Line data Source code
1 : #define _GNU_SOURCE
2 : #include "fd_bundle_tile_private.h"
3 : #include "../metrics/fd_metrics.h"
4 : #include "../topo/fd_topo.h"
5 : #include "../keyguard/fd_keyload.h"
6 : #include "../plugin/fd_plugin.h"
7 : #include "../../waltz/http/fd_url.h"
8 : #include "../../waltz/openssl/fd_openssl_tile.h"
9 :
10 : #include <errno.h>
11 : #include <dirent.h> /* opendir */
12 : #include <stdio.h> /* snprintf */
13 : #include <fcntl.h> /* F_SETFL */
14 : #include <unistd.h> /* close */
15 : #include <sys/mman.h> /* PROT_READ (seccomp) */
16 : #include <sys/uio.h> /* writev */
17 : #include <netinet/in.h> /* AF_INET */
18 : #include <netinet/tcp.h> /* TCP_FASTOPEN_CONNECT (seccomp) */
19 : #include "../../waltz/resolv/fd_netdb.h"
20 :
21 : #include "generated/fd_bundle_tile_seccomp.h"
22 :
23 : /* Provided by fdctl/firedancer version.c */
24 : extern char const fdctl_version_string[];
25 :
26 : FD_FN_CONST static ulong
27 0 : scratch_align( void ) {
28 0 : return alignof(fd_bundle_tile_t);
29 0 : }
30 :
31 : FD_FN_CONST static ulong
32 0 : scratch_footprint( fd_topo_tile_t const * tile ) {
33 0 : (void)tile;
34 0 : ulong l = FD_LAYOUT_INIT;
35 0 : l = FD_LAYOUT_APPEND( l, alignof(fd_bundle_tile_t), sizeof(fd_bundle_tile_t) );
36 0 : l = FD_LAYOUT_APPEND( l, fd_grpc_client_align(), fd_grpc_client_footprint( tile->bundle.buf_sz ) );
37 0 : l = FD_LAYOUT_APPEND( l, fd_alloc_align(), fd_alloc_footprint() );
38 0 : return FD_LAYOUT_FINI( l, 32 );
39 0 : }
40 :
41 : FD_FN_CONST static inline ulong
42 0 : loose_footprint( fd_topo_tile_t const * tile ) {
43 0 : (void)tile;
44 : /* Leftover space for OpenSSL allocations */
45 0 : return 1UL<<26; /* 64 MiB */
46 0 : }
47 :
48 : static inline void
49 0 : metrics_write( fd_bundle_tile_t * ctx ) {
50 0 : FD_MCNT_SET( BUNDLE, TRANSACTION_RECEIVED, ctx->metrics.txn_received_cnt );
51 0 : FD_MCNT_SET( BUNDLE, BUNDLE_RECEIVED, ctx->metrics.bundle_received_cnt );
52 0 : FD_MCNT_SET( BUNDLE, PACKET_RECEIVED, ctx->metrics.packet_received_cnt );
53 0 : FD_MCNT_SET( BUNDLE, PROTO_RECEIVED_BYTES, ctx->metrics.proto_received_bytes );
54 0 : FD_MCNT_SET( BUNDLE, SHREDSTREAM_HEARTBEATS, ctx->metrics.shredstream_heartbeat_cnt );
55 0 : FD_MCNT_SET( BUNDLE, KEEPALIVES, ctx->metrics.ping_ack_cnt );
56 0 : FD_MCNT_SET( BUNDLE, ERRORS_PROTOBUF, ctx->metrics.decode_fail_cnt );
57 0 : FD_MCNT_SET( BUNDLE, ERRORS_TRANSPORT, ctx->metrics.transport_fail_cnt );
58 0 : FD_MCNT_SET( BUNDLE, ERRORS_NO_FEE_INFO, ctx->metrics.missing_builder_info_fail_cnt );
59 0 : #if FD_HAS_OPENSSL
60 0 : FD_MCNT_SET( BUNDLE, ERRORS_SSL_ALLOC, fd_ossl_alloc_errors );
61 0 : #endif
62 :
63 0 : FD_MGAUGE_SET( BUNDLE, RTT_SAMPLE, (ulong)ctx->rtt->latest_rtt );
64 0 : FD_MGAUGE_SET( BUNDLE, RTT_SMOOTHED, (ulong)ctx->rtt->smoothed_rtt );
65 0 : FD_MGAUGE_SET( BUNDLE, RTT_VAR, (ulong)ctx->rtt->var_rtt );
66 :
67 0 : FD_MHIST_COPY( BUNDLE, MESSAGE_RX_DELAY_NANOS, ctx->metrics.msg_rx_delay );
68 :
69 0 : fd_wksp_t * wksp = fd_wksp_containing( ctx );
70 0 : fd_wksp_usage_t usage[1];
71 0 : ulong const free_tag = 0UL;
72 0 : if( FD_UNLIKELY( !fd_wksp_usage( wksp, &free_tag, 1UL, usage ) ) ) {
73 0 : FD_LOG_ERR(( "fd_wksp_usage failed" )); /* unreachable */
74 0 : }
75 0 : FD_MGAUGE_SET( BUNDLE, HEAP_SIZE, usage->total_sz );
76 0 : FD_MGAUGE_SET( BUNDLE, HEAP_FREE_BYTES, usage->free_sz );
77 :
78 0 : int bundle_status = fd_bundle_client_status( ctx );
79 0 : FD_MGAUGE_SET( BUNDLE, CONNECTED, bundle_status==FD_PLUGIN_MSG_BLOCK_ENGINE_UPDATE_STATUS_CONNECTED );
80 0 : ctx->bundle_status_recent = (uchar)bundle_status;
81 0 : }
82 :
83 : void
84 6 : fd_bundle_tile_housekeeping( fd_bundle_tile_t * ctx ) {
85 6 : long log_interval_ns = (long)30e9;
86 6 : int status = fd_bundle_client_status( ctx );
87 6 : long log_next_ns = ctx->last_bundle_status_log_nanos + log_interval_ns;
88 6 : long now_ns = fd_log_wallclock();
89 6 : if( FD_UNLIKELY( status!=FD_PLUGIN_MSG_BLOCK_ENGINE_UPDATE_STATUS_CONNECTED && now_ns>log_next_ns ) ) {
90 0 : FD_LOG_WARNING(( "No bundle server connection in the last %ld seconds", log_interval_ns/(long)1e9 ) );
91 0 : ctx->last_bundle_status_log_nanos = now_ns;
92 0 : }
93 :
94 6 : if( FD_UNLIKELY( fd_keyswitch_state_query( ctx->keyswitch )==FD_KEYSWITCH_STATE_SWITCH_PENDING ) ) {
95 3 : fd_memcpy( ctx->auther.pubkey, ctx->keyswitch->bytes, 32UL );
96 3 : fd_keyswitch_state( ctx->keyswitch, FD_KEYSWITCH_STATE_COMPLETED );
97 3 : ctx->defer_reset = 1;
98 3 : }
99 6 : }
100 :
101 : static void
102 : fd_bundle_tile_publish_block_engine_update(
103 : fd_bundle_tile_t * ctx,
104 : fd_stem_context_t * stem
105 0 : ) {
106 0 : fd_plugin_msg_block_engine_update_t * update =
107 0 : fd_chunk_to_laddr( ctx->plugin_out.mem, ctx->plugin_out.chunk );
108 0 : memset( update, 0, sizeof(fd_plugin_msg_block_engine_update_t) );
109 :
110 0 : strncpy( update->name, "jito", sizeof(update->name) );
111 :
112 : /* Deliberately silently truncates */
113 0 : snprintf( update->url, sizeof(update->url), "%s://%.*s:%u",
114 0 : ctx->is_ssl ? "https" : "http",
115 0 : (int)ctx->server_fqdn_len,
116 0 : ctx->server_fqdn,
117 0 : ctx->server_tcp_port );
118 :
119 : /* Format IPv4 string */
120 0 : snprintf( update->ip_cstr, sizeof(update->ip_cstr),
121 0 : FD_IP4_ADDR_FMT,
122 0 : FD_IP4_ADDR_FMT_ARGS( ctx->server_ip4_addr ) );
123 :
124 0 : update->status = (uchar)ctx->bundle_status_recent;
125 :
126 0 : ulong tspub = (ulong)fd_frag_meta_ts_comp( fd_bundle_now() );
127 0 : fd_stem_publish(
128 0 : stem,
129 0 : ctx->plugin_out.idx,
130 0 : FD_PLUGIN_MSG_BLOCK_ENGINE_UPDATE,
131 0 : ctx->plugin_out.chunk,
132 0 : sizeof(fd_plugin_msg_block_engine_update_t),
133 0 : 0UL, /* ctl */
134 0 : 0UL, /* seq */
135 0 : tspub
136 0 : );
137 0 : ctx->plugin_out.chunk = fd_dcache_compact_next( ctx->plugin_out.chunk, sizeof(fd_plugin_msg_block_engine_update_t), ctx->plugin_out.chunk0, ctx->plugin_out.wmark );
138 0 : }
139 :
140 : static void
141 : after_credit( fd_bundle_tile_t * ctx,
142 : fd_stem_context_t * stem,
143 : int * opt_poll_in,
144 0 : int * charge_busy ) {
145 0 : (void)opt_poll_in;
146 0 : if( FD_UNLIKELY( !ctx->stem ) ) ctx->stem = stem;
147 0 : fd_bundle_client_step( ctx, charge_busy );
148 :
149 0 : if( ctx->plugin_out.mem ) {
150 0 : if( FD_UNLIKELY( ctx->bundle_status_recent != ctx->bundle_status_plugin ) ) {
151 0 : fd_bundle_tile_publish_block_engine_update( ctx, stem );
152 0 : ctx->bundle_status_plugin = (uchar)ctx->bundle_status_recent;
153 0 : *charge_busy = 1;
154 0 : }
155 0 : }
156 0 : }
157 :
158 : static void
159 : parse_url( fd_url_t * url_,
160 : char const * url_str,
161 : ulong url_str_len,
162 : ushort * tcp_port,
163 0 : _Bool * is_ssl ) {
164 :
165 : /* Parse URL */
166 :
167 0 : int url_err[1];
168 0 : fd_url_t * url = fd_url_parse_cstr( url_, url_str, url_str_len, url_err );
169 0 : if( FD_UNLIKELY( !url ) ) {
170 0 : switch( *url_err ) {
171 0 : scheme_err:
172 0 : case FD_URL_ERR_SCHEME:
173 0 : FD_LOG_ERR(( "Invalid [tiles.bundle.url] `%.*s`: must start with `http://` or `https://`", (int)url_str_len, url_str ));
174 0 : break;
175 0 : case FD_URL_ERR_HOST_OVERSZ:
176 0 : FD_LOG_ERR(( "Invalid [tiles.bundle.url] `%.*s`: domain name is too long", (int)url_str_len, url_str ));
177 0 : break;
178 0 : default:
179 0 : FD_LOG_ERR(( "Invalid [tiles.bundle.url] `%.*s`", (int)url_str_len, url_str ));
180 0 : break;
181 0 : }
182 0 : }
183 :
184 : /* FIXME the URL scheme path technically shouldn't contain slashes */
185 0 : if( url->scheme_len==8UL && fd_memeq( url->scheme, "https://", 8UL ) ) {
186 0 : *is_ssl = 1;
187 0 : } else if( url->scheme_len==7UL && fd_memeq( url->scheme, "http://", 7UL ) ) {
188 0 : *is_ssl = 0;
189 0 : } else {
190 0 : goto scheme_err;
191 0 : }
192 :
193 : /* Parse port number */
194 :
195 0 : *tcp_port = 443;
196 0 : if( url->port_len ) {
197 0 : if( FD_UNLIKELY( url->port_len > 5 ) ) {
198 0 : invalid_port:
199 0 : FD_LOG_ERR(( "Invalid [tiles.bundle.url] `%.*s`: invalid port number", (int)url_str_len, url_str ));
200 0 : }
201 :
202 0 : char port_cstr[6];
203 0 : fd_cstr_fini( fd_cstr_append_text( fd_cstr_init( port_cstr ), url->port, url->port_len ) );
204 0 : ulong port_no = fd_cstr_to_ulong( port_cstr );
205 0 : if( FD_UNLIKELY( !port_no || port_no>USHORT_MAX ) ) goto invalid_port;
206 :
207 0 : *tcp_port = (ushort)port_no;
208 0 : }
209 :
210 : /* Resolve domain */
211 :
212 0 : if( FD_UNLIKELY( url->host_len > 255 ) ) {
213 0 : FD_LOG_CRIT(( "Invalid url->host_len" )); /* unreachable */
214 0 : }
215 0 : char host_cstr[ 256 ];
216 0 : fd_cstr_fini( fd_cstr_append_text( fd_cstr_init( host_cstr ), url->host, url->host_len ) );
217 0 : }
218 :
219 : static void
220 : fd_bundle_tile_parse_endpoint( fd_bundle_tile_t * ctx,
221 0 : fd_topo_tile_t const * tile ) {
222 0 : fd_url_t url[1];
223 0 : _Bool is_ssl = 0;
224 0 : parse_url(
225 0 : url,
226 0 : tile->bundle.url, tile->bundle.url_len,
227 0 : &ctx->server_tcp_port,
228 0 : &is_ssl
229 0 : );
230 0 : if( FD_UNLIKELY( url->host_len > 255 ) ) {
231 0 : FD_LOG_CRIT(( "Invalid url->host_len" )); /* unreachable */
232 0 : }
233 0 : fd_cstr_fini( fd_cstr_append_text( fd_cstr_init( ctx->server_fqdn ), url->host, url->host_len ) );
234 0 : ctx->server_fqdn_len = url->host_len;
235 :
236 0 : if( FD_UNLIKELY( tile->bundle.sni_len ) ) {
237 0 : fd_cstr_fini( fd_cstr_append_text( fd_cstr_init( ctx->server_sni ), tile->bundle.sni, tile->bundle.sni_len ) );
238 0 : ctx->server_sni_len = tile->bundle.sni_len;
239 0 : } else {
240 0 : fd_cstr_fini( fd_cstr_append_text( fd_cstr_init( ctx->server_sni ), url->host, url->host_len ) );
241 0 : ctx->server_sni_len = url->host_len;
242 0 : }
243 :
244 0 : ctx->is_ssl = !!is_ssl;
245 : #if !FD_HAS_OPENSSL
246 : if( FD_UNLIKELY( is_ssl ) ) {
247 : FD_LOG_ERR(( "This build does not include OpenSSL. To install OpenSSL, re-run ./deps.sh and do a clean re build." ));
248 : }
249 : #endif
250 0 : }
251 :
252 : #if FD_HAS_OPENSSL
253 :
254 : static void
255 : fd_ossl_keylog_callback( SSL const * ssl,
256 0 : char const * line ) {
257 0 : SSL_CTX * ssl_ctx = SSL_get_SSL_CTX( ssl );
258 0 : fd_bundle_tile_t * ctx = SSL_CTX_get_ex_data( ssl_ctx, 0 );
259 0 : ulong line_len = strlen( line );
260 0 : struct iovec iovs[2] = {
261 0 : { .iov_base=(void *)line, .iov_len=line_len },
262 0 : { .iov_base=(void *)"\n", .iov_len=1UL }
263 0 : };
264 0 : if( FD_UNLIKELY( writev( ctx->keylog_fd, iovs, 2 )!=(long)line_len+1 ) ) {
265 0 : FD_LOG_WARNING(( "write(keylog) failed (%i-%s)", errno, fd_io_strerror( errno ) ));
266 0 : }
267 0 : }
268 :
269 : static void
270 : fd_bundle_tile_init_openssl( fd_bundle_tile_t * ctx,
271 : void * alloc_mem,
272 0 : int tls_cert_verify ) {
273 0 : fd_alloc_t * alloc = fd_alloc_join( fd_alloc_new( alloc_mem, 1UL ), 1UL );
274 0 : if( FD_UNLIKELY( !alloc ) ) {
275 0 : FD_LOG_ERR(( "fd_alloc_new failed" ));
276 0 : }
277 0 : ctx->ssl_alloc = alloc;
278 0 : fd_ossl_tile_init( alloc );
279 :
280 0 : SSL_CTX * ssl_ctx = SSL_CTX_new( TLS_client_method() );
281 0 : if( FD_UNLIKELY( !ssl_ctx ) ) {
282 0 : FD_LOG_ERR(( "SSL_CTX_new failed" ));
283 0 : }
284 :
285 0 : if( FD_UNLIKELY( !SSL_CTX_set_ex_data( ssl_ctx, 0, ctx ) ) ) {
286 0 : FD_LOG_ERR(( "SSL_CTX_set_ex_data failed" ));
287 0 : }
288 :
289 0 : if( FD_UNLIKELY( !SSL_CTX_set_mode( ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE|SSL_MODE_AUTO_RETRY ) ) ) {
290 0 : FD_LOG_ERR(( "SSL_CTX_set_mode failed" ));
291 0 : }
292 :
293 0 : if( FD_UNLIKELY( !SSL_CTX_set_min_proto_version( ssl_ctx, TLS1_3_VERSION ) ) ) {
294 0 : FD_LOG_ERR(( "SSL_CTX_set_min_proto_version(ssl_ctx,TLS1_3_VERSION) failed" ));
295 0 : }
296 :
297 0 : if( FD_UNLIKELY( 0!=SSL_CTX_set_alpn_protos( ssl_ctx, (const unsigned char *)"\x02h2", 3 ) ) ) {
298 0 : FD_LOG_ERR(( "SSL_CTX_set_alpn_protos failed" ));
299 0 : }
300 :
301 0 : if( tls_cert_verify ) {
302 0 : fd_ossl_load_certs( ssl_ctx );
303 0 : }
304 :
305 0 : if( FD_LIKELY( ctx->keylog_fd >= 0 ) ) {
306 0 : SSL_CTX_set_keylog_callback( ssl_ctx, fd_ossl_keylog_callback );
307 0 : }
308 :
309 0 : ctx->ssl_ctx = ssl_ctx;
310 0 : }
311 :
312 : #endif /* FD_HAS_OPENSSL */
313 :
314 : static void
315 : privileged_init( fd_topo_t * topo,
316 0 : fd_topo_tile_t * tile ) {
317 0 : void * scratch = fd_topo_obj_laddr( topo, tile->tile_obj_id );
318 :
319 0 : FD_SCRATCH_ALLOC_INIT( l, scratch );
320 0 : fd_bundle_tile_t * ctx = FD_SCRATCH_ALLOC_APPEND( l, alignof(fd_bundle_tile_t), sizeof(fd_bundle_tile_t) );
321 0 : void * grpc_mem = FD_SCRATCH_ALLOC_APPEND( l, fd_grpc_client_align(), fd_grpc_client_footprint( tile->bundle.buf_sz ) );
322 0 : void * alloc_mem = FD_SCRATCH_ALLOC_APPEND( l, fd_alloc_align(), fd_alloc_footprint() );
323 0 : ulong scratch_end = FD_SCRATCH_ALLOC_FINI( l, scratch_align() );
324 0 : (void)alloc_mem; /* potentially unused */
325 :
326 0 : if( FD_UNLIKELY( (ulong)ctx != (ulong)scratch ) ) {
327 0 : FD_LOG_CRIT(( "Invalid bundle tile scratch alignment" )); /* unreachable */
328 0 : }
329 0 : if( FD_UNLIKELY( scratch_end - (ulong)scratch > scratch_footprint( tile ) ) ) {
330 0 : FD_LOG_CRIT(( "Bundle tile scratch overflow" )); /* unreachable */
331 0 : }
332 :
333 0 : memset( ctx, 0, sizeof(fd_bundle_tile_t) );
334 0 : ctx->grpc_client_mem = grpc_mem;
335 0 : ctx->grpc_buf_max = tile->bundle.buf_sz;
336 0 : ctx->tcp_sock = -1;
337 :
338 0 : fd_bundle_auther_init( &ctx->auther );
339 0 : uchar const * public_key = fd_keyload_load( tile->bundle.identity_key_path, 1 /* public key only */ );
340 0 : fd_memcpy( ctx->auther.pubkey, public_key, 32UL );
341 :
342 0 : ctx->keylog_fd = -1;
343 :
344 0 : # if FD_HAS_OPENSSL
345 :
346 0 : if( FD_UNLIKELY( tile->bundle.key_log_path[0] ) ) {
347 0 : ctx->keylog_fd = open( tile->bundle.key_log_path, O_WRONLY|O_APPEND|O_CREAT, 0644 );
348 0 : if( FD_UNLIKELY( ctx->keylog_fd < 0 ) ) {
349 0 : FD_LOG_ERR(( "open(%s) failed (%i-%s)", tile->bundle.key_log_path, errno, fd_io_strerror( errno ) ));
350 0 : }
351 0 : }
352 :
353 : /* OpenSSL goes and tries to read files and allocate memory and
354 : other dumb things on a thread local basis, so we need a special
355 : initializer to do it before seccomp happens in the process. */
356 0 : fd_bundle_tile_init_openssl( ctx, alloc_mem, tile->bundle.tls_cert_verify );
357 :
358 0 : # endif /* FD_HAS_OPENSSL */
359 :
360 : /* Init resolver */
361 0 : if( FD_UNLIKELY( !fd_netdb_open_fds( ctx->netdb_fds ) ) ) {
362 0 : FD_LOG_ERR(( "fd_netdb_open_fds failed" ));
363 0 : }
364 :
365 : /* Random seed for header hashmap */
366 0 : if( FD_UNLIKELY( !fd_rng_secure( &ctx->map_seed, sizeof(ulong) ) ) ) {
367 0 : FD_LOG_CRIT(( "fd_rng_secure failed" ));
368 0 : }
369 :
370 : /* Random seed for timing RNG */
371 0 : uint rng_seed;
372 0 : if( FD_UNLIKELY( !fd_rng_secure( &rng_seed, sizeof(uint) ) ) ) {
373 0 : FD_LOG_CRIT(( "fd_rng_secure failed" ));
374 0 : }
375 0 : if( FD_UNLIKELY( !fd_rng_join( fd_rng_new( &ctx->rng, rng_seed, 0UL ) ) ) ) {
376 0 : FD_LOG_CRIT(( "fd_rng_join failed" )); /* unreachable */
377 0 : }
378 0 : }
379 :
380 : static fd_bundle_out_ctx_t
381 : bundle_out_link( fd_topo_t const * topo,
382 : fd_topo_link_t const * link,
383 0 : ulong out_link_idx ) {
384 0 : fd_bundle_out_ctx_t out = {0};
385 0 : out.idx = out_link_idx;
386 0 : out.mem = topo->workspaces[ topo->objs[ link->dcache_obj_id ].wksp_id ].wksp;
387 0 : out.chunk0 = fd_dcache_compact_chunk0( out.mem, link->dcache );
388 0 : out.wmark = fd_dcache_compact_wmark ( out.mem, link->dcache, link->mtu );
389 0 : out.chunk = out.chunk0;
390 0 : return out;
391 0 : }
392 :
393 : static void
394 : unprivileged_init( fd_topo_t * topo,
395 0 : fd_topo_tile_t * tile ) {
396 0 : fd_bundle_tile_t * ctx = fd_topo_obj_laddr( topo, tile->tile_obj_id );
397 0 : if( FD_UNLIKELY( tile->kind_id!=0 ) ) {
398 0 : FD_LOG_ERR(( "There can only be one bundle tile" ));
399 0 : }
400 :
401 0 : ulong sign_in_idx = fd_topo_find_tile_in_link( topo, tile, "sign_bundle", tile->kind_id );
402 0 : if( FD_UNLIKELY( sign_in_idx==ULONG_MAX ) ) FD_LOG_ERR(( "Missing sign_bundle link" ));
403 0 : fd_topo_link_t const * sign_in = &topo->links[ tile->in_link_id[ sign_in_idx ] ];
404 :
405 0 : ulong sign_out_idx = fd_topo_find_tile_out_link( topo, tile, "bundle_sign", tile->kind_id );
406 0 : if( FD_UNLIKELY( sign_out_idx==ULONG_MAX ) ) FD_LOG_ERR(( "Missing bundle_sign link" ));
407 0 : fd_topo_link_t const * sign_out = &topo->links[ tile->out_link_id[ sign_out_idx ] ];
408 :
409 0 : if( FD_UNLIKELY( !fd_keyguard_client_join( fd_keyguard_client_new(
410 0 : ctx->keyguard_client,
411 0 : sign_out->mcache,
412 0 : sign_out->dcache,
413 0 : sign_in->mcache,
414 0 : sign_in->dcache,
415 0 : sign_out->mtu
416 0 : ) ) ) ) {
417 0 : FD_LOG_ERR(( "fd_keyguard_client_join failed" )); /* unreachable */
418 0 : }
419 :
420 0 : ctx->keyswitch = fd_keyswitch_join( fd_topo_obj_laddr( topo, tile->keyswitch_obj_id ) );
421 0 : FD_TEST( ctx->keyswitch );
422 :
423 0 : ulong verify_out_idx = fd_topo_find_tile_out_link( topo, tile, "bundle_verif", tile->kind_id );
424 0 : if( FD_UNLIKELY( verify_out_idx==ULONG_MAX ) ) FD_LOG_ERR(( "Missing bundle_verif link" ));
425 0 : ctx->verify_out = bundle_out_link( topo, &topo->links[ tile->out_link_id[ verify_out_idx ] ], verify_out_idx );
426 :
427 0 : ulong plugin_out_idx = fd_topo_find_tile_out_link( topo, tile, "bundle_plugi", tile->kind_id );
428 0 : if( plugin_out_idx!=ULONG_MAX ) {
429 0 : ctx->plugin_out = bundle_out_link( topo, &topo->links[ tile->out_link_id[ plugin_out_idx ] ], plugin_out_idx );
430 0 : } else {
431 0 : ctx->plugin_out = (fd_bundle_out_ctx_t){ .idx=ULONG_MAX };
432 0 : }
433 :
434 : /* Set socket receive buffer size */
435 0 : ulong so_rcvbuf = tile->bundle.buf_sz;
436 0 : if( FD_UNLIKELY( so_rcvbuf < 2048UL ) ) FD_LOG_ERR(( "Invalid [development.bundle.buffer_size_kib]: too small" ));
437 0 : if( FD_UNLIKELY( so_rcvbuf > INT_MAX ) ) FD_LOG_ERR(( "Invalid [development.bundle.buffer_size_kib]: too large" ));
438 0 : ctx->so_rcvbuf = (int)so_rcvbuf;
439 :
440 : /* Set idle ping timer */
441 0 : ctx->keepalive_interval = (long)tile->bundle.keepalive_interval_nanos;
442 :
443 0 : ctx->bundle_status_plugin = 127;
444 0 : ctx->bundle_status_recent = FD_PLUGIN_MSG_BLOCK_ENGINE_UPDATE_STATUS_DISCONNECTED;
445 0 : ctx->last_bundle_status_log_nanos = fd_log_wallclock();
446 :
447 0 : fd_bundle_tile_parse_endpoint( ctx, tile );
448 :
449 0 : ctx->grpc_client = fd_grpc_client_new( ctx->grpc_client_mem, &fd_bundle_client_grpc_callbacks, ctx->grpc_metrics, ctx, ctx->grpc_buf_max, ctx->map_seed );
450 0 : if( FD_UNLIKELY( !ctx->grpc_client ) ) {
451 0 : FD_LOG_CRIT(( "fd_grpc_client_new failed" )); /* unreachable */
452 0 : }
453 0 : fd_grpc_client_set_version( ctx->grpc_client, fdctl_version_string, strlen( fdctl_version_string ) );
454 0 : fd_grpc_client_set_authority( ctx->grpc_client, ctx->server_sni, ctx->server_sni_len, ctx->server_tcp_port );
455 :
456 0 : fd_histf_new( ctx->metrics.msg_rx_delay,
457 0 : FD_MHIST_MIN( BUNDLE, MESSAGE_RX_DELAY_NANOS ),
458 0 : FD_MHIST_MAX( BUNDLE, MESSAGE_RX_DELAY_NANOS ) );
459 0 : }
460 :
461 : static ulong
462 : populate_allowed_seccomp( fd_topo_t const * topo,
463 : fd_topo_tile_t const * tile,
464 : ulong out_cnt,
465 0 : struct sock_filter * out ) {
466 0 : fd_bundle_tile_t * ctx = fd_topo_obj_laddr( topo, tile->tile_obj_id );
467 :
468 0 : populate_sock_filter_policy_fd_bundle_tile(
469 0 : out_cnt, out,
470 0 : (uint)fd_log_private_logfile_fd(),
471 0 : (uint)ctx->keylog_fd,
472 0 : (uint)ctx->netdb_fds->etc_hosts,
473 0 : (uint)ctx->netdb_fds->etc_resolv_conf
474 0 : );
475 0 : return sock_filter_policy_fd_bundle_tile_instr_cnt;
476 0 : }
477 :
478 : static ulong
479 : populate_allowed_fds( fd_topo_t const * topo,
480 : fd_topo_tile_t const * tile,
481 : ulong out_fds_cnt,
482 0 : int * out_fds ) {
483 0 : fd_bundle_tile_t * ctx = fd_topo_obj_laddr( topo, tile->tile_obj_id );
484 :
485 0 : if( FD_UNLIKELY( out_fds_cnt<5UL ) ) FD_LOG_ERR(( "out_fds_cnt %lu", out_fds_cnt ));
486 :
487 0 : ulong out_cnt = 0UL;
488 0 : out_fds[ out_cnt++ ] = 2; /* stderr */
489 0 : if( FD_LIKELY( -1!=fd_log_private_logfile_fd() ) )
490 0 : out_fds[ out_cnt++ ] = fd_log_private_logfile_fd(); /* logfile */
491 0 : if( FD_LIKELY( ctx->netdb_fds->etc_hosts >= 0 ) )
492 0 : out_fds[ out_cnt++ ] = ctx->netdb_fds->etc_hosts;
493 0 : out_fds[ out_cnt++ ] = ctx->netdb_fds->etc_resolv_conf;
494 0 : if( FD_UNLIKELY( ctx->keylog_fd>=0 ) )
495 0 : out_fds[ out_cnt++ ] = ctx->keylog_fd;
496 0 : return out_cnt;
497 0 : }
498 :
499 0 : #define STEM_BURST (5UL)
500 0 : #define STEM_LAZY ((long)10e6)
501 :
502 0 : #define STEM_CALLBACK_CONTEXT_TYPE fd_bundle_tile_t
503 0 : #define STEM_CALLBACK_CONTEXT_ALIGN alignof(fd_bundle_tile_t)
504 :
505 0 : #define STEM_CALLBACK_DURING_HOUSEKEEPING fd_bundle_tile_housekeeping
506 0 : #define STEM_CALLBACK_METRICS_WRITE metrics_write
507 0 : #define STEM_CALLBACK_AFTER_CREDIT after_credit
508 :
509 : #include "../stem/fd_stem.c"
510 :
511 : fd_topo_run_tile_t fd_tile_bundle = {
512 : .name = "bundle",
513 : .populate_allowed_seccomp = populate_allowed_seccomp,
514 : .populate_allowed_fds = populate_allowed_fds,
515 : .scratch_align = scratch_align,
516 : .scratch_footprint = scratch_footprint,
517 : .loose_footprint = loose_footprint,
518 : .privileged_init = privileged_init,
519 : .unprivileged_init = unprivileged_init,
520 : .run = stem_run,
521 : .rlimit_file_cnt = 64,
522 : .keep_host_networking = 1,
523 : .allow_connect = 1
524 : };
|
