third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-12 15:17:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

reinstate checking of FD_SETSIZE for sslh-select

Browse Source
This commit is contained in:
yrutschle 2022-05-22 22:32:22 +02:00
parent 82aeedefcd
commit 750e828d49
6 changed files with 42 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
processes.c
View File

@ -42,6 +42,13 @@ int tidy_connection(struct connection *cnx, struct loop_info* fd_info)
free(cnx->q[i].deferred_data); free(cnx->q[i].deferred_data);
} }
} }
if (cnx->type == SOCK_DGRAM)
udp_tidy(cnx, fd_info);
if (gap_remove_ptr(fd_info->probing_list, cnx, fd_info->num_probing) != -1)
fd_info->num_probing--;
collection_remove_cnx(fd_info->collection, cnx); collection_remove_cnx(fd_info->collection, cnx);
return 0; return 0;
} }
@ -73,28 +80,24 @@ void cnx_read_process(struct loop_info* fd_info, int fd)
/* Process a connection that accepts a socket /* Process a connection that accepts a socket
* (For UDP, this means all traffic coming from remote clients) * (For UDP, this means all traffic coming from remote clients)
* Returns new file descriptor, or -1 * Returns new connection object, or NULL
* */ * */
int cnx_accept_process(struct loop_info* fd_info, struct listen_endpoint* listen_socket) struct connection* cnx_accept_process(struct loop_info* fd_info, struct listen_endpoint* listen_socket)
{ {
int fd = listen_socket->socketfd; int fd = listen_socket->socketfd;
int type = listen_socket->type; int type = listen_socket->type;
struct connection* cnx; struct connection* cnx;
int new_fd = -1;
switch (type) { switch (type) {
case SOCK_STREAM: case SOCK_STREAM:
cnx = accept_new_connection(fd, fd_info); cnx = accept_new_connection(fd, fd_info);
if (!cnx) return -1; if (!cnx) return NULL;
new_fd = cnx->q[0].fd;
break; break;
case SOCK_DGRAM: case SOCK_DGRAM:
new_fd = udp_c2s_forward(fd, fd_info); cnx = udp_c2s_forward(fd, fd_info);
print_message(msg_fd, "new_fd %d\n", new_fd); if (!cnx) return NULL;
if (new_fd == -1)
return -1;
break; break;
default: default:
@ -102,8 +105,9 @@ int cnx_accept_process(struct loop_info* fd_info, struct listen_endpoint* listen
exit(1); exit(1);
} }
int new_fd = cnx->q[0].fd;
watchers_add_read(fd_info->watchers, new_fd); watchers_add_read(fd_info->watchers, new_fd);
return new_fd; return cnx;
} }

2
processes.h
View File

@ -27,7 +27,7 @@ struct loop_info {
}; };
void cnx_read_process(struct loop_info* fd_info, int fd); void cnx_read_process(struct loop_info* fd_info, int fd);
int cnx_accept_process(struct loop_info* fd_info, struct listen_endpoint* listen_socket); struct connection* cnx_accept_process(struct loop_info* fd_info, struct listen_endpoint* listen_socket);
int tidy_connection(struct connection *cnx, struct loop_info* fd_info); int tidy_connection(struct connection *cnx, struct loop_info* fd_info);

13
sslh-select.c
View File

@ -92,14 +92,12 @@ void watchers_del_write(watchers* w, int fd)
/* if fd becomes higher than FD_SETSIZE, things won't work so well with FD_SET /* if fd becomes higher than FD_SETSIZE, things won't work so well with FD_SET
* and FD_CLR. Need to drop connections if we go above that limit */ * and FD_CLR. Need to drop connections if we go above that limit */
#warning strange things will happen if more than FD_SETSIZE descriptors are used static int fd_out_of_range(int fd) {
/* This test is currently not done */
static int fd_is_in_range(int fd) {
if (fd >= FD_SETSIZE) { if (fd >= FD_SETSIZE) {
print_message(msg_system_error, "too many open file descriptor to monitor them all -- dropping connection\n"); print_message(msg_system_error, "too many open file descriptor to monitor them all -- dropping connection\n");
return 0; return 1;
} }
return 1; return 0;
} }
@ -155,7 +153,10 @@ void main_loop(struct listen_endpoint listen_sockets[], int num_addr_listen)
/* Check main socket for new connections */ /* Check main socket for new connections */
for (i = 0; i < num_addr_listen; i++) { for (i = 0; i < num_addr_listen; i++) {
if (FD_ISSET(listen_sockets[i].socketfd, &readfds)) { if (FD_ISSET(listen_sockets[i].socketfd, &readfds)) {
cnx_accept_process(&fd_info, &listen_sockets[i]); struct connection* new_cnx = cnx_accept_process(&fd_info, &listen_sockets[i]);
if (fd_out_of_range(new_cnx->q[0].fd))
tidy_connection(new_cnx, &fd_info);
/* don't also process it as a read socket */ /* don't also process it as a read socket */
FD_CLR(listen_sockets[i].socketfd, &readfds); FD_CLR(listen_sockets[i].socketfd, &readfds);

4
test.cfg
View File

@ -19,9 +19,9 @@ verbose-config-error: 1; # print configuration errors
verbose-connections: 1; # trace established incoming address to forward address verbose-connections: 1; # trace established incoming address to forward address
verbose-connections-error: 1; # connection errors verbose-connections-error: 1; # connection errors
verbose-connections-try: 1; # connection attempts towards targets verbose-connections-try: 1; # connection attempts towards targets
verbose-fd: 1; # file descriptor activity, open/close/whatnot verbose-fd: 0; # file descriptor activity, open/close/whatnot
verbose-packets: 1; # hexdump packets on which probing is done verbose-packets: 1; # hexdump packets on which probing is done
verbose-probe-info: 1; # what's happening during the probe process verbose-probe-info: 0; # what's happening during the probe process
verbose-probe-error: 1; # failures and problems during probing verbose-probe-error: 1; # failures and problems during probing
verbose-system-error: 1; # system call problem, i.e. malloc, fork, failing verbose-system-error: 1; # system call problem, i.e. malloc, fork, failing
verbose-int-error: 1; # internal errors, the kind that should never happen verbose-int-error: 1; # internal errors, the kind that should never happen

27
udp-listener.c
View File

@ -173,9 +173,6 @@ void udp_timeouts(struct loop_info* fd_info)
struct connection *cnx = cfg.protocols[i].timeouts.head; struct connection *cnx = cfg.protocols[i].timeouts.head;
while (cnx && (now - cnx->last_active > cfg.protocols[i].udp_timeout)) { while (cnx && (now - cnx->last_active > cfg.protocols[i].udp_timeout)) {
print_message(msg_fd, "timed out UDP %d\n", cnx->target_sock); print_message(msg_fd, "timed out UDP %d\n", cnx->target_sock);
close(cnx->target_sock);
hash_remove(fd_info->hash_sources, cnx);
list_remove(&cnx->proto->timeouts, cnx);
tidy_connection(cnx, fd_info); tidy_connection(cnx, fd_info);
cnx = cfg.protocols[i].timeouts.head; cnx = cfg.protocols[i].timeouts.head;
@ -183,6 +180,12 @@ void udp_timeouts(struct loop_info* fd_info)
} }
} }
void udp_tidy(struct connection* cnx, struct loop_info* fd_info)
{
close(cnx->target_sock);
hash_remove(fd_info->hash_sources, cnx);
list_remove(&cnx->proto->timeouts, cnx);
}
/* Mark the connection was active */ /* Mark the connection was active */
static void mark_active(struct connection* cnx) static void mark_active(struct connection* cnx)
@ -198,10 +201,10 @@ static void mark_active(struct connection* cnx)
/* Process UDP coming from outside (client towards server) /* Process UDP coming from outside (client towards server)
* If it's a new source, probe; otherwise, forward to previous target * If it's a new source, probe; otherwise, forward to previous target
* Returns: >= 0 sockfd of newly allocated socket, for new connections * Returns: newly allocate connections, for new connections
* -1 otherwise * NULL otherwise
* */ * */
int udp_c2s_forward(int sockfd, struct loop_info* fd_info) struct connection* udp_c2s_forward(int sockfd, struct loop_info* fd_info)
{ {
char addr_str[NI_MAXHOST+1+NI_MAXSERV+1]; char addr_str[NI_MAXHOST+1+NI_MAXSERV+1];
struct sockaddr src_addr; struct sockaddr src_addr;
@ -223,7 +226,7 @@ int udp_c2s_forward(int sockfd, struct loop_info* fd_info)
len = recvfrom(sockfd, data, sizeof(data), 0, &src_addr, &addrlen); len = recvfrom(sockfd, data, sizeof(data), 0, &src_addr, &addrlen);
if (len < 0) { if (len < 0) {
perror("recvfrom"); perror("recvfrom");
return -1; return NULL;
} }
target = known_source(fd_info->hash_sources, &src_addr, addrlen); target = known_source(fd_info->hash_sources, &src_addr, addrlen);
addrinfo.ai_addr = &src_addr; addrinfo.ai_addr = &src_addr;
@ -238,14 +241,14 @@ int udp_c2s_forward(int sockfd, struct loop_info* fd_info)
* run probes on packet sets */ * run probes on packet sets */
print_message(msg_probe_info, "UDP probed: %d\n", res); print_message(msg_probe_info, "UDP probed: %d\n", res);
if (res != PROBE_MATCH) { if (res != PROBE_MATCH) {
return -1; return NULL;
} }
out = socket(proto->saddr->ai_family, SOCK_DGRAM, 0); out = socket(proto->saddr->ai_family, SOCK_DGRAM, 0);
res = set_nonblock(out); res = set_nonblock(out);
CHECK_RES_RETURN(res, "udp:socket:nonblock", -1); CHECK_RES_RETURN(res, "udp:socket:nonblock", NULL);
struct connection* cnx = collection_alloc_cnx_from_fd(collection, out); struct connection* cnx = collection_alloc_cnx_from_fd(collection, out);
if (!cnx) return -1; if (!cnx) return NULL;
target = out; target = out;
cnx->target_sock = out; cnx->target_sock = out;
cnx->proto = proto; cnx->proto = proto;
@ -258,7 +261,7 @@ int udp_c2s_forward(int sockfd, struct loop_info* fd_info)
if (res == -1) { if (res == -1) {
print_message(msg_connections_error, "Out of hash space for new incoming UDP connection -- increaѕe udp_max_connections"); print_message(msg_connections_error, "Out of hash space for new incoming UDP connection -- increaѕe udp_max_connections");
collection_remove_cnx(collection, cnx); collection_remove_cnx(collection, cnx);
return -1; return NULL;
} }
} }
cnx = collection_get_cnx_from_fd(collection, target); cnx = collection_get_cnx_from_fd(collection, target);
@ -270,7 +273,7 @@ int udp_c2s_forward(int sockfd, struct loop_info* fd_info)
print_message(msg_fd, "sending %d to %s\n", print_message(msg_fd, "sending %d to %s\n",
res, sprintaddr(data, sizeof(data), cnx->proto->saddr)); res, sprintaddr(data, sizeof(data), cnx->proto->saddr));
return out; return cnx;
} }
void udp_s2c_forward(struct connection* cnx) void udp_s2c_forward(struct connection* cnx)

5
udp-listener.h
View File

@ -14,15 +14,16 @@ void udp_listener(struct listen_endpoint* endpoint, int num_endpoints, int activ
/* Process UDP coming from outside (client towards server) /* Process UDP coming from outside (client towards server)
* If it's a new source, probe; otherwise, forward to previous target * If it's a new source, probe; otherwise, forward to previous target
* Returns: >= 0 sockfd of newly allocated socket, for new connections * Returns: newly allocate connections, for new connections
* -1 otherwise * -1 otherwise
* */ * */
int udp_c2s_forward(int sockfd, struct loop_info* fd_info); struct connection* udp_c2s_forward(int sockfd, struct loop_info* fd_info);
/* Process UDP coming from inside (server towards client) */ /* Process UDP coming from inside (server towards client) */
void udp_s2c_forward(struct connection* cnx); void udp_s2c_forward(struct connection* cnx);
void udp_init(struct loop_info* fd_info); void udp_init(struct loop_info* fd_info);
void udp_tidy(struct connection* cnx, struct loop_info* fd_info);
#endif /* UDPLISTENER_H */ #endif /* UDPLISTENER_H */