X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_socket.c;h=a69612790852b2d7379ae8d781360c6722a852c6;hb=d6b45d005530496e48325a6174ecdd889a17bfc1;hp=cd6a5c2f32e2ceb957de55bd692ec0b14134a764;hpb=d2b03f006f98d504e3e30f2d4b91ce02abd19c51;p=tinc

diff --git a/src/net_socket.c b/src/net_socket.c
index cd6a5c2f..a6961279 100644
--- a/src/net_socket.c
+++ b/src/net_socket.c
@@ -1,7 +1,7 @@
 /*
     net_socket.c -- Handle various kinds of sockets.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2018 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2009      Florian Forster <octo@verplant.org>
 
@@ -41,7 +41,8 @@ int maxtimeout = 900;
 int seconds_till_retry = 5;
 int udp_rcvbuf = 1024 * 1024;
 int udp_sndbuf = 1024 * 1024;
-int max_connection_burst = 100;
+int max_connection_burst = 10;
+int fwmark;
 
 listen_socket_t listen_socket[MAXSOCKETS];
 int listen_sockets;
@@ -85,6 +86,14 @@ static void configure_tcp(connection_t *c) {
 	option = IPTOS_LOWDELAY;
 	setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
 #endif
+
+#if defined(SO_MARK)
+
+	if(fwmark) {
+		setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+	}
+
+#endif
 }
 
 static bool bind_to_interface(int sd) {
@@ -113,6 +122,7 @@ static bool bind_to_interface(int sd) {
 	}
 
 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
+	(void)sd;
 	logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
 #endif
 
@@ -184,6 +194,14 @@ int setup_listen_socket(const sockaddr_t *sa) {
 
 #else
 #warning IPV6_V6ONLY not defined
+#endif
+
+#if defined(SO_MARK)
+
+	if(fwmark) {
+		setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+	}
+
 #endif
 
 	if(get_config_string
@@ -193,6 +211,7 @@ int setup_listen_socket(const sockaddr_t *sa) {
 
 		memset(&ifr, 0, sizeof(ifr));
 		strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
+		ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
 
 		if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
 			closesocket(nfd);
@@ -316,6 +335,14 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
 		setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
 	}
 
+#endif
+
+#if defined(SO_MARK)
+
+	if(fwmark) {
+		setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+	}
+
 #endif
 
 	if(!bind_to_interface(nfd)) {
@@ -361,7 +388,7 @@ void finish_connecting(connection_t *c) {
 	send_id(c);
 }
 
-static void do_outgoing_pipe(connection_t *c, char *command) {
+static void do_outgoing_pipe(connection_t *c, const char *command) {
 #ifndef HAVE_MINGW
 	int fd[2];
 
@@ -409,6 +436,8 @@ static void do_outgoing_pipe(connection_t *c, char *command) {
 
 	exit(result);
 #else
+	(void)c;
+	(void)command;
 	logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
 	return;
 #endif
@@ -598,6 +627,7 @@ begin:
 }
 
 void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
+	(void)verbose;
 	timeout_del(&outgoing->ev);
 
 	node_t *n = outgoing->node;
@@ -629,6 +659,7 @@ remove:
   new connection
 */
 void handle_new_meta_connection(void *data, int flags) {
+	(void)flags;
 	listen_socket_t *l = data;
 	connection_t *c;
 	sockaddr_t sa;
@@ -647,12 +678,6 @@ void handle_new_meta_connection(void *data, int flags) {
 	// Check if we get many connections from the same host
 
 	static sockaddr_t prev_sa;
-	static int tarpit = -1;
-
-	if(tarpit >= 0) {
-		closesocket(tarpit);
-		tarpit = -1;
-	}
 
 	if(!sockaddrcmp_noport(&sa, &prev_sa)) {
 		static int samehost_burst;
@@ -668,7 +693,7 @@ void handle_new_meta_connection(void *data, int flags) {
 		samehost_burst++;
 
 		if(samehost_burst > max_connection_burst) {
-			tarpit = fd;
+			tarpit(fd);
 			return;
 		}
 	}
@@ -691,7 +716,7 @@ void handle_new_meta_connection(void *data, int flags) {
 
 	if(connection_burst >= max_connection_burst) {
 		connection_burst = max_connection_burst;
-		tarpit = fd;
+		tarpit(fd);
 		return;
 	}
 
@@ -720,7 +745,6 @@ void handle_new_meta_connection(void *data, int flags) {
 	connection_add(c);
 
 	c->allow_request = ID;
-	send_id(c);
 }
 
 #ifndef HAVE_MINGW
@@ -728,6 +752,7 @@ void handle_new_meta_connection(void *data, int flags) {
   accept a new UNIX socket connection
 */
 void handle_new_unix_connection(void *data, int flags) {
+	(void)flags;
 	io_t *io = data;
 	connection_t *c;
 	sockaddr_t sa;
@@ -757,8 +782,6 @@ void handle_new_unix_connection(void *data, int flags) {
 	connection_add(c);
 
 	c->allow_request = ID;
-
-	send_id(c);
 }
 #endif