X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_socket.c;h=60dd81da433a93956e3bfc80826922187a6024fe;hp=cfcf1c39cded444cac8049c4910028e5116e2537;hb=54b16b18dd5ee116df4eb5d830ddb8707c38e425;hpb=e913f3f232e4809b7218d081ab9f94cef1c94ac3

diff --git a/src/net_socket.c b/src/net_socket.c
index cfcf1c39..60dd81da 100644
--- a/src/net_socket.c
+++ b/src/net_socket.c
@@ -1,7 +1,7 @@
 /*
     net_socket.c -- Handle various kinds of sockets.
     Copyright (C) 1998-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2017 Guus Sliepen <guus@tinc-vpn.org>
                   2006      Scott Lamb <slamb@slamb.org>
                   2009      Florian Forster <octo@verplant.org>
 
@@ -31,6 +31,7 @@
 #include "net.h"
 #include "netutl.h"
 #include "protocol.h"
+#include "proxy.h"
 #include "utils.h"
 #include "xalloc.h"
 
@@ -40,6 +41,7 @@
 #endif
 
 int addressfamily = AF_UNSPEC;
+int mintimeout = 0;
 int maxtimeout = 900;
 int seconds_till_retry = 5;
 int udp_rcvbuf = 0;
@@ -77,6 +79,11 @@ static void configure_tcp(connection_t *c) {
 	option = IPTOS_LOWDELAY;
 	setsockopt(c->socket, SOL_IP, IP_TOS, (void *)&option, sizeof(option));
 #endif
+
+#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY)
+	option = IPTOS_LOWDELAY;
+	setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
+#endif
 }
 
 static bool bind_to_interface(int sd) {
@@ -102,7 +109,6 @@ static bool bind_to_interface(int sd) {
 		return false;
 	}
 
-	free(iface);
 #else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
 	logger(LOG_WARNING, "%s not supported on this platform", "BindToInterface");
 #endif
@@ -241,8 +247,6 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
 		option = 1;
 		setsockopt(nfd, IPPROTO_IP, IP_DONTFRAGMENT, (void *)&option, sizeof(option));
 	}
-#else
-#warning No way to disable IPv4 fragmentation
 #endif
 
 #if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
@@ -255,8 +259,6 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
 		option = 1;
 		setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
 	}
-#else
-#warning No way to disable IPv6 fragmentation
 #endif
 
 	if (!bind_to_interface(nfd)) {
@@ -278,6 +280,9 @@ int setup_vpn_in_socket(const sockaddr_t *sa) {
 void retry_outgoing(outgoing_t *outgoing) {
 	outgoing->timeout += 5;
 
+	if(outgoing->timeout < mintimeout)
+		outgoing->timeout = mintimeout;
+
 	if(outgoing->timeout > maxtimeout)
 		outgoing->timeout = maxtimeout;
 
@@ -350,8 +355,19 @@ static void do_outgoing_pipe(connection_t *c, char *command) {
 #endif
 }
 
+static bool is_valid_host_port(const char *host, const char *port) {
+	for(const char *p = host; *p; p++)
+		if(!isalnum(*p) && *p != '-' && *p != '.')
+			return false;
+
+	for(const char *p = port; *p; p++)
+		if(!isalnum(*p))
+			return false;
+
+	return true;
+}
+
 void do_outgoing_connection(connection_t *c) {
-	char *address, *port, *space;
 	struct addrinfo *proxyai = NULL;
 	int result;
 
@@ -371,6 +387,8 @@ begin:
 			return;
 		}
 
+		char *address, *port, *space;
+
 		get_config_string(c->outgoing->cfg, &address);
 
 		space = strchr(address, ' ');
@@ -383,11 +401,23 @@ begin:
 		}
 
 		c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM);
-		free(address);
-		free(port);
+
+		// If we cannot resolve the address, maybe we are using a proxy that can?
+		if(!c->outgoing->ai && proxytype != PROXY_NONE && is_valid_host_port(address, port)) {
+			memset(&c->address, 0, sizeof c->address);
+			c->address.sa.sa_family = AF_UNKNOWN;
+			c->address.unknown.address = address;
+			c->address.unknown.port = port;
+		} else {
+			free(address);
+			free(port);
+		}
 
 		c->outgoing->aip = c->outgoing->ai;
 		c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg);
+
+		if(!c->outgoing->ai && proxytype != PROXY_NONE)
+			goto connect;
 	}
 
 	if(!c->outgoing->aip) {
@@ -400,6 +430,7 @@ begin:
 	memcpy(&c->address, c->outgoing->aip->ai_addr, c->outgoing->aip->ai_addrlen);
 	c->outgoing->aip = c->outgoing->aip->ai_next;
 
+connect:
 	if(c->hostname)
 		free(c->hostname);
 
@@ -411,6 +442,7 @@ begin:
 	if(!proxytype) {
 		c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
 	} else if(proxytype == PROXY_EXEC) {
+		c->status.proxy_passed = true;
 		do_outgoing_pipe(c, proxyhost);
 	} else {
 		proxyai = str2addrinfo(proxyhost, proxyport, SOCK_STREAM);
@@ -442,6 +474,33 @@ begin:
 		bind_to_interface(c->socket);
 	}
 
+	int b = -1;
+
+	for(int i = 0; i < listen_sockets; i++) {
+		if(listen_socket[i].sa.sa.sa_family == c->address.sa.sa_family) {
+			if(b == -1) {
+				b = i;
+			} else  {
+				b = -1;
+				break;
+			}
+		}
+	}
+
+	if(b != -1) {
+		sockaddr_t sa = listen_socket[b].sa;
+		if(sa.sa.sa_family == AF_INET)
+			sa.in.sin_port = 0;
+		else if(sa.sa.sa_family == AF_INET6)
+			sa.in6.sin6_port = 0;
+
+		if(bind(c->socket, &sa.sa, SALEN(sa.sa))) {
+			char *addrstr = sockaddr2hostname(&sa);
+			logger(LOG_ERR, "Can't bind to %s/tcp: %s", addrstr, sockstrerror(sockerrno));
+			free(addrstr);
+		}
+	}
+
 	/* Connect */
 
 	if(!proxytype) {
@@ -453,8 +512,11 @@ begin:
 		freeaddrinfo(proxyai);
 	}
 
+	now = time(NULL);
+
 	if(result == -1) {
 		if(sockinprogress(sockerrno)) {
+			c->last_ping_time = now;
 			c->status.connecting = true;
 			return;
 		}
@@ -495,13 +557,20 @@ void setup_outgoing_connection(outgoing_t *outgoing) {
 	c->outcompression = myself->connection->outcompression;
 
 	init_configuration(&c->config_tree);
-	read_connection_config(c);
+	if(!read_connection_config(c)) {
+		free_connection(c);
+		outgoing->timeout = maxtimeout;
+		retry_outgoing(outgoing);
+		return;
+	}
 
 	outgoing->cfg = lookup_config(c->config_tree, "Address");
 
 	if(!outgoing->cfg) {
 		logger(LOG_ERR, "No address specified for %s", c->name);
 		free_connection(c);
+		outgoing->timeout = maxtimeout;
+		retry_outgoing(outgoing);
 		return;
 	}