net: convert net::connToText to std::string
This commit is contained in:
parent
b7f0acb021
commit
55e8e09c4a
49
net.cc
49
net.cc
@ -39,6 +39,8 @@
|
|||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include <string>
|
||||||
|
|
||||||
#include "logs.h"
|
#include "logs.h"
|
||||||
#include "subproc.h"
|
#include "subproc.h"
|
||||||
|
|
||||||
@ -161,8 +163,7 @@ bool limitConns(nsjconf_t* nsjconf, int connsock) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
struct sockaddr_in6 addr;
|
struct sockaddr_in6 addr;
|
||||||
char cs_addr[64];
|
auto connstr = connToText(connsock, true /* remote */, &addr);
|
||||||
connToText(connsock, true /* remote */, cs_addr, sizeof(cs_addr), &addr);
|
|
||||||
|
|
||||||
unsigned cnt = 0;
|
unsigned cnt = 0;
|
||||||
for (const auto& pid : nsjconf->pids) {
|
for (const auto& pid : nsjconf->pids) {
|
||||||
@ -172,7 +173,7 @@ bool limitConns(nsjconf_t* nsjconf, int connsock) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (cnt >= nsjconf->max_conns_per_ip) {
|
if (cnt >= nsjconf->max_conns_per_ip) {
|
||||||
LOG_W("Rejecting connection from '%s', max_conns_per_ip limit reached: %u", cs_addr,
|
LOG_W("Rejecting connection from '%s', max_conns_per_ip limit reached: %u", connstr.c_str(),
|
||||||
nsjconf->max_conns_per_ip);
|
nsjconf->max_conns_per_ip);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -231,9 +232,8 @@ int getRecvSocket(const char* bindhost, int port) {
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
char ss_addr[64];
|
auto connstr = connToText(sockfd, false /* remote */, NULL);
|
||||||
connToText(sockfd, false /* remote */, ss_addr, sizeof(ss_addr), NULL);
|
LOG_I("Listening on %s", connstr.c_str());
|
||||||
LOG_I("Listening on %s", ss_addr);
|
|
||||||
|
|
||||||
return sockfd;
|
return sockfd;
|
||||||
}
|
}
|
||||||
@ -249,18 +249,18 @@ int acceptConn(int listenfd) {
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
char cs_addr[64], ss_addr[64];
|
auto connremotestr = connToText(connfd, true /* remote */, NULL);
|
||||||
connToText(connfd, true /* remote */, cs_addr, sizeof(cs_addr), NULL);
|
auto connlocalstr = connToText(connfd, false /* remote */, NULL);
|
||||||
connToText(connfd, false /* remote */, ss_addr, sizeof(ss_addr), NULL);
|
LOG_I("New connection from: %s on: %s", connremotestr.c_str(), connlocalstr.c_str());
|
||||||
LOG_I("New connection from: %s on: %s", cs_addr, ss_addr);
|
|
||||||
|
|
||||||
return connfd;
|
return connfd;
|
||||||
}
|
}
|
||||||
|
|
||||||
void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* addr_or_null) {
|
const std::string connToText(int fd, bool remote, struct sockaddr_in6* addr_or_null) {
|
||||||
if (isSocket(fd) == false) {
|
std::string res;
|
||||||
snprintf(buf, s, "[STANDALONE_MODE]");
|
|
||||||
return;
|
if (!isSocket(fd)) {
|
||||||
|
return "[STANDALONE MODE]";
|
||||||
}
|
}
|
||||||
|
|
||||||
struct sockaddr_in6 addr;
|
struct sockaddr_in6 addr;
|
||||||
@ -268,14 +268,12 @@ void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* a
|
|||||||
if (remote) {
|
if (remote) {
|
||||||
if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) == -1) {
|
if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) == -1) {
|
||||||
PLOG_W("getpeername(%d)", fd);
|
PLOG_W("getpeername(%d)", fd);
|
||||||
snprintf(buf, s, "[unknown]");
|
return "[unknown]";
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) == -1) {
|
if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) == -1) {
|
||||||
PLOG_W("getsockname(%d)", fd);
|
PLOG_W("getsockname(%d)", fd);
|
||||||
snprintf(buf, s, "[unknown]");
|
return "[unknown]";
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -283,14 +281,17 @@ void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* a
|
|||||||
memcpy(addr_or_null, &addr, sizeof(*addr_or_null));
|
memcpy(addr_or_null, &addr, sizeof(*addr_or_null));
|
||||||
}
|
}
|
||||||
|
|
||||||
char tmp[s];
|
char addrstr[128];
|
||||||
if (inet_ntop(AF_INET6, addr.sin6_addr.s6_addr, tmp, s) == NULL) {
|
if (!inet_ntop(AF_INET6, addr.sin6_addr.s6_addr, addrstr, sizeof(addrstr))) {
|
||||||
PLOG_W("inet_ntop()");
|
PLOG_W("inet_ntop()");
|
||||||
snprintf(buf, s, "[unknown]:%hu", ntohs(addr.sin6_port));
|
snprintf(addrstr, sizeof(addrstr), "[unknown](%s)", strerror(errno));
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
snprintf(buf, s, "[%s]:%hu", tmp, ntohs(addr.sin6_port));
|
|
||||||
return;
|
res.append("[");
|
||||||
|
res.append(addrstr);
|
||||||
|
res.append("]:");
|
||||||
|
res.append(std::to_string(ntohs(addr.sin6_port)));
|
||||||
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool ifaceUp(const char* ifacename) {
|
static bool ifaceUp(const char* ifacename) {
|
||||||
|
4
net.h
4
net.h
@ -25,6 +25,8 @@
|
|||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
|
|
||||||
|
#include <string>
|
||||||
|
|
||||||
#include "nsjail.h"
|
#include "nsjail.h"
|
||||||
|
|
||||||
namespace net {
|
namespace net {
|
||||||
@ -32,7 +34,7 @@ namespace net {
|
|||||||
bool limitConns(nsjconf_t* nsjconf, int connsock);
|
bool limitConns(nsjconf_t* nsjconf, int connsock);
|
||||||
int getRecvSocket(const char* bindhost, int port);
|
int getRecvSocket(const char* bindhost, int port);
|
||||||
int acceptConn(int listenfd);
|
int acceptConn(int listenfd);
|
||||||
void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* addr_or_null);
|
const std::string connToText(int fd, bool remote, struct sockaddr_in6* addr_or_null);
|
||||||
bool initNsFromParent(nsjconf_t* nsjconf, int pid);
|
bool initNsFromParent(nsjconf_t* nsjconf, int pid);
|
||||||
bool initNsFromChild(nsjconf_t* nsjconf);
|
bool initNsFromChild(nsjconf_t* nsjconf);
|
||||||
|
|
||||||
|
2
nsjail.h
2
nsjail.h
@ -49,7 +49,7 @@ static const int nssigs[] = {
|
|||||||
struct pids_t {
|
struct pids_t {
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
time_t start;
|
time_t start;
|
||||||
char remote_txt[64];
|
std::string remote_txt;
|
||||||
struct sockaddr_in6 remote_addr;
|
struct sockaddr_in6 remote_addr;
|
||||||
int pid_syscall_fd;
|
int pid_syscall_fd;
|
||||||
};
|
};
|
||||||
|
26
subproc.cc
26
subproc.cc
@ -165,9 +165,8 @@ static int subprocNewProc(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err,
|
|||||||
putenv(const_cast<char*>(env.c_str()));
|
putenv(const_cast<char*>(env.c_str()));
|
||||||
}
|
}
|
||||||
|
|
||||||
char cs_addr[64];
|
auto connstr = net::connToText(fd_in, /* remote= */ true, NULL);
|
||||||
net::connToText(fd_in, true /* remote */, cs_addr, sizeof(cs_addr), NULL);
|
LOG_I("Executing '%s' for '%s'", nsjconf->exec_file, connstr.c_str());
|
||||||
LOG_I("Executing '%s' for '%s'", nsjconf->exec_file, cs_addr);
|
|
||||||
|
|
||||||
for (size_t i = 0; nsjconf->argv[i]; i++) {
|
for (size_t i = 0; nsjconf->argv[i]; i++) {
|
||||||
LOG_D(" Arg[%zu]: '%s'", i, nsjconf->argv[i]);
|
LOG_D(" Arg[%zu]: '%s'", i, nsjconf->argv[i]);
|
||||||
@ -196,11 +195,10 @@ static int subprocNewProc(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err,
|
|||||||
|
|
||||||
static void addProc(nsjconf_t* nsjconf, pid_t pid, int sock) {
|
static void addProc(nsjconf_t* nsjconf, pid_t pid, int sock) {
|
||||||
pids_t p;
|
pids_t p;
|
||||||
|
|
||||||
p.pid = pid;
|
p.pid = pid;
|
||||||
p.start = time(NULL);
|
p.start = time(NULL);
|
||||||
|
p.remote_txt = net::connToText(sock, /* remote= */ true, &p.remote_addr);
|
||||||
net::connToText(
|
|
||||||
sock, true /* remote */, p.remote_txt, sizeof(p.remote_txt), &p.remote_addr);
|
|
||||||
|
|
||||||
char fname[PATH_MAX];
|
char fname[PATH_MAX];
|
||||||
snprintf(fname, sizeof(fname), "/proc/%d/syscall", (int)pid);
|
snprintf(fname, sizeof(fname), "/proc/%d/syscall", (int)pid);
|
||||||
@ -209,14 +207,14 @@ static void addProc(nsjconf_t* nsjconf, pid_t pid, int sock) {
|
|||||||
nsjconf->pids.push_back(p);
|
nsjconf->pids.push_back(p);
|
||||||
|
|
||||||
LOG_D("Added pid '%d' with start time '%u' to the queue for IP: '%s'", p.pid,
|
LOG_D("Added pid '%d' with start time '%u' to the queue for IP: '%s'", p.pid,
|
||||||
(unsigned int)p.start, p.remote_txt);
|
(unsigned int)p.start, p.remote_txt.c_str());
|
||||||
}
|
}
|
||||||
|
|
||||||
static void removeProc(nsjconf_t* nsjconf, pid_t pid) {
|
static void removeProc(nsjconf_t* nsjconf, pid_t pid) {
|
||||||
for (auto p = nsjconf->pids.begin(); p != nsjconf->pids.end(); ++p) {
|
for (auto p = nsjconf->pids.begin(); p != nsjconf->pids.end(); ++p) {
|
||||||
if (p->pid == pid) {
|
if (p->pid == pid) {
|
||||||
LOG_D("Removing pid '%d' from the queue (IP:'%s', start time:'%s')", p->pid,
|
LOG_D("Removing pid '%d' from the queue (IP:'%s', start time:'%s')", p->pid,
|
||||||
p->remote_txt, util::timeToStr(p->start).c_str());
|
p->remote_txt.c_str(), util::timeToStr(p->start).c_str());
|
||||||
close(p->pid_syscall_fd);
|
close(p->pid_syscall_fd);
|
||||||
nsjconf->pids.erase(p);
|
nsjconf->pids.erase(p);
|
||||||
return;
|
return;
|
||||||
@ -236,7 +234,7 @@ void displayProc(nsjconf_t* nsjconf) {
|
|||||||
time_t diff = now - pid.start;
|
time_t diff = now - pid.start;
|
||||||
time_t left = nsjconf->tlimit ? nsjconf->tlimit - diff : 0;
|
time_t left = nsjconf->tlimit ? nsjconf->tlimit - diff : 0;
|
||||||
LOG_I("PID: %d, Remote host: %s, Run time: %ld sec. (time left: %ld sec.)", pid.pid,
|
LOG_I("PID: %d, Remote host: %s, Run time: %ld sec. (time left: %ld sec.)", pid.pid,
|
||||||
pid.remote_txt, (long)diff, (long)left);
|
pid.remote_txt.c_str(), (long)diff, (long)left);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -308,7 +306,7 @@ int reapProc(nsjconf_t* nsjconf) {
|
|||||||
if (wait4(si.si_pid, &status, WNOHANG, NULL) == si.si_pid) {
|
if (wait4(si.si_pid, &status, WNOHANG, NULL) == si.si_pid) {
|
||||||
cgroup::finishFromParent(nsjconf, si.si_pid);
|
cgroup::finishFromParent(nsjconf, si.si_pid);
|
||||||
|
|
||||||
const char* remote_txt = "[UNKNOWN]";
|
std::string remote_txt = "[UNKNOWN]";
|
||||||
const pids_t* elem = getPidElem(nsjconf, si.si_pid);
|
const pids_t* elem = getPidElem(nsjconf, si.si_pid);
|
||||||
if (elem) {
|
if (elem) {
|
||||||
remote_txt = elem->remote_txt;
|
remote_txt = elem->remote_txt;
|
||||||
@ -316,7 +314,7 @@ int reapProc(nsjconf_t* nsjconf) {
|
|||||||
|
|
||||||
if (WIFEXITED(status)) {
|
if (WIFEXITED(status)) {
|
||||||
LOG_I("PID: %d (%s) exited with status: %d, (PIDs left: %d)",
|
LOG_I("PID: %d (%s) exited with status: %d, (PIDs left: %d)",
|
||||||
si.si_pid, remote_txt, WEXITSTATUS(status),
|
si.si_pid, remote_txt.c_str(), WEXITSTATUS(status),
|
||||||
countProc(nsjconf) - 1);
|
countProc(nsjconf) - 1);
|
||||||
removeProc(nsjconf, si.si_pid);
|
removeProc(nsjconf, si.si_pid);
|
||||||
rv = WEXITSTATUS(status) % 100;
|
rv = WEXITSTATUS(status) % 100;
|
||||||
@ -327,7 +325,7 @@ int reapProc(nsjconf_t* nsjconf) {
|
|||||||
if (WIFSIGNALED(status)) {
|
if (WIFSIGNALED(status)) {
|
||||||
LOG_I(
|
LOG_I(
|
||||||
"PID: %d (%s) terminated with signal: %s (%d), (PIDs left: %d)",
|
"PID: %d (%s) terminated with signal: %s (%d), (PIDs left: %d)",
|
||||||
si.si_pid, remote_txt, util::sigName(WTERMSIG(status)).c_str(),
|
si.si_pid, remote_txt.c_str(), util::sigName(WTERMSIG(status)).c_str(),
|
||||||
WTERMSIG(status), countProc(nsjconf) - 1);
|
WTERMSIG(status), countProc(nsjconf) - 1);
|
||||||
removeProc(nsjconf, si.si_pid);
|
removeProc(nsjconf, si.si_pid);
|
||||||
rv = 100 + WTERMSIG(status);
|
rv = 100 + WTERMSIG(status);
|
||||||
@ -344,7 +342,7 @@ int reapProc(nsjconf_t* nsjconf) {
|
|||||||
time_t diff = now - p.start;
|
time_t diff = now - p.start;
|
||||||
if (diff >= nsjconf->tlimit) {
|
if (diff >= nsjconf->tlimit) {
|
||||||
LOG_I("PID: %d run time >= time limit (%ld >= %ld) (%s). Killing it", pid,
|
LOG_I("PID: %d run time >= time limit (%ld >= %ld) (%s). Killing it", pid,
|
||||||
(long)diff, (long)nsjconf->tlimit, p.remote_txt);
|
(long)diff, (long)nsjconf->tlimit, p.remote_txt.c_str());
|
||||||
/*
|
/*
|
||||||
* Probably a kernel bug - some processes cannot be killed with KILL if
|
* Probably a kernel bug - some processes cannot be killed with KILL if
|
||||||
* they're namespaced, and in a stopped state
|
* they're namespaced, and in a stopped state
|
||||||
@ -447,8 +445,6 @@ void runChild(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
close(parent_fd);
|
close(parent_fd);
|
||||||
char cs_addr[64];
|
|
||||||
net::connToText(fd_in, true /* remote */, cs_addr, sizeof(cs_addr), NULL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
Loading…
Reference in New Issue
Block a user