* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
- * $Id: ssld.c 25179 2008-03-30 16:34:57Z androsyn $
+ * $Id: ssld.c 25677 2008-07-06 04:21:42Z androsyn $
*/
static void setup_signals(void);
-static inline rb_int32_t buf_to_int32(char *buf)
+static inline int32_t buf_to_int32(char *buf)
{
- rb_int32_t x;
- x = *buf << 24;
- x |= *(++buf) << 16;
- x |= *(++buf) << 8;
- x |= *(++buf);
+ int32_t x;
+ memcpy(&x, buf, sizeof(x));
return x;
}
-static inline void int32_to_buf(char *buf, rb_int32_t x)
+static inline void int32_to_buf(char *buf, int32_t x)
{
- *(buf) = x >> 24 & 0xFF;
- *(++buf) = x >> 16 & 0xFF;
- *(++buf) = x >> 8 & 0xFF;
- *(++buf) = x & 0xFF;
+ memcpy(buf, &x, sizeof(x));
return;
}
-static inline rb_uint16_t buf_to_uint16(char *buf)
+static inline uint16_t buf_to_uint16(char *buf)
{
- rb_uint16_t x;
- x = *(buf) << 8;
- x |= *(++buf);
+ uint16_t x;
+ memcpy(&x, buf, sizeof(x));
return x;
}
-static inline void uint16_to_buf(char *buf, rb_uint16_t x)
+static inline void uint16_to_buf(char *buf, uint16_t x)
{
- *(buf) = x >> 8 & 0xFF;
- *(++buf) = x & 0xFF;
+ memcpy(buf, &x, sizeof(x));
return;
}
-
static char inbuf[READBUF_SIZE];
+#ifdef HAVE_LIBZ
static char outbuf[READBUF_SIZE];
+#endif
typedef struct _mod_ctl_buf
{
rawbuf_head_t *modbuf_out;
rawbuf_head_t *plainbuf_out;
- rb_int32_t id;
+ int32_t id;
rb_fde_t *mod_fd;
rb_fde_t *plain_fd;
unsigned long long mod_in;
unsigned long long plain_in;
unsigned long long plain_out;
- rb_uint8_t flags;
+ uint8_t flags;
void *stream;
} conn_t;
#define FLAG_ZIP 0x02
#define FLAG_CORK 0x04
#define FLAG_DEAD 0x08
-
+#define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
+#define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
#define IsSSL(x) ((x)->flags & FLAG_SSL)
#define IsZip(x) ((x)->flags & FLAG_ZIP)
#define IsCork(x) ((x)->flags & FLAG_CORK)
#define IsDead(x) ((x)->flags & FLAG_DEAD)
+#define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
+#define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
#define SetSSL(x) ((x)->flags |= FLAG_SSL)
#define SetZip(x) ((x)->flags |= FLAG_ZIP)
#define SetCork(x) ((x)->flags |= FLAG_CORK)
#define SetDead(x) ((x)->flags |= FLAG_DEAD)
+#define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
+#define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
#define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
#define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
#define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
#define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
+#define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
+#define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
#define NO_WAIT 0x0
#define WAIT_PLAIN 0x1
+#define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
+#define HASH_WALK_END }
#define CONN_HASH_SIZE 2000
#define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
+
+
static rb_dlink_list connid_hash_table[CONN_HASH_SIZE];
static rb_dlink_list dead_list;
+static void conn_mod_read_cb(rb_fde_t * fd, void *data);
static void conn_mod_write_sendq(rb_fde_t *, void *data);
static void conn_plain_write_sendq(rb_fde_t *, void *data);
static void mod_write_ctl(rb_fde_t *, void *data);
#else
static int zlib_ok = 0;
#endif
+
+
+#ifdef HAVE_LIBZ
static void *
ssld_alloc(void *unused, size_t count, size_t size)
{
{
rb_free(ptr);
}
+#endif
static conn_t *
-conn_find_by_id(rb_int32_t id)
+conn_find_by_id(int32_t id)
{
rb_dlink_node *ptr;
conn_t *conn;
}
static void
-conn_add_id_hash(conn_t * conn, rb_int32_t id)
+conn_add_id_hash(conn_t * conn, int32_t id)
{
conn->id = id;
rb_dlinkAdd(conn, &conn->node, connid_hash(id));
{
rb_free_rawbuffer(conn->modbuf_out);
rb_free_rawbuffer(conn->plainbuf_out);
+#ifdef HAVE_LIBZ
if(IsZip(conn))
{
zlib_stream_t *stream = conn->stream;
inflateEnd(&stream->instream);
deflateEnd(&stream->outstream);
}
+#endif
rb_free(conn);
}
return conn;
}
+static void
+check_handshake_flood(void *unused)
+{
+ conn_t *conn;
+ rb_dlink_node *ptr, *next;
+ unsigned int count;
+ int i;
+ HASH_WALK_SAFE(i, CONN_HASH_SIZE, ptr, next, connid_hash_table)
+ {
+ conn = ptr->data;
+ if(!IsSSL(conn))
+ continue;
+
+ count = rb_ssl_handshake_count(conn->mod_fd);
+ /* nothing needs to do this more than twice in ten seconds i don't think */
+ if(count > 2)
+ close_conn(conn, WAIT_PLAIN, "Handshake flooding");
+ else
+ rb_ssl_clear_handshake_count(conn->mod_fd);
+ }
+ HASH_WALK_END
+
+}
+
static void
conn_mod_write_sendq(rb_fde_t * fd, void *data)
{
if(IsDead(conn))
return;
+ if(IsSSLWWantsR(conn))
+ {
+ ClearSSLWWantsR(conn);
+ conn_mod_read_cb(conn->mod_fd, conn);
+ if(IsDead(conn))
+ return;
+ }
+
while ((retlen = rb_rawbuf_flush(conn->modbuf_out, fd)) > 0)
conn->mod_out += retlen;
}
if(rb_rawbuf_length(conn->modbuf_out) > 0)
{
- int flags = RB_SELECT_WRITE;
- if(retlen == RB_RW_SSL_NEED_READ)
- flags |= RB_SELECT_READ;
-
- rb_setselect(conn->mod_fd, flags, conn_mod_write_sendq, conn);
+ if(retlen != RB_RW_SSL_NEED_READ)
+ rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_write_sendq, conn);
+ else
+ {
+ rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_write_sendq, conn);
+ rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
+ SetSSLWWantsR(conn);
+ }
}
else
rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
if(IsDead(conn))
return;
+ if(IsSSLRWantsW(conn))
+ {
+ ClearSSLRWantsW(conn);
+ conn_mod_write_sendq(conn->mod_fd, conn);
+ if(IsDead(conn))
+ return;
+ }
+
while (1)
{
if(IsDead(conn))
}
if(length < 0)
{
- int flags = RB_SELECT_READ;
- if(length == RB_RW_SSL_NEED_WRITE)
- flags |= RB_SELECT_WRITE;
-
- rb_setselect(conn->mod_fd, flags, conn_mod_read_cb, conn);
+ if(length != RB_RW_SSL_NEED_WRITE)
+ rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_read_cb, conn);
+ else
+ {
+ rb_setselect(conn->mod_fd, RB_SELECT_READ, NULL, NULL);
+ rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_read_cb, conn);
+ SetSSLRWantsW(conn);
+ }
conn_plain_write_sendq(conn->plain_fd, conn);
return;
}
conn_plain_read_cb(conn->plain_fd, conn);
return;
}
+ /* ircd doesn't care about the reason for this */
close_conn(conn, NO_WAIT, 0);
return;
}
{
conn_mod_read_cb(conn->mod_fd, conn);
conn_plain_read_cb(conn->plain_fd, conn);
- return;
}
- close_conn(conn, NO_WAIT, 0);
- return;
+ else if(status == RB_ERR_TIMEOUT)
+ close_conn(conn, WAIT_PLAIN, "SSL handshake timed out");
+ else if(status == RB_ERROR_SSL)
+ close_conn(conn, WAIT_PLAIN, "%s", rb_get_ssl_strerror(conn->mod_fd));
+ else
+ close_conn(conn, WAIT_PLAIN, "SSL handshake failed");
}
ssl_process_accept(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
{
conn_t *conn;
- rb_int32_t id;
+ int32_t id;
conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
ssl_process_connect(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
{
conn_t *conn;
- rb_int32_t id;
+ int32_t id;
conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
id = buf_to_int32(&ctlb->buf[1]);
char outstat[512];
conn_t *conn;
const char *odata;
- rb_int32_t id;
+ int32_t id;
id = buf_to_int32(&ctlb->buf[1]);
static void
zlib_process(mod_ctl_t * ctl, mod_ctl_buf_t * ctlb)
{
- rb_uint8_t level;
+ uint8_t level;
size_t recvqlen;
- size_t hdr = (sizeof(rb_uint8_t) * 2) + sizeof(rb_int32_t);
+ size_t hdr = (sizeof(uint8_t) * 2) + sizeof(int32_t);
void *recvq_start;
z_stream *instream, *outstream;
conn_t *conn;
- rb_int32_t id;
+ int32_t id;
conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
if(rb_get_type(conn->mod_fd) == RB_FD_UNKNOWN)
id = buf_to_int32(&ctlb->buf[1]);
conn_add_id_hash(conn, id);
- level = (rb_uint8_t) ctlb->buf[5];
+ level = (uint8_t) ctlb->buf[5];
recvqlen = ctlb->buflen - hdr;
recvq_start = &ctlb->buf[6];
{
static const char *nossl_cmd = "N";
conn_t *conn;
- rb_int32_t id;
+ int32_t id;
if(ctlb != NULL)
{
{
static const char *nozlib_cmd = "z";
conn_t *conn;
- rb_int32_t id;
+ int32_t id;
if(ctlb != NULL)
{
conn = make_conn(ctl, ctlb->F[0], ctlb->F[1]);
#else
case 'Y':
case 'Z':
- send_nozlib_support(ctl);
+ send_nozlib_support(ctl, ctl_buf);
break;
#endif
if(s_ctlfd == NULL || s_pipe == NULL)
{
fprintf(stderr, "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n");
- fprintf(stderr, "You get an Id tag for this: $Id: ssld.c 25179 2008-03-30 16:34:57Z androsyn $\n");
+ fprintf(stderr, "You get an Id tag for this: $Id: ssld.c 25677 2008-07-06 04:21:42Z androsyn $\n");
fprintf(stderr, "Have a nice life\n");
exit(1);
}
rb_set_nb(mod_ctl->F);
rb_set_nb(mod_ctl->F_pipe);
rb_event_addish("clean_dead_conns", clean_dead_conns, NULL, 10);
+ rb_event_add("check_handshake_flood", check_handshake_flood, NULL, 10);
read_pipe_ctl(mod_ctl->F_pipe, NULL);
mod_read_ctl(mod_ctl->F, mod_ctl);
if(!zlib_ok && !ssl_ok)
projects / irc / rqf / shadowircd.git / blobdiff