void close_connections(int close_stderr)
{
int i;
+#if 0
close(0);
close(1);
if (close_stderr)
close(2);
+#endif
for (i = 3; i < MAXCONNECTIONS; ++i)
close(i);
}
close(fd);
return;
}
+ /*
+ * Disable IP (*not* TCP) options. In particular, this makes it impossible
+ * to use source routing to connect to the server. If we didn't do this
+ * (and if intermediate networks didn't drop source-routed packets), an
+ * attacker could successfully IP spoof us...and even return the anti-spoof
+ * ping, because the options would cause the packet to be routed back to
+ * the spoofer's machine. When we disable the IP options, we delete the
+ * source route, and the normal routing takes over.
+ */
+ os_disable_options(fd);
/*
* Add this local client to the IPcheck registry.
* Copy ascii address to 'sockhost' just in case. Then we have something
* valid to put into error messages...
*/
+ SetIPChecked(new_client);
ircd_ntoa_r(cli_sock_ip(new_client), (const char*) &addr.sin_addr);
strcpy(cli_sockhost(new_client), cli_sock_ip(new_client));
(cli_ip(new_client)).s_addr = addr.sin_addr.s_addr;
/* If there's still data to process, wait 2 seconds first */
if (DBufLength(&(cli_recvQ(cptr))) && !NoNewLine(cptr) &&
- !(cli_freeflag(cptr) & FREEFLAG_TIMER)) {
+ !t_onqueue(&(cli_proc(cptr)))) {
Debug((DEBUG_LIST, "Adding client process timer for %C", cptr));
cli_freeflag(cptr) |= FREEFLAG_TIMER;
timer_add(&(cli_proc(cptr)), client_timer_callback, cli_connect(cptr),
assert(0 == cptr || con == cli_connect(cptr));
- con_freeflag(con) &= ~FREEFLAG_TIMER; /* timer has expired... */
-
if (ev_type(ev)== ET_DESTROY) {
+ con_freeflag(con) &= ~FREEFLAG_TIMER; /* timer has expired... */
+
if (!con_freeflag(con) && !cptr)
free_connection(con); /* client is being destroyed */
} else {