woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

net: convert net::connToText to std::string

Browse Source
This commit is contained in:
Robert Swiecki 2018-02-11 00:17:44 +01:00
parent b7f0acb021
commit 55e8e09c4a
4 changed files with 40 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
net.cc
View File

@ -39,6 +39,8 @@
#include <sys/types.h>
#include <unistd.h>
#include <string>
#include "logs.h"
#include "subproc.h"
@ -161,8 +163,7 @@ bool limitConns(nsjconf_t* nsjconf, int connsock) {
}
struct sockaddr_in6 addr;
char cs_addr[64];
connToText(connsock, true /* remote */, cs_addr, sizeof(cs_addr), &addr);
auto connstr = connToText(connsock, true /* remote */, &addr);
unsigned cnt = 0;
for (const auto& pid : nsjconf->pids) {
@ -172,7 +173,7 @@ bool limitConns(nsjconf_t* nsjconf, int connsock) {
}
}
if (cnt >= nsjconf->max_conns_per_ip) {
LOG_W("Rejecting connection from '%s', max_conns_per_ip limit reached: %u", cs_addr,
LOG_W("Rejecting connection from '%s', max_conns_per_ip limit reached: %u", connstr.c_str(),
nsjconf->max_conns_per_ip);
return false;
}
@ -231,9 +232,8 @@ int getRecvSocket(const char* bindhost, int port) {
return -1;
}
char ss_addr[64];
connToText(sockfd, false /* remote */, ss_addr, sizeof(ss_addr), NULL);
LOG_I("Listening on %s", ss_addr);
auto connstr = connToText(sockfd, false /* remote */, NULL);
LOG_I("Listening on %s", connstr.c_str());
return sockfd;
}
@ -249,18 +249,18 @@ int acceptConn(int listenfd) {
return -1;
}
char cs_addr[64], ss_addr[64];
connToText(connfd, true /* remote */, cs_addr, sizeof(cs_addr), NULL);
connToText(connfd, false /* remote */, ss_addr, sizeof(ss_addr), NULL);
LOG_I("New connection from: %s on: %s", cs_addr, ss_addr);
auto connremotestr = connToText(connfd, true /* remote */, NULL);
auto connlocalstr = connToText(connfd, false /* remote */, NULL);
LOG_I("New connection from: %s on: %s", connremotestr.c_str(), connlocalstr.c_str());
return connfd;
}
void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* addr_or_null) {
if (isSocket(fd) == false) {
snprintf(buf, s, "[STANDALONE_MODE]");
return;
const std::string connToText(int fd, bool remote, struct sockaddr_in6* addr_or_null) {
std::string res;
if (!isSocket(fd)) {
return "[STANDALONE MODE]";
}
struct sockaddr_in6 addr;
@ -268,14 +268,12 @@ void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* a
if (remote) {
if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) == -1) {
PLOG_W("getpeername(%d)", fd);
snprintf(buf, s, "[unknown]");
return;
return "[unknown]";
}
} else {
if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) == -1) {
PLOG_W("getsockname(%d)", fd);
snprintf(buf, s, "[unknown]");
return;
return "[unknown]";
}
}
@ -283,14 +281,17 @@ void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* a
memcpy(addr_or_null, &addr, sizeof(*addr_or_null));
}
char tmp[s];
if (inet_ntop(AF_INET6, addr.sin6_addr.s6_addr, tmp, s) == NULL) {
char addrstr[128];
if (!inet_ntop(AF_INET6, addr.sin6_addr.s6_addr, addrstr, sizeof(addrstr))) {
PLOG_W("inet_ntop()");
snprintf(buf, s, "[unknown]:%hu", ntohs(addr.sin6_port));
return;
snprintf(addrstr, sizeof(addrstr), "[unknown](%s)", strerror(errno));
}
snprintf(buf, s, "[%s]:%hu", tmp, ntohs(addr.sin6_port));
return;
res.append("[");
res.append(addrstr);
res.append("]:");
res.append(std::to_string(ntohs(addr.sin6_port)));
return res;
}
static bool ifaceUp(const char* ifacename) {

4
net.h
View File

@ -25,6 +25,8 @@
#include <stdbool.h>
#include <stddef.h>
#include <string>
#include "nsjail.h"
namespace net {
@ -32,7 +34,7 @@ namespace net {
bool limitConns(nsjconf_t* nsjconf, int connsock);
int getRecvSocket(const char* bindhost, int port);
int acceptConn(int listenfd);
void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* addr_or_null);
const std::string connToText(int fd, bool remote, struct sockaddr_in6* addr_or_null);
bool initNsFromParent(nsjconf_t* nsjconf, int pid);
bool initNsFromChild(nsjconf_t* nsjconf);

2
nsjail.h
View File

@ -49,7 +49,7 @@ static const int nssigs[] = {
struct pids_t {
pid_t pid;
time_t start;
char remote_txt[64];
std::string remote_txt;
struct sockaddr_in6 remote_addr;
int pid_syscall_fd;
};

26
subproc.cc
View File

@ -165,9 +165,8 @@ static int subprocNewProc(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err,
putenv(const_cast<char*>(env.c_str()));
}
char cs_addr[64];
net::connToText(fd_in, true /* remote */, cs_addr, sizeof(cs_addr), NULL);
LOG_I("Executing '%s' for '%s'", nsjconf->exec_file, cs_addr);
auto connstr = net::connToText(fd_in, /* remote= */ true, NULL);
LOG_I("Executing '%s' for '%s'", nsjconf->exec_file, connstr.c_str());
for (size_t i = 0; nsjconf->argv[i]; i++) {
LOG_D(" Arg[%zu]: '%s'", i, nsjconf->argv[i]);
@ -196,11 +195,10 @@ static int subprocNewProc(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err,
static void addProc(nsjconf_t* nsjconf, pid_t pid, int sock) {
pids_t p;
p.pid = pid;
p.start = time(NULL);
net::connToText(
sock, true /* remote */, p.remote_txt, sizeof(p.remote_txt), &p.remote_addr);
p.remote_txt = net::connToText(sock, /* remote= */ true, &p.remote_addr);
char fname[PATH_MAX];
snprintf(fname, sizeof(fname), "/proc/%d/syscall", (int)pid);
@ -209,14 +207,14 @@ static void addProc(nsjconf_t* nsjconf, pid_t pid, int sock) {
nsjconf->pids.push_back(p);
LOG_D("Added pid '%d' with start time '%u' to the queue for IP: '%s'", p.pid,
(unsigned int)p.start, p.remote_txt);
(unsigned int)p.start, p.remote_txt.c_str());
}
static void removeProc(nsjconf_t* nsjconf, pid_t pid) {
for (auto p = nsjconf->pids.begin(); p != nsjconf->pids.end(); ++p) {
if (p->pid == pid) {
LOG_D("Removing pid '%d' from the queue (IP:'%s', start time:'%s')", p->pid,
p->remote_txt, util::timeToStr(p->start).c_str());
p->remote_txt.c_str(), util::timeToStr(p->start).c_str());
close(p->pid_syscall_fd);
nsjconf->pids.erase(p);
return;
@ -236,7 +234,7 @@ void displayProc(nsjconf_t* nsjconf) {
time_t diff = now - pid.start;
time_t left = nsjconf->tlimit ? nsjconf->tlimit - diff : 0;
LOG_I("PID: %d, Remote host: %s, Run time: %ld sec. (time left: %ld sec.)", pid.pid,
pid.remote_txt, (long)diff, (long)left);
pid.remote_txt.c_str(), (long)diff, (long)left);
}
}
@ -308,7 +306,7 @@ int reapProc(nsjconf_t* nsjconf) {
if (wait4(si.si_pid, &status, WNOHANG, NULL) == si.si_pid) {
cgroup::finishFromParent(nsjconf, si.si_pid);
const char* remote_txt = "[UNKNOWN]";
std::string remote_txt = "[UNKNOWN]";
const pids_t* elem = getPidElem(nsjconf, si.si_pid);
if (elem) {
remote_txt = elem->remote_txt;
@ -316,7 +314,7 @@ int reapProc(nsjconf_t* nsjconf) {
if (WIFEXITED(status)) {
LOG_I("PID: %d (%s) exited with status: %d, (PIDs left: %d)",
si.si_pid, remote_txt, WEXITSTATUS(status),
si.si_pid, remote_txt.c_str(), WEXITSTATUS(status),
countProc(nsjconf) - 1);
removeProc(nsjconf, si.si_pid);
rv = WEXITSTATUS(status) % 100;
@ -327,7 +325,7 @@ int reapProc(nsjconf_t* nsjconf) {
if (WIFSIGNALED(status)) {
LOG_I(
"PID: %d (%s) terminated with signal: %s (%d), (PIDs left: %d)",
si.si_pid, remote_txt, util::sigName(WTERMSIG(status)).c_str(),
si.si_pid, remote_txt.c_str(), util::sigName(WTERMSIG(status)).c_str(),
WTERMSIG(status), countProc(nsjconf) - 1);
removeProc(nsjconf, si.si_pid);
rv = 100 + WTERMSIG(status);
@ -344,7 +342,7 @@ int reapProc(nsjconf_t* nsjconf) {
time_t diff = now - p.start;
if (diff >= nsjconf->tlimit) {
LOG_I("PID: %d run time >= time limit (%ld >= %ld) (%s). Killing it", pid,
(long)diff, (long)nsjconf->tlimit, p.remote_txt);
(long)diff, (long)nsjconf->tlimit, p.remote_txt.c_str());
/*
* Probably a kernel bug - some processes cannot be killed with KILL if
* they're namespaced, and in a stopped state
@ -447,8 +445,6 @@ void runChild(nsjconf_t* nsjconf, int fd_in, int fd_out, int fd_err) {
}
close(parent_fd);
char cs_addr[64];
net::connToText(fd_in, true /* remote */, cs_addr, sizeof(cs_addr), NULL);
}
/*