xref: /freebsd/contrib/ntp/sntp/libevent/sample/le-proxy.c (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c) 
1 /*
2   This example code shows how to write an (optionally encrypting) SSL proxy
3   with Libevent's bufferevent layer.
4 
5   XXX It's a little ugly and should probably be cleaned up.
6  */
7 
8 // Get rid of OSX 10.7 and greater deprecation warnings.
9 #if defined(__APPLE__) && defined(__clang__)
10 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
11 #endif
12 
13 #include <stdio.h>
14 #include <assert.h>
15 #include <stdlib.h>
16 #include <string.h>
17 #include <errno.h>
18 
19 #ifdef _WIN32
20 #include <winsock2.h>
21 #include <ws2tcpip.h>
22 #else
23 #include <sys/socket.h>
24 #include <netinet/in.h>
25 #endif
26 
27 #include <event2/bufferevent_ssl.h>
28 #include <event2/bufferevent.h>
29 #include <event2/buffer.h>
30 #include <event2/listener.h>
31 #include <event2/util.h>
32 
33 #include "util-internal.h"
34 #include <openssl/ssl.h>
35 #include <openssl/err.h>
36 #include <openssl/rand.h>
37 #include "openssl-compat.h"
38 
39 static struct event_base *base;
40 static struct sockaddr_storage listen_on_addr;
41 static struct sockaddr_storage connect_to_addr;
42 static int connect_to_addrlen;
43 static int use_wrapper = 1;
44 
45 static SSL_CTX *ssl_ctx = NULL;
46 
47 #define MAX_OUTPUT (512*1024)
48 
49 static void drained_writecb(struct bufferevent *bev, void *ctx);
50 static void eventcb(struct bufferevent *bev, short what, void *ctx);
51 
52 static void
53 readcb(struct bufferevent *bev, void *ctx)
54 {
55 	struct bufferevent *partner = ctx;
56 	struct evbuffer *src, *dst;
57 	size_t len;
58 	src = bufferevent_get_input(bev);
59 	len = evbuffer_get_length(src);
60 	if (!partner) {
61 		evbuffer_drain(src, len);
62 		return;
63 	}
64 	dst = bufferevent_get_output(partner);
65 	evbuffer_add_buffer(dst, src);
66 
67 	if (evbuffer_get_length(dst) >= MAX_OUTPUT) {
68 		/* We're giving the other side data faster than it can
69 		 * pass it on.  Stop reading here until we have drained the
70 		 * other side to MAX_OUTPUT/2 bytes. */
71 		bufferevent_setcb(partner, readcb, drained_writecb,
72 		    eventcb, bev);
73 		bufferevent_setwatermark(partner, EV_WRITE, MAX_OUTPUT/2,
74 		    MAX_OUTPUT);
75 		bufferevent_disable(bev, EV_READ);
76 	}
77 }
78 
79 static void
80 drained_writecb(struct bufferevent *bev, void *ctx)
81 {
82 	struct bufferevent *partner = ctx;
83 
84 	/* We were choking the other side until we drained our outbuf a bit.
85 	 * Now it seems drained. */
86 	bufferevent_setcb(bev, readcb, NULL, eventcb, partner);
87 	bufferevent_setwatermark(bev, EV_WRITE, 0, 0);
88 	if (partner)
89 		bufferevent_enable(partner, EV_READ);
90 }
91 
92 static void
93 close_on_finished_writecb(struct bufferevent *bev, void *ctx)
94 {
95 	struct evbuffer *b = bufferevent_get_output(bev);
96 
97 	if (evbuffer_get_length(b) == 0) {
98 		bufferevent_free(bev);
99 	}
100 }
101 
102 static void
103 eventcb(struct bufferevent *bev, short what, void *ctx)
104 {
105 	struct bufferevent *partner = ctx;
106 
107 	if (what & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) {
108 		if (what & BEV_EVENT_ERROR) {
109 			unsigned long err;
110 			while ((err = (bufferevent_get_openssl_error(bev)))) {
111 				const char *msg = (const char*)
112 				    ERR_reason_error_string(err);
113 				const char *lib = (const char*)
114 				    ERR_lib_error_string(err);
115 				const char *func = (const char*)
116 				    ERR_func_error_string(err);
117 				fprintf(stderr,
118 				    "%s in %s %s\n", msg, lib, func);
119 			}
120 			if (errno)
121 				perror("connection error");
122 		}
123 
124 		if (partner) {
125 			/* Flush all pending data */
126 			readcb(bev, ctx);
127 
128 			if (evbuffer_get_length(
129 				    bufferevent_get_output(partner))) {
130 				/* We still have to flush data from the other
131 				 * side, but when that's done, close the other
132 				 * side. */
133 				bufferevent_setcb(partner,
134 				    NULL, close_on_finished_writecb,
135 				    eventcb, NULL);
136 				bufferevent_disable(partner, EV_READ);
137 			} else {
138 				/* We have nothing left to say to the other
139 				 * side; close it. */
140 				bufferevent_free(partner);
141 			}
142 		}
143 		bufferevent_free(bev);
144 	}
145 }
146 
147 static void
148 syntax(void)
149 {
150 	fputs("Syntax:\n", stderr);
151 	fputs("   le-proxy [-s] [-W] <listen-on-addr> <connect-to-addr>\n", stderr);
152 	fputs("Example:\n", stderr);
153 	fputs("   le-proxy 127.0.0.1:8888 1.2.3.4:80\n", stderr);
154 
155 	exit(1);
156 }
157 
158 static void
159 accept_cb(struct evconnlistener *listener, evutil_socket_t fd,
160     struct sockaddr *a, int slen, void *p)
161 {
162 	struct bufferevent *b_out, *b_in;
163 	/* Create two linked bufferevent objects: one to connect, one for the
164 	 * new connection */
165 	b_in = bufferevent_socket_new(base, fd,
166 	    BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
167 
168 	if (!ssl_ctx || use_wrapper)
169 		b_out = bufferevent_socket_new(base, -1,
170 		    BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
171 	else {
172 		SSL *ssl = SSL_new(ssl_ctx);
173 		b_out = bufferevent_openssl_socket_new(base, -1, ssl,
174 		    BUFFEREVENT_SSL_CONNECTING,
175 		    BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
176 	}
177 
178 	assert(b_in && b_out);
179 
180 	if (bufferevent_socket_connect(b_out,
181 		(struct sockaddr*)&connect_to_addr, connect_to_addrlen)<0) {
182 		perror("bufferevent_socket_connect");
183 		bufferevent_free(b_out);
184 		bufferevent_free(b_in);
185 		return;
186 	}
187 
188 	if (ssl_ctx && use_wrapper) {
189 		struct bufferevent *b_ssl;
190 		SSL *ssl = SSL_new(ssl_ctx);
191 		b_ssl = bufferevent_openssl_filter_new(base,
192 		    b_out, ssl, BUFFEREVENT_SSL_CONNECTING,
193 		    BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
194 		if (!b_ssl) {
195 			perror("Bufferevent_openssl_new");
196 			bufferevent_free(b_out);
197 			bufferevent_free(b_in);
198 			return;
199 		}
200 		b_out = b_ssl;
201 	}
202 
203 	bufferevent_setcb(b_in, readcb, NULL, eventcb, b_out);
204 	bufferevent_setcb(b_out, readcb, NULL, eventcb, b_in);
205 
206 	bufferevent_enable(b_in, EV_READ|EV_WRITE);
207 	bufferevent_enable(b_out, EV_READ|EV_WRITE);
208 }
209 
210 int
211 main(int argc, char **argv)
212 {
213 	int i;
214 	int socklen;
215 
216 	int use_ssl = 0;
217 	struct evconnlistener *listener;
218 
219 #ifdef _WIN32
220 	WORD wVersionRequested;
221 	WSADATA wsaData;
222 	wVersionRequested = MAKEWORD(2, 2);
223 	(void) WSAStartup(wVersionRequested, &wsaData);
224 #endif
225 
226 	if (argc < 3)
227 		syntax();
228 
229 	for (i=1; i < argc; ++i) {
230 		if (!strcmp(argv[i], "-s")) {
231 			use_ssl = 1;
232 		} else if (!strcmp(argv[i], "-W")) {
233 			use_wrapper = 0;
234 		} else if (argv[i][0] == '-') {
235 			syntax();
236 		} else
237 			break;
238 	}
239 
240 	if (i+2 != argc)
241 		syntax();
242 
243 	memset(&listen_on_addr, 0, sizeof(listen_on_addr));
244 	socklen = sizeof(listen_on_addr);
245 	if (evutil_parse_sockaddr_port(argv[i],
246 		(struct sockaddr*)&listen_on_addr, &socklen)<0) {
247 		int p = atoi(argv[i]);
248 		struct sockaddr_in *sin = (struct sockaddr_in*)&listen_on_addr;
249 		if (p < 1 || p > 65535)
250 			syntax();
251 		sin->sin_port = htons(p);
252 		sin->sin_addr.s_addr = htonl(0x7f000001);
253 		sin->sin_family = AF_INET;
254 		socklen = sizeof(struct sockaddr_in);
255 	}
256 
257 	memset(&connect_to_addr, 0, sizeof(connect_to_addr));
258 	connect_to_addrlen = sizeof(connect_to_addr);
259 	if (evutil_parse_sockaddr_port(argv[i+1],
260 		(struct sockaddr*)&connect_to_addr, &connect_to_addrlen)<0)
261 		syntax();
262 
263 	base = event_base_new();
264 	if (!base) {
265 		perror("event_base_new()");
266 		return 1;
267 	}
268 
269 	if (use_ssl) {
270 		int r;
271 #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || \
272 	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
273 		SSL_library_init();
274 		ERR_load_crypto_strings();
275 		SSL_load_error_strings();
276 		OpenSSL_add_all_algorithms();
277 #endif
278 		r = RAND_poll();
279 		if (r == 0) {
280 			fprintf(stderr, "RAND_poll() failed.\n");
281 			return 1;
282 		}
283 		ssl_ctx = SSL_CTX_new(TLS_method());
284 	}
285 
286 	listener = evconnlistener_new_bind(base, accept_cb, NULL,
287 	    LEV_OPT_CLOSE_ON_FREE|LEV_OPT_CLOSE_ON_EXEC|LEV_OPT_REUSEABLE,
288 	    -1, (struct sockaddr*)&listen_on_addr, socklen);
289 
290 	if (! listener) {
291 		fprintf(stderr, "Couldn't open listener.\n");
292 		event_base_free(base);
293 		return 1;
294 	}
295 	event_base_dispatch(base);
296 
297 	evconnlistener_free(listener);
298 	event_base_free(base);
299 
300 #ifdef _WIN32
301 	WSACleanup();
302 #endif
303 
304 	return 0;
305 }
306