manage TFO already done in connect call

2025-04-13 07:37:15 +03:00 · 2019-03-10 09:53:52 +01:00 · 2019-03-10 09:53:52 +01:00 · b0c3c8fdbc
commit b0c3c8fdbc
parent 15f733e572
4 changed files with 21 additions and 11 deletions
--- a/common.c
+++ b/common.c
@ -278,9 +278,8 @@ int connect_addr(struct connection *cnx, int fd_from)
                        cnx->proto->name, strerror(errno));
        } else {
            one = 1;
-            // indicate desire to use TCP Fast Open
            setsockopt(fd, IPPROTO_TCP, TCP_FASTOPEN_CONNECT, &one, sizeof(one));
-            // no need to check return value; if it's not supported, that's okay
+            /* no need to check return value; if it's not supported, that's okay */

            if (cfg.transparent) {
                res = bind_peer(fd, fd_from);
@ -288,9 +287,16 @@ int connect_addr(struct connection *cnx, int fd_from)
            }
            res = connect(fd, a->ai_addr, a->ai_addrlen);
            if (res == -1) {
-                log_message(LOG_ERR, "forward to %s failed:connect: %s\n",
-                            cnx->proto->name, strerror(errno));
-                close(fd);
+                switch (errno) {
+                case EINPROGRESS: 
+                    /* Can't be done yet, or TFO already done */
+                    break;
+
+                default:
+                    log_message(LOG_ERR, "forward to %s failed:connect: %s\n",
+                                cnx->proto->name, strerror(errno));
+                    close(fd);
+                }
            } else {
                if (cnx->proto->keepalive) {
                    res = setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char*)&one, sizeof(one));
--- a/sslh-conf.c
+++ b/sslh-conf.c
@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Mar 10 09:37:57 2019. */
+ * on Sun Mar 10 09:52:17 2019. */

 #define _GNU_SOURCE
 #include <string.h>
@ -655,6 +655,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) {
        group->port = calloc(1, param_len + 1);
        memcpy(group->port, sslhcfg_ssh->sval [cl_i]+pmatch[2].rm_so, param_len);
 	group->fork = *((char*)"1") - '0';
+	group->tfo_ok = *((char*)"1") - '0';
    }
 #define MAX_MATCH 10
    for (cl_i = 0; cl_i < sslhcfg_tls->count; cl_i++) {
@ -704,6 +705,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) {
        param_len = pmatch[2].rm_eo - pmatch[2].rm_so;
        group->port = calloc(1, param_len + 1);
        memcpy(group->port, sslhcfg_tls->sval [cl_i]+pmatch[2].rm_so, param_len);
+	group->tfo_ok = *((char*)"1") - '0';
    }
 #define MAX_MATCH 10
    for (cl_i = 0; cl_i < sslhcfg_openvpn->count; cl_i++) {
@ -753,6 +755,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) {
        param_len = pmatch[2].rm_eo - pmatch[2].rm_so;
        group->port = calloc(1, param_len + 1);
        memcpy(group->port, sslhcfg_openvpn->sval [cl_i]+pmatch[2].rm_so, param_len);
+	group->tfo_ok = *((char*)"1") - '0';
    }
 #define MAX_MATCH 10
    for (cl_i = 0; cl_i < sslhcfg_tinc->count; cl_i++) {
@ -802,6 +805,7 @@ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) {
        param_len = pmatch[2].rm_eo - pmatch[2].rm_so;
        group->port = calloc(1, param_len + 1);
        memcpy(group->port, sslhcfg_tinc->sval [cl_i]+pmatch[2].rm_so, param_len);
+	group->tfo_ok = *((char*)"1") - '0';
    }
 #define MAX_MATCH 10
    for (cl_i = 0; cl_i < sslhcfg_xmpp->count; cl_i++) {
--- a/sslh-conf.h
+++ b/sslh-conf.h
@ -1,5 +1,5 @@
 /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README)
- * on Sun Mar 10 09:37:57 2019. */
+ * on Sun Mar 10 09:52:17 2019. */
 
 #ifndef C2S_SSLHCFG_H
 #define C2S_SSLHCFG_H
--- a/sslhconf.cfg
+++ b/sslhconf.cfg
@ -120,7 +120,7 @@ cl_groups: (
        { path: "name"; value: "ssh" },
        { path: "host"; value: "$1" },
        { path: "port"; value: "$2" },
-        { path: "fork"; value: 1 }
+        { path: "fork"; value: 1 },
        { path: "tfo_ok"; value: 1 }
        );
    },
@ -131,7 +131,7 @@ cl_groups: (
        targets: (
        { path: "name"; value: "tls" },
        { path: "host"; value: "$1" },
-        { path: "port"; value: "$2" }
+        { path: "port"; value: "$2" },
        { path: "tfo_ok"; value: 1 }
        );
    },
@ -142,7 +142,7 @@ cl_groups: (
        targets: (
        { path: "name"; value: "openvpn" },
        { path: "host"; value: "$1" },
-        { path: "port"; value: "$2" }
+        { path: "port"; value: "$2" },
        { path: "tfo_ok"; value: 1 }
        );
    },
@ -153,7 +153,7 @@ cl_groups: (
        targets: (
        { path: "name"; value: "openvpn" },
        { path: "host"; value: "$1" },
-        { path: "port"; value: "$2" }
+        { path: "port"; value: "$2" },
        { path: "tfo_ok"; value: 1 }
        );
    },