Archives
/
lokinet
mirror of https://github.com/oxen-io/lokinet
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove dead code: netns, shell hooks

Browse Source 
These haven't been activated in a long time and aren't worth
resuscitating.
pull/1941/head
Jason Rhinelander 2 years ago
parent 2e0822889a
commit 4a4f16e5c8
No known key found for this signature in database
GPG Key ID: C4992CE7A88D4262
12 changed files with 1 additions and 618 deletions
Show Stats Download Patch File Download Diff File

23
CMakeLists.txt
Unescape Escape View File

@ -56,9 +56,7 @@ option(XSAN "use sanitiser, if your system has it (requires -DCMAKE_BUILD_TYPE=D
option(USE_JEMALLOC "Link to jemalloc for memory allocations, if found" ON)
option(TESTNET "testnet build" OFF)
option(WITH_COVERAGE "generate coverage data" OFF)
option(USE_SHELLHOOKS "enable shell hooks on compile time (dangerous)" OFF)
option(WARNINGS_AS_ERRORS "treat all warnings as errors. turn off for development, on for release" OFF)
option(TRACY_ROOT "include tracy profiler source" OFF)
option(WITH_TESTS "build unit tests" OFF)
option(WITH_HIVE "build simulation stubs" OFF)
option(BUILD_PACKAGE "builds extra components for making an installer (with 'make package')" OFF)
@ -107,8 +105,6 @@ if (STATIC_LINK)
message(STATUS "setting static library suffix search")
endif()
add_definitions(-D${CMAKE_SYSTEM_NAME})
include(cmake/solaris.cmake)
include(cmake/win32.cmake)
@ -198,15 +194,6 @@ if(CMAKE_BUILD_TYPE MATCHES "[Dd][Ee][Bb][Uu][Gg]")
add_definitions(-DLOKINET_DEBUG=1)
endif()
if(WITH_SHELLHOOKS)
add_definitions(-DENABLE_SHELLHOOKS)
endif()
if(TRACY_ROOT)
include_directories(${TRACY_ROOT})
add_definitions(-DTRACY_ENABLE)
endif()
include(cmake/coverage.cmake)
@ -236,12 +223,6 @@ set(CMAKE_THREAD_PREFER_PTHREAD TRUE)
set(THREADS_PREFER_PTHREAD_FLAG TRUE)
find_package(Threads REQUIRED)
if(USE_NETNS)
add_definitions(-DNETNS=1)
else()
add_definitions(-DNETNS=0)
endif()
if(TESTNET)
add_definitions(-DTESTNET=1)
# 5 times slower than realtime
@ -306,10 +287,6 @@ if(ANDROID)
set(ANDROID_PLATFORM_SRC android/ifaddrs.c)
endif()
if(TRACY_ROOT)
target_link_libraries(base_libs INTERFACE dl)
endif()
if(WITH_HIVE)
add_definitions(-DLOKINET_HIVE=1)
endif()

3
llarp/CMakeLists.txt
Unescape Escape View File

@ -66,8 +66,6 @@ if (ANDROID)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
target_sources(lokinet-platform PRIVATE linux/netns.cpp)
if(NON_PC_TARGET)
add_import_library(rt)
target_link_libraries(lokinet-platform PUBLIC rt)
@ -139,7 +137,6 @@ add_library(liblokinet
exit/session.cpp
handlers/exit.cpp
handlers/tun.cpp
hook/shell.cpp
iwp/iwp.cpp
iwp/linklayer.cpp
iwp/message_buffer.cpp

4
llarp/handlers/tun.cpp
Unescape Escape View File

@ -953,10 +953,6 @@ namespace llarp
m_LocalResolverAddr.createSockAddr(),
false /* just .loki/.snode DNS initially */);
if (m_OnUp)
{
m_OnUp->NotifyAsync(NotifyParams());
}
return HasAddress(ourAddr);
}

30
llarp/hook/ihook.hpp
Unescape Escape View File

@ -1,30 +0,0 @@
#pragma once
#include <string>
#include <unordered_map>
#include <memory>
namespace llarp
{
namespace hooks
{
/// base type for event hook handlers
struct IBackend
{
virtual ~IBackend() = 0;
virtual void
NotifyAsync(std::unordered_map<std::string, std::string> params) = 0;
/// start backend
virtual bool
Start() = 0;
/// stop backend
virtual bool
Stop() = 0;
};
using Backend_ptr = std::shared_ptr<IBackend>;
inline IBackend::~IBackend() = default;
} // namespace hooks
} // namespace llarp

157
llarp/hook/shell.cpp
Unescape Escape View File

@ -1,157 +0,0 @@
#include "shell.hpp"
#if defined(ENABLE_SHELLHOOKS)
#include <util/thread_pool.hpp>
#include <util/logger.hpp>
#include <sys/wait.h>
#include <unistd.h>
#if !defined(__linux__) || !defined(_GNU_SOURCE)
// Not all systems declare this variable
extern char** environ;
#endif
#if defined(Darwin)
#include <crt_externs.h>
#endif
#endif
namespace llarp
{
namespace hooks
{
#if defined(ENABLE_SHELLHOOKS)
struct ExecShellHookBackend : public IBackend,
public std::enable_shared_from_this<ExecShellHookBackend>
{
thread::ThreadPool m_ThreadPool;
std::vector<std::string> _args;
std::vector<char*> args;
ExecShellHookBackend(std::string script) : m_ThreadPool(1, 1000, "exechook")
{
do
{
const auto idx = script.find_first_of(' ');
std::string sub;
if (idx == std::string::npos)
sub = script;
else
sub = script.substr(0, idx);
_args.emplace_back(std::move(sub));
args.push_back((char*)_args.back().c_str());
script = script.substr(idx + 1);
} while (script.find_first_of(' ') != std::string::npos);
args.push_back(nullptr);
LogInfo("make hook ", args.size());
}
~ExecShellHookBackend()
{
m_ThreadPool.shutdown();
}
bool
Start() override
{
m_ThreadPool.start();
return true;
}
bool
Stop() override
{
m_ThreadPool.stop();
return true;
}
char*
Exe() const
{
return args[0];
}
char* const*
Args() const
{
return args.data();
}
void
NotifyAsync(std::unordered_map<std::string, std::string> params) override;
};
struct ExecShellHookJob
{
std::vector<std::string> m_env;
std::vector<char*> _m_env;
std::shared_ptr<ExecShellHookBackend> m_Parent;
ExecShellHookJob(
std::shared_ptr<ExecShellHookBackend> b,
const std::unordered_map<std::string, std::string> env)
: m_Parent(b)
{
#if defined(Darwin)
char** ptr = *_NSGetEnviron();
#else
char** ptr = environ;
#endif
do
{
m_env.emplace_back(*ptr);
++ptr;
} while (ptr && *ptr);
for (const auto& item : env)
m_env.emplace_back(item.first + "=" + item.second);
for (const auto& item : m_env)
_m_env.push_back((char*)item.c_str());
_m_env.push_back(nullptr);
}
char* const*
Env()
{
return _m_env.data();
}
void
Exec()
{
std::thread t([&]() {
int result = 0;
const pid_t child = ::fork();
if (child == -1)
return;
if (child)
::waitpid(child, &result, 0);
else
::execve(m_Parent->Exe(), m_Parent->Args(), Env());
});
t.join();
}
};
void
ExecShellHookBackend::NotifyAsync(std::unordered_map<std::string, std::string> params)
{
auto job = std::make_shared<ExecShellHookJob>(shared_from_this(), std::move(params));
m_ThreadPool.addJob([job = std::move(job)] { job->Exec(); });
}
Backend_ptr
ExecShellBackend(std::string execFilePath)
{
Backend_ptr ptr = std::make_shared<ExecShellHookBackend>(execFilePath);
if (!ptr->Start())
return nullptr;
return ptr;
}
#else
Backend_ptr ExecShellBackend(std::string)
{
return nullptr;
}
#endif
} // namespace hooks
} // namespace llarp

13
llarp/hook/shell.hpp
Unescape Escape View File

@ -1,13 +0,0 @@
#pragma once
#include "ihook.hpp"
namespace llarp
{
namespace hooks
{
/// exec file based hook notifier
Backend_ptr
ExecShellBackend(std::string execFilePath);
} // namespace hooks
} // namespace llarp

319
llarp/linux/netns.cpp
Unescape Escape View File

@ -1,319 +0,0 @@
#if defined(ANDROID) || NETNS == 0
#else
#include <asm/types.h>
#include <fcntl.h>
#include <limits.h>
#include <sys/capability.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/statvfs.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <cstdlib>
#include <cstring>
#include <fstream>
#include "netns.hpp"
#include <util/logger.hpp>
#ifndef MS_REC
#define MS_REC (16384)
#endif
#include <llarp/util/fs.hpp>
namespace llarp
{
namespace GNULinux
{
static const char netns_rundir[] = "/var/run/netns";
static const char netns_etcdir[] = "/etc/netns";
static bool
GetCGroups2MountPoint(fs::path& cgroups2_mount)
{
std::string mountpoint;
std::ifstream inf;
inf.open("/proc/mounts");
if (!inf.is_open())
{
llarp::LogError("failed to open /proc/mounts");
return false;
}
std::string line;
while (std::getline(inf, line))
{
std::string part;
std::stringstream parts;
parts.str(line);
// discard
std::getline(parts, part);
// mount point
std::getline(parts, part);
mountpoint = part;
// type
std::getline(parts, part);
if (part == "cgroup2")
{
// found cgroup2 mountpoint
cgroups2_mount = mountpoint;
return true;
}
}
llarp::LogError("cannot find cgroups2 in /proc/mounts");
return false;
}
static bool
GetNetNS(std::string& netns)
{
auto nfd = open("/proc/self/ns/net", O_RDONLY);
if (nfd < 0)
{
llarp::LogError("Failed to get our own netns, could not open /proc/self/ns/net");
return false;
}
struct stat netst;
if (::fstat(nfd, &netst) < 0)
{
close(nfd);
llarp::LogError("stat of netns failed: ", strerror(errno));
return false;
}
close(nfd);
fs::path run_dir = netns_rundir;
bool foundIt = false;
// find corrosponding file for netns
llarp::util::IterDir(run_dir, [&](const fs::path& f) -> bool {
struct stat fst;
if (::stat(f.string().c_str(), &fst) >= 0)
{
if (fst.st_dev == netst.st_dev && fst.st_ino == netst.st_ino)
{
// found it
foundIt = true;
netns = f.filename().string();
// break iteration
return false;
}
}
// continue iteration
return true;
});
return foundIt;
}
static bool
GetVRFPath(std::string& path)
{
char p[256] = {0};
snprintf(p, sizeof(p), "/proc/%d/cgroup", getpid());
std::ifstream inf;
inf.open(p);
if (!inf.is_open())
{
llarp::LogError("could not open '", p, "': ", strerror(errno));
return false;
}
path = "";
std::string line;
while (std::getline(inf, line))
{
auto pos = line.find("::/");
if (pos != std::string::npos)
{
line = line.substr(pos + 2);
pos = line.find("/vrf");
if (pos != std::string::npos)
{
path = line.substr(pos);
if (path == "/")
path = "";
}
break;
}
}
return true;
}
static bool
ResetVRF()
{
fs::path cgroups2_mount;
if (!GetCGroups2MountPoint(cgroups2_mount))
{
llarp::LogError("could not find cgroup2 mount point, is it mounted?");
return false;
}
std::string netns;
if (!GetNetNS(netns))
{
llarp::LogError("could not get our netns: ", strerror(errno));
return false;
}
std::string vrfpath;
if (!GetVRFPath(vrfpath))
{
llarp::LogError("could not determine vrf cgroup path: ", strerror(errno));
return false;
}
fs::path cgroup_path = cgroups2_mount / vrfpath / netns / "vrf" / "default";
std::error_code ec;
if (!fs::exists(cgroup_path, ec))
{
if (!fs::create_directories(cgroup_path, ec))
{
llarp::LogError("could not create '", cgroup_path.string(), "': ", ec);
return false;
}
}
else if (ec)
{
llarp::LogError("Could not check '", cgroup_path.string(), "': ", ec);
return false;
}
cgroup_path /= "cgroup.procs";
auto fd = open(cgroup_path.string().c_str(), O_RDWR | O_APPEND);
if (fd < 0)
{
llarp::LogError("could not open '", cgroup_path.string(), "': ", strerror(errno));
return false;
}
bool success = true;
std::string pid = std::to_string(getpid());
if (write(fd, pid.c_str(), pid.size()) < 0)
{
llarp::LogError("failed to join cgroup");
success = false;
}
close(fd);
return success;
}
/// bind network namespace paths into /etc/
static bool
BindNetworkNS(const char* name)
{
fs::path etc_dir = netns_etcdir;
etc_dir /= name;
std::error_code ec;
if (!fs::exists(etc_dir, ec))
{
errno = 0;
llarp::LogInfo(etc_dir, " does not exist, skipping");
return true;
}
bool didFail = false;
llarp::util::IterDir(etc_dir, [&](const fs::path& f) -> bool {
if (fs::is_regular_file(f))
{
fs::path netns_path = "/etc";
netns_path /= f.filename();
if (mount(f.string().c_str(), netns_path.string().c_str(), "none", MS_BIND, nullptr) < 0)
{
llarp::LogError(
"failed to bind '",
f.string(),
"' to '",
netns_path.string(),
"': ",
strerror(errno));
didFail = true;
}
}
// continue iteration
return true;
});
return !didFail;
}
static void
DropCap()
{
if (getuid() != 0 && geteuid() != 0)
{
cap_t capabilities;
cap_value_t net_admin = CAP_NET_ADMIN;
cap_flag_t inheritable = CAP_INHERITABLE;
cap_flag_value_t is_set;
capabilities = cap_get_proc();
if (!capabilities)
exit(EXIT_FAILURE);
if (cap_get_flag(capabilities, net_admin, inheritable, &is_set) != 0)
exit(EXIT_FAILURE);
if (is_set == CAP_CLEAR)
{
if (cap_clear(capabilities) != 0)
exit(EXIT_FAILURE);
if (cap_set_proc(capabilities) != 0)
exit(EXIT_FAILURE);
}
cap_free(capabilities);
}
}
bool
NetNSSwitch(const char* name)
{
fs::path netns_path = netns_rundir;
netns_path /= name;
auto nsfd = open(netns_path.string().c_str(), O_RDONLY | O_CLOEXEC);
if (nsfd < 0)
{
llarp::LogError("Failed to open network namespace '", name, "': ", strerror(errno));
return false;
}
if (setns(nsfd, CLONE_NEWNET) < 0)
{
llarp::LogError("Failed to enter network namespace '", name, "': ", strerror(errno));
close(nsfd);
return false;
}
close(nsfd);
if (unshare(CLONE_NEWNS) < 0)
{
llarp::LogError("unshare failed: ", strerror(errno));
return false;
}
// dont let any mount points prop back to parent
// iproute2 source does this
if (mount("", "/", "none", MS_SLAVE | MS_REC, nullptr))
{
llarp::LogError("mount --make-rslave failed: ", strerror(errno));
return false;
}
unsigned long mountflags = 0;
// ensaure /sys not mounted
if (umount2("/sys", MNT_DETACH) < 0)
{
struct statvfs fsstat;
if (statvfs("/sys", &fsstat) == 0)
{
if (fsstat.f_flag & ST_RDONLY)
mountflags = MS_RDONLY;
}
}
// mount sysfs for our namespace
if (mount(name, "/sys", "sysfs", mountflags, nullptr) < 0)
{
llarp::LogError("failed to mount sysfs: ", strerror(errno));
return false;
}
if (!BindNetworkNS(name))
{
llarp::LogError("failed to bind namespace directories");
return false;
}
if (!ResetVRF())
{
llarp::LogError("failed to reset vrf");
return false;
}
DropCap();
return true;
}
} // namespace GNULinux
} // namespace llarp
#endif

15
llarp/linux/netns.hpp
Unescape Escape View File

@ -1,15 +0,0 @@
#pragma once
#ifdef __linux__
namespace llarp
{
namespace GNULinux
{
/// switch current process to use network namepsace by name
/// returns true if successfully switched otherwise returns false
bool
NetNSSwitch(const char* name);
} // namespace GNULinux
} // namespace llarp
#else
#error "Don't include this file"
#endif

16
llarp/service/endpoint.cpp
Unescape Escape View File

@ -27,7 +27,6 @@
#include <llarp/util/str.hpp>
#include <llarp/util/buffer.hpp>
#include <llarp/util/meta/memfn.hpp>
#include <llarp/hook/shell.hpp>
#include <llarp/link/link_manager.hpp>
#include <llarp/tooling/dht_event.hpp>
#include <llarp/quic/tunnel.hpp>
@ -341,8 +340,6 @@ namespace llarp
EndpointUtil::StopRemoteSessions(m_state->m_RemoteSessions);
// stop snode sessions
EndpointUtil::StopSnodeSessions(m_state->m_SNodeSessions);
if (m_OnDown)
m_OnDown->NotifyAsync(NotifyParams());
return path::Builder::Stop();
}
@ -590,16 +587,6 @@ namespace llarp
return true;
}
Endpoint::~Endpoint()
{
if (m_OnUp)
m_OnUp->Stop();
if (m_OnDown)
m_OnDown->Stop();
if (m_OnReady)
m_OnReady->Stop();
}
bool
Endpoint::PublishIntroSet(const EncryptedIntroSet& introset, AbstractRouter* r)
{
@ -762,9 +749,6 @@ namespace llarp
LogDebug(Name(), " Additional IntroSet publish confirmed");
m_state->m_LastPublish = now;
if (m_OnReady)
m_OnReady->NotifyAsync(NotifyParams());
m_OnReady = nullptr;
}
std::optional<std::vector<RouterContact>>

6
llarp/service/endpoint.hpp
Unescape Escape View File

@ -7,6 +7,7 @@
#include <llarp/path/path.hpp>
#include <llarp/path/pathbuilder.hpp>
#include "address.hpp"
#include "endpoint_state.hpp"
#include "handler.hpp"
#include "identity.hpp"
#include "pendingbuffer.hpp"
@ -15,7 +16,6 @@
#include "service/protocol_type.hpp"
#include "session.hpp"
#include "lookup.hpp"
#include <llarp/hook/ihook.hpp>
#include <llarp/util/compare_ptr.hpp>
#include <optional>
#include <unordered_map>
@ -62,7 +62,6 @@ namespace llarp
public EndpointBase
{
Endpoint(AbstractRouter* r, Context* parent);
~Endpoint() override;
/// return true if we are ready to recv packets from the void
bool
@ -516,9 +515,6 @@ namespace llarp
IDataHandler* m_DataHandler = nullptr;
Identity m_Identity;
net::IPRangeMap<service::Address> m_ExitMap;
hooks::Backend_ptr m_OnUp;
hooks::Backend_ptr m_OnDown;
hooks::Backend_ptr m_OnReady;
bool m_PublishIntroSet = true;
std::unique_ptr<EndpointState> m_state;
std::shared_ptr<IAuthPolicy> m_AuthPolicy;

28
llarp/service/endpoint_state.cpp
Unescape Escape View File

@ -1,7 +1,6 @@
#include "endpoint_state.hpp"
#include <llarp/exit/session.hpp>
#include <llarp/hook/shell.hpp>
#include "endpoint.hpp"
#include "outbound_context.hpp"
#include <llarp/util/str.hpp>
@ -23,33 +22,6 @@ namespace llarp
m_IntroSet.SRVs.push_back(record.toTuple());
}
// TODO:
/*
if (k == "on-up")
{
m_OnUp = hooks::ExecShellBackend(v);
if (m_OnUp)
LogInfo(name, " added on up script: ", v);
else
LogError(name, " failed to add on up script");
}
if (k == "on-down")
{
m_OnDown = hooks::ExecShellBackend(v);
if (m_OnDown)
LogInfo(name, " added on down script: ", v);
else
LogError(name, " failed to add on down script");
}
if (k == "on-ready")
{
m_OnReady = hooks::ExecShellBackend(v);
if (m_OnReady)
LogInfo(name, " added on ready script: ", v);
else
LogError(name, " failed to add on ready script");
}
*/
return true;
}

5
llarp/service/endpoint_state.hpp
Unescape Escape View File

@ -1,6 +1,5 @@
#pragma once
#include <llarp/hook/ihook.hpp>
#include <llarp/router_id.hpp>
#include "address.hpp"
#include "pendingbuffer.hpp"
@ -25,10 +24,6 @@ namespace llarp
{
struct EndpointState
{
hooks::Backend_ptr m_OnUp;
hooks::Backend_ptr m_OnDown;
hooks::Backend_ptr m_OnReady;
std::set<RouterID> m_SnodeBlacklist;
AbstractRouter* m_Router;

Write Preview
Loading…
Cancel
Save