Develop Reference

How to block and open Clients with Semaphore? Semaphore problem

I have a multiclient Server Socket and I want to block the acces for other Clients, when sending "BEG" to the Server. To open the other Clients again, the Client has to send "END" to the Server. While other Clients are blocked off, they only can use "quit" to exit the Server and if they use conditions() they fall asleep.
So other Clients are blocked for the function conditions() if one process used "BEG", but the process himself has still acces to the function.
If I compile my Code, the Server is running, everything is fine but the Mutexe doesn't work.
The Code is going into the if statement of "BEG" and the Mutex should be locked, but other Clients aren't blocked off.
If I connect a second Client, the Client gets kicked if I use conditions().
My question is, why does the mutex not work for other Clients or in generell? How to check if the Mutex is working?
Edit:
Now my Semaphore doesn't block other processes
Edit 2: I found a way, not the best but one. Now some clients are getting kicked from the Server after using one condition().
main.c:
int state = 0;
int beg() {
state = 1;
return 0;
}
int end() {
state = 0;
return 0;
}
int main() {
int pid, t;
char *eingabe, *inputBuffer[BUFSIZE];
char delimiter[] = "\n ";
int rfd = erstelleSocket();
int cfd;
semaphor semID1 = semGET();
semaphor semID2 = semGET2();
marker[0] = 1;
t = semctl(semID1, 1, SETALL, marker);
if (t == -1) {
fprintf(stderr, "Error with marker\n");
}
t = semctl(semID2, 1, SETALL, marker);
if (t == -1) {
fprintf(stderr, "Error with marker\n");
}
while(1){
cfd = accept(rfd, (struct sockaddr *) &client, &client_len);
if (cfd < 0) {
close(cfd);
fprintf(stderr, "connection failed\n");
break;
}
pid = fork();
if (pid < 0) {
fprintf(stderr, "Error in new process creation\n");
}
if (pid == 0) {
bzero(input, sizeof(input));
bytes_read = read(cfd, input, BUFSIZE);
strncat(input, " ", strlen(" "));
input[strcspn(input, "\r\n")] = 0;
while (bytes_read > 0) {
eingabe = strtok(input, delimiter);
int i = 0;
while (eingabe != NULL) {
inputBuffer[i++] = eingabe;
eingabe = strtok(NULL, delimiter);
}
if (strncmp("quit", inputBuffer[0], 4) == 0) {
close(cfd);
break;
}
if (state != 1) {
down(semID2, 0); //down is a function with semop()
}
down(semID1, 0);
conditions(inputBuffer[0],
inputBuffer[1],
inputBuffer[2],
cfd, semID1, shmID);
up(semID1, 0);
if (state != 1) {
up(semID2, 0); //up is a function with semop()
}
bzero(input, sizeof(input));
bytes_read = read(cfd, input, BUFSIZE);
strncat(input, " ", strlen(" "));
input[strcspn(input, "\r\n")] = 0;
close(rfd);
}
}
close(cfd);
}
close(rfd);
}
my condition function:
void conditions(char *eingabehalter1,
char *eingabehalter2,
char *eingabehalter3,
int cfd, int shmID) {
if (strncmp("PUT", eingabehalter1, 3) == 0) {
put(eingabehalter2, eingabehalter3, cfd, shmID);
} else if (strncmp("GET", eingabehalter1, 3) == 0) {
get(eingabehalter2, cfd, shmID);
} else if (strncmp("DEL", eingabehalter1, 3) == 0) {
del(eingabehalter2, cfd, shmID);
} else if (strncmp("BEG", eingabehalter1, 3) == 0) {
beg();
} else if (strncmp("END", eingabehalter1, 3) == 0) {
end();
} else {
write(cfd, "cmd_nonexistent\n", strlen("cmd_nonexistent\n"));
}
}
createSocket.c:
int rfd; // Rendevouz-Descriptor
rfd = socket(AF_INET, SOCK_STREAM, 0);
int option = 1;
setsockopt(rfd,SOL_SOCKET, SO_REUSEADDR, (const void *) &option, sizeof(int));
server.sin_family = AF_INET;
server.sin_addr.s_addr = INADDR_ANY;
server.sin_port = htons(PORT);
int brt = bind(rfd, (struct sockaddr *) &server, sizeof(server));
int lrt = listen(rfd, 5);
return rfd;
}
main.h:
#include "shmmemory.h"
#include "semaphoren.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
#include <unistd.h>
#include <netinet/in.h>
#define PORT 5678
struct sockaddr_in server;
struct sockaddr_in client;
socklen_t client_len;
char input[BUFSIZE];
int bytes_read;
int erstelleSocket();
void conditions(char *eingabehalter1,
char *eingabehalter2,
char *eingabehalter3,
int cfd, int shmID);
int beg();
int end();
unsigned short marker[2];

Your approach cannot work because you're trying to combine fork with threads. fork creates a copy of the parent's address space for each child process, which means that each child process has its own copy of the mutex object. Process-shared mutexes are possible in POSIX, with special attributes, but I suspect even those don't work with fork; they have to be placed in shared memory.
Have you considered creating threads with pthread_create for the service loop? Or else you can implement this entirely using fork (no pthread material). The children can use POSIX named semaphores (sem_open, et al) or possibly, dare I say it, System V IPC.
Also, don't use strtok in multithreaded code, and clearing memory to zero was standardized in 1989's ANSI C as memset(pointer, 0, size). Since that was 31 years ago, it's okay to lay bzero to rest.

The way you initialize the semaphores is wrong for your use case. From the man page of sem_init():
#include <semaphore.h>
int sem_init(sem_t *sem, int pshared, unsigned int value);
If pshared has the value 0, then the semaphore is shared between the
threads of a process, and should be located at some address that is
visible to all threads (e.g., a global variable, or a variable
allocated dynamically on the heap).
If pshared is nonzero, then the semaphore is shared between
processes, and should be located in a region of shared memory
Based on the above explanations from the man page, the things you need change are:
Semaphore declaration
Since you are using semaphores between processes, you need to declare the variable as shared. You can do that via mmap() to create unnamed UNIX semaphore as follows:
sem_t* sem_var = mmap(NULL, sizeof(sem_t), PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0)
if (sem_var == MAP_FAILED) // Shared memory creation failed.
goto handle_shm_fail;
Semaphore initialization
Since you are using POSIX semaphores, to make your child use the same semaphores, pshared is set to 1 indicating semaphore is shared between processes.
if (sem_init(sem_var, 1, 1) != 0) // Semaphore initialization failed.
goto handle_sem_fail;
NOTE: In your code sem_var is of type sem_t, now it is a pointer to sem_t. Accordingly, you need to update your code.

How to programmatically get PID of process connecting to my proxy via AF_INET sockets, on the same machine?

I am writing a small http proxy server(in C) on a linux machine, Ubuntu 18.04.1 to be specific, and I've been trying to find a way to get the pid of the process that is connecting to it.
It might be of use to mention that the proxy is intended to proxy connections only for processes running on the same machine, so I guess this should make this task possible.
The server uses AF_INET family sockets along with read/write operations in order to do it's job; I am mentioning this because after some research I did encounter threads about "ancillary data",for example: Is there a way to get the uid of the other end of a unix socket connection
Ancillary data contain credentials of the connecting socket(such as PID), but only work on AF_UNIX sockets, used for local IPC, and requires us to explicitly send/receive it on both sides(client/server). In my case, although, as I mentioned, the server will only proxy traffic on the same machine as the server, I need to use AF_INET sockets, so everyone(e.g. web browser) is able to connect to it.
Performance is not so critical; so any suggestions(including workarounds using system calls etc.) are very welcome.

We can use netstat -nptW output to see which local processes' TCP connections. As the output may be security sensitive, superuser privileges are required to see processes belonging to all users.
Since there is no reason to run a proxy service with elevated privileges (expect perhaps CAP_NET_BIND_SERVICE), a privileged helper program is needed.
I pondered a suitable security model for a bit, and came to the conclusion that a helper which examines the connected socket given to it (as say standard input), and outputs just the peer PID(s), would be safest: it would be extremely hard to misuse it, and even if possible, only the peer process ID is revealed.
Here is the example helper, tcp-peer-pids.c:
#define _POSIX_C_SOURCE 200809L
#define _GNU_SOURCE
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
#define EXITCODE_OK 0
#define EXITCODE_STDIN_INVALID 1
#define EXITCODE_UNKNOWN_ADDRESS 2
#define EXITCODE_NETSTAT 3
#define EXITCODE_NETSTAT_OUTPUT 4
#define EXITCODE_WRITE_ERROR 5
#define EXITCODE_PRIVILEGES 6
static pid_t *pids = NULL;
static size_t num_pids = 0;
static size_t max_pids = 0;
static int add_pid(const pid_t p)
{
size_t i;
/* Check if already listed. */
for (i = 0; i < num_pids; i++)
if (pids[i] == p)
return 0;
/* Ensure enough room in pids array. */
if (num_pids >= max_pids) {
const size_t max_temp = (num_pids | 1023) + 1025 - 8;
pid_t *temp;
temp = realloc(pids, max_temp * sizeof pids[0]);
if (!temp)
return ENOMEM;
pids = temp;
max_pids = max_temp;
}
pids[num_pids++] = p;
return 0;
}
int main(void)
{
struct sockaddr_storage sock_addr;
socklen_t sock_addrlen = sizeof sock_addr;
char sock_match[128], sock_host[64], sock_port[32];
struct sockaddr_storage peer_addr;
socklen_t peer_addrlen = sizeof peer_addr;
char peer_match[128], peer_host[64], peer_port[32];
FILE *cmd;
char *line = NULL;
size_t size = 0;
ssize_t len;
int status;
/* Socket address is *remote*, and peer address is *local*.
This is because the variables are named after their matching netstat lines. */
if (getsockname(STDIN_FILENO, (struct sockaddr *)&sock_addr, &sock_addrlen) == -1) {
fprintf(stderr, "Standard input is not a valid socket.\n");
exit(EXITCODE_STDIN_INVALID);
}
if (getpeername(STDIN_FILENO, (struct sockaddr *)&peer_addr, &peer_addrlen) == -1) {
fprintf(stderr, "Standard input is not a connected socket.\n");
exit(EXITCODE_STDIN_INVALID);
}
if ((sock_addr.ss_family != AF_INET && sock_addr.ss_family != AF_INET6) ||
(peer_addr.ss_family != AF_INET && peer_addr.ss_family != AF_INET6)) {
fprintf(stderr, "Standard input is not an IP socket.\n");
exit(EXITCODE_STDIN_INVALID);
}
/* For security, we close the standard input descriptor, */
close(STDIN_FILENO);
/* and redirect it from /dev/null, if possible. */
{
int fd = open("/dev/null", O_RDONLY);
if (fd != -1 && fd != STDIN_FILENO) {
dup2(fd, STDIN_FILENO);
close(fd);
}
}
/* Convert sockets to numerical host and port strings. */
if (getnameinfo((const struct sockaddr *)&sock_addr, sock_addrlen,
sock_host, sizeof sock_host, sock_port, sizeof sock_port,
NI_NUMERICHOST | NI_NUMERICSERV)) {
fprintf(stderr, "Unknown socket address.\n");
exit(EXITCODE_UNKNOWN_ADDRESS);
}
if (getnameinfo((const struct sockaddr *)&peer_addr, peer_addrlen,
peer_host, sizeof peer_host, peer_port, sizeof peer_port,
NI_NUMERICHOST | NI_NUMERICSERV)) {
fprintf(stderr, "Unknown peer address.\n");
exit(EXITCODE_UNKNOWN_ADDRESS);
}
/* Combine to the host:port format netstat uses. */
snprintf(sock_match, sizeof sock_match, "%s:%s", sock_host, sock_port);
snprintf(peer_match, sizeof peer_match, "%s:%s", peer_host, peer_port);
/* Switch to privileged user, if installed as setuid. */
{
uid_t real_uid = getuid();
gid_t real_gid = getgid();
uid_t effective_uid = geteuid();
gid_t effective_gid = getegid();
if (real_gid != effective_gid || real_uid != effective_uid) {
/* SetUID or SetGID in effect. Switch privileges. */
if (setresgid(effective_gid, effective_gid, effective_gid) == -1 ||
setresuid(effective_uid, effective_uid, effective_uid) == -1) {
fprintf(stderr, "Error in privileges: %s.\n", strerror(errno));
exit(EXITCODE_PRIVILEGES);
}
}
}
/* Run netstat to obtain the data; redirect standard error to standard output. */
cmd = popen("LANG=C LC_ALL=C /bin/netstat -nptW 2>&1", "r");
if (!cmd) {
fprintf(stderr, "Cannot run netstat.\n");
exit(EXITCODE_NETSTAT);
}
/* Input line loop. */
while (1) {
char *field[8], *ends;
long val;
pid_t p;
len = getline(&line, &size, cmd);
if (len < 1)
break;
/* Split each line into fields. */
field[0] = strtok(line, "\t\n\v\f\r "); /* Protocol */
/* We are only interested in tcp ("tcp" and "tcp6" protocols). */
if (strcmp(field[0], "tcp") && strcmp(field[0], "tcp6"))
continue;
field[1] = strtok(NULL, "\t\n\v\f\r "); /* Recv-Q */
field[2] = strtok(NULL, "\t\n\v\f\r "); /* Send-Q */
field[3] = strtok(NULL, "\t\n\v\f\r "); /* Local address (peer) */
field[4] = strtok(NULL, "\t\n\v\f\r "); /* Remote address (sock) */
field[5] = strtok(NULL, "\t\n\v\f\r "); /* State */
field[6] = strtok(NULL, "\t\n\v\f\r /"); /* PID */
field[7] = strtok(NULL, "\t\n\v\f\r "); /* Process name */
/* Local address must match peer_match, and foreign/remote sock_match. */
if (strcmp(field[3], peer_match) || strcmp(field[4], sock_match))
continue;
/* This line corresponds to the process we are looking for. */
/* Missing PID field is an error at this point. */
if (!field[6])
break;
/* Parse the PID. Parsing errors are fatal. */
ends = field[6];
errno = 0;
val = strtol(field[6], &ends, 10);
if (errno || ends == field[6] || *ends != '\0' || val < 1)
break;
p = (pid_t)val;
if ((long)p != val)
break;
/* Add the pid to the known pids list. */
if (add_pid(p))
break;
}
/* The line buffer is no longer needed. */
free(line);
/* I/O error? */
if (!feof(cmd) || ferror(cmd)) {
fprintf(stderr, "Error reading netstat output.\n");
exit(EXITCODE_NETSTAT_OUTPUT);
}
/* Reap the netstat process. */
status = pclose(cmd);
if (status == -1) {
fprintf(stderr, "Error reading netstat output: %s.\n", strerror(errno));
exit(EXITCODE_NETSTAT_OUTPUT);
}
if (!WIFEXITED(status)) {
fprintf(stderr, "Netstat died unexpectedly.\n");
exit(EXITCODE_NETSTAT_OUTPUT);
}
if (WEXITSTATUS(status)) {
fprintf(stderr, "Netstat failed with exit status %d.\n", WEXITSTATUS(status));
exit(EXITCODE_NETSTAT_OUTPUT);
}
/* Output the array of pids as binary data. */
if (num_pids > 0) {
const char *head = (const char *)pids;
const char *const ends = (const char *)(pids + num_pids);
ssize_t n;
while (head < ends) {
n = write(STDOUT_FILENO, head, (size_t)(ends - head));
if (n > 0)
head += n;
else
if (n != -1)
exit(EXITCODE_WRITE_ERROR);
else
if (errno != EINTR)
exit(EXITCODE_WRITE_ERROR);
}
}
/* Discard the pids array. */
free(pids);
exit(EXITCODE_OK);
}
It can be run using ordinary user privileges (in which case it'll only know about processes owned by that user), root privileges, or as setuid root.
If used with sudo, ensure you use rule proxyuser ALL = NOPASSWD: /path/to/helper, because sudo has no way of asking a password there. I would probably just install the helper as setuid root at /usr/lib/yourproxy/tcp-peer-pid, owner root, group your proxy service group, and no access to other users (root:proxygroup -r-sr-x---).
The helper is tightly coupled to netstat -nptW output format, but does explicitly set the C locale to avoid getting localized output.
The comparison address:port strings to match to "Local Address" and "Foreign Address" in netstat output are constructed from the addresses returned by getpeername() and getsockname(), respectively, using [getnameinfo()(http://man7.org/linux/man-pages/man3/getnameinfo.3.html) in numerical form (using NI_NUMERICHOST | NI_NUMERICSERV flags).
The helper provides the PIDs in binary form to the server, because the server code would have been too long to fit in a single post here otherwise.
Here is an example TCP service, server.c, which uses the above helper to find out the PID of the peer end of the socket on the local computer. (To avoid denial-of-service attacks, you should set an IP filter that rejects accesses to your proxy service port from outside the computer.)
#define _POSIX_C_SOURCE 200809L
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/select.h>
#include <sys/wait.h>
#include <fcntl.h>
#include <netdb.h>
#include <signal.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
#ifndef HELPER_PATH
#define HELPER_PATH "./tcp-peer-pids"
#endif
#ifndef HELPER_NAME
#define HELPER_NAME "tcp-peer-pids"
#endif
#ifndef SUDO_PATH
#define SUDO_PATH "/usr/bin/sudo"
#endif
#ifndef SUDO_NAME
#define SUDO_NAME "sudo"
#endif
/*
* Signal handler, to detect INT (Ctrl+C), HUP, and TERM signals.
*/
static volatile sig_atomic_t done = 0;
static void handle_done(int signum)
{
/* In Linux, all signals have signum > 0. */
__atomic_store_n(&done, (sig_atomic_t)signum, __ATOMIC_SEQ_CST);
}
static int install_done(int signum)
{
struct sigaction act;
memset(&act, 0, sizeof act);
sigemptyset(&act.sa_mask);
act.sa_flags = SA_RESTART; /* Do not interrupt slow syscalls. */
act.sa_handler = handle_done;
if (sigaction(signum, &act, NULL) == -1)
return -1; /* errno set by getpeername() */
return 0;
}
/* Helper function: Move descriptors away from STDIN/STDOUT/STDERR.
Returns 0 if successful, -1 with errno set if an error occurs. */
static inline int normalfds(int fd[], const size_t n)
{
unsigned int closemask = 0;
int err = 0;
size_t i;
int newfd;
for (i = 0; i < n; i++)
while (fd[i] == STDIN_FILENO || fd[i] == STDOUT_FILENO || fd[i] == STDERR_FILENO) {
newfd = dup(fd[i]);
if (newfd == -1) {
err = errno;
break;
}
closemask |= 1u << fd[i];
fd[i] = newfd;
}
/* Close temporary descriptors. */
if (closemask & (1u << STDIN_FILENO)) close(STDIN_FILENO);
if (closemask & (1u << STDOUT_FILENO)) close(STDOUT_FILENO);
if (closemask & (1u << STDERR_FILENO)) close(STDERR_FILENO);
/* Success? */
if (!err)
return 0;
/* Report error. */
errno = err;
return -1;
}
/* Return the number of peer processes.
If an error occurs, returns zero; examine errno. */
size_t peer_pids(const int connfd, pid_t *const pids, size_t maxpids)
{
char *in_data = NULL;
size_t in_size = 0;
size_t in_used = 0;
size_t n;
int binpipe[2], status;
pid_t child, p;
/* Sanity check. */
if (connfd == -1) {
errno = EBADF;
return 0;
}
/* Create a pipe to transfer the PIDs (in binary). */
if (pipe(binpipe) == -1)
return 0; /* errno set by pipe(). */
/* Make sure the binary pipe descriptors do not conflict with standard descriptors. */
if (normalfds(binpipe, 2) == -1) {
const int saved_errno = errno;
close(binpipe[0]);
close(binpipe[1]);
errno = saved_errno;
return 0;
}
/* Fork a child process. */
child = fork();
if (child == -1) {
const int saved_errno = errno;
close(binpipe[0]);
close(binpipe[1]);
errno = saved_errno;
return 0;
}
if (!child) {
/* This is the child process. */
#ifdef USE_SUDO
const char *cmd_path = SUDO_PATH;
char *const cmd_args[3] = { SUDO_NAME, HELPER_PATH, NULL };
#else
const char *cmd_path = HELPER_PATH;
char *const cmd_args[2] = { HELPER_NAME, NULL };
#endif
/* The child runs in its own process group, for easier management. */
setsid();
/* Close read end of pipe. */
close(binpipe[0]);
/* Move established connection to standard input. */
if (connfd != STDIN_FILENO) {
if (dup2(connfd, STDIN_FILENO) != STDIN_FILENO)
_Exit(99);
close(connfd);
}
/* Move write end of pipe to standard output. */
if (dup2(binpipe[1], STDOUT_FILENO) != STDOUT_FILENO)
_Exit(99);
else
close(binpipe[1]);
/* Execute helper. */
execv(cmd_path, cmd_args);
/* Failed to execute helper. */
_Exit(98);
}
/* Parent process. */
/* Close write end of pipe, so we detect when child exits. */
close(binpipe[1]);
/* Read all output from child. */
status = 0;
while (1) {
ssize_t bytes;
if (in_used >= in_size) {
const size_t size = (in_used | 1023) + 1025 - 8;
char *temp;
temp = realloc(in_data, in_size);
if (!temp) {
status = ENOMEM;
break;
}
in_data = temp;
in_size = size;
}
bytes = read(binpipe[0], in_data + in_used, in_size - in_used);
if (bytes > 0) {
in_used += bytes;
} else
if (bytes == 0) {
/* End of input condition. */
break;
} else
if (bytes != -1) {
status = EIO;
break;
} else
if (errno != EINTR) {
status = errno;
break;
}
}
/* Close the pipe. */
close(binpipe[0]);
/* Abort, if an error occurred. */
if (status) {
free(in_data);
kill(-child, SIGKILL);
do {
p = waitpid(child, NULL, 0);
} while (p == -1 && errno == EINTR);
errno = status;
return 0;
}
/* Reap the child process. */
do {
status = 0;
p = waitpid(child, &status, 0);
} while (p == -1 && errno == EINTR);
if (p == -1) {
const int saved_errno = errno;
free(in_data);
errno = saved_errno;
return 0;
}
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
free(in_data);
errno = ESRCH; /* The helper command failed, really. */
return 0;
}
/* We expect an integer number of pid_t's. Check. */
n = in_used / sizeof (pid_t);
if ((in_used % sizeof (pid_t)) != 0) {
free(in_data);
errno = EIO;
return 0;
}
/* None found? */
if (!n) {
free(in_data);
errno = ENOENT; /* Not found, really. */
return 0;
}
/* Be paranoid, and verify the pids look sane. */
{
const pid_t *const pid = (const pid_t *const)in_data;
size_t i;
for (i = 0; i < n; i++)
if (pid[i] < 2) {
free(in_data);
errno = ESRCH; /* Helper failed */
return 0;
}
}
/* Copy to user buffer, if specified. */
if (maxpids > n)
memcpy(pids, in_data, n * sizeof (pid_t));
else
if (maxpids > 0)
memcpy(pids, in_data, maxpids * sizeof (pid_t));
/* The pid buffer is no longer needed. */
free(in_data);
/* Return the number of pids we actually received. */
return n;
}
int main(int argc, char *argv[])
{
struct addrinfo hints, *list, *curr;
const char *node, *serv;
int service_fd, err;
struct sockaddr_storage client_addr;
socklen_t client_addrlen;
int client_fd;
if (argc != 3) {
fprintf(stderr, "\n");
fprintf(stderr, "Usage: %s [ -h | --help ]\n", argv[0]);
fprintf(stderr, " %s HOST PORT\n", argv[0]);
fprintf(stderr, "\n");
return EXIT_FAILURE;
}
/* Install signal handers for Ctrl+C, HUP, and TERM. */
if (install_done(SIGINT) ||
install_done(SIGHUP) ||
install_done(SIGTERM)) {
fprintf(stderr, "Cannot install signal handlers: %s.\n", strerror(errno));
return EXIT_FAILURE;
}
/* Empty or - or * is a wildcard host. */
if (argv[1][0] == '\0' || !strcmp(argv[1], "-") || !strcmp(argv[1], "*"))
node = NULL;
else
node = argv[1];
serv = argv[2];
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC; /* IPv4 or IPv6 */
hints.ai_socktype = SOCK_STREAM; /* TCP */
hints.ai_flags = AI_PASSIVE;
hints.ai_protocol = 0;
hints.ai_canonname = NULL;
hints.ai_addr = NULL;
hints.ai_next = NULL;
list = NULL;
err = getaddrinfo(node, serv, &hints, &list);
if (err) {
fprintf(stderr, "Invalid host and/or port: %s.\n", gai_strerror(err));
return EXIT_FAILURE;
}
service_fd = -1;
err = 0;
for (curr = list; curr != NULL; curr = curr->ai_next) {
service_fd = socket(curr->ai_family, curr->ai_socktype, curr->ai_protocol);
if (service_fd == -1)
continue;
errno = 0;
if (bind(service_fd, curr->ai_addr, curr->ai_addrlen) == -1) {
if (!err)
if (errno == EADDRINUSE || errno == EADDRNOTAVAIL || errno == EACCES)
err = errno;
close(service_fd);
service_fd = -1;
continue;
}
if (listen(service_fd, 5) == -1) {
if (!err)
if (errno == EADDRINUSE)
err = errno;
close(service_fd);
service_fd = -1;
continue;
}
/* This socket works. */
break;
}
freeaddrinfo(list);
list = curr = NULL;
if (service_fd == -1) {
if (err)
fprintf(stderr, "Cannot listen for incoming connections on the specified host and port: %s.\n", strerror(err));
else
fprintf(stderr, "Cannot listen for incoming connections on the specified host and port.\n");
return EXIT_FAILURE;
}
/* Do not leak the listening socket to child processes. */
fcntl(service_fd, F_SETFD, FD_CLOEXEC);
/* We also want the listening socket to be nonblocking. */
fcntl(service_fd, F_SETFL, O_NONBLOCK);
fprintf(stderr, "Process %ld is waiting for incoming TCP connections.\n", (long)getpid());
/* Incoming connection loop. */
while (!done) {
struct timeval t;
char client_host[64]; /* 64 for numeric, 1024 for non-numeric */
char client_port[32];
pid_t client_pid;
fd_set fds;
t.tv_sec = 0;
t.tv_usec = 100000; /* Max. 0.1s delay to react to done signal. */
FD_ZERO(&fds);
FD_SET(service_fd, &fds);
if (select(service_fd + 1, &fds, NULL, NULL, &t) < 1)
continue;
client_addrlen = sizeof client_addr;
client_fd = accept(service_fd, (struct sockaddr *)&client_addr, &client_addrlen);
if (client_fd == -1) {
if (errno == EINTR || errno == ECONNABORTED)
continue;
fprintf(stderr, "Error accepting an incoming connection: %s.\n", strerror(errno));
continue;
}
if (getnameinfo((const struct sockaddr *)&client_addr, client_addrlen,
client_host, sizeof client_host, client_port, sizeof client_port,
NI_NUMERICHOST | NI_NUMERICSERV) != 0) {
fprintf(stderr, "Cannot resolve peer address for incoming connection, so dropping it.\n");
close(client_fd);
continue;
}
printf("Incoming connection from %s:%s", client_host, client_port);
fflush(stdout);
if (peer_pids(client_fd, &client_pid, 1) != 1) {
printf(", but cannot determine process ID. Dropped.\n");
close(client_fd);
continue;
}
printf(" from local process %ld.\n", (long)client_pid);
fflush(stdout);
/*
* Handle connection.
*/
printf("Closing connection.\n");
fflush(stdout);
close(client_fd);
}
/* Close service socket. */
close(service_fd);
switch (__atomic_load_n(&done, __ATOMIC_SEQ_CST)) {
case SIGINT:
fprintf(stderr, "Received INT signal.\n");
break;
case SIGHUP:
fprintf(stderr, "Received HUP signal.\n");
break;
case SIGTERM:
fprintf(stderr, "Received TERM signal.\n");
break;
}
return EXIT_SUCCESS;
}
The peer_pids() function communicates with the helper process. It is very straightforward, albeit careful to not return unreliable data: instead of ignoring errors or trying to recover from them, it reports failure. This allows the main program do if (peer_pids(client_fd, &pid, 1) != 1) /* Don't know! */ and drop any connection the server is unsure of -- an approach I consider the sane one here.
The normalfds() helper function is often ignored. It helps avoid issues if any of the standard streams are/get closed. It simply moves the set of descriptors away from the three standard streams, using at most three extra descriptors.
You can define USE_SUDO at compile time to have it use sudo when executing the helper. Define HELPER_PATH and HELPER_NAME to the absolute path to the helper and its file name, respectively. (As it is now, they default to ./tcp-peer-pid and tcp-peer-pid, for easier testing.)
The server does install a signal handler for INT (Ctrl+C), HUP (sent when the user closes the terminal), or TERM signals, which all cause it to stop accepting new connections and exit in a controlled manner. (Because the signal handler is installed using SA_RESTART flag, its delivery will not interrupt slow syscalls or cause errno == EINTR. This also means that accept() should not block, or the signal delivery will not be noticed. So, blocking in select() for 0.1s, and checking if a signal was delivered in between, is a good compromise, at least in an example server.)
On my machine, I compiled and tested the service in one terminal window using
gcc -Wall -O2 tcp-peer-pids.c -o tcp-peer-pids
gcc -Wall -O2 "-DHELPER_PATH=\"$PWD/tcp-peer-pids\"" server.c -o server
./server - 2400
That will report Process # is waiting for incoming TCP connections. In another window, using Bash or POSIX shell, I run one or more test netcat commands:
nc localhost 2400 & wait
It might look silly to run a command in the background, and immediately wait for it, but that way you can see the PID of the nc process.
On my system, all loopback (127.x.y.z), TCP/IPv4, and TCP/IPv6 (the addresses of my ethernet and WiFi interfaces) worked fine, and reliably reported the correct PID of the process connecting to the example server.
There are a number of cases where the number of PIDs reported might vary: For example, if the program has executed a child process, but left the connected descriptor open in the child as well. (This should be considered a bug.) Another typical case is the program having exited before the netstat command executes.
If you find any typos or errors or strange behaviour, let me know in a comment so I can verify and fix. I wrote both programs in one sitting, so they are quite likely to contain bugs. As I mentioned, I would not trust either in production before having a colleague (or myself a few times, later on, with fresh eyes) going through it with a critical/paranoid eye.
I would personally only use this approach for logging and statistics, not access control per se. By access control, I mean that you should configure an IP filter (the firewall built in to the Linux kernel) to limit access to only trusted hosts; and specifically allow no incoming proxy connections to the proxy service if only local applications are to be proxied, rather than rely on this detecting all remote connections.
For application-specific logging/limiting, use readlink() on the /proc/PID/exe pseudosymlink. This cannot be faked, but the call may fail if the executable is not accessible, or is too deep in the directory tree. (In those cases I'd reject the proxy connection altogether.)
Note that it is usually trivial for an user to copy an executable to any directory they own, and execute it from there. This means that for application-specific limiting to work at all, you should have tight limits for all applications by default, and relax the limits for specific executables.

How to share memory between a GTK applications (or GTK and Console applications)?

I'm trying to communicate two programs (in one I used GTK and in the other I used the Standard IO of C programing). In both I used shmget. shmat, ..., etc, to communicate them both.
However I'm having to much trouble to get the things done... Both programs do compile but none of them runs according my intentions.
What I'm really want to do is send data from the server to a client controlling the client program (in this test just printing the numbers on terminal), which will finish its execution after receives a signal from the server.
Unfortunately I couldn't made it with GTK but I almost did it in console application, however whem it is running automatic (without user interactivity) the Client crashes after 65516 iterations. In gaming programs this could be a problem, however for some applications the codes below will work satisfactorily.
My question is: Why an error occurs after reached 65516 interations (calls of shmat function on client program)?
In my future application this error have to be avoided or it will make the program crash...
How can I avoid it and keep my program (the client application) running indefinitely?
There are other ways to control a program through another program? which one is feasible or more practical?
File
smh-02.h
#define NOT_READY -1
#define FILLED 0
#define TAKEN 1
struct Memory
{
int status;
int data[4];
int dado; // I just add this data
};
File Console_server01.c
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include "shm-02.h"
#define RUN_WITH_USER // Coment this line to user interactivity
// Or uncoment it to run automactic test indefinitely until segmented fail
key_t ShmKEY;
int ShmID;
struct Memory *ShmPTR;
//---------------------------------------------------------------------
void send_data(int info)
{
while(ShmPTR->status != TAKEN);
ShmPTR->status = NOT_READY;
ShmPTR->dado = info;
ShmPTR->status = FILLED; //Server has informed client that the shared memory have been FILLED
}
//---------------------------------------------------------------------
//---------------------------------------------------------------------
int main(int argc, char *argv[])
{
int info;
ShmKEY = ftok(".", 'x');
ShmID = shmget(ShmKEY, sizeof(struct Memory), IPC_CREAT | 0666);
if (ShmID < 0)
{
printf("*** shmget error (server) ***\n");
exit(1);
}
ShmPTR = (struct Memory *) shmat(ShmID, NULL, 0);
if ((int) ShmPTR == -1)
{
printf("*** shmat error (server) ***\n");
exit(1);
}
send_data(55); // This will send some signal to the client establish connection
info = 1; //----- Value to RUN_REPEATLY ------
do
{
#ifdef RUN_WITH_USER //----------------------------------
printf("\n Type:");
printf("\n [1] To move to RIGHT");
printf("\n [2] To move to LEFT");
printf("\n [3] To move to QUIT");
printf("\n You choice is: ");
scanf("%d",&info);
#endif //----------------------------------
send_data(info);
}
while(info != 3);
shmdt((void *) ShmPTR); //Server has detached its shared memory...
shmctl(ShmID, IPC_RMID, NULL); //Server has removed its shared memory...
return 0;
}
File Console_client01.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include "shm-02.h"
int main(void)
{
key_t ShmKEY;
int ShmID;
struct Memory *ShmPTR;
ShmKEY = ftok(".", 'x');
int i = 0;
int trigger = 0; // trigger locked
ShmID = shmget(ShmKEY, sizeof(struct Memory), 0666);
if (ShmID < 0)
{
printf("*** shmget error (client) ***\n");
exit (1); //Client exits
}
do{
ShmPTR = (struct Memory *) shmat(ShmID, NULL, 0);
if ( (ShmPTR->status == FILLED)&&(trigger == 0) )
{
ShmPTR->status = TAKEN;
trigger = 1; // trigger pulled
}
while (ShmPTR->status != FILLED)
{
printf("\nWaiting status = FILLED\t|\t");
switch(ShmPTR->status)
{
case -1:
printf("Current status = NOT_READY");
break;
case 0:
printf("Current status = FILLED");
break;
case 1:
printf("Current status = TAKEN");
break;
}
sleep(1); // Uncoment this line to better user interactivity
}
usleep(800); // Uncoment this line to better user interactivity
i++;
printf("\ni = %d --/// | dado = %d ", i, ShmPTR->dado);
if ((int) ShmPTR == -1)
{
printf("*** shmat error (client) ***\n");
exit(1); //Client exits
}
else
{
if (ShmPTR->dado == 55)
{
printf("\nConnection ESTABLISHED"); //Go to the LEFT
ShmPTR->status = TAKEN;
}
if (ShmPTR->dado == 3) // Exiting Program
{
ShmPTR->status = TAKEN; //Client has informed server data have been taken...
shmdt((void *) ShmPTR); //Client has detached its shared memory...
exit (0); //Client exits
}
if (ShmPTR->dado == 1)
{
printf("\n<--- move LEFT"); //Go to the LEFT
ShmPTR->status = TAKEN;
}
if (ShmPTR->dado == 2)
{
printf("\n---> move RIGHT"); // Go to the RIGHT
ShmPTR->status = TAKEN;
}
if ( (ShmPTR->dado != 1)||(ShmPTR->dado != 2) )
{
printf("\nIdle | dado = %d",ShmPTR->dado ); //Doing NOTHING
ShmPTR->status = TAKEN;
}
}
}while (1); // 'Infinite' loop
exit(0);
}
Running the programs_Picture
Error after 65516 interations_Picture

You should never use shared memory for communication. It is not type safe and hard to code correctly.
What you truly need is serialization. Consider using JSON-RPC for communication. Yes, it is far slower than raw memory manipulation, but much safer, more portable and easier to make just work. Some even use it for heavy and often loads, let alone occasional loads like GUI input.

Executing child process in new terminal

I want to make a simple chat application for unix.
I have created one server which supports multiple clients. When ever a new client connects to the server a new process is created using fork command. Now the problem is all the child processes share the same stdin on the server, cause of this in order to send a message to 2nd clien 1st child prosess has to terminte. In order to resolve this I would like to run each child process in a new terminal.
This can be achieved by writing the code for the child process code in a new file and executing it like xterm -e sh -c .(i have not tried this though).
What i really want is not to have two file just to fireup a new terminal and run rest of the code in it.
int say(int socket)
{
char *s;
fscanf(stdin,"%79s",s);
int result=send(socket,s,strlen(s),0);
return result;
}
int main()
{
int listener_d;
struct sockaddr_in name;
listener_d=socket(PF_INET,SOCK_STREAM,0);
name.sin_family=PF_INET;
name.sin_port=(in_port_t)htons(30000);
name.sin_addr.s_addr=htonl(INADDR_ANY);
int c = bind(listener_d,(struct sockaddr *)&name,sizeof(name)); //Bind
if(c== -1)
{
printf("\nCan't bind to socket\n");
}
if(listen(listener_d,10) == -1) // Listen
{
printf("\nCan't listen\n");
}
puts("\nWait for connection\n");
while(1)
{
struct sockaddr_storage client_addr;
unsigned int address_size = sizeof(client_addr);
int connect_d = accept(listener_d,
(struct sockaddr*)&client_addr,&address_size); //Accept
if(connect_d== -1)
{
printf("\nCan't open secondary socket\n");
}
if(!fork())
{
close(listener_d);
char *msg = "welcome Sweetone\n";
if(send(connect_d,msg,strlen(msg),0))
{
printf("send");
}
int k=0;
while(k<5)
{
say(connect_d);
++k;
}
close(connect_d);
exit(0);
}
close(connect_d);
}
close(listener_d);
return 0;
}

I think the message sending between your client and servers is a bit unusual. It is more common, in this simple "just test how it works" scenario to have the clients sending messages to the server. As an example I could mention a simple echo service, which mirrors everything a client sends, back to the client. Is this design forced by some requirements?
Critique aside, I have two separate changes that could make your current design work. They both involve changing the reading of input in the subservers.
Alternative 1:
Instead of reading from stdin, create a named pipe ( see man 3 mkfifo), fex /tmp/childpipe"pid_of_subserver_here". You could create the pipe in say() and open it for reading. Then use echo (man echo) to write to the pipe echo "My message" > /tmp/childpipe"NNNN". Before exiting the child, remember to remove the pipe with unlink()
Alternative 2:
Create an unnamed pipe between server and each subserver. This makes the code much more messy, but avoids creating named pipes and using echo. Example code is included below. It has insufficient error handling (like most example code) and does not handle disconnecting client properly.
Example usage: 1) start server ./a.out 2) (connect client in external window (e.g. nc localhost 30000) 3) write to client 1 by typing "1Hello client one" 4) (connect second client in third window etc) 4) Write to second client by typing "2Hello second client"
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <arpa/inet.h>
#include <string.h>
#include <unistd.h>
enum max_childeren{
MAX_CHILDEREN = 50
};
int say(int socket)
{
char buf[513] = {0};
fgets(buf, sizeof(buf), stdin);
int result=send(socket, buf, strlen(buf),0);
return result;
}
int main()
{
int listener_d;
struct sockaddr_in name;
listener_d=socket(PF_INET,SOCK_STREAM,0);
name.sin_family=PF_INET;
name.sin_port=(in_port_t)htons(30000);
name.sin_addr.s_addr=htonl(INADDR_ANY);
int on = 1;
if (setsockopt(listener_d, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) < 0){
perror("setsockopt()");
}
int c = bind(listener_d,(struct sockaddr *)&name,sizeof(name)); //Bind
if(c== -1)
{
printf("\nCan't bind to socket\n");
}
if(listen(listener_d,10) == -1) // Listen
{
printf("\nCan't listen\n");
}
// Edited here
int number_of_childeren = 0;
int pipes[2] = {0};
int child_pipe_write_ends[MAX_CHILDEREN] = {0};
fd_set select_fds;
FD_ZERO(&select_fds);
puts("\nWait for connection\n");
while(1)
{
struct sockaddr_storage client_addr;
unsigned int address_size = sizeof(client_addr);
// Edited here, to multiplex IO
FD_SET(listener_d, &select_fds);
FD_SET(STDIN_FILENO, &select_fds);
int maxfd = listener_d + 1;
int create_new_child = 0;
int connect_d = -1; // moved here
select(maxfd, &select_fds, NULL, NULL, NULL);
if (FD_ISSET(listener_d, &select_fds)){
connect_d = accept(listener_d,
(struct sockaddr*)&client_addr,&address_size); //Accept
if(connect_d== -1)
{
printf("\nCan't open secondary socket\n");
exit(EXIT_FAILURE);
}
create_new_child = 1;
}
char buf[512] ={0};
char *endptr = NULL;
if (FD_ISSET(STDIN_FILENO, &select_fds)){
fgets(buf, sizeof(buf), stdin);
long int child_num = strtol(buf, &endptr, 10);
if (child_num > 0 && child_num <= number_of_childeren) {
write(child_pipe_write_ends[child_num - 1], endptr, strnlen(buf, sizeof(buf)) - (endptr - buf));
}
else {
printf("Skipping invalid input: %s\n", buf);
}
}
if (create_new_child != 1)
continue;
number_of_childeren++; // Edited here
int error = pipe(pipes);
if (error != 0){
//handle errors
perror("pipe():");
exit(EXIT_FAILURE);
}
child_pipe_write_ends[number_of_childeren - 1] = pipes[1];
if(!fork())
{
error = dup2(pipes[0], STDIN_FILENO);
if (error < 0){ // could also test != STDIN_FILENO but thats confusing
//handle errors
perror("dup2");
exit(EXIT_FAILURE);
}
close(pipes[0]);
close(listener_d);
char *msg = "welcome Sweetone\n";
if(send(connect_d,msg,strlen(msg),0))
{
printf("send\n");
}
int k=0;
while(k<5)
{
say(connect_d);
++k;
}
close(connect_d);
exit(0);
}
close(connect_d);
close(pipes[0]);
}
close(listener_d);
return 0;
}
The code needs refactoring into functions. It is too long. I tried to do the least possible amount of changes, so I left the restructuring as an exercise.

fscanf(stdin,"%79s",s);
Why? Is it tcp-chat? You have some socket for each client and if yoy want to "say" something then you must to use client. It's true logick.
The server usually sends a service messages only. It's true logick too.
But if you want new terminal then you can try to use a exec's family from unistd.h .

Socket handle transfer between independent processes

I am doing some experiments in socket programming(in unix environment). What I am trying is
Client sends request to Server.
Server should send the clients socket to Worker(An Independent process)
Worker should reply back to Client.
Is this possible?
This scenario works if Worker is a child of Server.
If Server and Worker are independent processes does this work?
If yes can somebody give me some ideas about this ?
Is there any samples available for this type of scenario ?

The Linux Programming Interface book has examples for both sending and receiving file descriptors between unrelated processes, using an Unix domain socket.
For fun, I wrote my own examples from scratch. server.c:
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <netdb.h>
#include <signal.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
/* How many concurrent pending connections are allowed */
#define LISTEN_BACKLOG 32
/* Unix domain socket path length (including NUL byte) */
#ifndef UNIX_PATH_LEN
#define UNIX_PATH_LEN 108
#endif
/* Flag to indicate we have received a shutdown request. */
volatile sig_atomic_t done = 0;
/* Shutdown request signal handler, of the basic type. */
void handle_done_signal(int signum)
{
if (!done)
done = signum;
return;
}
/* Install shutdown request signal handler on signal signum. */
int set_done_signal(const int signum)
{
struct sigaction act;
sigemptyset(&act.sa_mask);
act.sa_handler = handle_done_signal;
act.sa_flags = 0;
if (sigaction(signum, &act, NULL) == -1)
return errno;
else
return 0;
}
/* Return empty, -, and * as NULL, so users can use that
* to bind the server to the wildcard address.
*/
char *wildcard(char *address)
{
/* NULL? */
if (!address)
return NULL;
/* Empty? */
if (!address[0])
return NULL;
/* - or ? or * or : */
if (address[0] == '-' || address[0] == '?' ||
address[0] == '*' || address[0] == ':')
return NULL;
return address;
}
int main(int argc, char *argv[])
{
struct addrinfo hints;
struct addrinfo *list, *curr;
int listenfd, failure;
struct sockaddr_un worker;
int workerfd, workerpathlen;
struct sockaddr_in6 conn;
socklen_t connlen;
struct msghdr connhdr;
struct iovec conniov;
struct cmsghdr *connmsg;
char conndata[1];
char connbuf[CMSG_SPACE(sizeof (int))];
int connfd;
int result;
ssize_t written;
if (argc != 4) {
fprintf(stderr, "\n");
fprintf(stderr, "Usage: %s ADDRESS PORT WORKER\n", argv[0]);
fprintf(stderr, "This creates a server that binds to ADDRESS and PORT,\n");
fprintf(stderr, "and passes each connection to a separate unrelated\n");
fprintf(stderr, "process using an Unix domain socket at WORKER.\n");
fprintf(stderr, "\n");
return (argc == 1) ? 0 : 1;
}
/* Handle HUP, INT, PIPE, and TERM signals,
* so when the user presses Ctrl-C, the worker process cannot be contacted,
* or the user sends a HUP or TERM signal, this server closes down cleanly. */
if (set_done_signal(SIGINT) ||
set_done_signal(SIGHUP) ||
set_done_signal(SIGPIPE) ||
set_done_signal(SIGTERM)) {
fprintf(stderr, "Error: Cannot install signal handlers.\n");
return 1;
}
/* Unix domain socket to the worker */
memset(&worker, 0, sizeof worker);
worker.sun_family = AF_UNIX;
workerpathlen = strlen(argv[3]);
if (workerpathlen < 1) {
fprintf(stderr, "Worker Unix domain socket path cannot be empty.\n");
return 1;
} else
if (workerpathlen >= UNIX_PATH_LEN) {
fprintf(stderr, "%s: Worker Unix domain socket path is too long.\n", argv[3]);
return 1;
}
memcpy(&worker.sun_path, argv[3], workerpathlen);
/* Note: the terminating NUL byte was set by memset(&worker, 0, sizeof worker) above. */
workerfd = socket(AF_UNIX, SOCK_STREAM, 0);
if (workerfd == -1) {
fprintf(stderr, "Cannot create an Unix domain socket: %s.\n", strerror(errno));
return 1;
}
if (connect(workerfd, (const struct sockaddr *)(&worker), (socklen_t)sizeof worker) == -1) {
fprintf(stderr, "Cannot connect to %s: %s.\n", argv[3], strerror(errno));
close(workerfd);
return 1;
}
/* Initialize the address info hints */
memset(&hints, 0, sizeof hints);
hints.ai_family = AF_UNSPEC; /* IPv4 or IPv6 */
hints.ai_socktype = SOCK_STREAM; /* Stream socket */
hints.ai_flags = AI_PASSIVE /* Wildcard ADDRESS */
| AI_ADDRCONFIG /* Only return IPv4/IPv6 if available locally */
| AI_NUMERICSERV /* Port must be a number */
;
hints.ai_protocol = 0; /* Any protocol */
/* Obtain the chain of possible addresses and ports to bind to */
result = getaddrinfo(wildcard(argv[1]), argv[2], &hints, &list);
if (result) {
fprintf(stderr, "%s %s: %s.\n", argv[1], argv[2], gai_strerror(result));
close(workerfd);
return 1;
}
/* Bind to the first working entry in the chain */
listenfd = -1;
failure = EINVAL;
for (curr = list; curr != NULL; curr = curr->ai_next) {
listenfd = socket(curr->ai_family, curr->ai_socktype, curr->ai_protocol);
if (listenfd == -1)
continue;
if (bind(listenfd, curr->ai_addr, curr->ai_addrlen) == -1) {
if (!failure)
failure = errno;
close(listenfd);
listenfd = -1;
continue;
}
/* Bind successfully */
break;
}
/* Discard the chain, as we don't need it anymore.
* Note: curr is no longer valid after this. */
freeaddrinfo(list);
/* Failed to bind? */
if (listenfd == -1) {
fprintf(stderr, "Cannot bind to %s port %s: %s.\n", argv[1], argv[2], strerror(failure));
close(workerfd);
return 1;
}
if (listen(listenfd, LISTEN_BACKLOG) == -1) {
fprintf(stderr, "Cannot listen for incoming connections to %s port %s: %s.\n", argv[1], argv[2], strerror(errno));
close(listenfd);
close(workerfd);
return 1;
}
printf("Now waiting for incoming connections to %s port %s\n", argv[1], argv[2]);
fflush(stdout);
while (!done) {
memset(&conn, 0, sizeof conn);
connlen = sizeof conn;
connfd = accept(listenfd, (struct sockaddr *)&conn, &connlen);
if (connfd == -1) {
/* Did we just receive a signal? */
if (errno == EINTR)
continue;
/* Report a connection failure. */
printf("Failed to accept a connection: %s\n", strerror(errno));
fflush(stdout);
continue;
}
/* Construct the message to the worker process. */
memset(&connhdr, 0, sizeof connhdr);
memset(&conniov, 0, sizeof conniov);
memset(&connbuf, 0, sizeof connbuf);
conniov.iov_base = conndata; /* Data payload to send */
conniov.iov_len = 1; /* We send just one (dummy) byte, */
conndata[0] = 0; /* a zero. */
/* Construct the message (header) */
connhdr.msg_name = NULL; /* No optional address */
connhdr.msg_namelen = 0; /* No optional address */
connhdr.msg_iov = &conniov; /* Normal payload - at least one byte */
connhdr.msg_iovlen = 1; /* Only one vector in conniov */
connhdr.msg_control = connbuf; /* Ancillary data */
connhdr.msg_controllen = sizeof connbuf;
/* Construct the ancillary data needed to pass one descriptor. */
connmsg = CMSG_FIRSTHDR(&connhdr);
connmsg->cmsg_level = SOL_SOCKET;
connmsg->cmsg_type = SCM_RIGHTS;
connmsg->cmsg_len = CMSG_LEN(sizeof (int));
/* Copy the descriptor to the ancillary data. */
memcpy(CMSG_DATA(connmsg), &connfd, sizeof (int));
/* Update the message to reflect the ancillary data length */
connhdr.msg_controllen = connmsg->cmsg_len;
do {
written = sendmsg(workerfd, &connhdr, MSG_NOSIGNAL);
} while (written == (ssize_t)-1 && errno == EINTR);
if (written == (ssize_t)-1) {
const char *const errmsg = strerror(errno);
/* Lost connection to the other end? */
if (!done) {
if (errno == EPIPE)
done = SIGPIPE;
else
done = -1;
}
printf("Cannot pass connection to worker: %s.\n", errmsg);
fflush(stdout);
close(connfd);
/* Break main loop. */
break;
}
/* Since the descriptor has been transferred to the other process,
* we can close our end. */
do {
result = close(connfd);
} while (result == -1 && errno == EINTR);
if (result == -1)
printf("Error closing leftover connection descriptor: %s.\n", strerror(errno));
printf("Connection transferred to the worker process.\n");
fflush(stdout);
}
/* Shutdown. */
close(listenfd);
close(workerfd);
switch (done) {
case SIGTERM:
printf("Terminated.\n");
break;
case SIGPIPE:
printf("Lost connection.\n");
break;
case SIGHUP:
printf("Hanging up.\n");
break;
case SIGINT:
printf("Interrupted; exiting.\n");
break;
default:
printf("Exiting.\n");
}
return 0;
}
and worker.c:
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <netdb.h>
#include <signal.h>
#include <string.h>
#include <stdio.h>
#include <errno.h>
/* How many concurrent pending connections are allowed */
#define LISTEN_BACKLOG 32
/* Unix domain socket path length (including NUL byte) */
#ifndef UNIX_PATH_LEN
#define UNIX_PATH_LEN 108
#endif
/* Flag to indicate we have received a shutdown request. */
volatile sig_atomic_t done = 0;
/* Shutdown request signal handler, of the basic type. */
void handle_done_signal(int signum)
{
if (!done)
done = signum;
return;
}
/* Install shutdown request signal handler on signal signum. */
int set_done_signal(const int signum)
{
struct sigaction act;
sigemptyset(&act.sa_mask);
act.sa_handler = handle_done_signal;
act.sa_flags = 0;
if (sigaction(signum, &act, NULL) == -1)
return errno;
else
return 0;
}
/* Helper function to duplicate file descriptors.
* Returns 0 if success, errno error code otherwise.
*/
static int copy_fd(const int fromfd, const int tofd)
{
int result;
if (fromfd == tofd)
return 0;
if (fromfd == -1 || tofd == -1)
return errno = EINVAL;
do {
result = dup2(fromfd, tofd);
} while (result == -1 && errno == EINTR);
if (result == -1)
return errno;
return 0;
}
int main(int argc, char *argv[])
{
struct sockaddr_un worker;
int workerfd, workerpathlen;
int serverfd, clientfd;
pid_t child;
struct msghdr msghdr;
struct iovec msgiov;
struct cmsghdr *cmsg;
char data[1];
char ancillary[CMSG_SPACE(sizeof (int))];
ssize_t received;
if (argc < 3) {
fprintf(stderr, "\n");
fprintf(stderr, "Usage: %s WORKER COMMAND [ ARGS .. ]\n", argv[0]);
fprintf(stderr, "This creates a worker that receives connections\n");
fprintf(stderr, "from Unix domain socket WORKER.\n");
fprintf(stderr, "Each connection is served by COMMAND, with the\n");
fprintf(stderr, "connection connected to its standard input and output.\n");
fprintf(stderr, "\n");
return (argc == 1) ? 0 : 1;
}
/* Handle HUP, INT, PIPE, and TERM signals,
* so when the user presses Ctrl-C, the worker process cannot be contacted,
* or the user sends a HUP or TERM signal, this server closes down cleanly. */
if (set_done_signal(SIGINT) ||
set_done_signal(SIGHUP) ||
set_done_signal(SIGPIPE) ||
set_done_signal(SIGTERM)) {
fprintf(stderr, "Error: Cannot install signal handlers.\n");
return 1;
}
/* Unix domain socket */
memset(&worker, 0, sizeof worker);
worker.sun_family = AF_UNIX;
workerpathlen = strlen(argv[1]);
if (workerpathlen < 1) {
fprintf(stderr, "Worker Unix domain socket path cannot be empty.\n");
return 1;
} else
if (workerpathlen >= UNIX_PATH_LEN) {
fprintf(stderr, "%s: Worker Unix domain socket path is too long.\n", argv[1]);
return 1;
}
memcpy(&worker.sun_path, argv[1], workerpathlen);
/* Note: the terminating NUL byte was set by memset(&worker, 0, sizeof worker) above. */
workerfd = socket(AF_UNIX, SOCK_STREAM, 0);
if (workerfd == -1) {
fprintf(stderr, "Cannot create an Unix domain socket: %s.\n", strerror(errno));
return 1;
}
if (bind(workerfd, (const struct sockaddr *)(&worker), (socklen_t)sizeof worker) == -1) {
fprintf(stderr, "%s: %s.\n", argv[1], strerror(errno));
close(workerfd);
return 1;
}
if (listen(workerfd, LISTEN_BACKLOG) == -1) {
fprintf(stderr, "%s: Cannot listen for messages: %s.\n", argv[1], strerror(errno));
close(workerfd);
return 1;
}
printf("Listening for descriptors on %s.\n", argv[1]);
fflush(stdout);
while (!done) {
serverfd = accept(workerfd, NULL, NULL);
if (serverfd == -1) {
if (errno == EINTR)
continue;
printf("Failed to accept a connection from the server: %s.\n", strerror(errno));
fflush(stdout);
continue;
}
printf("Connection from the server.\n");
fflush(stdout);
while (!done && serverfd != -1) {
memset(&msghdr, 0, sizeof msghdr);
memset(&msgiov, 0, sizeof msgiov);
msghdr.msg_name = NULL;
msghdr.msg_namelen = 0;
msghdr.msg_control = &ancillary;
msghdr.msg_controllen = sizeof ancillary;
cmsg = CMSG_FIRSTHDR(&msghdr);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof (int));
msghdr.msg_iov = &msgiov;
msghdr.msg_iovlen = 1;
msgiov.iov_base = &data;
msgiov.iov_len = 1; /* Just one byte */
received = recvmsg(serverfd, &msghdr, 0);
if (received == (ssize_t)-1) {
if (errno == EINTR)
continue;
printf("Error receiving a message from server: %s.\n", strerror(errno));
fflush(stdout);
break;
}
cmsg = CMSG_FIRSTHDR(&msghdr);
if (!cmsg || cmsg->cmsg_len != CMSG_LEN(sizeof (int))) {
printf("Received a bad message from server.\n");
fflush(stdout);
break;
}
memcpy(&clientfd, CMSG_DATA(cmsg), sizeof (int));
printf("Executing command with descriptor %d: ", clientfd);
fflush(stdout);
child = fork();
if (child == (pid_t)-1) {
printf("Fork failed: %s.\n", strerror(errno));
fflush(stdout);
close(clientfd);
break;
}
if (!child) {
/* This is the child process. */
close(workerfd);
close(serverfd);
if (copy_fd(clientfd, STDIN_FILENO) ||
copy_fd(clientfd, STDOUT_FILENO) ||
copy_fd(clientfd, STDERR_FILENO))
return 126; /* Exits the client */
if (clientfd != STDIN_FILENO &&
clientfd != STDOUT_FILENO &&
clientfd != STDERR_FILENO)
close(clientfd);
execvp(argv[2], argv + 2);
return 127; /* Exits the client */
}
printf("Done.\n");
fflush(stdout);
close(clientfd);
}
close(serverfd);
printf("Closed connection to server.\n");
fflush(stdout);
}
/* Shutdown. */
close(workerfd);
switch (done) {
case SIGTERM:
printf("Terminated.\n");
break;
case SIGPIPE:
printf("Lost connection.\n");
break;
case SIGHUP:
printf("Hanging up.\n");
break;
case SIGINT:
printf("Interrupted; exiting.\n");
break;
default:
printf("Exiting.\n");
}
return 0;
}
You can compile them using
gcc -W -Wall -O3 worker.c -o worker
gcc -W -Wall -O3 server.c -o server
and run using e.g.
rm -f connection
./worker connection /bin/date &
./server 127.0.0.1 8000 connection &
As you can see, the ./worker and ./server processes are completely separate. I recommend starting them from different windows (leaving out the & at the end of the command lines, which otherwise runs the commands at the background). The connection is the path or name of the Unix domain socket used to transfer the network connection file descriptor. The /bin/date is a command (not a shell command, an executable) that will be executed for each connection, with standard input, output and error connected directly to the network client -- very much like inetd or xinetd does, just bare bones.
You can test the connection via e.g.
nc 127.0.0.1 8000
or
telnet 127.0.0.1 8000
The above /bin/date command will just output the current date to standard output, but if you use a bit cleverer worker command, say
rm -f connection
./worker connection printf 'HTTP/1.0 200 Ok\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 67\r\n\r\n<html><head><title>Works</title></head><body>Works!</body></html>\r\n'
you can use your browser (http://127.0.0.1:8000/) to test.
The design is such that worker.c listens to an Unix domain socket (connection in current working directory in all above example commands). It first accepts a connection (from a single server), then expects each incoming byte to be associated with SCM_RIGHTS ancillary data containing the file descriptor referring to the client connection. If there is a problem, or the connection is dropped, it goes back to waiting for a new connection from a server. If it receives a client descriptor, it forks a child process, redirects its standard input, output and error to the client descriptor, and executes the command specified on the ./worker command line. The parent process closes its copy of the client descriptor, and goes back to waiting for a new one.
server.c listens for incoming connections to the IPv4 or IPv6 address and port specified on its command line. When it gets a connection, it transfers the connected file descriptor to above worker.c process via the Unix domain socket specified on the command line (connection), closes its own copy, and goes back to waiting for a new connection. Note that if the server loses the connection to the worker, it aborts; you'll want to start ./worker always before the ./server.
Both server.c and worker.c install simple signal handlers so that you can tell them to exit by sending them a HUP or INT signal (Ctrl-C, if you run the commands in the foreground in separate terminals or shells). They also have reasonable error checking, so when they exit, they tell you exactly why. To be honest, I did it because that way you WILL receive EINTR errors occasionally, and unless you treat them correctly (retrying the relevant syscalls unless asked to exit), your processes will be fragile, and crash from the slightest changes in conditions. Be robust; it's not that hard, and the results are much more user/sysadmin-friendly.
I hope you find the code interesting. I'd be happy to elaborate, if you have any questions on the details. Just remember that I wrote it from scratch in very little time, and it is only intended as a simple example. There is a lot of room for improvement.

UNIX socket is used to pass file descriptors between processes.

According to this post it should be possible. You need some way (pipes or sockets come to mind) to let your worker process know the sockets handle.
Unfortunately, I am not experienced with unix programming, so I cannot give you more concrete info.