int make_uplink(struct uplink_config_t *l)
{
int fd, i, addrc, arg;
int uplink_index;
union sockaddr_u sa; /* large enough for also IPv6 address */
socklen_t addr_len;
struct addrinfo *ai, *a, *ap[21];
struct addrinfo req;
char *addr_s = NULL;
int port;
struct sockaddr *srcaddr;
socklen_t srcaddr_len;
memset(&req, 0, sizeof(req));
req.ai_family = 0;
req.ai_socktype = SOCK_STREAM;
req.ai_protocol = IPPROTO_TCP;
req.ai_flags = AI_ADDRCONFIG;
ai = NULL;
#ifdef USE_SSL
/* SSL requires both a cert and a key, or none at all */
if ((l->certfile && !l->keyfile) || (l->keyfile && !l->certfile)) {
hlog(LOG_ERR, "Uplink %s: Only one of sslkey and sslcert defined - both needed for SSL authentication", l->name);
return -2;
}
/* todo: allow triggering SSL without client auth */
if (l->keyfile && l->certfile) {
if (!l->ssl) {
if (config_uplink_ssl_setup(l)) {
hlog(LOG_ERR, "Uplink '%s': SSL setup failed", l->name);
return -2;
}
}
}
#endif
/* find a free uplink slot */
for (uplink_index = 0; uplink_index < MAX_UPLINKS; uplink_index++) {
if (!uplink_client[uplink_index])
break;
}
if (uplink_index == MAX_UPLINKS) {
hlog(LOG_ERR, "Uplink %s: No available uplink slots, %d used", l->name, MAX_UPLINKS);
return -2;
}
if (strcasecmp(l->proto, "tcp") == 0) {
// well, do nothing for now.
} else if (strcasecmp(l->proto, "udp") == 0) {
req.ai_socktype = SOCK_DGRAM;
req.ai_protocol = IPPROTO_UDP;
#ifdef USE_SCTP
} else if (strcasecmp(l->proto, "sctp") == 0) {
req.ai_socktype = SOCK_STREAM;
req.ai_protocol = IPPROTO_SCTP;
#endif
} else {
hlog(LOG_ERR, "Uplink %s: Unsupported protocol '%s'\n", l->name, l->proto);
return -2;
}
port = atoi(l->port);
if (port < 1 || port > 65535) {
hlog(LOG_ERR, "Uplink %s: unsupported port number '%s'\n", l->name, l->port);
return -2;
}
l->state = UPLINK_ST_CONNECTING;
i = getaddrinfo(l->host, l->port, &req, &ai);
if (i != 0) {
hlog(LOG_INFO, "Uplink %s: address resolving failure of '%s' '%s': %s", l->name, l->host, l->port, gai_strerror(i));
l->state = UPLINK_ST_NOT_LINKED;
return -2;
}
/* Count the amount of addresses in response */
addrc = 0;
for (a = ai; a && addrc < 20 ; a = a->ai_next, ++addrc) {
ap[addrc] = a; /* Up to 20 first addresses */
}
ap[addrc] = NULL;
if (addrc == 0) {
hlog(LOG_INFO, "Uplink %s: address resolving of '%s' '%s': returned 0 addresses", l->name, l->host, l->port);
l->state = UPLINK_ST_NOT_LINKED;
return -2;
}
/* Pick random address to start from */
i = random() % addrc;
/* Then lets try making socket and connection in address order */
/* TODO: BUG: If the TCP connection succeeds, but the server rejects our
* login due to a bad source address (like, IPv4 would be allowed but our
* IPv6 address is not in the server's ACL), this currently does not switch
* to the next destination address.
* Instead it'll wait for the retry timer and then try a random
* destination address, and eventually succeed (unless very unlucky).
*/
fd = -1;
while ((a = ap[i])) {
ap[i] = NULL;
addr_s = strsockaddr(a->ai_addr, a->ai_addrlen);
hlog(LOG_INFO, "Uplink %s: Connecting to %s:%s (%s) [link %d, addr %d/%d]",
l->name, l->host, l->port, addr_s, uplink_index, i+1, addrc);
i++;
if (i == addrc)
i = 0;
if ((fd = socket(a->ai_family, a->ai_socktype, a->ai_protocol)) < 0) {
hlog(LOG_CRIT, "Uplink %s: socket(): %s\n", l->name, strerror(errno));
hfree(addr_s);
continue;
}
arg = 1;
if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&arg, sizeof(arg)))
hlog(LOG_ERR, "Uplink %s: Failed to set SO_REUSEADDR on new socket: %s", l->name, strerror(errno));
/* bind source address */
srcaddr_len = 0;
if (a->ai_family == AF_INET && uplink_bind_v4_len != 0) {
srcaddr = (struct sockaddr *)&uplink_bind_v4;
srcaddr_len = uplink_bind_v4_len;
} else if (a->ai_family == AF_INET6 && uplink_bind_v6_len != 0) {
srcaddr = (struct sockaddr *)&uplink_bind_v6;
srcaddr_len = uplink_bind_v6_len;
}
if (srcaddr_len) {
if (bind(fd, srcaddr, srcaddr_len)) {
char *s = strsockaddr(srcaddr, srcaddr_len);
hlog(LOG_ERR, "Uplink %s: Failed to bind source address '%s': %s", l->name, s, strerror(errno));
hfree(s);
goto connerr;
}
}
/* set non-blocking mode at this point, so that we can make a
* non-blocking connect() with a short timeout
*/
if (fcntl(fd, F_SETFL, O_NONBLOCK)) {
hlog(LOG_CRIT, "Uplink %s: Failed to set non-blocking mode on new socket: %s", l->name, strerror(errno));
goto connerr;
}
/* Use TCP_NODELAY for APRS-IS sockets. High delays can cause packets getting past
* the dupe filters.
*/
#ifdef TCP_NODELAY
if (a->ai_protocol == IPPROTO_TCP) {
int arg = 1;
if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (void *)&arg, sizeof(arg)))
hlog(LOG_ERR, "Uplink %s: %s: setsockopt(TCP_NODELAY, %d) failed: %s", l->name, addr_s, arg, strerror(errno));
}
#endif
if (connect(fd, a->ai_addr, a->ai_addrlen) && errno != EINPROGRESS) {
hlog(LOG_ERR, "Uplink %s: connect(%s) failed: %s", l->name, addr_s, strerror(errno));
goto connerr;
}
/* Only wait a few seconds for the connection to be created.
* If the connection setup is very slow, it is unlikely to
* perform well enough anyway.
*/
struct pollfd connect_fd;
connect_fd.fd = fd;
connect_fd.events = POLLOUT;
connect_fd.revents = 0;
int r = poll(&connect_fd, 1, 3000);
hlog(LOG_DEBUG, "Uplink %s: poll after connect returned %d, revents %d", l->name, r, connect_fd.revents);
if (r < 0) {
hlog(LOG_ERR, "Uplink %s: connect to %s: poll failed: %s", l->name, addr_s, strerror(errno));
goto connerr;
}
if (r < 1) {
hlog(LOG_ERR, "Uplink %s: connect to %s timed out", l->name, addr_s);
goto connerr;
}
socklen_t optlen = sizeof(arg);
if (getsockopt(fd, SOL_SOCKET, SO_ERROR, (char *)&arg, &optlen) == -1) {
hlog(LOG_ERR, "Uplink %s: getsockopt() after connect failed: %s", l->name, strerror(errno));
goto connerr;
} else if (arg == 0) {
/* Successful connect! */
hlog(LOG_DEBUG, "Uplink %s: successful connect", l->name);
break;
}
hlog(LOG_ERR, "Uplink %s: connect to %s failed: %s", l->name, addr_s, strerror(arg));
connerr:
close(fd);
fd = -1;
hfree(addr_s);
}
freeaddrinfo(ai); /* Not needed anymore.. */
if (fd < 0) {
l->state = UPLINK_ST_NOT_LINKED;
return -3; /* No successfull connection at any address.. */
}
struct client_t *c = client_alloc();
if (!c) {
hlog(LOG_ERR, "Uplink %s: client_alloc() failed, too many clients", l->name);
close(fd);
l->state = UPLINK_ST_NOT_LINKED;
return -3; /* No successfull connection at any address.. */
}
l->client_ptr = (void *)c;
c->uplink_index = uplink_index;
c->fd = fd;
c->addr = sa;
c->ai_protocol = req.ai_protocol;
c->state = CSTATE_INIT;
/* use the default login handler */
c->handler_line_in = &uplink_login_handler;
c->flags = l->client_flags;
c->keepalive = tick;
c->last_read = tick;
c->connect_time = now;
strncpy(c->username, l->name, sizeof(c->username));
c->username[sizeof(c->username)-1] = 0;
c->username_len = strlen(c->username);
/* These peer/sock name calls can not fail -- or the socket closed
on us in which case it gets abandoned a bit further below. */
addr_len = sizeof(sa);
getpeername(fd, (struct sockaddr *)&sa, &addr_len);
//s = strsockaddr( &sa.sa, addr_len ); /* server side address */
strncpy(c->addr_rem, addr_s, sizeof(c->addr_rem));
c->addr_rem[sizeof(c->addr_rem)-1] = 0;
hfree(addr_s);
/* hex format of client's IP address + port */
char *s = hexsockaddr( &sa.sa, addr_len );
strncpy(c->addr_hex, s, sizeof(c->addr_hex));
c->addr_hex[sizeof(c->addr_hex)-1] = 0;
hfree(s);
addr_len = sizeof(sa);
getsockname(fd, (struct sockaddr *)&sa, &addr_len);
s = strsockaddr( &sa.sa, addr_len ); /* client side address */
strncpy(c->addr_loc, s, sizeof(c->addr_loc));
c->addr_loc[sizeof(c->addr_loc)-1] = 0;
hfree(s);
hlog(LOG_INFO, "Uplink %s: %s: Connection established on fd %d using source address %s", l->name, c->addr_rem, c->fd, c->addr_loc);
if (set_client_sockopt(c) < 0)
goto err;
uplink_client[uplink_index] = c;
l->state = UPLINK_ST_CONNECTED;
/* set up SSL if necessary */
#ifdef USE_SSL
if (l->ssl) {
if (ssl_create_connection(l->ssl, c, 1))
goto err;
}
#endif
/* Push it on the first worker, which ever it is..
*/
if (pass_client_to_worker(worker_threads, c))
goto err;
if ((i = pthread_mutex_lock(& uplink_connects.mutex )))
hlog(LOG_ERR, "make_uplink: could not lock uplink_connects: %s", strerror(i));
++ uplink_connects.gauge;
++ uplink_connects.counter;
++ uplink_connects.refcount; /* <-- that does not get decremented at any time.. */
if ((i = pthread_mutex_unlock(& uplink_connects.mutex )))
hlog(LOG_ERR, "make_uplink: could not unlock uplink_connects: %s", strerror(i));
c->portaccount = & uplink_connects; /* calculate traffic bytes/packets */
return 0;
err:
client_free(c);
uplink_client[uplink_index] = NULL;
l->state = UPLINK_ST_NOT_LINKED;
return -1;
}
static void do_accept(struct listen_t *l)
{
int fd;
struct client_t *c;
union sockaddr_u sa; /* large enough for also IPv6 address */
socklen_t addr_len = sizeof(sa);
static time_t last_EMFILE_report;
char *s;
if ((fd = accept(l->fd, (struct sockaddr*)&sa, &addr_len)) < 0) {
int e = errno;
switch (e) {
/* Errors reporting really bad internal (programming) bugs */
case EBADF:
case EINVAL:
#ifdef ENOTSOCK
case ENOTSOCK: /* Not a socket */
#endif
#ifdef EOPNOTSUPP
case EOPNOTSUPP: /* Not a SOCK_STREAM */
#endif
#ifdef ESOCKTNOSUPPORT
case ESOCKTNOSUPPORT: /* Linux errors ? */
#endif
#ifdef EPROTONOSUPPORT
case EPROTONOSUPPORT: /* Linux errors ? */
#endif
hlog(LOG_CRIT, "accept() failed: %s (giving up)", strerror(e));
exit(1); // ABORT with core-dump ??
break;
/* Too many open files -- rate limit the reporting -- every 10th second or so.. */
case EMFILE:
if (last_EMFILE_report + 10 <= tick) {
last_EMFILE_report = tick;
hlog(LOG_ERR, "accept() failed: %s (continuing)", strerror(e));
}
return;
/* Errors reporting system internal/external glitches */
default:
hlog(LOG_ERR, "accept() failed: %s (continuing)", strerror(e));
return;
}
}
/* convert client address to string */
s = strsockaddr( &sa.sa, addr_len );
/* TODO: the dropped connections here are not accounted. */
/* Limit amount of connections per port, and globally.
* Error messages written just before closing the socet may or may not get
* to the user, but at least we try.
*/
if (l->portaccount->gauge >= l->clients_max || inbound_connects.gauge >= maxclients) {
if (inbound_connects.gauge >= maxclients) {
hlog(LOG_INFO, "%s - Denied client on fd %d from %s: MaxClients reached (%d)", l->addr_s, fd, s, inbound_connects.gauge);
/* The "if" is here only to silence a compiler warning
* about ignoring the result value. We're really
* disconnecting the client right now, so we don't care.
*/
if (write(fd, "# Server full\r\n", 15)) {};
} else {
hlog(LOG_INFO, "%s - Denied client on fd %d from %s: Too many clients on Listener (%d)", l->addr_s, fd, s, l->portaccount->gauge);
if (write(fd, "# Port full\r\n", 13)) {};
}
close(fd);
hfree(s);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
/* match against acl... could probably have an error message to the client */
if (l->acl) {
if (!acl_check(l->acl, (struct sockaddr *)&sa, addr_len)) {
hlog(LOG_INFO, "%s - Denied client on fd %d from %s (ACL)", l->addr_s, fd, s);
close(fd);
hfree(s);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
}
c = accept_client_for_listener(l, fd, s, &sa, addr_len);
if (!c) {
hlog(LOG_ERR, "%s - client_alloc returned NULL, too many clients. Denied client on fd %d from %s", l->addr_s, fd, s);
close(fd);
hfree(s);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
hfree(s);
c->state = CSTATE_LOGIN;
/* use the default login handler */
c->handler_line_in = &login_handler;
c->keepalive = tick + keepalive_interval;
#ifdef USE_SSL
if (l->ssl) {
if (ssl_create_connection(l->ssl, c, 0)) {
close(fd);
inbound_connects_account(-1, l->portaccount); /* account rejected connection */
return;
}
}
#endif
hlog(LOG_DEBUG, "%s - Accepted client on fd %d from %s", c->addr_loc, c->fd, c->addr_rem);
/* set client socket options, return -1 on serious errors */
if (set_client_sockopt(c) != 0)
goto err;
/* ok, found it... lock the new client queue and pass the client */
if (pass_client_to_worker(pick_next_worker(), c))
goto err;
return;
err:
inbound_connects_account(0, c->portaccount); /* something failed, remove this from accounts.. */
client_free(c);
return;
}
