1832dc76bSMariusz Zaborski.\" Copyright (c) 2020 Mariusz Zaborski <oshogbo@FreeBSD.org> 2832dc76bSMariusz Zaborski.\" 3832dc76bSMariusz Zaborski.\" Redistribution and use in source and binary forms, with or without 4832dc76bSMariusz Zaborski.\" modification, are permitted provided that the following conditions 5832dc76bSMariusz Zaborski.\" are met: 6832dc76bSMariusz Zaborski.\" 1. Redistributions of source code must retain the above copyright 7832dc76bSMariusz Zaborski.\" notice, this list of conditions and the following disclaimer. 8832dc76bSMariusz Zaborski.\" 2. Redistributions in binary form must reproduce the above copyright 9832dc76bSMariusz Zaborski.\" notice, this list of conditions and the following disclaimer in the 10832dc76bSMariusz Zaborski.\" documentation and/or other materials provided with the distribution. 11832dc76bSMariusz Zaborski.\" 12832dc76bSMariusz Zaborski.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 13832dc76bSMariusz Zaborski.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 14832dc76bSMariusz Zaborski.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 15832dc76bSMariusz Zaborski.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 16832dc76bSMariusz Zaborski.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 17832dc76bSMariusz Zaborski.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 18832dc76bSMariusz Zaborski.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 19832dc76bSMariusz Zaborski.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 20832dc76bSMariusz Zaborski.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 21832dc76bSMariusz Zaborski.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 22832dc76bSMariusz Zaborski.\" SUCH DAMAGE. 23832dc76bSMariusz Zaborski.\" 24832dc76bSMariusz Zaborski.\" $FreeBSD$ 25832dc76bSMariusz Zaborski.\" 26409d1bf7SGeorge V. Neville-Neil.Dd November 15, 2021 27832dc76bSMariusz Zaborski.Dt CAP_NET 3 28832dc76bSMariusz Zaborski.Os 29832dc76bSMariusz Zaborski.Sh NAME 30832dc76bSMariusz Zaborski.Nm cap_bind , 31832dc76bSMariusz Zaborski.Nm cap_connect , 32832dc76bSMariusz Zaborski.Nm cap_getaddrinfo , 33832dc76bSMariusz Zaborski.Nm cap_gethostbyaddr , 34832dc76bSMariusz Zaborski.Nm cap_gethostbyname , 35832dc76bSMariusz Zaborski.Nm cap_gethostbyname2 , 36832dc76bSMariusz Zaborski.Nm cap_getnameinfo , 37832dc76bSMariusz Zaborski.Nm cap_net_free , 38832dc76bSMariusz Zaborski.Nm cap_net_limit , 39832dc76bSMariusz Zaborski.Nm cap_net_limit_addr2name , 40832dc76bSMariusz Zaborski.Nm cap_net_limit_addr2name_family , 41832dc76bSMariusz Zaborski.Nm cap_net_limit_bind , 42832dc76bSMariusz Zaborski.Nm cap_net_limit_connect , 43832dc76bSMariusz Zaborski.Nm cap_net_limit_init , 44832dc76bSMariusz Zaborski.Nm cap_net_limit_name2addr , 45832dc76bSMariusz Zaborski.Nm cap_net_limit_name2addr_family , 46832dc76bSMariusz Zaborski.Nd "library for networking in capability mode" 47832dc76bSMariusz Zaborski.Sh LIBRARY 48832dc76bSMariusz Zaborski.Lb libcap_net 49832dc76bSMariusz Zaborski.Sh SYNOPSIS 50832dc76bSMariusz Zaborski.In sys/nv.h 51832dc76bSMariusz Zaborski.In libcasper.h 52832dc76bSMariusz Zaborski.In casper/cap_net.h 53832dc76bSMariusz Zaborski.Ft int 54832dc76bSMariusz Zaborski.Fn cap_bind "cap_channel_t *chan" "int s" "const struct sockaddr *addr" "socklen_t addrlen" 55832dc76bSMariusz Zaborski.Ft int 56832dc76bSMariusz Zaborski.Fn cap_connect "cap_channel_t *chan" "int s" "const struct sockaddr *name" "socklen_t namelen" 57832dc76bSMariusz Zaborski.Ft int 58832dc76bSMariusz Zaborski.Fn cap_getaddrinfo "cap_channel_t *chan" "const char *hostname" "const char *servname" "const struct addrinfo *hints" "struct addrinfo **res" 59832dc76bSMariusz Zaborski.Ft int 60832dc76bSMariusz Zaborski.Fn cap_getnameinfo "cap_channel_t *chan" "const struct sockaddr *sa" "socklen_t salen" "char *host" "size_t hostlen" "char *serv" "size_t servlen" "int flags" 61832dc76bSMariusz Zaborski.Ft "struct hostent *" 62832dc76bSMariusz Zaborski.Fn cap_gethostbyname "const cap_channel_t *chan" "const char *name" 63832dc76bSMariusz Zaborski.Ft "struct hostent *" 64832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 "const cap_channel_t *chan" "const char *name" "int af" 65832dc76bSMariusz Zaborski.Ft "struct hostent *" 66832dc76bSMariusz Zaborski.Fn cap_gethostbyaddr "const cap_channel_t *chan" "const void *addr" "socklen_t len" "int af" 67832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 68832dc76bSMariusz Zaborski.Fn cap_net_limit_init "cap_channel_t *chan" "uint64_t mode" 69832dc76bSMariusz Zaborski.Ft int 70832dc76bSMariusz Zaborski.Fn cap_net_limit "cap_net_limit_t *limit" 71832dc76bSMariusz Zaborski.Ft void 72832dc76bSMariusz Zaborski.Fn cap_net_free "cap_net_limit_t *limit" 73832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 74832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name_family "cap_net_limit_t *limit" "int *family" "size_t size" 75832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 76832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name "cap_net_limit_t *limit" "const struct sockaddr *sa" "socklen_t salen" 77832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 78832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr_family "cap_net_limit_t *limit" "int *family" "size_t size" 79832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 80832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr "cap_net_limit_t *limit" "const char *name" "const char *serv" 81832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 82832dc76bSMariusz Zaborski.Fn cap_net_limit_connect "cap_net_limit_t *limit" "const struct sockaddr *sa" "socklen_t salen" 83832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 84832dc76bSMariusz Zaborski.Fn cap_net_limit_bind "cap_net_limit_t *limit" "const struct sockaddr *sa" "socklen_t salen" 85832dc76bSMariusz Zaborski.Sh DESCRIPTION 86832dc76bSMariusz ZaborskiThe functions 87832dc76bSMariusz Zaborski.Fn cap_bind , 88832dc76bSMariusz Zaborski.Fn cap_connect , 89832dc76bSMariusz Zaborski.Fn cap_gethostbyname , 90832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 , 91832dc76bSMariusz Zaborski.Fn cap_gethostbyaddr 92832dc76bSMariusz Zaborskiand 93832dc76bSMariusz Zaborski.Fn cap_getnameinfo 94406feaa8SGeorge V. Neville-Neilprovide a set of APIs equivalent to 95832dc76bSMariusz Zaborski.Xr bind 2 , 96832dc76bSMariusz Zaborski.Xr connect 2 , 97832dc76bSMariusz Zaborski.Xr gethostbyname 3 , 98832dc76bSMariusz Zaborski.Xr gethostbyname2 3 , 99832dc76bSMariusz Zaborski.Xr gethostbyaddr 3 100832dc76bSMariusz Zaborskiand 101832dc76bSMariusz Zaborski.Xr getnameinfo 3 102406feaa8SGeorge V. Neville-Neilexcept that a connection to the 103832dc76bSMariusz Zaborski.Nm system.net 104832dc76bSMariusz Zaborskiservice needs to be provided. 105832dc76bSMariusz Zaborski.Sh LIMITS 106832dc76bSMariusz ZaborskiBy default, the cap_net capability provides unrestricted access to the network 107832dc76bSMariusz Zaborskinamespace. 108832dc76bSMariusz ZaborskiApplications typically only require access to a small portion of the network 109832dc76bSMariusz Zaborskinamespace: 110406feaa8SGeorge V. Neville-NeilThe 111832dc76bSMariusz Zaborski.Fn cap_net_limit 112406feaa8SGeorge V. Neville-Neilfunction can be used to restrict access to the network. 113406feaa8SGeorge V. Neville-NeilThe 114832dc76bSMariusz Zaborski.Fn cap_net_limit_init 115832dc76bSMariusz Zaborskireturns an opaque limit handle used to store a list of capabilities. 116832dc76bSMariusz ZaborskiThe 117832dc76bSMariusz Zaborski.Fv mode 118832dc76bSMariusz Zaborskirestricts the functionality of the service. 119832dc76bSMariusz ZaborskiModes are encoded using the following flags: 120832dc76bSMariusz Zaborski.Pp 121832dc76bSMariusz Zaborski.Bd -literal -offset indent -compact 122832dc76bSMariusz ZaborskiCAPNET_ADDR2NAME reverse DNS lookups are allowed with 123832dc76bSMariusz Zaborski cap_getnameinfo 124832dc76bSMariusz ZaborskiCAPNET_NAME2ADDR name resolution is allowed with 125832dc76bSMariusz Zaborski cap_getaddrinfo 126832dc76bSMariusz ZaborskiCAPNET_DEPRECATED_ADDR2NAME reverse DNS lookups are allowed with 127832dc76bSMariusz Zaborski cap_gethostbyaddr 128832dc76bSMariusz ZaborskiCAPNET_DEPRECATED_NAME2ADDR name resolution is allowed with 129832dc76bSMariusz Zaborski cap_gethostbyname and cap_gethostbyname2 130832dc76bSMariusz ZaborskiCAPNET_BIND bind syscall is allowed 131832dc76bSMariusz ZaborskiCAPNET_CONNECT connect syscall is allowed 132832dc76bSMariusz ZaborskiCAPNET_CONNECTDNS connect syscall is allowed to the values 133*1723e7f3SShawn Webb returned from previous call to 134832dc76bSMariusz Zaborski the cap_getaddrinfo or cap_gethostbyname 135832dc76bSMariusz Zaborski.Ed 136832dc76bSMariusz Zaborski.Pp 137832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name_family 138832dc76bSMariusz Zaborskilimits the 139832dc76bSMariusz Zaborski.Fn cap_getnameinfo 140832dc76bSMariusz Zaborskiand 141832dc76bSMariusz Zaborski.Fn cap_gethostbyaddr 142832dc76bSMariusz Zaborskito do reverse DNS lookups to specific family (AF_INET, AF_INET6, etc.) 143832dc76bSMariusz Zaborski.Pp 144832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name 145832dc76bSMariusz Zaborskilimits the 146832dc76bSMariusz Zaborski.Fn cap_getnameinfo 147832dc76bSMariusz Zaborskiand 148832dc76bSMariusz Zaborski.Fn cap_gethostbyaddr 149832dc76bSMariusz Zaborskito do reverse DNS lookups only on those specific structures. 150832dc76bSMariusz Zaborski.Pp 151832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr_family 152832dc76bSMariusz Zaborskilimits the 153832dc76bSMariusz Zaborski.Fn cap_getaddrinfo , 154832dc76bSMariusz Zaborski.Fn cap_gethostbyname 155832dc76bSMariusz Zaborskiand 156832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 157832dc76bSMariusz Zaborskito do the name resolution on specific family (AF_INET, AF_INET6, etc.) 158832dc76bSMariusz Zaborski.Pp 159832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name 160832dc76bSMariusz Zaborskirestricts 161832dc76bSMariusz Zaborski.Fn cap_getaddrinfo , 162832dc76bSMariusz Zaborski.Fn cap_gethostbyname 163832dc76bSMariusz Zaborskiand 164832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 165832dc76bSMariusz Zaborskito a set of domains. 166832dc76bSMariusz Zaborski.Pp 167832dc76bSMariusz Zaborski.Fn cap_net_limit_bind 168832dc76bSMariusz Zaborskilimits 169832dc76bSMariusz Zaborski.Fn cap_bind 170832dc76bSMariusz Zaborskito bind only on those specific structures. 171832dc76bSMariusz Zaborski.Pp 172832dc76bSMariusz Zaborski.Fn cap_net_limit_connect 173832dc76bSMariusz Zaborskilimits 174832dc76bSMariusz Zaborski.Fn cap_connect 175832dc76bSMariusz Zaborskito connect only on those specific structures. 176832dc76bSMariusz ZaborskiIf the CAPNET_CONNECTDNS is set the limits are extended to the values returned 177832dc76bSMariusz Zaborskiby 178832dc76bSMariusz Zaborski.Fn cap_getaddrinfo , 179832dc76bSMariusz Zaborski.Fn cap_gethostbyname 180832dc76bSMariusz Zaborskiand 181832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 182832dc76bSMariusz ZaborskiIn case of the 183832dc76bSMariusz Zaborski.Fn cap_getaddrinfo 184832dc76bSMariusz Zaborskithe restriction is strict. 185832dc76bSMariusz ZaborskiIn case of the 186832dc76bSMariusz Zaborski.Fn cap_gethostbyname 187832dc76bSMariusz Zaborskiand 188832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 189832dc76bSMariusz Zaborskiany port will be accepted in the 190832dc76bSMariusz Zaborski.Fn cap_connect 191832dc76bSMariusz Zaborskifunction. 192832dc76bSMariusz Zaborski.Pp 193832dc76bSMariusz Zaborski.Fn cap_net_limit 194832dc76bSMariusz Zaborskiapplies a set of sysctl limits to the capability, denying access to sysctl 195832dc76bSMariusz Zaborskivariables not belonging to the set. 196832dc76bSMariusz Zaborski.Pp 197832dc76bSMariusz ZaborskiOnce a set of limits is applied, subsequent calls to 198832dc76bSMariusz Zaborski.Fn cap_net_limit 199832dc76bSMariusz Zaborskiwill fail unless the new set is a subset of the current set. 200832dc76bSMariusz Zaborski.Pp 201832dc76bSMariusz ZaborskiThe 202832dc76bSMariusz Zaborski.Fn cap_net_limit 203832dc76bSMariusz Zaborskiwill consume the limits. 204832dc76bSMariusz ZaborskiIf the 205832dc76bSMariusz Zaborski.Fn cap_net_limit 206832dc76bSMariusz Zaborskiwas not called the rights may be freed using 207832dc76bSMariusz Zaborski.Fn cap_net_free . 208832dc76bSMariusz ZaborskiMultiple calls to 209832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name_family , 210832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name , 211832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr_family , 212832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr , 213832dc76bSMariusz Zaborski.Fn cap_net_limit_connect , 214832dc76bSMariusz Zaborskiand 215832dc76bSMariusz Zaborski.Fn cap_net_limit_bind 216832dc76bSMariusz Zaborskiis supported, each call is extending preview capabilities. 217832dc76bSMariusz Zaborski.Sh EXAMPLES 218832dc76bSMariusz ZaborskiThe following example first opens a capability to casper and then uses this 219832dc76bSMariusz Zaborskicapability to create the 220832dc76bSMariusz Zaborski.Nm system.net 221832dc76bSMariusz Zaborskicasper service and uses it to resolve a host and connect to it. 222832dc76bSMariusz Zaborski.Bd -literal 223832dc76bSMariusz Zaborskicap_channel_t *capcas, *capnet; 224832dc76bSMariusz Zaborskicap_net_limit_t *limit; 225832dc76bSMariusz Zaborskiint familylimit, error, s; 226832dc76bSMariusz Zaborskiconst char *host = "example.com"; 227832dc76bSMariusz Zaborskistruct addrinfo hints, *res; 228832dc76bSMariusz Zaborski 229832dc76bSMariusz Zaborski/* Open capability to Casper. */ 230832dc76bSMariusz Zaborskicapcas = cap_init(); 231832dc76bSMariusz Zaborskiif (capcas == NULL) 232832dc76bSMariusz Zaborski err(1, "Unable to contact Casper"); 233832dc76bSMariusz Zaborski 234832dc76bSMariusz Zaborski/* Cache NLA for gai_strerror. */ 235832dc76bSMariusz Zaborskicaph_cache_catpages(); 236832dc76bSMariusz Zaborski 237832dc76bSMariusz Zaborski/* Enter capability mode sandbox. */ 238832dc76bSMariusz Zaborskiif (caph_enter_casper() < 0) 239832dc76bSMariusz Zaborski err(1, "Unable to enter capability mode"); 240832dc76bSMariusz Zaborski 241832dc76bSMariusz Zaborski/* Use Casper capability to create capability to the system.net service. */ 242832dc76bSMariusz Zaborskicapnet = cap_service_open(capcas, "system.net"); 243832dc76bSMariusz Zaborskiif (capnet == NULL) 244832dc76bSMariusz Zaborski err(1, "Unable to open system.net service"); 245832dc76bSMariusz Zaborski 246832dc76bSMariusz Zaborski/* Close Casper capability. */ 247832dc76bSMariusz Zaborskicap_close(capcas); 248832dc76bSMariusz Zaborski 249832dc76bSMariusz Zaborski/* Limit system.net to reserve IPv4 addresses, to host example.com . */ 250832dc76bSMariusz Zaborskilimit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR | CAPNET_CONNECTDNS); 251832dc76bSMariusz Zaborskiif (limit == NULL) 252832dc76bSMariusz Zaborski err(1, "Unable to create limits."); 253832dc76bSMariusz Zaborskicap_net_limit_name2addr(limit, host, "80"); 254832dc76bSMariusz Zaborskifamilylimit = AF_INET; 255832dc76bSMariusz Zaborskicap_net_limit_name2addr_family(limit, &familylimit, 1); 256832dc76bSMariusz Zaborskiif (cap_net_limit(limit) < 0) 257832dc76bSMariusz Zaborski err(1, "Unable to apply limits."); 258832dc76bSMariusz Zaborski 259832dc76bSMariusz Zaborski/* Find IP addresses for the given host. */ 260832dc76bSMariusz Zaborskimemset(&hints, 0, sizeof(hints)); 261832dc76bSMariusz Zaborskihints.ai_family = AF_INET; 262832dc76bSMariusz Zaborskihints.ai_socktype = SOCK_STREAM; 263832dc76bSMariusz Zaborski 264832dc76bSMariusz Zaborskierror = cap_getaddrinfo(capnet, host, "80", &hints, &res); 265832dc76bSMariusz Zaborskiif (error != 0) 266832dc76bSMariusz Zaborski errx(1, "cap_getaddrinfo(): %s: %s", host, gai_strerror(error)); 267832dc76bSMariusz Zaborski 268832dc76bSMariusz Zaborskis = socket(res->ai_family, res->ai_socktype, res->ai_protocol); 269832dc76bSMariusz Zaborskiif (s < 0) 270832dc76bSMariusz Zaborski err(1, "Unable to create socket"); 271832dc76bSMariusz Zaborski 272832dc76bSMariusz Zaborskiif (cap_connect(capnet, s, res->ai_addr, res->ai_addrlen) < 0) 273832dc76bSMariusz Zaborski err(1, "Unable to connect to host"); 274832dc76bSMariusz Zaborski.Ed 275832dc76bSMariusz Zaborski.Sh SEE ALSO 276832dc76bSMariusz Zaborski.Xr bind 2 , 277832dc76bSMariusz Zaborski.Xr cap_enter 2 , 278832dc76bSMariusz Zaborski.Xr connect 2 , 279832dc76bSMariusz Zaborski.Xr caph_enter 3 , 280832dc76bSMariusz Zaborski.Xr err 3 , 281832dc76bSMariusz Zaborski.Xr gethostbyaddr 3 , 282832dc76bSMariusz Zaborski.Xr gethostbyname 3 , 283832dc76bSMariusz Zaborski.Xr gethostbyname2 3 , 284832dc76bSMariusz Zaborski.Xr getnameinfo 3 , 285832dc76bSMariusz Zaborski.Xr capsicum 4 , 286832dc76bSMariusz Zaborski.Xr nv 9 287832dc76bSMariusz Zaborski.Sh AUTHORS 288832dc76bSMariusz Zaborski.An Mariusz Zaborski Aq Mt oshogbo@FreeBSD.org 289