conf, tcp, udp: Exit if we fail to bind sockets for all given ports

passt supports ranges of forwarded ports as well as 'all' for TCP and
UDP, so it might be convenient to proceed if we fail to bind only
some of the desired ports.

But if we fail to bind even a single port for a given specification,
we're clearly, unexpectedly, conflicting with another network
service. In that case, report failure and exit.

Reported-by: Yalan Zhang <yalzhang@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
Stefano Brivio 2023-02-16 01:29:55 +01:00
parent b4f13c2b18
commit 3d0de2c1d7
5 changed files with 69 additions and 27 deletions

47
conf.c
View file

@ -179,9 +179,9 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
{ {
char addr_buf[sizeof(struct in6_addr)] = { 0 }, *addr = addr_buf; char addr_buf[sizeof(struct in6_addr)] = { 0 }, *addr = addr_buf;
char buf[BUFSIZ], *spec, *ifname = NULL, *p; char buf[BUFSIZ], *spec, *ifname = NULL, *p;
bool exclude_only = true, bound_one = false;
uint8_t exclude[PORT_BITMAP_SIZE] = { 0 }; uint8_t exclude[PORT_BITMAP_SIZE] = { 0 };
sa_family_t af = AF_UNSPEC; sa_family_t af = AF_UNSPEC;
bool exclude_only = true;
if (!strcmp(optarg, "none")) { if (!strcmp(optarg, "none")) {
if (fwd->mode) if (fwd->mode)
@ -215,11 +215,18 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
memset(fwd->map, 0xff, PORT_EPHEMERAL_MIN / 8); memset(fwd->map, 0xff, PORT_EPHEMERAL_MIN / 8);
for (i = 0; i < PORT_EPHEMERAL_MIN; i++) { for (i = 0; i < PORT_EPHEMERAL_MIN; i++) {
if (optname == 't') if (optname == 't') {
tcp_sock_init(c, AF_UNSPEC, NULL, NULL, i); if (!tcp_sock_init(c, AF_UNSPEC, NULL, NULL, i))
else if (optname == 'u') bound_one = true;
udp_sock_init(c, 0, AF_UNSPEC, NULL, NULL, i); } else if (optname == 'u') {
if (!udp_sock_init(c, 0, AF_UNSPEC, NULL, NULL,
i))
bound_one = true;
} }
}
if (!bound_one)
goto bind_fail;
return; return;
} }
@ -293,11 +300,17 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
bitmap_set(fwd->map, i); bitmap_set(fwd->map, i);
if (optname == 't') if (optname == 't') {
tcp_sock_init(c, af, addr, ifname, i); if (!tcp_sock_init(c, af, addr, ifname, i))
else if (optname == 'u') bound_one = true;
udp_sock_init(c, 0, af, addr, ifname, i); } else if (optname == 'u') {
if (!udp_sock_init(c, 0, af, addr, ifname, i))
bound_one = true;
} }
}
if (!bound_one)
goto bind_fail;
return; return;
} }
@ -339,13 +352,19 @@ static void conf_ports(const struct ctx *c, char optname, const char *optarg,
fwd->delta[i] = mapped_range.first - orig_range.first; fwd->delta[i] = mapped_range.first - orig_range.first;
if (optname == 't') if (optname == 't') {
tcp_sock_init(c, af, addr, ifname, i); if (!tcp_sock_init(c, af, addr, ifname, i))
else if (optname == 'u') bound_one = true;
udp_sock_init(c, 0, af, addr, ifname, i); } else if (optname == 'u') {
if (udp_sock_init(c, 0, af, addr, ifname, i))
bound_one = true;
}
} }
} while ((p = next_chunk(p, ','))); } while ((p = next_chunk(p, ',')));
if (!bound_one)
goto bind_fail;
return; return;
bad: bad:
die("Invalid port specifier %s", optarg); die("Invalid port specifier %s", optarg);
@ -353,6 +372,8 @@ overlap:
die("Overlapping port specifier %s", optarg); die("Overlapping port specifier %s", optarg);
mode_conflict: mode_conflict:
die("Port forwarding mode '%s' conflicts with previous mode", optarg); die("Port forwarding mode '%s' conflicts with previous mode", optarg);
bind_fail:
die("Failed to bind any port for '-%c %s', exiting", optname, optarg);
} }
/** /**

23
tcp.c
View file

@ -2916,20 +2916,31 @@ static int tcp_sock_init_af(const struct ctx *c, int af, in_port_t port,
* @addr: Pointer to address for binding, NULL if not configured * @addr: Pointer to address for binding, NULL if not configured
* @ifname: Name of interface to bind to, NULL if not configured * @ifname: Name of interface to bind to, NULL if not configured
* @port: Port, host order * @port: Port, host order
*
* Return: 0 on (partial) success, -1 on (complete) failure
*/ */
void tcp_sock_init(const struct ctx *c, sa_family_t af, const void *addr, int tcp_sock_init(const struct ctx *c, sa_family_t af, const void *addr,
const char *ifname, in_port_t port) const char *ifname, in_port_t port)
{ {
int ret = 0;
if (af == AF_UNSPEC && c->ifi4 && c->ifi6) if (af == AF_UNSPEC && c->ifi4 && c->ifi6)
/* Attempt to get a dual stack socket */ /* Attempt to get a dual stack socket */
if (tcp_sock_init_af(c, AF_UNSPEC, port, addr, ifname) >= 0) if (tcp_sock_init_af(c, AF_UNSPEC, port, addr, ifname) >= 0)
return; return 0;
/* Otherwise create a socket per IP version */ /* Otherwise create a socket per IP version */
if ((af == AF_INET || af == AF_UNSPEC) && c->ifi4) if ((af == AF_INET || af == AF_UNSPEC) && c->ifi4) {
tcp_sock_init_af(c, AF_INET, port, addr, ifname); if (tcp_sock_init_af(c, AF_INET, port, addr, ifname) < 0)
if ((af == AF_INET6 || af == AF_UNSPEC) && c->ifi6) ret = -1;
tcp_sock_init_af(c, AF_INET6, port, addr, ifname); }
if ((af == AF_INET6 || af == AF_UNSPEC) && c->ifi6) {
if (tcp_sock_init_af(c, AF_INET6, port, addr, ifname) < 0)
ret = -1;
}
return ret;
} }
/** /**

2
tcp.h
View file

@ -17,7 +17,7 @@ void tcp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
const struct timespec *now); const struct timespec *now);
int tcp_tap_handler(struct ctx *c, int af, const void *addr, int tcp_tap_handler(struct ctx *c, int af, const void *addr,
const struct pool *p, const struct timespec *now); const struct pool *p, const struct timespec *now);
void tcp_sock_init(const struct ctx *c, sa_family_t af, const void *addr, int tcp_sock_init(const struct ctx *c, sa_family_t af, const void *addr,
const char *ifname, in_port_t port); const char *ifname, in_port_t port);
int tcp_init(struct ctx *c); int tcp_init(struct ctx *c);
void tcp_timer(struct ctx *c, const struct timespec *ts); void tcp_timer(struct ctx *c, const struct timespec *ts);

14
udp.c
View file

@ -955,12 +955,14 @@ int udp_tap_handler(struct ctx *c, int af, const void *addr,
* @addr: Pointer to address for binding, NULL if not configured * @addr: Pointer to address for binding, NULL if not configured
* @ifname: Name of interface to bind to, NULL if not configured * @ifname: Name of interface to bind to, NULL if not configured
* @port: Port, host order * @port: Port, host order
*
* Return: 0 on (partial) success, -1 on (complete) failure
*/ */
void udp_sock_init(const struct ctx *c, int ns, sa_family_t af, int udp_sock_init(const struct ctx *c, int ns, sa_family_t af,
const void *addr, const char *ifname, in_port_t port) const void *addr, const char *ifname, in_port_t port)
{ {
union udp_epoll_ref uref = { .u32 = 0 }; union udp_epoll_ref uref = { .u32 = 0 };
int s; int s, ret = 0;
if (ns) { if (ns) {
uref.udp.port = (in_port_t)(port + uref.udp.port = (in_port_t)(port +
@ -989,6 +991,9 @@ void udp_sock_init(const struct ctx *c, int ns, sa_family_t af,
ifname, port, uref.u32); ifname, port, uref.u32);
udp_splice_ns[V4][port].sock = s; udp_splice_ns[V4][port].sock = s;
} }
if (s < 0)
ret = -1;
} }
if ((af == AF_INET6 || af == AF_UNSPEC) && c->ifi6) { if ((af == AF_INET6 || af == AF_UNSPEC) && c->ifi6) {
@ -1009,7 +1014,12 @@ void udp_sock_init(const struct ctx *c, int ns, sa_family_t af,
ifname, port, uref.u32); ifname, port, uref.u32);
udp_splice_ns[V6][port].sock = s; udp_splice_ns[V6][port].sock = s;
} }
if (s < 0)
ret = -1;
} }
return ret;
} }
/** /**

2
udp.h
View file

@ -12,7 +12,7 @@ void udp_sock_handler(struct ctx *c, union epoll_ref ref, uint32_t events,
const struct timespec *now); const struct timespec *now);
int udp_tap_handler(struct ctx *c, int af, const void *addr, int udp_tap_handler(struct ctx *c, int af, const void *addr,
const struct pool *p, const struct timespec *now); const struct pool *p, const struct timespec *now);
void udp_sock_init(const struct ctx *c, int ns, sa_family_t af, int udp_sock_init(const struct ctx *c, int ns, sa_family_t af,
const void *addr, const char *ifname, in_port_t port); const void *addr, const char *ifname, in_port_t port);
int udp_init(struct ctx *c); int udp_init(struct ctx *c);
void udp_timer(struct ctx *c, const struct timespec *ts); void udp_timer(struct ctx *c, const struct timespec *ts);