X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_socket.c;h=206321cd52425d9cfc4bfbc887d59310d5612dc6;hb=ba0a3bcb2d565eec26aed30eef902d3482877cf9;hp=4fbcf57ddaa30e0d6f03690425c4d15ed9697bc4;hpb=536fe3ffcdc4c894ed986dfb5fdc0d6f78d6fe25;p=tinc diff --git a/src/net_socket.c b/src/net_socket.c index 4fbcf57d..206321cd 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -1,7 +1,7 @@ /* net_socket.c -- Handle various kinds of sockets. Copyright (C) 1998-2005 Ivo Timmermans, - 2000-2017 Guus Sliepen + 2000-2018 Guus Sliepen 2006 Scott Lamb 2009 Florian Forster @@ -41,7 +41,8 @@ int maxtimeout = 900; int seconds_till_retry = 5; int udp_rcvbuf = 1024 * 1024; int udp_sndbuf = 1024 * 1024; -int max_connection_burst = 100; +int max_connection_burst = 10; +int fwmark; listen_socket_t listen_socket[MAXSOCKETS]; int listen_sockets; @@ -85,6 +86,14 @@ static void configure_tcp(connection_t *c) { option = IPTOS_LOWDELAY; setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option)); #endif + +#if defined(SO_MARK) + + if(fwmark) { + setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark)); + } + +#endif } static bool bind_to_interface(int sd) { @@ -113,6 +122,7 @@ static bool bind_to_interface(int sd) { } #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */ + (void)sd; logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface"); #endif @@ -184,6 +194,14 @@ int setup_listen_socket(const sockaddr_t *sa) { #else #warning IPV6_V6ONLY not defined +#endif + +#if defined(SO_MARK) + + if(fwmark) { + setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark)); + } + #endif if(get_config_string @@ -193,6 +211,7 @@ int setup_listen_socket(const sockaddr_t *sa) { memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); + ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0; if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) { closesocket(nfd); @@ -316,6 +335,14 @@ int setup_vpn_in_socket(const sockaddr_t *sa) { setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option)); } +#endif + +#if defined(SO_MARK) + + if(fwmark) { + setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark)); + } + #endif if(!bind_to_interface(nfd)) { @@ -361,7 +388,7 @@ void finish_connecting(connection_t *c) { send_id(c); } -static void do_outgoing_pipe(connection_t *c, char *command) { +static void do_outgoing_pipe(connection_t *c, const char *command) { #ifndef HAVE_MINGW int fd[2]; @@ -409,6 +436,8 @@ static void do_outgoing_pipe(connection_t *c, char *command) { exit(result); #else + (void)c; + (void)command; logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!"); return; #endif @@ -498,7 +527,7 @@ bool do_outgoing_connection(outgoing_t *outgoing) { int result; begin: - sa = get_recent_address(outgoing->address_cache); + sa = get_recent_address(outgoing->node->address_cache); if(!sa) { logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name); @@ -598,10 +627,15 @@ begin: } void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) { + (void)verbose; timeout_del(&outgoing->ev); node_t *n = outgoing->node; + if(!n->address_cache) { + n->address_cache = open_address_cache(n); + } + if(n->connection) { logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name); @@ -613,10 +647,6 @@ void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) { } } - if(!outgoing->address_cache) { - outgoing->address_cache = open_address_cache(n); - } - do_outgoing_connection(outgoing); return; @@ -629,6 +659,7 @@ remove: new connection */ void handle_new_meta_connection(void *data, int flags) { + (void)flags; listen_socket_t *l = data; connection_t *c; sockaddr_t sa; @@ -647,12 +678,6 @@ void handle_new_meta_connection(void *data, int flags) { // Check if we get many connections from the same host static sockaddr_t prev_sa; - static int tarpit = -1; - - if(tarpit >= 0) { - closesocket(tarpit); - tarpit = -1; - } if(!sockaddrcmp_noport(&sa, &prev_sa)) { static int samehost_burst; @@ -668,7 +693,7 @@ void handle_new_meta_connection(void *data, int flags) { samehost_burst++; if(samehost_burst > max_connection_burst) { - tarpit = fd; + tarpit(fd); return; } } @@ -691,7 +716,7 @@ void handle_new_meta_connection(void *data, int flags) { if(connection_burst >= max_connection_burst) { connection_burst = max_connection_burst; - tarpit = fd; + tarpit(fd); return; } @@ -720,7 +745,6 @@ void handle_new_meta_connection(void *data, int flags) { connection_add(c); c->allow_request = ID; - send_id(c); } #ifndef HAVE_MINGW @@ -728,6 +752,7 @@ void handle_new_meta_connection(void *data, int flags) { accept a new UNIX socket connection */ void handle_new_unix_connection(void *data, int flags) { + (void)flags; io_t *io = data; connection_t *c; sockaddr_t sa; @@ -757,18 +782,11 @@ void handle_new_unix_connection(void *data, int flags) { connection_add(c); c->allow_request = ID; - - send_id(c); } #endif static void free_outgoing(outgoing_t *outgoing) { timeout_del(&outgoing->ev); - - if(outgoing->address_cache) { - close_address_cache(outgoing->address_cache); - } - free(outgoing); } @@ -815,11 +833,13 @@ void try_outgoing_connections(void) { if(!found) { outgoing_t *outgoing = xzalloc(sizeof(*outgoing)); node_t *n = lookup_node(name); + if(!n) { n = new_node(); n->name = xstrdup(name); node_add(n); } + outgoing->node = n; list_insert_tail(outgoing_list, outgoing); setup_outgoing_connection(outgoing, true);