diff options
| author | Дамјан Георгиевски <gdamjan@gmail.com> | 2024-05-20 16:36:56 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-06-12 11:36:21 +0200 |
| commit | d357f129b2fbc1538bbeb020acc193b0f361898c (patch) | |
| tree | 8426b95a1190504df14e6551e3cab560914b7c56 /src/ssh-generator/ssh-proxy.c | |
| parent | Merge pull request #32933 from YHNdnzj/faccessat-empty-path (diff) | |
| download | systemd-d357f129b2fbc1538bbeb020acc193b0f361898c.tar.xz systemd-d357f129b2fbc1538bbeb020acc193b0f361898c.zip | |
vsock-mux ssh proxy
allow the ssh-proxy to connect to cloud-hypervisor/Firecracker guests,
via their unix-domain socket to AF_VSOCK multiplexer:
https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md
https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md
Diffstat (limited to '')
| -rw-r--r-- | src/ssh-generator/ssh-proxy.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/ssh-generator/ssh-proxy.c b/src/ssh-generator/ssh-proxy.c index 4884c934d7..1145f1f738 100644 --- a/src/ssh-generator/ssh-proxy.c +++ b/src/ssh-generator/ssh-proxy.c @@ -5,6 +5,7 @@ #include <unistd.h> #include "fd-util.h" +#include "io-util.h" #include "iovec-util.h" #include "log.h" #include "main-func.h" @@ -79,6 +80,50 @@ static int process_unix(const char *path) { return 0; } +static int process_vsock_mux(const char *path, const char *port) { + int r; + + assert(path); + assert(port); + + /* We assume the path is absolute unless it starts with a dot (or is already explicitly absolute) */ + _cleanup_free_ char *prefixed = NULL; + if (!STARTSWITH_SET(path, "/", "./")) { + prefixed = strjoin("/", path); + if (!prefixed) + return log_oom(); + + path = prefixed; + } + + _cleanup_close_ int fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); + if (fd < 0) + return log_error_errno(errno, "Failed to allocate AF_UNIX socket: %m"); + + r = connect_unix_path(fd, AT_FDCWD, path); + if (r < 0) + return log_error_errno(r, "Failed to connect to AF_UNIX socket %s: %m", path); + + /* Based on the protocol as defined here: + * https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md + * https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md */ + _cleanup_free_ char *connect_cmd = NULL; + connect_cmd = strjoin("CONNECT ", port, "\n"); + if (!connect_cmd) + return log_oom(); + + r = loop_write(fd, connect_cmd, SIZE_MAX); + if (r < 0) + return log_error_errno(r, "Failed to send CONNECT to %s:%s: %m", path, port); + + r = send_one_fd_iov(STDOUT_FILENO, fd, &IOVEC_NUL_BYTE, /* n_iovec= */ 1, /* flags= */ 0); + if (r < 0) + return log_error_errno(r, "Failed to send socket via STDOUT: %m"); + + log_debug("Successfully sent AF_UNIX socket via STDOUT."); + return 0; +} + static int run(int argc, char* argv[]) { log_setup(); @@ -96,6 +141,10 @@ static int run(int argc, char* argv[]) { if (p) return process_unix(p); + p = startswith(host, "vsock-mux/"); + if (p) + return process_vsock_mux(p, port); + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Don't know how to parse host name specification: %s", host); } |