1832dc76bSMariusz Zaborski.\" Copyright (c) 2020 Mariusz Zaborski <oshogbo@FreeBSD.org> 2832dc76bSMariusz Zaborski.\" 3832dc76bSMariusz Zaborski.\" Redistribution and use in source and binary forms, with or without 4832dc76bSMariusz Zaborski.\" modification, are permitted provided that the following conditions 5832dc76bSMariusz Zaborski.\" are met: 6832dc76bSMariusz Zaborski.\" 1. Redistributions of source code must retain the above copyright 7832dc76bSMariusz Zaborski.\" notice, this list of conditions and the following disclaimer. 8832dc76bSMariusz Zaborski.\" 2. Redistributions in binary form must reproduce the above copyright 9832dc76bSMariusz Zaborski.\" notice, this list of conditions and the following disclaimer in the 10832dc76bSMariusz Zaborski.\" documentation and/or other materials provided with the distribution. 11832dc76bSMariusz Zaborski.\" 12832dc76bSMariusz Zaborski.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 13832dc76bSMariusz Zaborski.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 14832dc76bSMariusz Zaborski.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 15832dc76bSMariusz Zaborski.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 16832dc76bSMariusz Zaborski.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 17832dc76bSMariusz Zaborski.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 18832dc76bSMariusz Zaborski.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 19832dc76bSMariusz Zaborski.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 20832dc76bSMariusz Zaborski.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 21832dc76bSMariusz Zaborski.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 22832dc76bSMariusz Zaborski.\" SUCH DAMAGE. 23832dc76bSMariusz Zaborski.\" 24*6b96125aSAlan Somers.Dd December 5, 2023 25832dc76bSMariusz Zaborski.Dt CAP_NET 3 26832dc76bSMariusz Zaborski.Os 27832dc76bSMariusz Zaborski.Sh NAME 28832dc76bSMariusz Zaborski.Nm cap_bind , 29832dc76bSMariusz Zaborski.Nm cap_connect , 30832dc76bSMariusz Zaborski.Nm cap_getaddrinfo , 31832dc76bSMariusz Zaborski.Nm cap_gethostbyaddr , 32832dc76bSMariusz Zaborski.Nm cap_gethostbyname , 33832dc76bSMariusz Zaborski.Nm cap_gethostbyname2 , 34832dc76bSMariusz Zaborski.Nm cap_getnameinfo , 35832dc76bSMariusz Zaborski.Nm cap_net_free , 36832dc76bSMariusz Zaborski.Nm cap_net_limit , 37832dc76bSMariusz Zaborski.Nm cap_net_limit_addr2name , 38832dc76bSMariusz Zaborski.Nm cap_net_limit_addr2name_family , 39832dc76bSMariusz Zaborski.Nm cap_net_limit_bind , 40832dc76bSMariusz Zaborski.Nm cap_net_limit_connect , 41832dc76bSMariusz Zaborski.Nm cap_net_limit_init , 42832dc76bSMariusz Zaborski.Nm cap_net_limit_name2addr , 43832dc76bSMariusz Zaborski.Nm cap_net_limit_name2addr_family , 44832dc76bSMariusz Zaborski.Nd "library for networking in capability mode" 45832dc76bSMariusz Zaborski.Sh LIBRARY 46832dc76bSMariusz Zaborski.Lb libcap_net 47832dc76bSMariusz Zaborski.Sh SYNOPSIS 48832dc76bSMariusz Zaborski.In sys/nv.h 49832dc76bSMariusz Zaborski.In libcasper.h 50832dc76bSMariusz Zaborski.In casper/cap_net.h 51832dc76bSMariusz Zaborski.Ft int 52832dc76bSMariusz Zaborski.Fn cap_bind "cap_channel_t *chan" "int s" "const struct sockaddr *addr" "socklen_t addrlen" 53832dc76bSMariusz Zaborski.Ft int 54832dc76bSMariusz Zaborski.Fn cap_connect "cap_channel_t *chan" "int s" "const struct sockaddr *name" "socklen_t namelen" 55832dc76bSMariusz Zaborski.Ft int 56832dc76bSMariusz Zaborski.Fn cap_getaddrinfo "cap_channel_t *chan" "const char *hostname" "const char *servname" "const struct addrinfo *hints" "struct addrinfo **res" 57832dc76bSMariusz Zaborski.Ft int 58832dc76bSMariusz Zaborski.Fn cap_getnameinfo "cap_channel_t *chan" "const struct sockaddr *sa" "socklen_t salen" "char *host" "size_t hostlen" "char *serv" "size_t servlen" "int flags" 59832dc76bSMariusz Zaborski.Ft "struct hostent *" 60832dc76bSMariusz Zaborski.Fn cap_gethostbyname "const cap_channel_t *chan" "const char *name" 61832dc76bSMariusz Zaborski.Ft "struct hostent *" 62832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 "const cap_channel_t *chan" "const char *name" "int af" 63832dc76bSMariusz Zaborski.Ft "struct hostent *" 64832dc76bSMariusz Zaborski.Fn cap_gethostbyaddr "const cap_channel_t *chan" "const void *addr" "socklen_t len" "int af" 65832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 66832dc76bSMariusz Zaborski.Fn cap_net_limit_init "cap_channel_t *chan" "uint64_t mode" 67832dc76bSMariusz Zaborski.Ft int 68832dc76bSMariusz Zaborski.Fn cap_net_limit "cap_net_limit_t *limit" 69832dc76bSMariusz Zaborski.Ft void 70832dc76bSMariusz Zaborski.Fn cap_net_free "cap_net_limit_t *limit" 71832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 72832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name_family "cap_net_limit_t *limit" "int *family" "size_t size" 73832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 74832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name "cap_net_limit_t *limit" "const struct sockaddr *sa" "socklen_t salen" 75832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 76832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr_family "cap_net_limit_t *limit" "int *family" "size_t size" 77832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 78832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr "cap_net_limit_t *limit" "const char *name" "const char *serv" 79832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 80832dc76bSMariusz Zaborski.Fn cap_net_limit_connect "cap_net_limit_t *limit" "const struct sockaddr *sa" "socklen_t salen" 81832dc76bSMariusz Zaborski.Ft "cap_net_limit_t *" 82832dc76bSMariusz Zaborski.Fn cap_net_limit_bind "cap_net_limit_t *limit" "const struct sockaddr *sa" "socklen_t salen" 83832dc76bSMariusz Zaborski.Sh DESCRIPTION 84832dc76bSMariusz ZaborskiThe functions 85832dc76bSMariusz Zaborski.Fn cap_bind , 86832dc76bSMariusz Zaborski.Fn cap_connect , 87832dc76bSMariusz Zaborski.Fn cap_gethostbyname , 88832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 , 89832dc76bSMariusz Zaborski.Fn cap_gethostbyaddr 90832dc76bSMariusz Zaborskiand 91832dc76bSMariusz Zaborski.Fn cap_getnameinfo 92406feaa8SGeorge V. Neville-Neilprovide a set of APIs equivalent to 93832dc76bSMariusz Zaborski.Xr bind 2 , 94832dc76bSMariusz Zaborski.Xr connect 2 , 95832dc76bSMariusz Zaborski.Xr gethostbyname 3 , 96832dc76bSMariusz Zaborski.Xr gethostbyname2 3 , 97832dc76bSMariusz Zaborski.Xr gethostbyaddr 3 98832dc76bSMariusz Zaborskiand 99832dc76bSMariusz Zaborski.Xr getnameinfo 3 100406feaa8SGeorge V. Neville-Neilexcept that a connection to the 101832dc76bSMariusz Zaborski.Nm system.net 102832dc76bSMariusz Zaborskiservice needs to be provided. 103832dc76bSMariusz Zaborski.Sh LIMITS 104832dc76bSMariusz ZaborskiBy default, the cap_net capability provides unrestricted access to the network 105832dc76bSMariusz Zaborskinamespace. 106832dc76bSMariusz ZaborskiApplications typically only require access to a small portion of the network 107832dc76bSMariusz Zaborskinamespace: 108406feaa8SGeorge V. Neville-NeilThe 109832dc76bSMariusz Zaborski.Fn cap_net_limit 110406feaa8SGeorge V. Neville-Neilfunction can be used to restrict access to the network. 111406feaa8SGeorge V. Neville-NeilThe 112832dc76bSMariusz Zaborski.Fn cap_net_limit_init 113832dc76bSMariusz Zaborskireturns an opaque limit handle used to store a list of capabilities. 114832dc76bSMariusz ZaborskiThe 115832dc76bSMariusz Zaborski.Fv mode 116832dc76bSMariusz Zaborskirestricts the functionality of the service. 117832dc76bSMariusz ZaborskiModes are encoded using the following flags: 118832dc76bSMariusz Zaborski.Pp 119832dc76bSMariusz Zaborski.Bd -literal -offset indent -compact 120832dc76bSMariusz ZaborskiCAPNET_ADDR2NAME reverse DNS lookups are allowed with 121832dc76bSMariusz Zaborski cap_getnameinfo 122832dc76bSMariusz ZaborskiCAPNET_NAME2ADDR name resolution is allowed with 123832dc76bSMariusz Zaborski cap_getaddrinfo 124832dc76bSMariusz ZaborskiCAPNET_DEPRECATED_ADDR2NAME reverse DNS lookups are allowed with 125832dc76bSMariusz Zaborski cap_gethostbyaddr 126832dc76bSMariusz ZaborskiCAPNET_DEPRECATED_NAME2ADDR name resolution is allowed with 127832dc76bSMariusz Zaborski cap_gethostbyname and cap_gethostbyname2 128832dc76bSMariusz ZaborskiCAPNET_BIND bind syscall is allowed 129832dc76bSMariusz ZaborskiCAPNET_CONNECT connect syscall is allowed 130832dc76bSMariusz ZaborskiCAPNET_CONNECTDNS connect syscall is allowed to the values 1311723e7f3SShawn Webb returned from previous call to 132832dc76bSMariusz Zaborski the cap_getaddrinfo or cap_gethostbyname 133832dc76bSMariusz Zaborski.Ed 134832dc76bSMariusz Zaborski.Pp 135832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name_family 136832dc76bSMariusz Zaborskilimits the 137832dc76bSMariusz Zaborski.Fn cap_getnameinfo 138832dc76bSMariusz Zaborskiand 139832dc76bSMariusz Zaborski.Fn cap_gethostbyaddr 140832dc76bSMariusz Zaborskito do reverse DNS lookups to specific family (AF_INET, AF_INET6, etc.) 141832dc76bSMariusz Zaborski.Pp 142832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name 143832dc76bSMariusz Zaborskilimits the 144832dc76bSMariusz Zaborski.Fn cap_getnameinfo 145832dc76bSMariusz Zaborskiand 146832dc76bSMariusz Zaborski.Fn cap_gethostbyaddr 147832dc76bSMariusz Zaborskito do reverse DNS lookups only on those specific structures. 148832dc76bSMariusz Zaborski.Pp 149832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr_family 150832dc76bSMariusz Zaborskilimits the 151832dc76bSMariusz Zaborski.Fn cap_getaddrinfo , 152832dc76bSMariusz Zaborski.Fn cap_gethostbyname 153832dc76bSMariusz Zaborskiand 154832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 155832dc76bSMariusz Zaborskito do the name resolution on specific family (AF_INET, AF_INET6, etc.) 156832dc76bSMariusz Zaborski.Pp 157832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name 158832dc76bSMariusz Zaborskirestricts 159832dc76bSMariusz Zaborski.Fn cap_getaddrinfo , 160832dc76bSMariusz Zaborski.Fn cap_gethostbyname 161832dc76bSMariusz Zaborskiand 162832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 163832dc76bSMariusz Zaborskito a set of domains. 164832dc76bSMariusz Zaborski.Pp 165832dc76bSMariusz Zaborski.Fn cap_net_limit_bind 166832dc76bSMariusz Zaborskilimits 167832dc76bSMariusz Zaborski.Fn cap_bind 168832dc76bSMariusz Zaborskito bind only on those specific structures. 169832dc76bSMariusz Zaborski.Pp 170832dc76bSMariusz Zaborski.Fn cap_net_limit_connect 171832dc76bSMariusz Zaborskilimits 172832dc76bSMariusz Zaborski.Fn cap_connect 173832dc76bSMariusz Zaborskito connect only on those specific structures. 174832dc76bSMariusz ZaborskiIf the CAPNET_CONNECTDNS is set the limits are extended to the values returned 175832dc76bSMariusz Zaborskiby 176832dc76bSMariusz Zaborski.Fn cap_getaddrinfo , 177832dc76bSMariusz Zaborski.Fn cap_gethostbyname 178832dc76bSMariusz Zaborskiand 179832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 180832dc76bSMariusz ZaborskiIn case of the 181832dc76bSMariusz Zaborski.Fn cap_getaddrinfo 182832dc76bSMariusz Zaborskithe restriction is strict. 183832dc76bSMariusz ZaborskiIn case of the 184832dc76bSMariusz Zaborski.Fn cap_gethostbyname 185832dc76bSMariusz Zaborskiand 186832dc76bSMariusz Zaborski.Fn cap_gethostbyname2 187832dc76bSMariusz Zaborskiany port will be accepted in the 188832dc76bSMariusz Zaborski.Fn cap_connect 189832dc76bSMariusz Zaborskifunction. 190832dc76bSMariusz Zaborski.Pp 191*6b96125aSAlan SomersThe 192832dc76bSMariusz Zaborski.Fn cap_net_limit 193*6b96125aSAlan Somerswill consume and apply the limits. 194832dc76bSMariusz Zaborski.Pp 195832dc76bSMariusz ZaborskiOnce a set of limits is applied, subsequent calls to 196832dc76bSMariusz Zaborski.Fn cap_net_limit 197832dc76bSMariusz Zaborskiwill fail unless the new set is a subset of the current set. 198832dc76bSMariusz Zaborski.Pp 199832dc76bSMariusz ZaborskiIf the 200832dc76bSMariusz Zaborski.Fn cap_net_limit 201832dc76bSMariusz Zaborskiwas not called the rights may be freed using 202832dc76bSMariusz Zaborski.Fn cap_net_free . 203832dc76bSMariusz ZaborskiMultiple calls to 204832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name_family , 205832dc76bSMariusz Zaborski.Fn cap_net_limit_addr2name , 206832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr_family , 207832dc76bSMariusz Zaborski.Fn cap_net_limit_name2addr , 208832dc76bSMariusz Zaborski.Fn cap_net_limit_connect , 209832dc76bSMariusz Zaborskiand 210832dc76bSMariusz Zaborski.Fn cap_net_limit_bind 211832dc76bSMariusz Zaborskiis supported, each call is extending preview capabilities. 212832dc76bSMariusz Zaborski.Sh EXAMPLES 213832dc76bSMariusz ZaborskiThe following example first opens a capability to casper and then uses this 214832dc76bSMariusz Zaborskicapability to create the 215832dc76bSMariusz Zaborski.Nm system.net 216832dc76bSMariusz Zaborskicasper service and uses it to resolve a host and connect to it. 217832dc76bSMariusz Zaborski.Bd -literal 218832dc76bSMariusz Zaborskicap_channel_t *capcas, *capnet; 219832dc76bSMariusz Zaborskicap_net_limit_t *limit; 220832dc76bSMariusz Zaborskiint familylimit, error, s; 221832dc76bSMariusz Zaborskiconst char *host = "example.com"; 222832dc76bSMariusz Zaborskistruct addrinfo hints, *res; 223832dc76bSMariusz Zaborski 224832dc76bSMariusz Zaborski/* Open capability to Casper. */ 225832dc76bSMariusz Zaborskicapcas = cap_init(); 226832dc76bSMariusz Zaborskiif (capcas == NULL) 227832dc76bSMariusz Zaborski err(1, "Unable to contact Casper"); 228832dc76bSMariusz Zaborski 229832dc76bSMariusz Zaborski/* Cache NLA for gai_strerror. */ 230832dc76bSMariusz Zaborskicaph_cache_catpages(); 231832dc76bSMariusz Zaborski 232832dc76bSMariusz Zaborski/* Enter capability mode sandbox. */ 233832dc76bSMariusz Zaborskiif (caph_enter_casper() < 0) 234832dc76bSMariusz Zaborski err(1, "Unable to enter capability mode"); 235832dc76bSMariusz Zaborski 236832dc76bSMariusz Zaborski/* Use Casper capability to create capability to the system.net service. */ 237832dc76bSMariusz Zaborskicapnet = cap_service_open(capcas, "system.net"); 238832dc76bSMariusz Zaborskiif (capnet == NULL) 239832dc76bSMariusz Zaborski err(1, "Unable to open system.net service"); 240832dc76bSMariusz Zaborski 241832dc76bSMariusz Zaborski/* Close Casper capability. */ 242832dc76bSMariusz Zaborskicap_close(capcas); 243832dc76bSMariusz Zaborski 244832dc76bSMariusz Zaborski/* Limit system.net to reserve IPv4 addresses, to host example.com . */ 245832dc76bSMariusz Zaborskilimit = cap_net_limit_init(capnet, CAPNET_NAME2ADDR | CAPNET_CONNECTDNS); 246832dc76bSMariusz Zaborskiif (limit == NULL) 247832dc76bSMariusz Zaborski err(1, "Unable to create limits."); 248832dc76bSMariusz Zaborskicap_net_limit_name2addr(limit, host, "80"); 249832dc76bSMariusz Zaborskifamilylimit = AF_INET; 250832dc76bSMariusz Zaborskicap_net_limit_name2addr_family(limit, &familylimit, 1); 251832dc76bSMariusz Zaborskiif (cap_net_limit(limit) < 0) 252832dc76bSMariusz Zaborski err(1, "Unable to apply limits."); 253832dc76bSMariusz Zaborski 254832dc76bSMariusz Zaborski/* Find IP addresses for the given host. */ 255832dc76bSMariusz Zaborskimemset(&hints, 0, sizeof(hints)); 256832dc76bSMariusz Zaborskihints.ai_family = AF_INET; 257832dc76bSMariusz Zaborskihints.ai_socktype = SOCK_STREAM; 258832dc76bSMariusz Zaborski 259832dc76bSMariusz Zaborskierror = cap_getaddrinfo(capnet, host, "80", &hints, &res); 260832dc76bSMariusz Zaborskiif (error != 0) 261832dc76bSMariusz Zaborski errx(1, "cap_getaddrinfo(): %s: %s", host, gai_strerror(error)); 262832dc76bSMariusz Zaborski 263832dc76bSMariusz Zaborskis = socket(res->ai_family, res->ai_socktype, res->ai_protocol); 264832dc76bSMariusz Zaborskiif (s < 0) 265832dc76bSMariusz Zaborski err(1, "Unable to create socket"); 266832dc76bSMariusz Zaborski 267832dc76bSMariusz Zaborskiif (cap_connect(capnet, s, res->ai_addr, res->ai_addrlen) < 0) 268832dc76bSMariusz Zaborski err(1, "Unable to connect to host"); 269832dc76bSMariusz Zaborski.Ed 270832dc76bSMariusz Zaborski.Sh SEE ALSO 271832dc76bSMariusz Zaborski.Xr bind 2 , 272832dc76bSMariusz Zaborski.Xr cap_enter 2 , 273832dc76bSMariusz Zaborski.Xr connect 2 , 274832dc76bSMariusz Zaborski.Xr caph_enter 3 , 275832dc76bSMariusz Zaborski.Xr err 3 , 276832dc76bSMariusz Zaborski.Xr gethostbyaddr 3 , 277832dc76bSMariusz Zaborski.Xr gethostbyname 3 , 278832dc76bSMariusz Zaborski.Xr gethostbyname2 3 , 279832dc76bSMariusz Zaborski.Xr getnameinfo 3 , 280832dc76bSMariusz Zaborski.Xr capsicum 4 , 281832dc76bSMariusz Zaborski.Xr nv 9 282832dc76bSMariusz Zaborski.Sh AUTHORS 283832dc76bSMariusz Zaborski.An Mariusz Zaborski Aq Mt oshogbo@FreeBSD.org 284