* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * $Id$
+ */
+/** @file
+ * @brief Functions that now (or in the past) relied on BSD APIs.
+ * @version $Id$
*/
#include "config.h"
#include "channel.h"
#include "class.h"
#include "hash.h"
+#include "ircd_alloc.h"
#include "ircd_log.h"
#include "ircd_features.h"
#include "ircd_osdep.h"
#include "s_misc.h"
#include "s_user.h"
#include "send.h"
+#include "ssl.h"
#include "struct.h"
-#include "support.h"
#include "sys.h"
#include "uping.h"
#include "version.h"
-#include <arpa/inet.h>
-#include <arpa/nameser.h>
-#include <assert.h>
+/* #include <assert.h> -- Now using assert in ircd_log.h */
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
-#include <resolv.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/utsname.h>
#include <unistd.h>
-#ifdef USE_POLL
-#include <sys/poll.h>
-#endif /* USE_POLL */
-
-#ifndef INADDR_NONE
-#define INADDR_NONE 0xffffffff
-#endif
-
+/** Array of my own clients, indexed by file descriptor. */
struct Client* LocalClientArray[MAXCONNECTIONS];
+/** Maximum file descriptor in current use. */
int HighestFd = -1;
-struct sockaddr_in VirtualHost;
+/** Default local address for outbound IPv4 connections. */
+struct irc_sockaddr VirtualHost_v4;
+/** Default local address for outbound IPv6 connections. */
+struct irc_sockaddr VirtualHost_v6;
+/** Temporary buffer for reading data from a peer. */
static char readbuf[SERVER_TCP_WINDOW];
/*
static void client_sock_callback(struct Event* ev);
static void client_timer_callback(struct Event* ev);
-#if !defined(USE_POLL)
-#if FD_SETSIZE < (MAXCONNECTIONS + 4)
-/*
- * Sanity check
- *
- * All operating systems work when MAXCONNECTIONS <= 252.
- * Most operating systems work when MAXCONNECTIONS <= 1020 and FD_SETSIZE is
- * updated correctly in the system headers (on BSD systems our sys.h has
- * defined FD_SETSIZE to MAXCONNECTIONS+4 before including the system's headers
- * but sys/types.h might have abruptly redefined it so the check is still
- * done), you might already need to recompile your kernel.
- * For larger FD_SETSIZE your milage may vary (kernel patches may be needed).
- * The check is _NOT_ done if we will not use FD_SETS at all (USE_POLL)
- */
-#error "FD_SETSIZE is too small or MAXCONNECTIONS too large."
-#endif
-#endif
-
/*
* Cannot use perror() within daemon. stderr is closed in
* been reassigned to a normal connection...
*/
-/*
- * report_error
- *
- * This a replacement for perror(). Record error to log and
- * also send a copy to all *LOCAL* opers online.
- *
- * text is a *format* string for outputting error. It must
- * contain only two '%s', the first will be replaced
- * by the sockhost from the cptr, and the latter will
- * be taken from sys_errlist[errno].
- *
- * cptr if not NULL, is the *LOCAL* client associated with
- * the error.
+/** Replacement for perror(). Record error to log. Send a copy to all
+ * *LOCAL* opers, but only if no errors were sent to them in the last
+ * 20 seconds.
+ * @param text A *format* string for outputting error. It must contain
+ * only two '%s', the first will be replaced by the sockhost from the
+ * cptr, and the latter will be taken from sys_errlist[errno].
+ * @param who The client associated with the error.
+ * @param err The errno value to display.
*/
void report_error(const char* text, const char* who, int err)
{
if (EmptyString(who))
who = "unknown";
- if (last_notice + 20 < CurrentTime) {
- /*
- * pace error messages so opers don't get flooded by transients
- */
- sendto_opmask_butone(0, SNO_OLDSNO, text, who, errmsg);
- last_notice = CurrentTime;
- }
+ sendto_opmask_butone_ratelimited(0, SNO_OLDSNO, &last_notice, text, who, errmsg);
log_write(LS_SOCKET, L_ERROR, 0, text, who, errmsg);
errno = errtmp;
}
-/*
- * connect_dns_callback - called when resolver query finishes
- * if the query resulted in a successful search, reply will contain
- * a non-null pointer, otherwise reply will be null.
- * if successful start the connection, otherwise notify opers
+/** Called when resolver query finishes. If the DNS lookup was
+ * successful, start the connection; otherwise notify opers of the
+ * failure.
+ * @param vptr The struct ConfItem representing the Connect block.
+ * @param hp A pointer to the DNS lookup results (NULL on failure).
*/
-static void connect_dns_callback(void* vptr, struct DNSReply* reply)
+static void connect_dns_callback(void* vptr, const struct irc_in_addr *addr, const char *h_name)
{
struct ConfItem* aconf = (struct ConfItem*) vptr;
+ assert(aconf);
aconf->dns_pending = 0;
- if (reply) {
- memcpy(&aconf->ipnum, reply->hp->h_addr, sizeof(struct in_addr));
- connect_server(aconf, 0, reply);
+ if (addr) {
+ memcpy(&aconf->address, addr, sizeof(aconf->address));
+ connect_server(aconf, 0);
}
else
sendto_opmask_butone(0, SNO_OLDSNO, "Connect to %s failed: host lookup",
aconf->name);
}
-/*
- * close_connections - closes all connections
- * close stderr if specified
+/** Closes all file descriptors.
+ * @param close_stderr If non-zero, also close stderr.
*/
void close_connections(int close_stderr)
{
int i;
- close(0);
- close(1);
if (close_stderr)
+ {
+ close(0);
+ close(1);
close(2);
+ }
for (i = 3; i < MAXCONNECTIONS; ++i)
close(i);
}
-/*
- * init_connection_limits - initialize process fd limit to
- * MAXCONNECTIONS
+/** Initialize process fd limit to MAXCONNECTIONS.
*/
int init_connection_limits(void)
{
if (0 == limit)
return 1;
if (limit < 0) {
- fprintf(stderr, "error setting max fd's to %d\n", limit);
+ fprintf(stderr, "error setting max fds to %d: %s\n", limit, strerror(errno));
}
else if (limit > 0) {
fprintf(stderr, "ircd fd table too big\nHard Limit: %d IRC max: %d\n",
return 0;
}
-/*
- * connect_inet - set up address and port and make a connection
+/** Set up address and port and make a connection.
+ * @param aconf Provides the connection information.
+ * @param cptr Client structure for the peer.
+ * @return Non-zero on success; zero on failure.
*/
static int connect_inet(struct ConfItem* aconf, struct Client* cptr)
{
- static struct sockaddr_in sin;
+ const struct irc_sockaddr *local;
IOResult result;
+ int family = 0;
+
assert(0 != aconf);
assert(0 != cptr);
/*
* Might as well get sockhost from here, the connection is attempted
* with it so if it fails its useless.
*/
- cli_fd(cptr) = socket(AF_INET, SOCK_STREAM, 0);
- if (-1 == cli_fd(cptr)) {
- cli_error(cptr) = errno;
- report_error(SOCKET_ERROR_MSG, cli_name(cptr), errno);
- return 0;
- }
- if (cli_fd(cptr) >= MAXCLIENTS) {
- report_error(CONNLIMIT_ERROR_MSG, cli_name(cptr), 0);
- close(cli_fd(cptr));
- cli_fd(cptr) = -1;
- return 0;
- }
- /*
- * Bind to a local IP# (with unknown port - let unix decide) so
- * we have some chance of knowing the IP# that gets used for a host
- * with more than one IP#.
- *
- * No we don't bind it, not all OS's can handle connecting with
- * an already bound socket, different ip# might occur anyway
- * leading to a freezing select() on this side for some time.
- * I had this on my Linux 1.1.88 --Run
- */
-
- /*
- * No, we do bind it if we have virtual host support. If we don't
- * explicitly bind it, it will default to IN_ADDR_ANY and we lose
- * due to the other server not allowing our base IP --smg
- */
- if (feature_bool(FEAT_VIRTUAL_HOST) &&
- bind(cli_fd(cptr), (struct sockaddr*) &VirtualHost,
- sizeof(VirtualHost))) {
- report_error(BIND_ERROR_MSG, cli_name(cptr), errno);
- close(cli_fd(cptr));
- cli_fd(cptr) = -1;
+ if (irc_in_addr_valid(&aconf->origin.addr))
+ local = &aconf->origin;
+ else if (irc_in_addr_is_ipv4(&aconf->address.addr)) {
+ local = &VirtualHost_v4;
+ family = AF_INET;
+ } else
+ local = &VirtualHost_v6;
+ cli_fd(cptr) = os_socket(local, SOCK_STREAM, cli_name(cptr), family);
+ if (cli_fd(cptr) < 0)
return 0;
- }
- memset(&sin, 0, sizeof(sin));
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = aconf->ipnum.s_addr;
- sin.sin_port = htons(aconf->port);
/*
* save connection info in client
*/
- (cli_ip(cptr)).s_addr = aconf->ipnum.s_addr;
- cli_port(cptr) = aconf->port;
- ircd_ntoa_r(cli_sock_ip(cptr), (const char*) &(cli_ip(cptr)));
+ memcpy(&cli_ip(cptr), &aconf->address.addr, sizeof(cli_ip(cptr)));
+ ircd_ntoa_r(cli_sock_ip(cptr), &cli_ip(cptr));
/*
* we want a big buffer for server connections
*/
- if (!os_set_sockbufs(cli_fd(cptr), SERVER_TCP_WINDOW)) {
+ if (!os_set_sockbufs(cli_fd(cptr), feature_int(FEAT_SOCKSENDBUF), feature_int(FEAT_SOCKRECVBUF))) {
cli_error(cptr) = errno;
report_error(SETBUFS_ERROR_MSG, cli_name(cptr), errno);
close(cli_fd(cptr));
return 0;
}
/*
- * ALWAYS set sockets non-blocking
+ * Set the TOS bits - this is nonfatal if it doesn't stick.
*/
- if (!os_set_nonblocking(cli_fd(cptr))) {
- cli_error(cptr) = errno;
- report_error(NONB_ERROR_MSG, cli_name(cptr), errno);
- close(cli_fd(cptr));
- cli_fd(cptr) = -1;
- return 0;
+ if (!os_set_tos(cli_fd(cptr), feature_int(FEAT_TOS_SERVER))) {
+ report_error(TOS_ERROR_MSG, cli_name(cptr), errno);
}
- if ((result = os_connect_nonb(cli_fd(cptr), &sin)) == IO_FAILURE) {
+ if ((result = os_connect_nonb(cli_fd(cptr), &aconf->address)) == IO_FAILURE) {
cli_error(cptr) = errno;
report_error(CONNECT_ERROR_MSG, cli_name(cptr), errno);
close(cli_fd(cptr));
cli_fd(cptr) = -1;
return 0;
}
+
if (!socket_add(&(cli_socket(cptr)), client_sock_callback,
(void*) cli_connect(cptr),
(result == IO_SUCCESS) ? SS_CONNECTED : SS_CONNECTING,
cli_fd(cptr) = -1;
return 0;
}
+
+ if(aconf->usessl) {
+ struct SSLConnection *ssl = ssl_create_connect(cli_fd(cptr), cptr, SSLData_Client);
+ cli_connect(cptr)->con_ssl = ssl;
+ if(ssl_handshake(ssl)) {
+ unsigned int events = 0;
+ if(ssl_wantread(ssl))
+ events |= SOCK_EVENT_READABLE;
+ if(ssl_wantwrite(ssl))
+ events |= SOCK_EVENT_WRITABLE;
+ socket_events(&(cli_socket(cptr)), SOCK_ACTION_SET | events);
+ result = IO_BLOCKED;
+ }
+ }
+
cli_freeflag(cptr) |= FREEFLAG_SOCKET;
return 1;
}
-/*
- * deliver_it
- * Attempt to send a sequence of bytes to the connection.
- * Returns
- *
- * < 0 Some fatal error occurred, (but not EWOULDBLOCK).
- * This return is a request to close the socket and
- * clean up the link.
- *
- * >= 0 No real error occurred, returns the number of
- * bytes actually transferred. EWOULDBLOCK and other
- * possibly similar conditions should be mapped to
- * zero return. Upper level routine will have to
- * decide what to do with those unwritten bytes...
- *
- * *NOTE* alarm calls have been preserved, so this should
- * work equally well whether blocking or non-blocking
- * mode is used...
- *
- * We don't use blocking anymore, that is impossible with the
- * net.loads today anyway. Commented out the alarms to save cpu.
- * --Run
+/** Attempt to send a sequence of bytes to the connection.
+ * As a side effect, updates \a cptr's FLAG_BLOCKED setting
+ * and sendB/sendK fields.
+ * @param cptr Client that should receive data.
+ * @param buf Message buffer to send to client.
+ * @return Negative on connection-fatal error; otherwise
+ * number of bytes sent.
*/
unsigned int deliver_it(struct Client *cptr, struct MsgQ *buf)
{
unsigned int bytes_written = 0;
unsigned int bytes_count = 0;
+ IOResult result;
assert(0 != cptr);
- switch (os_sendv_nonb(cli_fd(cptr), buf, &bytes_count, &bytes_written)) {
+ if(cli_connect(cptr)->con_ssl) {
+ result = ssl_send_encrypt(cli_connect(cptr)->con_ssl, buf, &bytes_count, &bytes_written);
+ } else {
+ result = os_sendv_nonb(cli_fd(cptr), buf, &bytes_count, &bytes_written);
+ }
+
+ switch (result) {
case IO_SUCCESS:
- cli_flags(cptr) &= ~FLAGS_BLOCKED;
+ ClrFlag(cptr, FLAG_BLOCKED);
cli_sendB(cptr) += bytes_written;
cli_sendB(&me) += bytes_written;
- if (cli_sendB(cptr) > 1023) {
- cli_sendK(cptr) += (cli_sendB(cptr) >> 10);
- cli_sendB(cptr) &= 0x03ff; /* 2^10 = 1024, 3ff = 1023 */
- }
- if (cli_sendB(&me) > 1023) {
- cli_sendK(&me) += (cli_sendB(&me) >> 10);
- cli_sendB(&me) &= 0x03ff;
- }
- /*
- * XXX - hrmm.. set blocked here? the socket didn't
- * say it was blocked
- */
+ /* A partial write implies that future writes will block. */
if (bytes_written < bytes_count)
- cli_flags(cptr) |= FLAGS_BLOCKED;
+ SetFlag(cptr, FLAG_BLOCKED);
break;
case IO_BLOCKED:
- cli_flags(cptr) |= FLAGS_BLOCKED;
+ SetFlag(cptr, FLAG_BLOCKED);
break;
case IO_FAILURE:
cli_error(cptr) = errno;
- cli_flags(cptr) |= FLAGS_DEADSOCKET;
+ SetFlag(cptr, FLAG_DEADSOCKET);
break;
}
return bytes_written;
}
-
-void release_dns_reply(struct Client* cptr)
-{
- assert(0 != cptr);
- assert(MyConnect(cptr));
-
- if (cli_dns_reply(cptr)) {
- assert(0 < cli_dns_reply(cptr)->ref_count);
- --(cli_dns_reply(cptr))->ref_count;
- cli_dns_reply(cptr) = 0;
- }
-}
-
-/*
- * completed_connection
- *
- * Complete non-blocking connect()-sequence. Check access and
+/** Complete non-blocking connect()-sequence. Check access and
* terminate connection, if trouble detected.
- *
- * Return TRUE, if successfully completed
- * FALSE, if failed and ClientExit
+ * @param cptr Client to which we have connected, with all ConfItem structs attached.
+ * @return Zero on failure (caller should exit_client()), non-zero on success.
*/
-static int completed_connection(struct Client* cptr)
+int completed_connection(struct Client* cptr)
{
struct ConfItem *aconf;
time_t newts;
* Make us timeout after twice the timeout for DNS look ups
*/
cli_lasttime(cptr) = CurrentTime;
- cli_flags(cptr) |= FLAGS_PINGSENT;
+ ClearPingSent(cptr);
- sendrawto_one(cptr, MSG_SERVER " %s 1 %Tu %Tu J%s %s%s +%s :%s",
+ sendrawto_one(cptr, MSG_SERVER " %s 1 %Tu %Tu J%s %s%s +%s6 :%s",
cli_name(&me), cli_serv(&me)->timestamp, newts,
MAJOR_PROTOCOL, NumServCap(&me),
feature_bool(FEAT_HUB) ? "h" : "", cli_info(&me));
return (IsDead(cptr)) ? 0 : 1;
}
-/*
- * close_connection
- *
- * Close the physical connection. This function must make
- * MyConnect(cptr) == FALSE, and set cptr->from == NULL.
+/** Close the physical connection. Side effects: MyConnect(cptr)
+ * becomes false and cptr->from becomes NULL.
+ * @param cptr Client to disconnect.
*/
void close_connection(struct Client *cptr)
{
ServerStats->is_sv++;
ServerStats->is_sbs += cli_sendB(cptr);
ServerStats->is_sbr += cli_receiveB(cptr);
- ServerStats->is_sks += cli_sendK(cptr);
- ServerStats->is_skr += cli_receiveK(cptr);
ServerStats->is_sti += CurrentTime - cli_firsttime(cptr);
- if (ServerStats->is_sbs > 1023) {
- ServerStats->is_sks += (ServerStats->is_sbs >> 10);
- ServerStats->is_sbs &= 0x3ff;
- }
- if (ServerStats->is_sbr > 1023) {
- ServerStats->is_skr += (ServerStats->is_sbr >> 10);
- ServerStats->is_sbr &= 0x3ff;
- }
/*
* If the connection has been up for a long amount of time, schedule
* a 'quick' reconnect, else reset the next-connect cycle.
*/
- if ((aconf = find_conf_exact(cli_name(cptr), 0, cli_sockhost(cptr), CONF_SERVER))) {
+ if ((aconf = find_conf_exact(cli_name(cptr), cptr, CONF_SERVER))) {
/*
- * Reschedule a faster reconnect, if this was a automaticly
+ * Reschedule a faster reconnect, if this was a automatically
* connected configuration entry. (Note that if we have had
* a rehash in between, the status has been changed to
* CONF_ILLEGAL). But only do this if it was a "good" link.
ServerStats->is_cl++;
ServerStats->is_cbs += cli_sendB(cptr);
ServerStats->is_cbr += cli_receiveB(cptr);
- ServerStats->is_cks += cli_sendK(cptr);
- ServerStats->is_ckr += cli_receiveK(cptr);
ServerStats->is_cti += CurrentTime - cli_firsttime(cptr);
- if (ServerStats->is_cbs > 1023) {
- ServerStats->is_cks += (ServerStats->is_cbs >> 10);
- ServerStats->is_cbs &= 0x3ff;
- }
- if (ServerStats->is_cbr > 1023) {
- ServerStats->is_ckr += (ServerStats->is_cbr >> 10);
- ServerStats->is_cbr &= 0x3ff;
- }
}
else
ServerStats->is_ni++;
+ if(cli_connect(cptr)->con_ssl) {
+ ssl_free_connection(cli_connect(cptr)->con_ssl);
+ cli_connect(cptr)->con_ssl = NULL;
+ }
+
if (-1 < cli_fd(cptr)) {
flush_connections(cptr);
LocalClientArray[cli_fd(cptr)] = 0;
socket_del(&(cli_socket(cptr))); /* queue a socket delete */
cli_fd(cptr) = -1;
}
- cli_flags(cptr) |= FLAGS_DEADSOCKET;
+ SetFlag(cptr, FLAG_DEADSOCKET);
MsgQClear(&(cli_sendQ(cptr)));
client_drop_sendq(cli_connect(cptr));
}
}
+/** Close all unregistered connections.
+ * @param source Oper who requested the close.
+ * @return Number of closed connections.
+ */
int net_close_unregistered_connections(struct Client* source)
{
int i;
return count;
}
-/*----------------------------------------------------------------------------
- * add_connection
- *
- * Creates a client which has just connected to us on the given fd.
+/** Creates a client which has just connected to us on the given fd.
* The sockhost field is initialized with the ip# of the host.
* The client is not added to the linked list of clients, it is
* passed off to the auth handler for dns and ident queries.
- *--------------------------------------------------------------------------*/
+ * @param listener Listening socket that received the connection.
+ * @param fd File descriptor of new connection.
+ */
void add_connection(struct Listener* listener, int fd) {
- struct sockaddr_in addr;
+ struct irc_sockaddr addr;
struct Client *new_client;
time_t next_target = 0;
/* 12345678901234567890123456789012345679012345678901234567890123456 */
const char* const register_message =
"ERROR :Unable to complete your registration\r\n";
-
+
assert(0 != listener);
-
/*
* Removed preliminary access check. Full check is performed in m_server and
* m_user instead. Also connection time out help to get rid of unwanted
- * connections.
+ * connections.
*/
if (!os_get_peername(fd, &addr) || !os_set_nonblocking(fd)) {
++ServerStats->is_ref;
close(fd);
return;
}
-
/*
- * Add this local client to the IPcheck registry.
- *
- * If they're throttled, murder them, but tell them why first.
+ * Disable IP (*not* TCP) options. In particular, this makes it impossible
+ * to use source routing to connect to the server. If we didn't do this
+ * (and if intermediate networks didn't drop source-routed packets), an
+ * attacker could successfully IP spoof us...and even return the anti-spoof
+ * ping, because the options would cause the packet to be routed back to
+ * the spoofer's machine. When we disable the IP options, we delete the
+ * source route, and the normal routing takes over.
*/
- if (!IPcheck_local_connect(addr.sin_addr, &next_target) && !listener->server) {
- ++ServerStats->is_ref;
- write(fd, throttle_message, strlen(throttle_message));
- close(fd);
- return;
- }
+ os_disable_options(fd);
- new_client = make_client(0, ((listener->server) ?
- STAT_UNKNOWN_SERVER : STAT_UNKNOWN_USER));
+ if (listener_server(listener))
+ {
+ new_client = make_client(0, STAT_UNKNOWN_SERVER);
+ }
+ else
+ {
+ /*
+ * Add this local client to the IPcheck registry.
+ *
+ * If they're throttled, murder them, but tell them why first.
+ */
+ if (!IPcheck_local_connect(&addr.addr, &next_target))
+ {
+ ++ServerStats->is_ref;
+ write(fd, throttle_message, strlen(throttle_message));
+ close(fd);
+ return;
+ }
+ new_client = make_client(0, STAT_UNKNOWN_USER);
+ SetIPChecked(new_client);
+ }
/*
* Copy ascii address to 'sockhost' just in case. Then we have something
- * valid to put into error messages...
+ * valid to put into error messages...
*/
- SetIPChecked(new_client);
- ircd_ntoa_r(cli_sock_ip(new_client), (const char*) &addr.sin_addr);
+ ircd_ntoa_r(cli_sock_ip(new_client), &addr.addr);
strcpy(cli_sockhost(new_client), cli_sock_ip(new_client));
- (cli_ip(new_client)).s_addr = addr.sin_addr.s_addr;
- cli_port(new_client) = ntohs(addr.sin_port);
+ memcpy(&cli_ip(new_client), &addr.addr, sizeof(cli_ip(new_client)));
if (next_target)
cli_nexttarget(new_client) = next_target;
++listener->ref_count;
Count_newunknown(UserStats);
- /* if we've made it this far we can put the client on the auth query pile */
- start_auth(new_client);
+
+ if(listener_ssl(listener)) {
+ struct Connection* con = cli_connect(new_client);
+ con->con_ssl = ssl_start_handshake_listener(listener->ssl_listener, fd, new_client, SSLData_Client);
+ unsigned int events = 0;
+ if(ssl_wantread(con->con_ssl))
+ events |= SOCK_EVENT_READABLE;
+ if(ssl_wantwrite(con->con_ssl))
+ events |= SOCK_EVENT_WRITABLE;
+ socket_events(&(cli_socket(new_client)), SOCK_ACTION_SET | events);
+ } else {
+ /* if we've made it this far we can put the client on the auth query pile */
+ start_auth(new_client);
+ }
}
-/*
- * update_write
- *
- * Determines whether to tell the events engine we're interested in
- * writable events
+/** Determines whether to tell the events engine we're interested in
+ * writable events.
+ * @param cptr Client for which to decide this.
*/
void update_write(struct Client* cptr)
{
SOCK_ACTION_ADD : SOCK_ACTION_DEL) | SOCK_EVENT_WRITABLE);
}
-/*
- * read_packet
- *
- * Read a 'packet' of data from a connection and process it. Read in 8k
- * chunks to give a better performance rating (for server connections).
- * Do some tricky stuff for client connections to make sure they don't do
- * any flooding >:-) -avalon
+/** Read a 'packet' of data from a connection and process it. Read in
+ * 8k chunks to give a better performance rating (for server
+ * connections). Do some tricky stuff for client connections to make
+ * sure they don't do any flooding >:-) -avalon
+ * @param cptr Client from which to read data.
+ * @param socket_ready If non-zero, more data can be read from the client's socket.
+ * @return Positive number on success, zero on connection-fatal failure, negative
+ * if user is killed.
*/
static int read_packet(struct Client *cptr, int socket_ready)
{
if (socket_ready &&
!(IsUser(cptr) &&
DBufLength(&(cli_recvQ(cptr))) > feature_int(FEAT_CLIENT_FLOOD))) {
- switch (os_recv_nonb(cli_fd(cptr), readbuf, sizeof(readbuf), &length)) {
+
+ /* Handle SSL Sockets
+ */
+ int recvret;
+ if(cli_connect(cptr)->con_ssl) {
+ recvret = ssl_recv_decrypt(cli_connect(cptr)->con_ssl, readbuf, sizeof(readbuf), &length);
+ } else {
+ recvret = os_recv_nonb(cli_fd(cptr), readbuf, sizeof(readbuf), &length);
+ }
+ switch (recvret) {
case IO_SUCCESS:
- if (length) {
+ if (length)
+ {
cli_lasttime(cptr) = CurrentTime;
+ ClearPingSent(cptr);
+ ClrFlag(cptr, FLAG_NONL);
if (cli_lasttime(cptr) > cli_since(cptr))
cli_since(cptr) = cli_lasttime(cptr);
- cli_flags(cptr) &= ~(FLAGS_PINGSENT | FLAGS_NONL);
}
break;
case IO_BLOCKED:
break;
case IO_FAILURE:
cli_error(cptr) = errno;
- /* cptr->flags |= FLAGS_DEADSOCKET; */
+ /* SetFlag(cptr, FLAG_DEADSOCKET); */
return 0;
}
}
-
+
/*
* For server connections, we process as many as we can without
* worrying about the time of day or anything :)
*/
- if (length > 0 && IsServer(cptr)) {
+ if (length > 0 && IsServer(cptr))
return server_dopacket(cptr, readbuf, length);
- }
- else {
+ else if (length > 0 && (IsHandshake(cptr) || IsConnecting(cptr)))
+ return connect_dopacket(cptr, readbuf, length);
+ else
+ {
/*
* Before we even think of parsing what we just read, stick
* it on the end of the receive queue and do it when its
* turn comes around.
*/
- if (length > 0 && 0 == dbuf_put(&(cli_recvQ(cptr)), readbuf, length)) {
+ if (length > 0 && dbuf_put(&(cli_recvQ(cptr)), readbuf, length) == 0)
return exit_client(cptr, cptr, &me, "dbuf_put fail");
- }
- /*
- * XXX - cptr will always be a user or unregistered
- */
- if (IsUser(cptr) &&
- DBufLength(&(cli_recvQ(cptr))) > feature_int(FEAT_CLIENT_FLOOD))
+ if (DBufLength(&(cli_recvQ(cptr))) > feature_int(FEAT_CLIENT_FLOOD))
return exit_client(cptr, cptr, &me, "Excess Flood");
while (DBufLength(&(cli_recvQ(cptr))) && !NoNewLine(cptr) &&
(IsTrusted(cptr) || cli_since(cptr) - CurrentTime < 10))
{
- /*
- * If it has become registered as a Server
- * then skip the per-message parsing below.
- */
- if (IsServer(cptr)) {
- dolen = dbuf_get(&(cli_recvQ(cptr)), readbuf, sizeof(readbuf));
- return (dolen) ? server_dopacket(cptr, readbuf, dolen) : 1;
- }
dolen = dbuf_getmsg(&(cli_recvQ(cptr)), cli_buffer(cptr), BUFSIZE);
/*
* Devious looking...whats it do ? well..if a client
* deletes the rest of the buffer contents.
* -avalon
*/
- if (0 == dolen) {
+ if (dolen == 0)
+ {
if (DBufLength(&(cli_recvQ(cptr))) < 510)
- cli_flags(cptr) |= FLAGS_NONL;
+ SetFlag(cptr, FLAG_NONL);
else
+ {
+ /* More than 512 bytes in the line - drop the input and yell
+ * at the client.
+ */
DBufClear(&(cli_recvQ(cptr)));
+ send_reply(cptr, ERR_INPUTTOOLONG);
+ }
}
- else if (CPTR_KILLED == client_dopacket(cptr, dolen))
+ else if (client_dopacket(cptr, dolen) == CPTR_KILLED)
return CPTR_KILLED;
+ /*
+ * If it has become registered as a Server
+ * then skip the per-message parsing below.
+ */
+ if (IsHandshake(cptr) || IsServer(cptr))
+ {
+ while (-1)
+ {
+ dolen = dbuf_get(&(cli_recvQ(cptr)), readbuf, sizeof(readbuf));
+ if (dolen <= 0)
+ return 1;
+ else if (dolen == 0)
+ {
+ if (DBufLength(&(cli_recvQ(cptr))) < 510)
+ SetFlag(cptr, FLAG_NONL);
+ else
+ DBufClear(&(cli_recvQ(cptr)));
+ }
+ else if ((IsServer(cptr) &&
+ server_dopacket(cptr, readbuf, dolen) == CPTR_KILLED) ||
+ (!IsServer(cptr) &&
+ connect_dopacket(cptr, readbuf, dolen) == CPTR_KILLED))
+ return CPTR_KILLED;
+ }
+ }
}
/* If there's still data to process, wait 2 seconds first */
if (DBufLength(&(cli_recvQ(cptr))) && !NoNewLine(cptr) &&
- !(cli_freeflag(cptr) & FREEFLAG_TIMER)) {
+ !t_onqueue(&(cli_proc(cptr))))
+ {
Debug((DEBUG_LIST, "Adding client process timer for %C", cptr));
cli_freeflag(cptr) |= FREEFLAG_TIMER;
timer_add(&(cli_proc(cptr)), client_timer_callback, cli_connect(cptr),
return 1;
}
-/*
- * connect_server - start or complete a connection to another server
- * returns true (1) if successful, false (0) otherwise
- *
- * aconf must point to a valid C:line
- * m_connect calls this with a valid by client and a null reply
- * try_connections calls this with a null by client, and a null reply
- * connect_dns_callback call this with a null by client, and a valid reply
- *
- * XXX - if this comes from an m_connect message and a dns query needs to
- * be done, we loose the information about who started the connection and
- * it's considered an auto connect.
+/** Start a connection to another server.
+ * @param aconf Connect block data for target server.
+ * @param by Client who requested the connection (if any).
+ * @return Non-zero on success; zero on failure.
*/
-int connect_server(struct ConfItem* aconf, struct Client* by,
- struct DNSReply* reply)
+int connect_server(struct ConfItem* aconf, struct Client* by)
{
struct Client* cptr = 0;
assert(0 != aconf);
return 0;
}
Debug((DEBUG_NOTICE, "Connect to %s[@%s]", aconf->name,
- ircd_ntoa((const char*) &aconf->ipnum)));
+ ircd_ntoa(&aconf->address.addr)));
if ((cptr = FindClient(aconf->name))) {
if (IsServer(cptr) || IsMe(cptr)) {
}
}
/*
- * If we dont know the IP# for this host and itis a hostname and
+ * If we don't know the IP# for this host and it is a hostname and
* not a ip# string, then try and find the appropriate host record.
*/
- if (INADDR_NONE == aconf->ipnum.s_addr) {
+ if (!irc_in_addr_valid(&aconf->address.addr)
+ && !ircd_aton(&aconf->address.addr, aconf->host)) {
char buf[HOSTLEN + 1];
- assert(0 == reply);
- if (INADDR_NONE == (aconf->ipnum.s_addr = inet_addr(aconf->host))) {
- struct DNSQuery query;
-
- query.vptr = aconf;
- query.callback = connect_dns_callback;
- host_from_uh(buf, aconf->host, HOSTLEN);
- buf[HOSTLEN] = '\0';
- reply = gethost_byname(buf, &query);
-
- if (!reply) {
- aconf->dns_pending = 1;
- return 0;
- }
- memcpy(&aconf->ipnum, reply->hp->h_addr, sizeof(struct in_addr));
- }
+ host_from_uh(buf, aconf->host, HOSTLEN);
+ gethost_byname(buf, connect_dns_callback, aconf);
+ aconf->dns_pending = 1;
+ return 0;
}
cptr = make_client(NULL, STAT_UNKNOWN_SERVER);
- if (reply)
- ++reply->ref_count;
- cli_dns_reply(cptr) = reply;
/*
* Copy these in so we have something for error detection.
if (!find_conf_byhost(cli_confs(cptr), aconf->host, CONF_SERVER)) {
sendto_opmask_butone(0, SNO_OLDSNO, "Host %s is not enabled for "
- "connecting: no C-line", aconf->name);
+ "connecting: no Connect block", aconf->name);
if (by && IsUser(by) && !MyUser(by)) {
sendcmdto_one(&me, CMD_NOTICE, by, "%C :Connect to host %s failed: no "
- "C-line", by, aconf->name);
+ "Connect block", by, aconf->name);
}
det_confs_butmask(cptr, 0);
free_client(cptr);
if (cli_fd(cptr) > HighestFd)
HighestFd = cli_fd(cptr);
-
LocalClientArray[cli_fd(cptr)] = cptr;
Count_newunknown(UserStats);
completed_connection(cptr) : 1;
}
-/*
- * Setup local socket structure to use for binding to.
- */
-void set_virtual_host(struct in_addr addr)
-{
- memset(&VirtualHost, 0, sizeof(VirtualHost));
- VirtualHost.sin_family = AF_INET;
- VirtualHost.sin_addr.s_addr = addr.s_addr;
-}
-
-/*
- * Find the real hostname for the host running the server (or one which
+/** Find the real hostname for the host running the server (or one which
* matches the server's name) and its primary IP#. Hostname is stored
* in the client structure passed as a pointer.
*/
SetYXXServerName(&me, conf->numeric);
}
-/*
- * Process events on a client socket
+/** Process events on a client socket.
+ * @param ev Socket event structure that has a struct Connection as
+ * its associated data.
*/
static void client_sock_callback(struct Event* ev)
{
assert(0 != ev_socket(ev));
assert(0 != s_data(ev_socket(ev)));
- con = s_data(ev_socket(ev));
+ con = (struct Connection*) s_data(ev_socket(ev));
assert(0 != con_client(con) || ev_type(ev) == ET_DESTROY);
break;
case ET_CONNECT: /* socket connection completed */
- if (!completed_connection(cptr) || IsDead(cptr))
+ if(cli_connect(cptr)->con_ssl) {
+ ssl_start_handshake_connect(cli_connect(cptr)->con_ssl);
+ }
+ else if (!completed_connection(cptr) || IsDead(cptr))
fallback = cli_info(cptr);
break;
case ET_ERROR: /* an error occurred */
fallback = cli_info(cptr);
cli_error(cptr) = ev_data(ev);
+ /* If the OS told us we have a bad file descriptor, we should
+ * record that for future reference.
+ */
+ if (cli_error(cptr) == EBADF)
+ cli_fd(cptr) = -1;
if (s_state(&(con_socket(con))) == SS_CONNECTING) {
completed_connection(cptr);
+ /* for some reason, the os_get_sockerr() in completed_connect()
+ * can return 0 even when ev_data(ev) indicates a real error, so
+ * re-assign the client error here.
+ */
+ cli_error(cptr) = ev_data(ev);
break;
}
/*FALLTHROUGH*/
case ET_EOF: /* end of file on socket */
Debug((DEBUG_ERROR, "READ ERROR: fd = %d %d", cli_fd(cptr),
cli_error(cptr)));
- cli_flags(cptr) |= FLAGS_DEADSOCKET;
+ SetFlag(cptr, FLAG_DEADSOCKET);
if ((IsServer(cptr) || IsHandshake(cptr)) && cli_error(cptr) == 0) {
exit_client_msg(cptr, cptr, &me, "Server %s closed the connection (%s)",
cli_name(cptr), cli_serv(cptr)->last_error_msg);
break;
case ET_WRITE: /* socket is writable */
- cli_flags(cptr) &= ~FLAGS_BLOCKED;
+ ClrFlag(cptr, FLAG_BLOCKED);
if (cli_listing(cptr) && MsgQLength(&(cli_sendQ(cptr))) < 2048)
- list_next_channels(cptr, 64);
+ list_next_channels(cptr);
Debug((DEBUG_SEND, "Sending queued data to %C", cptr));
send_queued(cptr);
break;
break;
default:
-#ifndef NDEBUG
- abort(); /* unrecognized event */
-#endif
+ assert(0 && "Unrecognized socket event in client_sock_callback()");
break;
}
}
}
-/*
- * Process a timer on client socket
+/** Process a timer on client socket.
+ * @param ev Timer event that has a struct Connection as its
+ * associated data.
*/
static void client_timer_callback(struct Event* ev)
{
assert(0 != t_data(ev_timer(ev)));
assert(ET_DESTROY == ev_type(ev) || ET_EXPIRE == ev_type(ev));
- con = t_data(ev_timer(ev));
+ con = (struct Connection*) t_data(ev_timer(ev));
assert(0 != con_client(con) || ev_type(ev) == ET_DESTROY);
assert(0 == cptr || con == cli_connect(cptr));
- con_freeflag(con) &= ~FREEFLAG_TIMER; /* timer has expired... */
-
if (ev_type(ev)== ET_DESTROY) {
+ con_freeflag(con) &= ~FREEFLAG_TIMER; /* timer has expired... */
+
if (!con_freeflag(con) && !cptr)
free_connection(con); /* client is being destroyed */
} else {
projects / ircu2.10.12-pk.git / blobdiff