From: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu, 7 Feb 2013 13:22:28 +0000 (+0100)
Subject: Don't send proxy requests for incoming connections.
X-Git-Tag: release-1.1pre6~7
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=079dcd01794187d2857e1233f6c9930310812593

Don't send proxy requests for incoming connections.
---

diff --git a/src/meta.c b/src/meta.c
index 28c85cf0..3bf28093 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -189,14 +189,14 @@ bool receive_meta(connection_t *c) {
 					break;
 
 				if(!c->node) {
-					if(proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
+					if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
 						if(tcpbuffer[0] == 0 && tcpbuffer[1] == 0x5a) {
 							logger(DEBUG_CONNECTIONS, LOG_DEBUG, "Proxy request granted");
 						} else {
 							logger(DEBUG_CONNECTIONS, LOG_ERR, "Proxy request rejected");
 							return false;
 						}
-					} else if(proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
+					} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
 						if(tcpbuffer[0] != 5) {
 							logger(DEBUG_CONNECTIONS, LOG_ERR, "Invalid response from proxy server");
 							return false;
diff --git a/src/net_socket.c b/src/net_socket.c
index 0ba2bf31..cb2a6dfe 100644
--- a/src/net_socket.c
+++ b/src/net_socket.c
@@ -294,9 +294,6 @@ void retry_outgoing(outgoing_t *outgoing) {
 void finish_connecting(connection_t *c) {
 	logger(DEBUG_CONNECTIONS, LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
 
-	if(proxytype != PROXY_EXEC)
-		configure_tcp(c);
-
 	c->last_ping_time = time(NULL);
 	c->status.connecting = false;
 
@@ -459,6 +456,7 @@ begin:
 		}
 		logger(DEBUG_CONNECTIONS, LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
 		c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
+		configure_tcp(c);
 	}
 
 	if(c->socket == -1) {
diff --git a/src/protocol.c b/src/protocol.c
index bdc0378b..fc16ffe7 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -111,7 +111,7 @@ void forward_request(connection_t *from, const char *request) {
 }
 
 bool receive_request(connection_t *c, const char *request) {
-	if(proxytype == PROXY_HTTP && c->allow_request == ID) {
+	if(c->outgoing && proxytype == PROXY_HTTP && c->allow_request == ID) {
 		if(!request[0] || request[0] == '\r')
 			return true;
 		if(!strncasecmp(request, "HTTP/1.1 ", 9)) {
diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 1b061b39..f4a30a41 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -139,7 +139,7 @@ bool send_id(connection_t *c) {
 			minor = myself->connection->protocol_minor;
 	}
 
-	if(proxytype)
+	if(proxytype && c->outgoing)
 		if(!send_proxyrequest(c))
 			return false;