📄 connection.c
字号:
tor_assert(0);
};
#endif /* HAVE_SYS_UN_H */
/** Bind a new non-blocking socket listening to the socket described
* by <b>listensockaddr</b>.
*
* <b>address</b> is only used for logging purposes and to add the information
* to the conn.
*/
static connection_t *
connection_create_listener(struct sockaddr *listensockaddr, int type,
char* address)
{
/*XXXX021 this function should take a socklen too. */
connection_t *conn;
int s; /* the socket we're going to make */
uint16_t usePort = 0;
int start_reading = 0;
if (get_n_open_sockets() >= get_options()->_ConnLimit-1) {
int n_conns = get_n_open_sockets();
log_warn(LD_NET,"Failing because we have %d connections already. Please "
"raise your ulimit -n.", n_conns);
control_event_general_status(LOG_WARN, "TOO_MANY_CONNECTIONS CURRENT=%d",
n_conns);
return NULL;
}
if (listensockaddr->sa_family == AF_INET) {
int is_tcp = (type != CONN_TYPE_AP_DNS_LISTENER);
#ifndef MS_WINDOWS
int one=1;
#endif
if (is_tcp)
start_reading = 1;
usePort = ntohs( (uint16_t)
((struct sockaddr_in *)listensockaddr)->sin_port);
log_notice(LD_NET, "Opening %s on %s:%d",
conn_type_to_string(type), address, usePort);
s = tor_open_socket(PF_INET,
is_tcp ? SOCK_STREAM : SOCK_DGRAM,
is_tcp ? IPPROTO_TCP: IPPROTO_UDP);
if (s < 0) {
log_warn(LD_NET,"Socket creation failed.");
goto err;
}
#ifndef MS_WINDOWS
/* REUSEADDR on normal places means you can rebind to the port
* right after somebody else has let it go. But REUSEADDR on win32
* means you can bind to the port _even when somebody else
* already has it bound_. So, don't do that on Win32. */
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void*) &one,
(socklen_t)sizeof(one));
#endif
if (bind(s,listensockaddr,(socklen_t)sizeof(struct sockaddr_in)) < 0) {
const char *helpfulhint = "";
int e = tor_socket_errno(s);
if (ERRNO_IS_EADDRINUSE(e))
helpfulhint = ". Is Tor already running?";
log_warn(LD_NET, "Could not bind to %s:%u: %s%s", address, usePort,
tor_socket_strerror(e), helpfulhint);
tor_close_socket(s);
goto err;
}
if (is_tcp) {
if (listen(s,SOMAXCONN) < 0) {
log_warn(LD_NET, "Could not listen on %s:%u: %s", address, usePort,
tor_socket_strerror(tor_socket_errno(s)));
tor_close_socket(s);
goto err;
}
}
#ifdef HAVE_SYS_UN_H
} else if (listensockaddr->sa_family == AF_UNIX) {
start_reading = 1;
/* For now only control ports can be unix domain sockets
* and listeners at the same time */
tor_assert(type == CONN_TYPE_CONTROL_LISTENER);
log_notice(LD_NET, "Opening %s on %s",
conn_type_to_string(type), address);
if (unlink(address) < 0 && errno != ENOENT) {
log_warn(LD_NET, "Could not unlink %s: %s", address,
strerror(errno));
goto err;
}
s = tor_open_socket(AF_UNIX, SOCK_STREAM, 0);
if (s < 0) {
log_warn(LD_NET,"Socket creation failed: %s.", strerror(errno));
goto err;
}
if (bind(s, listensockaddr, (socklen_t)sizeof(struct sockaddr_un)) == -1) {
log_warn(LD_NET,"Bind to %s failed: %s.", address,
tor_socket_strerror(tor_socket_errno(s)));
goto err;
}
if (listen(s,SOMAXCONN) < 0) {
log_warn(LD_NET, "Could not listen on %s: %s", address,
tor_socket_strerror(tor_socket_errno(s)));
tor_close_socket(s);
goto err;
}
#endif /* HAVE_SYS_UN_H */
} else {
log_err(LD_BUG,"Got unexpected address family %d.",
listensockaddr->sa_family);
tor_assert(0);
}
set_socket_nonblocking(s);
conn = connection_new(type, listensockaddr->sa_family);
conn->socket_family = listensockaddr->sa_family;
conn->s = s;
conn->address = tor_strdup(address);
conn->port = usePort;
if (connection_add(conn) < 0) { /* no space, forget it */
log_warn(LD_NET,"connection_add for listener failed. Giving up.");
connection_free(conn);
goto err;
}
log_debug(LD_NET,"%s listening on port %u.",
conn_type_to_string(type), usePort);
conn->state = LISTENER_STATE_READY;
if (start_reading) {
connection_start_reading(conn);
} else {
tor_assert(type == CONN_TYPE_AP_DNS_LISTENER);
dnsserv_configure_listener(conn);
}
return conn;
err:
return NULL;
}
/** Do basic sanity checking on a newly received socket. Return 0
* if it looks ok, else return -1. */
static int
check_sockaddr_in(struct sockaddr *sa, int len, int level)
{
int ok = 1;
struct sockaddr_in *sin=(struct sockaddr_in*)sa;
if (len != sizeof(struct sockaddr_in)) {
log_fn(level, LD_NET, "Length of address not as expected: %d vs %d",
len,(int)sizeof(struct sockaddr_in));
ok = 0;
}
if (sa->sa_family != AF_INET) {
log_fn(level, LD_NET, "Family of address not as expected: %d vs %d",
sa->sa_family, AF_INET);
ok = 0;
}
if (sin->sin_addr.s_addr == 0 || sin->sin_port == 0) {
log_fn(level, LD_NET,
"Address for new connection has address/port equal to zero.");
ok = 0;
}
return ok ? 0 : -1;
}
/** The listener connection <b>conn</b> told poll() it wanted to read.
* Call accept() on conn-\>s, and add the new connection if necessary.
*/
static int
connection_handle_listener_read(connection_t *conn, int new_type)
{
int news; /* the new socket */
connection_t *newconn;
/* information about the remote peer when connecting to other routers */
struct sockaddr_in remote;
char addrbuf[256];
/* length of the remote address. Must be whatever accept() needs. */
socklen_t remotelen = (socklen_t)sizeof(addrbuf);
char tmpbuf[INET_NTOA_BUF_LEN];
or_options_t *options = get_options();
tor_assert((size_t)remotelen >= sizeof(struct sockaddr_in));
memset(addrbuf, 0, sizeof(addrbuf));
news = tor_accept_socket(conn->s,(struct sockaddr *)&addrbuf,&remotelen);
if (news < 0) { /* accept() error */
int e = tor_socket_errno(conn->s);
if (ERRNO_IS_ACCEPT_EAGAIN(e)) {
return 0; /* he hung up before we could accept(). that's fine. */
} else if (ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e)) {
log_notice(LD_NET,"accept failed: %s. Dropping incoming connection.",
tor_socket_strerror(e));
return 0;
}
/* else there was a real error. */
log_warn(LD_NET,"accept() failed: %s. Closing listener.",
tor_socket_strerror(e));
connection_mark_for_close(conn);
return -1;
}
log_debug(LD_NET,
"Connection accepted on socket %d (child of fd %d).",
news,conn->s);
set_socket_nonblocking(news);
if (options->ConstrainedSockets)
set_constrained_socket_buffers(news, (int)options->ConstrainedSockSize);
if (((struct sockaddr*)addrbuf)->sa_family != conn->socket_family) {
/* This is annoying, but can apparently happen on some Darwins. */
log_info(LD_BUG, "A listener connection returned a socket with a "
"mismatched family. %s for addr_family %d gave us a socket "
"with address family %d. Dropping.",
conn_type_to_string(conn->type),
(int)conn->socket_family,
(int)((struct sockaddr*)addrbuf)->sa_family);
tor_close_socket(news);
return 0;
}
if (conn->socket_family == AF_INET) {
if (check_sockaddr_in((struct sockaddr*)addrbuf, remotelen, LOG_INFO)<0) {
log_info(LD_NET,
"accept() returned a strange address; trying getsockname().");
remotelen=256;
memset(addrbuf, 0, sizeof(addrbuf));
if (getsockname(news, (struct sockaddr*)addrbuf, &remotelen)<0) {
int e = tor_socket_errno(news);
log_warn(LD_NET, "getsockname() for new connection failed: %s",
tor_socket_strerror(e));
} else {
if (check_sockaddr_in((struct sockaddr*)addrbuf, remotelen,
LOG_WARN) < 0) {
log_warn(LD_NET,"Something's wrong with this conn. Closing it.");
tor_close_socket(news);
return 0;
}
}
}
memcpy(&remote, addrbuf, sizeof(struct sockaddr_in));
/* process entrance policies here, before we even create the connection */
if (new_type == CONN_TYPE_AP) {
/* check sockspolicy to see if we should accept it */
if (socks_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) {
tor_inet_ntoa(&remote.sin_addr, tmpbuf, sizeof(tmpbuf));
log_notice(LD_APP,
"Denying socks connection from untrusted address %s.",
tmpbuf);
tor_close_socket(news);
return 0;
}
}
if (new_type == CONN_TYPE_DIR) {
/* check dirpolicy to see if we should accept it */
if (dir_policy_permits_address(ntohl(remote.sin_addr.s_addr)) == 0) {
tor_inet_ntoa(&remote.sin_addr, tmpbuf, sizeof(tmpbuf));
log_notice(LD_DIRSERV,"Denying dir connection from address %s.",
tmpbuf);
tor_close_socket(news);
return 0;
}
}
newconn = connection_new(new_type, conn->socket_family);
newconn->s = news;
/* remember the remote address */
newconn->addr = ntohl(remote.sin_addr.s_addr);
newconn->port = ntohs(remote.sin_port);
newconn->address = tor_dup_addr(newconn->addr);
} else if (conn->socket_family == AF_UNIX) {
/* For now only control ports can be unix domain sockets
* and listeners at the same time */
tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER);
newconn = connection_new(new_type, conn->socket_family);
newconn->s = news;
/* remember the remote address -- do we have anything sane to put here? */
newconn->addr = 0;
newconn->port = 1;
newconn->address = tor_strdup(conn->address);
} else {
tor_assert(0);
};
if (connection_add(newconn) < 0) { /* no space, forget it */
connection_free(newconn);
return 0; /* no need to tear down the parent */
}
if (connection_init_accepted_conn(newconn, conn->type) < 0) {
connection_mark_for_close(newconn);
return 0;
}
return 0;
}
/** Initialize states for newly accepted connection <b>conn</b>.
* If conn is an OR, start the tls handshake.
* If conn is a transparent AP, get its original destination
* and place it in circuit_wait.
*/
static int
connection_init_accepted_conn(connection_t *conn, uint8_t listener_type)
{
connection_start_reading(conn);
switch (conn->type) {
case CONN_TYPE_OR:
control_event_or_conn_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
return connection_tls_start_handshake(TO_OR_CONN(conn), 1);
case CONN_TYPE_AP:
switch (listener_type) {
case CONN_TYPE_AP_LISTENER:
conn->state = AP_CONN_STATE_SOCKS_WAIT;
break;
case CONN_TYPE_AP_TRANS_LISTENER:
conn->state = AP_CONN_STATE_CIRCUIT_WAIT;
return connection_ap_process_transparent(TO_EDGE_CONN(conn));
case CONN_TYPE_AP_NATD_LISTENER:
conn->state = AP_CONN_STATE_NATD_WAIT;
break;
}
break;
case CONN_TYPE_DIR:
conn->purpose = DIR_PURPOSE_SERVER;
conn->state = DIR_CONN_STATE_SERVER_COMMAND_WAIT;
break;
case CONN_TYPE_CONTROL:
conn->state = CONTROL_CONN_STATE_NEEDAUTH;
break;
}
return 0;
}
/** Take conn, make a nonblocking socket; try to connect to
* addr:port (they arrive in *host order*). If fail, return -1. Else
* assign s to conn-\>s: if connected return 1, if EAGAIN return 0.
*
* address is used to make the logs useful.
*
* On success, add conn to the list of polled connections.
*/
int
connection_connect(connection_t *conn, const char *address,
uint32_t addr, uint16_t port)
{
int s, inprogress = 0;
struct sockaddr_in dest_addr;
or_options_t *options = get_options();
if (get_n_open_sockets() >= get_options()->_ConnLimit-1) {
int n_conns = get_n_open_sockets();
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -