* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
- * $Id: ssld.c 25179 2008-03-30 16:34:57Z androsyn $
+ * $Id: ssld.c 25594 2008-06-25 14:58:47Z androsyn $
*/
static inline rb_int32_t buf_to_int32(char *buf)
{
rb_int32_t x;
- x = *buf << 24;
- x |= *(++buf) << 16;
- x |= *(++buf) << 8;
- x |= *(++buf);
+ memcpy(&x, buf, sizeof(x));
return x;
}
static inline void int32_to_buf(char *buf, rb_int32_t x)
{
- *(buf) = x >> 24 & 0xFF;
- *(++buf) = x >> 16 & 0xFF;
- *(++buf) = x >> 8 & 0xFF;
- *(++buf) = x & 0xFF;
+ memcpy(buf, &x, sizeof(x));
return;
}
static inline rb_uint16_t buf_to_uint16(char *buf)
{
rb_uint16_t x;
- x = *(buf) << 8;
- x |= *(++buf);
+ memcpy(&x, buf, sizeof(x));
return x;
}
static inline void uint16_to_buf(char *buf, rb_uint16_t x)
{
- *(buf) = x >> 8 & 0xFF;
- *(++buf) = x & 0xFF;
+ memcpy(buf, &x, sizeof(x));
return;
}
-
static char inbuf[READBUF_SIZE];
+#ifdef HAVE_LIBZ
static char outbuf[READBUF_SIZE];
+#endif
typedef struct _mod_ctl_buf
{
#define FLAG_ZIP 0x02
#define FLAG_CORK 0x04
#define FLAG_DEAD 0x08
-
+#define FLAG_SSL_W_WANTS_R 0x10 /* output needs to wait until input possible */
+#define FLAG_SSL_R_WANTS_W 0x20 /* input needs to wait until output possible */
#define IsSSL(x) ((x)->flags & FLAG_SSL)
#define IsZip(x) ((x)->flags & FLAG_ZIP)
#define IsCork(x) ((x)->flags & FLAG_CORK)
#define IsDead(x) ((x)->flags & FLAG_DEAD)
+#define IsSSLWWantsR(x) ((x)->flags & FLAG_SSL_W_WANTS_R)
+#define IsSSLRWantsW(x) ((x)->flags & FLAG_SSL_R_WANTS_W)
#define SetSSL(x) ((x)->flags |= FLAG_SSL)
#define SetZip(x) ((x)->flags |= FLAG_ZIP)
#define SetCork(x) ((x)->flags |= FLAG_CORK)
#define SetDead(x) ((x)->flags |= FLAG_DEAD)
+#define SetSSLWWantsR(x) ((x)->flags |= FLAG_SSL_W_WANTS_R)
+#define SetSSLRWantsW(x) ((x)->flags |= FLAG_SSL_R_WANTS_W)
#define ClearSSL(x) ((x)->flags &= ~FLAG_SSL)
#define ClearZip(x) ((x)->flags &= ~FLAG_ZIP)
#define ClearCork(x) ((x)->flags &= ~FLAG_CORK)
#define ClearDead(x) ((x)->flags &= ~FLAG_DEAD)
+#define ClearSSLWWantsR(x) ((x)->flags &= ~FLAG_SSL_W_WANTS_R)
+#define ClearSSLRWantsW(x) ((x)->flags &= ~FLAG_SSL_R_WANTS_W)
#define NO_WAIT 0x0
#define WAIT_PLAIN 0x1
+#define HASH_WALK_SAFE(i, max, ptr, next, table) for(i = 0; i < max; i++) { RB_DLINK_FOREACH_SAFE(ptr, next, table[i].head)
+#define HASH_WALK_END }
#define CONN_HASH_SIZE 2000
#define connid_hash(x) (&connid_hash_table[(x % CONN_HASH_SIZE)])
+
+
static rb_dlink_list connid_hash_table[CONN_HASH_SIZE];
static rb_dlink_list dead_list;
+static void conn_mod_read_cb(rb_fde_t * fd, void *data);
static void conn_mod_write_sendq(rb_fde_t *, void *data);
static void conn_plain_write_sendq(rb_fde_t *, void *data);
static void mod_write_ctl(rb_fde_t *, void *data);
#else
static int zlib_ok = 0;
#endif
+
+
+#ifdef HAVE_LIBZ
static void *
ssld_alloc(void *unused, size_t count, size_t size)
{
{
rb_free(ptr);
}
+#endif
static conn_t *
conn_find_by_id(rb_int32_t id)
{
rb_free_rawbuffer(conn->modbuf_out);
rb_free_rawbuffer(conn->plainbuf_out);
+#ifdef HAVE_LIBZ
if(IsZip(conn))
{
zlib_stream_t *stream = conn->stream;
inflateEnd(&stream->instream);
deflateEnd(&stream->outstream);
}
+#endif
rb_free(conn);
}
return conn;
}
+static void
+check_handshake_flood(void *unused)
+{
+ conn_t *conn;
+ rb_dlink_node *ptr, *next;
+ unsigned int count;
+ int i;
+ HASH_WALK_SAFE(i, CONN_HASH_SIZE, ptr, next, connid_hash_table)
+ {
+ conn = ptr->data;
+ if(!IsSSL(conn))
+ continue;
+
+ count = rb_ssl_handshake_count(conn->mod_fd);
+ /* nothing needs to do this more than twice in ten seconds i don't think */
+ if(count > 2)
+ close_conn(conn, WAIT_PLAIN, "Handshake flooding");
+ else
+ rb_ssl_clear_handshake_count(conn->mod_fd);
+ }
+ HASH_WALK_END
+
+}
+
static void
conn_mod_write_sendq(rb_fde_t * fd, void *data)
{
if(IsDead(conn))
return;
+ if(IsSSLWWantsR(conn))
+ {
+ ClearSSLWWantsR(conn);
+ conn_mod_read_cb(conn->mod_fd, conn);
+ if(IsDead(conn))
+ return;
+ }
+
while ((retlen = rb_rawbuf_flush(conn->modbuf_out, fd)) > 0)
conn->mod_out += retlen;
}
if(rb_rawbuf_length(conn->modbuf_out) > 0)
{
- int flags = RB_SELECT_WRITE;
- if(retlen == RB_RW_SSL_NEED_READ)
- flags |= RB_SELECT_READ;
-
- rb_setselect(conn->mod_fd, flags, conn_mod_write_sendq, conn);
+ if(retlen != RB_RW_SSL_NEED_READ)
+ rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_write_sendq, conn);
+ else
+ {
+ rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_write_sendq, conn);
+ rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
+ SetSSLWWantsR(conn);
+ }
}
else
rb_setselect(conn->mod_fd, RB_SELECT_WRITE, NULL, NULL);
if(IsDead(conn))
return;
+ if(IsSSLRWantsW(conn))
+ {
+ ClearSSLRWantsW(conn);
+ conn_mod_write_sendq(conn->mod_fd, conn);
+ if(IsDead(conn))
+ return;
+ }
+
while (1)
{
if(IsDead(conn))
}
if(length < 0)
{
- int flags = RB_SELECT_READ;
- if(length == RB_RW_SSL_NEED_WRITE)
- flags |= RB_SELECT_WRITE;
-
- rb_setselect(conn->mod_fd, flags, conn_mod_read_cb, conn);
+ if(length != RB_RW_SSL_NEED_WRITE)
+ rb_setselect(conn->mod_fd, RB_SELECT_READ, conn_mod_read_cb, conn);
+ else
+ {
+ rb_setselect(conn->mod_fd, RB_SELECT_READ, NULL, NULL);
+ rb_setselect(conn->mod_fd, RB_SELECT_WRITE, conn_mod_read_cb, conn);
+ SetSSLRWantsW(conn);
+ }
conn_plain_write_sendq(conn->plain_fd, conn);
return;
}
#else
case 'Y':
case 'Z':
- send_nozlib_support(ctl);
+ send_nozlib_support(ctl, ctl_buf);
break;
#endif
if(s_ctlfd == NULL || s_pipe == NULL)
{
fprintf(stderr, "This is ircd-ratbox ssld. You know you aren't supposed to run me directly?\n");
- fprintf(stderr, "You get an Id tag for this: $Id: ssld.c 25179 2008-03-30 16:34:57Z androsyn $\n");
+ fprintf(stderr, "You get an Id tag for this: $Id: ssld.c 25594 2008-06-25 14:58:47Z androsyn $\n");
fprintf(stderr, "Have a nice life\n");
exit(1);
}
rb_set_nb(mod_ctl->F);
rb_set_nb(mod_ctl->F_pipe);
rb_event_addish("clean_dead_conns", clean_dead_conns, NULL, 10);
+ rb_event_add("check_handshake_flood", check_handshake_flood, NULL, 10);
read_pipe_ctl(mod_ctl->F_pipe, NULL);
mod_read_ctl(mod_ctl->F, mod_ctl);
if(!zlib_ok && !ssl_ok)