#include <sys/types.h>
#include <unistd.h>
+#include <string>
+
#include "logs.h"
#include "subproc.h"
}
struct sockaddr_in6 addr;
- char cs_addr[64];
- connToText(connsock, true /* remote */, cs_addr, sizeof(cs_addr), &addr);
+ auto connstr = connToText(connsock, true /* remote */, &addr);
unsigned cnt = 0;
for (const auto& pid : nsjconf->pids) {
}
}
if (cnt >= nsjconf->max_conns_per_ip) {
- LOG_W("Rejecting connection from '%s', max_conns_per_ip limit reached: %u", cs_addr,
+ LOG_W("Rejecting connection from '%s', max_conns_per_ip limit reached: %u", connstr.c_str(),
nsjconf->max_conns_per_ip);
return false;
}
return -1;
}
- char ss_addr[64];
- connToText(sockfd, false /* remote */, ss_addr, sizeof(ss_addr), NULL);
- LOG_I("Listening on %s", ss_addr);
+ auto connstr = connToText(sockfd, false /* remote */, NULL);
+ LOG_I("Listening on %s", connstr.c_str());
return sockfd;
}
return -1;
}
- char cs_addr[64], ss_addr[64];
- connToText(connfd, true /* remote */, cs_addr, sizeof(cs_addr), NULL);
- connToText(connfd, false /* remote */, ss_addr, sizeof(ss_addr), NULL);
- LOG_I("New connection from: %s on: %s", cs_addr, ss_addr);
+ auto connremotestr = connToText(connfd, true /* remote */, NULL);
+ auto connlocalstr = connToText(connfd, false /* remote */, NULL);
+ LOG_I("New connection from: %s on: %s", connremotestr.c_str(), connlocalstr.c_str());
return connfd;
}
-void connToText(int fd, bool remote, char* buf, size_t s, struct sockaddr_in6* addr_or_null) {
- if (isSocket(fd) == false) {
- snprintf(buf, s, "[STANDALONE_MODE]");
- return;
+const std::string connToText(int fd, bool remote, struct sockaddr_in6* addr_or_null) {
+ std::string res;
+
+ if (!isSocket(fd)) {
+ return "[STANDALONE MODE]";
}
struct sockaddr_in6 addr;
if (remote) {
if (getpeername(fd, (struct sockaddr*)&addr, &addrlen) == -1) {
PLOG_W("getpeername(%d)", fd);
- snprintf(buf, s, "[unknown]");
- return;
+ return "[unknown]";
}
} else {
if (getsockname(fd, (struct sockaddr*)&addr, &addrlen) == -1) {
PLOG_W("getsockname(%d)", fd);
- snprintf(buf, s, "[unknown]");
- return;
+ return "[unknown]";
}
}
memcpy(addr_or_null, &addr, sizeof(*addr_or_null));
}
- char tmp[s];
- if (inet_ntop(AF_INET6, addr.sin6_addr.s6_addr, tmp, s) == NULL) {
+ char addrstr[128];
+ if (!inet_ntop(AF_INET6, addr.sin6_addr.s6_addr, addrstr, sizeof(addrstr))) {
PLOG_W("inet_ntop()");
- snprintf(buf, s, "[unknown]:%hu", ntohs(addr.sin6_port));
- return;
+ snprintf(addrstr, sizeof(addrstr), "[unknown](%s)", strerror(errno));
}
- snprintf(buf, s, "[%s]:%hu", tmp, ntohs(addr.sin6_port));
- return;
+
+ res.append("[");
+ res.append(addrstr);
+ res.append("]:");
+ res.append(std::to_string(ntohs(addr.sin6_port)));
+ return res;
}
static bool ifaceUp(const char* ifacename) {
putenv(const_cast<char*>(env.c_str()));
}
- char cs_addr[64];
- net::connToText(fd_in, true /* remote */, cs_addr, sizeof(cs_addr), NULL);
- LOG_I("Executing '%s' for '%s'", nsjconf->exec_file, cs_addr);
+ auto connstr = net::connToText(fd_in, /* remote= */ true, NULL);
+ LOG_I("Executing '%s' for '%s'", nsjconf->exec_file, connstr.c_str());
for (size_t i = 0; nsjconf->argv[i]; i++) {
LOG_D(" Arg[%zu]: '%s'", i, nsjconf->argv[i]);
static void addProc(nsjconf_t* nsjconf, pid_t pid, int sock) {
pids_t p;
+
p.pid = pid;
p.start = time(NULL);
-
- net::connToText(
- sock, true /* remote */, p.remote_txt, sizeof(p.remote_txt), &p.remote_addr);
+ p.remote_txt = net::connToText(sock, /* remote= */ true, &p.remote_addr);
char fname[PATH_MAX];
snprintf(fname, sizeof(fname), "/proc/%d/syscall", (int)pid);
nsjconf->pids.push_back(p);
LOG_D("Added pid '%d' with start time '%u' to the queue for IP: '%s'", p.pid,
- (unsigned int)p.start, p.remote_txt);
+ (unsigned int)p.start, p.remote_txt.c_str());
}
static void removeProc(nsjconf_t* nsjconf, pid_t pid) {
for (auto p = nsjconf->pids.begin(); p != nsjconf->pids.end(); ++p) {
if (p->pid == pid) {
LOG_D("Removing pid '%d' from the queue (IP:'%s', start time:'%s')", p->pid,
- p->remote_txt, util::timeToStr(p->start).c_str());
+ p->remote_txt.c_str(), util::timeToStr(p->start).c_str());
close(p->pid_syscall_fd);
nsjconf->pids.erase(p);
return;
time_t diff = now - pid.start;
time_t left = nsjconf->tlimit ? nsjconf->tlimit - diff : 0;
LOG_I("PID: %d, Remote host: %s, Run time: %ld sec. (time left: %ld sec.)", pid.pid,
- pid.remote_txt, (long)diff, (long)left);
+ pid.remote_txt.c_str(), (long)diff, (long)left);
}
}
if (wait4(si.si_pid, &status, WNOHANG, NULL) == si.si_pid) {
cgroup::finishFromParent(nsjconf, si.si_pid);
- const char* remote_txt = "[UNKNOWN]";
+ std::string remote_txt = "[UNKNOWN]";
const pids_t* elem = getPidElem(nsjconf, si.si_pid);
if (elem) {
remote_txt = elem->remote_txt;
if (WIFEXITED(status)) {
LOG_I("PID: %d (%s) exited with status: %d, (PIDs left: %d)",
- si.si_pid, remote_txt, WEXITSTATUS(status),
+ si.si_pid, remote_txt.c_str(), WEXITSTATUS(status),
countProc(nsjconf) - 1);
removeProc(nsjconf, si.si_pid);
rv = WEXITSTATUS(status) % 100;
if (WIFSIGNALED(status)) {
LOG_I(
"PID: %d (%s) terminated with signal: %s (%d), (PIDs left: %d)",
- si.si_pid, remote_txt, util::sigName(WTERMSIG(status)).c_str(),
+ si.si_pid, remote_txt.c_str(), util::sigName(WTERMSIG(status)).c_str(),
WTERMSIG(status), countProc(nsjconf) - 1);
removeProc(nsjconf, si.si_pid);
rv = 100 + WTERMSIG(status);
time_t diff = now - p.start;
if (diff >= nsjconf->tlimit) {
LOG_I("PID: %d run time >= time limit (%ld >= %ld) (%s). Killing it", pid,
- (long)diff, (long)nsjconf->tlimit, p.remote_txt);
+ (long)diff, (long)nsjconf->tlimit, p.remote_txt.c_str());
/*
* Probably a kernel bug - some processes cannot be killed with KILL if
* they're namespaced, and in a stopped state
}
close(parent_fd);
- char cs_addr[64];
- net::connToText(fd_in, true /* remote */, cs_addr, sizeof(cs_addr), NULL);
}
/*
projects / platform / upstream / nsjail.git / commitdiff