZER(mc_sock_list); static int alloc_mc_sock(int family) { struct mc_sock *entry; TAILQ_FOREACH(entry, &mc_sock_list, link) { if (entry->cnt < max_groups && entry->family == family) break; } if (!entry) { entry = malloc(sizeof(struct mc_sock)); if (!entry) { smclog(LOG_ERR, "Out of memory in %s()", __func__); return -1; } entry->family = family; entry->cnt = 0; entry->sd = socket_create(family, SOCK_DGRAM, 0, NULL, NULL); if (entry->sd == -1) { smclog(LOG_ERR, "Failed creating mc socket: %s", strerror(errno)); free(entry); return -1; } #ifdef HAVE_LINUX_FILTER_H if (setsockopt(entry->sd, SOL_SOCKET, SO_ATTACH_FILTER, &fprog, sizeof(fprog)) < 0) smclog(LOG_WARNING, "failed setting IPv4 socket filter, continuing anyway"); #endif TAILQ_INSERT_TAIL(&mc_sock_list, entry, link); } entry->cnt++; smclog(LOG_DEBUG, "Group socket %d count %d of MAX %d", entry->sd, entry->cnt, max_groups); return entry->sd; } static void free_mc_sock(int sd) { struct mc_sock *entry, *tmp; TAILQ_FOREACH_SAFE(entry, &mc_sock_list, link, tmp) { if (entry->sd == sd) break; } if (entry) { if (--entry->cnt == 0) { TAILQ_REMOVE(&mc_sock_list, entry, link); socket_close(entry->sd); free(entry); } } } static struct iface *match_valid_iface(const char *ifname, struct ifmatch *state) { struct iface *iface = iface_match_by_name(ifname, 0, state); if (!iface && !state->match_count) smclog(LOG_DEBUG, "unknown interface %s", ifname); return iface; } static void list_add(int sd, struct mcgroup *mcg) { struct mcgroup *entry; entry = malloc(sizeof(*entry)); if (!entry) { smclog(LOG_ERR, "Failed adding mgroup to list: %s", strerror(errno)); return; } *entry = *mcg; entry->sd = sd; TAILQ_INSERT_TAIL(&kern_list, entry, link); } static void list_rem(int sd, struct mcgroup *mcg) { struct mcgroup *entry, *tmp; (void)sd; TAILQ_FOREACH_SAFE(entry, &kern_list, link, tmp) { if (entry->iface->ifindex != mcg->iface->ifindex) continue; if (inet_addr_cmp(&entry->source, &mcg->source) || inet_addr_cmp(&entry->group, &mcg->group)) continue; TAILQ_REMOVE(&kern_list, entry, link); free_mc_sock(entry->sd); free(entry); } } void mcgroup_init(void) { struct rlimit rlim; if (getrlimit(RLIMIT_NOFILE, &rlim)) { smclog(LOG_ERR, "Failed reading RLIMIT_NOFILE"); return; } smclog(LOG_DEBUG, "NOFILE: current %lu max %lu", rlim.rlim_cur, rlim.rlim_max); rlim.rlim_cur = rlim.rlim_max; if (setrlimit(RLIMIT_NOFILE, &rlim)) { smclog(LOG_ERR, "Failed setting RLIMIT_NOFILE soft limit to %lu: %s", rlim.rlim_max, strerror(errno)); return; } smclog(LOG_DEBUG, "NOFILE: set new current %ld max %ld", rlim.rlim_cur, rlim.rlim_max); } /* * Close IPv4/IPv6 multicast sockets to kernel to leave any joined groups */ void mcgroup_exit(void) { struct mcgroup *entry, *tmp; TAILQ_FOREACH_SAFE(entry, &conf_list, link, tmp) { TAILQ_REMOVE(&conf_list, entry, link); free(entry); } TAILQ_FOREACH_SAFE(entry, &kern_list, link, tmp) { TAILQ_REMOVE(&kern_list, entry, link); free_mc_sock(entry->sd); free(entry); } } static struct mcgroup *find_conf(const char *ifname, inet_addr_t *source, inet_addr_t *group, int len) { struct mcgroup *entry; TAILQ_FOREACH(entry, &conf_list, link) { if (strcmp(entry->ifname, ifname)) continue; if (inet_addr_cmp(&entry->source, source)) continue; if (inet_addr_cmp(&entry->group, group) || entry->len != len) continue; return entry; } return NULL; } static struct mcgroup *find_kern(struct mcgroup *mcg) { struct mcgroup *entry; TAILQ_FOREACH(entry, &kern_list, link) { if (strcmp(entry->ifname, mcg->ifname)) continue; if (inet_addr_cmp(&entry->source, &mcg->source)) continue; if (inet_addr_cmp(&entry->group, &mcg->group)) continue; return entry; } return NULL; } int mcgroup_action(int cmd, const char *ifname, inet_addr_t *source, int src_len, inet_addr_t *group, int len) { char src[INET_ADDRSTR_LEN] = "*", grp[INET_ADDRSTR_LEN]; struct mcgroup *mcg; struct ifmatch state; int rc = 0; int sd; if (!is_anyaddr(source)) inet_addr2str(source, src, sizeof(src)); inet_addr2str(group, grp, sizeof(grp)); mcg = find_conf(ifname, source, group, len); if (mcg) { if (cmd) { if (mcg->unused) { mcg->unused = 0; return 0; } smclog(LOG_INFO, "Already joined (%s,%s) on %s", src, grp, ifname); errno = EALREADY; return 1; } } else { if (!cmd) { smclog(LOG_INFO, "No group (%s,%s) on %s to leave", src, grp, ifname); errno = ENOENT; return 1; } mcg = calloc(1, sizeof(*mcg)); if (!mcg) { smclog(LOG_ERR, "Out of memory joining (%s,%s) on %s", src, grp, ifname); return 1; } strlcpy(mcg->ifname, ifname, sizeof(mcg->ifname)); mcg->source = *source; mcg->src_len = src_len; mcg->group = *group; mcg->len = len; TAILQ_INSERT_TAIL(&conf_list, mcg, link); } iface_match_init(&state); while ((mcg->iface = match_valid_iface(ifname, &state))) { struct inet_iter siter; inet_iter_init(&siter, &mcg->source, mcg->src_len); while (inet_iterator(&siter, &mcg->source)) { struct inet_iter giter; inet_iter_init(&giter, &mcg->group, mcg->len); while (inet_iterator(&giter, &mcg->group)) { if (!cmd) { struct mcgroup *kmcg; kmcg = find_kern(mcg); if (!kmcg) continue; sd = kmcg->sd; } else { retry: sd = alloc_mc_sock(group->ss_family); } if (sd == -1) { smclog(LOG_ERR, "Failed %s (%s,%s) on %s: %s", cmd ? "joining" : "leaving", src, grp, ifname, strerror(errno)); continue; } if (kern_join_leave(sd, cmd, mcg)) { if (cmd) { switch (errno) { case EADDRINUSE: /* Already joined, ignore */ continue; case ENOBUFS: smclog(LOG_WARNING, "Out of groups on socket " "adjusting max_groups %d.", max_groups); /* * Maxed out net.ipv4.igmp_max_msf * or net.ipv4.igmp_max_memberships * Linux only. */ max_groups--; goto retry; default: break; } } rc++; break; } if (cmd) list_add(sd, mcg); else list_rem(sd, mcg); } mcg->group = giter.orig; } mcg->source = siter.orig; } if (!cmd) { TAILQ_REMOVE(&conf_list, mcg, link); free_mc_sock(mcg->sd); free(mcg); } if (!state.match_count) return 1; return rc; } /* * Called on SIGHUP/reload. Mark all known configured groups as * 'unused', let mcgroup_action() unmark and mcgroup_reload_end() * take care to remove groups that still have the 'unused' flag. */ void mcgroup_reload_beg(void) { struct mcgroup *entry; TAILQ_FOREACH(entry, &conf_list, link) entry->unused = 1; } void mcgroup_reload_end(void) { struct mcgroup *entry, *tmp; struct iface *iface; int first = 1; while ((iface = iface_iterator(first))) { char dummy[IFNAMSIZ]; first = 0; if (iface->unused || !if_indextoname(iface->ifindex, dummy)) mcgroup_prune(iface->ifname); } TAILQ_FOREACH_SAFE(entry, &conf_list, link, tmp) { if (!entry->unused) continue; mcgroup_action(0, entry->ifname, &entry->source, entry->src_len, &entry->group, entry->len); } } /* * When an interface is removed from the system, or its flags are * changed to exclude the MULTICAST flag, we must prune groups. */ void mcgroup_prune(char *ifname) { struct mcgroup *entry, *tmp; TAILQ_FOREACH_SAFE(entry, &conf_list, link, tmp) { if (strcmp(entry->ifname, ifname)) continue; mcgroup_action(0, entry->ifname, &entry->source, entry->src_len, &entry->group, entry->len); } } static int show_mcgroup(int sd, struct mcgroup *entry) { int max_len = inet_max_len(&entry->group); char sg[INET_ADDRSTR_LEN * 2 + 10 + 3]; char src[INET_ADDRSTR_LEN] = "*"; char grp[INET_ADDRSTR_LEN]; char line[256]; if (!is_anyaddr(&entry->source)) inet_addr2str(&entry->source, src, sizeof(src)); inet_addr2str(&entry->group, grp, sizeof(grp)); snprintf(sg, sizeof(sg), "(%s", src); if (entry->src_len != max_len) snprintf(line, sizeof(line), "/%u, ", entry->src_len); else snprintf(line, sizeof(line), ", "); strlcat(sg, line, sizeof(sg)); if (entry->len != max_len) snprintf(line, sizeof(line), "%s/%u)", grp, entry->len); else snprintf(line, sizeof(line), "%s)", grp); strlcat(sg, line, sizeof(sg)); snprintf(line, sizeof(line), "%-42s %s\n", sg, entry->ifname); if (ipc_send(sd, line, strlen(line)) < 0) { smclog(LOG_ERR, "Failed sending reply to client: %s", strerror(errno)); return -1; } return 0; } /* Write all joined IGMP/MLD groups to client socket */ int mcgroup_show(int sd, int detail) { char *conf_str = "Group Memberships Table_\n"; char *kern_str = "Kernel Group Membership Table_\n"; struct mcgroup *entry; char line[256]; if (TAILQ_EMPTY(&conf_list)) return 0; ipc_send(sd, conf_str, strlen(conf_str)); snprintf(line, sizeof(line), "%-42s %-16s=\n", "GROUP (S,G)", "IIF"); ipc_send(sd, line, strlen(line)); TAILQ_FOREACH(entry, &conf_list, link) { if (show_mcgroup(sd, entry) < 0) return 1; } if (!detail) return 0; ipc_send(sd, kern_str, strlen(kern_str)); snprintf(line, sizeof(line), "%-42s %-16s=\n", "GROUP (S,G)", "IIF"); TAILQ_FOREACH(entry, &kern_list, link) { if (show_mcgroup(sd, entry) < 0) return 1; } return 0; } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/mcgroup.h ================================================ /* IGMP/MLD group subscription API */ #ifndef SMCROUTE_MCGROUP_H_ #define SMCROUTE_MCGROUP_H_ #include "inet.h" #include "queue.h" struct mcgroup { TAILQ_ENTRY(mcgroup) link; int unused; char ifname[IFNAMSIZ]; struct iface *iface; inet_addr_t source; uint8_t src_len; inet_addr_t group; uint8_t len; int sd; }; void mcgroup_reload_beg(void); void mcgroup_reload_end(void); void mcgroup_prune (char *ifname); void mcgroup_init (void); void mcgroup_exit (void); int mcgroup_action (int cmd, const char *ifname, inet_addr_t *source, int src_len, inet_addr_t *group, int len); int mcgroup_show (int sd, int detail); #endif /* SMCROUTE_MCGROUP_H_ */ /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/mrdisc.c ================================================ /* Multicast Router Discovery Protocol, RFC4286 (IPv4 only) * * Copyright (C) 2017-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef __linux__ /* We use SO_BINDTODEVICE to be able to send MRDISC on interfaces that * may not have an IP address yet. I have not found any way of doing * this on FreeBSD. Best I could find was an aging patch for IP_SENDIF * https://forums.freebsd.org/threads/so_bindtodevice-undeclared-on-freebsd-12.73731/ * that never got merged. It's possible there are other ways to do the * same, but now you know as much as I do. */ #error Currently only works on Linux, patches for FreeBSD are most welcome. #endif #include "config.h" #include "queue.h" #include #include #include #include #include #include #include #include #include #include #include #include "log.h" #include "mrdisc.h" #include "socket.h" #include "timer.h" #include "util.h" #define MC_ALL_ROUTERS "224.0.0.2" #define MC_ALL_SNOOPERS "224.0.0.106" #define IGMP_MRDISC_ANNOUNCE 0x30 #define IGMP_MRDISC_SOLICIT 0x31 #define IGMP_MRDISC_TERM 0x32 struct ifsock { LIST_ENTRY(ifsock) link; int sd; char ifname[IFNAMSIZ]; vifi_t vif; }; static uint8_t interval = 20; static LIST_HEAD(ifslist, ifsock) ifsock_list = LIST_HEAD_INITIALIZER(); static struct ifsock *find(int sd) { struct ifsock *entry; LIST_FOREACH(entry, &ifsock_list, link) { if (entry->sd == sd) return entry; } return NULL; } /* Checksum routine for Internet Protocol family headers */ static unsigned short in_cksum(unsigned short *addr, int len) { unsigned short answer = 0; unsigned short *w = addr; unsigned int sum = 0; int nleft = len; /* * Our algorithm is simple, using a 32 bit accumulator (sum), we add * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ while (nleft > 1) { sum += *w++; nleft -= 2; } /* mop up an odd byte, if necessary */ if (nleft == 1) { *(unsigned char *)(&answer) = *(unsigned char *)w; sum += answer; } /* add back carry outs from top 16 bits to low 16 bits */ sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ sum += (sum >> 16); /* add carry */ answer = ~sum & 0xffff; /* truncate to 16 bits */ return answer; } static void compose_addr(struct sockaddr_in *sin, char *group) { memset(sin, 0, sizeof(*sin)); sin->sin_family = AF_INET; sin->sin_addr.s_addr = inet_addr(group); } static int inet_send(int sd, uint8_t type, uint8_t interval) { struct sockaddr dest; struct igmp igmp; ssize_t num; memset(&igmp, 0, sizeof(igmp)); igmp.igmp_type = type; igmp.igmp_code = interval; igmp.igmp_cksum = in_cksum((unsigned short *)&igmp, sizeof(igmp)); compose_addr((struct sockaddr_in *)&dest, MC_ALL_SNOOPERS); num = sendto(sd, &igmp, sizeof(igmp), 0, &dest, sizeof(dest)); if (num < 0) return -1; return 0; } /* If called with interval=0, only read() */ static int inet_recv(int sd, uint8_t interval) { struct igmp *igmp; char buf[1530]; struct ip *ip; ssize_t num; memset(buf, 0, sizeof(buf)); num = read(sd, buf, sizeof(buf)); if (num < 0) return -1; ip = (struct ip *)buf; igmp = (struct igmp *)(buf + (ip->ip_hl << 2)); if (igmp->igmp_type == IGMP_MRDISC_SOLICIT && interval > 0) { smclog(LOG_DEBUG, "Received mrdisc solicitation"); return inet_send(sd, IGMP_MRDISC_ANNOUNCE, interval); } return 0; } static int inet_open(char *ifname) { unsigned char ra[4] = { IPOPT_RA, 0x04, 0x00, 0x00 }; struct ip_mreqn mreq; struct ifreq ifr; int sd, val, rc; char loop; sd = socket_create(AF_INET, SOCK_RAW, IPPROTO_IGMP, mrdisc_recv, NULL); if (sd < 0) { smclog(LOG_ERR, "Cannot open socket: %s", strerror(errno)); return -1; } memset(&ifr, 0, sizeof(ifr)); snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", ifname); if (setsockopt(sd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr)) < 0) { if (ENODEV == errno) { smclog(LOG_WARNING, "Not a valid interface, %s, skipping ...", ifname); socket_close(sd); return -1; } smclog(LOG_ERR, "Cannot bind socket to interface %s: %s", ifname, strerror(errno)); socket_close(sd); return -1; } memset(&mreq, 0, sizeof(mreq)); mreq.imr_multiaddr.s_addr = inet_addr(MC_ALL_SNOOPERS); mreq.imr_ifindex = if_nametoindex(ifname); if (setsockopt(sd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq))) { smclog(LOG_ERR, "Failed joining group %s: %s", MC_ALL_SNOOPERS, strerror(errno)); return -1; } /* mrdisc solicitation messages goes to the All-Routers group */ mreq.imr_multiaddr.s_addr = inet_addr(MC_ALL_ROUTERS); mreq.imr_ifindex = if_nametoindex(ifname); if (setsockopt(sd, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq))) { smclog(LOG_ERR, "Failed joining group %s: %s", MC_ALL_ROUTERS, strerror(errno)); return -1; } val = 1; rc = setsockopt(sd, IPPROTO_IP, IP_MULTICAST_TTL, &val, sizeof(val)); if (rc < 0) { smclog(LOG_ERR, "Cannot set TTL: %s", strerror(errno)); socket_close(sd); return -1; } loop = 0; rc = setsockopt(sd, IPPROTO_IP, IP_MULTICAST_LOOP, &loop, sizeof(loop)); if (rc < 0) { smclog(LOG_ERR, "Cannot disable MC loop: %s", strerror(errno)); socket_close(sd); return -1; } rc = setsockopt(sd, IPPROTO_IP, IP_OPTIONS, &ra, sizeof(ra)); if (rc < 0) { smclog(LOG_ERR, "Cannot set IP OPTIONS: %s", strerror(errno)); socket_close(sd); return -1; } return sd; } static int inet_close(int sd) { return inet_send(sd, IGMP_MRDISC_TERM, 0) || socket_close(sd); } static void announce(struct ifsock *entry) { if (!entry) return; smclog(LOG_DEBUG, "Sending mrdisc announcement on %s", entry->ifname); if (inet_send(entry->sd, IGMP_MRDISC_ANNOUNCE, interval)) { if (ENETUNREACH == errno || ENETDOWN == errno) return; /* Link down, ignore. */ smclog(LOG_WARNING, "Failed sending IGMP control message 0x%x on %s, error %d: %s", IGMP_MRDISC_ANNOUNCE, entry->ifname, errno, strerror(errno)); } } int mrdisc_init(int period) { interval = period; if (timer_add(interval, mrdisc_send, NULL) < 0 && errno != EEXIST) { smclog(LOG_ERR, "Failed starting mrdisc announcement timer."); return -1; } return 0; } int mrdisc_exit(void) { struct ifsock *entry, *tmp; LIST_FOREACH_SAFE(entry, &ifsock_list, link, tmp) { inet_close(entry->sd); LIST_REMOVE(entry, link); free(entry); } return 0; } /* * Register possible interface for mrdisc */ int mrdisc_register(char *ifname, short vif) { struct ifsock *entry; LIST_FOREACH(entry, &ifsock_list, link) { if (!strcmp(entry->ifname, ifname)) goto reload; } entry = malloc(sizeof(*entry)); if (!entry) { smclog(LOG_ERR, "Out of memory in %s()", __func__); return -1; } entry->vif = vif; strlcpy(entry->ifname, ifname, sizeof(entry->ifname)); LIST_INSERT_HEAD(&ifsock_list, entry, link); entry->sd = inet_open(entry->ifname); if (entry->sd < 0) return -1; reload: announce(entry); return 0; } /* * Unregister mrdisc interface, regardless of refcnt */ int mrdisc_deregister(short vif) { struct ifsock *entry; LIST_FOREACH(entry, &ifsock_list, link) { if (entry->vif != vif) continue; inet_close(entry->sd); LIST_REMOVE(entry, link); free(entry); return 0; } return 0; } void mrdisc_send(void *arg) { struct ifsock *entry; (void)arg; LIST_FOREACH(entry, &ifsock_list, link) announce(entry); } void mrdisc_recv(int sd, void *arg) { struct ifsock *entry; (void)arg; /* Verify we are reading from an active socket */ entry = find(sd); if (!entry) { smclog(LOG_WARNING, "Bug in mrdisc, received frame on unknown socket %d", sd); return; } /* Only do a "dummy" read on inactive interfaces */ if (inet_recv(sd, interval)) smclog(LOG_WARNING, "Failed receiving IGMP control message from %s", entry->ifname); } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/mrdisc.h ================================================ /* Multicast Router Discovery Protocol, RFC4286 (IPv4 only) * * Copyright (C) 2017-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef SMCROUTE_MRDISC_H_ #define SMCROUTE_MRDISC_H_ #include "config.h" #define MRDISC_INTERVAL_DEFAULT 20 #ifdef ENABLE_MRDISC int mrdisc_init (int interval); int mrdisc_exit (void); int mrdisc_register (char *ifname, short vif); int mrdisc_deregister ( short vif); int mrdisc_enable (short vif); int mrdisc_disable (short vif); void mrdisc_send ( void *arg); void mrdisc_recv (int sd, void *arg); #else #define mrdisc_init(interval) #define mrdisc_exit() #define mrdisc_register(ifname, vif) 0 #define mrdisc_deregister(vif) 0 #define mrdisc_enable(ifname) #define mrdisc_disable(ifname) {} #define mrdisc_send(arg) #define mrdisc_recv(sd, arg) #endif #endif /* SMCROUTE_MRDISC_H_ */ ================================================ FILE: src/mroute.c ================================================ /* Generic kernel multicast routing API for Linux and *BSD * * Copyright (C) 2001-2005 Carsten Schill * Copyright (C) 2006-2009 Julien BLACHE * Copyright (C) 2009 Todd Hayton * Copyright (C) 2009-2011 Micha Lenk * Copyright (C) 2011-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include "queue.h" #include #include #include /* snprintf() */ #include #include #include #include "log.h" #include "iface.h" #include "ipc.h" #include "script.h" #include "mrdisc.h" #include "mroute.h" #include "kern.h" #include "timer.h" #include "util.h" /* * Cache flush timeout, used for learned S in (*,G) that stop xmit */ static int cache_timeout = 0; /* * User added/configured routes, both ASM and SSM */ static TAILQ_HEAD(cl, mroute) conf_list = TAILQ_HEAD_INITIALIZER(conf_list); /* * Kernel MFC */ static TAILQ_HEAD(kl, mroute) kern_list = TAILQ_HEAD_INITIALIZER(kern_list); static int mroute4_add_vif (struct iface *iface); static int mroute_dyn_add (struct mroute *route); static int is_match (struct mroute *rule, struct mroute *cand); static int is_exact_match (struct mroute *rule, struct mroute *cand); static int mfc_install (struct mroute *route); static int mfc_uninstall (struct mroute *route); /* Check for kernel IGMPMSG_NOCACHE for (*,G) hits. I.e., source-less routes. */ static void handle_nocache4(int sd, void *arg) { char origin[INET_ADDRSTRLEN], group[INET_ADDRSTRLEN]; struct mroute mroute = { 0 }; struct igmpmsg *im; struct iface *iface; struct ip *ip; char tmp[128]; int result; (void)arg; result = read(sd, tmp, sizeof(tmp)); if (result < 0) { smclog(LOG_WARNING, "Failed reading IGMP message from kernel: %s", strerror(errno)); return; } ip = (struct ip *)tmp; /* Basic validation, filter out non igmpmsg */ im = (struct igmpmsg *)tmp; if (im->im_mbz != 0 || im->im_msgtype == 0) return; /* packets sent up from kernel to daemon have ip->ip_p = 0 */ if (ip->ip_p != 0) return; inet_addr_set(&mroute.source, &im->im_src); inet_addr_set(&mroute.group, &im->im_dst); mroute.inbound = im->im_vif; mroute.len = 32; mroute.src_len = 32; inet_addr2str(&mroute.source, origin, sizeof(origin)); inet_addr2str(&mroute.group, group, sizeof(group)); iface = iface_find_by_inbound(&mroute); if (!iface) { smclog(LOG_WARNING, "No matching interface for VIF %u, cannot handle IGMP message %d.", mroute.inbound, im->im_msgtype); return; } /* check for IGMPMSG_NOCACHE to do (*,G) based routing. */ switch (im->im_msgtype) { case IGMPMSG_NOCACHE: /* Find any matching route for this group on that iif. */ smclog(LOG_DEBUG, "New multicast data from %s to group %s on %s", origin, group, iface->ifname); result = mroute_dyn_add(&mroute); if (result) { /* * This is a common error, the router receives streams it is not * set up to route -- we ignore these by default, but if the user * sets a more permissive log level we help out by showing what * is going on. */ if (ENOENT == errno) smclog(LOG_INFO, "Multicast from %s, group %s, on %s does not match any (*,G) rule", origin, group, iface->ifname); return; } script_exec(&mroute); break; case IGMPMSG_WRONGVIF: smclog(LOG_WARNING, "Multicast from %s, group %s, coming in on wrong VIF %u, iface %s", origin, group, mroute.inbound, iface->ifname); break; case IGMPMSG_WHOLEPKT: #ifdef IGMPMSG_WRVIFWHOLE case IGMPMSG_WRVIFWHOLE: #endif smclog(LOG_WARNING, "Receiving PIM register data from %s, group %s", origin, group); break; default: smclog(LOG_DEBUG, "Unknown IGMP message %d from kernel", im->im_msgtype); break; } } static void cache_flush(void *arg) { (void)arg; smclog(LOG_INFO, "Cache timeout, flushing unused (*,G) routes!"); mroute_expire(cache_timeout); } /** * mroute4_enable - Initialise IPv4 multicast routing * * Setup the kernel IPv4 multicast routing API and lock the multicast * routing socket to this program (only!). * * Returns: * POSIX OK(0) on success, non-zero on error with @errno set. */ static int mroute4_enable(int do_vifs, int table_id) { struct iface *iface; if (kern_mroute_init(table_id, handle_nocache4, NULL)) { switch (errno) { case ENOPROTOOPT: smclog(LOG_WARNING, "Kernel does not even support IGMP, skipping ..."); break; case EPROTONOSUPPORT: smclog(LOG_ERR, "Cannot set IPv4 multicast routing table id: %s", strerror(errno)); smclog(LOG_ERR, "Make sure your kernel has CONFIG_IP_MROUTE_MULTIPLE_TABLES=y"); break; case EADDRINUSE: smclog(LOG_ERR, "IPv4 multicast routing API already in use: %s", strerror(errno)); break; case EOPNOTSUPP: smclog(LOG_ERR, "Kernel does not support IPv4 multicast routing, skipping ..."); break; default: smclog(LOG_ERR, "Failed initializing IPv4 multicast routing API: %s", strerror(errno)); break; } return 1; } /* Create virtual interfaces (VIFs) for all IFF_MULTICAST interfaces */ if (do_vifs) { for (iface = iface_iterator(1); iface; iface = iface_iterator(0)) mroute4_add_vif(iface); } return 0; } /** * mroute4_disable - Disable IPv4 multicast routing * * Disable IPv4 multicast routing and release kernel routing socket. */ static void mroute4_disable(void) { struct mroute *entry, *tmp; if (kern_mroute_exit()) return; TAILQ_FOREACH_SAFE(entry, &conf_list, link, tmp) { TAILQ_REMOVE(&conf_list, entry, link); free(entry); } TAILQ_FOREACH_SAFE(entry, &kern_list, link, tmp) { TAILQ_REMOVE(&kern_list, entry, link); free(entry); } } /* * Prune VIF from all existing routes and update kernel MFC. If VIF is * used as inbound, prune entire route, otherwise just the outbound. */ static void mroute4_prune_vif(int vif) { struct mroute *entry, *tmp; TAILQ_FOREACH_SAFE(entry, &conf_list, link, tmp) { if (entry->group.ss_family != AF_INET) continue; if (entry->inbound == vif) { TAILQ_REMOVE(&conf_list, entry, link); entry->unused = 1; mfc_uninstall(entry); free(entry); } else if (entry->ttl[vif] > 0) { entry->ttl[vif] = 0; mfc_install(entry); } } } /* Create a virtual interface from @iface so it can be used for IPv4 multicast routing. */ static int mroute4_add_vif(struct iface *iface) { if (kern_vif_add(iface)) { switch (errno) { case ENOPROTOOPT: smclog(LOG_INFO, "Interface %s is not multicast capable, skipping VIF.", iface->ifname); return -1; case EAGAIN: smclog(LOG_DEBUG, "No IPv4 multicast socket"); return -1; case ENOMEM: smclog(LOG_WARNING, "Not enough available VIFs to create %s", iface->ifname); return 1; case EEXIST: smclog(LOG_DEBUG, "Interface %s already has VIF %d.", iface->ifname, iface->vif); return 0; default: break; } smclog(LOG_DEBUG, "Failed creating VIF for %s: %s", iface->ifname, strerror(errno)); return -1; } if (iface->mrdisc) return mrdisc_register(iface->ifname, iface->vif); return mrdisc_deregister(iface->vif); } static int mroute4_del_vif(struct iface *iface) { int rc = 0; if (iface->mrdisc) rc = mrdisc_deregister(iface->vif); if (iface->vif == ALL_VIFS) return 0; if (kern_vif_del(iface)) { switch (errno) { case ENOENT: case EADDRNOTAVAIL: break; default: smclog(LOG_ERR, "Failed deleting VIF for iface %s: %s", iface->ifname, strerror(errno)); break; } rc = -1; } if (iface->vif != ALL_VIFS) mroute4_prune_vif(iface->vif); iface->vif = ALL_VIFS; return rc; } static int is_exact_match(struct mroute *rule, struct mroute *cand) { if (rule->group.ss_family != cand->group.ss_family) return 0; if (rule->inbound != cand->inbound) return 0; if (!inet_addr_cmp(&rule->source, &cand->source) && !inet_addr_cmp(&rule->group, &cand->group) && rule->len == cand->len && rule->src_len == cand->src_len) return 1; return 0; } /* * Used for (*,G) matches * * The incoming candidate is compared to the configured rule, e.g. * does 225.1.2.3 fall inside 225.0.0.0/8? => Yes * does 225.1.2.3 fall inside 225.0.0.0/15? => Yes * does 225.1.2.3 fall inside 225.0.0.0/16? => No * * does ff05:bad1::1 fall inside ff05:bad0::/16? => Yes * does ff05:bad1::1 fall inside ff05:bad0::/31? => Yes * does ff05:bad1::1 fall inside ff05:bad0::/32? => No */ int is_match(struct mroute *rule, struct mroute *cand) { inet_addr_t a, b; int rc = 0; if (rule->group.ss_family != cand->group.ss_family) return 0; if (rule->inbound != cand->inbound) return rc; a = inet_netaddr(&rule->group, rule->len); b = inet_netaddr(&cand->group, rule->len); rc = !inet_addr_cmp(&a, &b); if (is_anyaddr(&rule->source)) return rc; a = inet_netaddr(&rule->source, rule->src_len); b = inet_netaddr(&cand->source, rule->src_len); rc &= !inet_addr_cmp(&a, &b); return rc; } static int is_ssm(struct mroute *route) { int max_len = inet_max_len(&route->group); return !is_anyaddr(&route->source) && route->src_len == max_len && route->len == max_len; } /* find any existing route, with matching inbound interface */ static struct mroute *conf_find(struct mroute *route) { struct mroute *entry; TAILQ_FOREACH(entry, &conf_list, link) { if (is_exact_match(route, entry)) return entry; } return NULL; } /* find any existing route, with matching inbound interface */ static struct mroute *kern_find(struct mroute *route) { struct mroute *entry; TAILQ_FOREACH(entry, &kern_list, link) { if (is_match(route, entry)) return entry; } return NULL; } static int is_active(struct mroute *route) { size_t i; for (i = 0; i < NELEMS(route->ttl); i++) { if (route->ttl[i]) return 1; } return 0; } /* * Get valid packet usage statistics (i.e. number of actually forwarded * packets) from the kernel for an installed MFC entry */ static unsigned long get_valid_pkt(struct mroute *route) { struct mroute_stats ms = { 0 }; if (kern_stats(route, &ms)) return 0; return ms.ms_pktcnt - ms.ms_wrong_if; } /** * mroute_expire - Expire dynamically added (*,G) routes * @max_idle: Timeout for routes in seconds, 0 to expire all dynamic routes * * This function flushes all (*,G) routes which haven't been used (i.e. no * packets matching them have been forwarded) in the last max_idle seconds. * It is called periodically on cache-timeout or on request of smcroutectl. * The latter is useful in case of topology changes (e.g. VRRP fail-over) * or similar. */ void mroute_expire(int max_idle) { struct mroute *entry, *tmp; struct timespec now; clock_gettime(CLOCK_MONOTONIC, &now); TAILQ_FOREACH_SAFE(entry, &kern_list, link, tmp) { char origin[INET_ADDRSTR_LEN], group[INET_ADDRSTR_LEN]; struct iface *iface; /* XXX: only consider (*,G) routes, not pure (S,G), and no overlap handling for now */ if (conf_find(entry)) continue; inet_addr2str(&entry->group, group, sizeof(group)); inet_addr2str(&entry->source, origin, sizeof(origin)); iface = iface_find_by_inbound(entry); if (!entry->last_use) { /* New entry */ entry->last_use = now.tv_sec; entry->valid_pkt = get_valid_pkt(entry); continue; } smclog(LOG_DEBUG, "Checking (%s,%s) on %s, time to expire: last %ld max %d now: %ld", origin, group, iface ? iface->ifname : "UNKNOWN", entry->last_use, max_idle, now.tv_sec); if (entry->last_use + max_idle <= now.tv_sec) { unsigned long valid_pkt; valid_pkt = get_valid_pkt(entry); if (valid_pkt != entry->valid_pkt) { /* Used since last check, update */ smclog(LOG_DEBUG, " -> Nope, still active, valid %lu vs last valid %lu.", valid_pkt, entry->valid_pkt); entry->last_use = now.tv_sec; entry->valid_pkt = valid_pkt; continue; } /* Not used, expire */ smclog(LOG_DEBUG, " -> Yup, stale route."); kern_mroute_del(entry); TAILQ_REMOVE(&kern_list, entry, link); free(entry); } } } /* * Install or update kernel MFC. Installing a new route currently * requires an (S,G) entry, updating only requires a (*,G), which * is to handle overlaps. * * Currently, meaning Linux has support for (*,*) and (*,G) routing * but supporting that would require quite a bit of changes. I.e., * it's not just about removing the `!is_ssm(conf)` check ... */ static int mfc_install(struct mroute *route) { struct mroute *kern; kern = kern_find(route); if (!kern) { if (!is_ssm(route)) return 0; kern = malloc(sizeof(struct mroute)); if (!kern) { smclog(LOG_WARNING, "Cannot add kernel route: %s", strerror(errno)); return 1; } memcpy(kern, route, sizeof(struct mroute)); TAILQ_INSERT_TAIL(&kern_list, kern, link); return kern_mroute_add(kern); } TAILQ_FOREACH(kern, &kern_list, link) { if (!is_match(route, kern)) continue; for (size_t i = 0; i < NELEMS(route->ttl); i++) { if (route->ttl[i] > 0 && kern->ttl[i] != route->ttl[i]) kern->ttl[i] = route->ttl[i]; } kern_mroute_add(kern); } return 0; } /* * When route has an empty oif list -- attempt full removal of the * route, unless there exist other configured routes that map to the * same kernel MFC entry. * * When route oif list is *not* empty, attempt to remove only select * interfaces from the MFC entry. Again, unless other configured * routes map to the same MFC entry. */ static int mfc_uninstall(struct mroute *route) { struct mroute *conf, *kern, *tmp; int removal = !is_active(route); int diff = 0; int rc = 0; TAILQ_FOREACH_SAFE(kern, &kern_list, link, tmp) { if (!is_match(route, kern)) continue; if (route->unused) goto cleanup; /* First remove OIFs from route entry */ for (size_t i = 0; i < NELEMS(route->ttl); i++) { if (removal || route->ttl[i] > 0) { kern->ttl[i] = 0; diff++; } } /* Then, for each matching conf we add its oifs */ TAILQ_FOREACH(conf, &conf_list, link) { if (!is_match(kern, conf)) continue; for (size_t i = 0; i < NELEMS(conf->ttl); i++) { if (conf->ttl[i] > 0 && kern->ttl[i] == 0) { kern->ttl[i] = conf->ttl[i]; diff++; } } } if (!diff && !removal) continue; if (is_active(kern) || !removal) { if (kern_mroute_add(kern)) rc = -1; continue; } cleanup: if (kern_mroute_del(kern)) rc = -1; TAILQ_REMOVE(&kern_list, kern, link); free(kern); } return rc; } /** * mroute_add_route - Add route to kernel, or save a wildcard route for later use * @route: Pointer to multicast route to add * * Adds the given multicast @route to the kernel multicast routing table * unless it is ASM, i.e., a (*,G) route. Those we save for and check * against at runtime when the kernel signals us. * * Returns: * POSIX OK(0) on success, non-zero on error with @errno set. */ int mroute_add_route(struct mroute *route) { struct mroute *conf; conf = conf_find(route); if (conf) { size_t i; /* .conf: replace found entry with new outbounds */ if (conf->unused) { for (i = 0; i < NELEMS(conf->ttl); i++) conf->ttl[i] = 0; } /* ipc: add any new outbound interafces */ for (i = 0; i < NELEMS(conf->ttl); i++) { if (route->ttl[i]) conf->ttl[i] = route->ttl[i]; } } else { conf = malloc(sizeof(struct mroute)); if (!conf) { smclog(LOG_WARNING, "Cannot add multicast route: %s", strerror(errno)); return 1; } memcpy(conf, route, sizeof(struct mroute)); TAILQ_INSERT_TAIL(&conf_list, conf, link); } conf->unused = 0; return mfc_install(conf); } /** * mroute_del_route - Remove route from kernel, or all matching routes if wildcard * @route: Pointer to multicast route to remove * * Removes the given multicast @route from the kernel multicast routing * table, or if the @route is a wildcard, then all matching kernel * routes are removed, as well as the wildcard. * * Returns: * POSIX OK(0) on success, non-zero on error with @errno set. */ int mroute_del_route(struct mroute *route) { struct mroute *conf; int rc = 0; if (route->unused) { conf = route; goto cleanup; } conf = conf_find(route); if (!conf) { errno = ENOENT; return -1; } if (is_active(route)) { /* remove only the listed oifs from config */ for (size_t i = 0; i < NELEMS(conf->ttl); i++) { if (route->ttl[i] > 0 && conf->ttl[i] != 0) conf->ttl[i] = 0; } rc = mfc_uninstall(route); } else { cleanup: TAILQ_REMOVE(&conf_list, conf, link); rc = mfc_uninstall(route); free(conf); } return rc; } #ifdef HAVE_IPV6_MULTICAST_ROUTING static int mroute6_add_mif(struct iface *iface); /* * Receive and drop ICMPv6 stuff. This is either MLD packets or upcall * messages sent up from the kernel. */ static void handle_nocache6(int sd, void *arg) { char origin[INET_ADDRSTR_LEN], group[INET_ADDRSTR_LEN]; struct mroute mroute = { 0 }; struct mrt6msg *im6; struct iface *iface; char tmp[128]; int result; (void)arg; result = read(sd, tmp, sizeof(tmp)); if (result < 0) { smclog(LOG_INFO, "Failed clearing MLD message from kernel: %s", strerror(errno)); return; } /* * Basic input validation, filter out all non-mrt messages (e.g. * our join for each group). The mrt6msg struct is overlayed on * the MLD header, so the im6_mbz field (must-be-zero) is the * MLD type, e.g. 143, and im6_msgtype is the MLD code for an * MLDv2 Join. */ im6 = (struct mrt6msg *)tmp; if (im6->im6_mbz != 0 || im6->im6_msgtype == 0) return; inet_addr6_set(&mroute.source, &im6->im6_src); inet_addr6_set(&mroute.group, &im6->im6_dst); mroute.inbound = im6->im6_mif; mroute.len = 128; mroute.src_len = 128; inet_addr2str(&mroute.source, origin, sizeof(origin)); inet_addr2str(&mroute.group, group, sizeof(group)); iface = iface_find_by_inbound(&mroute); if (!iface) { smclog(LOG_WARNING, "No matching interface for VIF %u, cannot handle MRT6MSG %u:%u. " "Multicast source %s, dest %s", mroute.inbound, im6->im6_mbz, im6->im6_msgtype, origin, group); return; } switch (im6->im6_msgtype) { case MRT6MSG_NOCACHE: smclog(LOG_DEBUG, "New multicast data from %s to group %s on VIF %u", origin, group, mroute.inbound); /* Find any matching route for this group on that iif. */ result = mroute_dyn_add(&mroute); if (result) { /* * This is a common error, the router receives streams it is not * set up to route -- we ignore these by default, but if the user * sets a more permissive log level we help out by showing what * is going on. */ if (ENOENT == errno) smclog(LOG_INFO, "Multicast from %s, group %s, on %s does not match any (*,G) rule", origin, group, iface->ifname); return; } script_exec(&mroute); break; case MRT6MSG_WRONGMIF: smclog(LOG_WARNING, "Multicast from %s, group %s, coming in on wrong MIF %u, iface %s", origin, group, mroute.inbound, iface->ifname); break; case MRT6MSG_WHOLEPKT: smclog(LOG_WARNING, "Receiving PIM6 register data from %s, group %s", origin, group); break; default: smclog(LOG_DEBUG, "Unknown MRT6MSG %u from kernel", im6->im6_msgtype); break; } } #endif /* HAVE_IPV6_MULTICAST_ROUTING */ /** * mroute6_enable - Initialise IPv6 multicast routing * * Setup the kernel IPv6 multicast routing API and lock the multicast * routing socket to this program (only!). * * Returns: * POSIX OK(0) on success, non-zero on error with @errno set. */ static int mroute6_enable(int do_vifs, int table_id) { #ifndef HAVE_IPV6_MULTICAST_ROUTING (void)do_vifs; (void)table_id; #else struct iface *iface; if (kern_mroute6_init(table_id, handle_nocache6, NULL)) { switch (errno) { case ENOPROTOOPT: smclog(LOG_WARNING, "Kernel does not even support IPv6 ICMP, skipping ..."); break; case EPROTONOSUPPORT: smclog(LOG_ERR, "Cannot set IPv6 multicast routing table id: %s", strerror(errno)); smclog(LOG_ERR, "Make sure your kernel has CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y"); break; case EADDRINUSE: smclog(LOG_ERR, "IPv6 multicast routing API already in use: %s", strerror(errno)); break; case EOPNOTSUPP: smclog(LOG_ERR, "Kernel does not support IPv6 multicast routing, skipping ..."); break; default: smclog(LOG_ERR, "Failed initializing IPv6 multicast routing API: %s", strerror(errno)); break; } return 1; } /* Create virtual interfaces, IPv6 MIFs, for all IFF_MULTICAST interfaces */ if (do_vifs) { for (iface = iface_iterator(1); iface; iface = iface_iterator(0)) mroute6_add_mif(iface); } return 0; #endif /* HAVE_IPV6_MULTICAST_ROUTING */ return -1; } /** * mroute6_disable - Disable IPv6 multicast routing * * Disable IPv6 multicast routing and release kernel routing socket. */ static void mroute6_disable(void) { #ifdef HAVE_IPV6_MULTICAST_ROUTING kern_mroute6_exit(); #endif } #ifdef HAVE_IPV6_MULTICAST_ROUTING /* * Prune VIF from all existing routes and update kernel MFC. If VIF is * used as inbound, prune entire route, otherwise just the outbound. */ static void mroute6_prune_mif(int mif) { struct mroute *entry, *tmp; TAILQ_FOREACH_SAFE(entry, &conf_list, link, tmp) { if (entry->group.ss_family != AF_INET6) continue; if (entry->inbound == mif) { TAILQ_REMOVE(&conf_list, entry, link); entry->unused = 1; mfc_uninstall(entry); free(entry); } else if (entry->ttl[mif] > 0) { entry->ttl[mif] = 0; mfc_install(entry); } } } /* Create a virtual interface from @iface so it can be used for IPv6 multicast routing. */ static int mroute6_add_mif(struct iface *iface) { if (kern_mif_add(iface)) { switch (errno) { case ENOPROTOOPT: smclog(LOG_INFO, "Interface %s is not multicast capable, skipping MIF.", iface->ifname); return -1; case EAGAIN: smclog(LOG_DEBUG, "No IPv6 multicast socket"); return -1; case ENOMEM: smclog(LOG_WARNING, "Not enough available MIFs to create %s", iface->ifname); return 1; case EEXIST: smclog(LOG_DEBUG, "Interface %s already has MIF %d.", iface->ifname, iface->mif); return 0; default: break; } smclog(LOG_DEBUG, "Failed creating MIF for %s: %s", iface->ifname, strerror(errno)); return -1; } return 0; } static int mroute6_del_mif(struct iface *iface) { int rc = 0; if (iface->mif == ALL_VIFS) return 0; if (kern_mif_del(iface) && errno != ENOENT) { switch (errno) { case ENOENT: case EADDRNOTAVAIL: break; default: smclog(LOG_ERR, "Failed deleting MIF for iface %s: %s", iface->ifname, strerror(errno)); break; } rc = -1; } if (iface->mif != ALL_VIFS) mroute6_prune_mif(iface->mif); iface->mif = ALL_VIFS; return rc; } #endif /* HAVE_IPV6_MULTICAST_ROUTING */ /** * mroute_dyn_add - Add route to kernel if it matches a known (*,G) route. * @route: Pointer to candidate multicast route * * Returns: * POSIX OK(0) on success, non-zero on error with @errno set. */ static int mroute_dyn_add(struct mroute *route) { struct mroute *entry; int rc; TAILQ_FOREACH(entry, &conf_list, link) { /* Find matching (*,G) ... and interface. */ if (is_ssm(entry) || !is_match(entry, route)) continue; /* Use configured template (*,G) outbound interfaces. */ memcpy(route->ttl, entry->ttl, NELEMS(route->ttl) * sizeof(route->ttl[0])); break; } if (!entry) { /* * No match, add entry without outbound interfaces * nevertheless to avoid continuous cache misses from * the kernel. Note that this still gets reported as an * error (ENOENT) below. */ memset(route->ttl, 0, NELEMS(route->ttl) * sizeof(route->ttl[0])); } rc = mfc_install(route); /* Signal to cache handler we've added a stop filter */ if (!entry) { errno = ENOENT; return -1; } return rc; } int mroute_init(int do_vifs, int table_id, int cache_tmo) { static int running = 0; TAILQ_INIT(&conf_list); TAILQ_INIT(&kern_list); if (cache_tmo > 0 && !running) { running++; cache_timeout = cache_tmo; timer_add(cache_tmo, cache_flush, NULL); } return mroute4_enable(do_vifs, table_id) || mroute6_enable(do_vifs, table_id); } void mroute_exit(void) { mroute4_disable(); mroute6_disable(); } /* Used by file parser to add VIFs/MIFs after setup */ int mroute_add_vif(char *ifname, uint8_t mrdisc, uint8_t ttl) { struct ifmatch state; struct iface *iface; int rc = 0; iface_match_init(&state); while ((iface = iface_match_by_name(ifname, 1, &state))) { smclog(LOG_DEBUG, "Creating/updating multicast VIF for %s TTL %d", iface->ifname, ttl); iface->mrdisc = mrdisc; iface->threshold = ttl; iface->unused = 0; if (mroute4_add_vif(iface)) rc = -1; #ifdef HAVE_IPV6_MULTICAST_ROUTING if (mroute6_add_mif(iface)) rc = -1; #endif } if (!state.match_count) { smclog(LOG_DEBUG, "Failed adding phyint %s, no matching interfaces.", ifname); return 1; } return rc; } /* Used by file parser to remove VIFs/MIFs after setup */ int mroute_del_vif(char *ifname) { struct ifmatch state; struct iface *iface; int rc = 0; iface_match_init(&state); while ((iface = iface_match_by_name(ifname, 1, &state))) { smclog(LOG_DEBUG, "Removing multicast VIFs for %s", iface->ifname); if (mroute4_del_vif(iface)) rc = -1; #ifdef HAVE_IPV6_MULTICAST_ROUTING if (mroute6_del_mif(iface)) rc = -1; #endif } if (!state.match_count) { smclog(LOG_DEBUG, "Failed removing phyint %s, no matching interfaces.", ifname); return 1; } return rc; } /* * Called on SIGHUP/reload. Mark all known configured routes as * 'unused', let mroute*_add() unmark and mroute_reload_end() take * care to remove routes that still have the 'unused' flag. */ void mroute_reload_beg(void) { struct mroute *entry; struct iface *iface; int first = 1; TAILQ_FOREACH(entry, &conf_list, link) entry->unused = 1; while ((iface = iface_iterator(first))) { first = 0; iface->unused = 1; } } void mroute_reload_end(int do_vifs) { struct mroute *entry, *tmp; struct iface *iface; int first = 1; while ((iface = iface_iterator(first))) { char dummy[IFNAMSIZ]; first = 0; if (iface->unused || !if_indextoname(iface->ifindex, dummy)) { mroute_del_vif(iface->ifname); } else if (do_vifs) mroute_add_vif(iface->ifname, iface->mrdisc, iface->threshold); } TAILQ_FOREACH_SAFE(entry, &conf_list, link, tmp) { if (entry->unused) mroute_del_route(entry); } /* retry add if .conf changed IIF for routes, not until del (above) can we add */ TAILQ_FOREACH(entry, &conf_list, link) mfc_install(entry); } static int show_mroute(int sd, struct mroute *r, int inw, int detail) { char src[INET_ADDRSTR_LEN] = "*"; char src_len[5] = ""; char grp[INET_ADDRSTR_LEN]; char grp_len[5] = ""; char sg[(INET_ADDRSTR_LEN + 3) * 2 + 5]; char buf[MAX_MC_VIFS * 17 + 80]; struct iface *iface; int max_len; max_len = inet_max_len(&r->group); if (!is_anyaddr(&r->source)) { inet_addr2str(&r->source, src, sizeof(src)); if (r->src_len != max_len) snprintf(src_len, sizeof(src_len), "/%u", r->src_len); } inet_addr2str(&r->group, grp, sizeof(grp)); if (r->len != max_len) snprintf(grp_len, sizeof(grp_len), "/%u", r->len); iface = iface_find_by_inbound(r); snprintf(sg, sizeof(sg), "(%s%s, %s%s)", src, src_len, grp, grp_len); if (!iface) { smclog(LOG_ERR, "Failed reading iif for %s, aborting.", sg); exit(EX_SOFTWARE); } snprintf(buf, sizeof(buf), "%-42s %-*s ", sg, inw, iface->ifname); if (detail) { struct mroute_stats ms = { 0 }; char stats[30]; kern_stats(r, &ms); snprintf(stats, sizeof(stats), "%10lu %10lu ", ms.ms_pktcnt, ms.ms_bytecnt); strlcat(buf, stats, sizeof(buf)); } iface = iface_outbound_iterator(r, 1); while (iface) { char tmp[22]; snprintf(tmp, sizeof(tmp), " %s", iface->ifname); strlcat(buf, tmp, sizeof(buf)); iface = iface_outbound_iterator(r, 0); } strlcat(buf, "\n", sizeof(buf)); if (ipc_send(sd, buf, strlen(buf)) < 0) { smclog(LOG_ERR, "Failed sending reply to client: %s", strerror(errno)); return -1; } return 0; } static int has_any_ssm(void) { struct mroute *e; TAILQ_FOREACH(e, &conf_list, link) { if (is_ssm(e)) return 1; } return 0; } static int has_any_asm(void) { struct mroute *e; TAILQ_FOREACH(e, &conf_list, link) { if (!is_ssm(e)) return 1; } return 0; } /* Write all (*,G) routes to client socket */ int mroute_show(int sd, int detail) { const char *r = "ROUTE (S,G)", *o = "OIFS", *i = "IIF"; struct mroute *entry; char line[256]; int inw; inw = iface_ifname_maxlen(); if (inw < (int)strlen(i)) inw = (int)strlen(i); if (detail) { const char *p = "PACKETS", *b = "BYTES"; snprintf(line, sizeof(line), "%-42s %-*s %10s %10s %s=\n", r, inw, i, p, b, o); } else snprintf(line, sizeof(line), "%-42s %-*s %s=\n", r, inw, i, o); if (has_any_asm()) { char *asm_conf = "(*,G) Template Rules_\n"; ipc_send(sd, asm_conf, strlen(asm_conf)); ipc_send(sd, line, strlen(line)); TAILQ_FOREACH(entry, &conf_list, link) { if (is_ssm(entry)) continue; if (show_mroute(sd, entry, inw, detail) < 0) return 1; } } if (has_any_ssm()) { char *ssm_list = "(S,G) Rules_\n"; ipc_send(sd, ssm_list, strlen(ssm_list)); ipc_send(sd, line, strlen(line)); TAILQ_FOREACH(entry, &conf_list, link) { if (!is_ssm(entry)) continue; if (show_mroute(sd, entry, inw, detail) < 0) return 1; } } if (!TAILQ_EMPTY(&kern_list)) { char *asm_kern = "Kernel MFC Table_\n"; ipc_send(sd, asm_kern, strlen(asm_kern)); ipc_send(sd, line, strlen(line)); TAILQ_FOREACH(entry, &kern_list, link) { if (!is_active(entry)) continue; if (show_mroute(sd, entry, inw, detail) < 0) return 1; } TAILQ_FOREACH(entry, &kern_list, link) { if (is_active(entry)) continue; if (show_mroute(sd, entry, inw, detail) < 0) return 1; } } return 0; } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/mroute.h ================================================ /* Generic kernel multicast routing API for Linux and *BSD */ #ifndef SMCROUTE_MROUTE_H_ #define SMCROUTE_MROUTE_H_ #include "config.h" #include #include #include /* Defines u_char, needed by netinet/in.h */ #include #include #include #ifdef HAVE_NETINET_IN_VAR_H #include #endif #include #include "queue.h" /* Needed by netinet/ip_mroute.h on FreeBSD */ #ifdef HAVE_LINUX_MROUTE_H #define _LINUX_IN_H /* For Linux <= 2.6.25 */ #include #include #endif #ifdef HAVE_LINUX_MROUTE6_H #include #endif #ifdef HAVE_LINUX_FILTER_H #include #endif #ifdef HAVE_NET_ROUTE_H #include #endif #ifdef HAVE_NETINET_IP_MROUTE_H #define _KERNEL #include #undef _KERNEL #else # ifdef __APPLE__ # include "ip_mroute.h" # endif #endif #ifdef HAVE_NETINET6_IP6_MROUTE_H #ifdef HAVE_SYS_PARAM_H #include #endif #include #endif #ifndef IN6_IS_ADDR_MULTICAST #define IN6_IS_ADDR_MULTICAST(a) (((__const uint8_t *) (a))[0] == 0xff) #endif #include "inet.h" /* * IPv4 multicast route */ #ifndef MAXVIFS #define MAXVIFS 32 #endif /* * IPv6 multicast route */ #ifdef HAVE_IPV6_MULTICAST_ROUTING # ifndef MAXMIFS # define MAXMIFS MAXVIFS # endif /* Allocate data types to the max, on FreeBSD MAXMIFS > MAXVIFS */ # if MAXMIFS > MAXVIFS # define MAX_MC_VIFS MAXMIFS # else # define MAX_MC_VIFS MAXVIFS # endif #else #define MAX_MC_VIFS MAXVIFS #endif /* We're on a system w/o IPv6 routing, define to avoid other ifdefs */ #ifndef mifi_t typedef unsigned short mifi_t; #endif struct mroute { TAILQ_ENTRY(mroute) link; int unused; inet_addr_t source; /* originating host, may be inet_anyaddr() */ short src_len; /* source prefix len, or 0:disabled */ inet_addr_t group; /* multicast group */ short len; /* prefix len, or 0:disabled */ vifi_t inbound; /* incoming VIF */ uint8_t ttl[MAX_MC_VIFS];/* outgoing VIFs */ unsigned long valid_pkt; /* packet counter at last mroute4_dyn_expire() */ time_t last_use; /* timestamp of last forwarded packet */ }; int mroute_init (int do_vifs, int table_id, int cache_tmo); void mroute_exit (void); int mroute_add_vif (char *ifname, uint8_t mrdisc, uint8_t threshold); int mroute_del_vif (char *ifname); void mroute_expire (int max_idle); int mroute_add_route (struct mroute *mroute); int mroute_del_route (struct mroute *mroute); void mroute_reload_beg (void); void mroute_reload_end (int do_vifs); int mroute_show (int sd, int detail); #endif /* SMCROUTE_MROUTE_H_ */ ================================================ FILE: src/msg.c ================================================ /* IPC command parser and builder for daemon and client * * Copyright (C) 2011-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include /* sig_atomic_t */ #include #include #include #include #include "conf.h" #include "log.h" #include "msg.h" #include "iface.h" #include "util.h" #include "mroute.h" #include "mcgroup.h" extern volatile sig_atomic_t running; extern volatile sig_atomic_t reloading; /* * Check for prefix length, only applicable for (*,G) routes */ int is_range(char *arg) { char *ptr; ptr = strchr(arg, '/'); if (ptr) { *ptr++ = 0; return atoi(ptr); } return 0; } static int do_mgroup(struct ipc_msg *msg) { char source[INET_ADDRSTR_LEN + 5] = { 0 }; char group[INET_ADDRSTR_LEN + 5] = { 0 }; char *ifname = msg->argv[0]; if (msg->count < 2) { errno = EINVAL; return -1; } if (msg->count == 3) { strlcpy(source, msg->argv[1], sizeof(source)); strlcpy(group, msg->argv[2], sizeof(group)); } else strlcpy(group, msg->argv[1], sizeof(group)); return conf_mgroup(NULL, msg->cmd == 'j' ? 1 : 0, ifname, source[0] ? source : NULL, group); } static int do_mroute(struct ipc_msg *msg) { char src[INET_ADDRSTR_LEN + 5]; char *ifname, *source, *group; char *out[MAX_MC_VIFS]; inet_addr_t ss; int num = 0; int pos = 0; if (msg->count < 2) { errno = EINVAL; return -1; } ifname = msg->argv[pos++]; strlcpy(src, msg->argv[pos++], sizeof(src)); is_range(src); if (inet_str2addr(src, &ss)) { smclog(LOG_ERR, "mroute: invalid source/group address: %s", src); return 1; } if (!is_multicast(&ss)) { char grp[INET_ADDRSTR_LEN + 5]; strlcpy(grp, msg->argv[pos++], sizeof(grp)); is_range(grp); if (inet_str2addr(grp, &ss) || !is_multicast(&ss)) { smclog(LOG_DEBUG, "mroute: invalid multicast group: %s", grp); return 1; } source = msg->argv[1]; group = msg->argv[2]; } else { source = NULL; group = msg->argv[1]; } while (pos < msg->count) out[num++] = msg->argv[pos++]; return conf_mroute(NULL, msg->cmd == 'a' ? 1 : 0, ifname, source, group, out, num); } static int do_show(struct ipc_msg *msg, int sd, int detail) { if (msg->count > 0) { char cmd = msg->argv[0][0]; switch (cmd) { case 'g': return mcgroup_show(sd, detail); case 'i': return iface_show(sd, detail); default: break; } } return mroute_show(sd, detail); } /* * Convert IPC command from client to a mulicast route or group join/leave */ int msg_do(int sd, struct ipc_msg *msg) { int result = 0; switch (msg->cmd) { case 'a': case 'r': result = do_mroute(msg); break; case 'j': case 'l': result = do_mgroup(msg); break; case 'F': mroute_expire(0); break; case 'H': /* HUP */ reloading = 1; break; case 'k': running = 0; break; case 'S': result = do_show(msg, sd, 1); break; case 's': result = do_show(msg, sd, 0); break; default: errno = EINVAL; result = -1; } return result; } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/msg.h ================================================ /* SMCRoute IPC API * * Multicast routes: * * add eth0 [1.1.1.1] 239.1.1.1 eth1 eth2 * * +----+-----+---+--------------------------------------------+ * | 42 | 'a' | 5 | "eth0\01.1.1.1\0239.1.1.1\0eth1\0eth2\0\0" | * +----+-----+---+--------------------------------------------+ * ^ ^ |-----| * | | `---> Second argument is optional => (*,G) * +-----cmd------+ * * del [1.1.1.1] 239.1.1.1 * * +----+-----+---+--------------------------+ * | 27 | 'r' | 2 | "1.1.1.1\0239.1.1.1\0\0" | * +----+-----+---+--------------------------+ * ^ ^ * | | * +-----cmd------+ * * Multicast groups: * * join/leave eth0 [1.1.1.1] 239.1.1.1 * * +----+-----+---+--------------------------------------------+ * | 32 | 'j' | 3 | "eth0\01.1.1.1\0239.1.1.1\0\0" | * +----+-----+---+--------------------------------------------+ * |-----| * `-----> For SSM group join/leave */ #ifndef SMCROUTE_MSG_H_ #define SMCROUTE_MSG_H_ #include #include #include #define MX_CMDPKT_SZ 1024 /* command size including appended strings */ struct ipc_msg { size_t len; /* total size of packet including cmd header */ uint16_t cmd; /* 'a'=Add,'r'=Remove,'j'=Join,'l'=Leave,'k'=Kill */ uint16_t count; /* command argument count */ char *argv[0]; /* 'count' * '\0' terminated strings + '\0' */ }; int msg_do(int sd, struct ipc_msg *msg); #endif /* SMCROUTE_MSG_H_ */ /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/notify.c ================================================ /* generic service monitor backend * * Copyright (C) 2019-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include #include #include "log.h" #include "notify.h" #include "util.h" void notify_ready(char *pidfn, uid_t uid, gid_t gid) { const char *msg = "Ready, waiting for client request or kernel event."; if (pidfile_create(pidfn, uid, gid)) smclog(LOG_WARNING, "Failed create/chown PID file: %s", strerror(errno)); systemd_notify_ready(msg); smclog(LOG_NOTICE, msg); } void notify_reload(void) { const char *msg = "Reloading configuration, please wait ..."; systemd_notify_reload(msg); smclog(LOG_NOTICE, msg); } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/notify.h ================================================ /* Wrappers for different service monitors */ #ifndef SMCROUTE_NOTIFY_H_ #define SMCROUTE_NOTIFY_H_ #include "config.h" void notify_ready(char *pidfn, uid_t uid, gid_t gid); void notify_reload(void); #ifdef HAVE_LIBSYSTEMD void systemd_notify_ready(const char *status); void systemd_notify_reload(const char *status); #else #define systemd_notify_ready(status) #define systemd_notify_reload(status) #endif #endif /* SMCROUTE_NOTIFY_H_ */ ================================================ FILE: src/pidfile.c ================================================ /* Updated by troglobit for libite/finit/uftpd/smcroute projects 2016/07/04 */ /* $OpenBSD: pidfile.c,v 1.11 2015/06/03 02:24:36 millert Exp $ */ /* $NetBSD: pidfile.c,v 1.4 2001/02/19 22:43:42 cgd Exp $ */ /*- * Copyright (c) 1999 The NetBSD Foundation, Inc. * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation * by Jason R. Thorpe. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include /* utimensat() */ #include /* utimensat() on *BSD */ #include #include #include #include #include #include "log.h" #include "util.h" static char *pidfile_path = NULL; static pid_t pidfile_pid = 0; const char *__pidfile_path = RUNSTATEDIR; const char *__pidfile_name = NULL; extern char *prognm; static void pidfile_cleanup(void) { if (pidfile_path != NULL && pidfile_pid == getpid()) { (void) unlink(pidfile_path); free(pidfile_path); pidfile_path = NULL; } } int pidfile_create(const char *basename, uid_t uid, gid_t gid) { int save_errno; int atexit_already; pid_t pid; FILE *f; if (basename == NULL) basename = prognm; pid = getpid(); atexit_already = 0; if (pidfile_path != NULL) { if (!access(pidfile_path, R_OK) && pid == pidfile_pid) { utimensat(0, pidfile_path, NULL, 0); return 0; } free(pidfile_path); pidfile_path = NULL; __pidfile_name = NULL; atexit_already = 1; } if (basename[0] != '/') { if (asprintf(&pidfile_path, "%s/%s.pid", __pidfile_path, basename) == -1) return -1; } else { if (asprintf(&pidfile_path, "%s", basename) == -1) return -1; } smclog(LOG_DEBUG, "Creating PID file %s", pidfile_path); if ((f = fopen(pidfile_path, "w")) == NULL) { save_errno = errno; free(pidfile_path); pidfile_path = NULL; errno = save_errno; return -1; } if (fprintf(f, "%ld\n", (long)pid) <= 0 || fflush(f) != 0) { save_errno = errno; (void) fclose(f); (void) unlink(pidfile_path); free(pidfile_path); pidfile_path = NULL; errno = save_errno; return -1; } (void) fclose(f); __pidfile_name = pidfile_path; if (chown(pidfile_path, uid, gid)) return -1; /* * LITE extension, no need to set up another atexit() handler * if user only called us to update the mtime of the PID file */ if (atexit_already) return 0; pidfile_pid = pid; if (atexit(pidfile_cleanup) < 0) { save_errno = errno; (void) unlink(pidfile_path); free(pidfile_path); pidfile_path = NULL; pidfile_pid = 0; errno = save_errno; return -1; } return 0; } ================================================ FILE: src/queue.h ================================================ /* $OpenBSD: queue.h,v 1.43 2015/12/28 19:38:40 millert Exp $ */ /* $NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $ */ /* * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)queue.h 8.5 (Berkeley) 8/20/94 */ #ifndef _SYS_QUEUE_H_ #define _SYS_QUEUE_H_ /* * This file defines five types of data structures: singly-linked lists, * lists, simple queues, tail queues and XOR simple queues. * * * A singly-linked list is headed by a single forward pointer. The elements * are singly linked for minimum space and pointer manipulation overhead at * the expense of O(n) removal for arbitrary elements. New elements can be * added to the list after an existing element or at the head of the list. * Elements being removed from the head of the list should use the explicit * macro for this purpose for optimum efficiency. A singly-linked list may * only be traversed in the forward direction. Singly-linked lists are ideal * for applications with large datasets and few or no removals or for * implementing a LIFO queue. * * A list is headed by a single forward pointer (or an array of forward * pointers for a hash table header). The elements are doubly linked * so that an arbitrary element can be removed without a need to * traverse the list. New elements can be added to the list before * or after an existing element or at the head of the list. A list * may only be traversed in the forward direction. * * A simple queue is headed by a pair of pointers, one to the head of the * list and the other to the tail of the list. The elements are singly * linked to save space, so elements can only be removed from the * head of the list. New elements can be added to the list before or after * an existing element, at the head of the list, or at the end of the * list. A simple queue may only be traversed in the forward direction. * * A tail queue is headed by a pair of pointers, one to the head of the * list and the other to the tail of the list. The elements are doubly * linked so that an arbitrary element can be removed without a need to * traverse the list. New elements can be added to the list before or * after an existing element, at the head of the list, or at the end of * the list. A tail queue may be traversed in either direction. * * An XOR simple queue is used in the same way as a regular simple queue. * The difference is that the head structure also includes a "cookie" that * is XOR'd with the queue pointer (first, last or next) to generate the * real pointer value. * * For details on the use of these macros, see the queue(3) manual page. */ #if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC)) #define _Q_INVALIDATE(a) (a) = ((void *)-1) #else #define _Q_INVALIDATE(a) #endif /* * Singly-linked List definitions. */ #define SLIST_HEAD(name, type) \ struct name { \ struct type *slh_first; /* first element */ \ } #define SLIST_HEAD_INITIALIZER(head) \ { NULL } #define SLIST_ENTRY(type) \ struct { \ struct type *sle_next; /* next element */ \ } /* * Singly-linked List access methods. */ #define SLIST_FIRST(head) ((head)->slh_first) #define SLIST_END(head) NULL #define SLIST_EMPTY(head) (SLIST_FIRST(head) == SLIST_END(head)) #define SLIST_NEXT(elm, field) ((elm)->field.sle_next) #define SLIST_FOREACH(var, head, field) \ for((var) = SLIST_FIRST(head); \ (var) != SLIST_END(head); \ (var) = SLIST_NEXT(var, field)) #define SLIST_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = SLIST_FIRST(head); \ (var) && ((tvar) = SLIST_NEXT(var, field), 1); \ (var) = (tvar)) /* * Singly-linked List functions. */ #define SLIST_INIT(head) { \ SLIST_FIRST(head) = SLIST_END(head); \ } #define SLIST_INSERT_AFTER(slistelm, elm, field) do { \ (elm)->field.sle_next = (slistelm)->field.sle_next; \ (slistelm)->field.sle_next = (elm); \ } while (0) #define SLIST_INSERT_HEAD(head, elm, field) do { \ (elm)->field.sle_next = (head)->slh_first; \ (head)->slh_first = (elm); \ } while (0) #define SLIST_REMOVE_AFTER(elm, field) do { \ (elm)->field.sle_next = (elm)->field.sle_next->field.sle_next; \ } while (0) #define SLIST_REMOVE_HEAD(head, field) do { \ (head)->slh_first = (head)->slh_first->field.sle_next; \ } while (0) #define SLIST_REMOVE(head, elm, type, field) do { \ if ((head)->slh_first == (elm)) { \ SLIST_REMOVE_HEAD((head), field); \ } else { \ struct type *curelm = (head)->slh_first; \ \ while (curelm->field.sle_next != (elm)) \ curelm = curelm->field.sle_next; \ curelm->field.sle_next = \ curelm->field.sle_next->field.sle_next; \ } \ _Q_INVALIDATE((elm)->field.sle_next); \ } while (0) /* * List definitions. */ #define LIST_HEAD(name, type) \ struct name { \ struct type *lh_first; /* first element */ \ } #define LIST_HEAD_INITIALIZER(head) \ { NULL } #define LIST_ENTRY(type) \ struct { \ struct type *le_next; /* next element */ \ struct type **le_prev; /* address of previous next element */ \ } /* * List access methods. */ #define LIST_FIRST(head) ((head)->lh_first) #define LIST_END(head) NULL #define LIST_EMPTY(head) (LIST_FIRST(head) == LIST_END(head)) #define LIST_NEXT(elm, field) ((elm)->field.le_next) #define LIST_FOREACH(var, head, field) \ for((var) = LIST_FIRST(head); \ (var)!= LIST_END(head); \ (var) = LIST_NEXT(var, field)) #define LIST_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = LIST_FIRST(head); \ (var) && ((tvar) = LIST_NEXT(var, field), 1); \ (var) = (tvar)) /* * List functions. */ #define LIST_INIT(head) do { \ LIST_FIRST(head) = LIST_END(head); \ } while (0) #define LIST_INSERT_AFTER(listelm, elm, field) do { \ if (((elm)->field.le_next = (listelm)->field.le_next) != NULL) \ (listelm)->field.le_next->field.le_prev = \ &(elm)->field.le_next; \ (listelm)->field.le_next = (elm); \ (elm)->field.le_prev = &(listelm)->field.le_next; \ } while (0) #define LIST_INSERT_BEFORE(listelm, elm, field) do { \ (elm)->field.le_prev = (listelm)->field.le_prev; \ (elm)->field.le_next = (listelm); \ *(listelm)->field.le_prev = (elm); \ (listelm)->field.le_prev = &(elm)->field.le_next; \ } while (0) #define LIST_INSERT_HEAD(head, elm, field) do { \ if (((elm)->field.le_next = (head)->lh_first) != NULL) \ (head)->lh_first->field.le_prev = &(elm)->field.le_next;\ (head)->lh_first = (elm); \ (elm)->field.le_prev = &(head)->lh_first; \ } while (0) #define LIST_REMOVE(elm, field) do { \ if ((elm)->field.le_next != NULL) \ (elm)->field.le_next->field.le_prev = \ (elm)->field.le_prev; \ *(elm)->field.le_prev = (elm)->field.le_next; \ _Q_INVALIDATE((elm)->field.le_prev); \ _Q_INVALIDATE((elm)->field.le_next); \ } while (0) #define LIST_REPLACE(elm, elm2, field) do { \ if (((elm2)->field.le_next = (elm)->field.le_next) != NULL) \ (elm2)->field.le_next->field.le_prev = \ &(elm2)->field.le_next; \ (elm2)->field.le_prev = (elm)->field.le_prev; \ *(elm2)->field.le_prev = (elm2); \ _Q_INVALIDATE((elm)->field.le_prev); \ _Q_INVALIDATE((elm)->field.le_next); \ } while (0) /* * Simple queue definitions. */ #define SIMPLEQ_HEAD(name, type) \ struct name { \ struct type *sqh_first; /* first element */ \ struct type **sqh_last; /* addr of last next element */ \ } #define SIMPLEQ_HEAD_INITIALIZER(head) \ { NULL, &(head).sqh_first } #define SIMPLEQ_ENTRY(type) \ struct { \ struct type *sqe_next; /* next element */ \ } /* * Simple queue access methods. */ #define SIMPLEQ_FIRST(head) ((head)->sqh_first) #define SIMPLEQ_END(head) NULL #define SIMPLEQ_EMPTY(head) (SIMPLEQ_FIRST(head) == SIMPLEQ_END(head)) #define SIMPLEQ_NEXT(elm, field) ((elm)->field.sqe_next) #define SIMPLEQ_FOREACH(var, head, field) \ for((var) = SIMPLEQ_FIRST(head); \ (var) != SIMPLEQ_END(head); \ (var) = SIMPLEQ_NEXT(var, field)) #define SIMPLEQ_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = SIMPLEQ_FIRST(head); \ (var) && ((tvar) = SIMPLEQ_NEXT(var, field), 1); \ (var) = (tvar)) /* * Simple queue functions. */ #define SIMPLEQ_INIT(head) do { \ (head)->sqh_first = NULL; \ (head)->sqh_last = &(head)->sqh_first; \ } while (0) #define SIMPLEQ_INSERT_HEAD(head, elm, field) do { \ if (((elm)->field.sqe_next = (head)->sqh_first) == NULL) \ (head)->sqh_last = &(elm)->field.sqe_next; \ (head)->sqh_first = (elm); \ } while (0) #define SIMPLEQ_INSERT_TAIL(head, elm, field) do { \ (elm)->field.sqe_next = NULL; \ *(head)->sqh_last = (elm); \ (head)->sqh_last = &(elm)->field.sqe_next; \ } while (0) #define SIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ if (((elm)->field.sqe_next = (listelm)->field.sqe_next) == NULL)\ (head)->sqh_last = &(elm)->field.sqe_next; \ (listelm)->field.sqe_next = (elm); \ } while (0) #define SIMPLEQ_REMOVE_HEAD(head, field) do { \ if (((head)->sqh_first = (head)->sqh_first->field.sqe_next) == NULL) \ (head)->sqh_last = &(head)->sqh_first; \ } while (0) #define SIMPLEQ_REMOVE_AFTER(head, elm, field) do { \ if (((elm)->field.sqe_next = (elm)->field.sqe_next->field.sqe_next) \ == NULL) \ (head)->sqh_last = &(elm)->field.sqe_next; \ } while (0) #define SIMPLEQ_CONCAT(head1, head2) do { \ if (!SIMPLEQ_EMPTY((head2))) { \ *(head1)->sqh_last = (head2)->sqh_first; \ (head1)->sqh_last = (head2)->sqh_last; \ SIMPLEQ_INIT((head2)); \ } \ } while (0) /* * XOR Simple queue definitions. */ #define XSIMPLEQ_HEAD(name, type) \ struct name { \ struct type *sqx_first; /* first element */ \ struct type **sqx_last; /* addr of last next element */ \ unsigned long sqx_cookie; \ } #define XSIMPLEQ_ENTRY(type) \ struct { \ struct type *sqx_next; /* next element */ \ } /* * XOR Simple queue access methods. */ #define XSIMPLEQ_XOR(head, ptr) ((__typeof(ptr))((head)->sqx_cookie ^ \ (unsigned long)(ptr))) #define XSIMPLEQ_FIRST(head) XSIMPLEQ_XOR(head, ((head)->sqx_first)) #define XSIMPLEQ_END(head) NULL #define XSIMPLEQ_EMPTY(head) (XSIMPLEQ_FIRST(head) == XSIMPLEQ_END(head)) #define XSIMPLEQ_NEXT(head, elm, field) XSIMPLEQ_XOR(head, ((elm)->field.sqx_next)) #define XSIMPLEQ_FOREACH(var, head, field) \ for ((var) = XSIMPLEQ_FIRST(head); \ (var) != XSIMPLEQ_END(head); \ (var) = XSIMPLEQ_NEXT(head, var, field)) #define XSIMPLEQ_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = XSIMPLEQ_FIRST(head); \ (var) && ((tvar) = XSIMPLEQ_NEXT(head, var, field), 1); \ (var) = (tvar)) /* * XOR Simple queue functions. */ #define XSIMPLEQ_INIT(head) do { \ arc4random_buf(&(head)->sqx_cookie, sizeof((head)->sqx_cookie)); \ (head)->sqx_first = XSIMPLEQ_XOR(head, NULL); \ (head)->sqx_last = XSIMPLEQ_XOR(head, &(head)->sqx_first); \ } while (0) #define XSIMPLEQ_INSERT_HEAD(head, elm, field) do { \ if (((elm)->field.sqx_next = (head)->sqx_first) == \ XSIMPLEQ_XOR(head, NULL)) \ (head)->sqx_last = XSIMPLEQ_XOR(head, &(elm)->field.sqx_next); \ (head)->sqx_first = XSIMPLEQ_XOR(head, (elm)); \ } while (0) #define XSIMPLEQ_INSERT_TAIL(head, elm, field) do { \ (elm)->field.sqx_next = XSIMPLEQ_XOR(head, NULL); \ *(XSIMPLEQ_XOR(head, (head)->sqx_last)) = XSIMPLEQ_XOR(head, (elm)); \ (head)->sqx_last = XSIMPLEQ_XOR(head, &(elm)->field.sqx_next); \ } while (0) #define XSIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do { \ if (((elm)->field.sqx_next = (listelm)->field.sqx_next) == \ XSIMPLEQ_XOR(head, NULL)) \ (head)->sqx_last = XSIMPLEQ_XOR(head, &(elm)->field.sqx_next); \ (listelm)->field.sqx_next = XSIMPLEQ_XOR(head, (elm)); \ } while (0) #define XSIMPLEQ_REMOVE_HEAD(head, field) do { \ if (((head)->sqx_first = XSIMPLEQ_XOR(head, \ (head)->sqx_first)->field.sqx_next) == XSIMPLEQ_XOR(head, NULL)) \ (head)->sqx_last = XSIMPLEQ_XOR(head, &(head)->sqx_first); \ } while (0) #define XSIMPLEQ_REMOVE_AFTER(head, elm, field) do { \ if (((elm)->field.sqx_next = XSIMPLEQ_XOR(head, \ (elm)->field.sqx_next)->field.sqx_next) \ == XSIMPLEQ_XOR(head, NULL)) \ (head)->sqx_last = \ XSIMPLEQ_XOR(head, &(elm)->field.sqx_next); \ } while (0) /* * Tail queue definitions. */ #define TAILQ_HEAD(name, type) \ struct name { \ struct type *tqh_first; /* first element */ \ struct type **tqh_last; /* addr of last next element */ \ } #define TAILQ_HEAD_INITIALIZER(head) \ { NULL, &(head).tqh_first } #define TAILQ_ENTRY(type) \ struct { \ struct type *tqe_next; /* next element */ \ struct type **tqe_prev; /* address of previous next element */ \ } /* * Tail queue access methods. */ #define TAILQ_FIRST(head) ((head)->tqh_first) #define TAILQ_END(head) NULL #define TAILQ_NEXT(elm, field) ((elm)->field.tqe_next) #define TAILQ_LAST(head, headname) \ (*(((struct headname *)((head)->tqh_last))->tqh_last)) /* XXX */ #define TAILQ_PREV(elm, headname, field) \ (*(((struct headname *)((elm)->field.tqe_prev))->tqh_last)) #define TAILQ_EMPTY(head) \ (TAILQ_FIRST(head) == TAILQ_END(head)) #define TAILQ_FOREACH(var, head, field) \ for((var) = TAILQ_FIRST(head); \ (var) != TAILQ_END(head); \ (var) = TAILQ_NEXT(var, field)) #define TAILQ_FOREACH_SAFE(var, head, field, tvar) \ for ((var) = TAILQ_FIRST(head); \ (var) != TAILQ_END(head) && \ ((tvar) = TAILQ_NEXT(var, field), 1); \ (var) = (tvar)) #define TAILQ_FOREACH_REVERSE(var, head, headname, field) \ for((var) = TAILQ_LAST(head, headname); \ (var) != TAILQ_END(head); \ (var) = TAILQ_PREV(var, headname, field)) #define TAILQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar) \ for ((var) = TAILQ_LAST(head, headname); \ (var) != TAILQ_END(head) && \ ((tvar) = TAILQ_PREV(var, headname, field), 1); \ (var) = (tvar)) /* * Tail queue functions. */ #define TAILQ_INIT(head) do { \ (head)->tqh_first = NULL; \ (head)->tqh_last = &(head)->tqh_first; \ } while (0) #define TAILQ_INSERT_HEAD(head, elm, field) do { \ if (((elm)->field.tqe_next = (head)->tqh_first) != NULL) \ (head)->tqh_first->field.tqe_prev = \ &(elm)->field.tqe_next; \ else \ (head)->tqh_last = &(elm)->field.tqe_next; \ (head)->tqh_first = (elm); \ (elm)->field.tqe_prev = &(head)->tqh_first; \ } while (0) #define TAILQ_INSERT_TAIL(head, elm, field) do { \ (elm)->field.tqe_next = NULL; \ (elm)->field.tqe_prev = (head)->tqh_last; \ *(head)->tqh_last = (elm); \ (head)->tqh_last = &(elm)->field.tqe_next; \ } while (0) #define TAILQ_INSERT_AFTER(head, listelm, elm, field) do { \ if (((elm)->field.tqe_next = (listelm)->field.tqe_next) != NULL)\ (elm)->field.tqe_next->field.tqe_prev = \ &(elm)->field.tqe_next; \ else \ (head)->tqh_last = &(elm)->field.tqe_next; \ (listelm)->field.tqe_next = (elm); \ (elm)->field.tqe_prev = &(listelm)->field.tqe_next; \ } while (0) #define TAILQ_INSERT_BEFORE(listelm, elm, field) do { \ (elm)->field.tqe_prev = (listelm)->field.tqe_prev; \ (elm)->field.tqe_next = (listelm); \ *(listelm)->field.tqe_prev = (elm); \ (listelm)->field.tqe_prev = &(elm)->field.tqe_next; \ } while (0) #define TAILQ_REMOVE(head, elm, field) do { \ if (((elm)->field.tqe_next) != NULL) \ (elm)->field.tqe_next->field.tqe_prev = \ (elm)->field.tqe_prev; \ else \ (head)->tqh_last = (elm)->field.tqe_prev; \ *(elm)->field.tqe_prev = (elm)->field.tqe_next; \ _Q_INVALIDATE((elm)->field.tqe_prev); \ _Q_INVALIDATE((elm)->field.tqe_next); \ } while (0) #define TAILQ_REPLACE(head, elm, elm2, field) do { \ if (((elm2)->field.tqe_next = (elm)->field.tqe_next) != NULL) \ (elm2)->field.tqe_next->field.tqe_prev = \ &(elm2)->field.tqe_next; \ else \ (head)->tqh_last = &(elm2)->field.tqe_next; \ (elm2)->field.tqe_prev = (elm)->field.tqe_prev; \ *(elm2)->field.tqe_prev = (elm2); \ _Q_INVALIDATE((elm)->field.tqe_prev); \ _Q_INVALIDATE((elm)->field.tqe_next); \ } while (0) #define TAILQ_CONCAT(head1, head2, field) do { \ if (!TAILQ_EMPTY(head2)) { \ *(head1)->tqh_last = (head2)->tqh_first; \ (head2)->tqh_first->field.tqe_prev = (head1)->tqh_last; \ (head1)->tqh_last = (head2)->tqh_last; \ TAILQ_INIT((head2)); \ } \ } while (0) #endif /* !_SYS_QUEUE_H_ */ ================================================ FILE: src/script.c ================================================ /* Run script when a (*,G) group is matched and installed in the kernel * * Copyright (C) 2011-2021 Joachim Wiberg * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include /* sigemptyset(), sigaction() */ #include #include #include #include #include #include #include #include /* AF_INET, AF_INET6 */ #include "log.h" #include "iface.h" #include "script.h" static char *exec = NULL; static pid_t script = 0; static void handler(int signo) { int status; pid_t pid = 1; (void)signo; while (pid > 0) { pid = waitpid(-1, &status, WNOHANG); if (pid == script) { script = 0; /* Script exit OK. */ if (WIFEXITED(status)) continue; /* Script exit status ... */ status = WEXITSTATUS(status); if (status) smclog(LOG_WARNING, "Script %s returned error: %d", exec, status); } } } int script_init(char *script) { struct sigaction sa; if (script && access(script, X_OK)) { smclog(LOG_ERR, "%s is not executable.", script); return -1; } exec = script; sa.sa_handler = handler; sa.sa_flags = 0; sigemptyset(&sa.sa_mask); sigaction(SIGCHLD, &sa, NULL); return 0; } int script_exec(struct mroute *mroute) { pid_t pid; char *argv[] = { exec, "reload", NULL, }; if (!exec) return 0; if (mroute) { char source[INET_ADDRSTR_LEN], group[INET_ADDRSTR_LEN]; inet_addr2str(&mroute->source, source, sizeof(source)); inet_addr2str(&mroute->group, group, sizeof(group)); setenv("source", source, 1); setenv("group", group, 1); argv[1] = "install"; } else { unsetenv("source"); unsetenv("group"); } pid = fork(); if (!pid) { /* Prevent children from accessing systemd socket (if enabled) */ unsetenv("NOTIFY_SOCKET"); _exit(execv(argv[0], argv)); } if (pid < 0) { smclog(LOG_WARNING, "Cannot start script %s: %s", exec, strerror(errno)); return EX_OSERR; } script = pid; return EX_OK; } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/script.h ================================================ /* SMCRoute script API */ #ifndef SMCROUTE_SCRIPT_H_ #define SMCROUTE_SCRIPT_H_ #include "mroute.h" int script_init (char *script); int script_exec (struct mroute *mroute); #endif /* SMCROUTE_SCRIPT_H_ */ ================================================ FILE: src/smcroutectl.c ================================================ /* Client for smcrouted, not needed if only using smcroute.conf * * Copyright (C) 2011-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include #ifdef HAVE_TERMIOS_H # include #endif #include #include #include #include #include #include "msg.h" #include "util.h" static const char version_info[] = PACKAGE_NAME " v" PACKAGE_VERSION; static char *ident = PACKAGE; static char *sock_file = NULL; static const char *prognm = NULL; static int heading = 1; static int detail = 0; static int plain = 0; static int help = 0; struct arg { char *name; int min_args; /* 0: command takes no arguments */ int val; char *arg; char *help; char *example; /* optional */ int has_detail; } args[] = { { NULL, 0, 'b', NULL, "Batch mode, read commands from stdin", NULL, 0 }, { NULL, 0, 'd', NULL, "Detailed output in show command", NULL, 0 }, { NULL, 1, 'i', "NAME", "Identity of routing daemon instance, default: " PACKAGE, "foo", 0 }, { NULL, 1, 'I', "NAME", NULL, NULL, 0 }, /* Alias, compat with older versions */ { NULL, 0, 'p', NULL, "Use plain table headings, no ctrl chars", NULL, 0 }, { NULL, 0, 't', NULL, "Skip table heading in show command", NULL, 0 }, { NULL, 1, 'u', "FILE", "UNIX domain socket for daemon, default: " RUNSTATEDIR "/" PACKAGE ".sock", "/tmp/foo.sock", 0 }, { "help", 0, 'h', NULL, "Show help text", NULL, 0 }, { "version", 0, 'v', NULL, "Show program version and support information", NULL, 0 }, { "flush" , 0, 'F', NULL, "Flush all dynamically installed (*,G) multicast routes", NULL, 0 }, { "kill", 0, 'k', NULL, "Kill running daemon", NULL, 0 }, { "reload", 0, 'H', NULL, "Reload .conf file, like SIGHUP", NULL, 0 }, { "restart", 0, 'H', NULL, NULL, NULL, 0 }, /* Alias, compat with older versions */ { "show", 0, 's', NULL, "Show status of routes, joined groups, interfaces, etc.", NULL, 1 }, { "add", 3, 'a', NULL, "Add a multicast route", "eth0 192.168.2.42 225.1.2.3 eth1 eth2", 0 }, { "remove", 2, 'r', NULL, "Remove a multicast route", "eth0 192.168.2.42 225.1.2.3", 0 }, { "del", 2, 'r', NULL, NULL, NULL, 0 }, /* Alias */ { "join", 2, 'j', NULL, "Join multicast group on an interface", "eth0 225.1.2.3", 0 }, { "leave", 2, 'l', NULL, "Leave joined multicast group", "eth0 225.1.2.3", 0 }, { NULL, 0, 0, NULL, NULL, NULL, 0 } }; /* * Build IPC message to send to the daemon using @cmd and @count * number of arguments from @argv. */ static struct ipc_msg *msg_create(uint16_t cmd, char *argv[], size_t count) { struct ipc_msg *msg; size_t len = 0; size_t i, sz; char *ptr; for (i = 0; i < count; i++) len += strlen(argv[i]) + 1; sz = sizeof(struct ipc_msg) + len + 1; if (sz > MX_CMDPKT_SZ) { errno = EMSGSIZE; return NULL; } msg = calloc(1, sz); if (!msg) return NULL; msg->len = sz; msg->cmd = cmd; msg->count = count; ptr = (char *)msg->argv; for (i = 0; i < count; i++) { len = strlen(argv[i]) + 1; ptr = memcpy(ptr, argv[i], len) + len; } *ptr = '\0'; /* '\0' behind last string */ return msg; } #define ESC "\033" static int get_width(void) { int ret = 79; #ifdef HAVE_TERMIOS_H struct pollfd fd = { STDIN_FILENO, POLLIN, 0 }; struct termios tc, saved; char buf[42]; memset(buf, 0, sizeof(buf)); tcgetattr(STDERR_FILENO, &tc); saved = tc; tc.c_cflag |= (CLOCAL | CREAD); tc.c_lflag &= ~(ICANON | ECHO | ECHOE | ISIG); tcsetattr(STDERR_FILENO, TCSANOW, &tc); fprintf(stderr, ESC "7" ESC "[r" ESC "[999;999H" ESC "[6n"); if (poll(&fd, 1, 300) > 0) { int row, col; if (scanf(ESC "[%d;%dR", &row, &col) == 2) ret = col; } fprintf(stderr, ESC "8"); tcsetattr(STDERR_FILENO, TCSANOW, &saved); #endif return ret; } static void print(char *line, int indent) { int type = 0; int i, len; chomp(line); /* Table headings, or repeat headers, end with a '=' */ len = (int)strlen(line) - 1; if (len > 0) { if (line[len] == '_') type = 1; if (line[len] == '=') type = 2; if (type) { if (!heading) return; line[len] = 0; } } switch (type) { case 1: if (!plain) { fprintf(stdout, "\e[4m%*s\e[0m\n%s\n", get_width(), "", line); return; } len = len < 79 ? 79 : len; for (i = 0; i < len; i++) fputc('_', stdout); fprintf(stdout, "\n%*s%s\n", indent, "", line); break; case 2: if (!plain) { len = get_width() - len; fprintf(stdout, "\e[7m%s%*s\e[0m\n", line, len, ""); return; } len = len < 79 ? 79 : len; for (i = 0; i < len; i++) fputc('=', stdout); fprintf(stdout, "\n%*s%s\n", indent, "", line); for (i = 0; i < len; i++) fputc('=', stdout); fputs("\n", stdout); break; default: puts(line); break; } } /* * Connects to the IPC socket of the server */ static int ipc_connect(char *path) { struct sockaddr_un sa; socklen_t len; int sd; sd = socket(AF_UNIX, SOCK_STREAM, 0); if (sd < 0) return -1; #ifdef HAVE_SOCKADDR_UN_SUN_LEN sa.sun_len = 0; /* <- correct length is set by the OS */ #endif sa.sun_family = AF_UNIX; if (!path) snprintf(sa.sun_path, sizeof(sa.sun_path), "%s/%s.sock", RUNSTATEDIR, ident); else snprintf(sa.sun_path, sizeof(sa.sun_path), "%s", path); len = offsetof(struct sockaddr_un, sun_path) + strlen(sa.sun_path); if (connect(sd, (struct sockaddr *)&sa, len) < 0) { int err = errno; if (ENOENT == errno) warnx("Cannot find IPC socket %s", sa.sun_path); close(sd); errno = err; return -1; } return sd; } static int ipc_command(uint16_t cmd, char *argv[], size_t count) { char buf[MX_CMDPKT_SZ + 1]; struct ipc_msg *msg; int retries = 30; int result = 0; ssize_t total; ssize_t len; FILE *fp; int sd; msg = msg_create(cmd, argv, count); if (!msg) { warn("Failed constructing IPC command"); return 1; } while ((sd = ipc_connect(sock_file)) < 0) { switch (errno) { case EACCES: warnx("Need root privileges to connect to daemon"); break; case ECONNREFUSED: if (--retries) { usleep(100000); continue; } warnx("Daemon not running"); break; case ENOENT: if (!sock_file) { warnx("Daemon may be running with another -i NAME"); break; } /* fallthrough */ default: warn("Failed connecting to daemon"); break; } free(msg); return 1; } /* Send command */ if (write(sd, msg, msg->len) != (ssize_t)msg->len) { warn("Communication with daemon failed"); close(sd); free(msg); return 1; } fp = tempfile(); if (!fp) { close(sd); free(msg); err(EX_OSERR, "Failed creating tempfile()"); } total = 0; while ((len = read(sd, buf, sizeof(buf) - 1)) > 0) { total += len; buf[len] = 0; fwrite(buf, len, 1, fp); } rewind(fp); if (total > 1) { if (cmd == 'S' || cmd == 's') { while (fgets(buf, sizeof(buf), fp)) print(buf, 0); } else { if (fgets(buf, sizeof(buf), fp)) warnx("%s", buf); result = 1; } } fclose(fp); close(sd); free(msg); return result; } static int usage(int code) { int i; printf("Usage:\n %s [OPTIONS] CMD [ARGS]\n\n", prognm); printf("Options:\n"); for (i = 0; args[i].val; i++) { if (!args[i].help) continue; if (args[i].name) continue; printf(" -%c %-10s %s\n", args[i].val, args[i].arg ? args[i].arg : "", args[i].help); } printf("\nCommands:\n"); for (i = 0; args[i].val; i++) { if (!args[i].help) continue; if (!args[i].name) continue; printf(" %-7s %s %s\n", args[i].name, args[i].min_args ? "ARGS" : " ", args[i].help); } printf("\nArguments:\n" " <---------- INBOUND ------------> <- OUTBOUND ->\n" " add IIF [SOURCE-IP[/LEN]] GROUP[/LEN] OIF [OIF ... ]\n" " remove IIF [SOURCE-IP[/LEN]] GROUP[/LEN]\n" "\n" " join IIF [SOURCE-IP[/LEN]] GROUP[/LEN]\n" " leave IIF [SOURCE-IP[/LEN]] GROUP[/LEN]\n" "\n" " show interfaces Show configured multicast interfaces\n" " show groups Show joined multicast groups\n" " show routes Show (*,G) and (S,G) multicast routes, default\n" "\n" "Note:\n" " Inbound (IIF) and outbound (OIF) interfaces can be either an interface\n" " name or a wildcard. E.g., \"eth+\" matches eth0, eth15, etc.\n" "\n"); return code; } static int version(void) { puts(version_info); printf("\n" "Bug report address: %s\n", PACKAGE_BUGREPORT); #ifdef PACKAGE_URL printf("Project homepage: %s\n", PACKAGE_URL); #endif return 0; } static int parse(int pos, int argc, char *argv[]) { struct arg *cmd = NULL; int status = 0; int c; while (pos < argc && !cmd) { char *arg = argv[pos]; int i; for (i = 0; args[i].val; i++) { char *nm = args[i].name; size_t len; if (!nm) continue; len = MIN(strlen(nm), strlen(arg)); if (strncmp(arg, nm, len)) continue; c = args[i].val; switch (c) { case 'h': help++; break; case 'v': return version(); default: cmd = &args[i]; if (help) goto help; if (argc - (pos + 1) < args[i].min_args) { warnx("Not enough arguments to command %s", nm); status = 1; goto help; } break; } break; /* Next arg */ } pos++; } if (help) { if (!cmd) return usage(0); help: while (!cmd->help) cmd--; printf("Help:\n" " %s\n\n" "Example:\n" " %s %s %s\n\n", cmd->help, prognm, cmd->name, cmd->example ? cmd->example : ""); return status; } if (!cmd) return ipc_command(detail ? 'S' : 's', NULL, 0); c = cmd->val; if (detail && cmd->has_detail) c -= 0x20; return ipc_command(c, &argv[pos], argc - pos); } static int batch(void) { char line[512]; int rc = 0; while (fgets(line, sizeof(line), stdin)) { char *ptr, *token, *args[10]; int num = 0; ptr = chomp(line); if (ptr[0] == '#') continue; while (num < 9 && (token = strsep(&ptr, " \t"))) args[num++] = token; if (!num) continue; rc += parse(0, num, args); } return rc; } static const char *progname(const char *arg0) { const char *nm; nm = strrchr(arg0, '/'); if (nm) nm++; else nm = arg0; return nm; } int main(int argc, char *argv[]) { int batch_mode = 0; int c; prognm = progname(argv[0]); while ((c = getopt(argc, argv, "bdhI:i:ptu:v")) != EOF) { switch (c) { case 'b': batch_mode = 1; break; case 'd': detail++; break; case 'h': help++; break; case 'I': /* compat with previous versions */ case 'i': ident = optarg; break; case 'p': plain = 1; break; case 't': heading = 0; break; case 'u': sock_file = optarg; break; case 'v': return version(); default: return usage(1); } } if (batch_mode) return batch(); return parse(optind, argc, argv); } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/smcrouted.c ================================================ /* Static multicast routing daemon * * Copyright (C) 2011-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include #include #include #include #include #include #include #include #include /* gettimeofday() */ #include #include "cap.h" #include "ipc.h" #include "log.h" #include "msg.h" #include "conf.h" #include "iface.h" #include "util.h" #include "timer.h" #include "notify.h" #include "script.h" #include "socket.h" #include "mrdisc.h" #include "mroute.h" #include "mcgroup.h" int background = 1; int do_vifs = 1; int do_syslog = 1; int cache_tmo = 60; int interval = MRDISC_INTERVAL_DEFAULT; int startup_delay = 0; int exit_delay = 0; int table_id = 0; char *script = NULL; char *ident = PACKAGE; const char *prognm = NULL; char *pid_file = NULL; char *conf_file = NULL; char *sock_file = NULL; int conf_vrfy = 0; static uid_t uid = 0; static gid_t gid = 0; volatile sig_atomic_t reloading = 0; volatile sig_atomic_t running = 1; static const char version_info[] = PACKAGE_NAME " v" PACKAGE_VERSION; /* Cleans up, i.e. releases allocated resources. Called via atexit() */ static void clean(void) { timer_exit(); mroute_exit(); mcgroup_exit(); ipc_exit(); iface_exit(); smclog(LOG_NOTICE, "Exiting."); } void reload(void) { notify_reload(); mcgroup_reload_beg(); mroute_reload_beg(); iface_update(); conf_read(conf_file, do_vifs); mroute_reload_end(do_vifs); mcgroup_reload_end(); /* Acknowledge client SIGHUP/reload */ notify_ready(NULL, uid, gid); } /* * Signal handler. Take note of the fact that the signal arrived * so that the main loop can take care of it. */ static void handler(int signo) { switch (signo) { case SIGINT: case SIGTERM: running = 0; break; case SIGHUP: reloading = 1; break; } } static void signal_init(void) { struct sigaction sa; sa.sa_handler = handler; sa.sa_flags = 0; /* Interrupt system calls */ sigemptyset(&sa.sa_mask); if (sigaction(SIGHUP, &sa, NULL) || sigaction(SIGTERM, &sa, NULL) || sigaction(SIGINT, &sa, NULL)) smclog(LOG_WARNING, "Failed setting up signal handlers: %s", strerror(errno)); } static void server_exit(void *arg) { (void)arg; smclog(LOG_NOTICE, "Exit delay timer expired."); exit(0); } static int server_loop(void) { script_init(script); mrdisc_init(interval); while (running) { if (reloading) { reload(); reloading = 0; } socket_poll(NULL); } return 0; } /* Init everything before forking, so we can fail and return an * error code in the parent and the initscript will fail */ static int start_server(void) { int api = 2, busy = 0; if (geteuid() != 0) { smclog(LOG_ERR, "Need root privileges to start %s", prognm); return EX_NOPERM; } if (background) { if (daemon(0, 0) < 0) { smclog(LOG_ERR, "Failed daemonizing: %s", strerror(errno)); return EX_OSERR; } } /* Hello world! */ smclog(LOG_NOTICE, "%s", version_info); if (startup_delay > 0) { smclog(LOG_INFO, "Startup delay requested, waiting %d sec before continuing.", startup_delay); sleep(startup_delay); } /* * Timer API needs to be initilized before mroute_init() */ timer_init(); if (exit_delay > 0) { smclog(LOG_INFO, "Exit delay requested, starting background timer, %d sec", exit_delay); timer_add(exit_delay, server_exit, NULL); } /* * Build list of multicast-capable physical interfaces */ iface_init(); if (mroute_init(do_vifs, table_id, cache_tmo)) { if (errno == EADDRINUSE) busy++; api--; } /* At least one API (IPv4 or IPv6) must have initialized successfully * otherwise we abort the server initialization. */ if (!api) { if (busy) { smclog(LOG_ERR, "Another multicast routing application is already running."); exit(EX_UNAVAILABLE); } smclog(LOG_ERR, "Kernel does not support multicast routing."); exit(EX_PROTOCOL); } atexit(clean); signal_init(); mcgroup_init(); ipc_init(sock_file); conf_read(conf_file, do_vifs); /* Everything setup, notify any clients waiting for us */ notify_ready(pid_file, uid, gid); /* Drop root privileges before entering the server loop */ cap_drop_root(uid, gid); return server_loop(); } static void cleanup(void) { if (conf_file) free(conf_file); conf_file = NULL; if (sock_file) free(sock_file); sock_file = NULL; } static int compose_paths(void) { /* Default .conf file path: "/etc" + '/' + "smcroute" + ".conf" */ if (!conf_file) { size_t len = strlen(SYSCONFDIR) + strlen(ident) + 7; conf_file = malloc(len); if (!conf_file) { smclog(LOG_ERR, "Failed allocating memory, exiting: %s", strerror(errno)); exit(EX_OSERR); } snprintf(conf_file, len, "%s/%s.conf", SYSCONFDIR, ident); } if (!sock_file) { size_t len = strlen(RUNSTATEDIR) + strlen(ident) + 7; sock_file = malloc(len); if (!sock_file) { smclog(LOG_ERR, "Failed allocating memory, exiting: %s", strerror(errno)); exit(EX_OSERR); } snprintf(sock_file, len, "%s/%s.sock", RUNSTATEDIR, ident); } /* Default is to let pidfile() API construct PID file from ident */ if (!pid_file) pid_file = ident; atexit(cleanup); return 0; } static int usage(int code) { char *pidfn; size_t len; compose_paths(); len = sizeof(RUNSTATEDIR) + strlen(pid_file) + 6; pidfn = malloc(len); if (!pidfn) err(EX_OSERR, "Failed allocating memory for PID file name"); if (pid_file[0] != '/') snprintf(pidfn, len, "%s/%s.pid", RUNSTATEDIR, pid_file); else snprintf(pidfn, len, "%s", pid_file); printf("Usage:\n" " %s [-hnNsv] [-c SEC] [-d SEC] [-e CMD] [-f FILE] [-i NAME] [-l LVL] " "\n" " " #ifdef ENABLE_MRDISC "[-m SEC] " #endif "[-P FILE] [-t ID] [-u FILE]\n" "\n" "Options:\n" " -c SEC Flush dynamic (*,G) multicast routes every SEC seconds,\n" " default 60 sec. Useful when source/interface changes\n" " -d SEC Startup delay, useful for delaying interface probe at boot\n" " -e CMD Script or command to call on startup/reload when all routes\n" " have been installed, or when a (*,G) is installed\n" " -f FILE Configuration file, default use ident NAME: %s\n" " -F FILE Check configuration file syntax, use -l to increase verbosity\n" " -h This help text\n" " -i NAME Identity for .conf/.pid/.sock file, and syslog, default: %s\n" " -l LVL Set log level: none, err, notice*, info, debug\n" #ifdef ENABLE_MRDISC " -m SEC Multicast router discovery, 4-180, default: 20 sec\n" #endif " -n Run daemon in foreground, when started by systemd or finit\n" " -N No multicast VIFs/MIFs created by default. Use with\n" " smcroute.conf `phyint enable` directive\n" #ifdef ENABLE_LIBCAP " -p USER[:GROUP] After initialization set UID and GID to USER and GROUP\n" #endif " -P FILE Set daemon PID file name, with optional path.\n" " Default use ident NAME: %s\n" " -s Use syslog, default unless running in foreground, -n\n" " -t ID Set multicast routing table ID, default: 0\n" " -u FILE UNIX domain socket path, for use with smcroutectl.\n" " Default use ident NAME: %s\n" " -v Show program version and support information\n" "\n", prognm, conf_file, ident, pidfn, sock_file); free(pidfn); cleanup(); return code; } static const char *progname(const char *arg0) { const char *nm; nm = strrchr(arg0, '/'); if (nm) nm++; else nm = arg0; return nm; } /** * main - Main program * * Parses command line options and enters either daemon or client mode. * * In daemon mode, acquires multicast routing sockets, opens IPC socket * and goes in receive-execute command loop. * * In client mode, creates commands from command line and sends them to * the daemon. */ int main(int argc, char *argv[]) { int log_opts = LOG_NDELAY | LOG_PID; int c, new_log_level = -1; prognm = progname(argv[0]); while ((c = getopt(argc, argv, "c:d:D:e:f:F:hI:i:l:m:nNp:P:st:u:v")) != EOF) { switch (c) { case 'c': /* cache timeout */ cache_tmo = atoi(optarg); break; case 'd': startup_delay = atoi(optarg); break; case 'D': /* Undocumented, used for testing. */ exit_delay = atoi(optarg); break; case 'e': script = optarg; break; case 'F': log_level = LOG_INFO; /* Raise log level for verify */ conf_vrfy = 1; /* fallthrough */ case 'f': conf_file = strdup(optarg); break; case 'h': /* help */ return usage(EX_OK); case 'I': /* compat with previous versions */ case 'i': ident = optarg; break; case 'l': new_log_level = loglvl(optarg); break; case 'm': #ifndef ENABLE_MRDISC warnx("Built without mrdisc support."); #else interval = atoi(optarg); if (interval < 4 || interval > 180) errx(1, "Invalid mrdisc announcement interval, 4-180."); #endif break; case 'n': /* run daemon in foreground, i.e., do not fork */ background = 0; do_syslog--; break; case 'N': do_vifs = 0; break; case 'p': cap_set_user(optarg, &uid, &gid); break; case 'P': /* Handled separately from the other files, no strdup() */ pid_file = optarg; break; case 's': /* Force syslog even though in foreground */ do_syslog++; break; case 't': #ifndef __linux__ errx(1, "Different multicast routing tables only available on Linux."); #else table_id = atoi(optarg); if (table_id < 0) return usage(EX_USAGE); #endif break; case 'u': sock_file = strdup(optarg); break; case 'v': /* version */ puts(version_info); printf("\n" "Bug report address: %s\n", PACKAGE_BUGREPORT); #ifdef PACKAGE_URL printf("Project homepage: %s\n", PACKAGE_URL); #endif return EX_OK; default: /* unknown option */ return usage(EX_USAGE); } } if (new_log_level != -1) log_level = new_log_level; compose_paths(); if (conf_vrfy) { smclog(LOG_INFO, "Verifying configuration file %s ...", conf_file); iface_init(); c = conf_read(conf_file, do_vifs); iface_exit(); return c; } if (!background && do_syslog < 1) log_opts |= LOG_PERROR; openlog(ident, log_opts, LOG_DAEMON); setlogmask(LOG_UPTO(log_level)); return start_server(); } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/socket.c ================================================ /* Socket helper functions * * Copyright (C) 2017-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "config.h" #include "queue.h" #include #ifdef HAVE_FCNTL_H #include #endif #include #include #include #include #include #include #include #include #include #include "log.h" struct sock { LIST_ENTRY(sock) link; int sd; void (*cb)(int, void *arg); void *arg; }; static int max_fdnum = -1; static LIST_HEAD(slist, sock) sock_list = LIST_HEAD_INITIALIZER(); int nfds(void) { return max_fdnum + 1; } /* * register socket/fd/pipe created elsewhere, optional callback */ int socket_register(int sd, void (*cb)(int, void *), void *arg) { struct sock *entry; entry = malloc(sizeof(*entry)); if (!entry) { smclog(LOG_ERR, "Failed allocating memory registering socket: %s", strerror(errno)); exit(EX_OSERR); } entry->sd = sd; entry->cb = cb; entry->arg = arg; LIST_INSERT_HEAD(&sock_list, entry, link); #if !defined(HAVE_SOCK_CLOEXEC) && defined(HAVE_FCNTL_H) fcntl(sd, F_SETFD, fcntl(sd, F_GETFD) | FD_CLOEXEC); #endif /* Keep track for select() */ if (sd > max_fdnum) max_fdnum = sd; return sd; } /* * create socket, with optional callback for reading inbound data */ int socket_create(int domain, int type, int proto, void (*cb)(int, void *), void *arg) { int val = 0; int sd; #ifdef HAVE_SOCK_CLOEXEC type |= SOCK_CLOEXEC; #endif sd = socket(domain, type, proto); if (sd < 0) return -1; if (domain == AF_UNIX) goto done; #ifdef HAVE_IPV6_MULTICAST_HOST if (domain == AF_INET6) { if (setsockopt(sd, IPPROTO_IPV6, IPV6_MULTICAST_LOOP, &val, sizeof(val))) smclog(LOG_WARNING, "failed disabling IPV6_MULTICAST_LOOP: %s", strerror(errno)); #ifdef IPV6_MULTICAST_ALL if (setsockopt(sd, IPPROTO_IPV6, IPV6_MULTICAST_ALL, &val, sizeof(val))) smclog(LOG_WARNING, "failed disabling IPV6_MULTICAST_ALL: %s", strerror(errno)); #endif } else #endif /* HAVE_IPV6_MULTICAST_HOST */ { if (setsockopt(sd, IPPROTO_IP, IP_MULTICAST_LOOP, &val, sizeof(val))) smclog(LOG_WARNING, "failed disabling IP_MULTICAST_LOOP: %s", strerror(errno)); #ifdef IP_MULTICAST_ALL if (setsockopt(sd, IPPROTO_IP, IP_MULTICAST_ALL, &val, sizeof(val))) smclog(LOG_WARNING, "failed disabling IP_MULTICAST_ALL: %s", strerror(errno)); #endif } done: if (socket_register(sd, cb, arg) < 0) { close(sd); return -1; } return sd; } int socket_close(int sd) { struct sock *entry, *tmp; LIST_FOREACH_SAFE(entry, &sock_list, link, tmp) { if (entry->sd == sd) { LIST_REMOVE(entry, link); close(entry->sd); free(entry); return 0; } } errno = ENOENT; return -1; } int socket_poll(struct timeval *timeout) { int num; fd_set fds; struct sock *entry; FD_ZERO(&fds); LIST_FOREACH(entry, &sock_list, link) FD_SET(entry->sd, &fds); num = select(nfds(), &fds, NULL, NULL, timeout); if (num <= 0) { /* Log all errors, except when signalled, ignore failures. */ if (num < 0 && EINTR != errno) smclog(LOG_WARNING, "Failed select(): %s", strerror(errno)); return num; } LIST_FOREACH(entry, &sock_list, link) { if (!FD_ISSET(entry->sd, &fds)) continue; if (entry->cb) entry->cb(entry->sd, entry->arg); } return num; } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/socket.h ================================================ /* Helper functions * * Copyright (C) 2017-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef SMCROUTE_SOCKET_H_ #define SMCROUTE_SOCKET_H_ #include #include #include int socket_register(int sd, void (*cb)(int, void *), void *arg); int socket_create (int domain, int type, int proto, void (*cb)(int, void *), void *arg); int socket_close (int sd); int socket_poll (struct timeval *timeout); #endif /* SMCROUTE_SOCKET_H_ */ ================================================ FILE: src/systemd.c ================================================ /* systemd service monitor backend */ #include #include void systemd_notify_ready(const char *status) { sd_notifyf(0, "READY=1\nSTATUS=%s\nMAINPID=%lu\n", status, (unsigned long)getpid()); } void systemd_notify_reload(const char *status) { sd_notifyf(0, "RELOADING=1\nSTATUS=%s\n", status); } ================================================ FILE: src/timer.c ================================================ /* Timer helper functions * * Copyright (C) 2017-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include "queue.h" #include #include #include /* memset() */ #include /* malloc() */ #include #include /* read()/write() */ #include #include "log.h" #include "socket.h" #include "timer.h" /* * TODO * - Timers should ideally be sorted in priority order, and/or * - Investigate using the pipe to notify which timer expired */ struct timer { LIST_ENTRY(timer) link; int active; /* Set to 0 to delete */ int period; /* period time in seconds */ struct timespec timeout; void (*cb)(void *arg); void *arg; }; static timer_t timer; static int timerfd[2]; static LIST_HEAD(tlist, timer) timer_list = LIST_HEAD_INITIALIZER(); static void set(struct timer *t, struct timespec *now) { t->timeout.tv_sec = now->tv_sec + t->period; t->timeout.tv_nsec = now->tv_nsec; } static int expired(struct timer *t, struct timespec *now) { long round_nsec; round_nsec = now->tv_nsec + 250000000; round_nsec = round_nsec > 999999999 ? 999999999 : round_nsec; if (t->timeout.tv_sec < now->tv_sec) return 1; if (t->timeout.tv_sec == now->tv_sec && t->timeout.tv_nsec <= round_nsec) return 1; return 0; } static struct timer *compare(struct timer *a, struct timer *b) { if (a->timeout.tv_sec <= b->timeout.tv_sec) { if (a->timeout.tv_sec == b->timeout.tv_sec) { if (a->timeout.tv_nsec <= b->timeout.tv_nsec) return a; return b; } return a; } return b; } static struct timer *find(void (*cb), void *arg) { struct timer *entry; LIST_FOREACH(entry, &timer_list, link) { if (entry->cb != cb || entry->arg != arg) continue; return entry; } return NULL; } static int start(struct timespec *now) { struct itimerspec it = { 0 }; struct timer *next, *entry; if (LIST_EMPTY(&timer_list)) return -1; next = LIST_FIRST(&timer_list); LIST_FOREACH(entry, &timer_list, link) next = compare(next, entry); it.it_value.tv_sec = next->timeout.tv_sec - now->tv_sec; it.it_value.tv_nsec = next->timeout.tv_nsec - now->tv_nsec; if (it.it_value.tv_nsec < 0) { it.it_value.tv_sec -= 1; it.it_value.tv_nsec = 1000000000 + it.it_value.tv_nsec; } if (it.it_value.tv_sec < 0) it.it_value.tv_sec = 0; if (timer_settime(timer, 0, &it, NULL)) smclog(LOG_ERR, "Failed starting %.1f sec period timer, errno %d: %s", difftime(next->timeout.tv_sec, now->tv_sec), errno, strerror(errno)); return 0; } /* callback for activity on pipe */ static void run(int sd, void *arg) { struct timer *entry, *tmp; struct timespec now; char dummy; (void)arg; if (read(sd, &dummy, 1) < 0) smclog(LOG_DEBUG, "Failed read(pipe): %s", strerror(errno)); clock_gettime(CLOCK_MONOTONIC, &now); LIST_FOREACH_SAFE(entry, &timer_list, link, tmp) { if (expired(entry, &now)) { if (entry->cb) entry->cb(entry->arg); set(entry, &now); } if (!entry->active) { LIST_REMOVE(entry, link); free(entry); } } start(&now); } /* write to pipe to create an event for select() on SIGALRM */ static void handler(int signo) { (void)signo; if (write(timerfd[1], "!", 1) < 0) smclog(LOG_DEBUG, "Failed write(pipe): %s", strerror(errno)); } /* * register signal pipe and callbacks */ int timer_init(void) { struct sigaction sa; if (pipe(timerfd)) { smclog(LOG_ERR, "Failed creating timer pipe(): %s", strerror(errno)); exit(EX_OSERR); } socket_register(timerfd[0], run, NULL); socket_register(timerfd[1], NULL, NULL); sa.sa_handler = handler; sa.sa_flags = 0; sigemptyset(&sa.sa_mask); sigaction(SIGALRM, &sa, NULL); if (timer_create(CLOCK_MONOTONIC, NULL, &timer)) { socket_close(timerfd[0]); socket_close(timerfd[1]); return -1; } return 0; } /* * cleanup and free for program exit */ void timer_exit(void) { struct timer *entry, *tmp; timer_delete(timer); socket_close(timerfd[0]); socket_close(timerfd[1]); LIST_FOREACH_SAFE(entry, &timer_list, link, tmp) { LIST_REMOVE(entry, link); free(entry); } } /* * create periodic timer (seconds) */ int timer_add(int period, void (*cb)(void *), void *arg) { struct timespec now; struct timer *t; t = find(cb, arg); if (t && t->active) { errno = EEXIST; return -1; } if (clock_gettime(CLOCK_MONOTONIC, &now) < 0) return -1; t = malloc(sizeof(*t)); if (!t) { smclog(LOG_ERR, "Out of memory in %s()", __func__); exit(EX_OSERR); } t->active = 1; t->period = period; t->cb = cb; t->arg = arg; set(t, &now); LIST_INSERT_HEAD(&timer_list, t, link); return start(&now); } /* * delete a timer */ int timer_del(void (*cb)(void *), void *arg) { struct timer *entry; entry = find(cb, arg); if (!entry) return 1; /* Mark for deletion and issue a new run */ entry->active = 0; handler(0); return 0; } /** * Local Variables: * indent-tabs-mode: t * c-file-style: "linux" * End: */ ================================================ FILE: src/timer.h ================================================ /* Timer helper functions * * Copyright (C) 2017-2021 Joachim Wiberg * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef SMCROUTE_TIMER_H_ #define SMCROUTE_TIMER_H_ int timer_init (void); void timer_exit (void); int timer_add (int period, void (*cb)(void *), void *arg); int timer_del (void (*cb)(void *), void *arg); #endif /* SMCROUTE_TIMER_H_ */ ================================================ FILE: src/util.h ================================================ /* Utilitity and replacement functions */ #ifndef SMCROUTE_UTIL_H_ #define SMCROUTE_UTIL_H_ #include "config.h" #include #include #include "mroute.h" #ifndef MIN #define MIN(a, b) ((a) < (b) ? (a) : (b)) #endif #ifndef MAX #define MAX(a, b) ((a) < (b) ? (b) : (a)) #endif /* From The Practice of Programming, by Kernighan and Pike */ #ifndef NELEMS #define NELEMS(array) (sizeof(array) / sizeof(array[0])) #endif int pidfile_create(const char *basename, uid_t uid, gid_t gid); #ifndef HAVE_UTIMENSAT int utimensat(int dirfd, const char *pathname, const struct timespec ts[2], int flags); #endif #ifndef HAVE_STRLCPY size_t strlcpy(char *dst, const char *src, size_t len); #endif #ifndef HAVE_STRLCAT size_t strlcat(char *dst, const char *src, size_t dsize); #endif #ifndef HAVE_TEMPFILE FILE *tempfile(void); #endif int is_range(char *arg); inline static char *chomp(char *str) { char *p; if (!str || strlen(str) < 1) { errno = EINVAL; return NULL; } p = str + strlen(str) - 1; while (p >= str && *p == '\n') *p-- = 0; return str; } #endif /* SMCROUTE_UTIL_H_ */ ================================================ FILE: test/.gitignore ================================================ *.conf *.ip *.trs *.result *.pcap ================================================ FILE: test/Makefile.am ================================================ EXTRA_DIST = adv.sh basic.sh batch.sh bridge.sh dyn.sh expire.sh gre.sh ipv6.sh EXTRA_DIST += include.sh isolated.sh join.sh joinlen.sh lib.sh lost.sh EXTRA_DIST += multi.sh mem.sh mrcache.sh mrdisc.sh poison.sh EXTRA_DIST += reload.sh reload6.sh vlan.sh vrfy.sh CLEANFILES = *~ *.trs *.log TEST_EXTENSIONS = .sh TESTS_ENVIRONMENT = unshare -mrun --map-auto TESTS = expire.sh TESTS += adv.sh TESTS += basic.sh TESTS += batch.sh TESTS += bridge.sh TESTS += dyn.sh TESTS += gre.sh TESTS += include.sh TESTS += ipv6.sh TESTS += isolated.sh TESTS += join.sh TESTS += joinlen.sh TESTS += lost.sh TESTS += mem.sh TESTS += mrcache.sh TESTS += mrdisc.sh TESTS += multi.sh TESTS += poison.sh TESTS += reload.sh TESTS += reload6.sh TESTS += vlan.sh TESTS += vrfy.sh ================================================ FILE: test/README.md ================================================ Module Tests ============ The following tests verify fundamental functionality of SMCRoute when `configure --enable-test`. Required tools to be installed and available in `$PATH`: - `ip` and `bridge` (iproute2 package, not the BusyBox variants) - `iptables`, for the 1:1 NAT test - `ping` - `tshark` (because `tcpdump -w foo.pcap` doesn't work in an unshare) - `valgrind`, for the memleak test > [!IMPORTANT] > One of the tests makes use of `iptables`, which may not work in an > `unshare(1)`, unless you have v1.8.7 or newer that supports the > `XTABLES_LOCKFILE` environment variable. As a workaround you can > `chmod a+rw /var/run/xtables.lock`. > > Also, as of Ubuntu 24.04 blocks user namespaces for unprivileged users > by default, meaning you need some `sysctl` magic to set up your system > see : > > sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 > > Finally, the GRE test require the `ip_gre.ko` kernel module to be > loaded. If not, the test will be skipped. Running ------- To run the tests: ~$ sudo modprobe ip_gre # if you have sudo capabilities ~$ cd src/smcroute ~/src/smcroute$ ./autogen.sh ~/src/smcroute$ ./configure --enable-test --enable-mrdisc ~/src/smcroute$ make -j9 ~/src/smcroute$ make check Each unit test is standalone. To manually run select tests: ~/src/smcroute$ cd test/ ~/src/smcroute/test$ unshare -mrun ./testname.sh The tools `ping` and `tshark` are used to create and listen to multicast streams "routed by" SMCRoute. > [!NOTE] > These tests must be run in sequence, not in parallel, because they use > the same interface names *and*, most importantly, we may run on a > kernel w/o multicast policy routing support! [1]: https://github.com/libnet/nemesis [2]: https://github.com/troglobit/smcroute/actions/workflows/build.yml Topologies ---------- The following test topologies are employed to verify different aspects and use-cases supported by SMCRoute. ### Basic Interfaces `a1` and `a2` are Linux dummy type interfaces. SMCRoute .------ router -----. / \ MC -----> a1 a2 ------> MC ### Basic Plus Same as Basic, but with more inbound/output interfaces, useful for testing wildcard interface matching. SMCRoute .====== router =====. //// \\\\ MC ----> a1/// \\\b1 ------> MC MC ----> a2// \\b2 ------> MC MC ----> a3/ \b3 ------> MC MC ----> a4 b4 ------> MC ### Basic w/ VLANs Interfaces `a1` and `a2` are Linux dummy type interfaces with VLAN interfaces created on top. The topology sets up two VLAN interfaces per dummy interface, VID 100 and 110. SMCRoute .------.== router ==.------. / / \ \ MC --> a1.100 a1.110 a2.100 a2.110 --> MC \ / \ / a1 a2 ### Bridged w/ VLANs Two VETH pairs (a1:b1 and a2:b2) are attached to a bridge with VLAN filtering enabled. On top of the bridge two VLAN interfaces are created on which routing takes place. SMCRoute .-- router --. / \ vlan1 vlan2 \ / bridge0 MC -----> a1 / \ a2 -----> MC '------' '------' Both bridge ports, `a1` and `a2`, are untagged members of each VLAN. > [!NOTE] > interface `a1` and `vlan1` are in the same VLAN (VID 1), and > interface `a2` and `vlan2` are in the same VLAN (VID 2). ### Isolated Endpoints Bridged w/ VLANs Like the default bridge, but each endpoint is in an isolated network namespace. This allows setting both IPv4 & IPv6 addresses on all interfaces and using ping6 as emitter instead of requiring [nemesis][1]. SMCRoute .-- router --. / \ netns: left vlan1 vlan2 netns: right .-------------. \ / .-------------. | | bridge0 | | | MC --> eth0 | / \ | eth0 --> MC | | `--------' '---------' | '-------------' '-------------' Both bridge ports, `a1` and `a2`, are untagged members of each VLAN. > [!NOTE] > interface `a1` and `vlan1` are in the same VLAN (VID 1), and > interface `a2` and `vlan2` are in the same VLAN (VID 2). ### Isolated Similar to Basic, but with two VETH pairs with the outer end of each in an isolated network namespace. Purpose is to emulate true end devices. SMCRoute netns: left .-- router --. netns: right .-----------. / \ .-----------. | | b1 b2 | | | MC --> a1-|-----' `----|-a2 --> MC | | | | | '-----------' VETH pairs: aN//brN '-----------' In netns: eth0 ### Multi Domain This topology is intended to be used for testing multiple routers. The bridge in the shared segment is only used to connect the two VETH pairs. netns: left netns: right .-------------. .-------------. | smcrouted | | smcrouted | | / \ | br0 | / \ | MC --> eth1 eth0 | / \ | eth0 eth1 <-- MC | `------' '-------' | '-------------' 192.168.0.0/24 '-------------' 10.0.0.0/24 10.0.0.0/24 The idea is to provide a very tricky, but also very common, use case; replicated setups with the same IP subnet forwarding multicast to a shared LAN. Commonly worked around using 1:1 NAT, or IP masquerading. Neither of which is really best friends with IP multicast routing. Tests ----- ### Advanced Routing The test use ten ingressing multicast streams, starting at 225.1.2.3. With a single initial SSM route matching one of the streams. The remaining nine are installed in the kernel MFC with a stop-filter. - Verify that the SSM route works - Verify that no other multicast stream is forwarded Now, add an ASM route for 225.1.2.3/29 and verify that the new ASM route matches a subset of the installed stop-filters, changing them to proper SSM routes. Remove the 225.1.2.3/29 route and verify that the filters are changed back to stop-filters, and that the first SSM stream (which is in the same range) is not affected. **Topology:** Basic ### Basic Routing Verifies routing between two interfaces a1 and a2. Multicast is injected on a1 and tcpdump verifies function on a2. **Topology:** Basic ### Bridge VLANs Slightly more advanced test case, a bridge with two VLAN interfaces on top and two VETH pairs acting as untagged ports to the bridge in each of the VLANs. The other end of each VETH pair is placed in an isolated network namespace to allow proper IP networking to be set up. **Topology:** Isolated Bridged w/ VLANs ### Dynamic Routes Different combinations of `(*,G/LEN)` to `(S/LEN, G)` routing is tested here for both IPv4 and IPv6. **Topology:** Basic ### Expiration of Dynamic Routes The command line option `smcrouted -c SEC` can be used to tweak the cache timeout for `(*,G)` routes. This test verifies that it works as intended for both IPv4 and IPv6. **Topology:** Basic ### Include Files This test does not traffic or forwarding verification, it only tests that the `include` directive for `smcroute.conf` works. **Topology:** Basic ### IPv6 (S,G) and (*,G) Forwarding Similar to the Bridged VLAN test, only with IPv6. **Topology:** Basic ### Isolated (*,G) Forwarding This test is currently very similar to the Basic test, but can easily be extended with IPv6 support as well. The trick here is to use the nested network namespace support, introduced in the new Isolated topology. The Isolated topology allows setting interface addresses, both IPv4 and IPv6 (!), regardless of the environment (and as long as the underlying Linux kernel supports it). This means a standard tool like `ping` can be used to send multicast. Lowering the barrier of entry to run tests. **Topology:** Isolated ### Join/Leave ASM/SSM Verify ASM & SSM join and leave for IPv4 & IPv6. Since ASM and SSM cannot be mixed on the same interface (fallback to ASM occurs), we use different interfaces and verify operation by inspecting the Linux `ip maddr` and `/proc/net/mcfilter` output. **Topology:** Basic ### Join/Leave ASM/SSM with Prefix Length Verify ASM & SSM join and leave for IPv4 & IPv6 in various prefix length combinations; `(S/LEN, G)`, `(S, G/LEN)`, and `(S/LEN, G/LEN)`. Since ASM and SSM cannot be mixed on the same interface (fallback to ASM occurs), we use different interfaces and verify operation by inspecting the Linux `ip maddr` and `/proc/net/mcfilter` output. **Topology:** Basic ### Multiple Routers with 1:1 NAT Verify multicast forwarding from two separate LANs to a shared segment, where the two separate LANs have the same IP subnet. To make things worse, the same IP source address will be used for both multicast senders. Note, this test requires the host system also has `iptables`. If the test cannot find the `iptables` tool, it will `exit 77` to trigger a SKIP in the test suite. **Topology:** Multi Domain ### Poison Pill Routes Verifies `(*,G/LEN)` routes from a set of approved inbound interfaces are properly installed in the kernel MFC. While blocking traffic to the same groups from other inbound interfaces using stop-filter, or "poison pill", routes (no outbound interfaces). For details, see issue #143. Note, this test assumed the origin `S` of inbound traffic differs between inbound interfaces. I.e., the same `S` on different inbound interfaces is not supported by `smcrouted`. **Topology:** Multi ### Reload .conf File (IPv4) Verifies that reloading the .conf file using `SIGHUP` or `reload` command to `smcroutectl` does not disturb established flows, and that the resulting configuration is properly set in the kernel. **Topology:** Multi ### Reload .conf File (IPv6) The same as the IPv4 test, but for IPv6. **Topology:** Multi ### VLAN Interfaces Similar to the basic routing test, except VLAN interfaces are created on top of the base interfaces, and routing takes place there. This test is based on [troglobit/smcroute#161][issue-161]. **Topology:** Basic w/ VLANs [issue-161]: https://github.com/troglobit/smcroute/issues/161 ================================================ FILE: test/adv.sh ================================================ #!/bin/sh # Verify stop-filter to SSM transition by adding *,G/LEN routes #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" phyint a1 enable phyint a2 enable mroute from a1 source 10.0.0.1 group 225.1.2.3 to a2 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & # Start emitters on a1 for 225.1.2.1 .. 225.1.2.10 emitter a1 10 show_mroute # Sanity check, the route from the conf file should work collect a2 -c3 'dst 225.1.2.3' sleep 3 lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.3 | tee "/tmp/$NM/result" | wc -l) # shellcheck disable=SC2086 [ $lines1 -lt 3 ] && FAIL # Add (*,G) routes for 225.1.2.1 .. 225.1.2.7, overlapping with previous 225.1.2.3 print "Adding *,225.1.2.3/29 ASM routes ..." ../src/smcroutectl -u "/tmp/$NM/sock" add a1 225.1.2.3/29 a2 show_mroute # Check for a sample of the added routes collect a2 -c6 'dst 225.1.2.6 or dst 225.1.2.3' sleep 3 print "Analyzing ..." lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.3 | tee "/tmp/$NM/result" | wc -l) lines2=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.6 | tee -a "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" # shellcheck disable=SC2086 disable=SC2166 [ $lines1 -lt 3 -o $lines2 -lt 3 ] && FAIL # When removing (*,G) routes, the (S,G) route from the conf file should remain print "Removing *,225.1.2.3/29 ASM routes ..." ../src/smcroutectl -u "/tmp/$NM/sock" del a1 225.1.2.3/29 show_mroute # Check for same sample, now we should no longer see 225.1.2.6, only 225.1.2.3 collect a2 -c3 'dst 225.1.2.6 or dst 225.1.2.3' sleep 3 print "Analyzing ..." lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.3 | tee "/tmp/$NM/result" | wc -l) lines2=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.6 | tee -a "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines1 for group 225.1.2.3 from R1, expected > 1" echo " => $lines2 for group 225.1.2.6 from R2, expected = 0" # shellcheck disable=SC2086 disable=SC2166 [ $lines1 -gt 1 -a $lines2 -eq 0 ] && OK FAIL ================================================ FILE: test/basic.sh ================================================ #!/bin/sh # Verifies IPv4 (S,G) and (*,G) rules by injecting frames on one # interface and verifying reception on another. #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" # basic (*,G) multicast routing phyint a1 enable phyint a2 enable mgroup from a1 source 10.0.0.1 group 225.3.2.1 mroute from a1 source 10.0.0.1 group 225.3.2.1 to a2 mgroup from a1 group 225.1.2.3 mroute from a1 group 225.1.2.3 to a2 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show interfaces echo "-----------------------------------------------------------------------------------" ip maddress echo "-----------------------------------------------------------------------------------" cat /proc/net/mcfilter echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show groups collect a2 -c12 'dst 225.3.2.1 or dst 225.1.2.3 or dst 225.1.2.4 or 225.1.2.5' print "Adding IPC routes ..." ../src/smcroutectl -u "/tmp/$NM/sock" add a1 225.1.2.4 a2 ../src/smcroutectl -u "/tmp/$NM/sock" add a1 10.0.0.1 225.1.2.5 a2 show_mroute print "Starting emitter ..." ping -c 3 -W 1 -I a1 -t 2 225.3.2.1 >/dev/null ping -c 3 -W 1 -I a1 -t 2 225.1.2.3 >/dev/null ping -c 3 -W 1 -I a1 -t 2 225.1.2.4 >/dev/null ping -c 3 -W 1 -I a1 -t 2 225.1.2.5 >/dev/null show_mroute print "Analyzing ..." lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.3 | tee "/tmp/$NM/result" | wc -l) lines2=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.3.2.1 | tee -a "/tmp/$NM/result" | wc -l) lines3=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.4 | tee -a "/tmp/$NM/result" | wc -l) lines4=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.5 | tee -a "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines1 for 225.1.2.3, expected => 2" echo " => $lines2 for 225.3.2.1, expected => 3" echo " => $lines3 for 225.1.2.4, expected => 2" echo " => $lines4 for 225.1.2.5, expected => 3" ########################################################################### DONE # Expect one frame lost due to initial (*,G) -> (S,G) route setup, while # we don't expect any frame loss in pure (S,G) routes # shellcheck disable=SC2166 disable=SC2086 [ $lines1 -ge 2 -a $lines2 -eq 3 -a $lines3 -ge 2 -a $lines4 -eq 3 ] && OK FAIL ================================================ FILE: test/batch.sh ================================================ #!/bin/sh # Verify batch mode, we just want to see the daemon accepting the # batched commands. # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic # IP world ... ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip addr add 2001:1::1/64 dev a1 ip addr add 2001:2::1/64 dev a2 ip -br a print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 print "Joining groups (batch)" ../src/smcroutectl -u "/tmp/$NM/sock" -b <<-EOF join a1 10.0.0.11 225.1.1.1 join a2 225.2.2.2 join a1 fc00::2 ff04::111 join a2 ff2e::22 EOF output=$(../src/smcroutectl -pu "/tmp/$NM/sock" show groups) echo "$output" [ "$(echo "$output" | grep 225.1.1.1 | sed 's/[[:space:]]*//g')" = "(10.0.0.11,225.1.1.1)a1" ] || FAIL "225.1.1.1" [ "$(echo "$output" | grep 225.2.2.2 | sed 's/[[:space:]]*//g')" = "(*,225.2.2.2)a2" ] || FAIL "225.2.2.2" [ "$(echo "$output" | grep ff04::111 | sed 's/[[:space:]]*//g')" = "(fc00::2,ff04::111)a1" ] || FAIL "ff04::111" [ "$(echo "$output" | grep ff2e::22 | sed 's/[[:space:]]*//g')" = "(*,ff2e::22)a2" ] || FAIL "ff2e::22" OK ================================================ FILE: test/bridge.sh ================================================ #!/bin/sh # Verifies (*,G) routing between VLANs on top of a VLAN filtering bridge # with bridge ports as VETH interfaces. The endpoints of the VETH pairs # are placed in isolated network namespaces to allow IP networking as # one expects. #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" LEFT=/tmp/$NM/b1 RIGHT=/tmp/$NM/b2 print "Creating world ..." topo isolated bridge "$LEFT" "$RIGHT" # IP World ip addr add 10.0.0.1/24 dev vlan1 nsenter --net="$LEFT" -- ip addr add 10.0.0.10/24 dev eth0 ip addr add 20.0.0.1/24 dev vlan2 nsenter --net="$RIGHT" -- ip addr add 20.0.0.10/24 dev eth0 bridge link bridge vlan ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" # vlan (*,G) multicast routing phyint vlan1 enable phyint vlan2 enable mroute from vlan1 group 225.1.2.3 to vlan2 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -u "/tmp/$NM/sock" & sleep 1 print "Starting collector ..." nsenter --net="$RIGHT" -- tshark -c 2 -lni eth0 -w "/tmp/$NM/pcap" 'dst 225.1.2.3' 2>/dev/null & echo $! >> "/tmp/$NM/PIDs" sleep 1 print "Starting emitter ..." nsenter --net="$LEFT" -- ping -c 3 -W 1 -I eth0 -t 3 225.1.2.3 show_mroute print "Analyzing ..." lines=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.3 | tee "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines for 225.1.2.3, expected => 2" ########################################################################### DONE # one frame lost due to initial (*,G) -> (S,G) setup [ "$lines" = "2" ] && OK FAIL ================================================ FILE: test/dyn.sh ================================================ #!/bin/sh # Verifies (*,G/LEN) and (S/LEN,G) routing by injecting frames on one # interface and verifying reception on another. #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip addr add 2001:1::1/64 dev a1 ip addr add fc00::42/64 dev a1 ip addr add 2001:2::1/64 dev a2 ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" # basic (*,G/LEN) multicast routing phyint a1 enable phyint a2 enable mroute from a1 group 225.1.2.3/24 to a2 mroute from a1 group ff2e::42/121 to a2 mroute from a1 source 10.0.0.1/24 group 225.3.2.1 to a2 mroute from a1 source fc00::1/64 group ff04::114 to a2 mroute from a1 source 10.0.0.1 group 225.3.3.3/24 to a2 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show interfaces echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show routes collect a2 -c21 'dst 225.1.2.1 or dst 225.1.2.201 or dst ff2e::42 or dst ff2e::7f or dst 225.3.2.1 or dst ff04::114 or dst 225.3.3.1' print "Starting emitter ..." ping -c 3 -W 1 -I a1 -t 2 225.1.2.1 >/dev/null ping -c 3 -W 1 -I a1 -t 2 225.1.2.201 >/dev/null ping -6 -c 3 -W 1 -I fc00::42 -t 2 ff2e::42 >/dev/null ping -6 -c 3 -W 1 -I fc00::42 -t 2 ff2e::7f >/dev/null ping -c 3 -W 1 -I a1 -t 2 225.3.2.1 >/dev/null ping -6 -c 3 -W 1 -I fc00::42 -t 2 ff04::114 >/dev/null ping -c 3 -W 1 -I a1 -t 2 225.3.3.1 >/dev/null show_mroute print "Analyzing ..." lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.1 | tee "/tmp/$NM/result" | wc -l) lines2=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.201 | tee "/tmp/$NM/result" | wc -l) lines3=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff2e::42 | tee "/tmp/$NM/result" | wc -l) lines4=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff2e::7f | tee "/tmp/$NM/result" | wc -l) lines5=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.3.2.1 | tee "/tmp/$NM/result" | wc -l) lines6=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff04::114 | tee "/tmp/$NM/result" | wc -l) lines7=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.3.3.1 | tee "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines1 for 225.1.2.1, expected >= 2" echo " => $lines2 for 225.1.2.201, expected >= 2" echo " => $lines3 for ff2e::42, expected >= 2" echo " => $lines4 for ff2e::7f, expected >= 2" echo " => $lines5 for 225.3.2.1, expected >= 2" echo " => $lines6 for ff04::114, expected >= 2" echo " => $lines7 for 225.3.3.1, expected >= 2" ########################################################################### DONE # Expect one frame lost due to initial (*,G) -> (S,G) route setup # shellcheck disable=SC2166 disable=SC2086 [ $lines1 -ge 2 -a $lines2 -ge 2 -a $lines3 -ge 2 -a $lines4 -ge 2 -a $lines5 -ge 2 -a $lines6 -ge 2 -a $lines7 -ge 2 ] && OK FAIL ================================================ FILE: test/expire.sh ================================================ #!/bin/sh # Verifies IPv4 and IPv6 (*,G) => learned (S,G) flushing #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic # IP world ... ip addr add 10.0.0.1/24 dev a1 ip addr add 2001:1::1/64 dev a1 ip addr add fc00::1/64 dev a1 ip addr add 20.0.0.1/24 dev a1 ip addr add 2001:2::1/64 dev a2 ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" # ipv4 and ipv6 (*,G) multicast routing phyint a1 enable phyint a2 enable mroute from a1 source 10.0.0.10 group 225.3.2.1 to a2 mroute from a1 group 225.1.2.3 to a2 mroute from a1 source fc00::1 group ff04:0:0:0:0:0:0:114 to a2 mroute from a1 group ff2e::42 to a2 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -c 10 -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 collect a2 -c12 'dst ff04::114 or dst ff2e::42 or dst ff2e::43 or dst ff2e::44' print "Starting emitter ..." ping -c 3 -W 1 -I a1 -t 3 225.1.2.3 >/dev/null ping -6 -c 3 -W 1 -I 2001:1::1 -t 3 ff2e::42 >/dev/null show_mroute ip mroute | grep -q "(10.0.0.1,225.1.2.3)" [ $? -eq 0 ] || FAIL "Failed learning IPv4 (*,G) route" ip -6 mroute | grep -q "(2001:1::1,ff2e::42)" [ $? -eq 0 ] || FAIL "Failed learning IPv6 (*,G) route" print "Verifying (*,G) flush, please wait ... " sleep 11 show_mroute ip mroute | grep -q "(10.0.0.1,225.1.2.3)" [ $? -eq 1 ] || FAIL "Failed flushing IPv4 (*,G) route" ip -6 mroute | grep -q "(2001:1::1,ff2e::42)" [ $? -eq 1 ] || FAIL "Failed flushing IPv6 (*,G) route" print "Analyzing ..." lines2=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff2e::42 | tee -a "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines2 frames for group ff2e::42, expected >= 2" ########################################################################### DONE # shellcheck disable=SC2086 [ $lines2 -ge 2 ] && OK FAIL ================================================ FILE: test/gre.sh ================================================ #!/bin/sh # Verify multicast routing between two routers over a GRE tunnel # # netns: host1 netns: host2 # .-------------. .-------------. # | smcrouted | | smcrouted | # | / \ | br0 | / \ | # MC --> eth1 eth0 | / \ | eth0 eth1 <-- MC # | `------' '-------' | # '-------------' 192.168.0.0/24 '-------------' # 10.0.0.0/24 10.0.0.0/24 # # Note: you may have to `modprobe ip_gre` before the test. # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Checking dependencies ..." lsb_release -a uname -a check_dep grep -q ip_gre /proc/modules print "Creating world ..." topo multi host1 host2 # IP world ... echo "Links, addresses, and routes for host1 =====================================" nsenter --net=host1 -- ip addr add 192.168.0.10/24 dev eth0 nsenter --net=host1 -- ip addr add 10.0.0.1/24 dev eth1 nsenter --net=host1 -- ip tunnel add tun0 mode gre remote 192.168.0.20 local 192.168.0.10 ttl 255 nsenter --net=host1 -- ip addr add 172.16.0.10/24 dev tun0 nsenter --net=host1 -- ip link set tun0 multicast on nsenter --net=host1 -- ip link set tun0 up nsenter --net=host1 -- ip route add 20.0.0.0/24 via 172.16.0.10 nsenter --net=host1 -- ip -br l nsenter --net=host1 -- ip -br a nsenter --net=host1 -- ip -br r echo "Links, addresses, and routes for host2 =====================================" nsenter --net=host2 -- ip addr add 192.168.0.20/24 dev eth0 nsenter --net=host2 -- ip addr add 20.0.0.1/24 dev eth1 nsenter --net=host2 -- ip tunnel add tun0 mode gre remote 192.168.0.10 local 192.168.0.20 ttl 255 nsenter --net=host2 -- ip addr add 172.16.0.20/24 dev tun0 nsenter --net=host2 -- ip link set tun0 multicast on nsenter --net=host2 -- ip link set tun0 up nsenter --net=host2 -- ip route add 10.0.0.0/24 via 172.16.0.20 nsenter --net=host2 -- ip -br l nsenter --net=host2 -- ip -br a nsenter --net=host2 -- ip -br r print "Verifying connectivity ..." printf "host1 (172.16.0.10) " if ! nsenter --net=host1 -- ping -c 3 172.16.0.20; then FAIL "host1: cannot reach host2 over GRE tunnel" fi print "Creating config ..." cat <"/tmp/$NM/shared.conf" # shared.conf for both netns phyint tun0 enable phyint eth1 enable mgroup from eth1 group 225.1.2.3 mroute from eth1 group 225.1.2.3 to tun0 mgroup from tun0 group 225.1.2.3 mroute from tun0 group 225.1.2.3 to eth1 EOF cat "/tmp/$NM/shared.conf" print "Starting smcrouted instances ..." nsenter --net=host1 -- ../src/smcrouted -f "/tmp/$NM/shared.conf" -n -N -i host1 -l debug -u "/tmp/$NM/host1.sock" & echo $! >> "/tmp/$NM/PIDs" nsenter --net=host2 -- ../src/smcrouted -f "/tmp/$NM/shared.conf" -n -N -i host2 -l debug -u "/tmp/$NM/host2.sock" & echo $! >> "/tmp/$NM/PIDs" sleep 1 print "Starting collector on eth1@host2 ..." nsenter --net=host2 -- tshark -w "/tmp/$NM/pcap" -lni eth1 -c5 'dst 225.1.2.3' 2>/dev/null & echo $! >> "/tmp/$NM/PIDs" print "Starting emitters ..." nsenter --net=host1 -- ping -c 5 -W 1 -I eth1 -t 10 225.1.2.3 > /dev/null & sleep 5 print "Analyzing pcap from eth1@host2 ..." lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.3 | tee "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines1 for group 225.1.2.3 from host1, expected >= 4" # Expect one frame loss for each initial (*,G) -> (S,G) route setup # shellcheck disable=SC2086 [ $lines1 -ge 3 ] && OK FAIL ================================================ FILE: test/include.sh ================================================ #!/bin/sh # Verifies .conf include statement #set -x activate() { if [ -f /tmp/$NM/pid ]; then ../src/smcroutectl -u "/tmp/$NM/sock" reload else ../src/smcrouted -c 8 -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & fi sleep 1 } get_routes() { ip -6 mroute ip mroute } check_output() { show_mroute get_routes | grep -q "$2" [ "$?" = "$1" ] || FAIL "$3" } # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic # IP world ... ip addr add 10.0.0.1/24 dev a1 ip addr add 2001:1::1/64 dev a1 ip addr add fc00::1/64 dev a1 ip addr add 20.0.0.1/24 dev a1 ip addr add 2001:2::1/64 dev a2 ip -br a ######################################################### Plain conf, no include print "Creating /tmp/$NM/conf ..." cat < "/tmp/$NM/conf" phyint a1 enable phyint a2 enable mroute from a1 source 10.0.0.10 group 225.3.2.1 to a2 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." activate check_output 0 "(10.0.0.10,225.3.2.1)" "Failed reading initial .conf file" ######################################################## Include files from conf print "Creating /tmp/$NM/conf2 ..." echo "include /tmp/$NM/conf2" >> "/tmp/$NM/conf" cat <"/tmp/$NM/conf2" mroute from a1 source fc00::1 group ff04:0:0:0:0:0:0:114 to a2 include /tmp/$NM/*.foo EOF echo ">> /tmp/$NM/conf" cat "/tmp/$NM/conf" echo ">> /tmp/$NM/conf2" cat "/tmp/$NM/conf2" activate check_output 0 "(fc00::1,ff04::114)" "Failed reading conf2" ######################################################### Creating a.foo & b.foo print "Creating /tmp/$NM/{a,b}.foo ..." cat <"/tmp/$NM/a.foo" mroute from a1 source 10.0.0.1 group 225.1.2.3 to a2 EOF echo ">> /tmp/$NM/a.foo" cat "/tmp/$NM/a.foo" cat <"/tmp/$NM/b.foo" mroute from a1 source 10.0.0.2 group 225.1.2.1 to a2 EOF echo ">> /tmp/$NM/b.foo" cat "/tmp/$NM/b.foo" activate check_output 0 "(10.0.0.1,225.1.2.3)" "Failed reading a.foo" check_output 0 "(10.0.0.2,225.1.2.1)" "Failed reading b.foo" ################################################################# Removing b.foo print "Removing b.foo ..." rm "/tmp/$NM/b.foo" activate check_output 1 "(10.0.0.2,225.1.2.1)" "Failed removing old route from b.foo" ########################################################################### DONE OK ================================================ FILE: test/ipv6.sh ================================================ #!/bin/sh # Verifies IPv6 (S,G) and (*,G) rules, both from .conf file and IPC, by # injecting frames on one interface and verify reception on another. #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic # IP world ... ip addr add 2001:1::1/64 dev a1 ip addr add fc00::1/64 dev a1 ip addr add 2001:2::1/64 dev a2 ip addr add 2001:2:3:4:6:7:12:1/64 dev a2 ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" # ipv6 (*,G) multicast routing phyint a1 enable phyint a2 enable mgroup from a1 source fc00::1 group ff04:0:0:0:0:0:0:114 mroute from a1 source fc00::1 group ff04:0:0:0:0:0:0:114 to a2 mgroup from a1 group ff2e::42 mroute from a1 group ff2e::42 to a2 mroute from a1 group ff2e::7 to a2 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -c 5 -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show interfaces echo "-----------------------------------------------------------------------------------" ip -6 maddress echo "-----------------------------------------------------------------------------------" cat /proc/net/mcfilter6 echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show groups collect a2 -c12 'dst ff04::114 or dst ff2e::42 or dst ff2e::43 or dst ff2e::44' ../src/smcroutectl -u "/tmp/$NM/sock" add a1 ff2e::43 a2 ../src/smcroutectl -u "/tmp/$NM/sock" add a1 fc00::1 ff2e::44 a2 show_mroute print "Starting emitter ..." ping -6 -c 3 -W 1 -I fc00::1 -t 3 ff04::114 >/dev/null ping -6 -c 3 -W 1 -I 2001:1::1 -t 3 ff2e::42 >/dev/null ping -6 -c 3 -W 1 -I 2001:1::1 -t 3 ff2e::43 >/dev/null ping -6 -c 3 -W 1 -I fc00::1 -t 3 ff2e::44 >/dev/null ping -6 -c 3 -W 1 -I 2001:2:3:4:6:7:12:1 -t 3 ff2e::7 >/dev/null show_mroute print "Analyzing ..." lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff04::114 | tee "/tmp/$NM/result" | wc -l) lines2=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff2e::42 | tee -a "/tmp/$NM/result" | wc -l) lines3=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff2e::43 | tee -a "/tmp/$NM/result" | wc -l) lines4=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff2e::44 | tee -a "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines1 for group ff04::114, expected => 3" echo " => $lines2 for group ff2e::42, expected => 2" echo " => $lines3 for group ff2e::43, expected => 2" echo " => $lines4 for group ff2e::44, expected => 3" sleep 10 show_mroute ########################################################################### DONE # one frame lost due to initial (*,G) -> (S,G) route setup # no frames lost in pure (S,G) route # shellcheck disable=SC2166 disable=SC2086 [ $lines1 -eq 3 -a $lines2 -ge 2 -a $lines3 -ge 2 -a $lines4 -eq 3 ] && OK FAIL ================================================ FILE: test/isolated.sh ================================================ #!/bin/sh # Verifies (*,G) routing between two emulated end devices. #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" LEFT=/tmp/$NM/left RIGHT=/tmp/$NM/right LIF=$(basename "$LEFT") RIF=$(basename "$RIGHT") print "Creating world ..." topo isolated "$LEFT" "$RIGHT" # IP World ip addr add 10.0.0.1/24 dev "$LIF" nsenter --net="$LEFT" -- ip addr add 10.0.0.10/24 dev eth0 ip addr add 20.0.0.1/24 dev "$RIF" nsenter --net="$RIGHT" -- ip addr add 20.0.0.10/24 dev eth0 ip -br l ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" # vlan (*,G) multicast routing phyint $LIF enable phyint $RIF enable mroute from $LIF group 225.1.2.3 to $RIF EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 print "Starting collector ..." nsenter --net="$RIGHT" -- tshark -c 2 -lni eth0 -w "/tmp/$NM/pcap" dst 225.1.2.3 & echo $! >> "/tmp/$NM/PIDs" sleep 1 print "Starting emitter ..." nsenter --net="$LEFT" -- ping -c 3 -W 1 -I eth0 -t 3 225.1.2.3 show_mroute print "Analyzing ..." lines=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.3 | tee "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines expected 2" ########################################################################### DONE # one frame lost due to initial (*,G) -> (S,G) setup [ "$lines" = "2" ] && OK FAIL ================================================ FILE: test/join.sh ================================================ #!/bin/sh # Verify join/leave multicast groups for both IPv4 and IPv6 # a1 will be used to verify SSM and a2 to verify ASM # # Note: this test is really ugly and full of code duplcation # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic # IP world ... ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip addr add 2001:1::1/64 dev a1 ip addr add 2001:2::1/64 dev a2 ip -br a ################################################################## STATIC GROUPS print "Phase 1: Join groups (.conf)" cat < "/tmp/$NM/conf" # ASM + SSM join/leave multicast groups phyint a1 enable phyint a2 enable mgroup from a1 source fc00::1 group ff04:0:0:0:0:0:0:114 mgroup from a1 source 10.0.0.10 group 225.1.2.3 mgroup from a2 group ff2e::42 mgroup from a2 group 225.3.2.1 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show interfaces echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show groups echo "-----------------------------------------------------------------------------------" grep "0xe1010203 0x0a00000a" /proc/net/mcfilter config_ssm=$? grep "ff040000000000000000000000000114 fc000000000000000000000000000001" /proc/net/mcfilter6 config_ssm6=$? ip maddr show dev a2 | grep 225.3.2.1 config_asm=$? ip -6 maddr show dev a2 | grep ff2e::42 config_asm6=$? # shellcheck disable=SC2166 if [ $config_ssm -eq 0 -a $config_ssm6 -eq 0 ]; then echo "Config SSM join OK" config_ssm=0 else echo "Config SSM join FAIL" config_ssm=1 fi # shellcheck disable=SC2166 if [ $config_asm -eq 0 -a $config_asm6 -eq 0 ]; then echo "Config ASM join OK" config_asm=0 else echo "Config ASM join FAIL" config_asm=1 fi # shellcheck disable=SC2166 if [ $config_ssm -eq 0 -a $config_asm -eq 0 ]; then echo "Config join OK" config=0 else echo "Config join FAIL" config=1 fi #################################################################### JOIN GROUPS print "Phase 2: Join groups (IPC)" ../src/smcroutectl -u "/tmp/$NM/sock" join a1 10.0.0.11 225.1.1.1 ../src/smcroutectl -u "/tmp/$NM/sock" join a2 225.2.2.2 ../src/smcroutectl -u "/tmp/$NM/sock" join a1 fc00::2 ff04::111 ../src/smcroutectl -u "/tmp/$NM/sock" join a2 ff2e::22 echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show interfaces echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show groups echo "-----------------------------------------------------------------------------------" grep "0xe1010101 0x0a00000b" /proc/net/mcfilter dynamic_ssm=$? grep "ff040000000000000000000000000111 fc000000000000000000000000000002" /proc/net/mcfilter6 dynamic_ssm6=$? ip maddr show dev a2 | grep 225.2.2.2 dynamic_asm=$? ip -6 maddr show dev a2 | grep ff2e::22 dynamic_asm6=$? # shellcheck disable=SC2166 if [ $dynamic_ssm -eq 0 -a $dynamic_ssm6 -eq 0 ]; then echo "Dynamic SSM join OK" dynamic_ssm=0 else echo "Dynamic SSM join FAIL" dynamic_ssm=1 fi # shellcheck disable=SC2166 if [ $dynamic_asm -eq 0 -a $dynamic_asm6 -eq 0 ]; then echo "Dynamic ASM join OK" dynamic_asm=0 else echo "Dynamic ASM join FAIL" dynamic_asm=1 fi # shellcheck disable=SC2166 if [ $dynamic_ssm -eq 0 -a $dynamic_asm -eq 0 ]; then echo "Dynamic join OK" dynamic=0 else echo "Dynamic join FAIL" dynamic=1 fi ################################################################### LEAVE GROUPS print "Phase 3: Leave groups (IPC)" ../src/smcroutectl -u "/tmp/$NM/sock" leave a1 10.0.0.10 225.1.2.3 ../src/smcroutectl -u "/tmp/$NM/sock" leave a2 225.3.2.1 ../src/smcroutectl -u "/tmp/$NM/sock" leave a1 fc00::1 ff04::114 ../src/smcroutectl -u "/tmp/$NM/sock" leave a2 ff2e::42 echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show interfaces echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pu "/tmp/$NM/sock" show groups echo "-----------------------------------------------------------------------------------" grep "0xe1010203 0x0a00000a" /proc/net/mcfilter leave_ssm=$? grep "ff040000000000000000000000000114 fc000000000000000000000000000001" /proc/net/mcfilter6 leave_ssm6=$? ip maddr show dev a2 | grep 225.3.2.1 leave_asm=$? ip -6 maddr show dev a2 | grep ff2e::42 leave_asm6=$? # shellcheck disable=SC2166 if [ $leave_ssm -eq 1 -a $leave_ssm6 -eq 1 ]; then echo "Dynamic SSM leave OK" leave_ssm=0 else echo "Dynamic SSM leave FAIL" leave_ssm=1 fi # shellcheck disable=SC2166 if [ $leave_asm -eq 1 -a $leave_asm6 -eq 1 ]; then echo "Dynamic ASM leave OK" leave_asm=0 else echo "Dynamic ASM leave FAIL" leave_asm=1 fi # shellcheck disable=SC2166 if [ $leave_ssm -eq 0 -a $leave_asm -eq 0 ]; then echo "Dynamic leave OK" leave=0 else echo "Dynamic leave FAIL" leave=1 fi ########################################################################### DONE # shellcheck disable=SC2166 [ $config -eq 0 -a $dynamic -eq 0 -a $leave -eq 0 ] && OK FAIL ================================================ FILE: test/joinlen.sh ================================================ #!/bin/sh # only checking for a sample in each range check_output() { print "Verifying ..." if [ -n "$1" ]; then ip maddr show dev a2 if ! ip maddr show dev a2 | grep -q "$1"; then FAIL "Cannot find (* $1)" fi fi if [ -n "$2" ]; then cat /proc/net/mcfilter if ! grep -q "$2" /proc/net/mcfilter; then FAIL "Cannot find ($2)" fi fi } check_output6() { print "Verifying ..." if [ -n "$1" ]; then ip -6 maddr show dev a2 if ! ip -6 maddr show dev a2 | grep -q "$1"; then FAIL "Cannot find (* $1)" fi fi if [ -n "$2" ]; then cat /proc/net/mcfilter6 if ! grep -q "$2" /proc/net/mcfilter6; then FAIL "Cannot find ($2)" fi fi } # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic # IP world ... ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip addr add 2001:1::1/64 dev a1 ip addr add 2001:2::1/64 dev a2 ip -br a ################################################################## STATIC GROUPS print "Phase 1: Join groups (.conf)" cat < "/tmp/$NM/conf" # ASM + SSM join/leave multicast groups phyint a1 enable phyint a2 enable mgroup from a1 source 10.0.0.10 group 225.1.2.40/24 mgroup from a2 group 225.3.2.250/24 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 check_output "225.3.2.249" "0xe101022a 0x0a00000a" ################################################################### LEAVE GROUPS ../src/smcroutectl -u "/tmp/$NM/sock" leave a1 10.0.0.10 225.1.2.40/24 ../src/smcroutectl -u "/tmp/$NM/sock" leave a2 225.3.2.250/24 cat /proc/net/mcfilter ip maddr show dev a2 #################################################################### JOIN GROUPS print "Phase 2: Join groups (IPC)" ../src/smcroutectl -u "/tmp/$NM/sock" join a1 10.0.0.10 225.1.1.1/30 ../src/smcroutectl -u "/tmp/$NM/sock" join a2 225.0.0.1/30 check_output "225.0.0.2" "0xe1010102 0x0a00000a" ################################################################### LEAVE GROUPS print "Debug 1 ..." ../src/smcroutectl -u "/tmp/$NM/sock" show group ../src/smcroutectl -u "/tmp/$NM/sock" leave a1 10.0.0.10 225.1.1.1/30 ../src/smcroutectl -u "/tmp/$NM/sock" leave a2 225.0.0.1/30 ################################################################### JOIN SOURCES print "Debug 2 ..." ../src/smcroutectl -u "/tmp/$NM/sock" show group print "Phase 3: Join group from multiple sources (IPC)" ../src/smcroutectl -u "/tmp/$NM/sock" join a1 10.0.0.1/26 225.1.2.3 check_output "" "0xe1010203 0x0a00003e" ################################################################### LEAVE GROUPS print "Debug 3 ..." ../src/smcroutectl -u "/tmp/$NM/sock" show group ../src/smcroutectl -u "/tmp/$NM/sock" leave a1 10.0.0.1/26 225.1.2.3 ######################################################## JOIN SOURCES AND GROUPS print "Phase 4: Join multiple groups from multiple sources (IPC)" ../src/smcroutectl -u "/tmp/$NM/sock" join a1 10.0.0.1/30 225.1.2.3/30 check_output "" "0xe1010201 0x0a000003" ############################################################## JOIN IPv6 SOURCES print "Phase 5: Join IPv6 group from multiple sources (IPC)" ../src/smcroutectl -u "/tmp/$NM/sock" join a1 2001:1::1/122 ff2e::42 check_output6 "" "ff2e0000000000000000000000000042 2001000100000000000000000000001c" ../src/smcroutectl -u "/tmp/$NM/sock" show group ../src/smcroutectl -u "/tmp/$NM/sock" leave a1 2001:1::1/122 ff2e::42 ################################################### JOIN IPv6 SOURCES AND GROUPS print "Phase 6: Join multiple IPv6 groups from multiple sources (IPC)" ../src/smcroutectl -u "/tmp/$NM/sock" join a1 2001:1::1/126 ff2e::42/126 check_output6 "" "ff2e0000000000000000000000000041 20010001000000000000000000000002" ../src/smcroutectl -u "/tmp/$NM/sock" show group ../src/smcroutectl -u "/tmp/$NM/sock" leave a1 2001:1::1/122 ff2e::42/126 ########################################################################### DONE OK ================================================ FILE: test/lib.sh ================================================ #!/bin/sh # Test name, used everywhere as /tmp/$NM/foo NM=$(basename "$0" .sh) # Print heading for test phases print() { printf "\e[7m>> %-80s\e[0m\n" "$1" } SKIP() { print "TEST: SKIP" [ $# -gt 0 ] && echo "$*" exit 77 } FAIL() { print "TEST: FAIL" [ $# -gt 0 ] && echo "$*" exit 99 } CHECK() { [ "$@" ] || FAIL "$*" } OK() { print "TEST: OK" [ $# -gt 0 ] && echo "$*" exit 0 } # shellcheck disable=SC2068 check_dep() { if [ -n "$2" ]; then if ! $@; then SKIP "$* is not supported on this system." fi elif ! command -v "$1"; then SKIP "Cannot find $1, skipping test." fi } show_mroute() { # Show active routes (and counters) cat /proc/net/ip_mr_cache cat /proc/net/ip6_mr_cache echo "-----------------------------------------------------------------------------------" ip mroute ip -6 mroute echo "-----------------------------------------------------------------------------------" ../src/smcroutectl -pd -u "/tmp/$NM/sock" } emitter() { print "Starting emitter(s) on $1 ..." for i in $(seq 1 $2); do ping -I $1 -W 1 -t 3 225.1.2.$i >/dev/null & echo $! >> "/tmp/$NM/PIDs" done } collect() { print "Starting collector on $1 ..." tshark -w "/tmp/$NM/pcap" -lni "$@" 2>/dev/null & echo $! >> "/tmp/$NM/PIDs" sleep 2 } # Set up a basic bridge topology, two VETH pairs with one end in the # bridge and the other free. Each pair is also in a separate VLAN. # # No IP address assignment is done in topo files, only topology setup. # # Topology: ¦ # vlan1 ¦ vlan2 # \ ¦ / # a1 -------- br0 --------- a2 # ¦ # VLAN 1 ¦ VLAN 2 # # Note: in addition to VLAN filtering, the bridge has both IGMP and MLD # snooping disabled, because the main purpose of these tests is to # verify the IPv4 and IPv6 routing functionality of SMCRoute. # Future tests may include verifying join/leave of groups (TODO) topo_bridge() { cat << EOF > "$NM-topo.ip" link add br0 type bridge vlan_filtering 1 mcast_snooping 0 link add a1 type veth peer b1 link add a2 type veth peer b2 link set b1 master br0 link set b2 master br0 link set a1 up link set b1 up link set a2 up link set b2 up link set br0 up link add link br0 vlan1 type vlan id 1 link add link br0 vlan2 type vlan id 2 link set vlan1 up link set vlan2 up EOF # Move b2 to VLAN 2 # Set br0 as tagged member of both VLANs cat < "$NM-bridge.ip" vlan add vid 2 dev b2 pvid untagged vlan del vid 1 dev b2 vlan add vid 1 dev br0 self vlan add vid 2 dev br0 self EOF ip -force -batch "$NM-topo.ip" bridge -force -batch "$NM-bridge.ip" rm -f "$NM-topo.ip" "$NM-bridge.ip" } # Set up a basic dummy interface topology, # # No IP address assignment is done in topo files, only topology setup. topo_basic() { cat << EOF > "$NM-topo.ip" link add a1 type dummy link set a1 up link set a1 multicast on link add a2 type dummy link set a2 up link set a2 multicast on EOF ip -force -batch "$NM-topo.ip" rm -f "$NM-topo.ip" return 2 } # Same as basic topology, but with more inbound/outbound interfaces. # # No IP address assignment is done in topo files, only topology setup. topo_plus() { cat << EOF > "$NM-topo.ip" link add a1 type dummy link set a1 up link set a1 multicast on link add a2 type dummy link set a2 up link set a2 multicast on link add a3 type dummy link set a3 up link set a3 multicast on link add a4 type dummy link set a4 up link set a4 multicast on link add b1 type dummy link set b1 up link set b1 multicast on link add b2 type dummy link set b2 up link set b2 multicast on link add b3 type dummy link set b3 up link set b3 multicast on link add b4 type dummy link set b4 up link set b4 multicast on EOF ip -force -batch "$NM-topo.ip" rm -f "$NM-topo.ip" } # Set up VLAN interfaces on top of dummy interfaces # shellcheck disable=SC2048 topo_basic_vlan() { num=$1 shift i=1 while [ $i -le "$num" ]; do iface=a$i i=$((i + 1)) for vid in $*; do ip link add "$iface.$vid" link $iface type vlan id "$vid" ip link set "$iface.$vid" up ip link set "$iface.$vid" multicast on done done } topo_isolated() { left="$1" right="$2" lif=$(basename "$left") rif=$(basename "$right") touch "$left" "$right" PID=$$ echo "$left" > "/tmp/$NM/mounts" echo "$right" >> "/tmp/$NM/mounts" unshare --net="$left" -- ip link set lo up nsenter --net="$left" -- ip link add eth0 type veth peer "$lif" nsenter --net="$left" -- ip link set "$lif" netns $PID nsenter --net="$left" -- ip link set eth0 up ip link set "$lif" up unshare --net="$right" -- ip link set lo up nsenter --net="$right" -- ip link add eth0 type veth peer "$rif" nsenter --net="$right" -- ip link set "$rif" netns $PID nsenter --net="$right" -- ip link set eth0 up ip link set "$rif" up } # Same as bridge topology, but with the VETH endpoints constructed # by the isolated topology. We just rename the main namespace's # bridge ports to match. topo_isolated_bridge() { left="$1" right="$2" lif=$(basename "$left") rif=$(basename "$right") topo_isolated "$@" echo "Creating br0, adding $lif and $rif as bridge ports" ip link add br0 type bridge vlan_filtering 1 mcast_snooping 0 ip link set "$lif" master br0 ip link set "$rif" master br0 ip link set br0 up ip link add link br0 vlan1 type vlan id 1 ip link add link br0 vlan2 type vlan id 2 ip link set vlan1 up ip link set vlan2 up bridge vlan add vid 2 dev "$rif" pvid untagged bridge vlan del vid 1 dev "$rif" bridge vlan add vid 1 dev br0 self bridge vlan add vid 2 dev br0 self } # Variant of a variant ... this is the Multi Domain topology. It has # two isolated network namespaces and a shared segment connecting them. # The intention is to emulate network setups where the same base subnet # is reused in many places. So that when interconnecting them a string # of 1:1 NAT operations need to performed. These type of setups are # more common than one might think; factories, train cars, ... tanks. # # Note, the bridge is only used to connect the ends of the VETH pairs. topo_multi() { left="$1" right="$2" lif=$(basename "$left") rif=$(basename "$right") topo_isolated "$@" nsenter --net="$left" -- ip link add eth1 type dummy nsenter --net="$left" -- ip link set eth1 up nsenter --net="$left" -- ip link set eth1 multicast on nsenter --net="$right" -- ip link add eth1 type dummy nsenter --net="$right" -- ip link set eth1 up nsenter --net="$right" -- ip link set eth1 multicast on echo "Creating br0, adding $lif and $rif as bridge ports" ip link add br0 type bridge ip link set "$lif" master br0 ip link set "$rif" master br0 ip link set br0 up } topo_teardown() { if [ -z "$NM" ]; then echo "NM variable unset, skippnig teardown" exit 1 fi if [ -f "/tmp/$NM/pid" ]; then PID=$(cat "/tmp/$NM/pid") kill -9 "$PID" fi # shellcheck disable=SC2162 if [ -f "/tmp/$NM/mounts" ]; then while read ln; do umount "$ln"; rm "$ln"; done < "/tmp/$NM/mounts" fi # shellcheck disable=SC2162 if [ -f "/tmp/$NM/PIDs" ]; then while read ln; do kill "$ln" 2>/dev/null; done < "/tmp/$NM/PIDs" fi ip link del br0 2>/dev/null ip link del a1 2>/dev/null ip link del a2 2>/dev/null ip link del b1 2>/dev/null ip link del b2 2>/dev/null rm -rf "/tmp/$NM" } signal() { echo if [ "$1" != "EXIT" ]; then print "Got signal, cleaning up" fi topo_teardown } # props to https://stackoverflow.com/a/2183063/1708249 trapit() { func="$1" ; shift for sig ; do trap "$func $sig" "$sig" done } topo() { if [ $# -lt 1 ]; then print "Too few arguments to topo()" exit 1 fi t=$1 shift case "$t" in bridge) topo_bridge ;; basic) topo_basic num=$? case "$1" in vlan) shift topo_basic_vlan $num "$@" ;; esac ;; isolated) case "$1" in bridge) shift topo_isolated_bridge "$@" ;; *) topo_isolated "$@" ;; esac ;; multi) topo_multi "$@" ;; plus) topo_plus ;; teardown) topo_teardown ;; *) print "No such topology: $t" exit 1 ;; esac } # Runs once when including lib.sh mkdir "/tmp/$NM" touch "/tmp/$NM/PIDs" trapit signal INT TERM QUIT EXIT ================================================ FILE: test/lost.sh ================================================ #!/bin/sh # Verify handling when IIF for an (S,G) is changed or lost #set -x check_output() { echo "ip mroute:" ip mroute ip mroute |tee "/tmp/$NM/result" | grep -q "$2" oif=$? grep -q "$1" "/tmp/$NM/result" iif=$? # shellcheck disable=SC2166 [ "$oif" = "0" -a "$iif" = "0" ] || FAIL } # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip -br a print "Creating config #1 ..." cat < "/tmp/$NM/conf" phyint a1 enable phyint a2 enable mgroup from a1 group 225.1.2.3 mroute from a1 group 225.1.2.3 to a2 mgroup from a2 group 225.1.2.4 mroute from a2 source 1.2.3.4 group 225.1.2.4 to a1 mgroup from a1 group 225.2.2.5 mroute from a1 group 225.2.2.5 to a1 mgroup from a2 group 225.1.2.6 mroute from a2 source 1.2.3.5 group 225.1.2.6 to a1 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -N -n -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 cat /proc/net/ip_mr_vif cat /proc/net/ip_mr_cache ../src/smcroutectl -pu "/tmp/$NM/sock" show groups show_mroute check_output "(1.2.3.4,225.1.2.4) Iif: a2 Oifs: a1" print "Creating config #2 ..." cat < "/tmp/$NM/conf" phyint a1 enable phyint a2 enable mgroup from a1 group 225.1.2.3 mroute from a1 group 225.1.2.3 to a2 mgroup from a1 group 225.1.2.4 mroute from a1 source 1.2.3.4 group 225.1.2.4 to a2 mgroup from a2 group 225.2.2.5 mroute from a2 group 225.2.2.5 to a1 mgroup from a2 group 225.1.2.6 mroute from a2 source 1.2.3.5 group 225.1.2.6 to a1 EOF cat "/tmp/$NM/conf" ../src/smcroutectl -u "/tmp/$NM/sock" reload sleep 1 check_output "(1.2.3.4,225.1.2.4) Iif: a1 Oifs: a2" print "Deleting and restoring interface a1 => new ifindex ..." ip link del a1 ip link add a1 type dummy ip link set a1 up ip link set a1 multicast on ip addr add 10.0.0.1/24 dev a1 ../src/smcroutectl -u "/tmp/$NM/sock" reload sleep 1 check_output "(1.2.3.4,225.1.2.4) Iif: a1 Oifs: a2" print "Deleting interface a1 ..." ip link del a1 ../src/smcroutectl -u "/tmp/$NM/sock" reload sleep 1 check_output "(1.2.3.5,225.1.2.6) Iif: a2 State: resolved" OK ================================================ FILE: test/mem.sh ================================================ #!/bin/sh # Check for memory leaks with valgrind, should cover the basic use-cases # with a .conf file, reloading said .conf file, and IPC. # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Checking dependencies ..." lsb_release -a uname -a check_dep valgrind print "Creating world ..." topo plus ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip addr add 20.0.0.1/24 dev a3 ip -br l print "Creating config ..." cat < "/tmp/$NM/conf" # basic (*,G) multicast routing phyint a1 enable phyint a3 enable phyint foo0 enable phyint mgroup from a1 source 10.0.0.1 group 225.3.2.1 mroute from a1 source 10.0.0.1 group 225.3.2.1 to a2 foo0 mgroup from a1 group 225.1.2.3 mroute from a1 group 225.1.2.3 to a2 mroute from a3 group 225.1.2.3 to a1 mgroup from b4 group 225.1.2.3 EOF cat "/tmp/$NM/conf" print "Creating background ops ..." cat < "/tmp/$NM/ops.sh" #!/bin/sh sleep 2 ../src/smcroutectl -dp -u "/tmp/$NM/sock" reload sleep 1 ../src/smcroutectl -dp -u "/tmp/$NM/sock" add a1 225.1.2.4 a3 ../src/smcroutectl -dp -u "/tmp/$NM/sock" add a1 10.0.0.1 225.1.2.5 a3 echo ../src/smcroutectl -dp -u "/tmp/$NM/sock" show int echo ../src/smcroutectl -dp -u "/tmp/$NM/sock" show gr echo ../src/smcroutectl -dp -u "/tmp/$NM/sock" show ro echo EOF cat "/tmp/$NM/ops.sh" chmod +x "/tmp/$NM/ops.sh" "/tmp/$NM/ops.sh" & print "Checking for memory leaks ..." valgrind -s --leak-check=full --show-leak-kinds=all --log-file="/tmp/$NM/valgrind.log" ../src/smcrouted -f "/tmp/$NM/conf" -n -N -l debug -P "/tmp/$NM/pid" -u "/tmp/$NM/sock" -D 5 rc=$? cat "/tmp/$NM/valgrind.log" >> "/tmp/$NM/log" wait [ $rc -eq 0 ] || FAIL "Failed starting valgrind, return code $rc" if ! grep -q "no leaks are possible" "/tmp/$NM/log"; then cat "/tmp/$NM/valgrind.log" FAIL "Leaks detected." fi OK ================================================ FILE: test/mrcache.sh ================================================ #!/bin/sh # Verifies both IPv4 and IPv6 (S,G) add, including remove route via IPC bites in kernel. # Twist: uses only one interface, inteded to mimic Debian tests. #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" debug() { echo "/proc/net/ip_mr_cache -------------------------------------------------------DEBUG-" cat /proc/net/ip_mr_cache echo "ip mroute -------------------------------------------------------------------DEBUG-" ip mroute echo "smcroutectl -----------------------------------------------------------------DEBUG-" ../src/smcroutectl -pd -u "/tmp/$NM/sock" echo "-----------------------------------------------------------------------------DEBUG/" } check_add() { s=$1 g=$2 input=$3 output=$4 print "Adding IPC route ($s,$g) inbound $input outbound $output ..." ../src/smcroutectl -u "/tmp/$NM/sock" add "$input" "$s" "$g" "$output" # sleep 1 print "Verifying kernel route ($s,$g) Iif: $input Oif: $output ..." # debug ip mroute > "/tmp/$NM/routes" ip -6 mroute >> "/tmp/$NM/routes" sg=$(awk "/$s,$g/{print \$1}" "/tmp/$NM/routes") iif=$(awk "/$s,$g/{print \$3}" "/tmp/$NM/routes") oif=$(awk "/$s,$g/{print \$5}" "/tmp/$NM/routes") state=$(awk "/$s,$g/{print \$7}" "/tmp/$NM/routes") CHECK "$sg" = "($s,$g)" CHECK "$iif" = "$input" CHECK "$oif" = "$output" CHECK "$state" = "resolved" } check_del() { s=$1 g=$2 input=$3 output=$4 print "Removing IPC route ($s,$g) inbound $input outbound $output ..." ../src/smcroutectl -u "/tmp/$NM/sock" del "$input" "$s" "$g" # sleep 1 print "Verifying kernel route for ($s,$g) has been removed ..." #debug ip mroute > "/tmp/$NM/routes2" sg=$(awk "/$s,$g/{print \$1}" "/tmp/$NM/routes2") CHECK -z "$sg" } test_one() { check_add $1 $2 $3 $4 check_del $1 $2 $3 $4 } print "Creating world ..." topo basic ip addr add 10.0.0.1/24 dev a1 ip addr add fc01::1/64 dev a1 ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" # empty EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 test_one 10.0.0.1 224.0.1.20 a1 a1 test_one fc01::1 ff01::114 a1 a1 OK ================================================ FILE: test/mrdisc.sh ================================================ #!/bin/sh # Verifies IPv4 mrdisc messages on all interfaces it is enabled on # Runs for two intervals to ensure interval timer works properly. #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" phyint a1 enable mrdisc phyint a2 enable mrdisc EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" -m 4 & sleep 1 collect a2 -c3 'dst 224.0.0.106' sleep 10 print "Analyzing ..." lines=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 224.0.0.106 | tee "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines for 224.0.0.106 (MRDISC), expected >= 2" # shellcheck disable=SC2086 [ $lines -ge 2 ] && OK FAIL ================================================ FILE: test/multi.sh ================================================ #!/bin/sh # Verify interop between multiple routers and 1:1 NAT. Same subnet and # source IP of multicast emitters. # # netns: R1 netns: R2 # .-------------. .-------------. # | smcrouted | | smcrouted | # | / \ | br0 | / \ | # MC --> eth1 eth0 | / \ | eth0 eth1 <-- MC # | `------' '-------' | # '-------------' 192.168.0.0/24 '-------------' # 10.0.0.0/24 10.0.0.0/24 # # Since we use tshark (because tcpdump doesn't work in an unshare), and # it doesn't seem to be able to dump the Ethernet header, we set the TTL # of the two ping's to different values to be able to separate the two # when inspecting the pcap from br0. # # Note: modern versions of iptables have introduced the xtables.lock file # the default path for it can be overridden from v1.8.7 and later, # a workaround is to `chmod a+rw /var/run/xtables.lock` #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Checking dependencies ..." lsb_release -a uname -a XTABLES_LOCK=$(mktemp -p "/tmp/$NM") export XTABLES_LOCK check_dep unshare -mrun iptables -L 2>/dev/null print "Creating world ..." topo multi R1 R2 # IP world ... nsenter --net=R1 -- ip addr add 192.168.0.10/24 dev eth0 nsenter --net=R1 -- ip addr add 10.0.0.1/24 dev eth1 nsenter --net=R1 -- ip route add 192.168.20.0/24 via 192.168.0.20 nsenter --net=R1 -- iptables -t nat -A PREROUTING -d 192.168.10.0/24 -j NETMAP --to 10.0.0.0/24 nsenter --net=R1 -- iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j NETMAP --to 192.168.10.0/24 nsenter --net=R1 -- ip -br l nsenter --net=R1 -- ip -br a nsenter --net=R2 -- ip addr add 192.168.0.20/24 dev eth0 nsenter --net=R2 -- ip addr add 10.0.0.1/24 dev eth1 nsenter --net=R2 -- ip route add 192.168.10.0/24 via 192.168.0.10 nsenter --net=R2 -- iptables -t nat -A PREROUTING -d 192.168.20.0/24 -j NETMAP --to 10.0.0.0/24 nsenter --net=R2 -- iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j NETMAP --to 192.168.20.0/24 nsenter --net=R2 -- ip -br l nsenter --net=R2 -- ip -br a print "Verifying connectivity ..." printf "R1 (192.168.0.10) " if ! nsenter --net=R1 -- ping -c 3 192.168.20.1; then FAIL "R1: cannot reach ED2 via R2" fi print "Creating config ..." cat <"/tmp/$NM/shared.conf" # shared.conf for both netns phyint eth0 enable phyint eth1 enable mgroup from eth1 group 225.1.2.3 mroute from eth1 group 225.1.2.3 to eth0 # Disable for now, maybe use in another test. With this # disabled we get WRONGVIF messages from the kernel that # can extend this test to verify. #mgroup from eth0 group 225.1.2.3 #mroute from eth0 group 225.1.2.3 to eth1 EOF cat "/tmp/$NM/shared.conf" print "Starting smcrouted instances ..." nsenter --net=R1 -- ../src/smcrouted -f "/tmp/$NM/shared.conf" -n -N -i R1 -l debug -u "/tmp/$NM/R1.sock" & echo $! >> "/tmp/$NM/PIDs" nsenter --net=R2 -- ../src/smcrouted -f "/tmp/$NM/shared.conf" -n -N -i R2 -l debug -u "/tmp/$NM/R2.sock" & echo $! >> "/tmp/$NM/PIDs" sleep 1 collect br0 -c10 'dst 225.1.2.3' print "Starting emitters ..." nsenter --net=R1 -- ping -c 5 -W 1 -I eth1 -t 11 225.1.2.3 > /dev/null & sleep 1 nsenter --net=R2 -- ping -c 5 -W 1 -I eth1 -t 21 225.1.2.3 > /dev/null & sleep 5 print "R1 multicast routes and 1:1 NAT ..." nsenter --net=R1 -- ip mroute nsenter --net=R1 -- ../src/smcroutectl -d -u "/tmp/$NM/R1.sock" nsenter --net=R1 -- iptables -v -L -t nat print "R2 multicast routes and 1:1 NAT ..." nsenter --net=R2 -- ip mroute nsenter --net=R2 -- ../src/smcroutectl -d -u "/tmp/$NM/R2.sock" nsenter --net=R2 -- iptables -v -L -t nat print "Analyzing br0 pcap, data from R1 and R2 ..." lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.3 | grep 'ttl=10' | tee "/tmp/$NM/result" | wc -l) lines2=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.3 | grep 'ttl=20' | tee -a "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines1 for group 225.1.2.3 from R1, expected >= 4" echo " => $lines2 for group 225.1.2.3 from R2, expected >= 4" # Expect one frame loss due to initial (*,G) -> (S,G) route setup # shellcheck disable=SC2086 disable=SC2166 [ $lines1 -ge 4 -a $lines2 -ge 4 ] && OK FAIL ================================================ FILE: test/poison.sh ================================================ #!/bin/sh # Verify stop-filter, or "poison pill", routes for non-matching routes, # and that they do not affect flows from matching routes. check_output() { if ! ip $1 mroute | grep -q "$2"; then FAIL "Did not even register $2" fi if ip $1 mroute | grep -q "$2" | grep -q "$3"; then FAIL "No stop-filter route set for $2" fi } # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo plus ip -d l ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip addr add 30.0.0.1/24 dev b3 ip addr add 2001:1::1/64 dev a1 ip addr add fc00::42/64 dev a1 ip addr add 2001:2::1/64 dev a2 ip addr add 2001:3::1/64 dev b3 ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" # basic (*,G/LEN) multicast routing phyint a1 enable phyint a2 enable phyint b3 enable mroute from a1 group 225.1.2.3/24 to b3 mroute from a2 group 225.1.2.3/24 to b3 mroute from a1 group ff2e::42/121 to b3 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 collect b3 -c15 'dst 225.1.2.1 or dst ff2e::42' ip -d l ip -br a print "Starting emitter ..." ping -c 3 -W 1 -I b3 -t 2 225.1.2.1 >/dev/null ping -c 3 -W 1 -I a2 -t 2 225.1.2.1 >/dev/null ping -c 3 -W 1 -I a1 -t 2 225.1.2.1 >/dev/null ping -6 -c 3 -W 1 -I b3 -t 2 ff2e::42 >/dev/null ping -6 -c 3 -W 1 -I fc00::42 -t 2 ff2e::42 >/dev/null show_mroute print "Analyzing ..." check_output -4 "(30.0.0.1,225.1.2.1)" "Oifs: b3" check_output -6 "(2001:3::1,ff2e::42)" "Oifs: b3" lines1=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep 225.1.2.1 | tee "/tmp/$NM/result" | wc -l) lines2=$(tshark -r "/tmp/$NM/pcap" 2>/dev/null | grep ff2e::42 | tee -a "/tmp/$NM/result" | wc -l) cat "/tmp/$NM/result" echo " => $lines1 for 225.1.2.1, expected >= 7" echo " => $lines2 for ff2e::42, expected >= 5" ########################################################################### DONE # Expect one frame lost due to initial (*,G) -> (S,G) route setup # shellcheck disable=SC2166 disable=SC2086 [ $lines1 -ge 7 -a $lines2 -ge 5 ] && OK FAIL ================================================ FILE: test/reload.sh ================================================ #!/bin/sh # Verifies SIGHUP/reload functionality # XXX: add group verification as well #set -x check_output() { echo "ip mroute:" ip mroute ip mroute |tee "/tmp/$NM/result" | grep -q "$2" oif=$? grep -q "$1" "/tmp/$NM/result" iif=$? # shellcheck disable=SC2166 [ "$oif" = "0" -a "$iif" = "0" ] || FAIL } # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo plus ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip addr add 30.0.0.1/24 dev a3 ip addr add 40.0.0.1/24 dev a4 ip addr add 50.0.0.1/24 dev b1 ip addr add 60.0.0.1/24 dev b2 ip addr add 70.0.0.1/24 dev b3 ip addr add 80.0.0.1/24 dev b4 ip -br a print "Creating config #1 ..." cat < "/tmp/$NM/conf" phyint a1 enable phyint b1 enable phyint b3 enable mgroup from a1 source 10.0.0.1 group 225.3.2.1 mroute from a1 source 10.0.0.1 group 225.3.2.1 to b1 b3 mgroup from a1 group 225.1.2.3 mroute from a1 group 225.1.2.3 to b1 mroute from a1 group 225.1.2.4 to b1 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -N -n -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 cat /proc/net/ip_mr_vif cat /proc/net/ip_mr_cache ../src/smcroutectl -pu "/tmp/$NM/sock" show groups show_mroute check_output "Iif: a1" "Oifs: b1 b3" print "Creating config #2 ..." cat < "/tmp/$NM/conf" phyint a1 enable ttl-threshold 1 phyint a3 enable ttl-threshold 3 phyint b2 enable ttl-threshold 2 phyint b3 enable ttl-threshold 3 phyint b4 enable ttl-threshold 4 mgroup from a1 source 10.0.0.1 group 225.3.2.1 mroute from a1 source 10.0.0.1 group 225.3.2.1 to b2 b3 mgroup from a3 group 225.1.2.4 mroute from a3 group 225.1.2.4 to b3 b4 EOF cat "/tmp/$NM/conf" ../src/smcroutectl -u "/tmp/$NM/sock" reload sleep 1 cat /proc/net/ip_mr_vif cat /proc/net/ip_mr_cache ../src/smcroutectl -pu "/tmp/$NM/sock" show groups show_mroute check_output "Iif: a1" "Oifs: b3(ttl 3) b2(ttl 2)" print "Updating route from smcroutectl ..." ../src/smcroutectl -u "/tmp/$NM/sock" add a1 10.0.0.1 225.3.2.1 b4 show_mroute check_output "Iif: a1" "Oifs: b3(ttl 3) b2(ttl 2) b4(ttl 4)" OK ================================================ FILE: test/reload6.sh ================================================ #!/bin/sh # Verifies SIGHUP/reload functionality # XXX: add group verification as well #set -x check_output() { ip -6 mroute |tee "/tmp/$NM/result" | grep -q "$2" oif=$? grep -q "$1" "/tmp/$NM/result" iif=$? # shellcheck disable=SC2166 [ "$oif" = "0" -a "$iif" = "0" ] || FAIL } # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo plus ip addr add 2001:1::1/64 dev a1 ip addr add 2001:2::1/64 dev a2 ip addr add 2001:3::1/64 dev a3 ip addr add 2001:4::1/64 dev a4 ip addr add 2001:5::1/64 dev b1 ip addr add 2001:6::1/64 dev b2 ip addr add 2001:7::1/64 dev b3 ip addr add 2001:8::1/64 dev b4 ip -br a print "Creating config #1 ..." cat < "/tmp/$NM/conf" phyint a1 enable ttl-threshold 1 phyint b1 enable ttl-threshold 1 phyint b3 enable ttl-threshold 3 mgroup from a1 source fc00::1 group ff2e::42 mroute from a1 source fc00::1 group ff2e::42 to b1 b3 mgroup from a1 group ff2e::43 mroute from a1 group ff2e::43 to b1 mroute from a1 group ff2e::44 to b1 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -N -n -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 ../src/smcroutectl -pu "/tmp/$NM/sock" show groups ip -6 maddr cat /proc/net/ip6_mr_vif show_mroute check_output "Iif: a1" "Oifs: b1 b3" print "Creating config #2 ..." cat < "/tmp/$NM/conf" phyint a1 enable ttl-threshold 1 phyint a3 enable ttl-threshold 3 phyint b2 enable ttl-threshold 2 phyint b3 enable ttl-threshold 3 phyint b4 enable ttl-threshold 4 mgroup from a1 source fc00::1 group ff2e::42 mroute from a1 source fc00::1 group ff2e::42 to b2 b3 mgroup from a3 group ff2e::44 mroute from a3 group ff2e::44 to b3 b4 EOF cat "/tmp/$NM/conf" ../src/smcroutectl -u "/tmp/$NM/sock" reload sleep 1 ../src/smcroutectl -pu "/tmp/$NM/sock" show groups ip -6 maddr cat /proc/net/ip6_mr_vif show_mroute check_output "Iif: a1" "Oifs: b3 b2" print "Updating route from smcroutectl ..." ../src/smcroutectl -u "/tmp/$NM/sock" add a1 fc00::1 ff2e::42 b4 show_mroute check_output "Iif: a1" "Oifs: b3 b2 b4" OK ================================================ FILE: test/vlan.sh ================================================ #!/bin/sh # Verify IPv4 (*,G) routing on top of VLAN interfaces #set -x # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic vlan 100 110 ip addr add 10.100.0.1/24 dev a1.100 ip addr add 10.110.0.1/24 dev a1.110 ip addr add 20.100.0.1/24 dev a2.100 ip addr add 20.110.0.1/24 dev a2.110 ip -br a print "Creating config ..." cat < "/tmp/$NM/conf" # vlan (*,G) multicast routing phyint a1.100 enable phyint a1.110 enable phyint a2.110 enable mroute from a1.100 group 225.1.2.3 to a1.110 a2.110 mroute from a2.110 group 225.3.2.1 to a1.110 a1.100 EOF cat "/tmp/$NM/conf" print "Starting smcrouted ..." ../src/smcrouted -f "/tmp/$NM/conf" -n -N -P "/tmp/$NM/pid" -l debug -u "/tmp/$NM/sock" & sleep 1 print "Starting collectors ..." tshark -c 6 -lni a1.110 -w "/tmp/$NM/pcap1" 'icmp and (dst 225.1.2.3 or dst 225.3.2.1)' 2>/dev/null & echo $! >> "/tmp/$NM/PIDs" tshark -c 3 -lni a2.110 -w "/tmp/$NM/pcap2" 'icmp and dst 225.1.2.3' 2>/dev/null & echo $! >> "/tmp/$NM/PIDs" tshark -c 3 -lni a1.100 -w "/tmp/$NM/pcap3" 'icmp and dst 225.3.2.1' 2>/dev/null & echo $! >> "/tmp/$NM/PIDs" sleep 1 print "Starting emitters ..." ping -c 3 -W 1 -I a1.100 -t 2 225.1.2.3 >/dev/null ping -c 3 -W 1 -I a2.110 -t 2 225.3.2.1 >/dev/null show_mroute print "Analyzing ..." lines1=$(tshark -r "/tmp/$NM/pcap1" 2>/dev/null | grep 225.1.2.3 | tee "/tmp/$NM/result1" | wc -l) lines2=$(tshark -r "/tmp/$NM/pcap1" 2>/dev/null | grep 225.3.2.1 | tee -a "/tmp/$NM/result1" | wc -l) lines3=$(tshark -r "/tmp/$NM/pcap2" 2>/dev/null | grep 225.1.2.3 | tee "/tmp/$NM/result2" | wc -l) lines4=$(tshark -r "/tmp/$NM/pcap3" 2>/dev/null | grep 225.3.2.1 | tee "/tmp/$NM/result3" | wc -l) echo "Receieved on a1.110, expected >=2 pkt of 225.1.2.3 and >=2 pkt 225.3.2.1:" cat "/tmp/$NM/result1" echo "Receieved on a2.110, expected >=2 pkt of 225.1.2.3:" cat "/tmp/$NM/result2" echo "Receieved on a1.100, expected >=2 pkt of 225.3.2.1:" cat "/tmp/$NM/result3" ########################################################################### DONE # one frame lost due to initial (*,G) -> (S,G) setup # shellcheck disable=SC2086 disable=SC2166 [ $lines1 -ge 2 -a $lines2 -ge 2 -a $lines3 -ge 2 -a $lines4 -ge 2 ] && OK FAIL ================================================ FILE: test/vrfy.sh ================================================ #!/bin/sh # Limited verifier of the smcrouted .conf file checker # shellcheck source=/dev/null . "$(dirname "$0")/lib.sh" print "Creating world ..." topo basic ip addr add 10.0.0.1/24 dev a1 ip addr add 20.0.0.1/24 dev a2 ip -br l print "Creating config ..." cat < "/tmp/$NM/conf" # basic (*,G) multicast routing phyint a1 enable phyint a3 enable phyint mgroup from a1 source 10.0.0.1 group 225.3.2.1 mroute from a1 source 10.0.0.1 group 225.3.2.1 to a2 a3 mgroup from a1 group 225.1.2.3 mroute from a1 group 225.1.2.3 to a2 mroute from a3 group 225.1.2.3 to a1 mgroup from b4 group 225.1.2.3 EOF cat "/tmp/$NM/conf" print "Verifying config ..." ../src/smcrouted -N -F "/tmp/$NM/conf" -l info rc=$? echo "Return code: $rc" [ $rc -eq 78 ] && OK FAIL