From: Guus Sliepen Date: Sat, 18 Feb 2012 13:31:08 +0000 (+0100) Subject: Merge branch 'master' of black:tinc X-Git-Tag: release-1.0.17~21 X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=d1dcdf8eb6f800704be426b1ce6f6c1a8e65ba0d;hp=3b1fad04de6bed2f284fdf3d5b27d4162aeebc8c Merge branch 'master' of black:tinc --- diff --git a/THANKS b/THANKS index 4a6eae20..f26f268c 100644 --- a/THANKS +++ b/THANKS @@ -31,6 +31,7 @@ We would like to thank the following people for their contributions to tinc: * Menno Smits * Michael Tokarev * Miles Nordin +* Nick Hibma * Nick Patavalis * Paul Littlefield * Robert van der Meulen diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index 0fc1ca1e..746d820f 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -133,7 +133,10 @@ IPv6 listening sockets will be created. If your computer has more than one IPv4 or IPv6 address, .Nm tinc will by default listen on all of them for incoming connections. -It is possible to bind only to a single address with this variable. +Multiple +.Va BindToAddress +variables may be specified, +in which case listening sockets for each specified address are made. .Pp This option may not work on all platforms. diff --git a/doc/tinc.texi b/doc/tinc.texi index e69fb7e2..3bb44076 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -759,7 +759,8 @@ both IPv4 and IPv6 or just IPv6 listening sockets will be created. @item BindToAddress = <@var{address}> [experimental] If your computer has more than one IPv4 or IPv6 address, tinc will by default listen on all of them for incoming connections. -It is possible to bind only to a single address with this variable. +Multiple BindToAddress variables may be specified, +in which case listening sockets for each specified address are made. This option may not work on all platforms. diff --git a/src/bsd/device.c b/src/bsd/device.c index f1d3f9f4..45c2d5f6 100644 --- a/src/bsd/device.c +++ b/src/bsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction BSD tun/tap device Copyright (C) 2001-2005 Ivo Timmermans, - 2001-2011 Guus Sliepen + 2001-2012 Guus Sliepen 2009 Grzegorz Dymarek This program is free software; you can redistribute it and/or modify @@ -106,6 +106,10 @@ static bool setup_device(void) { return false; } +#ifdef FD_CLOEXEC + fcntl(device_fd, F_SETFD, FD_CLOEXEC); +#endif + switch(device_type) { default: device_type = DEVICE_TYPE_TUN; diff --git a/src/linux/device.c b/src/linux/device.c index 93d4b414..cbf21529 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -73,6 +73,10 @@ static bool setup_device(void) { return false; } +#ifdef FD_CLOEXEC + fcntl(device_fd, F_SETFD, FD_CLOEXEC); +#endif + #ifdef HAVE_LINUX_IF_TUN_H /* Ok now check if this is an old ethertap or a new tun/tap thingie */ diff --git a/src/net_setup.c b/src/net_setup.c index 3268f5db..e9a063a5 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -578,47 +578,54 @@ static bool setup_myself(void) { /* Open sockets */ - get_config_string(lookup_config(config_tree, "BindToAddress"), &address); + cfg = lookup_config(config_tree, "BindToAddress"); - hint.ai_family = addressfamily; - hint.ai_socktype = SOCK_STREAM; - hint.ai_protocol = IPPROTO_TCP; - hint.ai_flags = AI_PASSIVE; + do { + get_config_string(cfg, &address); + if(cfg) + cfg = lookup_config_next(config_tree, cfg); - err = getaddrinfo(address, myport, &hint, &ai); + hint.ai_family = addressfamily; + hint.ai_socktype = SOCK_STREAM; + hint.ai_protocol = IPPROTO_TCP; + hint.ai_flags = AI_PASSIVE; - if(err || !ai) { - logger(LOG_ERR, "System call `%s' failed: %s", "getaddrinfo", - gai_strerror(err)); - return false; - } + err = getaddrinfo(address, myport, &hint, &ai); + free(address); - listen_sockets = 0; + if(err || !ai) { + logger(LOG_ERR, "System call `%s' failed: %s", "getaddrinfo", + gai_strerror(err)); + return false; + } - for(aip = ai; aip; aip = aip->ai_next) { - listen_socket[listen_sockets].tcp = - setup_listen_socket((sockaddr_t *) aip->ai_addr); + listen_sockets = 0; - if(listen_socket[listen_sockets].tcp < 0) - continue; + for(aip = ai; aip; aip = aip->ai_next) { + listen_socket[listen_sockets].tcp = + setup_listen_socket((sockaddr_t *) aip->ai_addr); - listen_socket[listen_sockets].udp = - setup_vpn_in_socket((sockaddr_t *) aip->ai_addr); + if(listen_socket[listen_sockets].tcp < 0) + continue; - if(listen_socket[listen_sockets].udp < 0) - continue; + listen_socket[listen_sockets].udp = + setup_vpn_in_socket((sockaddr_t *) aip->ai_addr); - ifdebug(CONNECTIONS) { - hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr); - logger(LOG_NOTICE, "Listening on %s", hostname); - free(hostname); - } + if(listen_socket[listen_sockets].udp < 0) + continue; - memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen); - listen_sockets++; - } + ifdebug(CONNECTIONS) { + hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr); + logger(LOG_NOTICE, "Listening on %s", hostname); + free(hostname); + } + + memcpy(&listen_socket[listen_sockets].sa, aip->ai_addr, aip->ai_addrlen); + listen_sockets++; + } - freeaddrinfo(ai); + freeaddrinfo(ai); + } while(cfg); if(listen_sockets) logger(LOG_NOTICE, "Ready"); diff --git a/src/net_socket.c b/src/net_socket.c index a45bc204..d8bb0078 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -1,7 +1,7 @@ /* net_socket.c -- Handle various kinds of sockets. Copyright (C) 1998-2005 Ivo Timmermans, - 2000-2010 Guus Sliepen + 2000-2012 Guus Sliepen 2006 Scott Lamb 2009 Florian Forster @@ -180,6 +180,10 @@ int setup_listen_socket(const sockaddr_t *sa) { return -1; } +#ifdef FD_CLOEXEC + fcntl(nfd, F_SETFD, FD_CLOEXEC); +#endif + /* Optimize TCP settings */ option = 1; @@ -238,6 +242,10 @@ int setup_vpn_in_socket(const sockaddr_t *sa) { return -1; } +#ifdef FD_CLOEXEC + fcntl(nfd, F_SETFD, FD_CLOEXEC); +#endif + #ifdef O_NONBLOCK { int flags = fcntl(nfd, F_GETFL); @@ -410,6 +418,10 @@ begin: c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); +#ifdef FD_CLOEXEC + fcntl(c->socket, F_SETFD, FD_CLOEXEC); +#endif + if(c->socket == -1) { ifdebug(CONNECTIONS) logger(LOG_ERR, "Creating socket for %s failed: %s", c->hostname, sockstrerror(sockerrno)); goto begin; diff --git a/src/raw_socket_device.c b/src/raw_socket_device.c index 90ccedfc..e2692ecc 100644 --- a/src/raw_socket_device.c +++ b/src/raw_socket_device.c @@ -1,7 +1,7 @@ /* device.c -- raw socket Copyright (C) 2002-2005 Ivo Timmermans, - 2002-2011 Guus Sliepen + 2002-2012 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -53,6 +53,10 @@ static bool setup_device(void) { return false; } +#ifdef FD_CLOEXEC + fcntl(device_fd, F_SETFD, FD_CLOEXEC); +#endif + memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) { diff --git a/src/solaris/device.c b/src/solaris/device.c index 579cece0..969b514a 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Solaris tun device Copyright (C) 2001-2005 Ivo Timmermans, - 2001-2011 Guus Sliepen + 2001-2012 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -55,6 +55,10 @@ static bool setup_device(void) { return false; } +#ifdef FD_CLOEXEC + fcntl(device_fd, F_SETFD, FD_CLOEXEC); +#endif + ppa = 0; ptr = device; @@ -67,6 +71,10 @@ static bool setup_device(void) { return false; } +#ifdef FD_CLOEXEC + fcntl(ip_fd, F_SETFD, FD_CLOEXEC); +#endif + /* Assign a new PPA and get its unit number. */ if((ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0) { logger(LOG_ERR, "Can't assign new interface: %s", strerror(errno)); @@ -79,6 +87,10 @@ static bool setup_device(void) { return false; } +#ifdef FD_CLOEXEC + fcntl(if_fd, F_SETFD, FD_CLOEXEC); +#endif + if(ioctl(if_fd, I_PUSH, "ip") < 0) { logger(LOG_ERR, "Can't push IP module: %s", strerror(errno)); return false; diff --git a/src/uml_device.c b/src/uml_device.c index 26bcb01c..a0b87f93 100644 --- a/src/uml_device.c +++ b/src/uml_device.c @@ -1,7 +1,7 @@ /* device.c -- UML network socket Copyright (C) 2002-2005 Ivo Timmermans, - 2002-2011 Guus Sliepen + 2002-2012 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -77,6 +77,10 @@ static bool setup_device(void) { return false; } +#ifdef FD_CLOEXEC + fcntl(write_fd, F_SETFD, FD_CLOEXEC); +#endif + setsockopt(write_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof one); if(fcntl(write_fd, F_SETFL, O_NONBLOCK) < 0) { @@ -91,6 +95,10 @@ static bool setup_device(void) { return false; } +#ifdef FD_CLOEXEC + fcntl(data_fd, F_SETFD, FD_CLOEXEC); +#endif + setsockopt(data_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof one); if(fcntl(data_fd, F_SETFL, O_NONBLOCK) < 0) { @@ -118,6 +126,10 @@ static bool setup_device(void) { return false; } +#ifdef FD_CLOEXEC + fcntl(device_fd, F_SETFD, FD_CLOEXEC); +#endif + setsockopt(listen_fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof one); if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) { @@ -181,6 +193,10 @@ static bool read_packet(vpn_packet_t *packet) { return false; } +#ifdef FD_CLOEXEC + fcntl(request_fd, F_SETFD, FD_CLOEXEC); +#endif + if(fcntl(listen_fd, F_SETFL, O_NONBLOCK) < 0) { logger(LOG_ERR, "System call `%s' failed: %s", "fcntl", strerror(errno)); running = false; diff --git a/src/vde_device.c b/src/vde_device.c index 8f601e79..258945ed 100644 --- a/src/vde_device.c +++ b/src/vde_device.c @@ -1,6 +1,6 @@ /* device.c -- VDE plug - Copyright (C) 2011 Guus Sliepen + Copyright (C) 2012 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -74,6 +74,10 @@ static bool setup_device(void) { device_fd = plug.vde_datafd(conn); +#ifdef FD_CLOEXEC + fcntl(device_fd, F_SETFD, FD_CLOEXEC); +#endif + logger(LOG_INFO, "%s is a %s", device, device_info); if(routing_mode == RMODE_ROUTER)