From 95d28494f6fbe352ac7746f0c544e3527534ba0d Mon Sep 17 00:00:00 2001 From: Joseph Henry Date: Mon, 25 Jan 2016 12:55:29 -0800 Subject: Mac OSX Port - Lightly tested --- netcon/Intercept.c | 44 ++++++++++++++++++++++++++++++++++++++------ netcon/Intercept.h | 24 +++++++++++++++++------- netcon/LWIPStack.hpp | 6 ++++++ netcon/README.md | 16 ++++++++++++++++ netcon/RPC.c | 16 +++++++++++----- 5 files changed, 88 insertions(+), 18 deletions(-) (limited to 'netcon') diff --git a/netcon/Intercept.c b/netcon/Intercept.c index 9c4feedf..48276c96 100644 --- a/netcon/Intercept.c +++ b/netcon/Intercept.c @@ -38,20 +38,25 @@ #include #include #include -#include #include #include #include -#include #include #include #include #include #include #include -#include /* for NPROTO */ -#define SOCK_MAX (SOCK_PACKET + 1) +#if defined(__linux__) + #include + #include + #include /* for NPROTO */ +#endif + +#if defined(__linux__) + #define SOCK_MAX (SOCK_PACKET + 1) +#endif #define SOCK_TYPE_MASK 0xf #include "Intercept.h" @@ -92,6 +97,11 @@ static int connected_to_service(int sockfd) static int set_up_intercept() { if (!realconnect) { + +#if defined(__linux__) + realaccept4 = dlsym(RTLD_NEXT, "accept4"); + realsyscall = dlsym(RTLD_NEXT, "syscall"); +#endif realconnect = dlsym(RTLD_NEXT, "connect"); realbind = dlsym(RTLD_NEXT, "bind"); realaccept = dlsym(RTLD_NEXT, "accept"); @@ -100,9 +110,7 @@ static int set_up_intercept() realbind = dlsym(RTLD_NEXT, "bind"); realsetsockopt = dlsym(RTLD_NEXT, "setsockopt"); realgetsockopt = dlsym(RTLD_NEXT, "getsockopt"); - realaccept4 = dlsym(RTLD_NEXT, "accept4"); realclose = dlsym(RTLD_NEXT, "close"); - realsyscall = dlsym(RTLD_NEXT, "syscall"); realgetsockname = dlsym(RTLD_NEXT, "getsockname"); } if (!netpath) { @@ -127,10 +135,12 @@ int setsockopt(SETSOCKOPT_SIG) return realsetsockopt(socket, level, option_name, option_value, option_len); dwr(MSG_DEBUG,"setsockopt(%d)\n", socket); +#if defined(__linux__) if(level == SOL_IPV6 && option_name == IPV6_V6ONLY) return 0; if(level == SOL_IP && (option_name == IP_TTL || option_name == IP_TOS)) return 0; +#endif if(level == IPPROTO_TCP || (level == SOL_SOCKET && option_name == SO_KEEPALIVE)) return 0; if(realsetsockopt(socket, level, option_name, option_value, option_len) < 0) @@ -169,13 +179,16 @@ int socket(SOCKET_SIG) dwr(MSG_DEBUG,"socket():\n"); /* Check that type makes sense */ +#if defined(__linux__) int flags = socket_type & ~SOCK_TYPE_MASK; if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK)) { errno = EINVAL; return -1; } +#endif socket_type &= SOCK_TYPE_MASK; /* Check protocol is in range */ +#if defined(__linux__) if (socket_family < 0 || socket_family >= NPROTO){ errno = EAFNOSUPPORT; return -1; @@ -184,9 +197,12 @@ int socket(SOCKET_SIG) errno = EINVAL; return -1; } +#endif /* TODO: detect ENFILE condition */ if(socket_family == AF_LOCAL +#if defined(__linux__) || socket_family == AF_NETLINK +#endif || socket_family == AF_UNIX) { int err = realsocket(socket_family, socket_type, protocol); dwr(MSG_DEBUG,"realsocket() = %d\n", err); @@ -244,24 +260,30 @@ int connect(CONNECT_SIG) errno = ENOTSOCK; return -1; } +#if defined(__linux__) /* Check family */ if (connaddr->sin_family < 0 || connaddr->sin_family >= NPROTO){ errno = EAFNOSUPPORT; return -1; } +#endif /* make sure we don't touch any standard outputs */ if(__fd == STDIN_FILENO || __fd == STDOUT_FILENO || __fd == STDERR_FILENO) return(realconnect(__fd, __addr, __len)); if(__addr != NULL && (connaddr->sin_family == AF_LOCAL +#if defined(__linux__) || connaddr->sin_family == PF_NETLINK || connaddr->sin_family == AF_NETLINK +#endif || connaddr->sin_family == AF_UNIX)) { return realconnect(__fd, __addr, __len); } /* Assemble and send RPC */ struct connect_st rpc_st; +#if defined(__linux__) rpc_st.__tid = syscall(SYS_gettid); +#endif rpc_st.__fd = __fd; memcpy(&rpc_st.__addr, __addr, sizeof(struct sockaddr_storage)); memcpy(&rpc_st.__len, &__len, sizeof(socklen_t)); @@ -300,7 +322,9 @@ int bind(BIND_SIG) connaddr = (struct sockaddr_in *)addr; if(connaddr->sin_family == AF_LOCAL +#if defined(__linux__) || connaddr->sin_family == AF_NETLINK +#endif || connaddr->sin_family == AF_UNIX) { int err = realbind(sockfd, addr, addrlen); dwr(MSG_DEBUG,"realbind, err = %d\n", err); @@ -317,7 +341,9 @@ int bind(BIND_SIG) /* Assemble and send RPC */ struct bind_st rpc_st; rpc_st.sockfd = sockfd; +#if defined(__linux__) rpc_st.__tid = syscall(SYS_gettid); +#endif memcpy(&rpc_st.addr, addr, sizeof(struct sockaddr_storage)); memcpy(&rpc_st.addrlen, &addrlen, sizeof(socklen_t)); return rpc_send_command(netpath, RPC_BIND, sockfd, &rpc_st, sizeof(struct bind_st)); @@ -328,6 +354,7 @@ int bind(BIND_SIG) ------------------------------------------------------------------------------*/ /* int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags */ +#if defined(__linux__) int accept4(ACCEPT4_SIG) { dwr(MSG_DEBUG,"accept4(%d):\n", sockfd); @@ -337,6 +364,7 @@ int accept4(ACCEPT4_SIG) fcntl(sockfd, F_SETFL, O_NONBLOCK); return accept(sockfd, addr, addrlen); } +#endif /*------------------------------------------------------------------------------ ----------------------------------- accept() ----------------------------------- @@ -442,7 +470,9 @@ int listen(LISTEN_SIG) struct listen_st rpc_st; rpc_st.sockfd = sockfd; rpc_st.backlog = backlog; +#if defined(__linux__) rpc_st.__tid = syscall(SYS_gettid); +#endif return rpc_send_command(netpath, RPC_LISTEN, sockfd, &rpc_st, sizeof(struct listen_st)); } @@ -502,6 +532,7 @@ int getsockname(GETSOCKNAME_SIG) ------------------------------------ syscall() --------------------------------- ------------------------------------------------------------------------------*/ +#if defined(__linux__) long syscall(SYSCALL_SIG) { va_list ap; @@ -542,3 +573,4 @@ long syscall(SYSCALL_SIG) #endif return realsyscall(number,a,b,c,d,e,f); } +#endif \ No newline at end of file diff --git a/netcon/Intercept.h b/netcon/Intercept.h index b399993b..9593468f 100644 --- a/netcon/Intercept.h +++ b/netcon/Intercept.h @@ -25,12 +25,17 @@ * LLC. Start here: http://www.zerotier.com/ */ - #ifndef _INTERCEPT_H #define _INTERCEPT_H 1 #include + +#if defined(__linux__) + #define ACCEPT4_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags + #define SYSCALL_SIG long number, ... +#endif + #define CLOSE_SIG int fd #define READ_SIG int __fd, void *__buf, size_t __nbytes #define BIND_SIG int sockfd, const struct sockaddr *addr, socklen_t addrlen @@ -38,7 +43,6 @@ #define WRITE_SIG int __fd, const void *__buf, size_t __n #define LISTEN_SIG int sockfd, int backlog #define SOCKET_SIG int socket_family, int socket_type, int protocol -#define ACCEPT4_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags #define ACCEPT_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen #define SHUTDOWN_SIG int socket, int how #define CONNECT_SOCKARG struct sockaddr * @@ -47,12 +51,17 @@ #define DAEMON_SIG int nochdir, int noclose #define SETSOCKOPT_SIG int socket, int level, int option_name, const void *option_value, socklen_t option_len #define GETSOCKOPT_SIG int sockfd, int level, int optname, void *optval, socklen_t *optlen -#define SYSCALL_SIG long number, ... #define CLONE_SIG int (*fn)(void *), void *child_stack, int flags, void *arg, ... #define GETSOCKNAME_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen #define DUP2_SIG int oldfd, int newfd #define DUP3_SIG int oldfd, int newfd, int flags + +#if defined(__linux__) + int accept4(ACCEPT4_SIG); + long syscall(SYSCALL_SIG); +#endif + void my_init(void); int connect(CONNECT_SIG); int bind(BIND_SIG); @@ -61,14 +70,17 @@ int listen(LISTEN_SIG); int socket(SOCKET_SIG); int setsockopt(SETSOCKOPT_SIG); int getsockopt(GETSOCKOPT_SIG); -int accept4(ACCEPT4_SIG); -long syscall(SYSCALL_SIG); int close(CLOSE_SIG); int clone(CLONE_SIG); int dup2(DUP2_SIG); int dup3(DUP3_SIG); int getsockname(GETSOCKNAME_SIG); +#if defined(__linux__) + static int (*realaccept4)(ACCEPT4_SIG) = 0; + static long (*realsyscall)(SYSCALL_SIG) = 0; +#endif + static int (*realconnect)(CONNECT_SIG) = 0; static int (*realbind)(BIND_SIG) = 0; static int (*realaccept)(ACCEPT_SIG) = 0; @@ -76,8 +88,6 @@ static int (*reallisten)(LISTEN_SIG) = 0; static int (*realsocket)(SOCKET_SIG) = 0; static int (*realsetsockopt)(SETSOCKOPT_SIG) = 0; static int (*realgetsockopt)(GETSOCKOPT_SIG) = 0; -static int (*realaccept4)(ACCEPT4_SIG) = 0; -static long (*realsyscall)(SYSCALL_SIG) = 0; static int (*realclose)(CLOSE_SIG) = 0; static int (*realgetsockname)(GETSOCKNAME_SIG) = 0; diff --git a/netcon/LWIPStack.hpp b/netcon/LWIPStack.hpp index fedbdd5f..2ad1a843 100644 --- a/netcon/LWIPStack.hpp +++ b/netcon/LWIPStack.hpp @@ -132,7 +132,13 @@ public: LWIPStack(const char* path) : _libref(NULL) { + +#if defined(__linux__) _libref = dlmopen(LM_ID_NEWLM, path, RTLD_NOW); +#elif defined(__APPLE__) + _libref = dlopen(path, RTLD_NOW); +#endif + if(_libref == NULL) printf("dlerror(): %s\n", dlerror()); diff --git a/netcon/README.md b/netcon/README.md index d694064a..12d48c1d 100644 --- a/netcon/README.md +++ b/netcon/README.md @@ -70,6 +70,22 @@ The intercept library does nothing unless the *ZT\_NC\_NETWORK* environment vari Unlike *zerotier-one*, *zerotier-netcon-service* does not need to be run with root privileges and will not modify the host's network configuration in any way. It can be run alongside *zerotier-one* on the same host with no ill effect, though this can be confusing since you'll have to remember the difference between "real" host interfaces (tun/tap) and network containerized endpoints. The latter are completely unknown to the kernel and will not show up in *ifconfig*. +# Linking into an application on Mac OSX + +Example: + + gcc myapp.c -o myapp libzerotierintercept.so + export ZT_NC_NETWORK=/tmp/netcon-test-home/nc_8056c2e21c000001 + +Start service + + ./zerotier-netcon-service -d -p8000 /tmp/netcon-test-home + +Run application + + ./myapp + + # Starting the Network Containers Service You don't need Docker or any other container engine to try Network Containers. A simple test can be performed in user space (no root) in your own home directory. diff --git a/netcon/RPC.c b/netcon/RPC.c index a6965892..7d5c11e0 100644 --- a/netcon/RPC.c +++ b/netcon/RPC.c @@ -3,7 +3,10 @@ #include #include #include + +#if defined(__linux__) #include +#endif #include #include @@ -70,12 +73,12 @@ int get_retval(int rpc_sock) int load_symbols_rpc() { - #ifdef NETCON_INTERCEPT +#ifdef NETCON_INTERCEPT realsocket = dlsym(RTLD_NEXT, "socket"); realconnect = dlsym(RTLD_NEXT, "connect"); if(!realconnect || !realsocket) return -1; - #endif +#endif return 1; } @@ -131,19 +134,22 @@ int rpc_send_command(char *path, int cmd, int forfd, void *data, int len) memcpy(&cmdbuf[CANARY_IDX], &canary_num, CANARY_SZ); memcpy(&cmdbuf[STRUCT_IDX], data, len); -#ifdef VERBOSE +#if defined(VERBOSE) + rpc_count++; memset(metabuf, 0, BUF_SZ); +#if defined(__linux__) pid_t pid = syscall(SYS_getpid); pid_t tid = syscall(SYS_gettid); - rpc_count++; +#endif char timestring[20]; time_t timestamp; timestamp = time(NULL); strftime(timestring, sizeof(timestring), "%H:%M:%S", localtime(×tamp)); memcpy(metabuf, RPC_PHRASE, RPC_PHRASE_SZ); // Write signal phrase - +#if defined(__linux__) memcpy(&metabuf[IDX_PID], &pid, sizeof(pid_t) ); /* pid */ memcpy(&metabuf[IDX_TID], &tid, sizeof(pid_t) ); /* tid */ +#endif memcpy(&metabuf[IDX_COUNT], &rpc_count, sizeof(rpc_count) ); /* rpc_count */ memcpy(&metabuf[IDX_TIME], ×tring, 20 ); /* timestamp */ #endif -- cgit v1.2.3