cmhi
/
f-stack
mirror of https://github.com/F-Stack/f-stack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #214 from chadwill/master 

Nginx: fixbug, hijack `getpeername` and `getsockname`.
This commit is contained in:
logwang 2018-05-28 12:03:07 +08:00 committed by GitHub
parent 964cd40470 46de49a1b5
commit e850874db3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
app/nginx-1.11.10/src/event/modules/ngx_ff_module.c
View File

@ -121,6 +121,9 @@ static int (*real_ioctl)(int, int, void *);
static int (*real_gettimeofday)(struct timeval *tv, struct timezone *tz); static int (*real_gettimeofday)(struct timeval *tv, struct timezone *tz);
static int (*real_getpeername)(int sockfd, struct sockaddr * name, socklen_t *namelen);
static int (*real_getsockname)(int s, struct sockaddr *name, socklen_t *namelen);
static __thread int inited; static __thread int inited;
#define SYSCALL(func) \ #define SYSCALL(func) \
@ -134,7 +137,7 @@ static __thread int inited;
extern intptr_t ngx_max_sockets; extern intptr_t ngx_max_sockets;
/*- /*-
* Make sockfd assigned by the fstack plus the value of maximum kernel socket. * Make sockfd assigned by the fstack plus the value of maximum kernel socket.
* so we can tell them apart according to different scopes. * so we can tell them apart according to different scopes.
* Solve the condominium ownership at Application Layer and obtain more freedom. * Solve the condominium ownership at Application Layer and obtain more freedom.
* fstack tried to do this by 'fd_reserve', unfortunately, it doesn't work well. * fstack tried to do this by 'fd_reserve', unfortunately, it doesn't work well.
@ -185,7 +188,7 @@ ff_mod_init(const char *conf, int proc_id, int proc_type) {
if (rc == 0) { if (rc == 0) {
/* Ensure that the socket we converted /* Ensure that the socket we converted
does not exceed the maximum value of 'int' */ does not exceed the maximum value of 'int' */
if(ngx_max_sockets + (unsigned)ff_getmaxfd() > INT_MAX) if(ngx_max_sockets + (unsigned)ff_getmaxfd() > INT_MAX)
{ {
rc = -1; rc = -1;
@ -269,6 +272,32 @@ connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
return SYSCALL(connect)(sockfd, addr, addrlen); return SYSCALL(connect)(sockfd, addr, addrlen);
} }
int
getpeername(int sockfd, struct sockaddr * name,
socklen_t *namelen)
{
if(is_fstack_fd(sockfd)){
sockfd = restore_fstack_fd(sockfd);
return ff_getpeername(sockfd,
(struct linux_sockaddr *)name, namelen);
}
return SYSCALL(getpeername)(sockfd, name, namelen);
}
int
getsockname(int sockfd, struct sockaddr *name,
socklen_t *namelen)
{
if(is_fstack_fd(sockfd)){
sockfd = restore_fstack_fd(sockfd);
return ff_getsockname(sockfd,
(struct linux_sockaddr *)name, namelen);
}
return SYSCALL(getsockname)(sockfd, name, namelen);
}
ssize_t ssize_t
send(int sockfd, const void *buf, size_t len, int flags) send(int sockfd, const void *buf, size_t len, int flags)
{ {
@ -477,7 +506,7 @@ kqueue(void)
} }
int int
kevent(int kq, const struct kevent *changelist, int nchanges, kevent(int kq, const struct kevent *changelist, int nchanges,
struct kevent *eventlist, int nevents, const struct timespec *timeout) struct kevent *eventlist, int nevents, const struct timespec *timeout)
{ {
struct kevent *kev; struct kevent *kev;