| Lorenzo Colitti | eb92f48 | 2019-01-04 14:59:11 +0900 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 2018 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | * |
| 16 | * main.c - main function |
| 17 | */ |
| 18 | |
| 19 | #include <errno.h> |
| 20 | #include <netinet/in.h> |
| 21 | #include <stdint.h> |
| 22 | #include <stdlib.h> |
| 23 | #include <string.h> |
| 24 | #include <sys/capability.h> |
| 25 | #include <unistd.h> |
| 26 | |
| 27 | #include "resolv_netid.h" |
| 28 | |
| 29 | #include "clatd.h" |
| 30 | #include "common.h" |
| 31 | #include "config.h" |
| 32 | #include "logging.h" |
| 33 | #include "setif.h" |
| 34 | #include "tun.h" |
| 35 | |
| 36 | #define DEVICEPREFIX "v4-" |
| 37 | |
| 38 | /* function: print_help |
| 39 | * in case the user is running this on the command line |
| 40 | */ |
| 41 | void print_help() { |
| 42 | printf("android-clat arguments:\n"); |
| 43 | printf("-i [uplink interface]\n"); |
| 44 | printf("-p [plat prefix]\n"); |
| 45 | printf("-n [NetId]\n"); |
| 46 | printf("-m [socket mark]\n"); |
| 47 | } |
| 48 | |
| 49 | /* function: main |
| 50 | * allocate and setup the tun device, then run the event loop |
| 51 | */ |
| 52 | int main(int argc, char **argv) { |
| 53 | struct tun_data tunnel; |
| 54 | int opt; |
| 55 | char *uplink_interface = NULL, *plat_prefix = NULL, *net_id_str = NULL, *mark_str = NULL; |
| 56 | unsigned net_id = NETID_UNSET; |
| 57 | uint32_t mark = MARK_UNSET; |
| 58 | unsigned len; |
| 59 | |
| 60 | while ((opt = getopt(argc, argv, "i:p:n:m:h")) != -1) { |
| 61 | switch (opt) { |
| 62 | case 'i': |
| 63 | uplink_interface = optarg; |
| 64 | break; |
| 65 | case 'p': |
| 66 | plat_prefix = optarg; |
| 67 | break; |
| 68 | case 'n': |
| 69 | net_id_str = optarg; |
| 70 | break; |
| 71 | case 'm': |
| 72 | mark_str = optarg; |
| 73 | break; |
| 74 | case 'h': |
| 75 | print_help(); |
| 76 | exit(0); |
| 77 | default: |
| 78 | logmsg(ANDROID_LOG_FATAL, "Unknown option -%c. Exiting.", (char)optopt); |
| 79 | exit(1); |
| 80 | } |
| 81 | } |
| 82 | |
| 83 | if (uplink_interface == NULL) { |
| 84 | logmsg(ANDROID_LOG_FATAL, "clatd called without an interface"); |
| 85 | exit(1); |
| 86 | } |
| 87 | |
| 88 | if (net_id_str != NULL && !parse_unsigned(net_id_str, &net_id)) { |
| 89 | logmsg(ANDROID_LOG_FATAL, "invalid NetID %s", net_id_str); |
| 90 | exit(1); |
| 91 | } |
| 92 | |
| 93 | if (mark_str != NULL && !parse_unsigned(mark_str, &mark)) { |
| 94 | logmsg(ANDROID_LOG_FATAL, "invalid mark %s", mark_str); |
| 95 | exit(1); |
| 96 | } |
| 97 | |
| 98 | len = snprintf(tunnel.device4, sizeof(tunnel.device4), "%s%s", DEVICEPREFIX, uplink_interface); |
| 99 | if (len >= sizeof(tunnel.device4)) { |
| 100 | logmsg(ANDROID_LOG_FATAL, "interface name too long '%s'", tunnel.device4); |
| 101 | exit(1); |
| 102 | } |
| 103 | |
| 104 | logmsg(ANDROID_LOG_INFO, "Starting clat version %s on %s netid=%s mark=%s", CLATD_VERSION, |
| 105 | uplink_interface, net_id_str ? net_id_str : "(none)", mark_str ? mark_str : "(none)"); |
| 106 | |
| 107 | // run under a regular user but keep needed capabilities |
| 108 | drop_root_but_keep_caps(); |
| 109 | |
| 110 | // open our raw sockets before dropping privs |
| 111 | open_sockets(&tunnel, mark); |
| 112 | |
| 113 | // keeps only admin capability |
| 114 | set_capability(1 << CAP_NET_ADMIN); |
| 115 | |
| 116 | // we can create tun devices as non-root because we're in the VPN group. |
| 117 | tunnel.fd4 = tun_open(); |
| 118 | if (tunnel.fd4 < 0) { |
| 119 | logmsg(ANDROID_LOG_FATAL, "tun_open4 failed: %s", strerror(errno)); |
| 120 | exit(1); |
| 121 | } |
| 122 | |
| 123 | // When run from netd, the environment variable ANDROID_DNS_MODE is set to |
| 124 | // "local", but that only works for the netd process itself. Removing the |
| 125 | // following line causes XLAT failure in permissive mode. |
| 126 | unsetenv("ANDROID_DNS_MODE"); |
| 127 | |
| 128 | configure_interface(uplink_interface, plat_prefix, &tunnel, net_id); |
| 129 | |
| 130 | update_clat_ipv6_address(&tunnel, uplink_interface); |
| 131 | |
| 132 | // Loop until someone sends us a signal or brings down the tun interface. |
| 133 | if (signal(SIGTERM, stop_loop) == SIG_ERR) { |
| 134 | logmsg(ANDROID_LOG_FATAL, "sigterm handler failed: %s", strerror(errno)); |
| 135 | exit(1); |
| 136 | } |
| 137 | |
| 138 | event_loop(&tunnel); |
| 139 | |
| 140 | logmsg(ANDROID_LOG_INFO, "Shutting down clat on %s", uplink_interface); |
| 141 | del_anycast_address(tunnel.write_fd6, &Global_Clatd_Config.ipv6_local_subnet); |
| 142 | |
| 143 | return 0; |
| 144 | } |