From: Guus Sliepen <guus@tinc-vpn.org>
Date: Thu, 7 Feb 2013 13:23:31 +0000 (+0100)
Subject: Don't send proxy requests for incoming connections.
X-Git-Tag: release-1.0.20~3
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=c6b1643c2bcc727db4aed69bc58eb1f31903fdcf

Don't send proxy requests for incoming connections.
---

diff --git a/src/meta.c b/src/meta.c
index e60c127a..27baf8fe 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -178,14 +178,14 @@ bool receive_meta(connection_t *c) {
 		if(c->tcplen) {
 			if(c->tcplen <= c->buflen) {
 				if(!c->node) {
-					if(proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
+					if(c->outgoing && proxytype == PROXY_SOCKS4 && c->allow_request == ID) {
 						if(c->buffer[0] == 0 && c->buffer[1] == 0x5a) {
 							logger(LOG_DEBUG, "Proxy request granted");
 						} else {
 							logger(LOG_ERR, "Proxy request rejected");
 							return false;
 						}
-					} else if(proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
+					} else if(c->outgoing && proxytype == PROXY_SOCKS5 && c->allow_request == ID) {
 						if(c->buffer[0] != 5) {
 							logger(LOG_ERR, "Invalid response from proxy server");
 							return false;
diff --git a/src/net_socket.c b/src/net_socket.c
index 2d1ecc50..e7634996 100644
--- a/src/net_socket.c
+++ b/src/net_socket.c
@@ -294,9 +294,6 @@ void retry_outgoing(outgoing_t *outgoing) {
 void finish_connecting(connection_t *c) {
 	ifdebug(CONNECTIONS) logger(LOG_INFO, "Connected to %s (%s)", c->name, c->hostname);
 
-	if(proxytype != PROXY_EXEC)
-		configure_tcp(c);
-
 	c->last_ping_time = now;
 
 	send_id(c);
@@ -419,6 +416,7 @@ begin:
 			goto begin;
 		ifdebug(CONNECTIONS) logger(LOG_INFO, "Using proxy at %s port %s", proxyhost, proxyport);
 		c->socket = socket(proxyai->ai_family, SOCK_STREAM, IPPROTO_TCP);
+		configure_tcp(c);
 	}
 
 	if(c->socket == -1) {
diff --git a/src/protocol.c b/src/protocol.c
index f36538e3..9ef90825 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -125,7 +125,7 @@ void forward_request(connection_t *from) {
 bool receive_request(connection_t *c) {
 	int request;
 
-	if(proxytype == PROXY_HTTP && c->allow_request == ID) {
+	if(c->outgoing && proxytype == PROXY_HTTP && c->allow_request == ID) {
 		if(!c->buffer[0] || c->buffer[0] == '\r')
 			return true;
 		if(!strncasecmp(c->buffer, "HTTP/1.1 ", 9)) {
diff --git a/src/protocol_auth.c b/src/protocol_auth.c
index 3bd34a01..5ae99e82 100644
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -126,7 +126,7 @@ static bool send_proxyrequest(connection_t *c) {
 }
 
 bool send_id(connection_t *c) {
-	if(proxytype)
+	if(proxytype && c->outgoing)
 		if(!send_proxyrequest(c))
 			return false;