X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fnet_socket.c;h=ded9224d48dd720bfd11ccb7e9c6f334da0d8060;hb=76c90e1639ee900fca4fc858260f0078ba32b9b1;hp=d5f85d5a0ceac9a3ed59f9f952c4a85136d6ad77;hpb=cc3c69c892b0dad9a6ece0a0f4ccd429a22fcbff;p=tinc diff --git a/src/net_socket.c b/src/net_socket.c index d5f85d5a..ded9224d 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -45,6 +45,7 @@ int maxtimeout = 900; int seconds_till_retry = 5; int udp_rcvbuf = 0; int udp_sndbuf = 0; +int max_connection_burst = 100; listen_socket_t listen_socket[MAXSOCKETS]; int listen_sockets; @@ -294,10 +295,7 @@ void retry_outgoing(outgoing_t *outgoing) { void finish_connecting(connection_t *c) { logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname); - if(proxytype != PROXY_EXEC) - configure_tcp(c); - - c->last_ping_time = time(NULL); + c->last_ping_time = now.tv_sec; c->status.connecting = false; send_id(c); @@ -352,6 +350,9 @@ static void do_outgoing_pipe(connection_t *c, char *command) { } static void handle_meta_write(connection_t *c) { + if(c->outbuf.len <= c->outbuf.offset) + return; + ssize_t outlen = send(c->socket, c->outbuf.data + c->outbuf.offset, c->outbuf.len - c->outbuf.offset, 0); if(outlen <= 0) { if(!errno || errno == EPIPE) { @@ -373,10 +374,28 @@ static void handle_meta_write(connection_t *c) { } static void handle_meta_io(void *data, int flags) { + connection_t *c = data; + + if(c->status.connecting) { + c->status.connecting = false; + + int result; + socklen_t len = sizeof result; + getsockopt(c->socket, SOL_SOCKET, SO_ERROR, (void *)&result, &len); + + if(!result) + finish_connecting(c); + else { + logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Error while connecting to %s (%s): %s", c->name, c->hostname, sockstrerror(result)); + terminate_connection(c, false); + return; + } + } + if(flags & IO_WRITE) - handle_meta_write(data); + handle_meta_write(c); else - handle_meta_connection_data(data); + handle_meta_connection_data(c); } bool do_outgoing_connection(outgoing_t *outgoing) { @@ -441,6 +460,7 @@ begin: } logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport); c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP); + configure_tcp(c); } if(c->socket == -1) { @@ -489,11 +509,11 @@ begin: c->outdigest = myself->connection->outdigest; c->outmaclength = myself->connection->outmaclength; c->outcompression = myself->connection->outcompression; - c->last_ping_time = time(NULL); + c->last_ping_time = now.tv_sec; connection_add(c); - io_add(&c->io, handle_meta_io, c, c->socket, IO_READ); + io_add(&c->io, handle_meta_io, c, c->socket, IO_READ|IO_WRITE); return true; } @@ -542,6 +562,47 @@ void handle_new_meta_connection(void *data, int flags) { sockaddrunmap(&sa); + // Check if we get many connections from the same host + + static sockaddr_t prev_sa; + static time_t prev_time; + static int tarpit = -1; + + if(tarpit >= 0) { + closesocket(tarpit); + tarpit = -1; + } + + if(prev_time == now.tv_sec && !sockaddrcmp_noport(&sa, &prev_sa)) { + // if so, keep the connection open but ignore it completely. + tarpit = fd; + return; + } + + memcpy(&prev_sa, &sa, sizeof sa); + prev_time = now.tv_sec; + + // Check if we get many connections from different hosts + + static int connection_burst; + static int connection_burst_time; + + if(now.tv_sec - connection_burst_time > connection_burst) + connection_burst = 0; + else + connection_burst -= now.tv_sec - connection_burst_time; + + connection_burst_time = now.tv_sec; + connection_burst++; + + if(connection_burst >= max_connection_burst) { + connection_burst = max_connection_burst; + tarpit = fd; + return; + } + + // Accept the new connection + c = new_connection(); c->name = xstrdup(""); c->outcipher = myself->connection->outcipher; @@ -552,7 +613,7 @@ void handle_new_meta_connection(void *data, int flags) { c->address = sa; c->hostname = sockaddr2hostname(&sa); c->socket = fd; - c->last_ping_time = time(NULL); + c->last_ping_time = now.tv_sec; logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname); @@ -591,7 +652,7 @@ void handle_new_unix_connection(void *data, int flags) { c->address = sa; c->hostname = xstrdup("localhost port unix"); c->socket = fd; - c->last_ping_time = time(NULL); + c->last_ping_time = now.tv_sec; logger(DEBUG_CONNECTIONS, LOG_NOTICE, "Connection from %s", c->hostname); @@ -655,7 +716,7 @@ void try_outgoing_connections(void) { } if(!found) { - outgoing_t *outgoing = xmalloc_and_zero(sizeof *outgoing); + outgoing_t *outgoing = xzalloc(sizeof *outgoing); outgoing->name = name; list_insert_tail(outgoing_list, outgoing); setup_outgoing_connection(outgoing);