Tag Archives: adapter

Using Pen as an Address Family Adapter

This is for the soon to be released 0.23 version of Pen.

Let’s say we have a service listening on a Unix domain socket and want to make it available over a network. The Swiss Army Pen Knife can do that, of course.

First we create such a service:

$ pen -dfS 1 ./ssh localhost:22

2014-04-11 17:41:56: n = 2, address = 127.0.0.1, pno = 22, maxc1 = 0, hard = 0, weight = 0, prio = 0, proto = tcp
2014-04-11 17:41:56: pen_aton(127.0.0.1, 0xac3028)
2014-04-11 17:41:56: family = 2
2014-04-11 17:41:56: socktype = 1
2014-04-11 17:41:56: protocol = 6
2014-04-11 17:41:56: addrlen = 16
2014-04-11 17:41:56: sockaddr = 0xac45e0
2014-04-11 17:41:56: canonname = (null)
2014-04-11 17:41:56: servers:
2014-04-11 17:41:56:  0 127.0.0.1:22:0:0:0:0
2014-04-11 17:41:56: mainloop_select()

Here, we wait for connections to ./ssh and forward them to our real ssh daemon. The “-dfS 1” part is to turn on debugging, stay in the foreground so we can see what’s going on and only use a single backend server (for less output clutter).

Now we have ssh listening on the ./ssh socket. This part is only necessary in order to create a test target for this demonstration.

Then we create the network-to-unix-socket part:

$ pen -dfS 1 :::2222 ./ssh

2014-04-11 17:42:23: pen_aton(::, 0x7fff9e734780)
2014-04-11 17:42:23: family = 10
2014-04-11 17:42:23: socktype = 1
2014-04-11 17:42:23: protocol = 6
2014-04-11 17:42:23: addrlen = 28
2014-04-11 17:42:23: sockaddr = 0x1c143b0
2014-04-11 17:42:23: canonname = (null)
2014-04-11 17:42:23: local address=[:::2222]
2014-04-11 17:42:23: n = 1, address = ./ssh, pno = 0, maxc1 = 0, hard = 0, weight = 0, prio = 0, proto = tcp
2014-04-11 17:42:23: pen_aton(./ssh, 0x1c1aa18)
2014-04-11 17:42:23: servers:
2014-04-11 17:42:23:  0 ./ssh:1:0:0:0:0
2014-04-11 17:42:23: mainloop_select()

Here, we wait for connections to port 2222 on the address ::. On Linux, that will make our single pen instance accept connections to any ipv6 or ipv4 address.

Finally:

$ ssh -p 2222 localhost
ulric@localhost's password:
Linux debian 3.12-1-amd64 #1 SMP Debian 3.12.9-1 (2014-02-01) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Fri Apr 11 17:30:04 2014 from localhost

So that obviously works. In the first debugging windows, we have:

 

2014-04-11 17:42:47: Unix acl:s not implemented
2014-04-11 17:42:47: Client  has index -1
2014-04-11 17:42:47: lookup_client returns -1
2014-04-11 17:42:47: Trying server 0 at time 1397230967
2014-04-11 17:42:47: Unix acl:s not implemented
2014-04-11 17:42:47: Connecting to 127.0.0.1
2014-04-11 17:42:47: Family: AF_INET
2014-04-11 17:42:47: Port: 22
2014-04-11 17:42:47: Address: 127.0.0.1
2014-04-11 17:42:47: Successful connect to server 0
2014-04-11 17:42:47: Client  has index 0 and server 0
2014-04-11 17:42:47: store_conn: connections_used = 1

“Unix acl:s not implemented” means that unlike ipv4 and ipv6 connections, Pen has no built in restrictions for local sockets. Since they follow regular file permissions, you can use regular Unix tools (chmod et al) to restrict access.

And in the second:

2014-04-11 17:42:47: match_acl_ipv6(0, 2658351864)
2014-04-11 17:42:47: Client ::1 has index -1
2014-04-11 17:42:47: lookup_client returns -1
2014-04-11 17:42:47: Trying server 0 at time 1397230967
2014-04-11 17:42:47: match_acl_ipv4(0, 2658351864)
2014-04-11 17:42:47: Connecting to ./ssh
2014-04-11 17:42:47: Family: AF_UNIX
2014-04-11 17:42:47: Path: ./ssh
2014-04-11 17:42:47: Successful connect to server 0
2014-04-11 17:42:47: Client ::1 has index 0 and server 0
2014-04-11 17:42:47: store_conn: connections_used = 1
Facebooktwittergoogle_plusredditpinterestlinkedinmail