You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
opentracker/ot_accesslist.c

562 lines
19 KiB
C

/* This software was written by Dirk Engling <erdgeist@erdgeist.org>
It is considered beerware. Prost. Skol. Cheers or whatever.
16 years ago
$id$ */
/* System */
#include <pthread.h>
7 months ago
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
16 years ago
#include <unistd.h>
#ifdef WANT_DYNAMIC_ACCESSLIST
#include <errno.h>
7 months ago
#include <sys/stat.h>
#include <sys/types.h>
#endif
/* Libowfat */
#include "byte.h"
7 months ago
#include "fmt.h"
16 years ago
#include "ip6.h"
#include "mmap.h"
7 months ago
#include "scan.h"
/* Opentracker */
#include "ot_accesslist.h"
#include "ot_vector.h"
7 months ago
#include "trackerlogic.h"
/* GLOBAL VARIABLES */
#ifdef WANT_ACCESSLIST
7 months ago
char *g_accesslist_filename = NULL;
#ifdef WANT_DYNAMIC_ACCESSLIST
7 months ago
char *g_accesslist_pipe_add = NULL;
char *g_accesslist_pipe_delete = NULL;
#endif
static pthread_mutex_t g_accesslist_mutex;
/* Accesslists are lock free linked lists. We can not make them locking, because every announce
would try to acquire the mutex, making it the most contested mutex in the whole of opentracker,
basically creating a central performance choke point.
The idea is that updating the list heads happens under the g_accesslist_mutex guard and is
done atomically, while consumers might potentially still hold pointers deeper inside the list.
Consumers (for now only via accesslist_hashisvalid) will always fetch the list head pointer
that is guaranteed to live for at least five minutes. This should be many orders of magnitudes
more than how long it will be needed by the bsearch done on the list. */
struct ot_accesslist;
typedef struct ot_accesslist ot_accesslist;
struct ot_accesslist {
ot_hash *list;
size_t size;
ot_time base;
ot_accesslist *next;
};
7 months ago
static ot_accesslist *_Atomic g_accesslist = NULL;
#ifdef WANT_DYNAMIC_ACCESSLIST
7 months ago
static ot_accesslist *_Atomic g_accesslist_add = NULL;
static ot_accesslist *_Atomic g_accesslist_delete = NULL;
#endif
/* Helpers to work on access lists */
7 months ago
static int vector_compare_hash(const void *hash1, const void *hash2) { return memcmp(hash1, hash2, OT_HASH_COMPARE_SIZE); }
7 months ago
static ot_accesslist *accesslist_free(ot_accesslist *accesslist) {
while (accesslist) {
7 months ago
ot_accesslist *this_accesslist = accesslist;
accesslist = this_accesslist->next;
free(this_accesslist->list);
free(this_accesslist);
}
return NULL;
}
7 months ago
static ot_accesslist *accesslist_make(ot_accesslist *next, size_t size) {
ot_accesslist *accesslist_new = malloc(sizeof(ot_accesslist));
if (accesslist_new) {
accesslist_new->list = size ? malloc(sizeof(ot_hash) * size) : NULL;
accesslist_new->size = size;
accesslist_new->base = g_now_minutes;
accesslist_new->next = next;
if (size && !accesslist_new->list) {
free(accesslist_new);
accesslist_new = NULL;
}
}
return accesslist_new;
}
/* This must be called with g_accesslist_mutex held.
This will never delete head, because that might still be in use. */
static void accesslist_clean(ot_accesslist *accesslist) {
while (accesslist && accesslist->next) {
if (accesslist->next->base + 5 < g_now_minutes)
accesslist->next = accesslist_free(accesslist->next);
accesslist = accesslist->next;
}
}
/* Read initial access list */
7 months ago
static void accesslist_readfile(void) {
ot_accesslist *accesslist_new;
ot_hash *info_hash;
const char *map, *map_end, *read_offs;
size_t maplen;
if ((map = mmap_read(g_accesslist_filename, &maplen)) == NULL) {
char *wd = getcwd(NULL, 0);
fprintf(stderr, "Warning: Can't open accesslist file: %s (but will try to create it later, if necessary and possible).\nPWD: %s\n", g_accesslist_filename, wd);
free(wd);
return;
}
/* You need at least 41 bytes to pass an info_hash, make enough room
for the maximum amount of them */
accesslist_new = accesslist_make(g_accesslist, maplen / 41);
7 months ago
if (!accesslist_new) {
fprintf(stderr, "Warning: Not enough memory to allocate %zd bytes for accesslist buffer. May succeed later.\n", (maplen / 41) * 20);
mmap_unmap(map, maplen);
return;
}
info_hash = accesslist_new->list;
/* No use to scan if there's not enough room for another full info_hash */
7 months ago
map_end = map + maplen - 40;
read_offs = map;
/* We do ignore anything that is not of the form "^[:xdigit:]{40}[^:xdigit:].*" */
7 months ago
while (read_offs <= map_end) {
int i;
7 months ago
for (i = 0; i < (int)sizeof(ot_hash); ++i) {
int eger1 = scan_fromhex((unsigned char)read_offs[2 * i]);
int eger2 = scan_fromhex((unsigned char)read_offs[1 + 2 * i]);
if (eger1 < 0 || eger2 < 0)
break;
(*info_hash)[i] = (uint8_t)(eger1 * 16 + eger2);
}
7 months ago
if (i == sizeof(ot_hash)) {
read_offs += 40;
/* Append accesslist to accesslist vector */
7 months ago
if (read_offs == map_end || scan_fromhex((unsigned char)*read_offs) < 0)
++info_hash;
}
/* Find start of next line */
7 months ago
while (read_offs <= map_end && *(read_offs++) != '\n')
;
}
#ifdef _DEBUG
7 months ago
fprintf(stderr, "Added %zd info_hashes to accesslist\n", (size_t)(info_hash - accesslist_new->list));
#endif
7 months ago
mmap_unmap(map, maplen);
7 months ago
qsort(accesslist_new->list, info_hash - accesslist_new->list, sizeof(*info_hash), vector_compare_hash);
accesslist_new->size = info_hash - accesslist_new->list;
/* Now exchange the accesslist vector in the least race condition prone way */
pthread_mutex_lock(&g_accesslist_mutex);
accesslist_new->next = g_accesslist;
7 months ago
g_accesslist = accesslist_new; /* Only now set a new list */
#ifdef WANT_DYNAMIC_ACCESSLIST
/* If we have dynamic accesslists, reloading a new one will always void the add/delete lists.
Insert empty ones at the list head */
if (g_accesslist_add && (accesslist_new = accesslist_make(g_accesslist_add, 0)) != NULL)
7 months ago
g_accesslist_add = accesslist_new;
if (g_accesslist_delete && (accesslist_new = accesslist_make(g_accesslist_delete, 0)) != NULL)
7 months ago
g_accesslist_delete = accesslist_new;
#endif
accesslist_clean(g_accesslist);
pthread_mutex_unlock(&g_accesslist_mutex);
}
7 months ago
int accesslist_hashisvalid(ot_hash hash) {
/* Get working copy of current access list */
7 months ago
ot_accesslist *accesslist = g_accesslist;
#ifdef WANT_DYNAMIC_ACCESSLIST
7 months ago
ot_accesslist *accesslist_add, *accesslist_delete;
#endif
7 months ago
void *exactmatch = NULL;
if (accesslist)
7 months ago
exactmatch = bsearch(hash, accesslist->list, accesslist->size, OT_HASH_COMPARE_SIZE, vector_compare_hash);
#ifdef WANT_DYNAMIC_ACCESSLIST
/* If we had no match on the main list, scan the list of dynamically added hashes */
accesslist_add = g_accesslist_add;
if ((exactmatch == NULL) && accesslist_add)
7 months ago
exactmatch = bsearch(hash, accesslist_add->list, accesslist_add->size, OT_HASH_COMPARE_SIZE, vector_compare_hash);
/* If we found a matching hash on the main list, scan the list of dynamically deleted hashes */
accesslist_delete = g_accesslist_delete;
7 months ago
if ((exactmatch != NULL) && accesslist_delete && bsearch(hash, accesslist_add->list, accesslist_add->size, OT_HASH_COMPARE_SIZE, vector_compare_hash))
exactmatch = NULL;
#endif
#ifdef WANT_ACCESSLIST_BLACK
return exactmatch == NULL;
#else
return exactmatch != NULL;
#endif
}
7 months ago
static void *accesslist_worker(void *args) {
int sig;
sigset_t signal_mask;
sigemptyset(&signal_mask);
sigaddset(&signal_mask, SIGHUP);
(void)args;
7 months ago
while (1) {
if (!g_opentracker_running)
7 months ago
return NULL;
/* Initial attempt to read accesslist */
7 months ago
accesslist_readfile();
/* Wait for signals */
7 months ago
while (sigwait(&signal_mask, &sig) != 0 && sig != SIGHUP)
;
}
return NULL;
}
#ifdef WANT_DYNAMIC_ACCESSLIST
static pthread_t thread_adder_id, thread_deleter_id;
7 months ago
static void *accesslist_adddel_worker(char *fifoname, ot_accesslist *_Atomic *adding_to, ot_accesslist *_Atomic *removing_from) {
struct stat st;
if (!stat(fifoname, &st)) {
if (!S_ISFIFO(st.st_mode)) {
fprintf(stderr, "Error when starting dynamic accesslists: Found Non-FIFO file at %s.\nPlease remove it and restart opentracker.\n", fifoname);
return NULL;
}
} else {
int error = mkfifo(fifoname, 0755);
if (error && error != EEXIST) {
fprintf(stderr, "Error when starting dynamic accesslists: Couldn't create FIFO at %s, error: %s\n", fifoname, strerror(errno));
return NULL;
}
}
while (g_opentracker_running) {
7 months ago
FILE *fifo = fopen(fifoname, "r");
char *line = NULL;
size_t linecap = 0;
ssize_t linelen;
if (!fifo) {
fprintf(stderr, "Error when reading dynamic accesslists: Couldn't open FIFO at %s, error: %s\n", fifoname, strerror(errno));
return NULL;
}
while ((linelen = getline(&line, &linecap, fifo)) > 0) {
ot_hash info_hash;
7 months ago
int i;
printf("Got line %*s", (int)linelen, line);
/* We do ignore anything that is not of the form "^[:xdigit:]{40}[^:xdigit:].*"
If there's not enough characters for an info_hash in the line, skip it. */
if (linelen < 41)
continue;
7 months ago
for (i = 0; i < (int)sizeof(ot_hash); ++i) {
int eger1 = scan_fromhex((unsigned char)line[2 * i]);
int eger2 = scan_fromhex((unsigned char)line[1 + 2 * i]);
if (eger1 < 0 || eger2 < 0)
break;
7 months ago
((uint8_t *)info_hash)[i] = (uint8_t)(eger1 * 16 + eger2);
}
7 months ago
printf("parsed info_hash %20s\n", info_hash);
if (i != sizeof(ot_hash))
continue;
/* From now on we modify g_accesslist_add and g_accesslist_delete, so prevent the
other worker threads from doing the same */
pthread_mutex_lock(&g_accesslist_mutex);
/* If the info hash is in the removing_from list, create a new head without that entry */
if (*removing_from && (*removing_from)->list) {
7 months ago
ot_hash *exactmatch = bsearch(info_hash, (*removing_from)->list, (*removing_from)->size, OT_HASH_COMPARE_SIZE, vector_compare_hash);
if (exactmatch) {
7 months ago
ptrdiff_t off = exactmatch - (*removing_from)->list;
ot_accesslist *accesslist_new = accesslist_make(*removing_from, (*removing_from)->size - 1);
if (accesslist_new) {
memcpy(accesslist_new->list, (*removing_from)->list, sizeof(ot_hash) * off);
memcpy(accesslist_new->list + off, (*removing_from)->list + off + 1, (*removing_from)->size - off - 1);
*removing_from = accesslist_new;
}
}
}
/* Simple case: there's no adding_to list yet, create one with one member */
if (!*adding_to) {
7 months ago
ot_accesslist *accesslist_new = accesslist_make(NULL, 1);
if (accesslist_new) {
memcpy(accesslist_new->list, info_hash, sizeof(ot_hash));
*adding_to = accesslist_new;
}
} else {
7 months ago
int exactmatch = 0;
ot_hash *insert_point = binary_search(info_hash, (*adding_to)->list, (*adding_to)->size, OT_HASH_COMPARE_SIZE, sizeof(ot_hash), &exactmatch);
/* Only if the info hash is not in the adding_to list, create a new head with that entry */
if (!exactmatch) {
7 months ago
ot_accesslist *accesslist_new = accesslist_make(*adding_to, (*adding_to)->size + 1);
ptrdiff_t off = insert_point - (*adding_to)->list;
if (accesslist_new) {
memcpy(accesslist_new->list, (*adding_to)->list, sizeof(ot_hash) * off);
memcpy(accesslist_new->list + off, info_hash, sizeof(info_hash));
memcpy(accesslist_new->list + off + 1, (*adding_to)->list + off, (*adding_to)->size - off);
*adding_to = accesslist_new;
}
}
}
pthread_mutex_unlock(&g_accesslist_mutex);
}
fclose(fifo);
}
return NULL;
}
7 months ago
static void *accesslist_adder_worker(void *args) {
(void)args;
return accesslist_adddel_worker(g_accesslist_pipe_add, &g_accesslist_add, &g_accesslist_delete);
}
7 months ago
static void *accesslist_deleter_worker(void *args) {
(void)args;
return accesslist_adddel_worker(g_accesslist_pipe_delete, &g_accesslist_delete, &g_accesslist_add);
}
#endif
static pthread_t thread_id;
7 months ago
void accesslist_init() {
pthread_mutex_init(&g_accesslist_mutex, NULL);
7 months ago
pthread_create(&thread_id, NULL, accesslist_worker, NULL);
#ifdef WANT_DYNAMIC_ACCESSLIST
if (g_accesslist_pipe_add)
7 months ago
pthread_create(&thread_adder_id, NULL, accesslist_adder_worker, NULL);
if (g_accesslist_pipe_delete)
7 months ago
pthread_create(&thread_deleter_id, NULL, accesslist_deleter_worker, NULL);
#endif
}
7 months ago
void accesslist_deinit(void) {
/* Wake up sleeping worker */
pthread_kill(thread_id, SIGHUP);
pthread_mutex_lock(&g_accesslist_mutex);
g_accesslist = accesslist_free(g_accesslist);
#ifdef WANT_DYNAMIC_ACCESSLIST
7 months ago
g_accesslist_add = accesslist_free(g_accesslist_add);
g_accesslist_delete = accesslist_free(g_accesslist_delete);
#endif
pthread_mutex_unlock(&g_accesslist_mutex);
7 months ago
pthread_cancel(thread_id);
pthread_mutex_destroy(&g_accesslist_mutex);
}
7 months ago
void accesslist_cleanup(void) {
pthread_mutex_lock(&g_accesslist_mutex);
accesslist_clean(g_accesslist);
#if WANT_DYNAMIC_ACCESSLIST
accesslist_clean(g_accesslist_add);
accesslist_clean(g_accesslist_delete);
#endif
pthread_mutex_unlock(&g_accesslist_mutex);
}
#endif
7 months ago
int address_in_net(const ot_ip6 address, const ot_net *net) {
int bits = net->bits, checkbits = (0x7f00 >> (bits & 7));
int result = memcmp(address, &net->address, bits >> 3);
if (!result && (bits & 7))
result = (checkbits & address[bits >> 3]) - (checkbits & net->address[bits >> 3]);
return result == 0;
}
7 months ago
void *set_value_for_net(const ot_net *net, ot_vector *vector, const void *value, const size_t member_size) {
size_t i;
7 months ago
int exactmatch;
/* Caller must have a concept of ot_net in it's member */
7 months ago
if (member_size < sizeof(ot_net))
return 0;
/* Check each net in vector for overlap */
7 months ago
uint8_t *member = ((uint8_t *)vector->data);
for (i = 0; i < vector->size; ++i) {
if (address_in_net(*(ot_ip6 *)member, net) || address_in_net(net->address, (ot_net *)member))
return 0;
member += member_size;
}
7 months ago
member = vector_find_or_insert(vector, (void *)net, member_size, sizeof(ot_net), &exactmatch);
if (member) {
memcpy(member, net, sizeof(ot_net));
memcpy(member + sizeof(ot_net), value, member_size - sizeof(ot_net));
}
return member;
}
/* Takes a vector filled with { ot_net net, uint8_t[x] value };
Returns value associated with the net, or NULL if not found */
7 months ago
void *get_value_for_net(const ot_ip6 address, const ot_vector *vector, const size_t member_size) {
int exactmatch;
/* This binary search will return a pointer to the first non-containing network... */
7 months ago
ot_net *net = binary_search(address, vector->data, vector->size, member_size, sizeof(ot_ip6), &exactmatch);
if (!net)
return NULL;
/* ... so we'll need to move back one step unless we've exactly hit the first address in network */
7 months ago
if (!exactmatch && ((void *)net > vector->data))
--net;
7 months ago
if (!address_in_net(address, net))
return NULL;
7 months ago
return (void *)net;
}
#ifdef WANT_FULLLOG_NETWORKS
7 months ago
static ot_vector g_lognets_list;
ot_log *g_logchain_first, *g_logchain_last;
static pthread_mutex_t g_lognets_list_mutex = PTHREAD_MUTEX_INITIALIZER;
7 months ago
void loglist_add_network(const ot_net *net) {
pthread_mutex_lock(&g_lognets_list_mutex);
7 months ago
set_value_for_net(net, &g_lognets_list, NULL, sizeof(ot_net));
pthread_mutex_unlock(&g_lognets_list_mutex);
}
7 months ago
void loglist_reset() {
pthread_mutex_lock(&g_lognets_list_mutex);
7 months ago
free(g_lognets_list.data);
g_lognets_list.data = 0;
g_lognets_list.size = g_lognets_list.space = 0;
7 months ago
pthread_mutex_unlock(&g_lognets_list_mutex);
}
7 months ago
int loglist_check_address(const ot_ip6 address) {
int result;
pthread_mutex_lock(&g_lognets_list_mutex);
7 months ago
result = (NULL != get_value_for_net(address, &g_lognets_list, sizeof(ot_net)));
pthread_mutex_unlock(&g_lognets_list_mutex);
return result;
}
#endif
#ifdef WANT_IP_FROM_PROXY
typedef struct {
7 months ago
ot_net *proxy;
ot_vector networks;
} ot_proxymap;
7 months ago
static ot_vector g_proxies_list;
static pthread_mutex_t g_proxies_list_mutex = PTHREAD_MUTEX_INITIALIZER;
7 months ago
int proxylist_add_network(const ot_net *proxy, const ot_net *net) {
ot_proxymap *map;
int exactmatch, result = 1;
pthread_mutex_lock(&g_proxies_list_mutex);
/* If we have a direct hit, use and extend the vector there */
7 months ago
map = binary_search(proxy, g_proxies_list.data, g_proxies_list.size, sizeof(ot_proxymap), sizeof(ot_net), &exactmatch);
7 months ago
if (!map || !exactmatch) {
/* else see, if we've got overlapping networks
and get a new empty vector if not */
ot_vector empty;
7 months ago
memset(&empty, 0, sizeof(ot_vector));
map = set_value_for_net(proxy, &g_proxies_list, &empty, sizeof(ot_proxymap));
}
7 months ago
if (map && set_value_for_net(net, &map->networks, NULL, sizeof(ot_net)))
result = 1;
pthread_mutex_unlock(&g_proxies_list_mutex);
return result;
}
7 months ago
int proxylist_check_proxy(const ot_ip6 proxy, const ot_ip6 address) {
int result = 0;
ot_proxymap *map;
pthread_mutex_lock(&g_proxies_list_mutex);
7 months ago
if ((map = get_value_for_net(proxy, &g_proxies_list, sizeof(ot_proxymap))))
if (!address || get_value_for_net(address, &map->networks, sizeof(ot_net)))
result = 1;
pthread_mutex_unlock(&g_proxies_list_mutex);
return result;
}
#endif
static ot_net g_admin_nets[OT_ADMINIP_MAX];
static ot_permissions g_admin_nets_permissions[OT_ADMINIP_MAX];
static unsigned int g_admin_nets_count = 0;
7 months ago
int accesslist_bless_net(ot_net *net, ot_permissions permissions) {
if (g_admin_nets_count >= OT_ADMINIP_MAX)
return -1;
16 years ago
memcpy(g_admin_nets + g_admin_nets_count, net, sizeof(ot_net));
7 months ago
g_admin_nets_permissions[g_admin_nets_count++] = permissions;
16 years ago
#ifdef _DEBUG
16 years ago
{
char _debug[512];
7 months ago
int off = snprintf(_debug, sizeof(_debug), "Blessing ip net ");
off += fmt_ip6c(_debug + off, net->address);
if (net->bits < 128) {
_debug[off++] = '/';
7 months ago
if (ip6_isv4mapped(net->address))
off += fmt_long(_debug + off, net->bits - 96);
else
7 months ago
off += fmt_long(_debug + off, net->bits);
}
7 months ago
if (permissions & OT_PERMISSION_MAY_STAT)
off += snprintf(_debug + off, 512 - off, " may_fetch_stats");
if (permissions & OT_PERMISSION_MAY_LIVESYNC)
off += snprintf(_debug + off, 512 - off, " may_sync_live");
if (permissions & OT_PERMISSION_MAY_FULLSCRAPE)
off += snprintf(_debug + off, 512 - off, " may_fetch_fullscrapes");
if (permissions & OT_PERMISSION_MAY_PROXY)
off += snprintf(_debug + off, 512 - off, " may_proxy");
if (!permissions)
off += snprintf(_debug + off, sizeof(_debug) - off, " nothing");
16 years ago
_debug[off++] = '.';
_debug[off++] = '\n';
7 months ago
(void)write(2, _debug, off);
16 years ago
}
#endif
16 years ago
return 0;
}
7 months ago
int accesslist_is_blessed(ot_ip6 ip, ot_permissions permissions) {
unsigned int i;
7 months ago
for (i = 0; i < g_admin_nets_count; ++i)
if (address_in_net(ip, g_admin_nets + i) && (g_admin_nets_permissions[i] & permissions))
return 1;
return 0;
}