/*
net_socket.c -- Handle various kinds of sockets.
Copyright (C) 1998-2005 Ivo Timmermans,
- 2000-2017 Guus Sliepen <guus@tinc-vpn.org>
+ 2000-2018 Guus Sliepen <guus@tinc-vpn.org>
2006 Scott Lamb <slamb@slamb.org>
2009 Florian Forster <octo@verplant.org>
int seconds_till_retry = 5;
int udp_rcvbuf = 1024 * 1024;
int udp_sndbuf = 1024 * 1024;
-int max_connection_burst = 100;
+int max_connection_burst = 10;
+int fwmark;
listen_socket_t listen_socket[MAXSOCKETS];
int listen_sockets;
option = IPTOS_LOWDELAY;
setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option));
#endif
+
+#if defined(SO_MARK)
+
+ if(fwmark) {
+ setsockopt(c->socket, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+ }
+
+#endif
}
static bool bind_to_interface(int sd) {
}
#else /* if !defined(SOL_SOCKET) || !defined(SO_BINDTODEVICE) */
+ (void)sd;
logger(DEBUG_ALWAYS, LOG_WARNING, "%s not supported on this platform", "BindToInterface");
#endif
#else
#warning IPV6_V6ONLY not defined
+#endif
+
+#if defined(SO_MARK)
+
+ if(fwmark) {
+ setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+ }
+
#endif
if(get_config_string
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ);
+ ifr.ifr_ifrn.ifrn_name[IFNAMSIZ - 1] = 0;
if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr))) {
closesocket(nfd);
logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_RCVBUF to %i: %s", udp_rcvbuf, sockstrerror(sockerrno));
}
+ {
+ // The system may cap the requested buffer size.
+ // Read back the value and check if it is now as requested.
+ int udp_rcvbuf_actual = -1;
+ socklen_t optlen = sizeof(udp_rcvbuf_actual);
+
+ if(getsockopt(nfd, SOL_SOCKET, SO_RCVBUF, (void *)&udp_rcvbuf_actual, &optlen)) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP SO_RCVBUF: %s", sockstrerror(sockerrno));
+ } else if(optlen != sizeof(udp_rcvbuf_actual)) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP SO_RCVBUF: Unexpected returned optlen %jd", (intmax_t) optlen);
+ } else {
+ if(udp_rcvbuf_actual != udp_rcvbuf) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_RCVBUF to %i, the system set it to %i instead", udp_rcvbuf, udp_rcvbuf_actual);
+ }
+ }
+ }
+
if(udp_sndbuf && setsockopt(nfd, SOL_SOCKET, SO_SNDBUF, (void *)&udp_sndbuf, sizeof(udp_sndbuf))) {
logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, sockstrerror(sockerrno));
}
+ {
+ // The system may cap the requested buffer size.
+ // Read back the value and check if it is now as requested.
+ int udp_sndbuf_actual = -1;
+ socklen_t optlen = sizeof(udp_sndbuf_actual);
+
+ if(getsockopt(nfd, SOL_SOCKET, SO_SNDBUF, (void *)&udp_sndbuf_actual, &optlen)) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP SO_SNDBUF: %s", sockstrerror(sockerrno));
+ } else if(optlen != sizeof(udp_sndbuf_actual)) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Can't read back UDP SO_SNDBUF: Unexpected returned optlen %jd", (intmax_t) optlen);
+ } else {
+ if(udp_sndbuf_actual != udp_sndbuf) {
+ logger(DEBUG_ALWAYS, LOG_WARNING, "Can't set UDP SO_SNDBUF to %i, the system set it to %i instead", udp_sndbuf, udp_sndbuf_actual);
+ }
+ }
+ }
+
#if defined(IPV6_V6ONLY)
if(sa->sa.sa_family == AF_INET6) {
setsockopt(nfd, IPPROTO_IPV6, IPV6_DONTFRAG, (void *)&option, sizeof(option));
}
+#endif
+
+#if defined(SO_MARK)
+
+ if(fwmark) {
+ setsockopt(nfd, SOL_SOCKET, SO_MARK, (void *)&fwmark, sizeof(fwmark));
+ }
+
#endif
if(!bind_to_interface(nfd)) {
send_id(c);
}
-static void do_outgoing_pipe(connection_t *c, char *command) {
+static void do_outgoing_pipe(connection_t *c, const char *command) {
#ifndef HAVE_MINGW
int fd[2];
exit(result);
#else
+ (void)c;
+ (void)command;
logger(DEBUG_ALWAYS, LOG_ERR, "Proxy type exec not supported on this platform!");
return;
#endif
int result;
begin:
- sa = get_recent_address(outgoing->address_cache);
+ sa = get_recent_address(outgoing->node->address_cache);
if(!sa) {
logger(DEBUG_CONNECTIONS, LOG_ERR, "Could not set up a meta connection to %s", outgoing->node->name);
}
void setup_outgoing_connection(outgoing_t *outgoing, bool verbose) {
+ (void)verbose;
timeout_del(&outgoing->ev);
node_t *n = outgoing->node;
+ if(!n->address_cache) {
+ n->address_cache = open_address_cache(n);
+ }
+
if(n->connection) {
logger(DEBUG_CONNECTIONS, LOG_INFO, "Already connected to %s", n->name);
}
}
- if(!outgoing->address_cache) {
- outgoing->address_cache = open_address_cache(n);
- }
-
do_outgoing_connection(outgoing);
return;
new connection
*/
void handle_new_meta_connection(void *data, int flags) {
+ (void)flags;
listen_socket_t *l = data;
connection_t *c;
sockaddr_t sa;
// Check if we get many connections from the same host
static sockaddr_t prev_sa;
- static int tarpit = -1;
-
- if(tarpit >= 0) {
- closesocket(tarpit);
- tarpit = -1;
- }
if(!sockaddrcmp_noport(&sa, &prev_sa)) {
static int samehost_burst;
samehost_burst++;
if(samehost_burst > max_connection_burst) {
- tarpit = fd;
+ tarpit(fd);
return;
}
}
if(connection_burst >= max_connection_burst) {
connection_burst = max_connection_burst;
- tarpit = fd;
+ tarpit(fd);
return;
}
connection_add(c);
c->allow_request = ID;
- send_id(c);
}
#ifndef HAVE_MINGW
accept a new UNIX socket connection
*/
void handle_new_unix_connection(void *data, int flags) {
+ (void)flags;
io_t *io = data;
connection_t *c;
sockaddr_t sa;
connection_add(c);
c->allow_request = ID;
-
- send_id(c);
}
#endif
static void free_outgoing(outgoing_t *outgoing) {
timeout_del(&outgoing->ev);
-
- if(outgoing->address_cache) {
- close_address_cache(outgoing->address_cache);
- }
-
free(outgoing);
}
if(!found) {
outgoing_t *outgoing = xzalloc(sizeof(*outgoing));
node_t *n = lookup_node(name);
+
if(!n) {
n = new_node();
n->name = xstrdup(name);
node_add(n);
}
+
outgoing->node = n;
list_insert_tail(outgoing_list, outgoing);
setup_outgoing_connection(outgoing, true);