]>
Commit | Line | Data |
---|---|---|
580fbd88 DW |
1 | /* |
2 | * iptunnel.c "ip tuntap" | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or | |
5 | * modify it under the terms of the GNU General Public License | |
6 | * as published by the Free Software Foundation; either version | |
7 | * 2 of the License, or (at your option) any later version. | |
8 | * | |
9 | * Authors: David Woodhouse <David.Woodhouse@intel.com> | |
10 | * | |
11 | */ | |
12 | ||
13 | #include <stdio.h> | |
14 | #include <stdlib.h> | |
15 | #include <string.h> | |
16 | #include <unistd.h> | |
17 | #include <sys/types.h> | |
18 | #include <sys/socket.h> | |
19 | #include <arpa/inet.h> | |
20 | #include <sys/ioctl.h> | |
21 | #include <linux/if.h> | |
22 | #include <linux/if_tun.h> | |
23 | #include <pwd.h> | |
24 | #include <grp.h> | |
25 | #include <fcntl.h> | |
26 | #include <dirent.h> | |
27 | #include <errno.h> | |
567e6960 | 28 | #include <glob.h> |
580fbd88 DW |
29 | |
30 | #include "rt_names.h" | |
31 | #include "utils.h" | |
32 | #include "ip_common.h" | |
33 | ||
34 | #define TUNDEV "/dev/net/tun" | |
35 | ||
36 | static void usage(void) __attribute__((noreturn)); | |
37 | ||
38 | static void usage(void) | |
39 | { | |
56f5daac | 40 | fprintf(stderr, "Usage: ip tuntap { add | del | show | list | lst | help } [ dev PHYS_DEV ]\n"); |
580fbd88 | 41 | fprintf(stderr, " [ mode { tun | tap } ] [ user USER ] [ group GROUP ]\n"); |
113fab78 | 42 | fprintf(stderr, " [ one_queue ] [ pi ] [ vnet_hdr ] [ multi_queue ] [ name NAME ]\n"); |
580fbd88 DW |
43 | fprintf(stderr, "\n"); |
44 | fprintf(stderr, "Where: USER := { STRING | NUMBER }\n"); | |
45 | fprintf(stderr, " GROUP := { STRING | NUMBER }\n"); | |
46 | exit(-1); | |
47 | } | |
48 | ||
49 | static int tap_add_ioctl(struct ifreq *ifr, uid_t uid, gid_t gid) | |
50 | { | |
1313ceb4 | 51 | int fd; |
580fbd88 DW |
52 | int ret = -1; |
53 | ||
54 | #ifdef IFF_TUN_EXCL | |
55 | ifr->ifr_flags |= IFF_TUN_EXCL; | |
56 | #endif | |
57 | ||
58 | fd = open(TUNDEV, O_RDWR); | |
59 | if (fd < 0) { | |
60 | perror("open"); | |
61 | return -1; | |
62 | } | |
63 | if (ioctl(fd, TUNSETIFF, ifr)) { | |
64 | perror("ioctl(TUNSETIFF)"); | |
65 | goto out; | |
66 | } | |
67 | if (uid != -1 && ioctl(fd, TUNSETOWNER, uid)) { | |
68 | perror("ioctl(TUNSETOWNER)"); | |
69 | goto out; | |
70 | } | |
71 | if (gid != -1 && ioctl(fd, TUNSETGROUP, gid)) { | |
72 | perror("ioctl(TUNSETGROUP)"); | |
73 | goto out; | |
74 | } | |
75 | if (ioctl(fd, TUNSETPERSIST, 1)) { | |
76 | perror("ioctl(TUNSETPERSIST)"); | |
77 | goto out; | |
78 | } | |
79 | ret = 0; | |
80 | out: | |
81 | close(fd); | |
82 | return ret; | |
83 | } | |
84 | ||
85 | static int tap_del_ioctl(struct ifreq *ifr) | |
86 | { | |
87 | int fd = open(TUNDEV, O_RDWR); | |
88 | int ret = -1; | |
89 | ||
90 | if (fd < 0) { | |
91 | perror("open"); | |
92 | return -1; | |
93 | } | |
94 | if (ioctl(fd, TUNSETIFF, ifr)) { | |
95 | perror("ioctl(TUNSETIFF)"); | |
96 | goto out; | |
97 | } | |
98 | if (ioctl(fd, TUNSETPERSIST, 0)) { | |
99 | perror("ioctl(TUNSETPERSIST)"); | |
100 | goto out; | |
101 | } | |
102 | ret = 0; | |
103 | out: | |
104 | close(fd); | |
105 | return ret; | |
106 | ||
107 | } | |
cc28aad1 SH |
108 | static int parse_args(int argc, char **argv, |
109 | struct ifreq *ifr, uid_t *uid, gid_t *gid) | |
580fbd88 DW |
110 | { |
111 | int count = 0; | |
112 | ||
113 | memset(ifr, 0, sizeof(*ifr)); | |
114 | ||
115 | ifr->ifr_flags |= IFF_NO_PI; | |
116 | ||
117 | while (argc > 0) { | |
118 | if (matches(*argv, "mode") == 0) { | |
119 | NEXT_ARG(); | |
120 | if (matches(*argv, "tun") == 0) { | |
121 | if (ifr->ifr_flags & IFF_TAP) { | |
56f5daac | 122 | fprintf(stderr, "You managed to ask for more than one tunnel mode.\n"); |
580fbd88 DW |
123 | exit(-1); |
124 | } | |
125 | ifr->ifr_flags |= IFF_TUN; | |
126 | } else if (matches(*argv, "tap") == 0) { | |
127 | if (ifr->ifr_flags & IFF_TUN) { | |
56f5daac | 128 | fprintf(stderr, "You managed to ask for more than one tunnel mode.\n"); |
580fbd88 DW |
129 | exit(-1); |
130 | } | |
131 | ifr->ifr_flags |= IFF_TAP; | |
132 | } else { | |
56f5daac | 133 | fprintf(stderr, "Unknown tunnel mode \"%s\"\n", *argv); |
580fbd88 DW |
134 | exit(-1); |
135 | } | |
136 | } else if (uid && matches(*argv, "user") == 0) { | |
137 | char *end; | |
138 | unsigned long user; | |
139 | ||
140 | NEXT_ARG(); | |
141 | if (**argv && ((user = strtol(*argv, &end, 10)), !*end)) | |
142 | *uid = user; | |
143 | else { | |
144 | struct passwd *pw = getpwnam(*argv); | |
56f5daac | 145 | |
580fbd88 DW |
146 | if (!pw) { |
147 | fprintf(stderr, "invalid user \"%s\"\n", *argv); | |
148 | exit(-1); | |
149 | } | |
150 | *uid = pw->pw_uid; | |
151 | } | |
152 | } else if (gid && matches(*argv, "group") == 0) { | |
153 | char *end; | |
154 | unsigned long group; | |
155 | ||
156 | NEXT_ARG(); | |
157 | ||
158 | if (**argv && ((group = strtol(*argv, &end, 10)), !*end)) | |
159 | *gid = group; | |
160 | else { | |
161 | struct group *gr = getgrnam(*argv); | |
56f5daac | 162 | |
580fbd88 DW |
163 | if (!gr) { |
164 | fprintf(stderr, "invalid group \"%s\"\n", *argv); | |
165 | exit(-1); | |
166 | } | |
167 | *gid = gr->gr_gid; | |
168 | } | |
169 | } else if (matches(*argv, "pi") == 0) { | |
170 | ifr->ifr_flags &= ~IFF_NO_PI; | |
171 | } else if (matches(*argv, "one_queue") == 0) { | |
172 | ifr->ifr_flags |= IFF_ONE_QUEUE; | |
173 | } else if (matches(*argv, "vnet_hdr") == 0) { | |
174 | ifr->ifr_flags |= IFF_VNET_HDR; | |
c41e038f SN |
175 | } else if (matches(*argv, "multi_queue") == 0) { |
176 | ifr->ifr_flags |= IFF_MULTI_QUEUE; | |
580fbd88 DW |
177 | } else if (matches(*argv, "dev") == 0) { |
178 | NEXT_ARG(); | |
625df645 PS |
179 | if (get_ifname(ifr->ifr_name, *argv)) |
180 | invarg("\"dev\" not a valid ifname", *argv); | |
580fbd88 DW |
181 | } else { |
182 | if (matches(*argv, "name") == 0) { | |
183 | NEXT_ARG(); | |
184 | } else if (matches(*argv, "help") == 0) | |
185 | usage(); | |
186 | if (ifr->ifr_name[0]) | |
187 | duparg2("name", *argv); | |
625df645 PS |
188 | if (get_ifname(ifr->ifr_name, *argv)) |
189 | invarg("\"name\" not a valid ifname", *argv); | |
580fbd88 DW |
190 | } |
191 | count++; | |
192 | argc--; argv++; | |
193 | } | |
194 | ||
f1a505ac | 195 | if (!(ifr->ifr_flags & TUN_TYPE_MASK)) { |
196 | fprintf(stderr, "You failed to specify a tunnel mode\n"); | |
197 | return -1; | |
198 | } | |
199 | ||
580fbd88 DW |
200 | return 0; |
201 | } | |
202 | ||
203 | ||
204 | static int do_add(int argc, char **argv) | |
205 | { | |
206 | struct ifreq ifr; | |
207 | uid_t uid = -1; | |
208 | gid_t gid = -1; | |
209 | ||
210 | if (parse_args(argc, argv, &ifr, &uid, &gid) < 0) | |
211 | return -1; | |
212 | ||
580fbd88 DW |
213 | return tap_add_ioctl(&ifr, uid, gid); |
214 | } | |
215 | ||
216 | static int do_del(int argc, char **argv) | |
217 | { | |
218 | struct ifreq ifr; | |
219 | ||
220 | if (parse_args(argc, argv, &ifr, NULL, NULL) < 0) | |
221 | return -1; | |
222 | ||
223 | return tap_del_ioctl(&ifr); | |
224 | } | |
225 | ||
580fbd88 DW |
226 | static void print_flags(long flags) |
227 | { | |
228 | if (flags & IFF_TUN) | |
229 | printf(" tun"); | |
230 | ||
231 | if (flags & IFF_TAP) | |
232 | printf(" tap"); | |
233 | ||
234 | if (!(flags & IFF_NO_PI)) | |
235 | printf(" pi"); | |
236 | ||
237 | if (flags & IFF_ONE_QUEUE) | |
238 | printf(" one_queue"); | |
239 | ||
240 | if (flags & IFF_VNET_HDR) | |
241 | printf(" vnet_hdr"); | |
242 | ||
243 | flags &= ~(IFF_TUN|IFF_TAP|IFF_NO_PI|IFF_ONE_QUEUE|IFF_VNET_HDR); | |
244 | if (flags) | |
245 | printf(" UNKNOWN_FLAGS:%lx", flags); | |
246 | } | |
247 | ||
567e6960 HFS |
248 | static char *pid_name(pid_t pid) |
249 | { | |
250 | char *comm; | |
251 | FILE *f; | |
252 | int err; | |
253 | ||
254 | err = asprintf(&comm, "/proc/%d/comm", pid); | |
255 | if (err < 0) | |
256 | return NULL; | |
257 | ||
258 | f = fopen(comm, "r"); | |
259 | free(comm); | |
260 | if (!f) { | |
261 | perror("fopen"); | |
262 | return NULL; | |
263 | } | |
264 | ||
265 | if (fscanf(f, "%ms\n", &comm) != 1) { | |
266 | perror("fscanf"); | |
267 | comm = NULL; | |
268 | } | |
269 | ||
270 | ||
271 | if (fclose(f)) | |
272 | perror("fclose"); | |
273 | ||
274 | return comm; | |
275 | } | |
276 | ||
277 | static void show_processes(const char *name) | |
278 | { | |
279 | glob_t globbuf = { }; | |
280 | char **fd_path; | |
281 | int err; | |
282 | ||
283 | err = glob("/proc/[0-9]*/fd/[0-9]*", GLOB_NOSORT, | |
284 | NULL, &globbuf); | |
285 | if (err) | |
286 | return; | |
287 | ||
288 | fd_path = globbuf.gl_pathv; | |
289 | while (*fd_path) { | |
290 | const char *dev_net_tun = "/dev/net/tun"; | |
291 | const size_t linkbuf_len = strlen(dev_net_tun) + 2; | |
292 | char linkbuf[linkbuf_len], *fdinfo; | |
293 | int pid, fd; | |
294 | FILE *f; | |
295 | ||
296 | if (sscanf(*fd_path, "/proc/%d/fd/%d", &pid, &fd) != 2) | |
297 | goto next; | |
298 | ||
299 | if (pid == getpid()) | |
300 | goto next; | |
301 | ||
302 | err = readlink(*fd_path, linkbuf, linkbuf_len - 1); | |
303 | if (err < 0) { | |
304 | perror("readlink"); | |
305 | goto next; | |
306 | } | |
307 | linkbuf[err] = '\0'; | |
308 | if (strcmp(dev_net_tun, linkbuf)) | |
309 | goto next; | |
310 | ||
311 | if (asprintf(&fdinfo, "/proc/%d/fdinfo/%d", pid, fd) < 0) | |
312 | goto next; | |
313 | ||
314 | f = fopen(fdinfo, "r"); | |
315 | free(fdinfo); | |
316 | if (!f) { | |
317 | perror("fopen"); | |
318 | goto next; | |
319 | } | |
320 | ||
321 | while (!feof(f)) { | |
322 | char *key = NULL, *value = NULL; | |
323 | ||
324 | err = fscanf(f, "%m[^:]: %ms\n", &key, &value); | |
325 | if (err == EOF) { | |
326 | if (ferror(f)) | |
327 | perror("fscanf"); | |
328 | break; | |
329 | } else if (err == 2 && | |
cc28aad1 SH |
330 | !strcmp("iff", key) && |
331 | !strcmp(name, value)) { | |
567e6960 | 332 | char *pname = pid_name(pid); |
cc28aad1 SH |
333 | |
334 | printf(" %s(%d)", pname ? : "<NULL>", pid); | |
567e6960 HFS |
335 | free(pname); |
336 | } | |
337 | ||
338 | free(key); | |
339 | free(value); | |
340 | } | |
341 | if (fclose(f)) | |
342 | perror("fclose"); | |
343 | ||
344 | next: | |
345 | ++fd_path; | |
346 | } | |
347 | ||
348 | globfree(&globbuf); | |
567e6960 HFS |
349 | } |
350 | ||
351 | ||
580fbd88 DW |
352 | static int do_show(int argc, char **argv) |
353 | { | |
354 | DIR *dir; | |
355 | struct dirent *d; | |
356 | long flags, owner = -1, group = -1; | |
357 | ||
358 | dir = opendir("/sys/class/net"); | |
359 | if (!dir) { | |
360 | perror("opendir"); | |
361 | return -1; | |
362 | } | |
363 | while ((d = readdir(dir))) { | |
364 | if (d->d_name[0] == '.' && | |
365 | (d->d_name[1] == 0 || d->d_name[1] == '.')) | |
366 | continue; | |
367 | ||
368 | if (read_prop(d->d_name, "tun_flags", &flags)) | |
369 | continue; | |
370 | ||
371 | read_prop(d->d_name, "owner", &owner); | |
372 | read_prop(d->d_name, "group", &group); | |
373 | ||
374 | printf("%s:", d->d_name); | |
375 | print_flags(flags); | |
376 | if (owner != -1) | |
377 | printf(" user %ld", owner); | |
378 | if (group != -1) | |
379 | printf(" group %ld", group); | |
380 | printf("\n"); | |
567e6960 HFS |
381 | if (show_details) { |
382 | printf("\tAttached to processes:"); | |
383 | show_processes(d->d_name); | |
384 | printf("\n"); | |
385 | } | |
580fbd88 | 386 | } |
e9a927dc | 387 | closedir(dir); |
580fbd88 DW |
388 | return 0; |
389 | } | |
390 | ||
391 | int do_iptuntap(int argc, char **argv) | |
392 | { | |
393 | if (argc > 0) { | |
394 | if (matches(*argv, "add") == 0) | |
395 | return do_add(argc-1, argv+1); | |
6e30461e | 396 | if (matches(*argv, "delete") == 0) |
580fbd88 DW |
397 | return do_del(argc-1, argv+1); |
398 | if (matches(*argv, "show") == 0 || | |
56f5daac SH |
399 | matches(*argv, "lst") == 0 || |
400 | matches(*argv, "list") == 0) | |
401 | return do_show(argc-1, argv+1); | |
580fbd88 DW |
402 | if (matches(*argv, "help") == 0) |
403 | usage(); | |
404 | } else | |
405 | return do_show(0, NULL); | |
406 | ||
407 | fprintf(stderr, "Command \"%s\" is unknown, try \"ip tuntap help\".\n", | |
408 | *argv); | |
409 | exit(-1); | |
410 | } |