X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fnet_socket.c;h=6195c16c74550b084cc1fa7097b11390bf347f79;hp=6b3c7d2f76460c366d6ec45794cada2d53afea7e;hb=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a;hpb=3fae14fae5a347823679ef694ab630b4991a201d diff --git a/src/net_socket.c b/src/net_socket.c index 6b3c7d2f..6195c16c 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -77,12 +77,12 @@ static void configure_tcp(connection_t *c) { setsockopt(c->socket, SOL_TCP, TCP_NODELAY, (void *)&option, sizeof(option)); #endif -#if defined(SOL_IP) && defined(IP_TOS) && defined(IPTOS_LOWDELAY) +#if defined(IP_TOS) && defined(IPTOS_LOWDELAY) option = IPTOS_LOWDELAY; - setsockopt(c->socket, SOL_IP, IP_TOS, (void *)&option, sizeof(option)); + setsockopt(c->socket, IPPROTO_IP, IP_TOS, (void *)&option, sizeof(option)); #endif -#if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY) +#if defined(IPV6_TCLASS) && defined(IPTOS_LOWDELAY) option = IPTOS_LOWDELAY; setsockopt(c->socket, IPPROTO_IPV6, IPV6_TCLASS, (void *)&option, sizeof(option)); #endif @@ -142,12 +142,14 @@ int setup_listen_socket(const sockaddr_t *sa) { option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, (void *)&option, sizeof(option)); -#if defined(SOL_IPV6) && defined(IPV6_V6ONLY) +#if defined(IPV6_V6ONLY) if(sa->sa.sa_family == AF_INET6) { - setsockopt(nfd, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option)); + setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option)); } +#else +#warning IPV6_V6ONLY not defined #endif if(get_config_string(lookup_config(config_tree, "BindToInterface"), &iface)) { @@ -238,7 +240,7 @@ int setup_vpn_in_socket(const sockaddr_t *sa) { logger(LOG_WARNING, "Can't set UDP SO_SNDBUF to %i: %s", udp_sndbuf, strerror(errno)); } -#if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY) +#if defined(IPV6_V6ONLY) if(sa->sa.sa_family == AF_INET6) { setsockopt(nfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option)); @@ -250,14 +252,14 @@ int setup_vpn_in_socket(const sockaddr_t *sa) { #define IP_DONTFRAGMENT IP_DONTFRAG #endif -#if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) +#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) if(myself->options & OPTION_PMTU_DISCOVERY) { option = IP_PMTUDISC_DO; - setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option)); + setsockopt(nfd, IPPROTO_IP, IP_MTU_DISCOVER, (void *)&option, sizeof(option)); } -#elif defined(IPPROTO_IP) && defined(IP_DONTFRAGMENT) +#elif defined(IP_DONTFRAGMENT) if(myself->options & OPTION_PMTU_DISCOVERY) { option = 1; @@ -266,14 +268,14 @@ int setup_vpn_in_socket(const sockaddr_t *sa) { #endif -#if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) +#if defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) if(myself->options & OPTION_PMTU_DISCOVERY) { option = IPV6_PMTUDISC_DO; - setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option)); + setsockopt(nfd, IPPROTO_IPV6, IPV6_MTU_DISCOVER, (void *)&option, sizeof(option)); } -#elif defined(IPPROTO_IPV6) && defined(IPV6_DONTFRAG) +#elif defined(IPV6_DONTFRAG) if(myself->options & OPTION_PMTU_DISCOVERY) { option = 1; @@ -509,11 +511,11 @@ connect: #endif if(proxytype != PROXY_EXEC) { -#if defined(SOL_IPV6) && defined(IPV6_V6ONLY) +#if defined(IPV6_V6ONLY) int option = 1; if(c->address.sa.sa_family == AF_INET6) { - setsockopt(c->socket, SOL_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option)); + setsockopt(c->socket, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&option, sizeof(option)); } #endif @@ -637,6 +639,9 @@ void setup_outgoing_connection(outgoing_t *outgoing) { new connection */ bool handle_new_meta_connection(int sock) { + static const int max_accept_burst = 10; + static int last_accept_burst; + static int last_accept_time; connection_t *c; sockaddr_t sa; int fd; @@ -649,6 +654,22 @@ bool handle_new_meta_connection(int sock) { return false; } + if(last_accept_time == now) { + last_accept_burst++; + + if(last_accept_burst >= max_accept_burst) { + if(last_accept_burst == max_accept_burst) { + ifdebug(CONNECTIONS) logger(LOG_WARNING, "Throttling incoming connections"); + } + + tarpit(fd); + return false; + } + } else { + last_accept_burst = 0; + last_accept_time = now; + } + sockaddrunmap(&sa); c = new_connection(); @@ -670,7 +691,6 @@ bool handle_new_meta_connection(int sock) { connection_add(c); c->allow_request = ID; - send_id(c); return true; }